blob: f8b248b3390791dc7d497d042de7a36e24297aac [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020080#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Willy Tarreau5db847a2019-05-09 14:13:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100214 struct xprt_ops *xprt;
215 void *xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100216 int xprt_st; /* transport layer state, initialized to zero */
217 int tmp_early_data; /* 1st byte of early data, if any */
218 int sent_early_data; /* Amount of early data we sent so far */
219
Olivier Houchard66ab4982019-02-26 18:37:15 +0100220};
221
222DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
223
Olivier Houcharda8955d52019-04-07 22:00:38 +0200224/* Methods to implement OpenSSL BIO */
225static int ha_ssl_write(BIO *h, const char *buf, int num)
226{
227 struct buffer tmpbuf;
228 struct ssl_sock_ctx *ctx;
229 int ret;
230
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200231#if HA_OPENSSL_VERSION_NUMBER < 0x10100000
Olivier Houchard66a7b332019-04-18 15:58:15 +0200232 ctx = h->ptr;
233#else
Olivier Houcharda8955d52019-04-07 22:00:38 +0200234 ctx = BIO_get_data(h);
Olivier Houchard66a7b332019-04-18 15:58:15 +0200235#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +0200236 tmpbuf.size = num;
237 tmpbuf.area = (void *)(uintptr_t)buf;
238 tmpbuf.data = num;
239 tmpbuf.head = 0;
240 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200241 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200242 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200243 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200244 } else if (ret == 0)
245 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200246 return ret;
247}
248
249static int ha_ssl_gets(BIO *h, char *buf, int size)
250{
251
252 return 0;
253}
254
255static int ha_ssl_puts(BIO *h, const char *str)
256{
257
258 return ha_ssl_write(h, str, strlen(str));
259}
260
261static int ha_ssl_read(BIO *h, char *buf, int size)
262{
263 struct buffer tmpbuf;
264 struct ssl_sock_ctx *ctx;
265 int ret;
266
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200267#if HA_OPENSSL_VERSION_NUMBER < 0x10100000
Olivier Houchard66a7b332019-04-18 15:58:15 +0200268 ctx = h->ptr;
269#else
Olivier Houcharda8955d52019-04-07 22:00:38 +0200270 ctx = BIO_get_data(h);
Olivier Houchard66a7b332019-04-18 15:58:15 +0200271#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +0200272 tmpbuf.size = size;
273 tmpbuf.area = buf;
274 tmpbuf.data = 0;
275 tmpbuf.head = 0;
276 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200277 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200278 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200279 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200280 } else if (ret == 0)
281 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200282
283 return ret;
284}
285
286static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
287{
288 int ret = 0;
289 switch (cmd) {
290 case BIO_CTRL_DUP:
291 case BIO_CTRL_FLUSH:
292 ret = 1;
293 break;
294 }
295 return ret;
296}
297
298static int ha_ssl_new(BIO *h)
299{
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200300#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Olivier Houchard66a7b332019-04-18 15:58:15 +0200301 h->init = 1;
302 h->ptr = NULL;
303#else
Olivier Houcharda8955d52019-04-07 22:00:38 +0200304 BIO_set_init(h, 1);
305 BIO_set_data(h, NULL);
Olivier Houchard66a7b332019-04-18 15:58:15 +0200306#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +0200307 BIO_clear_flags(h, ~0);
308 return 1;
309}
310
311static int ha_ssl_free(BIO *data)
312{
313
314 return 1;
315}
316
317
Willy Tarreau5db847a2019-05-09 14:13:35 +0200318#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100319
Emeric Brun821bb9b2017-06-15 16:37:39 +0200320static HA_RWLOCK_T *ssl_rwlocks;
321
322
323unsigned long ssl_id_function(void)
324{
325 return (unsigned long)tid;
326}
327
328void ssl_locking_function(int mode, int n, const char * file, int line)
329{
330 if (mode & CRYPTO_LOCK) {
331 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100332 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200333 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100334 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200335 }
336 else {
337 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100338 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200339 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100340 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200341 }
342}
343
344static int ssl_locking_init(void)
345{
346 int i;
347
348 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
349 if (!ssl_rwlocks)
350 return -1;
351
352 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100353 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354
355 CRYPTO_set_id_callback(ssl_id_function);
356 CRYPTO_set_locking_callback(ssl_locking_function);
357
358 return 0;
359}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100360
Emeric Brun821bb9b2017-06-15 16:37:39 +0200361#endif
362
363
364
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100366struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100367 unsigned long long int xxh64;
368 unsigned char ciphersuite_len;
369 char ciphersuite[0];
370};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100371struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100372static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200373static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100374
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100375static int ssl_pkey_info_index = -1;
376
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200377#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
378struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
379#endif
380
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000382static unsigned int openssl_engines_initialized;
383struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
384struct ssl_engine_list {
385 struct list list;
386 ENGINE *e;
387};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200388#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000389
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200391static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200392static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200393static DH *local_dh_1024 = NULL;
394static DH *local_dh_2048 = NULL;
395static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100396static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200397#endif /* OPENSSL_NO_DH */
398
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100399#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200400/* X509V3 Extensions that will be added on generated certificates */
401#define X509V3_EXT_SIZE 5
402static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
403 "basicConstraints",
404 "nsComment",
405 "subjectKeyIdentifier",
406 "authorityKeyIdentifier",
407 "keyUsage",
408};
409static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
410 "CA:FALSE",
411 "\"OpenSSL Generated Certificate\"",
412 "hash",
413 "keyid,issuer:always",
414 "nonRepudiation,digitalSignature,keyEncipherment"
415};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200416/* LRU cache to store generated certificate */
417static struct lru64_head *ssl_ctx_lru_tree = NULL;
418static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200419static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100420__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200421
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200422#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
423
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100424static struct ssl_bind_kw ssl_bind_kws[];
425
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200426#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500427/* The order here matters for picking a default context,
428 * keep the most common keytype at the bottom of the list
429 */
430const char *SSL_SOCK_KEYTYPE_NAMES[] = {
431 "dsa",
432 "ecdsa",
433 "rsa"
434};
435#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100436#else
437#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500438#endif
439
William Lallemandc3cd35f2017-11-28 11:04:43 +0100440static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100441static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
442
443#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
444
445#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
446 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
447
448#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
449 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200450
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100451/*
452 * This function gives the detail of the SSL error. It is used only
453 * if the debug mode and the verbose mode are activated. It dump all
454 * the SSL error until the stack was empty.
455 */
456static forceinline void ssl_sock_dump_errors(struct connection *conn)
457{
458 unsigned long ret;
459
460 if (unlikely(global.mode & MODE_DEBUG)) {
461 while(1) {
462 ret = ERR_get_error();
463 if (ret == 0)
464 return;
465 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200466 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100467 ERR_func_error_string(ret), ERR_reason_error_string(ret));
468 }
469 }
470}
471
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200472#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500473/*
474 * struct alignment works here such that the key.key is the same as key_data
475 * Do not change the placement of key_data
476 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200477struct certificate_ocsp {
478 struct ebmb_node key;
479 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200480 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200481 long expire;
482};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200483
yanbzhube2774d2015-12-10 15:07:30 -0500484struct ocsp_cbk_arg {
485 int is_single;
486 int single_kt;
487 union {
488 struct certificate_ocsp *s_ocsp;
489 /*
490 * m_ocsp will have multiple entries dependent on key type
491 * Entry 0 - DSA
492 * Entry 1 - ECDSA
493 * Entry 2 - RSA
494 */
495 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
496 };
497};
498
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200499#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000500static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
501{
502 int err_code = ERR_ABORT;
503 ENGINE *engine;
504 struct ssl_engine_list *el;
505
506 /* grab the structural reference to the engine */
507 engine = ENGINE_by_id(engine_id);
508 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100509 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000510 goto fail_get;
511 }
512
513 if (!ENGINE_init(engine)) {
514 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100515 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000516 goto fail_init;
517 }
518
519 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100520 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000521 goto fail_set_method;
522 }
523
524 el = calloc(1, sizeof(*el));
525 el->e = engine;
526 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100527 nb_engines++;
528 if (global_ssl.async)
529 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000530 return 0;
531
532fail_set_method:
533 /* release the functional reference from ENGINE_init() */
534 ENGINE_finish(engine);
535
536fail_init:
537 /* release the structural reference from ENGINE_by_id() */
538 ENGINE_free(engine);
539
540fail_get:
541 return err_code;
542}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200543#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000544
Willy Tarreau5db847a2019-05-09 14:13:35 +0200545#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200546/*
547 * openssl async fd handler
548 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200549void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000550{
551 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000552
Emeric Brun3854e012017-05-17 20:42:48 +0200553 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000554 * to poll this fd until it is requested
555 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000556 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000557 fd_cant_recv(fd);
558
559 /* crypto engine is available, let's notify the associated
560 * connection that it can pursue its processing.
561 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000562 __conn_sock_want_recv(conn);
563 __conn_sock_want_send(conn);
564 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000565}
566
Emeric Brun3854e012017-05-17 20:42:48 +0200567/*
568 * openssl async delayed SSL_free handler
569 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200570void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000571{
572 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200573 OSSL_ASYNC_FD all_fd[32];
574 size_t num_all_fds = 0;
575 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000576
Emeric Brun3854e012017-05-17 20:42:48 +0200577 /* We suppose that the async job for a same SSL *
578 * are serialized. So if we are awake it is
579 * because the running job has just finished
580 * and we can remove all async fds safely
581 */
582 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
583 if (num_all_fds > 32) {
584 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
585 return;
586 }
587
588 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
589 for (i=0 ; i < num_all_fds ; i++)
590 fd_remove(all_fd[i]);
591
592 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000593 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100594 _HA_ATOMIC_SUB(&sslconns, 1);
595 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000596}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000597/*
Emeric Brun3854e012017-05-17 20:42:48 +0200598 * function used to manage a returned SSL_ERROR_WANT_ASYNC
599 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000600 */
Willy Tarreau0e492e22019-04-15 21:25:03 +0200601static inline void ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000602{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100603 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200604 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000605 size_t num_add_fds = 0;
606 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200607 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000608
609 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
610 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200611 if (num_add_fds > 32 || num_del_fds > 32) {
612 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613 return;
614 }
615
Emeric Brun3854e012017-05-17 20:42:48 +0200616 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000617
Emeric Brun3854e012017-05-17 20:42:48 +0200618 /* We remove unused fds from the fdtab */
619 for (i=0 ; i < num_del_fds ; i++)
620 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000621
Emeric Brun3854e012017-05-17 20:42:48 +0200622 /* We add new fds to the fdtab */
623 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100624 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000625 }
626
Emeric Brun3854e012017-05-17 20:42:48 +0200627 num_add_fds = 0;
628 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
629 if (num_add_fds > 32) {
630 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
631 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000632 }
Emeric Brun3854e012017-05-17 20:42:48 +0200633
634 /* We activate the polling for all known async fds */
635 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000636 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200637 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000638 /* To ensure that the fd cache won't be used
639 * We'll prefer to catch a real RD event
640 * because handling an EAGAIN on this fd will
641 * result in a context switch and also
642 * some engines uses a fd in blocking mode.
643 */
644 fd_cant_recv(add_fd[i]);
645 }
Emeric Brun3854e012017-05-17 20:42:48 +0200646
647 /* We must also prevent the conn_handler
648 * to be called until a read event was
649 * polled on an async fd
650 */
651 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000652}
653#endif
654
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200655/*
656 * This function returns the number of seconds elapsed
657 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
658 * date presented un ASN1_GENERALIZEDTIME.
659 *
660 * In parsing error case, it returns -1.
661 */
662static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
663{
664 long epoch;
665 char *p, *end;
666 const unsigned short month_offset[12] = {
667 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
668 };
669 int year, month;
670
671 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
672
673 p = (char *)d->data;
674 end = p + d->length;
675
676 if (end - p < 4) return -1;
677 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
678 p += 4;
679 if (end - p < 2) return -1;
680 month = 10 * (p[0] - '0') + p[1] - '0';
681 if (month < 1 || month > 12) return -1;
682 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
683 We consider leap years and the current month (<marsh or not) */
684 epoch = ( ((year - 1970) * 365)
685 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
686 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
687 + month_offset[month-1]
688 ) * 24 * 60 * 60;
689 p += 2;
690 if (end - p < 2) return -1;
691 /* Add the number of seconds of completed days of current month */
692 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
693 p += 2;
694 if (end - p < 2) return -1;
695 /* Add the completed hours of the current day */
696 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
697 p += 2;
698 if (end - p < 2) return -1;
699 /* Add the completed minutes of the current hour */
700 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
701 p += 2;
702 if (p == end) return -1;
703 /* Test if there is available seconds */
704 if (p[0] < '0' || p[0] > '9')
705 goto nosec;
706 if (end - p < 2) return -1;
707 /* Add the seconds of the current minute */
708 epoch += 10 * (p[0] - '0') + p[1] - '0';
709 p += 2;
710 if (p == end) return -1;
711 /* Ignore seconds float part if present */
712 if (p[0] == '.') {
713 do {
714 if (++p == end) return -1;
715 } while (p[0] >= '0' && p[0] <= '9');
716 }
717
718nosec:
719 if (p[0] == 'Z') {
720 if (end - p != 1) return -1;
721 return epoch;
722 }
723 else if (p[0] == '+') {
724 if (end - p != 5) return -1;
725 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700726 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200727 }
728 else if (p[0] == '-') {
729 if (end - p != 5) return -1;
730 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700731 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200732 }
733
734 return -1;
735}
736
Emeric Brun1d3865b2014-06-20 15:37:32 +0200737static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200738
739/* This function starts to check if the OCSP response (in DER format) contained
740 * in chunk 'ocsp_response' is valid (else exits on error).
741 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
742 * contained in the OCSP Response and exits on error if no match.
743 * If it's a valid OCSP Response:
744 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
745 * pointed by 'ocsp'.
746 * If 'ocsp' is NULL, the function looks up into the OCSP response's
747 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
748 * from the response) and exits on error if not found. Finally, If an OCSP response is
749 * already present in the container, it will be overwritten.
750 *
751 * Note: OCSP response containing more than one OCSP Single response is not
752 * considered valid.
753 *
754 * Returns 0 on success, 1 in error case.
755 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200756static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
757 struct certificate_ocsp *ocsp,
758 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200759{
760 OCSP_RESPONSE *resp;
761 OCSP_BASICRESP *bs = NULL;
762 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200763 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200764 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200765 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200766 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200767 int reason;
768 int ret = 1;
769
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200770 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
771 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200772 if (!resp) {
773 memprintf(err, "Unable to parse OCSP response");
774 goto out;
775 }
776
777 rc = OCSP_response_status(resp);
778 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
779 memprintf(err, "OCSP response status not successful");
780 goto out;
781 }
782
783 bs = OCSP_response_get1_basic(resp);
784 if (!bs) {
785 memprintf(err, "Failed to get basic response from OCSP Response");
786 goto out;
787 }
788
789 count_sr = OCSP_resp_count(bs);
790 if (count_sr > 1) {
791 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
792 goto out;
793 }
794
795 sr = OCSP_resp_get0(bs, 0);
796 if (!sr) {
797 memprintf(err, "Failed to get OCSP single response");
798 goto out;
799 }
800
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200801 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
802
Emeric Brun4147b2e2014-06-16 18:36:30 +0200803 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200804 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200805 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200806 goto out;
807 }
808
Emeric Brun13a6b482014-06-20 15:44:34 +0200809 if (!nextupd) {
810 memprintf(err, "OCSP single response: missing nextupdate");
811 goto out;
812 }
813
Emeric Brunc8b27b62014-06-19 14:16:17 +0200814 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200815 if (!rc) {
816 memprintf(err, "OCSP single response: no longer valid.");
817 goto out;
818 }
819
820 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200821 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200822 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
823 goto out;
824 }
825 }
826
827 if (!ocsp) {
828 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
829 unsigned char *p;
830
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200831 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200832 if (!rc) {
833 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
834 goto out;
835 }
836
837 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
838 memprintf(err, "OCSP single response: Certificate ID too long");
839 goto out;
840 }
841
842 p = key;
843 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200844 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200845 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
846 if (!ocsp) {
847 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
848 goto out;
849 }
850 }
851
852 /* According to comments on "chunk_dup", the
853 previous chunk buffer will be freed */
854 if (!chunk_dup(&ocsp->response, ocsp_response)) {
855 memprintf(err, "OCSP response: Memory allocation error");
856 goto out;
857 }
858
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200859 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
860
Emeric Brun4147b2e2014-06-16 18:36:30 +0200861 ret = 0;
862out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100863 ERR_clear_error();
864
Emeric Brun4147b2e2014-06-16 18:36:30 +0200865 if (bs)
866 OCSP_BASICRESP_free(bs);
867
868 if (resp)
869 OCSP_RESPONSE_free(resp);
870
871 return ret;
872}
873/*
874 * External function use to update the OCSP response in the OCSP response's
875 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
876 * to update in DER format.
877 *
878 * Returns 0 on success, 1 in error case.
879 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200880int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200881{
882 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
883}
884
885/*
886 * This function load the OCSP Resonse in DER format contained in file at
887 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
888 *
889 * Returns 0 on success, 1 in error case.
890 */
891static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
892{
893 int fd = -1;
894 int r = 0;
895 int ret = 1;
896
897 fd = open(ocsp_path, O_RDONLY);
898 if (fd == -1) {
899 memprintf(err, "Error opening OCSP response file");
900 goto end;
901 }
902
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200903 trash.data = 0;
904 while (trash.data < trash.size) {
905 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200906 if (r < 0) {
907 if (errno == EINTR)
908 continue;
909
910 memprintf(err, "Error reading OCSP response from file");
911 goto end;
912 }
913 else if (r == 0) {
914 break;
915 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200916 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200917 }
918
919 close(fd);
920 fd = -1;
921
922 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
923end:
924 if (fd != -1)
925 close(fd);
926
927 return ret;
928}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100929#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200930
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100931#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
932static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
933{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100934 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100935 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100936 struct connection *conn;
937 int head;
938 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100939 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100940
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200941 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200942 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100943 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
944
945 keys = ref->tlskeys;
946 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100947
948 if (enc) {
949 memcpy(key_name, keys[head].name, 16);
950
951 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100952 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100953
Emeric Brun9e754772019-01-10 17:51:55 +0100954 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100955
Emeric Brun9e754772019-01-10 17:51:55 +0100956 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
957 goto end;
958
Willy Tarreau9356dac2019-05-10 09:22:53 +0200959 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100960 ret = 1;
961 }
962 else if (ref->key_size_bits == 256 ) {
963
964 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
965 goto end;
966
Willy Tarreau9356dac2019-05-10 09:22:53 +0200967 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100968 ret = 1;
969 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100970 } else {
971 for (i = 0; i < TLS_TICKETS_NO; i++) {
972 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
973 goto found;
974 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100975 ret = 0;
976 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100977
Christopher Faulet16f45c82018-02-16 11:23:49 +0100978 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100979 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200980 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100981 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
982 goto end;
983 /* 2 for key renewal, 1 if current key is still valid */
984 ret = i ? 2 : 1;
985 }
986 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200987 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100988 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
989 goto end;
990 /* 2 for key renewal, 1 if current key is still valid */
991 ret = i ? 2 : 1;
992 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100993 }
Emeric Brun9e754772019-01-10 17:51:55 +0100994
Christopher Faulet16f45c82018-02-16 11:23:49 +0100995 end:
996 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
997 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200998}
999
1000struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
1001{
1002 struct tls_keys_ref *ref;
1003
1004 list_for_each_entry(ref, &tlskeys_reference, list)
1005 if (ref->filename && strcmp(filename, ref->filename) == 0)
1006 return ref;
1007 return NULL;
1008}
1009
1010struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
1011{
1012 struct tls_keys_ref *ref;
1013
1014 list_for_each_entry(ref, &tlskeys_reference, list)
1015 if (ref->unique_id == unique_id)
1016 return ref;
1017 return NULL;
1018}
1019
Emeric Brun9e754772019-01-10 17:51:55 +01001020/* Update the key into ref: if keysize doesnt
1021 * match existing ones, this function returns -1
1022 * else it returns 0 on success.
1023 */
1024int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001025 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001026{
Emeric Brun9e754772019-01-10 17:51:55 +01001027 if (ref->key_size_bits == 128) {
1028 if (tlskey->data != sizeof(struct tls_sess_key_128))
1029 return -1;
1030 }
1031 else if (ref->key_size_bits == 256) {
1032 if (tlskey->data != sizeof(struct tls_sess_key_256))
1033 return -1;
1034 }
1035 else
1036 return -1;
1037
Christopher Faulet16f45c82018-02-16 11:23:49 +01001038 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001039 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1040 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001041 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1042 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001043
1044 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001045}
1046
Willy Tarreau83061a82018-07-13 11:56:34 +02001047int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001048{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001049 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1050
1051 if(!ref) {
1052 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1053 return 1;
1054 }
Emeric Brun9e754772019-01-10 17:51:55 +01001055 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1056 memprintf(err, "Invalid key size");
1057 return 1;
1058 }
1059
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001060 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001061}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001062
1063/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001064 * automatic ids. It's called just after the basic checks. It returns
1065 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001066 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001067static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001068{
1069 int i = 0;
1070 struct tls_keys_ref *ref, *ref2, *ref3;
1071 struct list tkr = LIST_HEAD_INIT(tkr);
1072
1073 list_for_each_entry(ref, &tlskeys_reference, list) {
1074 if (ref->unique_id == -1) {
1075 /* Look for the first free id. */
1076 while (1) {
1077 list_for_each_entry(ref2, &tlskeys_reference, list) {
1078 if (ref2->unique_id == i) {
1079 i++;
1080 break;
1081 }
1082 }
1083 if (&ref2->list == &tlskeys_reference)
1084 break;
1085 }
1086
1087 /* Uses the unique id and increment it for the next entry. */
1088 ref->unique_id = i;
1089 i++;
1090 }
1091 }
1092
1093 /* This sort the reference list by id. */
1094 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1095 LIST_DEL(&ref->list);
1096 list_for_each_entry(ref3, &tkr, list) {
1097 if (ref->unique_id < ref3->unique_id) {
1098 LIST_ADDQ(&ref3->list, &ref->list);
1099 break;
1100 }
1101 }
1102 if (&ref3->list == &tkr)
1103 LIST_ADDQ(&tkr, &ref->list);
1104 }
1105
1106 /* swap root */
1107 LIST_ADD(&tkr, &tlskeys_reference);
1108 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001109 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001110}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001111#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1112
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001113#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001114int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1115{
1116 switch (evp_keytype) {
1117 case EVP_PKEY_RSA:
1118 return 2;
1119 case EVP_PKEY_DSA:
1120 return 0;
1121 case EVP_PKEY_EC:
1122 return 1;
1123 }
1124
1125 return -1;
1126}
1127
Emeric Brun4147b2e2014-06-16 18:36:30 +02001128/*
1129 * Callback used to set OCSP status extension content in server hello.
1130 */
1131int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1132{
yanbzhube2774d2015-12-10 15:07:30 -05001133 struct certificate_ocsp *ocsp;
1134 struct ocsp_cbk_arg *ocsp_arg;
1135 char *ssl_buf;
1136 EVP_PKEY *ssl_pkey;
1137 int key_type;
1138 int index;
1139
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001140 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001141
1142 ssl_pkey = SSL_get_privatekey(ssl);
1143 if (!ssl_pkey)
1144 return SSL_TLSEXT_ERR_NOACK;
1145
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001146 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001147
1148 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1149 ocsp = ocsp_arg->s_ocsp;
1150 else {
1151 /* For multiple certs per context, we have to find the correct OCSP response based on
1152 * the certificate type
1153 */
1154 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1155
1156 if (index < 0)
1157 return SSL_TLSEXT_ERR_NOACK;
1158
1159 ocsp = ocsp_arg->m_ocsp[index];
1160
1161 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001162
1163 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001164 !ocsp->response.area ||
1165 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001166 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001167 return SSL_TLSEXT_ERR_NOACK;
1168
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001169 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001170 if (!ssl_buf)
1171 return SSL_TLSEXT_ERR_NOACK;
1172
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001173 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1174 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001175
1176 return SSL_TLSEXT_ERR_OK;
1177}
1178
1179/*
1180 * This function enables the handling of OCSP status extension on 'ctx' if a
1181 * file name 'cert_path' suffixed using ".ocsp" is present.
1182 * To enable OCSP status extension, the issuer's certificate is mandatory.
1183 * It should be present in the certificate's extra chain builded from file
1184 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1185 * named 'cert_path' suffixed using '.issuer'.
1186 *
1187 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1188 * response. If file is empty or content is not a valid OCSP response,
1189 * OCSP status extension is enabled but OCSP response is ignored (a warning
1190 * is displayed).
1191 *
1192 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001193 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001194 */
1195static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1196{
1197
1198 BIO *in = NULL;
1199 X509 *x, *xi = NULL, *issuer = NULL;
1200 STACK_OF(X509) *chain = NULL;
1201 OCSP_CERTID *cid = NULL;
1202 SSL *ssl;
1203 char ocsp_path[MAXPATHLEN+1];
1204 int i, ret = -1;
1205 struct stat st;
1206 struct certificate_ocsp *ocsp = NULL, *iocsp;
1207 char *warn = NULL;
1208 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001209 pem_password_cb *passwd_cb;
1210 void *passwd_cb_userdata;
1211 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001212
1213 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1214
1215 if (stat(ocsp_path, &st))
1216 return 1;
1217
1218 ssl = SSL_new(ctx);
1219 if (!ssl)
1220 goto out;
1221
1222 x = SSL_get_certificate(ssl);
1223 if (!x)
1224 goto out;
1225
1226 /* Try to lookup for issuer in certificate extra chain */
1227#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1228 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1229#else
1230 chain = ctx->extra_certs;
1231#endif
1232 for (i = 0; i < sk_X509_num(chain); i++) {
1233 issuer = sk_X509_value(chain, i);
1234 if (X509_check_issued(issuer, x) == X509_V_OK)
1235 break;
1236 else
1237 issuer = NULL;
1238 }
1239
1240 /* If not found try to load issuer from a suffixed file */
1241 if (!issuer) {
1242 char issuer_path[MAXPATHLEN+1];
1243
1244 in = BIO_new(BIO_s_file());
1245 if (!in)
1246 goto out;
1247
1248 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1249 if (BIO_read_filename(in, issuer_path) <= 0)
1250 goto out;
1251
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001252 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1253 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1254
1255 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001256 if (!xi)
1257 goto out;
1258
1259 if (X509_check_issued(xi, x) != X509_V_OK)
1260 goto out;
1261
1262 issuer = xi;
1263 }
1264
1265 cid = OCSP_cert_to_id(0, x, issuer);
1266 if (!cid)
1267 goto out;
1268
1269 i = i2d_OCSP_CERTID(cid, NULL);
1270 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1271 goto out;
1272
Vincent Bernat02779b62016-04-03 13:48:43 +02001273 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001274 if (!ocsp)
1275 goto out;
1276
1277 p = ocsp->key_data;
1278 i2d_OCSP_CERTID(cid, &p);
1279
1280 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1281 if (iocsp == ocsp)
1282 ocsp = NULL;
1283
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001284#ifndef SSL_CTX_get_tlsext_status_cb
1285# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1286 *cb = (void (*) (void))ctx->tlsext_status_cb;
1287#endif
1288 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1289
1290 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001291 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001292 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001293
1294 cb_arg->is_single = 1;
1295 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001296
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001297 pkey = X509_get_pubkey(x);
1298 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1299 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001300
1301 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1302 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1303 } else {
1304 /*
1305 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1306 * Update that cb_arg with the new cert's staple
1307 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001308 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001309 struct certificate_ocsp *tmp_ocsp;
1310 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001311 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001312 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001313
1314#ifdef SSL_CTX_get_tlsext_status_arg
1315 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1316#else
1317 cb_arg = ctx->tlsext_status_arg;
1318#endif
yanbzhube2774d2015-12-10 15:07:30 -05001319
1320 /*
1321 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1322 * the order of operations below matter, take care when changing it
1323 */
1324 tmp_ocsp = cb_arg->s_ocsp;
1325 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1326 cb_arg->s_ocsp = NULL;
1327 cb_arg->m_ocsp[index] = tmp_ocsp;
1328 cb_arg->is_single = 0;
1329 cb_arg->single_kt = 0;
1330
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001331 pkey = X509_get_pubkey(x);
1332 key_type = EVP_PKEY_base_id(pkey);
1333 EVP_PKEY_free(pkey);
1334
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001335 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001336 if (index >= 0 && !cb_arg->m_ocsp[index])
1337 cb_arg->m_ocsp[index] = iocsp;
1338
1339 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001340
1341 ret = 0;
1342
1343 warn = NULL;
1344 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1345 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001346 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001347 }
1348
1349out:
1350 if (ssl)
1351 SSL_free(ssl);
1352
1353 if (in)
1354 BIO_free(in);
1355
1356 if (xi)
1357 X509_free(xi);
1358
1359 if (cid)
1360 OCSP_CERTID_free(cid);
1361
1362 if (ocsp)
1363 free(ocsp);
1364
1365 if (warn)
1366 free(warn);
1367
1368
1369 return ret;
1370}
1371
1372#endif
1373
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001374#ifdef OPENSSL_IS_BORINGSSL
1375static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1376{
1377 char ocsp_path[MAXPATHLEN+1];
1378 struct stat st;
1379 int fd = -1, r = 0;
1380
1381 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1382 if (stat(ocsp_path, &st))
1383 return 0;
1384
1385 fd = open(ocsp_path, O_RDONLY);
1386 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001387 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001388 return -1;
1389 }
1390
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001391 trash.data = 0;
1392 while (trash.data < trash.size) {
1393 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001394 if (r < 0) {
1395 if (errno == EINTR)
1396 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001397 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001398 close(fd);
1399 return -1;
1400 }
1401 else if (r == 0) {
1402 break;
1403 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001404 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001405 }
1406 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001407 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1408 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001409}
1410#endif
1411
Willy Tarreau5db847a2019-05-09 14:13:35 +02001412#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001413
1414#define CT_EXTENSION_TYPE 18
1415
1416static int sctl_ex_index = -1;
1417
1418/*
1419 * Try to parse Signed Certificate Timestamp List structure. This function
1420 * makes only basic test if the data seems like SCTL. No signature validation
1421 * is performed.
1422 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001423static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001424{
1425 int ret = 1;
1426 int len, pos, sct_len;
1427 unsigned char *data;
1428
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001429 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001430 goto out;
1431
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001432 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001433 len = (data[0] << 8) | data[1];
1434
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001435 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001436 goto out;
1437
1438 data = data + 2;
1439 pos = 0;
1440 while (pos < len) {
1441 if (len - pos < 2)
1442 goto out;
1443
1444 sct_len = (data[pos] << 8) | data[pos + 1];
1445 if (pos + sct_len + 2 > len)
1446 goto out;
1447
1448 pos += sct_len + 2;
1449 }
1450
1451 ret = 0;
1452
1453out:
1454 return ret;
1455}
1456
Willy Tarreau83061a82018-07-13 11:56:34 +02001457static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1458 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001459{
1460 int fd = -1;
1461 int r = 0;
1462 int ret = 1;
1463
1464 *sctl = NULL;
1465
1466 fd = open(sctl_path, O_RDONLY);
1467 if (fd == -1)
1468 goto end;
1469
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001470 trash.data = 0;
1471 while (trash.data < trash.size) {
1472 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001473 if (r < 0) {
1474 if (errno == EINTR)
1475 continue;
1476
1477 goto end;
1478 }
1479 else if (r == 0) {
1480 break;
1481 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001482 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001483 }
1484
1485 ret = ssl_sock_parse_sctl(&trash);
1486 if (ret)
1487 goto end;
1488
Vincent Bernat02779b62016-04-03 13:48:43 +02001489 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001490 if (!chunk_dup(*sctl, &trash)) {
1491 free(*sctl);
1492 *sctl = NULL;
1493 goto end;
1494 }
1495
1496end:
1497 if (fd != -1)
1498 close(fd);
1499
1500 return ret;
1501}
1502
1503int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1504{
Willy Tarreau83061a82018-07-13 11:56:34 +02001505 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001506
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001507 *out = (unsigned char *) sctl->area;
1508 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001509
1510 return 1;
1511}
1512
1513int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1514{
1515 return 1;
1516}
1517
1518static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1519{
1520 char sctl_path[MAXPATHLEN+1];
1521 int ret = -1;
1522 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001523 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001524
1525 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1526
1527 if (stat(sctl_path, &st))
1528 return 1;
1529
1530 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1531 goto out;
1532
1533 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1534 free(sctl);
1535 goto out;
1536 }
1537
1538 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1539
1540 ret = 0;
1541
1542out:
1543 return ret;
1544}
1545
1546#endif
1547
Emeric Brune1f38db2012-09-03 20:36:47 +02001548void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1549{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001550 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001551 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001552 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001553 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001554
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001555#ifndef SSL_OP_NO_RENEGOTIATION
1556 /* Please note that BoringSSL defines this macro to zero so don't
1557 * change this to #if and do not assign a default value to this macro!
1558 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001559 if (where & SSL_CB_HANDSHAKE_START) {
1560 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001561 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001562 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001563 conn->err_code = CO_ER_SSL_RENEG;
1564 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001565 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001566#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001567
1568 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001569 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001570 /* Long certificate chains optimz
1571 If write and read bios are differents, we
1572 consider that the buffering was activated,
1573 so we rise the output buffer size from 4k
1574 to 16k */
1575 write_bio = SSL_get_wbio(ssl);
1576 if (write_bio != SSL_get_rbio(ssl)) {
1577 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001578 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001579 }
1580 }
1581 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001582}
1583
Emeric Brune64aef12012-09-21 13:15:06 +02001584/* Callback is called for each certificate of the chain during a verify
1585 ok is set to 1 if preverify detect no error on current certificate.
1586 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001587int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001588{
1589 SSL *ssl;
1590 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001591 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001592 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001593
1594 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001595 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001596
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001597 ctx = conn->xprt_ctx;
1598
1599 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001600
Emeric Brun81c00f02012-09-21 14:31:21 +02001601 if (ok) /* no errors */
1602 return ok;
1603
1604 depth = X509_STORE_CTX_get_error_depth(x_store);
1605 err = X509_STORE_CTX_get_error(x_store);
1606
1607 /* check if CA error needs to be ignored */
1608 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001609 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1610 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1611 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001612 }
1613
Willy Tarreau07d94e42018-09-20 10:57:52 +02001614 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001615 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001616 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001617 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001618 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001619
Willy Tarreau20879a02012-12-03 16:32:10 +01001620 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001621 return 0;
1622 }
1623
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001624 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1625 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001626
Emeric Brun81c00f02012-09-21 14:31:21 +02001627 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001628 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001629 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001630 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001631 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001632 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001633
Willy Tarreau20879a02012-12-03 16:32:10 +01001634 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001635 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001636}
1637
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001638static inline
1639void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001640 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001641{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001642 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001643 unsigned char *msg;
1644 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001645 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001646
1647 /* This function is called for "from client" and "to server"
1648 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001649 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001650 */
1651
1652 /* "write_p" is set to 0 is the bytes are received messages,
1653 * otherwise it is set to 1.
1654 */
1655 if (write_p != 0)
1656 return;
1657
1658 /* content_type contains the type of message received or sent
1659 * according with the SSL/TLS protocol spec. This message is
1660 * encoded with one byte. The value 256 (two bytes) is used
1661 * for designing the SSL/TLS record layer. According with the
1662 * rfc6101, the expected message (other than 256) are:
1663 * - change_cipher_spec(20)
1664 * - alert(21)
1665 * - handshake(22)
1666 * - application_data(23)
1667 * - (255)
1668 * We are interessed by the handshake and specially the client
1669 * hello.
1670 */
1671 if (content_type != 22)
1672 return;
1673
1674 /* The message length is at least 4 bytes, containing the
1675 * message type and the message length.
1676 */
1677 if (len < 4)
1678 return;
1679
1680 /* First byte of the handshake message id the type of
1681 * message. The konwn types are:
1682 * - hello_request(0)
1683 * - client_hello(1)
1684 * - server_hello(2)
1685 * - certificate(11)
1686 * - server_key_exchange (12)
1687 * - certificate_request(13)
1688 * - server_hello_done(14)
1689 * We are interested by the client hello.
1690 */
1691 msg = (unsigned char *)buf;
1692 if (msg[0] != 1)
1693 return;
1694
1695 /* Next three bytes are the length of the message. The total length
1696 * must be this decoded length + 4. If the length given as argument
1697 * is not the same, we abort the protocol dissector.
1698 */
1699 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1700 if (len < rec_len + 4)
1701 return;
1702 msg += 4;
1703 end = msg + rec_len;
1704 if (end < msg)
1705 return;
1706
1707 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1708 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001709 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1710 */
1711 msg += 1 + 1 + 4 + 28;
1712 if (msg > end)
1713 return;
1714
1715 /* Next, is session id:
1716 * if present, we have to jump by length + 1 for the size information
1717 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001718 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001719 if (msg[0] > 0)
1720 msg += msg[0];
1721 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001722 if (msg > end)
1723 return;
1724
1725 /* Next two bytes are the ciphersuite length. */
1726 if (msg + 2 > end)
1727 return;
1728 rec_len = (msg[0] << 8) + msg[1];
1729 msg += 2;
1730 if (msg + rec_len > end || msg + rec_len < msg)
1731 return;
1732
Willy Tarreaubafbe012017-11-24 17:34:44 +01001733 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001734 if (!capture)
1735 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001736 /* Compute the xxh64 of the ciphersuite. */
1737 capture->xxh64 = XXH64(msg, rec_len, 0);
1738
1739 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001740 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1741 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001742 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001743
1744 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001745}
1746
Emeric Brun29f037d2014-04-25 19:05:36 +02001747/* Callback is called for ssl protocol analyse */
1748void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1749{
Emeric Brun29f037d2014-04-25 19:05:36 +02001750#ifdef TLS1_RT_HEARTBEAT
1751 /* test heartbeat received (write_p is set to 0
1752 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001753 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001754 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001755 struct ssl_sock_ctx *ctx = conn->ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001756 const unsigned char *p = buf;
1757 unsigned int payload;
1758
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001759 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001760
1761 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1762 if (*p != TLS1_HB_REQUEST)
1763 return;
1764
Willy Tarreauaeed6722014-04-25 23:59:58 +02001765 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001766 goto kill_it;
1767
1768 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001769 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001770 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001771 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001772 /* We have a clear heartbleed attack (CVE-2014-0160), the
1773 * advertised payload is larger than the advertised packet
1774 * length, so we have garbage in the buffer between the
1775 * payload and the end of the buffer (p+len). We can't know
1776 * if the SSL stack is patched, and we don't know if we can
1777 * safely wipe out the area between p+3+len and payload.
1778 * So instead, we prevent the response from being sent by
1779 * setting the max_send_fragment to 0 and we report an SSL
1780 * error, which will kill this connection. It will be reported
1781 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001782 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1783 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001784 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001785 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1786 return;
1787 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001788#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001789 if (global_ssl.capture_cipherlist > 0)
1790 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001791}
1792
Bernard Spil13c53f82018-02-15 13:34:58 +01001793#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001794static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1795 const unsigned char *in, unsigned int inlen,
1796 void *arg)
1797{
1798 struct server *srv = arg;
1799
1800 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1801 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1802 return SSL_TLSEXT_ERR_OK;
1803 return SSL_TLSEXT_ERR_NOACK;
1804}
1805#endif
1806
1807#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001808/* This callback is used so that the server advertises the list of
1809 * negociable protocols for NPN.
1810 */
1811static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1812 unsigned int *len, void *arg)
1813{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001814 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001815
1816 *data = (const unsigned char *)conf->npn_str;
1817 *len = conf->npn_len;
1818 return SSL_TLSEXT_ERR_OK;
1819}
1820#endif
1821
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001822#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001823/* This callback is used so that the server advertises the list of
1824 * negociable protocols for ALPN.
1825 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001826static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1827 unsigned char *outlen,
1828 const unsigned char *server,
1829 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001830{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001831 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001832
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001833 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1834 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1835 return SSL_TLSEXT_ERR_NOACK;
1836 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001837 return SSL_TLSEXT_ERR_OK;
1838}
1839#endif
1840
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001841#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001842#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001843
Christopher Faulet30548802015-06-11 13:39:32 +02001844/* Create a X509 certificate with the specified servername and serial. This
1845 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001846static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001847ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001848{
Christopher Faulet7969a332015-10-09 11:15:03 +02001849 X509 *cacert = bind_conf->ca_sign_cert;
1850 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001851 SSL_CTX *ssl_ctx = NULL;
1852 X509 *newcrt = NULL;
1853 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001854 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001855 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001856 X509_NAME *name;
1857 const EVP_MD *digest;
1858 X509V3_CTX ctx;
1859 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001860 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001861
Christopher Faulet48a83322017-07-28 16:56:09 +02001862 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001863#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001864 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1865#else
1866 tmp_ssl = SSL_new(bind_conf->default_ctx);
1867 if (tmp_ssl)
1868 pkey = SSL_get_privatekey(tmp_ssl);
1869#endif
1870 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001871 goto mkcert_error;
1872
1873 /* Create the certificate */
1874 if (!(newcrt = X509_new()))
1875 goto mkcert_error;
1876
1877 /* Set version number for the certificate (X509v3) and the serial
1878 * number */
1879 if (X509_set_version(newcrt, 2L) != 1)
1880 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001881 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001882
1883 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001884 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1885 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001886 goto mkcert_error;
1887
1888 /* set public key in the certificate */
1889 if (X509_set_pubkey(newcrt, pkey) != 1)
1890 goto mkcert_error;
1891
1892 /* Set issuer name from the CA */
1893 if (!(name = X509_get_subject_name(cacert)))
1894 goto mkcert_error;
1895 if (X509_set_issuer_name(newcrt, name) != 1)
1896 goto mkcert_error;
1897
1898 /* Set the subject name using the same, but the CN */
1899 name = X509_NAME_dup(name);
1900 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1901 (const unsigned char *)servername,
1902 -1, -1, 0) != 1) {
1903 X509_NAME_free(name);
1904 goto mkcert_error;
1905 }
1906 if (X509_set_subject_name(newcrt, name) != 1) {
1907 X509_NAME_free(name);
1908 goto mkcert_error;
1909 }
1910 X509_NAME_free(name);
1911
1912 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001913 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001914 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1915 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1916 X509_EXTENSION *ext;
1917
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001918 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001919 goto mkcert_error;
1920 if (!X509_add_ext(newcrt, ext, -1)) {
1921 X509_EXTENSION_free(ext);
1922 goto mkcert_error;
1923 }
1924 X509_EXTENSION_free(ext);
1925 }
1926
1927 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001928
1929 key_type = EVP_PKEY_base_id(capkey);
1930
1931 if (key_type == EVP_PKEY_DSA)
1932 digest = EVP_sha1();
1933 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001934 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001935 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001936 digest = EVP_sha256();
1937 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001938#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001939 int nid;
1940
1941 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1942 goto mkcert_error;
1943 if (!(digest = EVP_get_digestbynid(nid)))
1944 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001945#else
1946 goto mkcert_error;
1947#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001948 }
1949
Christopher Faulet31af49d2015-06-09 17:29:50 +02001950 if (!(X509_sign(newcrt, capkey, digest)))
1951 goto mkcert_error;
1952
1953 /* Create and set the new SSL_CTX */
1954 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1955 goto mkcert_error;
1956 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1957 goto mkcert_error;
1958 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1959 goto mkcert_error;
1960 if (!SSL_CTX_check_private_key(ssl_ctx))
1961 goto mkcert_error;
1962
1963 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001964
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001965#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001966 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001967#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001968#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1969 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001970 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001971 EC_KEY *ecc;
1972 int nid;
1973
1974 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1975 goto end;
1976 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1977 goto end;
1978 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1979 EC_KEY_free(ecc);
1980 }
1981#endif
1982 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001983 return ssl_ctx;
1984
1985 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001986 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001987 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001988 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1989 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001990 return NULL;
1991}
1992
Christopher Faulet7969a332015-10-09 11:15:03 +02001993SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001994ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001995{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001996 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001997 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001998
Olivier Houchard66ab4982019-02-26 18:37:15 +01001999 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02002000}
2001
Christopher Faulet30548802015-06-11 13:39:32 +02002002/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02002003 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02002004SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02002005ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02002006{
2007 struct lru64 *lru = NULL;
2008
2009 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002010 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002011 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002012 if (lru && lru->domain) {
2013 if (ssl)
2014 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002015 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002016 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002017 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002018 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002019 }
2020 return NULL;
2021}
2022
Emeric Brun821bb9b2017-06-15 16:37:39 +02002023/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2024 * function is not thread-safe, it should only be used to check if a certificate
2025 * exists in the lru cache (with no warranty it will not be removed by another
2026 * thread). It is kept for backward compatibility. */
2027SSL_CTX *
2028ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2029{
2030 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2031}
2032
Christopher Fauletd2cab922015-07-28 16:03:47 +02002033/* Set a certificate int the LRU cache used to store generated
2034 * certificate. Return 0 on success, otherwise -1 */
2035int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002036ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002037{
2038 struct lru64 *lru = NULL;
2039
2040 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002041 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002042 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002043 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002044 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002045 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002046 }
Christopher Faulet30548802015-06-11 13:39:32 +02002047 if (lru->domain && lru->data)
2048 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002049 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002050 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002051 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002052 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002053 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002054}
2055
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002056/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002057unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002058ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002059{
2060 return XXH32(data, len, ssl_ctx_lru_seed);
2061}
2062
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002063/* Generate a cert and immediately assign it to the SSL session so that the cert's
2064 * refcount is maintained regardless of the cert's presence in the LRU cache.
2065 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002066static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002067ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002068{
2069 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002070 SSL_CTX *ssl_ctx = NULL;
2071 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002072 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002073
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002074 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002075 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002076 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002077 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002078 if (lru && lru->domain)
2079 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002080 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002081 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002082 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002083 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002084 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002085 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002086 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002087 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002088 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002089 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002090 SSL_set_SSL_CTX(ssl, ssl_ctx);
2091 /* No LRU cache, this CTX will be released as soon as the session dies */
2092 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002093 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002094 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002095 return 0;
2096}
2097static int
2098ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2099{
2100 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002101 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002102
2103 conn_get_to_addr(conn);
2104 if (conn->flags & CO_FL_ADDR_TO_SET) {
2105 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002106 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002107 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002108 }
2109 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002110}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002111#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002112
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002113
2114#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
2115#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
2116#endif
2117
2118#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
2119#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
2120#define SSL_renegotiate_pending(arg) 0
2121#endif
2122#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
2123#define SSL_OP_SINGLE_ECDH_USE 0
2124#endif
2125#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
2126#define SSL_OP_NO_TICKET 0
2127#endif
2128#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
2129#define SSL_OP_NO_COMPRESSION 0
2130#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002131#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
2132#undef SSL_OP_NO_SSLv3
2133#define SSL_OP_NO_SSLv3 0
2134#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002135#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
2136#define SSL_OP_NO_TLSv1_1 0
2137#endif
2138#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
2139#define SSL_OP_NO_TLSv1_2 0
2140#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002141#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002142#define SSL_OP_NO_TLSv1_3 0
2143#endif
2144#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
2145#define SSL_OP_SINGLE_DH_USE 0
2146#endif
2147#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
2148#define SSL_OP_SINGLE_ECDH_USE 0
2149#endif
2150#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
2151#define SSL_MODE_RELEASE_BUFFERS 0
2152#endif
2153#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
2154#define SSL_MODE_SMALL_BUFFERS 0
2155#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02002156#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
2157#define SSL_OP_PRIORITIZE_CHACHA 0
2158#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002159
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002160#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002161typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2162
2163static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002164{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002165#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002166 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002167 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2168#endif
2169}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002170static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2171 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002172 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2173}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002174static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002175#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002176 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002177 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2178#endif
2179}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002180static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002181#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002182 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002183 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2184#endif
2185}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002186/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002187static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2188/* Unusable in this context. */
2189static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2190static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2191static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2192static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2193static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002194#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002195typedef enum { SET_MIN, SET_MAX } set_context_func;
2196
2197static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2198 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002199 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2200}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002201static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2202 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2203 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2204}
2205static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2206 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002207 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2208}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002209static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2210 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2211 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2212}
2213static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2214 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002215 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2216}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002217static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2218 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2219 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2220}
2221static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2222 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002223 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2224}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002225static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2226 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2227 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2228}
2229static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002230#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002231 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002232 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2233#endif
2234}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002235static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2236#if SSL_OP_NO_TLSv1_3
2237 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2238 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002239#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002240}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002241#endif
2242static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2243static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002244
2245static struct {
2246 int option;
2247 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002248 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2249 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002250 const char *name;
2251} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002252 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2253 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2254 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2255 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2256 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2257 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002258};
2259
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002260static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2261{
2262 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2263 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2264 SSL_set_SSL_CTX(ssl, ctx);
2265}
2266
Willy Tarreau5db847a2019-05-09 14:13:35 +02002267#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002268
2269static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2270{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002271 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002272 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002273
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002274 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2275 return SSL_TLSEXT_ERR_OK;
2276 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002277}
2278
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002279#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002280static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2281{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002282 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002283#else
2284static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2285{
2286#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002287 struct connection *conn;
2288 struct bind_conf *s;
2289 const uint8_t *extension_data;
2290 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002291 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002292
2293 char *wildp = NULL;
2294 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002295 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002296 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002297 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002298 int i;
2299
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002300 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002301 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002302
Olivier Houchard9679ac92017-10-27 14:58:08 +02002303 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002304 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002305#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002306 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2307 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002308#else
2309 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2310#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002311 /*
2312 * The server_name extension was given too much extensibility when it
2313 * was written, so parsing the normal case is a bit complex.
2314 */
2315 size_t len;
2316 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002317 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002318 /* Extract the length of the supplied list of names. */
2319 len = (*extension_data++) << 8;
2320 len |= *extension_data++;
2321 if (len + 2 != extension_len)
2322 goto abort;
2323 /*
2324 * The list in practice only has a single element, so we only consider
2325 * the first one.
2326 */
2327 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2328 goto abort;
2329 extension_len = len - 1;
2330 /* Now we can finally pull out the byte array with the actual hostname. */
2331 if (extension_len <= 2)
2332 goto abort;
2333 len = (*extension_data++) << 8;
2334 len |= *extension_data++;
2335 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2336 || memchr(extension_data, 0, len) != NULL)
2337 goto abort;
2338 servername = extension_data;
2339 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002340 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002341#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2342 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002343 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002344 }
2345#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002346 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002347 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002348 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002349 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002350 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002351 goto abort;
2352 }
2353
2354 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002355#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002356 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002357#else
2358 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2359#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002360 uint8_t sign;
2361 size_t len;
2362 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002363 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002364 len = (*extension_data++) << 8;
2365 len |= *extension_data++;
2366 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002367 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002368 if (len % 2 != 0)
2369 goto abort;
2370 for (; len > 0; len -= 2) {
2371 extension_data++; /* hash */
2372 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002373 switch (sign) {
2374 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002375 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002376 break;
2377 case TLSEXT_signature_ecdsa:
2378 has_ecdsa_sig = 1;
2379 break;
2380 default:
2381 continue;
2382 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002383 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002384 break;
2385 }
2386 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002387 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002388 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002389 }
2390 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002391 const SSL_CIPHER *cipher;
2392 size_t len;
2393 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002394 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002395#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002396 len = ctx->cipher_suites_len;
2397 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002398#else
2399 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2400#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002401 if (len % 2 != 0)
2402 goto abort;
2403 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002404#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002405 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002406 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002407#else
2408 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2409#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002410 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002411 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002412 break;
2413 }
2414 }
2415 }
2416
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002417 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002418 trash.area[i] = tolower(servername[i]);
2419 if (!wildp && (trash.area[i] == '.'))
2420 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002421 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002422 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002423
2424 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002425 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002426
2427 /* lookup a not neg filter */
2428 for (n = node; n; n = ebmb_next_dup(n)) {
2429 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002430 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002431 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002432 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002433 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002434 break;
2435 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002436 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002437 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002438 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002439 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002440 if (!node_anonymous)
2441 node_anonymous = n;
2442 break;
2443 }
2444 }
2445 }
2446 if (wildp) {
2447 /* lookup in wildcards names */
2448 node = ebst_lookup(&s->sni_w_ctx, wildp);
2449 for (n = node; n; n = ebmb_next_dup(n)) {
2450 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002451 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002452 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002453 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002454 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002455 break;
2456 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002457 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002458 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002459 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002460 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002461 if (!node_anonymous)
2462 node_anonymous = n;
2463 break;
2464 }
2465 }
2466 }
2467 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002468 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002469 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2470 : ((has_rsa_sig && node_rsa) ? node_rsa
2471 : (node_anonymous ? node_anonymous
2472 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2473 : node_rsa /* no rsa signature case (far far away) */
2474 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002475 if (node) {
2476 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002477 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002478 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002479 if (conf) {
2480 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2481 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2482 if (conf->early_data)
2483 allow_early = 1;
2484 }
2485 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002486 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002487#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002488 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002489 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002490 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002491 }
2492#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002493 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002494 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002495 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002496 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002497allow_early:
2498#ifdef OPENSSL_IS_BORINGSSL
2499 if (allow_early)
2500 SSL_set_early_data_enabled(ssl, 1);
2501#else
2502 if (!allow_early)
2503 SSL_set_max_early_data(ssl, 0);
2504#endif
2505 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002506 abort:
2507 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2508 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002509#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002510 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002511#else
2512 *al = SSL_AD_UNRECOGNIZED_NAME;
2513 return 0;
2514#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002515}
2516
2517#else /* OPENSSL_IS_BORINGSSL */
2518
Emeric Brunfc0421f2012-09-07 17:30:07 +02002519/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2520 * warning when no match is found, which implies the default (first) cert
2521 * will keep being used.
2522 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002523static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002524{
2525 const char *servername;
2526 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002527 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002528 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002529 int i;
2530 (void)al; /* shut gcc stupid warning */
2531
2532 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002533 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002534#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002535 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2536 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002537#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002538 if (s->strict_sni)
2539 return SSL_TLSEXT_ERR_ALERT_FATAL;
2540 ssl_sock_switchctx_set(ssl, s->default_ctx);
2541 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002542 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002543
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002544 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002545 if (!servername[i])
2546 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002547 trash.area[i] = tolower(servername[i]);
2548 if (!wildp && (trash.area[i] == '.'))
2549 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002550 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002551 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002552
2553 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002554 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002555
2556 /* lookup a not neg filter */
2557 for (n = node; n; n = ebmb_next_dup(n)) {
2558 if (!container_of(n, struct sni_ctx, name)->neg) {
2559 node = n;
2560 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002561 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002562 }
2563 if (!node && wildp) {
2564 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002565 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002566 }
2567 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002568#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002569 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2570 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002571 return SSL_TLSEXT_ERR_OK;
2572 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002573#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002574 if (s->strict_sni)
2575 return SSL_TLSEXT_ERR_ALERT_FATAL;
2576 ssl_sock_switchctx_set(ssl, s->default_ctx);
2577 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002578 }
2579
2580 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002581 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002582 return SSL_TLSEXT_ERR_OK;
2583}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002584#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002585#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2586
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002587#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002588
2589static DH * ssl_get_dh_1024(void)
2590{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002591 static unsigned char dh1024_p[]={
2592 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2593 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2594 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2595 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2596 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2597 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2598 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2599 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2600 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2601 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2602 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2603 };
2604 static unsigned char dh1024_g[]={
2605 0x02,
2606 };
2607
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002608 BIGNUM *p;
2609 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002610 DH *dh = DH_new();
2611 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002612 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2613 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002614
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002615 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002616 DH_free(dh);
2617 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002618 } else {
2619 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002620 }
2621 }
2622 return dh;
2623}
2624
2625static DH *ssl_get_dh_2048(void)
2626{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002627 static unsigned char dh2048_p[]={
2628 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2629 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2630 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2631 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2632 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2633 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2634 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2635 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2636 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2637 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2638 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2639 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2640 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2641 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2642 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2643 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2644 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2645 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2646 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2647 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2648 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2649 0xB7,0x1F,0x77,0xF3,
2650 };
2651 static unsigned char dh2048_g[]={
2652 0x02,
2653 };
2654
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002655 BIGNUM *p;
2656 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002657 DH *dh = DH_new();
2658 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002659 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2660 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002661
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002662 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002663 DH_free(dh);
2664 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002665 } else {
2666 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002667 }
2668 }
2669 return dh;
2670}
2671
2672static DH *ssl_get_dh_4096(void)
2673{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002674 static unsigned char dh4096_p[]={
2675 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2676 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2677 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2678 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2679 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2680 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2681 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2682 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2683 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2684 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2685 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2686 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2687 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2688 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2689 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2690 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2691 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2692 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2693 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2694 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2695 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2696 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2697 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2698 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2699 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2700 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2701 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2702 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2703 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2704 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2705 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2706 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2707 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2708 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2709 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2710 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2711 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2712 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2713 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2714 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2715 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2716 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2717 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002718 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002719 static unsigned char dh4096_g[]={
2720 0x02,
2721 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002722
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002723 BIGNUM *p;
2724 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002725 DH *dh = DH_new();
2726 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002727 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2728 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002729
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002730 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002731 DH_free(dh);
2732 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002733 } else {
2734 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002735 }
2736 }
2737 return dh;
2738}
2739
2740/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002741 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002742static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2743{
2744 DH *dh = NULL;
2745 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002746 int type;
2747
2748 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002749
2750 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2751 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2752 */
2753 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2754 keylen = EVP_PKEY_bits(pkey);
2755 }
2756
Willy Tarreauef934602016-12-22 23:12:01 +01002757 if (keylen > global_ssl.default_dh_param) {
2758 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002759 }
2760
Remi Gacogned3a341a2015-05-29 16:26:17 +02002761 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002762 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002763 }
2764 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002765 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002766 }
2767 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002768 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002769 }
2770
2771 return dh;
2772}
2773
Remi Gacogne47783ef2015-05-29 15:53:22 +02002774static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002775{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002776 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002777 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002778
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002779 if (in == NULL)
2780 goto end;
2781
Remi Gacogne47783ef2015-05-29 15:53:22 +02002782 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002783 goto end;
2784
Remi Gacogne47783ef2015-05-29 15:53:22 +02002785 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2786
2787end:
2788 if (in)
2789 BIO_free(in);
2790
Emeric Brune1b4ed42018-08-16 15:14:12 +02002791 ERR_clear_error();
2792
Remi Gacogne47783ef2015-05-29 15:53:22 +02002793 return dh;
2794}
2795
2796int ssl_sock_load_global_dh_param_from_file(const char *filename)
2797{
2798 global_dh = ssl_sock_get_dh_from_file(filename);
2799
2800 if (global_dh) {
2801 return 0;
2802 }
2803
2804 return -1;
2805}
2806
2807/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
Joseph Herlant017b3da2018-11-15 09:07:59 -08002808 if an error occurred, and 0 if parameter not found. */
Remi Gacogne47783ef2015-05-29 15:53:22 +02002809int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2810{
2811 int ret = -1;
2812 DH *dh = ssl_sock_get_dh_from_file(file);
2813
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002814 if (dh) {
2815 ret = 1;
2816 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002817
2818 if (ssl_dh_ptr_index >= 0) {
2819 /* store a pointer to the DH params to avoid complaining about
2820 ssl-default-dh-param not being set for this SSL_CTX */
2821 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2822 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002823 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002824 else if (global_dh) {
2825 SSL_CTX_set_tmp_dh(ctx, global_dh);
2826 ret = 0; /* DH params not found */
2827 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002828 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002829 /* Clear openssl global errors stack */
2830 ERR_clear_error();
2831
Willy Tarreauef934602016-12-22 23:12:01 +01002832 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002833 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002834 if (local_dh_1024 == NULL)
2835 local_dh_1024 = ssl_get_dh_1024();
2836
Remi Gacogne8de54152014-07-15 11:36:40 +02002837 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002838 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002839
Remi Gacogne8de54152014-07-15 11:36:40 +02002840 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002841 }
2842 else {
2843 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2844 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002845
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002846 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002847 }
Emeric Brun644cde02012-12-14 11:21:13 +01002848
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002849end:
2850 if (dh)
2851 DH_free(dh);
2852
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002853 return ret;
2854}
2855#endif
2856
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002857static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002858 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002859{
2860 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002861 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002862 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002863
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002864 if (*name == '!') {
2865 neg = 1;
2866 name++;
2867 }
2868 if (*name == '*') {
2869 wild = 1;
2870 name++;
2871 }
2872 /* !* filter is a nop */
2873 if (neg && wild)
2874 return order;
2875 if (*name) {
2876 int j, len;
2877 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002878 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002879 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002880 if (j >= trash.size)
2881 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002882 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002883
2884 /* Check for duplicates. */
2885 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002886 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002887 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002888 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002889 for (; node; node = ebmb_next_dup(node)) {
2890 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002891 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002892 return order;
2893 }
2894
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002895 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002896 if (!sc)
2897 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002898 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002899 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002900 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002901 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002902 sc->order = order++;
2903 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002904 if (kinfo.sig != TLSEXT_signature_anonymous)
2905 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002906 if (wild)
2907 ebst_insert(&s->sni_w_ctx, &sc->name);
2908 else
2909 ebst_insert(&s->sni_ctx, &sc->name);
2910 }
2911 return order;
2912}
2913
yanbzhu488a4d22015-12-01 15:16:07 -05002914
2915/* The following code is used for loading multiple crt files into
2916 * SSL_CTX's based on CN/SAN
2917 */
Willy Tarreau5db847a2019-05-09 14:13:35 +02002918#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05002919/* This is used to preload the certifcate, private key
2920 * and Cert Chain of a file passed in via the crt
2921 * argument
2922 *
2923 * This way, we do not have to read the file multiple times
2924 */
2925struct cert_key_and_chain {
2926 X509 *cert;
2927 EVP_PKEY *key;
2928 unsigned int num_chain_certs;
2929 /* This is an array of X509 pointers */
2930 X509 **chain_certs;
2931};
2932
yanbzhu08ce6ab2015-12-02 13:01:29 -05002933#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2934
2935struct key_combo_ctx {
2936 SSL_CTX *ctx;
2937 int order;
2938};
2939
2940/* Map used for processing multiple keypairs for a single purpose
2941 *
2942 * This maps CN/SNI name to certificate type
2943 */
2944struct sni_keytype {
2945 int keytypes; /* BITMASK for keytypes */
2946 struct ebmb_node name; /* node holding the servername value */
2947};
2948
2949
yanbzhu488a4d22015-12-01 15:16:07 -05002950/* Frees the contents of a cert_key_and_chain
2951 */
2952static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2953{
2954 int i;
2955
2956 if (!ckch)
2957 return;
2958
2959 /* Free the certificate and set pointer to NULL */
2960 if (ckch->cert)
2961 X509_free(ckch->cert);
2962 ckch->cert = NULL;
2963
2964 /* Free the key and set pointer to NULL */
2965 if (ckch->key)
2966 EVP_PKEY_free(ckch->key);
2967 ckch->key = NULL;
2968
2969 /* Free each certificate in the chain */
2970 for (i = 0; i < ckch->num_chain_certs; i++) {
2971 if (ckch->chain_certs[i])
2972 X509_free(ckch->chain_certs[i]);
2973 }
2974
2975 /* Free the chain obj itself and set to NULL */
2976 if (ckch->num_chain_certs > 0) {
2977 free(ckch->chain_certs);
2978 ckch->num_chain_certs = 0;
2979 ckch->chain_certs = NULL;
2980 }
2981
2982}
2983
2984/* checks if a key and cert exists in the ckch
2985 */
2986static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2987{
2988 return (ckch->cert != NULL && ckch->key != NULL);
2989}
2990
2991
2992/* Loads the contents of a crt file (path) into a cert_key_and_chain
2993 * This allows us to carry the contents of the file without having to
2994 * read the file multiple times.
2995 *
2996 * returns:
2997 * 0 on Success
2998 * 1 on SSL Failure
2999 * 2 on file not found
3000 */
3001static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
3002{
3003
3004 BIO *in;
3005 X509 *ca = NULL;
3006 int ret = 1;
3007
3008 ssl_sock_free_cert_key_and_chain_contents(ckch);
3009
3010 in = BIO_new(BIO_s_file());
3011 if (in == NULL)
3012 goto end;
3013
3014 if (BIO_read_filename(in, path) <= 0)
3015 goto end;
3016
yanbzhu488a4d22015-12-01 15:16:07 -05003017 /* Read Private Key */
3018 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3019 if (ckch->key == NULL) {
3020 memprintf(err, "%sunable to load private key from file '%s'.\n",
3021 err && *err ? *err : "", path);
3022 goto end;
3023 }
3024
Willy Tarreaubb137a82016-04-06 19:02:38 +02003025 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003026 if (BIO_reset(in) == -1) {
3027 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3028 err && *err ? *err : "", path);
3029 goto end;
3030 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003031
3032 /* Read Certificate */
3033 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3034 if (ckch->cert == NULL) {
3035 memprintf(err, "%sunable to load certificate from file '%s'.\n",
3036 err && *err ? *err : "", path);
3037 goto end;
3038 }
3039
yanbzhu488a4d22015-12-01 15:16:07 -05003040 /* Read Certificate Chain */
3041 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
3042 /* Grow the chain certs */
3043 ckch->num_chain_certs++;
3044 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
3045
3046 /* use - 1 here since we just incremented it above */
3047 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
3048 }
3049 ret = ERR_get_error();
3050 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3051 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
3052 err && *err ? *err : "", path);
3053 ret = 1;
3054 goto end;
3055 }
3056
3057 ret = 0;
3058
3059end:
3060
3061 ERR_clear_error();
3062 if (in)
3063 BIO_free(in);
3064
3065 /* Something went wrong in one of the reads */
3066 if (ret != 0)
3067 ssl_sock_free_cert_key_and_chain_contents(ckch);
3068
3069 return ret;
3070}
3071
3072/* Loads the info in ckch into ctx
3073 * Currently, this does not process any information about ocsp, dhparams or
3074 * sctl
3075 * Returns
3076 * 0 on success
3077 * 1 on failure
3078 */
3079static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3080{
3081 int i = 0;
3082
3083 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3084 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3085 err && *err ? *err : "", path);
3086 return 1;
3087 }
3088
3089 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3090 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3091 err && *err ? *err : "", path);
3092 return 1;
3093 }
3094
yanbzhu488a4d22015-12-01 15:16:07 -05003095 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3096 for (i = 0; i < ckch->num_chain_certs; i++) {
3097 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003098 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3099 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05003100 return 1;
3101 }
3102 }
3103
3104 if (SSL_CTX_check_private_key(ctx) <= 0) {
3105 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3106 err && *err ? *err : "", path);
3107 return 1;
3108 }
3109
3110 return 0;
3111}
3112
yanbzhu08ce6ab2015-12-02 13:01:29 -05003113
3114static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
3115{
3116 struct sni_keytype *s_kt = NULL;
3117 struct ebmb_node *node;
3118 int i;
3119
3120 for (i = 0; i < trash.size; i++) {
3121 if (!str[i])
3122 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003123 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003124 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003125 trash.area[i] = 0;
3126 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003127 if (!node) {
3128 /* CN not found in tree */
3129 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3130 /* Using memcpy here instead of strncpy.
3131 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3132 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3133 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003134 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003135 s_kt->keytypes = 0;
3136 ebst_insert(sni_keytypes, &s_kt->name);
3137 } else {
3138 /* CN found in tree */
3139 s_kt = container_of(node, struct sni_keytype, name);
3140 }
3141
3142 /* Mark that this CN has the keytype of key_index via keytypes mask */
3143 s_kt->keytypes |= 1<<key_index;
3144
3145}
3146
3147
3148/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3149 * If any are found, group these files into a set of SSL_CTX*
3150 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3151 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003152 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003153 *
3154 * Returns
3155 * 0 on success
3156 * 1 on failure
3157 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003158static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3159 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003160{
3161 char fp[MAXPATHLEN+1] = {0};
3162 int n = 0;
3163 int i = 0;
3164 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3165 struct eb_root sni_keytypes_map = { {0} };
3166 struct ebmb_node *node;
3167 struct ebmb_node *next;
3168 /* Array of SSL_CTX pointers corresponding to each possible combo
3169 * of keytypes
3170 */
3171 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3172 int rv = 0;
3173 X509_NAME *xname = NULL;
3174 char *str = NULL;
3175#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3176 STACK_OF(GENERAL_NAME) *names = NULL;
3177#endif
3178
3179 /* Load all possible certs and keys */
3180 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3181 struct stat buf;
3182
3183 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3184 if (stat(fp, &buf) == 0) {
3185 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
3186 rv = 1;
3187 goto end;
3188 }
3189 }
3190 }
3191
3192 /* Process each ckch and update keytypes for each CN/SAN
3193 * for example, if CN/SAN www.a.com is associated with
3194 * certs with keytype 0 and 2, then at the end of the loop,
3195 * www.a.com will have:
3196 * keyindex = 0 | 1 | 4 = 5
3197 */
3198 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3199
3200 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3201 continue;
3202
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003203 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003204 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003205 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3206 } else {
3207 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3208 * so the line that contains logic is marked via comments
3209 */
3210 xname = X509_get_subject_name(certs_and_keys[n].cert);
3211 i = -1;
3212 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3213 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003214 ASN1_STRING *value;
3215 value = X509_NAME_ENTRY_get_data(entry);
3216 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003217 /* Important line is here */
3218 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003219
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003220 OPENSSL_free(str);
3221 str = NULL;
3222 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003223 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003224
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003225 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003226#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003227 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3228 if (names) {
3229 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3230 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003231
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003232 if (name->type == GEN_DNS) {
3233 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3234 /* Important line is here */
3235 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003236
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003237 OPENSSL_free(str);
3238 str = NULL;
3239 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003240 }
3241 }
3242 }
3243 }
3244#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3245 }
3246
3247 /* If no files found, return error */
3248 if (eb_is_empty(&sni_keytypes_map)) {
3249 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3250 err && *err ? *err : "", path);
3251 rv = 1;
3252 goto end;
3253 }
3254
3255 /* We now have a map of CN/SAN to keytypes that are loaded in
3256 * Iterate through the map to create the SSL_CTX's (if needed)
3257 * and add each CTX to the SNI tree
3258 *
3259 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003260 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003261 * combination is denoted by the key in the map. Each key
3262 * has a value between 1 and 2^n - 1. Conveniently, the array
3263 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3264 * entry in the array to correspond to the unique combo (key)
3265 * associated with i. This unique key combo (i) will be associated
3266 * with combos[i-1]
3267 */
3268
3269 node = ebmb_first(&sni_keytypes_map);
3270 while (node) {
3271 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003272 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003273 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003274
3275 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3276 i = container_of(node, struct sni_keytype, name)->keytypes;
3277 cur_ctx = key_combos[i-1].ctx;
3278
3279 if (cur_ctx == NULL) {
3280 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003281 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003282 if (cur_ctx == NULL) {
3283 memprintf(err, "%sunable to allocate SSL context.\n",
3284 err && *err ? *err : "");
3285 rv = 1;
3286 goto end;
3287 }
3288
yanbzhube2774d2015-12-10 15:07:30 -05003289 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003290 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3291 if (i & (1<<n)) {
3292 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003293 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3294 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003295 SSL_CTX_free(cur_ctx);
3296 rv = 1;
3297 goto end;
3298 }
yanbzhube2774d2015-12-10 15:07:30 -05003299
3300#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3301 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003302 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003303 if (err)
3304 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003305 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003306 SSL_CTX_free(cur_ctx);
3307 rv = 1;
3308 goto end;
3309 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003310#elif (defined OPENSSL_IS_BORINGSSL)
3311 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003312#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003313 }
3314 }
3315
3316 /* Load DH params into the ctx to support DHE keys */
3317#ifndef OPENSSL_NO_DH
3318 if (ssl_dh_ptr_index >= 0)
3319 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3320
3321 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3322 if (rv < 0) {
3323 if (err)
3324 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3325 *err ? *err : "", path);
3326 rv = 1;
3327 goto end;
3328 }
3329#endif
3330
3331 /* Update key_combos */
3332 key_combos[i-1].ctx = cur_ctx;
3333 }
3334
3335 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003336 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003337 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003338 node = ebmb_next(node);
3339 }
3340
3341
3342 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3343 if (!bind_conf->default_ctx) {
3344 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3345 if (key_combos[i].ctx) {
3346 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003347 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003348 break;
3349 }
3350 }
3351 }
3352
3353end:
3354
3355 if (names)
3356 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3357
3358 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3359 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3360
3361 node = ebmb_first(&sni_keytypes_map);
3362 while (node) {
3363 next = ebmb_next(node);
3364 ebmb_delete(node);
3365 node = next;
3366 }
3367
3368 return rv;
3369}
3370#else
3371/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003372static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3373 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003374{
3375 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3376 err && *err ? *err : "", path, strerror(errno));
3377 return 1;
3378}
3379
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003380#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003381
Emeric Brunfc0421f2012-09-07 17:30:07 +02003382/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3383 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3384 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003385static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3386 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003387{
3388 BIO *in;
3389 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003390 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003391 int ret = -1;
3392 int order = 0;
3393 X509_NAME *xname;
3394 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003395 pem_password_cb *passwd_cb;
3396 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003397 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003398 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003399
Emeric Brunfc0421f2012-09-07 17:30:07 +02003400#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3401 STACK_OF(GENERAL_NAME) *names;
3402#endif
3403
3404 in = BIO_new(BIO_s_file());
3405 if (in == NULL)
3406 goto end;
3407
3408 if (BIO_read_filename(in, file) <= 0)
3409 goto end;
3410
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003411
3412 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3413 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3414
3415 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003416 if (x == NULL)
3417 goto end;
3418
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003419 pkey = X509_get_pubkey(x);
3420 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003421 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003422 switch(EVP_PKEY_base_id(pkey)) {
3423 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003424 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003425 break;
3426 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003427 kinfo.sig = TLSEXT_signature_ecdsa;
3428 break;
3429 case EVP_PKEY_DSA:
3430 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003431 break;
3432 }
3433 EVP_PKEY_free(pkey);
3434 }
3435
Emeric Brun50bcecc2013-04-22 13:05:23 +02003436 if (fcount) {
3437 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003438 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003439 }
3440 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003441#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003442 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3443 if (names) {
3444 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3445 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3446 if (name->type == GEN_DNS) {
3447 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003448 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003449 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003450 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003451 }
3452 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003453 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003454 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003455#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003456 xname = X509_get_subject_name(x);
3457 i = -1;
3458 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3459 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003460 ASN1_STRING *value;
3461
3462 value = X509_NAME_ENTRY_get_data(entry);
3463 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003464 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003465 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003466 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003467 }
3468 }
3469
3470 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3471 if (!SSL_CTX_use_certificate(ctx, x))
3472 goto end;
3473
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003474#ifdef SSL_CTX_clear_extra_chain_certs
3475 SSL_CTX_clear_extra_chain_certs(ctx);
3476#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003477 if (ctx->extra_certs != NULL) {
3478 sk_X509_pop_free(ctx->extra_certs, X509_free);
3479 ctx->extra_certs = NULL;
3480 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003481#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003482
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003483 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003484 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3485 X509_free(ca);
3486 goto end;
3487 }
3488 }
3489
3490 err = ERR_get_error();
3491 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3492 /* we successfully reached the last cert in the file */
3493 ret = 1;
3494 }
3495 ERR_clear_error();
3496
3497end:
3498 if (x)
3499 X509_free(x);
3500
3501 if (in)
3502 BIO_free(in);
3503
3504 return ret;
3505}
3506
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003507static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3508 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003509{
3510 int ret;
3511 SSL_CTX *ctx;
3512
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003513 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003514 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003515 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3516 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003517 return 1;
3518 }
3519
3520 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003521 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3522 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003523 SSL_CTX_free(ctx);
3524 return 1;
3525 }
3526
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003527 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003528 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003529 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3530 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003531 if (ret < 0) /* serious error, must do that ourselves */
3532 SSL_CTX_free(ctx);
3533 return 1;
3534 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003535
3536 if (SSL_CTX_check_private_key(ctx) <= 0) {
3537 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3538 err && *err ? *err : "", path);
3539 return 1;
3540 }
3541
Emeric Brunfc0421f2012-09-07 17:30:07 +02003542 /* we must not free the SSL_CTX anymore below, since it's already in
3543 * the tree, so it will be discovered and cleaned in time.
3544 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003545#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003546 /* store a NULL pointer to indicate we have not yet loaded
3547 a custom DH param file */
3548 if (ssl_dh_ptr_index >= 0) {
3549 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3550 }
3551
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003552 ret = ssl_sock_load_dh_params(ctx, path);
3553 if (ret < 0) {
3554 if (err)
3555 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3556 *err ? *err : "", path);
3557 return 1;
3558 }
3559#endif
3560
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003561#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003562 ret = ssl_sock_load_ocsp(ctx, path);
3563 if (ret < 0) {
3564 if (err)
3565 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3566 *err ? *err : "", path);
3567 return 1;
3568 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003569#elif (defined OPENSSL_IS_BORINGSSL)
3570 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003571#endif
3572
Willy Tarreau5db847a2019-05-09 14:13:35 +02003573#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003574 if (sctl_ex_index >= 0) {
3575 ret = ssl_sock_load_sctl(ctx, path);
3576 if (ret < 0) {
3577 if (err)
3578 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3579 *err ? *err : "", path);
3580 return 1;
3581 }
3582 }
3583#endif
3584
Emeric Brunfc0421f2012-09-07 17:30:07 +02003585#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003586 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003587 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3588 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003589 return 1;
3590 }
3591#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003592 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003593 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003594 bind_conf->default_ssl_conf = ssl_conf;
3595 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003596
3597 return 0;
3598}
3599
Willy Tarreau03209342016-12-22 17:08:28 +01003600int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003601{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003602 struct dirent **de_list;
3603 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003604 DIR *dir;
3605 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003606 char *end;
3607 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003608 int cfgerr = 0;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003609#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003610 int is_bundle;
3611 int j;
3612#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003613
yanbzhu08ce6ab2015-12-02 13:01:29 -05003614 if (stat(path, &buf) == 0) {
3615 dir = opendir(path);
3616 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003617 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003618
yanbzhu08ce6ab2015-12-02 13:01:29 -05003619 /* strip trailing slashes, including first one */
3620 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3621 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003622
yanbzhu08ce6ab2015-12-02 13:01:29 -05003623 n = scandir(path, &de_list, 0, alphasort);
3624 if (n < 0) {
3625 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3626 err && *err ? *err : "", path, strerror(errno));
3627 cfgerr++;
3628 }
3629 else {
3630 for (i = 0; i < n; i++) {
3631 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003632
yanbzhu08ce6ab2015-12-02 13:01:29 -05003633 end = strrchr(de->d_name, '.');
3634 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3635 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003636
yanbzhu08ce6ab2015-12-02 13:01:29 -05003637 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3638 if (stat(fp, &buf) != 0) {
3639 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3640 err && *err ? *err : "", fp, strerror(errno));
3641 cfgerr++;
3642 goto ignore_entry;
3643 }
3644 if (!S_ISREG(buf.st_mode))
3645 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003646
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003647#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003648 is_bundle = 0;
3649 /* Check if current entry in directory is part of a multi-cert bundle */
3650
3651 if (end) {
3652 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3653 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3654 is_bundle = 1;
3655 break;
3656 }
3657 }
3658
3659 if (is_bundle) {
3660 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3661 int dp_len;
3662
3663 dp_len = end - de->d_name;
3664 snprintf(dp, dp_len + 1, "%s", de->d_name);
3665
3666 /* increment i and free de until we get to a non-bundle cert
3667 * Note here that we look at de_list[i + 1] before freeing de
3668 * this is important since ignore_entry will free de
3669 */
3670 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3671 free(de);
3672 i++;
3673 de = de_list[i];
3674 }
3675
3676 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emeric Bruneb155b62018-08-16 15:11:12 +02003677 cfgerr += ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003678
3679 /* Successfully processed the bundle */
3680 goto ignore_entry;
3681 }
3682 }
3683
3684#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003685 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003686ignore_entry:
3687 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003688 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003689 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003690 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003691 closedir(dir);
3692 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003693 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003694
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003695 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003696
Emeric Brunfc0421f2012-09-07 17:30:07 +02003697 return cfgerr;
3698}
3699
Thierry Fournier383085f2013-01-24 14:15:43 +01003700/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3701 * done once. Zero is returned if the operation fails. No error is returned
3702 * if the random is said as not implemented, because we expect that openssl
3703 * will use another method once needed.
3704 */
3705static int ssl_initialize_random()
3706{
3707 unsigned char random;
3708 static int random_initialized = 0;
3709
3710 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3711 random_initialized = 1;
3712
3713 return random_initialized;
3714}
3715
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003716/* release ssl bind conf */
3717void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003718{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003719 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003720#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003721 free(conf->npn_str);
3722 conf->npn_str = NULL;
3723#endif
3724#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3725 free(conf->alpn_str);
3726 conf->alpn_str = NULL;
3727#endif
3728 free(conf->ca_file);
3729 conf->ca_file = NULL;
3730 free(conf->crl_file);
3731 conf->crl_file = NULL;
3732 free(conf->ciphers);
3733 conf->ciphers = NULL;
Willy Tarreau5db847a2019-05-09 14:13:35 +02003734#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003735 free(conf->ciphersuites);
3736 conf->ciphersuites = NULL;
3737#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003738 free(conf->curves);
3739 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003740 free(conf->ecdhe);
3741 conf->ecdhe = NULL;
3742 }
3743}
3744
3745int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3746{
3747 char thisline[CRT_LINESIZE];
3748 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003749 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003750 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003751 int linenum = 0;
3752 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003753
Willy Tarreauad1731d2013-04-02 17:35:58 +02003754 if ((f = fopen(file, "r")) == NULL) {
3755 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003756 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003757 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003758
3759 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003760 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003761 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003762 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003763 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003764 char *crt_path;
3765 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003766
3767 linenum++;
3768 end = line + strlen(line);
3769 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3770 /* Check if we reached the limit and the last char is not \n.
3771 * Watch out for the last line without the terminating '\n'!
3772 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003773 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3774 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003775 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003776 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003777 }
3778
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003779 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003780 newarg = 1;
3781 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003782 if (*line == '#' || *line == '\n' || *line == '\r') {
3783 /* end of string, end of loop */
3784 *line = 0;
3785 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003786 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003787 newarg = 1;
3788 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003789 } else if (*line == '[') {
3790 if (ssl_b) {
3791 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3792 cfgerr = 1;
3793 break;
3794 }
3795 if (!arg) {
3796 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3797 cfgerr = 1;
3798 break;
3799 }
3800 ssl_b = arg;
3801 newarg = 1;
3802 *line = 0;
3803 } else if (*line == ']') {
3804 if (ssl_e) {
3805 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003806 cfgerr = 1;
3807 break;
3808 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003809 if (!ssl_b) {
3810 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3811 cfgerr = 1;
3812 break;
3813 }
3814 ssl_e = arg;
3815 newarg = 1;
3816 *line = 0;
3817 } else if (newarg) {
3818 if (arg == MAX_CRT_ARGS) {
3819 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3820 cfgerr = 1;
3821 break;
3822 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003823 newarg = 0;
3824 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003825 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003826 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003827 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003828 if (cfgerr)
3829 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003830 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003831
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003832 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003833 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003834 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003835
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003836 crt_path = args[0];
3837 if (*crt_path != '/' && global_ssl.crt_base) {
3838 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3839 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3840 crt_path, linenum, file);
3841 cfgerr = 1;
3842 break;
3843 }
3844 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3845 crt_path = path;
3846 }
3847
3848 ssl_conf = calloc(1, sizeof *ssl_conf);
3849 cur_arg = ssl_b ? ssl_b : 1;
3850 while (cur_arg < ssl_e) {
3851 newarg = 0;
3852 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3853 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3854 newarg = 1;
3855 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3856 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3857 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3858 args[cur_arg], linenum, file);
3859 cfgerr = 1;
3860 }
3861 cur_arg += 1 + ssl_bind_kws[i].skip;
3862 break;
3863 }
3864 }
3865 if (!cfgerr && !newarg) {
3866 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3867 args[cur_arg], linenum, file);
3868 cfgerr = 1;
3869 break;
3870 }
3871 }
3872 if (cfgerr) {
3873 ssl_sock_free_ssl_conf(ssl_conf);
3874 free(ssl_conf);
3875 ssl_conf = NULL;
3876 break;
3877 }
3878
3879 if (stat(crt_path, &buf) == 0) {
3880 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3881 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003882 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003883 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3884 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003885 }
3886
Willy Tarreauad1731d2013-04-02 17:35:58 +02003887 if (cfgerr) {
3888 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003889 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003890 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003891 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003892 fclose(f);
3893 return cfgerr;
3894}
3895
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003896/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003897static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003898ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003899{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003900 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003901 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003902 SSL_OP_ALL | /* all known workarounds for bugs */
3903 SSL_OP_NO_SSLv2 |
3904 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003905 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003906 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003907 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003908 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003909 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003910 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003911 SSL_MODE_ENABLE_PARTIAL_WRITE |
3912 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003913 SSL_MODE_RELEASE_BUFFERS |
3914 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003915 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003916 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003917 int flags = MC_SSL_O_ALL;
3918 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003919
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003920 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003921 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003922
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003923 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003924 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3925 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3926 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003927 else
3928 flags = conf_ssl_methods->flags;
3929
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003930 min = conf_ssl_methods->min;
3931 max = conf_ssl_methods->max;
3932 /* start with TLSv10 to remove SSLv3 per default */
3933 if (!min && (!max || max >= CONF_TLSV10))
3934 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003935 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003936 if (min)
3937 flags |= (methodVersions[min].flag - 1);
3938 if (max)
3939 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003940 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003941 min = max = CONF_TLSV_NONE;
3942 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003943 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003944 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003945 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003946 if (min) {
3947 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003948 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3949 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3950 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3951 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003952 hole = 0;
3953 }
3954 max = i;
3955 }
3956 else {
3957 min = max = i;
3958 }
3959 }
3960 else {
3961 if (min)
3962 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003963 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003964 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003965 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3966 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003967 cfgerr += 1;
3968 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003969 /* save real min/max in bind_conf */
3970 conf_ssl_methods->min = min;
3971 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003972
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003973#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003974 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003975 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003976 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003977 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003978 else
3979 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3980 if (flags & methodVersions[i].flag)
3981 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003982#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003983 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003984 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3985 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003986#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003987
3988 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3989 options |= SSL_OP_NO_TICKET;
3990 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3991 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08003992
3993#ifdef SSL_OP_NO_RENEGOTIATION
3994 options |= SSL_OP_NO_RENEGOTIATION;
3995#endif
3996
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003997 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003998
Willy Tarreau5db847a2019-05-09 14:13:35 +02003999#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004000 if (global_ssl.async)
4001 mode |= SSL_MODE_ASYNC;
4002#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004003 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004004 if (global_ssl.life_time)
4005 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004006
4007#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4008#ifdef OPENSSL_IS_BORINGSSL
4009 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4010 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004011#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004012 if (bind_conf->ssl_conf.early_data) {
4013 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
4014 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
4015 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004016 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4017 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004018#else
4019 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004020#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004021 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004022#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004023 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004024}
4025
William Lallemand4f45bb92017-10-30 20:08:51 +01004026
4027static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4028{
4029 if (first == block) {
4030 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4031 if (first->len > 0)
4032 sh_ssl_sess_tree_delete(sh_ssl_sess);
4033 }
4034}
4035
4036/* return first block from sh_ssl_sess */
4037static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4038{
4039 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4040
4041}
4042
4043/* store a session into the cache
4044 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4045 * data: asn1 encoded session
4046 * data_len: asn1 encoded session length
4047 * Returns 1 id session was stored (else 0)
4048 */
4049static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4050{
4051 struct shared_block *first;
4052 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4053
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004054 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004055 if (!first) {
4056 /* Could not retrieve enough free blocks to store that session */
4057 return 0;
4058 }
4059
4060 /* STORE the key in the first elem */
4061 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4062 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4063 first->len = sizeof(struct sh_ssl_sess_hdr);
4064
4065 /* it returns the already existing node
4066 or current node if none, never returns null */
4067 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4068 if (oldsh_ssl_sess != sh_ssl_sess) {
4069 /* NOTE: Row couldn't be in use because we lock read & write function */
4070 /* release the reserved row */
4071 shctx_row_dec_hot(ssl_shctx, first);
4072 /* replace the previous session already in the tree */
4073 sh_ssl_sess = oldsh_ssl_sess;
4074 /* ignore the previous session data, only use the header */
4075 first = sh_ssl_sess_first_block(sh_ssl_sess);
4076 shctx_row_inc_hot(ssl_shctx, first);
4077 first->len = sizeof(struct sh_ssl_sess_hdr);
4078 }
4079
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004080 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004081 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004082 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004083 }
4084
4085 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004086
4087 return 1;
4088}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004089
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004090/* SSL callback used when a new session is created while connecting to a server */
4091static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4092{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004093 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004094 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004095
Willy Tarreau07d94e42018-09-20 10:57:52 +02004096 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004097
Olivier Houcharde6060c52017-11-16 17:42:52 +01004098 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4099 int len;
4100 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004101
Olivier Houcharde6060c52017-11-16 17:42:52 +01004102 len = i2d_SSL_SESSION(sess, NULL);
4103 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4104 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4105 } else {
4106 free(s->ssl_ctx.reused_sess[tid].ptr);
4107 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4108 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4109 }
4110 if (s->ssl_ctx.reused_sess[tid].ptr) {
4111 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4112 &ptr);
4113 }
4114 } else {
4115 free(s->ssl_ctx.reused_sess[tid].ptr);
4116 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4117 }
4118
4119 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004120}
4121
Olivier Houcharde6060c52017-11-16 17:42:52 +01004122
William Lallemanded0b5ad2017-10-30 19:36:36 +01004123/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004124int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004125{
4126 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4127 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4128 unsigned char *p;
4129 int data_len;
4130 unsigned int sid_length, sid_ctx_length;
4131 const unsigned char *sid_data;
4132 const unsigned char *sid_ctx_data;
4133
4134 /* Session id is already stored in to key and session id is known
4135 * so we dont store it to keep size.
4136 */
4137
4138 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4139 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4140 SSL_SESSION_set1_id(sess, sid_data, 0);
4141 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4142
4143 /* check if buffer is large enough for the ASN1 encoded session */
4144 data_len = i2d_SSL_SESSION(sess, NULL);
4145 if (data_len > SHSESS_MAX_DATA_LEN)
4146 goto err;
4147
4148 p = encsess;
4149
4150 /* process ASN1 session encoding before the lock */
4151 i2d_SSL_SESSION(sess, &p);
4152
4153 memcpy(encid, sid_data, sid_length);
4154 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4155 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4156
William Lallemanda3c77cf2017-10-30 23:44:40 +01004157 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004158 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004159 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004160 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004161err:
4162 /* reset original length values */
4163 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4164 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4165
4166 return 0; /* do not increment session reference count */
4167}
4168
4169/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004170SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004171{
William Lallemand4f45bb92017-10-30 20:08:51 +01004172 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004173 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4174 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004175 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004176 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004177
4178 global.shctx_lookups++;
4179
4180 /* allow the session to be freed automatically by openssl */
4181 *do_copy = 0;
4182
4183 /* tree key is zeros padded sessionid */
4184 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4185 memcpy(tmpkey, key, key_len);
4186 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4187 key = tmpkey;
4188 }
4189
4190 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004191 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004192
4193 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004194 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4195 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004196 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004197 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004198 global.shctx_misses++;
4199 return NULL;
4200 }
4201
William Lallemand4f45bb92017-10-30 20:08:51 +01004202 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4203 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004204
William Lallemand4f45bb92017-10-30 20:08:51 +01004205 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004206
William Lallemanda3c77cf2017-10-30 23:44:40 +01004207 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004208
4209 /* decode ASN1 session */
4210 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004211 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004212 /* Reset session id and session id contenxt */
4213 if (sess) {
4214 SSL_SESSION_set1_id(sess, key, key_len);
4215 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4216 }
4217
4218 return sess;
4219}
4220
William Lallemand4f45bb92017-10-30 20:08:51 +01004221
William Lallemanded0b5ad2017-10-30 19:36:36 +01004222/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004223void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004224{
William Lallemand4f45bb92017-10-30 20:08:51 +01004225 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004226 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4227 unsigned int sid_length;
4228 const unsigned char *sid_data;
4229 (void)ctx;
4230
4231 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4232 /* tree key is zeros padded sessionid */
4233 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4234 memcpy(tmpkey, sid_data, sid_length);
4235 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4236 sid_data = tmpkey;
4237 }
4238
William Lallemanda3c77cf2017-10-30 23:44:40 +01004239 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004240
4241 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004242 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4243 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004244 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004245 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004246 }
4247
4248 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004249 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004250}
4251
4252/* Set session cache mode to server and disable openssl internal cache.
4253 * Set shared cache callbacks on an ssl context.
4254 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004255void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004256{
4257 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4258
4259 if (!ssl_shctx) {
4260 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4261 return;
4262 }
4263
4264 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4265 SSL_SESS_CACHE_NO_INTERNAL |
4266 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4267
4268 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004269 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4270 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4271 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004272}
4273
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004274int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4275{
4276 struct proxy *curproxy = bind_conf->frontend;
4277 int cfgerr = 0;
4278 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004279 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004280 const char *conf_ciphers;
Willy Tarreau5db847a2019-05-09 14:13:35 +02004281#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004282 const char *conf_ciphersuites;
4283#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004284 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004285
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004286 if (ssl_conf) {
4287 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4288 int i, min, max;
4289 int flags = MC_SSL_O_ALL;
4290
4291 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004292 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4293 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004294 if (min)
4295 flags |= (methodVersions[min].flag - 1);
4296 if (max)
4297 flags |= ~((methodVersions[max].flag << 1) - 1);
4298 min = max = CONF_TLSV_NONE;
4299 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4300 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4301 if (min)
4302 max = i;
4303 else
4304 min = max = i;
4305 }
4306 /* save real min/max */
4307 conf_ssl_methods->min = min;
4308 conf_ssl_methods->max = max;
4309 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004310 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4311 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004312 cfgerr += 1;
4313 }
4314 }
4315
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004316 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004317 case SSL_SOCK_VERIFY_NONE:
4318 verify = SSL_VERIFY_NONE;
4319 break;
4320 case SSL_SOCK_VERIFY_OPTIONAL:
4321 verify = SSL_VERIFY_PEER;
4322 break;
4323 case SSL_SOCK_VERIFY_REQUIRED:
4324 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4325 break;
4326 }
4327 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4328 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004329 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4330 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4331 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004332 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004333 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004334 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4335 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004336 cfgerr++;
4337 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004338 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4339 /* set CA names for client cert request, function returns void */
4340 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4341 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004342 }
Emeric Brun850efd52014-01-29 12:24:34 +01004343 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004344 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4345 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004346 cfgerr++;
4347 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004348#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004349 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004350 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4351
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004352 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004353 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4354 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004355 cfgerr++;
4356 }
Emeric Brun561e5742012-10-02 15:20:55 +02004357 else {
4358 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4359 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004360 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004361#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004362 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004363 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004364#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004365 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004366 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004367 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4368 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004369 cfgerr++;
4370 }
4371 }
4372#endif
4373
William Lallemand4f45bb92017-10-30 20:08:51 +01004374 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004375 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4376 if (conf_ciphers &&
4377 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004378 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4379 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004380 cfgerr++;
4381 }
4382
Willy Tarreau5db847a2019-05-09 14:13:35 +02004383#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004384 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4385 if (conf_ciphersuites &&
4386 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4387 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4388 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4389 cfgerr++;
4390 }
4391#endif
4392
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004393#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004394 /* If tune.ssl.default-dh-param has not been set,
4395 neither has ssl-default-dh-file and no static DH
4396 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004397 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004398 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004399 (ssl_dh_ptr_index == -1 ||
4400 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004401 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4402 const SSL_CIPHER * cipher = NULL;
4403 char cipher_description[128];
4404 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4405 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4406 which is not ephemeral DH. */
4407 const char dhe_description[] = " Kx=DH ";
4408 const char dhe_export_description[] = " Kx=DH(";
4409 int idx = 0;
4410 int dhe_found = 0;
4411 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004412
Remi Gacogne23d5d372014-10-10 17:04:26 +02004413 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004414
Remi Gacogne23d5d372014-10-10 17:04:26 +02004415 if (ssl) {
4416 ciphers = SSL_get_ciphers(ssl);
4417
4418 if (ciphers) {
4419 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4420 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4421 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4422 if (strstr(cipher_description, dhe_description) != NULL ||
4423 strstr(cipher_description, dhe_export_description) != NULL) {
4424 dhe_found = 1;
4425 break;
4426 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004427 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004428 }
4429 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004430 SSL_free(ssl);
4431 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004432 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004433
Lukas Tribus90132722014-08-18 00:56:33 +02004434 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004435 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004436 }
4437
Willy Tarreauef934602016-12-22 23:12:01 +01004438 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004439 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004440
Willy Tarreauef934602016-12-22 23:12:01 +01004441 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004442 if (local_dh_1024 == NULL) {
4443 local_dh_1024 = ssl_get_dh_1024();
4444 }
Willy Tarreauef934602016-12-22 23:12:01 +01004445 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004446 if (local_dh_2048 == NULL) {
4447 local_dh_2048 = ssl_get_dh_2048();
4448 }
Willy Tarreauef934602016-12-22 23:12:01 +01004449 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004450 if (local_dh_4096 == NULL) {
4451 local_dh_4096 = ssl_get_dh_4096();
4452 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004453 }
4454 }
4455 }
4456#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004457
Emeric Brunfc0421f2012-09-07 17:30:07 +02004458 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004459#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004460 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004461#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004462
Bernard Spil13c53f82018-02-15 13:34:58 +01004463#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004464 ssl_conf_cur = NULL;
4465 if (ssl_conf && ssl_conf->npn_str)
4466 ssl_conf_cur = ssl_conf;
4467 else if (bind_conf->ssl_conf.npn_str)
4468 ssl_conf_cur = &bind_conf->ssl_conf;
4469 if (ssl_conf_cur)
4470 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004471#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004472#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004473 ssl_conf_cur = NULL;
4474 if (ssl_conf && ssl_conf->alpn_str)
4475 ssl_conf_cur = ssl_conf;
4476 else if (bind_conf->ssl_conf.alpn_str)
4477 ssl_conf_cur = &bind_conf->ssl_conf;
4478 if (ssl_conf_cur)
4479 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004480#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004481#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004482 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4483 if (conf_curves) {
4484 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004485 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4486 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004487 cfgerr++;
4488 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004489#if defined(SSL_CTX_set_ecdh_auto)
4490 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4491#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004492 }
4493#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004494#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004495 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004496 int i;
4497 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004498#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004499 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004500 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4501 NULL);
4502
4503 if (ecdhe == NULL) {
4504 SSL_CTX_set_dh_auto(ctx, 1);
4505 return cfgerr;
4506 }
4507#else
4508 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4509 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4510 ECDHE_DEFAULT_CURVE);
4511#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004512
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004513 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004514 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004515 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4516 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004517 cfgerr++;
4518 }
4519 else {
4520 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4521 EC_KEY_free(ecdh);
4522 }
4523 }
4524#endif
4525
Emeric Brunfc0421f2012-09-07 17:30:07 +02004526 return cfgerr;
4527}
4528
Evan Broderbe554312013-06-27 00:05:25 -07004529static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4530{
4531 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4532 size_t prefixlen, suffixlen;
4533
4534 /* Trivial case */
4535 if (strcmp(pattern, hostname) == 0)
4536 return 1;
4537
Evan Broderbe554312013-06-27 00:05:25 -07004538 /* The rest of this logic is based on RFC 6125, section 6.4.3
4539 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4540
Emeric Bruna848dae2013-10-08 11:27:28 +02004541 pattern_wildcard = NULL;
4542 pattern_left_label_end = pattern;
4543 while (*pattern_left_label_end != '.') {
4544 switch (*pattern_left_label_end) {
4545 case 0:
4546 /* End of label not found */
4547 return 0;
4548 case '*':
4549 /* If there is more than one wildcards */
4550 if (pattern_wildcard)
4551 return 0;
4552 pattern_wildcard = pattern_left_label_end;
4553 break;
4554 }
4555 pattern_left_label_end++;
4556 }
4557
4558 /* If it's not trivial and there is no wildcard, it can't
4559 * match */
4560 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004561 return 0;
4562
4563 /* Make sure all labels match except the leftmost */
4564 hostname_left_label_end = strchr(hostname, '.');
4565 if (!hostname_left_label_end
4566 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4567 return 0;
4568
4569 /* Make sure the leftmost label of the hostname is long enough
4570 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004571 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004572 return 0;
4573
4574 /* Finally compare the string on either side of the
4575 * wildcard */
4576 prefixlen = pattern_wildcard - pattern;
4577 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004578 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4579 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004580 return 0;
4581
4582 return 1;
4583}
4584
4585static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4586{
4587 SSL *ssl;
4588 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004589 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004590 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004591 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004592
4593 int depth;
4594 X509 *cert;
4595 STACK_OF(GENERAL_NAME) *alt_names;
4596 int i;
4597 X509_NAME *cert_subject;
4598 char *str;
4599
4600 if (ok == 0)
4601 return ok;
4602
4603 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004604 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004605 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004606
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004607 /* We're checking if the provided hostnames match the desired one. The
4608 * desired hostname comes from the SNI we presented if any, or if not
4609 * provided then it may have been explicitly stated using a "verifyhost"
4610 * directive. If neither is set, we don't care about the name so the
4611 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004612 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004613 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004614 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004615 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004616 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004617 if (!servername)
4618 return ok;
4619 }
Evan Broderbe554312013-06-27 00:05:25 -07004620
4621 /* We only need to verify the CN on the actual server cert,
4622 * not the indirect CAs */
4623 depth = X509_STORE_CTX_get_error_depth(ctx);
4624 if (depth != 0)
4625 return ok;
4626
4627 /* At this point, the cert is *not* OK unless we can find a
4628 * hostname match */
4629 ok = 0;
4630
4631 cert = X509_STORE_CTX_get_current_cert(ctx);
4632 /* It seems like this might happen if verify peer isn't set */
4633 if (!cert)
4634 return ok;
4635
4636 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4637 if (alt_names) {
4638 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4639 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4640 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004641#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02004642 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4643#else
Evan Broderbe554312013-06-27 00:05:25 -07004644 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004645#endif
Evan Broderbe554312013-06-27 00:05:25 -07004646 ok = ssl_sock_srv_hostcheck(str, servername);
4647 OPENSSL_free(str);
4648 }
4649 }
4650 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004651 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004652 }
4653
4654 cert_subject = X509_get_subject_name(cert);
4655 i = -1;
4656 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4657 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004658 ASN1_STRING *value;
4659 value = X509_NAME_ENTRY_get_data(entry);
4660 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004661 ok = ssl_sock_srv_hostcheck(str, servername);
4662 OPENSSL_free(str);
4663 }
4664 }
4665
Willy Tarreau71d058c2017-07-26 20:09:56 +02004666 /* report the mismatch and indicate if SNI was used or not */
4667 if (!ok && !conn->err_code)
4668 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004669 return ok;
4670}
4671
Emeric Brun94324a42012-10-11 14:00:19 +02004672/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004673int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004674{
Willy Tarreau03209342016-12-22 17:08:28 +01004675 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004676 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004677 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004678 SSL_OP_ALL | /* all known workarounds for bugs */
4679 SSL_OP_NO_SSLv2 |
4680 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004681 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004682 SSL_MODE_ENABLE_PARTIAL_WRITE |
4683 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004684 SSL_MODE_RELEASE_BUFFERS |
4685 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004686 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004687 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004688 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004689 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004690 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004691
Thierry Fournier383085f2013-01-24 14:15:43 +01004692 /* Make sure openssl opens /dev/urandom before the chroot */
4693 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004694 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004695 cfgerr++;
4696 }
4697
Willy Tarreaufce03112015-01-15 21:32:40 +01004698 /* Automatic memory computations need to know we use SSL there */
4699 global.ssl_used_backend = 1;
4700
4701 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004702 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004703 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004704 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4705 curproxy->id, srv->id,
4706 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004707 cfgerr++;
4708 return cfgerr;
4709 }
4710 }
Emeric Brun94324a42012-10-11 14:00:19 +02004711 if (srv->use_ssl)
4712 srv->xprt = &ssl_sock;
4713 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004714 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004715
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004716 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004717 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004718 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4719 proxy_type_str(curproxy), curproxy->id,
4720 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004721 cfgerr++;
4722 return cfgerr;
4723 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004724
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004725 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004726 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4727 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4728 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004729 else
4730 flags = conf_ssl_methods->flags;
4731
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004732 /* Real min and max should be determinate with configuration and openssl's capabilities */
4733 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004734 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004735 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004736 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004737
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004738 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004739 min = max = CONF_TLSV_NONE;
4740 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004741 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004742 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004743 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004744 if (min) {
4745 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004746 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4747 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4748 proxy_type_str(curproxy), curproxy->id, srv->id,
4749 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004750 hole = 0;
4751 }
4752 max = i;
4753 }
4754 else {
4755 min = max = i;
4756 }
4757 }
4758 else {
4759 if (min)
4760 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004761 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004762 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004763 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4764 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004765 cfgerr += 1;
4766 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004767
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004768#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004769 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004770 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004771 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004772 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004773 else
4774 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4775 if (flags & methodVersions[i].flag)
4776 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004777#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004778 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004779 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4780 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004781#endif
4782
4783 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4784 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004785 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004786
Willy Tarreau5db847a2019-05-09 14:13:35 +02004787#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004788 if (global_ssl.async)
4789 mode |= SSL_MODE_ASYNC;
4790#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004791 SSL_CTX_set_mode(ctx, mode);
4792 srv->ssl_ctx.ctx = ctx;
4793
Emeric Bruna7aa3092012-10-26 12:58:00 +02004794 if (srv->ssl_ctx.client_crt) {
4795 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004796 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4797 proxy_type_str(curproxy), curproxy->id,
4798 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004799 cfgerr++;
4800 }
4801 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004802 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4803 proxy_type_str(curproxy), curproxy->id,
4804 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004805 cfgerr++;
4806 }
4807 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004808 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4809 proxy_type_str(curproxy), curproxy->id,
4810 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004811 cfgerr++;
4812 }
4813 }
Emeric Brun94324a42012-10-11 14:00:19 +02004814
Emeric Brun850efd52014-01-29 12:24:34 +01004815 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4816 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004817 switch (srv->ssl_ctx.verify) {
4818 case SSL_SOCK_VERIFY_NONE:
4819 verify = SSL_VERIFY_NONE;
4820 break;
4821 case SSL_SOCK_VERIFY_REQUIRED:
4822 verify = SSL_VERIFY_PEER;
4823 break;
4824 }
Evan Broderbe554312013-06-27 00:05:25 -07004825 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004826 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004827 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004828 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004829 if (srv->ssl_ctx.ca_file) {
4830 /* load CAfile to verify */
4831 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004832 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4833 curproxy->id, srv->id,
4834 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004835 cfgerr++;
4836 }
4837 }
Emeric Brun850efd52014-01-29 12:24:34 +01004838 else {
4839 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004840 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4841 curproxy->id, srv->id,
4842 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004843 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004844 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4845 curproxy->id, srv->id,
4846 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004847 cfgerr++;
4848 }
Emeric Brunef42d922012-10-11 16:11:36 +02004849#ifdef X509_V_FLAG_CRL_CHECK
4850 if (srv->ssl_ctx.crl_file) {
4851 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4852
4853 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004854 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4855 curproxy->id, srv->id,
4856 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004857 cfgerr++;
4858 }
4859 else {
4860 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4861 }
4862 }
4863#endif
4864 }
4865
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004866 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4867 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4868 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004869 if (srv->ssl_ctx.ciphers &&
4870 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004871 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4872 curproxy->id, srv->id,
4873 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004874 cfgerr++;
4875 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004876
Willy Tarreau5db847a2019-05-09 14:13:35 +02004877#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004878 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004879 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004880 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4881 curproxy->id, srv->id,
4882 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4883 cfgerr++;
4884 }
4885#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004886#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4887 if (srv->ssl_ctx.npn_str)
4888 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4889#endif
4890#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4891 if (srv->ssl_ctx.alpn_str)
4892 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4893#endif
4894
Emeric Brun94324a42012-10-11 14:00:19 +02004895
4896 return cfgerr;
4897}
4898
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004899/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004900 * be NULL, in which case nothing is done. Returns the number of errors
4901 * encountered.
4902 */
Willy Tarreau03209342016-12-22 17:08:28 +01004903int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004904{
4905 struct ebmb_node *node;
4906 struct sni_ctx *sni;
4907 int err = 0;
4908
Willy Tarreaufce03112015-01-15 21:32:40 +01004909 /* Automatic memory computations need to know we use SSL there */
4910 global.ssl_used_frontend = 1;
4911
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004912 /* Make sure openssl opens /dev/urandom before the chroot */
4913 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004914 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004915 err++;
4916 }
4917 /* Create initial_ctx used to start the ssl connection before do switchctx */
4918 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004919 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004920 /* It should not be necessary to call this function, but it's
4921 necessary first to check and move all initialisation related
4922 to initial_ctx in ssl_sock_initial_ctx. */
4923 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4924 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004925 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004926 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004927
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004928 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004929 while (node) {
4930 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004931 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4932 /* only initialize the CTX on its first occurrence and
4933 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004934 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004935 node = ebmb_next(node);
4936 }
4937
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004938 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004939 while (node) {
4940 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004941 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4942 /* only initialize the CTX on its first occurrence and
4943 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004944 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004945 node = ebmb_next(node);
4946 }
4947 return err;
4948}
4949
Willy Tarreau55d37912016-12-21 23:38:39 +01004950/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4951 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4952 * alerts are directly emitted since the rest of the stack does it below.
4953 */
4954int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4955{
4956 struct proxy *px = bind_conf->frontend;
4957 int alloc_ctx;
4958 int err;
4959
4960 if (!bind_conf->is_ssl) {
4961 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004962 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4963 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004964 }
4965 return 0;
4966 }
4967 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004968 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004969 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4970 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004971 }
4972 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004973 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4974 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004975 return -1;
4976 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004977 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004978 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004979 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02004980 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01004981 sizeof(*sh_ssl_sess_tree),
4982 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02004983 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004984 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4985 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4986 else
4987 ha_alert("Unable to allocate SSL session cache.\n");
4988 return -1;
4989 }
4990 /* free block callback */
4991 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4992 /* init the root tree within the extra space */
4993 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4994 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004995 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004996 err = 0;
4997 /* initialize all certificate contexts */
4998 err += ssl_sock_prepare_all_ctx(bind_conf);
4999
5000 /* initialize CA variables if the certificates generation is enabled */
5001 err += ssl_sock_load_ca(bind_conf);
5002
5003 return -err;
5004}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005005
5006/* release ssl context allocated for servers. */
5007void ssl_sock_free_srv_ctx(struct server *srv)
5008{
Olivier Houchardc7566002018-11-20 23:33:50 +01005009#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5010 if (srv->ssl_ctx.alpn_str)
5011 free(srv->ssl_ctx.alpn_str);
5012#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005013#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005014 if (srv->ssl_ctx.npn_str)
5015 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005016#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005017 if (srv->ssl_ctx.ctx)
5018 SSL_CTX_free(srv->ssl_ctx.ctx);
5019}
5020
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005021/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005022 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5023 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005024void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005025{
5026 struct ebmb_node *node, *back;
5027 struct sni_ctx *sni;
5028
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005029 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005030 while (node) {
5031 sni = ebmb_entry(node, struct sni_ctx, name);
5032 back = ebmb_next(node);
5033 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005034 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005035 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005036 ssl_sock_free_ssl_conf(sni->conf);
5037 free(sni->conf);
5038 sni->conf = NULL;
5039 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005040 free(sni);
5041 node = back;
5042 }
5043
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005044 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005045 while (node) {
5046 sni = ebmb_entry(node, struct sni_ctx, name);
5047 back = ebmb_next(node);
5048 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005049 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005050 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005051 ssl_sock_free_ssl_conf(sni->conf);
5052 free(sni->conf);
5053 sni->conf = NULL;
5054 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005055 free(sni);
5056 node = back;
5057 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005058 SSL_CTX_free(bind_conf->initial_ctx);
5059 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005060 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005061 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005062}
5063
Willy Tarreau795cdab2016-12-22 17:30:54 +01005064/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5065void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5066{
5067 ssl_sock_free_ca(bind_conf);
5068 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005069 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005070 free(bind_conf->ca_sign_file);
5071 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005072 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005073 free(bind_conf->keys_ref->filename);
5074 free(bind_conf->keys_ref->tlskeys);
5075 LIST_DEL(&bind_conf->keys_ref->list);
5076 free(bind_conf->keys_ref);
5077 }
5078 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005079 bind_conf->ca_sign_pass = NULL;
5080 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005081}
5082
Christopher Faulet31af49d2015-06-09 17:29:50 +02005083/* Load CA cert file and private key used to generate certificates */
5084int
Willy Tarreau03209342016-12-22 17:08:28 +01005085ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005086{
Willy Tarreau03209342016-12-22 17:08:28 +01005087 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005088 FILE *fp;
5089 X509 *cacert = NULL;
5090 EVP_PKEY *capkey = NULL;
5091 int err = 0;
5092
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005093 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005094 return err;
5095
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005096#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005097 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005098 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005099 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005100 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005101 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005102#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005103
Christopher Faulet31af49d2015-06-09 17:29:50 +02005104 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005105 ha_alert("Proxy '%s': cannot enable certificate generation, "
5106 "no CA certificate File configured at [%s:%d].\n",
5107 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005108 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005109 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005110
5111 /* read in the CA certificate */
5112 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005113 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5114 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005115 goto load_error;
5116 }
5117 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005118 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5119 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005120 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005121 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005122 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005123 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005124 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5125 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005126 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005127 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005128
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005129 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005130 bind_conf->ca_sign_cert = cacert;
5131 bind_conf->ca_sign_pkey = capkey;
5132 return err;
5133
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005134 read_error:
5135 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005136 if (capkey) EVP_PKEY_free(capkey);
5137 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005138 load_error:
5139 bind_conf->generate_certs = 0;
5140 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005141 return err;
5142}
5143
5144/* Release CA cert and private key used to generate certificated */
5145void
5146ssl_sock_free_ca(struct bind_conf *bind_conf)
5147{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005148 if (bind_conf->ca_sign_pkey)
5149 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5150 if (bind_conf->ca_sign_cert)
5151 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005152 bind_conf->ca_sign_pkey = NULL;
5153 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005154}
5155
Emeric Brun46591952012-05-18 15:47:34 +02005156/*
5157 * This function is called if SSL * context is not yet allocated. The function
5158 * is designed to be called before any other data-layer operation and sets the
5159 * handshake flag on the connection. It is safe to call it multiple times.
5160 * It returns 0 on success and -1 in error case.
5161 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005162static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005163{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005164 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005165 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005166 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005167 return 0;
5168
Willy Tarreau3c728722014-01-23 13:50:42 +01005169 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005170 return 0;
5171
Olivier Houchard66ab4982019-02-26 18:37:15 +01005172 ctx = pool_alloc(ssl_sock_ctx_pool);
5173 if (!ctx) {
5174 conn->err_code = CO_ER_SSL_NO_MEM;
5175 return -1;
5176 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005177 ctx->sent_early_data = 0;
5178 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005179 ctx->conn = conn;
5180
5181 /* Only work with sockets for now, this should be adapted when we'll
5182 * add QUIC support.
5183 */
5184 ctx->xprt = xprt_get(XPRT_RAW);
5185 if (ctx->xprt->init)
5186 ctx->xprt->init(conn, &ctx->xprt_ctx);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005187
Willy Tarreau20879a02012-12-03 16:32:10 +01005188 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5189 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02005190 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005191 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005192
Emeric Brun46591952012-05-18 15:47:34 +02005193 /* If it is in client mode initiate SSL session
5194 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005195 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005196 int may_retry = 1;
5197
5198 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005199 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005200 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5201 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005202 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005203 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005204 goto retry_connect;
5205 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005206 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005207 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005208 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005209 ctx->bio = BIO_new(ha_meth);
5210 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005211 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005212 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005213 goto retry_connect;
5214 }
Emeric Brun55476152014-11-12 17:35:37 +01005215 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005216 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005217 }
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005218#if HA_OPENSSL_VERSION_NUMBER < 0x10100000
Olivier Houcharda8955d52019-04-07 22:00:38 +02005219 ctx->bio->ptr = ctx;
5220#else
5221 BIO_set_data(ctx->bio, ctx);
5222#endif
5223 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005224
Evan Broderbe554312013-06-27 00:05:25 -07005225 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005226 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5227 SSL_free(ctx->ssl);
5228 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005229 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005230 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005231 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005232 goto retry_connect;
5233 }
Emeric Brun55476152014-11-12 17:35:37 +01005234 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005235 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005236 }
5237
Olivier Houchard66ab4982019-02-26 18:37:15 +01005238 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005239 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5240 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5241 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005242 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005243 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005244 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5245 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005246 } else if (sess) {
5247 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005248 }
5249 }
Evan Broderbe554312013-06-27 00:05:25 -07005250
Emeric Brun46591952012-05-18 15:47:34 +02005251 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005252 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005253
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005254 _HA_ATOMIC_ADD(&sslconns, 1);
5255 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005256 *xprt_ctx = ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005257 return 0;
5258 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005259 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005260 int may_retry = 1;
5261
5262 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005263 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005264 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5265 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005266 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005267 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005268 goto retry_accept;
5269 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005270 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005271 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005272 }
Emeric Brun46591952012-05-18 15:47:34 +02005273
Olivier Houcharda8955d52019-04-07 22:00:38 +02005274 ctx->bio = BIO_new(ha_meth);
5275 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005276 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005277 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005278 goto retry_accept;
5279 }
Emeric Brun55476152014-11-12 17:35:37 +01005280 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005281 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005282 }
Willy Tarreau9a1ab082019-05-09 13:26:41 +02005283#if HA_OPENSSL_VERSION_NUMBER < 0x10100000
Olivier Houcharda8955d52019-04-07 22:00:38 +02005284 ctx->bio->ptr = ctx;
5285#else
5286 BIO_set_data(ctx->bio, ctx);
5287#endif
5288 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005289
Emeric Brune1f38db2012-09-03 20:36:47 +02005290 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005291 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5292 SSL_free(ctx->ssl);
5293 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005294 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005295 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005296 goto retry_accept;
5297 }
Emeric Brun55476152014-11-12 17:35:37 +01005298 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005299 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005300 }
5301
Olivier Houchard66ab4982019-02-26 18:37:15 +01005302 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005303
Emeric Brun46591952012-05-18 15:47:34 +02005304 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005305 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005306#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005307 conn->flags |= CO_FL_EARLY_SSL_HS;
5308#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005309
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005310 _HA_ATOMIC_ADD(&sslconns, 1);
5311 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005312 *xprt_ctx = ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005313 return 0;
5314 }
5315 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005316 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005317err:
5318 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005319 return -1;
5320}
5321
5322
5323/* This is the callback which is used when an SSL handshake is pending. It
5324 * updates the FD status if it wants some polling before being called again.
5325 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5326 * otherwise it returns non-zero and removes itself from the connection's
5327 * flags (the bit is provided in <flag> by the caller).
5328 */
5329int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5330{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005331 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005332 int ret;
5333
Willy Tarreau3c728722014-01-23 13:50:42 +01005334 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005335 return 0;
5336
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005337 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005338 goto out_error;
5339
Willy Tarreau5db847a2019-05-09 14:13:35 +02005340#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005341 /*
5342 * Check if we have early data. If we do, we have to read them
5343 * before SSL_do_handshake() is called, And there's no way to
5344 * detect early data, except to try to read them
5345 */
5346 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5347 size_t read_data;
5348
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005349 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005350 1, &read_data);
5351 if (ret == SSL_READ_EARLY_DATA_ERROR)
5352 goto check_error;
5353 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5354 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5355 return 1;
5356 } else
5357 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5358 }
5359#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005360 /* If we use SSL_do_handshake to process a reneg initiated by
5361 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5362 * Usually SSL_write and SSL_read are used and process implicitly
5363 * the reneg handshake.
5364 * Here we use SSL_peek as a workaround for reneg.
5365 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005366 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005367 char c;
5368
Olivier Houchard66ab4982019-02-26 18:37:15 +01005369 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005370 if (ret <= 0) {
5371 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005372 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005373
Emeric Brun674b7432012-11-08 19:21:55 +01005374 if (ret == SSL_ERROR_WANT_WRITE) {
5375 /* SSL handshake needs to write, L4 connection may not be ready */
5376 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005377 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005378 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005379 return 0;
5380 }
5381 else if (ret == SSL_ERROR_WANT_READ) {
5382 /* handshake may have been completed but we have
5383 * no more data to read.
5384 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005385 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005386 ret = 1;
5387 goto reneg_ok;
5388 }
5389 /* SSL handshake needs to read, L4 connection is ready */
5390 if (conn->flags & CO_FL_WAIT_L4_CONN)
5391 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5392 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005393 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005394 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005395 return 0;
5396 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005397#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005398 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005399 ssl_async_process_fds(conn, ctx->ssl);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005400 return 0;
5401 }
5402#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005403 else if (ret == SSL_ERROR_SYSCALL) {
5404 /* if errno is null, then connection was successfully established */
5405 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5406 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005407 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005408#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005409 conn->err_code = CO_ER_SSL_HANDSHAKE;
5410#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005411 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005412#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005413 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005414 empty_handshake = state == TLS_ST_BEFORE;
5415#else
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005416 empty_handshake = SSL_state((SSL *)ctx->ssl) == SSL_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005417#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005418 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005419 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005420 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005421 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5422 else
5423 conn->err_code = CO_ER_SSL_EMPTY;
5424 }
5425 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005426 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005427 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5428 else
5429 conn->err_code = CO_ER_SSL_ABORT;
5430 }
5431 }
5432 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005433 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005434 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005435 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005436 conn->err_code = CO_ER_SSL_HANDSHAKE;
5437 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005438#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005439 }
Emeric Brun674b7432012-11-08 19:21:55 +01005440 goto out_error;
5441 }
5442 else {
5443 /* Fail on all other handshake errors */
5444 /* Note: OpenSSL may leave unread bytes in the socket's
5445 * buffer, causing an RST to be emitted upon close() on
5446 * TCP sockets. We first try to drain possibly pending
5447 * data to avoid this as much as possible.
5448 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005449 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005450 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005451 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005452 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005453 goto out_error;
5454 }
5455 }
5456 /* read some data: consider handshake completed */
5457 goto reneg_ok;
5458 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005459 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005460check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005461 if (ret != 1) {
5462 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005463 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005464
5465 if (ret == SSL_ERROR_WANT_WRITE) {
5466 /* SSL handshake needs to write, L4 connection may not be ready */
5467 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005468 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005469 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005470 return 0;
5471 }
5472 else if (ret == SSL_ERROR_WANT_READ) {
5473 /* SSL handshake needs to read, L4 connection is ready */
5474 if (conn->flags & CO_FL_WAIT_L4_CONN)
5475 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5476 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005477 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005478 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005479 return 0;
5480 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005481#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005482 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005483 ssl_async_process_fds(conn, ctx->ssl);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005484 return 0;
5485 }
5486#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005487 else if (ret == SSL_ERROR_SYSCALL) {
5488 /* if errno is null, then connection was successfully established */
5489 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5490 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005491 if (!conn->err_code) {
Emeric Brun77e89192018-08-16 11:36:40 +02005492#ifdef OPENSSL_IS_BORINGSSL /* BoringSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005493 conn->err_code = CO_ER_SSL_HANDSHAKE;
5494#else
5495 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005496#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005497 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005498 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005499#else
Ilya Shipitsin54832b92019-05-05 23:27:54 +05005500 empty_handshake = SSL_state((SSL *)ctx->ssl) == SSL_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005501#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005502 if (empty_handshake) {
5503 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005504 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005505 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5506 else
5507 conn->err_code = CO_ER_SSL_EMPTY;
5508 }
5509 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005510 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005511 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5512 else
5513 conn->err_code = CO_ER_SSL_ABORT;
5514 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005515 }
5516 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005517 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005518 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5519 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005520 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005521 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005522#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005523 }
Willy Tarreau89230192012-09-28 20:22:13 +02005524 goto out_error;
5525 }
Emeric Brun46591952012-05-18 15:47:34 +02005526 else {
5527 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005528 /* Note: OpenSSL may leave unread bytes in the socket's
5529 * buffer, causing an RST to be emitted upon close() on
5530 * TCP sockets. We first try to drain possibly pending
5531 * data to avoid this as much as possible.
5532 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005533 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005534 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005535 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005536 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005537 goto out_error;
5538 }
5539 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005540#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01005541 else {
5542 /*
5543 * If the server refused the early data, we have to send a
5544 * 425 to the client, as we no longer have the data to sent
5545 * them again.
5546 */
5547 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005548 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005549 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5550 goto out_error;
5551 }
5552 }
5553 }
5554#endif
5555
Emeric Brun46591952012-05-18 15:47:34 +02005556
Emeric Brun674b7432012-11-08 19:21:55 +01005557reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005558
Willy Tarreau5db847a2019-05-09 14:13:35 +02005559#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005560 /* ASYNC engine API doesn't support moving read/write
5561 * buffers. So we disable ASYNC mode right after
5562 * the handshake to avoid buffer oveflows.
5563 */
5564 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005565 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005566#endif
Emeric Brun46591952012-05-18 15:47:34 +02005567 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005568 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005569 if (objt_server(conn->target)) {
5570 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5571 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5572 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005573 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005574 else {
5575 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5576 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5577 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5578 }
Emeric Brun46591952012-05-18 15:47:34 +02005579 }
5580
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005581#ifdef OPENSSL_IS_BORINGSSL
Olivier Houchard66ab4982019-02-26 18:37:15 +01005582 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(ctx->ssl))
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005583 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5584#endif
Emeric Brun46591952012-05-18 15:47:34 +02005585 /* The connection is now established at both layers, it's time to leave */
5586 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5587 return 1;
5588
5589 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005590 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005591 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005592 ERR_clear_error();
5593
Emeric Brun9fa89732012-10-04 17:09:56 +02005594 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005595 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5596 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5597 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005598 }
5599
Emeric Brun46591952012-05-18 15:47:34 +02005600 /* Fail on all other handshake errors */
5601 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005602 if (!conn->err_code)
5603 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005604 return 0;
5605}
5606
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005607static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005608{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005609
5610 return conn_subscribe(conn, NULL, event_type, param);
Olivier Houcharddf357842019-03-21 16:30:07 +01005611}
5612
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005613static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005614{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005615
5616 return conn_unsubscribe(conn, NULL, event_type, param);
Olivier Houcharddf357842019-03-21 16:30:07 +01005617}
5618
Emeric Brun46591952012-05-18 15:47:34 +02005619/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005620 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005621 * buffer wraps, in which case a second call may be performed. The connection's
5622 * flags are updated with whatever special event is detected (error, read0,
5623 * empty). The caller is responsible for taking care of those events and
5624 * avoiding the call if inappropriate. The function does not call the
5625 * connection's polling update function, so the caller is responsible for this.
5626 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005627static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005628{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005629 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005630 ssize_t ret;
5631 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005632
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005633 conn_refresh_polling_flags(conn);
5634
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005635 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005636 goto out_error;
5637
5638 if (conn->flags & CO_FL_HANDSHAKE)
5639 /* a handshake was requested */
5640 return 0;
5641
Emeric Brun46591952012-05-18 15:47:34 +02005642 /* read the largest possible block. For this, we perform only one call
5643 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5644 * in which case we accept to do it once again. A new attempt is made on
5645 * EINTR too.
5646 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005647 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005648 int need_out = 0;
5649
Willy Tarreau591d4452018-06-15 17:21:00 +02005650 try = b_contig_space(buf);
5651 if (!try)
5652 break;
5653
Willy Tarreauabf08d92014-01-14 11:31:27 +01005654 if (try > count)
5655 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005656
Olivier Houchardc2aae742017-09-22 18:26:28 +02005657 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005658 ctx->tmp_early_data != -1) {
5659 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005660 done++;
5661 try--;
5662 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005663 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005664 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005665 continue;
5666 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005667
Willy Tarreau5db847a2019-05-09 14:13:35 +02005668#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005669 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5670 size_t read_length;
5671
Olivier Houchard66ab4982019-02-26 18:37:15 +01005672 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005673 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005674 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5675 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005676 conn->flags |= CO_FL_EARLY_DATA;
5677 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5678 ret == SSL_READ_EARLY_DATA_FINISH) {
5679 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5680 /*
5681 * We're done reading the early data,
5682 * let's make the handshake
5683 */
5684 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5685 conn->flags |= CO_FL_SSL_WAIT_HS;
5686 need_out = 1;
5687 if (read_length == 0)
5688 break;
5689 }
5690 ret = read_length;
5691 }
5692 } else
5693#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005694 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005695#ifdef OPENSSL_IS_BORINGSSL
5696 if (conn->flags & CO_FL_EARLY_SSL_HS) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005697 if (SSL_in_early_data(ctx->ssl)) {
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005698 if (ret > 0)
5699 conn->flags |= CO_FL_EARLY_DATA;
5700 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005701 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005702 }
5703 }
5704#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005705 if (conn->flags & CO_FL_ERROR) {
5706 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005707 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005708 }
Emeric Brun46591952012-05-18 15:47:34 +02005709 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005710 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005711 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005712 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005713 }
Emeric Brun46591952012-05-18 15:47:34 +02005714 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005715 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005716 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005717 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005718 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005719 __conn_sock_want_send(conn);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005720#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005721 /* Async mode can be re-enabled, because we're leaving data state.*/
5722 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005723 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005724#endif
Emeric Brun46591952012-05-18 15:47:34 +02005725 break;
5726 }
5727 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005728 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005729 /* handshake is running, and it may need to re-enable read */
5730 conn->flags |= CO_FL_SSL_WAIT_HS;
5731 __conn_sock_want_recv(conn);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005732#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005733 /* Async mode can be re-enabled, because we're leaving data state.*/
5734 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005735 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005736#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005737 break;
5738 }
Emeric Brun46591952012-05-18 15:47:34 +02005739 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005740 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005741 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005742 } else if (ret == SSL_ERROR_ZERO_RETURN)
5743 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005744 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5745 * stack before shutting down the connection for
5746 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005747 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5748 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005749 /* otherwise it's a real error */
5750 goto out_error;
5751 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005752 if (need_out)
5753 break;
Emeric Brun46591952012-05-18 15:47:34 +02005754 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005755 leave:
5756 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005757 return done;
5758
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005759 clear_ssl_error:
5760 /* Clear openssl global errors stack */
5761 ssl_sock_dump_errors(conn);
5762 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005763 read0:
5764 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005765 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005766
Emeric Brun46591952012-05-18 15:47:34 +02005767 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005768 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005769 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005770 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005771 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005772 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005773}
5774
5775
Willy Tarreau787db9a2018-06-14 18:31:46 +02005776/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5777 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5778 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005779 * Only one call to send() is performed, unless the buffer wraps, in which case
5780 * a second call may be performed. The connection's flags are updated with
5781 * whatever special event is detected (error, empty). The caller is responsible
5782 * for taking care of those events and avoiding the call if inappropriate. The
5783 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005784 * is responsible for this. The buffer's output is not adjusted, it's up to the
5785 * caller to take care of this. It's up to the caller to update the buffer's
5786 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005787 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005788static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005789{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005790 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005791 ssize_t ret;
5792 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005793
5794 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005795 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005796
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005797 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005798 goto out_error;
5799
Olivier Houchard010941f2019-05-03 20:56:19 +02005800 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02005801 /* a handshake was requested */
5802 return 0;
5803
5804 /* send the largest possible block. For this we perform only one call
5805 * to send() unless the buffer wraps and we exactly fill the first hunk,
5806 * in which case we accept to do it once again.
5807 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005808 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02005809#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005810 size_t written_data;
5811#endif
5812
Willy Tarreau787db9a2018-06-14 18:31:46 +02005813 try = b_contig_data(buf, done);
5814 if (try > count)
5815 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005816
Willy Tarreau7bed9452014-02-02 02:00:24 +01005817 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005818 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005819 global_ssl.max_record && try > global_ssl.max_record) {
5820 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005821 }
5822 else {
5823 /* we need to keep the information about the fact that
5824 * we're not limiting the upcoming send(), because if it
5825 * fails, we'll have to retry with at least as many data.
5826 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005827 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005828 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005829
Willy Tarreau5db847a2019-05-09 14:13:35 +02005830#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02005831 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005832 unsigned int max_early;
5833
Olivier Houchard522eea72017-11-03 16:27:47 +01005834 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01005835 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01005836 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005837 if (SSL_get0_session(ctx->ssl))
5838 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01005839 else
5840 max_early = 0;
5841 }
5842
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005843 if (try + ctx->sent_early_data > max_early) {
5844 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005845 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02005846 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005847 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005848 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005849 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005850 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005851 if (ret == 1) {
5852 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005853 ctx->sent_early_data += ret;
Olivier Houchard010941f2019-05-03 20:56:19 +02005854 if (objt_server(conn->target))
Olivier Houchard522eea72017-11-03 16:27:47 +01005855 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard522eea72017-11-03 16:27:47 +01005856
Olivier Houchardc2aae742017-09-22 18:26:28 +02005857 }
5858
5859 } else
5860#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005861 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005862
Emeric Brune1f38db2012-09-03 20:36:47 +02005863 if (conn->flags & CO_FL_ERROR) {
5864 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005865 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005866 }
Emeric Brun46591952012-05-18 15:47:34 +02005867 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01005868 /* A send succeeded, so we can consier ourself connected */
5869 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005870 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005871 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005872 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005873 }
5874 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005875 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005876
Emeric Brun46591952012-05-18 15:47:34 +02005877 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005878 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005879 /* handshake is running, and it may need to re-enable write */
5880 conn->flags |= CO_FL_SSL_WAIT_HS;
5881 __conn_sock_want_send(conn);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005882#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005883 /* Async mode can be re-enabled, because we're leaving data state.*/
5884 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005885 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005886#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005887 break;
5888 }
Emeric Brun46591952012-05-18 15:47:34 +02005889 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005890 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005891 break;
5892 }
5893 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005894 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005895 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005896 __conn_sock_want_recv(conn);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005897#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005898 /* Async mode can be re-enabled, because we're leaving data state.*/
5899 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005900 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005901#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005902 break;
5903 }
Emeric Brun46591952012-05-18 15:47:34 +02005904 goto out_error;
5905 }
5906 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005907 leave:
5908 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005909 return done;
5910
5911 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005912 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005913 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005914 ERR_clear_error();
5915
Emeric Brun46591952012-05-18 15:47:34 +02005916 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005917 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005918}
5919
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005920static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02005921
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005922 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005923
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005924 if (ctx) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02005925#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005926 if (global_ssl.async) {
5927 OSSL_ASYNC_FD all_fd[32], afd;
5928 size_t num_all_fds = 0;
5929 int i;
5930
Olivier Houchard66ab4982019-02-26 18:37:15 +01005931 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02005932 if (num_all_fds > 32) {
5933 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5934 return;
5935 }
5936
Olivier Houchard66ab4982019-02-26 18:37:15 +01005937 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02005938
5939 /* If an async job is pending, we must try to
5940 to catch the end using polling before calling
5941 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005942 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02005943 for (i=0 ; i < num_all_fds ; i++) {
5944 /* switch on an handler designed to
5945 * handle the SSL_free
5946 */
5947 afd = all_fd[i];
5948 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005949 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02005950 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005951 /* To ensure that the fd cache won't be used
5952 * and we'll catch a real RD event.
5953 */
5954 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005955 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005956 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005957 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005958 return;
5959 }
Emeric Brun3854e012017-05-17 20:42:48 +02005960 /* Else we can remove the fds from the fdtab
5961 * and call SSL_free.
5962 * note: we do a fd_remove and not a delete
5963 * because the fd is owned by the engine.
5964 * the engine is responsible to close
5965 */
5966 for (i=0 ; i < num_all_fds ; i++)
5967 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005968 }
5969#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005970 SSL_free(ctx->ssl);
5971 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005972 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005973 }
Emeric Brun46591952012-05-18 15:47:34 +02005974}
5975
5976/* This function tries to perform a clean shutdown on an SSL connection, and in
5977 * any case, flags the connection as reusable if no handshake was in progress.
5978 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005979static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02005980{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005981 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005982
Emeric Brun46591952012-05-18 15:47:34 +02005983 if (conn->flags & CO_FL_HANDSHAKE)
5984 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005985 if (!clean)
5986 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005987 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005988 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005989 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005990 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005991 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005992 ERR_clear_error();
5993 }
Emeric Brun46591952012-05-18 15:47:34 +02005994}
5995
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005996/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02005997int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005998{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005999 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006000 struct pkey_info *pkinfo;
6001 int bits = 0;
6002 int sig = TLSEXT_signature_anonymous;
6003 int len = -1;
6004
6005 if (!ssl_sock_is_ssl(conn))
6006 return 0;
6007
Olivier Houchard66ab4982019-02-26 18:37:15 +01006008 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006009 if (pkinfo) {
6010 sig = pkinfo->sig;
6011 bits = pkinfo->bits;
6012 } else {
6013 /* multicert and generated cert have no pkey info */
6014 X509 *crt;
6015 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006016 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006017 if (!crt)
6018 return 0;
6019 pkey = X509_get_pubkey(crt);
6020 if (pkey) {
6021 bits = EVP_PKEY_bits(pkey);
6022 switch(EVP_PKEY_base_id(pkey)) {
6023 case EVP_PKEY_RSA:
6024 sig = TLSEXT_signature_rsa;
6025 break;
6026 case EVP_PKEY_EC:
6027 sig = TLSEXT_signature_ecdsa;
6028 break;
6029 case EVP_PKEY_DSA:
6030 sig = TLSEXT_signature_dsa;
6031 break;
6032 }
6033 EVP_PKEY_free(pkey);
6034 }
6035 }
6036
6037 switch(sig) {
6038 case TLSEXT_signature_rsa:
6039 len = chunk_printf(out, "RSA%d", bits);
6040 break;
6041 case TLSEXT_signature_ecdsa:
6042 len = chunk_printf(out, "EC%d", bits);
6043 break;
6044 case TLSEXT_signature_dsa:
6045 len = chunk_printf(out, "DSA%d", bits);
6046 break;
6047 default:
6048 return 0;
6049 }
6050 if (len < 0)
6051 return 0;
6052 return 1;
6053}
6054
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006055/* used for ppv2 cert signature (can be used for logging) */
6056const char *ssl_sock_get_cert_sig(struct connection *conn)
6057{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006058 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6059
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006060 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6061 X509 *crt;
6062
6063 if (!ssl_sock_is_ssl(conn))
6064 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006065 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006066 if (!crt)
6067 return NULL;
6068 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6069 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6070}
6071
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006072/* used for ppv2 authority */
6073const char *ssl_sock_get_sni(struct connection *conn)
6074{
6075#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Olivier Houchard66ab4982019-02-26 18:37:15 +01006076 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6077
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006078 if (!ssl_sock_is_ssl(conn))
6079 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006080 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006081#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006082 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006083#endif
6084}
6085
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006086/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006087const char *ssl_sock_get_cipher_name(struct connection *conn)
6088{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006089 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6090
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006091 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006092 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006093
Olivier Houchard66ab4982019-02-26 18:37:15 +01006094 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006095}
6096
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006097/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006098const char *ssl_sock_get_proto_version(struct connection *conn)
6099{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006100 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6101
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006102 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006103 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006104
Olivier Houchard66ab4982019-02-26 18:37:15 +01006105 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006106}
6107
Willy Tarreau8d598402012-10-22 17:58:39 +02006108/* Extract a serial from a cert, and copy it to a chunk.
6109 * Returns 1 if serial is found and copied, 0 if no serial found and
6110 * -1 if output is not large enough.
6111 */
6112static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006113ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006114{
6115 ASN1_INTEGER *serial;
6116
6117 serial = X509_get_serialNumber(crt);
6118 if (!serial)
6119 return 0;
6120
6121 if (out->size < serial->length)
6122 return -1;
6123
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006124 memcpy(out->area, serial->data, serial->length);
6125 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006126 return 1;
6127}
6128
Emeric Brun43e79582014-10-29 19:03:26 +01006129/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006130 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6131 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006132 */
6133static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006134ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006135{
6136 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006137 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006138
6139 len =i2d_X509(crt, NULL);
6140 if (len <= 0)
6141 return 1;
6142
6143 if (out->size < len)
6144 return -1;
6145
6146 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006147 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006148 return 1;
6149}
6150
Emeric Brunce5ad802012-10-22 14:11:22 +02006151
Willy Tarreau83061a82018-07-13 11:56:34 +02006152/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006153 * Returns 1 if serial is found and copied, 0 if no valid time found
6154 * and -1 if output is not large enough.
6155 */
6156static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006157ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006158{
6159 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6160 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6161
6162 if (gentm->length < 12)
6163 return 0;
6164 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6165 return 0;
6166 if (out->size < gentm->length-2)
6167 return -1;
6168
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006169 memcpy(out->area, gentm->data+2, gentm->length-2);
6170 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006171 return 1;
6172 }
6173 else if (tm->type == V_ASN1_UTCTIME) {
6174 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6175
6176 if (utctm->length < 10)
6177 return 0;
6178 if (utctm->data[0] >= 0x35)
6179 return 0;
6180 if (out->size < utctm->length)
6181 return -1;
6182
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006183 memcpy(out->area, utctm->data, utctm->length);
6184 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006185 return 1;
6186 }
6187
6188 return 0;
6189}
6190
Emeric Brun87855892012-10-17 17:39:35 +02006191/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6192 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6193 */
6194static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006195ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6196 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006197{
6198 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006199 ASN1_OBJECT *obj;
6200 ASN1_STRING *data;
6201 const unsigned char *data_ptr;
6202 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006203 int i, j, n;
6204 int cur = 0;
6205 const char *s;
6206 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006207 int name_count;
6208
6209 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006210
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006211 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006212 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006213 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006214 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006215 else
6216 j = i;
6217
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006218 ne = X509_NAME_get_entry(a, j);
6219 obj = X509_NAME_ENTRY_get_object(ne);
6220 data = X509_NAME_ENTRY_get_data(ne);
6221 data_ptr = ASN1_STRING_get0_data(data);
6222 data_len = ASN1_STRING_length(data);
6223 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006224 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006225 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006226 s = tmp;
6227 }
6228
6229 if (chunk_strcasecmp(entry, s) != 0)
6230 continue;
6231
6232 if (pos < 0)
6233 cur--;
6234 else
6235 cur++;
6236
6237 if (cur != pos)
6238 continue;
6239
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006240 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006241 return -1;
6242
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006243 memcpy(out->area, data_ptr, data_len);
6244 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006245 return 1;
6246 }
6247
6248 return 0;
6249
6250}
6251
6252/* Extract and format full DN from a X509_NAME and copy result into a chunk
6253 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6254 */
6255static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006256ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006257{
6258 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006259 ASN1_OBJECT *obj;
6260 ASN1_STRING *data;
6261 const unsigned char *data_ptr;
6262 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006263 int i, n, ln;
6264 int l = 0;
6265 const char *s;
6266 char *p;
6267 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006268 int name_count;
6269
6270
6271 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006272
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006273 out->data = 0;
6274 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006275 for (i = 0; i < name_count; i++) {
6276 ne = X509_NAME_get_entry(a, i);
6277 obj = X509_NAME_ENTRY_get_object(ne);
6278 data = X509_NAME_ENTRY_get_data(ne);
6279 data_ptr = ASN1_STRING_get0_data(data);
6280 data_len = ASN1_STRING_length(data);
6281 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006282 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006283 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006284 s = tmp;
6285 }
6286 ln = strlen(s);
6287
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006288 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006289 if (l > out->size)
6290 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006291 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006292
6293 *(p++)='/';
6294 memcpy(p, s, ln);
6295 p += ln;
6296 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006297 memcpy(p, data_ptr, data_len);
6298 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006299 }
6300
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006301 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006302 return 0;
6303
6304 return 1;
6305}
6306
Olivier Houchardab28a322018-12-21 19:45:40 +01006307void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6308{
6309#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006310 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6311
6312 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006313#endif
6314}
6315
Willy Tarreau119a4082016-12-22 21:58:38 +01006316/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6317 * to disable SNI.
6318 */
Willy Tarreau63076412015-07-10 11:33:32 +02006319void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6320{
6321#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Olivier Houchard66ab4982019-02-26 18:37:15 +01006322 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6323
Willy Tarreau119a4082016-12-22 21:58:38 +01006324 char *prev_name;
6325
Willy Tarreau63076412015-07-10 11:33:32 +02006326 if (!ssl_sock_is_ssl(conn))
6327 return;
6328
Willy Tarreau119a4082016-12-22 21:58:38 +01006329 /* if the SNI changes, we must destroy the reusable context so that a
6330 * new connection will present a new SNI. As an optimization we could
6331 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6332 * server.
6333 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006334 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006335 if ((!prev_name && hostname) ||
6336 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006337 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006338
Olivier Houchard66ab4982019-02-26 18:37:15 +01006339 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006340#endif
6341}
6342
Emeric Brun0abf8362014-06-24 18:26:41 +02006343/* Extract peer certificate's common name into the chunk dest
6344 * Returns
6345 * the len of the extracted common name
6346 * or 0 if no CN found in DN
6347 * or -1 on error case (i.e. no peer certificate)
6348 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006349int ssl_sock_get_remote_common_name(struct connection *conn,
6350 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006351{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006352 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006353 X509 *crt = NULL;
6354 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006355 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006356 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006357 .area = (char *)&find_cn,
6358 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006359 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006360 int result = -1;
David Safb76832014-05-08 23:42:08 -04006361
6362 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006363 goto out;
David Safb76832014-05-08 23:42:08 -04006364
6365 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006366 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006367 if (!crt)
6368 goto out;
6369
6370 name = X509_get_subject_name(crt);
6371 if (!name)
6372 goto out;
David Safb76832014-05-08 23:42:08 -04006373
Emeric Brun0abf8362014-06-24 18:26:41 +02006374 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6375out:
David Safb76832014-05-08 23:42:08 -04006376 if (crt)
6377 X509_free(crt);
6378
6379 return result;
6380}
6381
Dave McCowan328fb582014-07-30 10:39:13 -04006382/* returns 1 if client passed a certificate for this session, 0 if not */
6383int ssl_sock_get_cert_used_sess(struct connection *conn)
6384{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006385 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006386 X509 *crt = NULL;
6387
6388 if (!ssl_sock_is_ssl(conn))
6389 return 0;
6390
6391 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006392 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006393 if (!crt)
6394 return 0;
6395
6396 X509_free(crt);
6397 return 1;
6398}
6399
6400/* returns 1 if client passed a certificate for this connection, 0 if not */
6401int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006402{
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006403 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6404
David Safb76832014-05-08 23:42:08 -04006405 if (!ssl_sock_is_ssl(conn))
6406 return 0;
6407
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006408 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006409}
6410
6411/* returns result from SSL verify */
6412unsigned int ssl_sock_get_verify_result(struct connection *conn)
6413{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006414 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6415
David Safb76832014-05-08 23:42:08 -04006416 if (!ssl_sock_is_ssl(conn))
6417 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6418
Olivier Houchard66ab4982019-02-26 18:37:15 +01006419 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006420}
6421
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006422/* Returns the application layer protocol name in <str> and <len> when known.
6423 * Zero is returned if the protocol name was not found, otherwise non-zero is
6424 * returned. The string is allocated in the SSL context and doesn't have to be
6425 * freed by the caller. NPN is also checked if available since older versions
6426 * of openssl (1.0.1) which are more common in field only support this one.
6427 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006428static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006429{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006430#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6431 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006432 struct ssl_sock_ctx *ctx = xprt_ctx;
6433 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006434 return 0;
6435
6436 *str = NULL;
6437
6438#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006439 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006440 if (*str)
6441 return 1;
6442#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006443#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006444 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006445 if (*str)
6446 return 1;
6447#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006448#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006449 return 0;
6450}
6451
Willy Tarreau7875d092012-09-10 08:20:03 +02006452/***** Below are some sample fetching functions for ACL/patterns *****/
6453
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006454static int
6455smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6456{
6457 struct connection *conn;
6458
6459 conn = objt_conn(smp->sess->origin);
6460 if (!conn || conn->xprt != &ssl_sock)
6461 return 0;
6462
6463 smp->flags = 0;
6464 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006465 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6466 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006467
6468 return 1;
6469}
6470
Emeric Brune64aef12012-09-21 13:15:06 +02006471/* boolean, returns true if client cert was present */
6472static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006473smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006474{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006475 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006476 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006477
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006478 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006479 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006480 return 0;
6481
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006482 ctx = conn->xprt_ctx;
6483
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006484 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006485 smp->flags |= SMP_F_MAY_CHANGE;
6486 return 0;
6487 }
6488
6489 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006490 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006491 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006492
6493 return 1;
6494}
6495
Emeric Brun43e79582014-10-29 19:03:26 +01006496/* binary, returns a certificate in a binary chunk (der/raw).
6497 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6498 * should be use.
6499 */
6500static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006501smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006502{
6503 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6504 X509 *crt = NULL;
6505 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006506 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006507 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006508 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006509
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006510 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006511 if (!conn || conn->xprt != &ssl_sock)
6512 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006513 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006514
6515 if (!(conn->flags & CO_FL_CONNECTED)) {
6516 smp->flags |= SMP_F_MAY_CHANGE;
6517 return 0;
6518 }
6519
6520 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006521 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006522 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006523 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006524
6525 if (!crt)
6526 goto out;
6527
6528 smp_trash = get_trash_chunk();
6529 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6530 goto out;
6531
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006532 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006533 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006534 ret = 1;
6535out:
6536 /* SSL_get_peer_certificate, it increase X509 * ref count */
6537 if (cert_peer && crt)
6538 X509_free(crt);
6539 return ret;
6540}
6541
Emeric Brunba841a12014-04-30 17:05:08 +02006542/* binary, returns serial of certificate in a binary chunk.
6543 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6544 * should be use.
6545 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006546static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006547smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006548{
Emeric Brunba841a12014-04-30 17:05:08 +02006549 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006550 X509 *crt = NULL;
6551 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006552 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006553 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006554 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006555
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006556 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006557 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006558 return 0;
6559
Olivier Houchard66ab4982019-02-26 18:37:15 +01006560 ctx = conn->xprt_ctx;
6561
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006562 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006563 smp->flags |= SMP_F_MAY_CHANGE;
6564 return 0;
6565 }
6566
Emeric Brunba841a12014-04-30 17:05:08 +02006567 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006568 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006569 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006570 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006571
Willy Tarreau8d598402012-10-22 17:58:39 +02006572 if (!crt)
6573 goto out;
6574
Willy Tarreau47ca5452012-12-23 20:22:19 +01006575 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006576 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6577 goto out;
6578
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006579 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006580 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006581 ret = 1;
6582out:
Emeric Brunba841a12014-04-30 17:05:08 +02006583 /* SSL_get_peer_certificate, it increase X509 * ref count */
6584 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006585 X509_free(crt);
6586 return ret;
6587}
Emeric Brune64aef12012-09-21 13:15:06 +02006588
Emeric Brunba841a12014-04-30 17:05:08 +02006589/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6590 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6591 * should be use.
6592 */
James Votha051b4a2013-05-14 20:37:59 +02006593static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006594smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006595{
Emeric Brunba841a12014-04-30 17:05:08 +02006596 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006597 X509 *crt = NULL;
6598 const EVP_MD *digest;
6599 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006600 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006601 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006602 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006603
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006604 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006605 if (!conn || conn->xprt != &ssl_sock)
6606 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006607 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006608
6609 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006610 smp->flags |= SMP_F_MAY_CHANGE;
6611 return 0;
6612 }
6613
Emeric Brunba841a12014-04-30 17:05:08 +02006614 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006615 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006616 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006617 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006618 if (!crt)
6619 goto out;
6620
6621 smp_trash = get_trash_chunk();
6622 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006623 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6624 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006625
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006626 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006627 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006628 ret = 1;
6629out:
Emeric Brunba841a12014-04-30 17:05:08 +02006630 /* SSL_get_peer_certificate, it increase X509 * ref count */
6631 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006632 X509_free(crt);
6633 return ret;
6634}
6635
Emeric Brunba841a12014-04-30 17:05:08 +02006636/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6637 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6638 * should be use.
6639 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006640static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006641smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006642{
Emeric Brunba841a12014-04-30 17:05:08 +02006643 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006644 X509 *crt = NULL;
6645 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006646 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006647 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006648 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006649
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006650 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006651 if (!conn || conn->xprt != &ssl_sock)
6652 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006653 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006654
6655 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006656 smp->flags |= SMP_F_MAY_CHANGE;
6657 return 0;
6658 }
6659
Emeric Brunba841a12014-04-30 17:05:08 +02006660 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006661 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006662 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006663 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006664 if (!crt)
6665 goto out;
6666
Willy Tarreau47ca5452012-12-23 20:22:19 +01006667 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006668 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006669 goto out;
6670
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006671 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006672 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006673 ret = 1;
6674out:
Emeric Brunba841a12014-04-30 17:05:08 +02006675 /* SSL_get_peer_certificate, it increase X509 * ref count */
6676 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006677 X509_free(crt);
6678 return ret;
6679}
6680
Emeric Brunba841a12014-04-30 17:05:08 +02006681/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6682 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6683 * should be use.
6684 */
Emeric Brun87855892012-10-17 17:39:35 +02006685static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006686smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006687{
Emeric Brunba841a12014-04-30 17:05:08 +02006688 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006689 X509 *crt = NULL;
6690 X509_NAME *name;
6691 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006692 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006693 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006694 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006695
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006696 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006697 if (!conn || conn->xprt != &ssl_sock)
6698 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006699 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006700
6701 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006702 smp->flags |= SMP_F_MAY_CHANGE;
6703 return 0;
6704 }
6705
Emeric Brunba841a12014-04-30 17:05:08 +02006706 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006707 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006708 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006709 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006710 if (!crt)
6711 goto out;
6712
6713 name = X509_get_issuer_name(crt);
6714 if (!name)
6715 goto out;
6716
Willy Tarreau47ca5452012-12-23 20:22:19 +01006717 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006718 if (args && args[0].type == ARGT_STR) {
6719 int pos = 1;
6720
6721 if (args[1].type == ARGT_SINT)
6722 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006723
6724 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6725 goto out;
6726 }
6727 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6728 goto out;
6729
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006730 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006731 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006732 ret = 1;
6733out:
Emeric Brunba841a12014-04-30 17:05:08 +02006734 /* SSL_get_peer_certificate, it increase X509 * ref count */
6735 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006736 X509_free(crt);
6737 return ret;
6738}
6739
Emeric Brunba841a12014-04-30 17:05:08 +02006740/* string, returns notbefore date in ASN1_UTCTIME format.
6741 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6742 * should be use.
6743 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006744static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006745smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006746{
Emeric Brunba841a12014-04-30 17:05:08 +02006747 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006748 X509 *crt = NULL;
6749 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006750 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006751 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006752 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006753
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006754 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006755 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006756 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006757 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006758
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006759 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006760 smp->flags |= SMP_F_MAY_CHANGE;
6761 return 0;
6762 }
6763
Emeric Brunba841a12014-04-30 17:05:08 +02006764 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006765 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006766 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006767 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006768 if (!crt)
6769 goto out;
6770
Willy Tarreau47ca5452012-12-23 20:22:19 +01006771 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006772 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006773 goto out;
6774
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006775 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006776 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006777 ret = 1;
6778out:
Emeric Brunba841a12014-04-30 17:05:08 +02006779 /* SSL_get_peer_certificate, it increase X509 * ref count */
6780 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006781 X509_free(crt);
6782 return ret;
6783}
6784
Emeric Brunba841a12014-04-30 17:05:08 +02006785/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6786 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6787 * should be use.
6788 */
Emeric Brun87855892012-10-17 17:39:35 +02006789static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006790smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006791{
Emeric Brunba841a12014-04-30 17:05:08 +02006792 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006793 X509 *crt = NULL;
6794 X509_NAME *name;
6795 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006796 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006797 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006798 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006799
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006800 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006801 if (!conn || conn->xprt != &ssl_sock)
6802 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006803 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006804
6805 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006806 smp->flags |= SMP_F_MAY_CHANGE;
6807 return 0;
6808 }
6809
Emeric Brunba841a12014-04-30 17:05:08 +02006810 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006811 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006812 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006813 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006814 if (!crt)
6815 goto out;
6816
6817 name = X509_get_subject_name(crt);
6818 if (!name)
6819 goto out;
6820
Willy Tarreau47ca5452012-12-23 20:22:19 +01006821 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006822 if (args && args[0].type == ARGT_STR) {
6823 int pos = 1;
6824
6825 if (args[1].type == ARGT_SINT)
6826 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006827
6828 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6829 goto out;
6830 }
6831 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6832 goto out;
6833
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006834 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006835 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006836 ret = 1;
6837out:
Emeric Brunba841a12014-04-30 17:05:08 +02006838 /* SSL_get_peer_certificate, it increase X509 * ref count */
6839 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006840 X509_free(crt);
6841 return ret;
6842}
Emeric Brun9143d372012-12-20 15:44:16 +01006843
6844/* integer, returns true if current session use a client certificate */
6845static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006846smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006847{
6848 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006849 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006850 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01006851
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006852 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006853 if (!conn || conn->xprt != &ssl_sock)
6854 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006855 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006856
6857 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006858 smp->flags |= SMP_F_MAY_CHANGE;
6859 return 0;
6860 }
6861
6862 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006863 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01006864 if (crt) {
6865 X509_free(crt);
6866 }
6867
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006868 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006869 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006870 return 1;
6871}
6872
Emeric Brunba841a12014-04-30 17:05:08 +02006873/* integer, returns the certificate version
6874 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6875 * should be use.
6876 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006877static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006878smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006879{
Emeric Brunba841a12014-04-30 17:05:08 +02006880 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006881 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006882 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006883 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006884
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006885 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006886 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006887 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006888 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006889
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006890 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006891 smp->flags |= SMP_F_MAY_CHANGE;
6892 return 0;
6893 }
6894
Emeric Brunba841a12014-04-30 17:05:08 +02006895 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006896 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006897 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006898 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006899 if (!crt)
6900 return 0;
6901
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006902 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006903 /* SSL_get_peer_certificate increase X509 * ref count */
6904 if (cert_peer)
6905 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006906 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006907
6908 return 1;
6909}
6910
Emeric Brunba841a12014-04-30 17:05:08 +02006911/* string, returns the certificate's signature algorithm.
6912 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6913 * should be use.
6914 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006915static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006916smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006917{
Emeric Brunba841a12014-04-30 17:05:08 +02006918 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006919 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006920 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006921 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006922 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006923 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02006924
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006925 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006926 if (!conn || conn->xprt != &ssl_sock)
6927 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006928 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006929
6930 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006931 smp->flags |= SMP_F_MAY_CHANGE;
6932 return 0;
6933 }
6934
Emeric Brunba841a12014-04-30 17:05:08 +02006935 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006936 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006937 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006938 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02006939 if (!crt)
6940 return 0;
6941
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006942 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6943 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006944
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006945 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6946 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006947 /* SSL_get_peer_certificate increase X509 * ref count */
6948 if (cert_peer)
6949 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006950 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006951 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006952
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006953 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006954 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006955 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02006956 /* SSL_get_peer_certificate increase X509 * ref count */
6957 if (cert_peer)
6958 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006959
6960 return 1;
6961}
6962
Emeric Brunba841a12014-04-30 17:05:08 +02006963/* string, returns the certificate's key algorithm.
6964 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6965 * should be use.
6966 */
Emeric Brun521a0112012-10-22 12:22:55 +02006967static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006968smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006969{
Emeric Brunba841a12014-04-30 17:05:08 +02006970 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006971 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006972 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006973 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006974 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006975 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02006976
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006977 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006978 if (!conn || conn->xprt != &ssl_sock)
6979 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006980 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006981
6982 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006983 smp->flags |= SMP_F_MAY_CHANGE;
6984 return 0;
6985 }
6986
Emeric Brunba841a12014-04-30 17:05:08 +02006987 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006988 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006989 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006990 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02006991 if (!crt)
6992 return 0;
6993
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006994 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6995 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006996
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006997 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
6998 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02006999 /* SSL_get_peer_certificate increase X509 * ref count */
7000 if (cert_peer)
7001 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007002 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007003 }
Emeric Brun521a0112012-10-22 12:22:55 +02007004
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007005 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007006 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007007 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007008 if (cert_peer)
7009 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007010
7011 return 1;
7012}
7013
Emeric Brun645ae792014-04-30 14:21:06 +02007014/* boolean, returns true if front conn. transport layer is SSL.
7015 * This function is also usable on backend conn if the fetch keyword 5th
7016 * char is 'b'.
7017 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007018static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007019smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007020{
Emeric Bruneb8def92018-02-19 15:59:48 +01007021 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7022 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007023
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007024 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007025 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007026 return 1;
7027}
7028
Emeric Brun2525b6b2012-10-18 15:59:43 +02007029/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007030static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007031smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007032{
7033#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007034 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007035 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007036
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007037 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007038 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007039 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007040 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007041 return 1;
7042#else
7043 return 0;
7044#endif
7045}
7046
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007047/* boolean, returns true if client session has been resumed.
7048 * This function is also usable on backend conn if the fetch keyword 5th
7049 * char is 'b'.
7050 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007051static int
7052smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7053{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007054 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7055 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007056 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007057
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007058
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007059 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007060 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007061 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007062 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007063 return 1;
7064}
7065
Emeric Brun645ae792014-04-30 14:21:06 +02007066/* string, returns the used cipher if front conn. transport layer is SSL.
7067 * This function is also usable on backend conn if the fetch keyword 5th
7068 * char is 'b'.
7069 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007070static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007071smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007072{
Emeric Bruneb8def92018-02-19 15:59:48 +01007073 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7074 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007075 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007076
Willy Tarreaube508f12016-03-10 11:47:01 +01007077 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007078 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007079 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007080 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007081
Olivier Houchard66ab4982019-02-26 18:37:15 +01007082 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007083 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007084 return 0;
7085
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007086 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007087 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007088 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007089
7090 return 1;
7091}
7092
Emeric Brun645ae792014-04-30 14:21:06 +02007093/* integer, returns the algoritm's keysize if front conn. transport layer
7094 * is SSL.
7095 * This function is also usable on backend conn if the fetch keyword 5th
7096 * char is 'b'.
7097 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007098static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007099smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007100{
Emeric Bruneb8def92018-02-19 15:59:48 +01007101 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7102 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007103 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007104 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007105
Emeric Brun589fcad2012-10-16 14:13:26 +02007106 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007107 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007108 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007109 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007110
Olivier Houchard66ab4982019-02-26 18:37:15 +01007111 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007112 return 0;
7113
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007114 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007115 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007116
7117 return 1;
7118}
7119
Emeric Brun645ae792014-04-30 14:21:06 +02007120/* integer, returns the used keysize if front conn. transport layer is SSL.
7121 * This function is also usable on backend conn if the fetch keyword 5th
7122 * char is 'b'.
7123 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007124static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007125smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007126{
Emeric Bruneb8def92018-02-19 15:59:48 +01007127 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7128 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007129 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007130
Emeric Brun589fcad2012-10-16 14:13:26 +02007131 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007132 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7133 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007134 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007135
Olivier Houchard66ab4982019-02-26 18:37:15 +01007136 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007137 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007138 return 0;
7139
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007140 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007141
7142 return 1;
7143}
7144
Bernard Spil13c53f82018-02-15 13:34:58 +01007145#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007146static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007147smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007148{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007149 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007150 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007151
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007152 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007153 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007154
Olivier Houchard6b77f492018-11-22 18:18:29 +01007155 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7156 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007157 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7158 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007159 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007160
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007161 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007162 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007163 (const unsigned char **)&smp->data.u.str.area,
7164 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007165
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007166 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007167 return 0;
7168
7169 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007170}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007171#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007172
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007173#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007174static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007175smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007176{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007177 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007178 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007179
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007180 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007181 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007182
Olivier Houchard6b77f492018-11-22 18:18:29 +01007183 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7184 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7185
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007186 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007187 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007188 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007189
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007190 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007191 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007192 (const unsigned char **)&smp->data.u.str.area,
7193 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007194
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007195 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007196 return 0;
7197
7198 return 1;
7199}
7200#endif
7201
Emeric Brun645ae792014-04-30 14:21:06 +02007202/* string, returns the used protocol if front conn. transport layer is SSL.
7203 * This function is also usable on backend conn if the fetch keyword 5th
7204 * char is 'b'.
7205 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007206static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007207smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007208{
Emeric Bruneb8def92018-02-19 15:59:48 +01007209 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7210 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007211 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007212
Emeric Brun589fcad2012-10-16 14:13:26 +02007213 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007214 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7215 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007216 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007217
Olivier Houchard66ab4982019-02-26 18:37:15 +01007218 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007219 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007220 return 0;
7221
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007222 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007223 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007224 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007225
7226 return 1;
7227}
7228
Willy Tarreau87b09662015-04-03 00:22:06 +02007229/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007230 * This function is also usable on backend conn if the fetch keyword 5th
7231 * char is 'b'.
7232 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007233#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007234static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007235smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007236{
Emeric Bruneb8def92018-02-19 15:59:48 +01007237 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7238 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007239 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007240 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007241
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007242 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007243 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007244
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007245 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7246 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007247 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007248
Olivier Houchard66ab4982019-02-26 18:37:15 +01007249 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007250 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007251 return 0;
7252
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007253 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7254 (unsigned int *)&smp->data.u.str.data);
7255 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007256 return 0;
7257
7258 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007259}
Patrick Hemmer41966772018-04-28 19:15:48 -04007260#endif
7261
Emeric Brunfe68f682012-10-16 14:59:28 +02007262
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007263#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
Patrick Hemmere0275472018-04-28 19:15:51 -04007264static int
7265smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7266{
7267 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7268 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7269 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007270 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007271 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007272
7273 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7274 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007275 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007276
Olivier Houchard66ab4982019-02-26 18:37:15 +01007277 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007278 if (!ssl_sess)
7279 return 0;
7280
7281 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007282 data->data = SSL_SESSION_get_master_key(ssl_sess,
7283 (unsigned char *) data->area,
7284 data->size);
7285 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007286 return 0;
7287
7288 smp->flags = 0;
7289 smp->data.type = SMP_T_BIN;
7290 smp->data.u.str = *data;
7291
7292 return 1;
7293}
7294#endif
7295
Patrick Hemmer41966772018-04-28 19:15:48 -04007296#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007297static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007298smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007299{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007300 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007301 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007302
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007303 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007304 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007305
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007306 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007307 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7308 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007309 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007310
Olivier Houchard66ab4982019-02-26 18:37:15 +01007311 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007312 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007313 return 0;
7314
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007315 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007316 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007317}
Patrick Hemmer41966772018-04-28 19:15:48 -04007318#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007319
David Sc1ad52e2014-04-08 18:48:47 -04007320static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007321smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7322{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007323 struct connection *conn;
7324 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007325 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007326
7327 conn = objt_conn(smp->sess->origin);
7328 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7329 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007330 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007331
Olivier Houchard66ab4982019-02-26 18:37:15 +01007332 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007333 if (!capture)
7334 return 0;
7335
7336 smp->flags = SMP_F_CONST;
7337 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007338 smp->data.u.str.area = capture->ciphersuite;
7339 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007340 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007341}
7342
7343static int
7344smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7345{
Willy Tarreau83061a82018-07-13 11:56:34 +02007346 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007347
7348 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7349 return 0;
7350
7351 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007352 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007353 smp->data.type = SMP_T_BIN;
7354 smp->data.u.str = *data;
7355 return 1;
7356}
7357
7358static int
7359smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7360{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007361 struct connection *conn;
7362 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007363 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007364
7365 conn = objt_conn(smp->sess->origin);
7366 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7367 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007368 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007369
Olivier Houchard66ab4982019-02-26 18:37:15 +01007370 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007371 if (!capture)
7372 return 0;
7373
7374 smp->data.type = SMP_T_SINT;
7375 smp->data.u.sint = capture->xxh64;
7376 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007377}
7378
7379static int
7380smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7381{
Willy Tarreau5db847a2019-05-09 14:13:35 +02007382#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02007383 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007384 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007385
7386 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7387 return 0;
7388
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007389 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007390 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007391 const char *str;
7392 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007393 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007394 uint16_t id = (bin[0] << 8) | bin[1];
7395#if defined(OPENSSL_IS_BORINGSSL)
7396 cipher = SSL_get_cipher_by_value(id);
7397#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007398 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007399 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7400 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007401#endif
7402 str = SSL_CIPHER_get_name(cipher);
7403 if (!str || strcmp(str, "(NONE)") == 0)
7404 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007405 else
7406 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7407 }
7408 smp->data.type = SMP_T_STR;
7409 smp->data.u.str = *data;
7410 return 1;
7411#else
7412 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7413#endif
7414}
7415
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007416#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007417static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007418smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007419{
Emeric Bruneb8def92018-02-19 15:59:48 +01007420 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7421 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007422 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007423 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007424 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007425
7426 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007427 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7428 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007429 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007430
7431 if (!(conn->flags & CO_FL_CONNECTED)) {
7432 smp->flags |= SMP_F_MAY_CHANGE;
7433 return 0;
7434 }
7435
7436 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007437 if (!SSL_session_reused(ctx->ssl))
7438 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007439 finished_trash->area,
7440 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007441 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007442 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007443 finished_trash->area,
7444 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007445
7446 if (!finished_len)
7447 return 0;
7448
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007449 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007450 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007451 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007452
7453 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007454}
Patrick Hemmer41966772018-04-28 19:15:48 -04007455#endif
David Sc1ad52e2014-04-08 18:48:47 -04007456
Emeric Brun2525b6b2012-10-18 15:59:43 +02007457/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007458static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007459smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007460{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007461 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007462 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007463
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007464 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007465 if (!conn || conn->xprt != &ssl_sock)
7466 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007467 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007468
7469 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007470 smp->flags = SMP_F_MAY_CHANGE;
7471 return 0;
7472 }
7473
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007474 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007475 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007476 smp->flags = 0;
7477
7478 return 1;
7479}
7480
Emeric Brun2525b6b2012-10-18 15:59:43 +02007481/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007482static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007483smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007484{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007485 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007486 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007487
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007488 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007489 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007490 return 0;
7491
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007492 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007493 smp->flags = SMP_F_MAY_CHANGE;
7494 return 0;
7495 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007496 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007497
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007498 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007499 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007500 smp->flags = 0;
7501
7502 return 1;
7503}
7504
Emeric Brun2525b6b2012-10-18 15:59:43 +02007505/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007506static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007507smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007508{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007509 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007510 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007511
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007512 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007513 if (!conn || conn->xprt != &ssl_sock)
7514 return 0;
7515
7516 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007517 smp->flags = SMP_F_MAY_CHANGE;
7518 return 0;
7519 }
7520
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007521 ctx = conn->xprt_ctx;
7522
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007523 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007524 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007525 smp->flags = 0;
7526
7527 return 1;
7528}
7529
Emeric Brun2525b6b2012-10-18 15:59:43 +02007530/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007531static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007532smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007533{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007534 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007535 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007536
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007537 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007538 if (!conn || conn->xprt != &ssl_sock)
7539 return 0;
7540
7541 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007542 smp->flags = SMP_F_MAY_CHANGE;
7543 return 0;
7544 }
7545
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007546 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007547 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007548 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007549
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007550 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007551 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007552 smp->flags = 0;
7553
7554 return 1;
7555}
7556
Emeric Brunfb510ea2012-10-05 12:00:26 +02007557/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007558static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007559{
7560 if (!*args[cur_arg + 1]) {
7561 if (err)
7562 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7563 return ERR_ALERT | ERR_FATAL;
7564 }
7565
Willy Tarreauef934602016-12-22 23:12:01 +01007566 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7567 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007568 else
7569 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007570
Emeric Brund94b3fe2012-09-20 18:23:56 +02007571 return 0;
7572}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007573static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7574{
7575 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7576}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007577
Christopher Faulet31af49d2015-06-09 17:29:50 +02007578/* parse the "ca-sign-file" bind keyword */
7579static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7580{
7581 if (!*args[cur_arg + 1]) {
7582 if (err)
7583 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7584 return ERR_ALERT | ERR_FATAL;
7585 }
7586
Willy Tarreauef934602016-12-22 23:12:01 +01007587 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7588 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007589 else
7590 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7591
7592 return 0;
7593}
7594
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007595/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007596static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7597{
7598 if (!*args[cur_arg + 1]) {
7599 if (err)
7600 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7601 return ERR_ALERT | ERR_FATAL;
7602 }
7603 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7604 return 0;
7605}
7606
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007607/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007608static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007609{
7610 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007611 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007612 return ERR_ALERT | ERR_FATAL;
7613 }
7614
Emeric Brun76d88952012-10-05 15:47:31 +02007615 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007616 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007617 return 0;
7618}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007619static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7620{
7621 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7622}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007623
Willy Tarreau5db847a2019-05-09 14:13:35 +02007624#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007625/* parse the "ciphersuites" bind keyword */
7626static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7627{
7628 if (!*args[cur_arg + 1]) {
7629 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7630 return ERR_ALERT | ERR_FATAL;
7631 }
7632
7633 free(conf->ciphersuites);
7634 conf->ciphersuites = strdup(args[cur_arg + 1]);
7635 return 0;
7636}
7637static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7638{
7639 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7640}
7641#endif
7642
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007643/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007644static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007645{
Willy Tarreau38011032013-08-13 16:59:39 +02007646 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007647
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007648 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007649 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007650 return ERR_ALERT | ERR_FATAL;
7651 }
7652
Willy Tarreauef934602016-12-22 23:12:01 +01007653 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7654 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007655 memprintf(err, "'%s' : path too long", args[cur_arg]);
7656 return ERR_ALERT | ERR_FATAL;
7657 }
Willy Tarreauef934602016-12-22 23:12:01 +01007658 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007659 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007660 return ERR_ALERT | ERR_FATAL;
7661
7662 return 0;
7663 }
7664
Willy Tarreau03209342016-12-22 17:08:28 +01007665 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007666 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007667
7668 return 0;
7669}
7670
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007671/* parse the "crt-list" bind keyword */
7672static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7673{
7674 if (!*args[cur_arg + 1]) {
7675 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7676 return ERR_ALERT | ERR_FATAL;
7677 }
7678
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007679 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007680 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007681 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007682 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007683
7684 return 0;
7685}
7686
Emeric Brunfb510ea2012-10-05 12:00:26 +02007687/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007688static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007689{
Emeric Brun051cdab2012-10-02 19:25:50 +02007690#ifndef X509_V_FLAG_CRL_CHECK
7691 if (err)
7692 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7693 return ERR_ALERT | ERR_FATAL;
7694#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007695 if (!*args[cur_arg + 1]) {
7696 if (err)
7697 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7698 return ERR_ALERT | ERR_FATAL;
7699 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007700
Willy Tarreauef934602016-12-22 23:12:01 +01007701 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7702 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007703 else
7704 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007705
Emeric Brun2b58d042012-09-20 17:10:03 +02007706 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007707#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007708}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007709static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7710{
7711 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7712}
Emeric Brun2b58d042012-09-20 17:10:03 +02007713
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007714/* parse the "curves" bind keyword keyword */
7715static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7716{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007717#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007718 if (!*args[cur_arg + 1]) {
7719 if (err)
7720 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7721 return ERR_ALERT | ERR_FATAL;
7722 }
7723 conf->curves = strdup(args[cur_arg + 1]);
7724 return 0;
7725#else
7726 if (err)
7727 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7728 return ERR_ALERT | ERR_FATAL;
7729#endif
7730}
7731static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7732{
7733 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7734}
7735
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007736/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007737static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007738{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007739#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02007740 if (err)
7741 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7742 return ERR_ALERT | ERR_FATAL;
7743#elif defined(OPENSSL_NO_ECDH)
7744 if (err)
7745 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7746 return ERR_ALERT | ERR_FATAL;
7747#else
7748 if (!*args[cur_arg + 1]) {
7749 if (err)
7750 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7751 return ERR_ALERT | ERR_FATAL;
7752 }
7753
7754 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007755
7756 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007757#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007758}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007759static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7760{
7761 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7762}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007763
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007764/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007765static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7766{
7767 int code;
7768 char *p = args[cur_arg + 1];
7769 unsigned long long *ignerr = &conf->crt_ignerr;
7770
7771 if (!*p) {
7772 if (err)
7773 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7774 return ERR_ALERT | ERR_FATAL;
7775 }
7776
7777 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7778 ignerr = &conf->ca_ignerr;
7779
7780 if (strcmp(p, "all") == 0) {
7781 *ignerr = ~0ULL;
7782 return 0;
7783 }
7784
7785 while (p) {
7786 code = atoi(p);
7787 if ((code <= 0) || (code > 63)) {
7788 if (err)
7789 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7790 args[cur_arg], code, args[cur_arg + 1]);
7791 return ERR_ALERT | ERR_FATAL;
7792 }
7793 *ignerr |= 1ULL << code;
7794 p = strchr(p, ',');
7795 if (p)
7796 p++;
7797 }
7798
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007799 return 0;
7800}
7801
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007802/* parse tls_method_options "no-xxx" and "force-xxx" */
7803static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007804{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007805 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007806 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007807 p = strchr(arg, '-');
7808 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007809 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007810 p++;
7811 if (!strcmp(p, "sslv3"))
7812 v = CONF_SSLV3;
7813 else if (!strcmp(p, "tlsv10"))
7814 v = CONF_TLSV10;
7815 else if (!strcmp(p, "tlsv11"))
7816 v = CONF_TLSV11;
7817 else if (!strcmp(p, "tlsv12"))
7818 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007819 else if (!strcmp(p, "tlsv13"))
7820 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007821 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007822 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007823 if (!strncmp(arg, "no-", 3))
7824 methods->flags |= methodVersions[v].flag;
7825 else if (!strncmp(arg, "force-", 6))
7826 methods->min = methods->max = v;
7827 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007828 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007829 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007830 fail:
7831 if (err)
7832 memprintf(err, "'%s' : option not implemented", arg);
7833 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007834}
7835
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007836static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007837{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007838 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007839}
7840
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007841static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007842{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007843 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7844}
7845
7846/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7847static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7848{
7849 uint16_t i, v = 0;
7850 char *argv = args[cur_arg + 1];
7851 if (!*argv) {
7852 if (err)
7853 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7854 return ERR_ALERT | ERR_FATAL;
7855 }
7856 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7857 if (!strcmp(argv, methodVersions[i].name))
7858 v = i;
7859 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007860 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007861 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007862 return ERR_ALERT | ERR_FATAL;
7863 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007864 if (!strcmp("ssl-min-ver", args[cur_arg]))
7865 methods->min = v;
7866 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7867 methods->max = v;
7868 else {
7869 if (err)
7870 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7871 return ERR_ALERT | ERR_FATAL;
7872 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007873 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007874}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007875
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007876static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7877{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007878#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007879 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007880#endif
7881 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7882}
7883
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007884static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7885{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007886 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007887}
7888
7889static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7890{
7891 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7892}
7893
Emeric Brun2d0c4822012-10-02 13:45:20 +02007894/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007895static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007896{
Emeric Brun89675492012-10-05 13:48:26 +02007897 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007898 return 0;
7899}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007900
Olivier Houchardc2aae742017-09-22 18:26:28 +02007901/* parse the "allow-0rtt" bind keyword */
7902static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7903{
7904 conf->early_data = 1;
7905 return 0;
7906}
7907
7908static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7909{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007910 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007911 return 0;
7912}
7913
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007914/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007915static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007916{
Bernard Spil13c53f82018-02-15 13:34:58 +01007917#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007918 char *p1, *p2;
7919
7920 if (!*args[cur_arg + 1]) {
7921 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7922 return ERR_ALERT | ERR_FATAL;
7923 }
7924
7925 free(conf->npn_str);
7926
Willy Tarreau3724da12016-02-12 17:11:12 +01007927 /* the NPN string is built as a suite of (<len> <name>)*,
7928 * so we reuse each comma to store the next <len> and need
7929 * one more for the end of the string.
7930 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007931 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007932 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007933 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7934
7935 /* replace commas with the name length */
7936 p1 = conf->npn_str;
7937 p2 = p1 + 1;
7938 while (1) {
7939 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7940 if (!p2)
7941 p2 = p1 + 1 + strlen(p1 + 1);
7942
7943 if (p2 - (p1 + 1) > 255) {
7944 *p2 = '\0';
7945 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7946 return ERR_ALERT | ERR_FATAL;
7947 }
7948
7949 *p1 = p2 - (p1 + 1);
7950 p1 = p2;
7951
7952 if (!*p2)
7953 break;
7954
7955 *(p2++) = '\0';
7956 }
7957 return 0;
7958#else
7959 if (err)
7960 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7961 return ERR_ALERT | ERR_FATAL;
7962#endif
7963}
7964
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007965static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7966{
7967 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7968}
7969
Willy Tarreauab861d32013-04-02 02:30:41 +02007970/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007971static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007972{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007973#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007974 char *p1, *p2;
7975
7976 if (!*args[cur_arg + 1]) {
7977 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7978 return ERR_ALERT | ERR_FATAL;
7979 }
7980
7981 free(conf->alpn_str);
7982
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007983 /* the ALPN string is built as a suite of (<len> <name>)*,
7984 * so we reuse each comma to store the next <len> and need
7985 * one more for the end of the string.
7986 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007987 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007988 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007989 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7990
7991 /* replace commas with the name length */
7992 p1 = conf->alpn_str;
7993 p2 = p1 + 1;
7994 while (1) {
7995 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7996 if (!p2)
7997 p2 = p1 + 1 + strlen(p1 + 1);
7998
7999 if (p2 - (p1 + 1) > 255) {
8000 *p2 = '\0';
8001 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8002 return ERR_ALERT | ERR_FATAL;
8003 }
8004
8005 *p1 = p2 - (p1 + 1);
8006 p1 = p2;
8007
8008 if (!*p2)
8009 break;
8010
8011 *(p2++) = '\0';
8012 }
8013 return 0;
8014#else
8015 if (err)
8016 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8017 return ERR_ALERT | ERR_FATAL;
8018#endif
8019}
8020
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008021static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8022{
8023 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8024}
8025
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008026/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008027static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008028{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008029 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008030 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008031
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008032 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8033 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Willy Tarreau5db847a2019-05-09 14:13:35 +02008034#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008035 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8036 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8037#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008038 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008039 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8040 if (!conf->ssl_conf.ssl_methods.min)
8041 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8042 if (!conf->ssl_conf.ssl_methods.max)
8043 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008044
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008045 return 0;
8046}
8047
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008048/* parse the "prefer-client-ciphers" bind keyword */
8049static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8050{
8051 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8052 return 0;
8053}
8054
Christopher Faulet31af49d2015-06-09 17:29:50 +02008055/* parse the "generate-certificates" bind keyword */
8056static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8057{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008058#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008059 conf->generate_certs = 1;
8060#else
8061 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8062 err && *err ? *err : "");
8063#endif
8064 return 0;
8065}
8066
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008067/* parse the "strict-sni" bind keyword */
8068static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8069{
8070 conf->strict_sni = 1;
8071 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008072}
8073
8074/* parse the "tls-ticket-keys" bind keyword */
8075static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8076{
8077#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8078 FILE *f;
8079 int i = 0;
8080 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008081 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008082
8083 if (!*args[cur_arg + 1]) {
8084 if (err)
8085 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
8086 return ERR_ALERT | ERR_FATAL;
8087 }
8088
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008089 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008090 if (keys_ref) {
8091 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008092 conf->keys_ref = keys_ref;
8093 return 0;
8094 }
8095
Vincent Bernat02779b62016-04-03 13:48:43 +02008096 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008097 if (!keys_ref) {
8098 if (err)
8099 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8100 return ERR_ALERT | ERR_FATAL;
8101 }
8102
Emeric Brun9e754772019-01-10 17:51:55 +01008103 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008104 if (!keys_ref->tlskeys) {
8105 free(keys_ref);
8106 if (err)
8107 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8108 return ERR_ALERT | ERR_FATAL;
8109 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008110
8111 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01008112 free(keys_ref->tlskeys);
8113 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008114 if (err)
8115 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
8116 return ERR_ALERT | ERR_FATAL;
8117 }
8118
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008119 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008120 if (!keys_ref->filename) {
8121 free(keys_ref->tlskeys);
8122 free(keys_ref);
8123 if (err)
8124 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8125 return ERR_ALERT | ERR_FATAL;
8126 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008127
Emeric Brun9e754772019-01-10 17:51:55 +01008128 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008129 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8130 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008131 int dec_size;
8132
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008133 /* Strip newline characters from the end */
8134 if(thisline[len - 1] == '\n')
8135 thisline[--len] = 0;
8136
8137 if(thisline[len - 1] == '\r')
8138 thisline[--len] = 0;
8139
Emeric Brun9e754772019-01-10 17:51:55 +01008140 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8141 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01008142 free(keys_ref->filename);
8143 free(keys_ref->tlskeys);
8144 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008145 if (err)
8146 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02008147 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008148 return ERR_ALERT | ERR_FATAL;
8149 }
Emeric Brun9e754772019-01-10 17:51:55 +01008150 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8151 keys_ref->key_size_bits = 128;
8152 }
8153 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8154 keys_ref->key_size_bits = 256;
8155 }
8156 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8157 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8158 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
8159 free(keys_ref->filename);
8160 free(keys_ref->tlskeys);
8161 free(keys_ref);
8162 if (err)
8163 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
8164 fclose(f);
8165 return ERR_ALERT | ERR_FATAL;
8166 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008167 i++;
8168 }
8169
8170 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01008171 free(keys_ref->filename);
8172 free(keys_ref->tlskeys);
8173 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008174 if (err)
8175 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02008176 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008177 return ERR_ALERT | ERR_FATAL;
8178 }
8179
8180 fclose(f);
8181
8182 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008183 i -= 2;
8184 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008185 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008186 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008187 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008188 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008189
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008190 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8191
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008192 return 0;
8193#else
8194 if (err)
8195 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8196 return ERR_ALERT | ERR_FATAL;
8197#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008198}
8199
Emeric Brund94b3fe2012-09-20 18:23:56 +02008200/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008201static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008202{
8203 if (!*args[cur_arg + 1]) {
8204 if (err)
8205 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8206 return ERR_ALERT | ERR_FATAL;
8207 }
8208
8209 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008210 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008211 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008212 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008213 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008214 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008215 else {
8216 if (err)
8217 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8218 args[cur_arg], args[cur_arg + 1]);
8219 return ERR_ALERT | ERR_FATAL;
8220 }
8221
8222 return 0;
8223}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008224static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8225{
8226 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8227}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008228
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008229/* parse the "no-ca-names" bind keyword */
8230static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8231{
8232 conf->no_ca_names = 1;
8233 return 0;
8234}
8235static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8236{
8237 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8238}
8239
Willy Tarreau92faadf2012-10-10 23:04:25 +02008240/************** "server" keywords ****************/
8241
Olivier Houchardc7566002018-11-20 23:33:50 +01008242/* parse the "npn" bind keyword */
8243static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8244{
8245#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8246 char *p1, *p2;
8247
8248 if (!*args[*cur_arg + 1]) {
8249 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8250 return ERR_ALERT | ERR_FATAL;
8251 }
8252
8253 free(newsrv->ssl_ctx.npn_str);
8254
8255 /* the NPN string is built as a suite of (<len> <name>)*,
8256 * so we reuse each comma to store the next <len> and need
8257 * one more for the end of the string.
8258 */
8259 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8260 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8261 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8262 newsrv->ssl_ctx.npn_len);
8263
8264 /* replace commas with the name length */
8265 p1 = newsrv->ssl_ctx.npn_str;
8266 p2 = p1 + 1;
8267 while (1) {
8268 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8269 newsrv->ssl_ctx.npn_len - (p1 + 1));
8270 if (!p2)
8271 p2 = p1 + 1 + strlen(p1 + 1);
8272
8273 if (p2 - (p1 + 1) > 255) {
8274 *p2 = '\0';
8275 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8276 return ERR_ALERT | ERR_FATAL;
8277 }
8278
8279 *p1 = p2 - (p1 + 1);
8280 p1 = p2;
8281
8282 if (!*p2)
8283 break;
8284
8285 *(p2++) = '\0';
8286 }
8287 return 0;
8288#else
8289 if (err)
8290 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8291 return ERR_ALERT | ERR_FATAL;
8292#endif
8293}
8294
Olivier Houchard92150142018-12-21 19:47:01 +01008295/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008296static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8297{
8298#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8299 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008300 char **alpn_str;
8301 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008302
Olivier Houchard92150142018-12-21 19:47:01 +01008303 if (*args[*cur_arg] == 'c') {
8304 alpn_str = &newsrv->check.alpn_str;
8305 alpn_len = &newsrv->check.alpn_len;
8306 } else {
8307 alpn_str = &newsrv->ssl_ctx.alpn_str;
8308 alpn_len = &newsrv->ssl_ctx.alpn_len;
8309
8310 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008311 if (!*args[*cur_arg + 1]) {
8312 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8313 return ERR_ALERT | ERR_FATAL;
8314 }
8315
Olivier Houchard92150142018-12-21 19:47:01 +01008316 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008317
8318 /* the ALPN string is built as a suite of (<len> <name>)*,
8319 * so we reuse each comma to store the next <len> and need
8320 * one more for the end of the string.
8321 */
Olivier Houchard92150142018-12-21 19:47:01 +01008322 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8323 *alpn_str = calloc(1, *alpn_len + 1);
8324 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008325
8326 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008327 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008328 p2 = p1 + 1;
8329 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008330 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008331 if (!p2)
8332 p2 = p1 + 1 + strlen(p1 + 1);
8333
8334 if (p2 - (p1 + 1) > 255) {
8335 *p2 = '\0';
8336 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8337 return ERR_ALERT | ERR_FATAL;
8338 }
8339
8340 *p1 = p2 - (p1 + 1);
8341 p1 = p2;
8342
8343 if (!*p2)
8344 break;
8345
8346 *(p2++) = '\0';
8347 }
8348 return 0;
8349#else
8350 if (err)
8351 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8352 return ERR_ALERT | ERR_FATAL;
8353#endif
8354}
8355
Emeric Brunef42d922012-10-11 16:11:36 +02008356/* parse the "ca-file" server keyword */
8357static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8358{
8359 if (!*args[*cur_arg + 1]) {
8360 if (err)
8361 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8362 return ERR_ALERT | ERR_FATAL;
8363 }
8364
Willy Tarreauef934602016-12-22 23:12:01 +01008365 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8366 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008367 else
8368 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8369
8370 return 0;
8371}
8372
Olivier Houchard9130a962017-10-17 17:33:43 +02008373/* parse the "check-sni" server keyword */
8374static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8375{
8376 if (!*args[*cur_arg + 1]) {
8377 if (err)
8378 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8379 return ERR_ALERT | ERR_FATAL;
8380 }
8381
8382 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8383 if (!newsrv->check.sni) {
8384 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8385 return ERR_ALERT | ERR_FATAL;
8386 }
8387 return 0;
8388
8389}
8390
Willy Tarreau92faadf2012-10-10 23:04:25 +02008391/* parse the "check-ssl" server keyword */
8392static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8393{
8394 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008395 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8396 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau5db847a2019-05-09 14:13:35 +02008397#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008398 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8399 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8400#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008401 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008402 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8403 if (!newsrv->ssl_ctx.methods.min)
8404 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8405 if (!newsrv->ssl_ctx.methods.max)
8406 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8407
Willy Tarreau92faadf2012-10-10 23:04:25 +02008408 return 0;
8409}
8410
8411/* parse the "ciphers" server keyword */
8412static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8413{
8414 if (!*args[*cur_arg + 1]) {
8415 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8416 return ERR_ALERT | ERR_FATAL;
8417 }
8418
8419 free(newsrv->ssl_ctx.ciphers);
8420 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8421 return 0;
8422}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008423
Willy Tarreau5db847a2019-05-09 14:13:35 +02008424#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008425/* parse the "ciphersuites" server keyword */
8426static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8427{
8428 if (!*args[*cur_arg + 1]) {
8429 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8430 return ERR_ALERT | ERR_FATAL;
8431 }
8432
8433 free(newsrv->ssl_ctx.ciphersuites);
8434 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8435 return 0;
8436}
8437#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008438
Emeric Brunef42d922012-10-11 16:11:36 +02008439/* parse the "crl-file" server keyword */
8440static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8441{
8442#ifndef X509_V_FLAG_CRL_CHECK
8443 if (err)
8444 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8445 return ERR_ALERT | ERR_FATAL;
8446#else
8447 if (!*args[*cur_arg + 1]) {
8448 if (err)
8449 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8450 return ERR_ALERT | ERR_FATAL;
8451 }
8452
Willy Tarreauef934602016-12-22 23:12:01 +01008453 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8454 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008455 else
8456 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8457
8458 return 0;
8459#endif
8460}
8461
Emeric Bruna7aa3092012-10-26 12:58:00 +02008462/* parse the "crt" server keyword */
8463static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8464{
8465 if (!*args[*cur_arg + 1]) {
8466 if (err)
8467 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8468 return ERR_ALERT | ERR_FATAL;
8469 }
8470
Willy Tarreauef934602016-12-22 23:12:01 +01008471 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008472 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008473 else
8474 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8475
8476 return 0;
8477}
Emeric Brunef42d922012-10-11 16:11:36 +02008478
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008479/* parse the "no-check-ssl" server keyword */
8480static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8481{
8482 newsrv->check.use_ssl = 0;
8483 free(newsrv->ssl_ctx.ciphers);
8484 newsrv->ssl_ctx.ciphers = NULL;
8485 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8486 return 0;
8487}
8488
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008489/* parse the "no-send-proxy-v2-ssl" server keyword */
8490static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8491{
8492 newsrv->pp_opts &= ~SRV_PP_V2;
8493 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8494 return 0;
8495}
8496
8497/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8498static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8499{
8500 newsrv->pp_opts &= ~SRV_PP_V2;
8501 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8502 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8503 return 0;
8504}
8505
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008506/* parse the "no-ssl" server keyword */
8507static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8508{
8509 newsrv->use_ssl = 0;
8510 free(newsrv->ssl_ctx.ciphers);
8511 newsrv->ssl_ctx.ciphers = NULL;
8512 return 0;
8513}
8514
Olivier Houchard522eea72017-11-03 16:27:47 +01008515/* parse the "allow-0rtt" server keyword */
8516static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8517{
8518 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8519 return 0;
8520}
8521
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008522/* parse the "no-ssl-reuse" server keyword */
8523static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8524{
8525 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8526 return 0;
8527}
8528
Emeric Brunf9c5c472012-10-11 15:28:34 +02008529/* parse the "no-tls-tickets" server keyword */
8530static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8531{
8532 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8533 return 0;
8534}
David Safb76832014-05-08 23:42:08 -04008535/* parse the "send-proxy-v2-ssl" server keyword */
8536static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8537{
8538 newsrv->pp_opts |= SRV_PP_V2;
8539 newsrv->pp_opts |= SRV_PP_V2_SSL;
8540 return 0;
8541}
8542
8543/* parse the "send-proxy-v2-ssl-cn" server keyword */
8544static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8545{
8546 newsrv->pp_opts |= SRV_PP_V2;
8547 newsrv->pp_opts |= SRV_PP_V2_SSL;
8548 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8549 return 0;
8550}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008551
Willy Tarreau732eac42015-07-09 11:40:25 +02008552/* parse the "sni" server keyword */
8553static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8554{
8555#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8556 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8557 return ERR_ALERT | ERR_FATAL;
8558#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008559 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008560
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008561 arg = args[*cur_arg + 1];
8562 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008563 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8564 return ERR_ALERT | ERR_FATAL;
8565 }
8566
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008567 free(newsrv->sni_expr);
8568 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008569
Willy Tarreau732eac42015-07-09 11:40:25 +02008570 return 0;
8571#endif
8572}
8573
Willy Tarreau92faadf2012-10-10 23:04:25 +02008574/* parse the "ssl" server keyword */
8575static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8576{
8577 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008578 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8579 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau5db847a2019-05-09 14:13:35 +02008580#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008581 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8582 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8583#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008584 return 0;
8585}
8586
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008587/* parse the "ssl-reuse" server keyword */
8588static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8589{
8590 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8591 return 0;
8592}
8593
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008594/* parse the "tls-tickets" server keyword */
8595static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8596{
8597 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8598 return 0;
8599}
8600
Emeric Brunef42d922012-10-11 16:11:36 +02008601/* parse the "verify" server keyword */
8602static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8603{
8604 if (!*args[*cur_arg + 1]) {
8605 if (err)
8606 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8607 return ERR_ALERT | ERR_FATAL;
8608 }
8609
8610 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008611 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008612 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008613 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008614 else {
8615 if (err)
8616 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8617 args[*cur_arg], args[*cur_arg + 1]);
8618 return ERR_ALERT | ERR_FATAL;
8619 }
8620
Evan Broderbe554312013-06-27 00:05:25 -07008621 return 0;
8622}
8623
8624/* parse the "verifyhost" server keyword */
8625static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8626{
8627 if (!*args[*cur_arg + 1]) {
8628 if (err)
8629 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8630 return ERR_ALERT | ERR_FATAL;
8631 }
8632
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008633 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008634 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8635
Emeric Brunef42d922012-10-11 16:11:36 +02008636 return 0;
8637}
8638
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008639/* parse the "ssl-default-bind-options" keyword in global section */
8640static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8641 struct proxy *defpx, const char *file, int line,
8642 char **err) {
8643 int i = 1;
8644
8645 if (*(args[i]) == 0) {
8646 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8647 return -1;
8648 }
8649 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008650 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008651 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008652 else if (!strcmp(args[i], "prefer-client-ciphers"))
8653 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008654 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8655 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8656 i++;
8657 else {
8658 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8659 return -1;
8660 }
8661 }
8662 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008663 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8664 return -1;
8665 }
8666 i++;
8667 }
8668 return 0;
8669}
8670
8671/* parse the "ssl-default-server-options" keyword in global section */
8672static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8673 struct proxy *defpx, const char *file, int line,
8674 char **err) {
8675 int i = 1;
8676
8677 if (*(args[i]) == 0) {
8678 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8679 return -1;
8680 }
8681 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008682 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008683 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008684 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8685 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8686 i++;
8687 else {
8688 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8689 return -1;
8690 }
8691 }
8692 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008693 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8694 return -1;
8695 }
8696 i++;
8697 }
8698 return 0;
8699}
8700
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008701/* parse the "ca-base" / "crt-base" keywords in global section.
8702 * Returns <0 on alert, >0 on warning, 0 on success.
8703 */
8704static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8705 struct proxy *defpx, const char *file, int line,
8706 char **err)
8707{
8708 char **target;
8709
Willy Tarreauef934602016-12-22 23:12:01 +01008710 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008711
8712 if (too_many_args(1, args, err, NULL))
8713 return -1;
8714
8715 if (*target) {
8716 memprintf(err, "'%s' already specified.", args[0]);
8717 return -1;
8718 }
8719
8720 if (*(args[1]) == 0) {
8721 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8722 return -1;
8723 }
8724 *target = strdup(args[1]);
8725 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008726}
8727
8728/* parse the "ssl-mode-async" keyword in global section.
8729 * Returns <0 on alert, >0 on warning, 0 on success.
8730 */
8731static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8732 struct proxy *defpx, const char *file, int line,
8733 char **err)
8734{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008735#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008736 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008737 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008738 return 0;
8739#else
8740 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8741 return -1;
8742#endif
8743}
8744
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008745#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008746static int ssl_check_async_engine_count(void) {
8747 int err_code = 0;
8748
Emeric Brun3854e012017-05-17 20:42:48 +02008749 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008750 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008751 err_code = ERR_ABORT;
8752 }
8753 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008754}
8755
Grant Zhang872f9c22017-01-21 01:10:18 +00008756/* parse the "ssl-engine" keyword in global section.
8757 * Returns <0 on alert, >0 on warning, 0 on success.
8758 */
8759static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8760 struct proxy *defpx, const char *file, int line,
8761 char **err)
8762{
8763 char *algo;
8764 int ret = -1;
8765
8766 if (*(args[1]) == 0) {
8767 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8768 return ret;
8769 }
8770
8771 if (*(args[2]) == 0) {
8772 /* if no list of algorithms is given, it defaults to ALL */
8773 algo = strdup("ALL");
8774 goto add_engine;
8775 }
8776
8777 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8778 if (strcmp(args[2], "algo") != 0) {
8779 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8780 return ret;
8781 }
8782
8783 if (*(args[3]) == 0) {
8784 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8785 return ret;
8786 }
8787 algo = strdup(args[3]);
8788
8789add_engine:
8790 if (ssl_init_single_engine(args[1], algo)==0) {
8791 openssl_engines_initialized++;
8792 ret = 0;
8793 }
8794 free(algo);
8795 return ret;
8796}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008797#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008798
Willy Tarreauf22e9682016-12-21 23:23:19 +01008799/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8800 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8801 */
8802static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8803 struct proxy *defpx, const char *file, int line,
8804 char **err)
8805{
8806 char **target;
8807
Willy Tarreauef934602016-12-22 23:12:01 +01008808 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008809
8810 if (too_many_args(1, args, err, NULL))
8811 return -1;
8812
8813 if (*(args[1]) == 0) {
8814 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8815 return -1;
8816 }
8817
8818 free(*target);
8819 *target = strdup(args[1]);
8820 return 0;
8821}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008822
Willy Tarreau5db847a2019-05-09 14:13:35 +02008823#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008824/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
8825 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8826 */
8827static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
8828 struct proxy *defpx, const char *file, int line,
8829 char **err)
8830{
8831 char **target;
8832
8833 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
8834
8835 if (too_many_args(1, args, err, NULL))
8836 return -1;
8837
8838 if (*(args[1]) == 0) {
8839 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8840 return -1;
8841 }
8842
8843 free(*target);
8844 *target = strdup(args[1]);
8845 return 0;
8846}
8847#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01008848
Willy Tarreau9ceda382016-12-21 23:13:03 +01008849/* parse various global tune.ssl settings consisting in positive integers.
8850 * Returns <0 on alert, >0 on warning, 0 on success.
8851 */
8852static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8853 struct proxy *defpx, const char *file, int line,
8854 char **err)
8855{
8856 int *target;
8857
8858 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8859 target = &global.tune.sslcachesize;
8860 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008861 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008862 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008863 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008864 else if (strcmp(args[0], "maxsslconn") == 0)
8865 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008866 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8867 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008868 else {
8869 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8870 return -1;
8871 }
8872
8873 if (too_many_args(1, args, err, NULL))
8874 return -1;
8875
8876 if (*(args[1]) == 0) {
8877 memprintf(err, "'%s' expects an integer argument.", args[0]);
8878 return -1;
8879 }
8880
8881 *target = atoi(args[1]);
8882 if (*target < 0) {
8883 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8884 return -1;
8885 }
8886 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008887}
8888
8889static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8890 struct proxy *defpx, const char *file, int line,
8891 char **err)
8892{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008893 int ret;
8894
8895 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8896 if (ret != 0)
8897 return ret;
8898
Willy Tarreaubafbe012017-11-24 17:34:44 +01008899 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008900 memprintf(err, "'%s' is already configured.", args[0]);
8901 return -1;
8902 }
8903
Willy Tarreaubafbe012017-11-24 17:34:44 +01008904 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8905 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008906 memprintf(err, "Out of memory error.");
8907 return -1;
8908 }
8909 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008910}
8911
8912/* parse "ssl.force-private-cache".
8913 * Returns <0 on alert, >0 on warning, 0 on success.
8914 */
8915static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8916 struct proxy *defpx, const char *file, int line,
8917 char **err)
8918{
8919 if (too_many_args(0, args, err, NULL))
8920 return -1;
8921
Willy Tarreauef934602016-12-22 23:12:01 +01008922 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008923 return 0;
8924}
8925
8926/* parse "ssl.lifetime".
8927 * Returns <0 on alert, >0 on warning, 0 on success.
8928 */
8929static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8930 struct proxy *defpx, const char *file, int line,
8931 char **err)
8932{
8933 const char *res;
8934
8935 if (too_many_args(1, args, err, NULL))
8936 return -1;
8937
8938 if (*(args[1]) == 0) {
8939 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8940 return -1;
8941 }
8942
Willy Tarreauef934602016-12-22 23:12:01 +01008943 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008944 if (res) {
8945 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8946 return -1;
8947 }
8948 return 0;
8949}
8950
8951#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008952/* parse "ssl-dh-param-file".
8953 * Returns <0 on alert, >0 on warning, 0 on success.
8954 */
8955static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8956 struct proxy *defpx, const char *file, int line,
8957 char **err)
8958{
8959 if (too_many_args(1, args, err, NULL))
8960 return -1;
8961
8962 if (*(args[1]) == 0) {
8963 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8964 return -1;
8965 }
8966
8967 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8968 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8969 return -1;
8970 }
8971 return 0;
8972}
8973
Willy Tarreau9ceda382016-12-21 23:13:03 +01008974/* parse "ssl.default-dh-param".
8975 * Returns <0 on alert, >0 on warning, 0 on success.
8976 */
8977static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8978 struct proxy *defpx, const char *file, int line,
8979 char **err)
8980{
8981 if (too_many_args(1, args, err, NULL))
8982 return -1;
8983
8984 if (*(args[1]) == 0) {
8985 memprintf(err, "'%s' expects an integer argument.", args[0]);
8986 return -1;
8987 }
8988
Willy Tarreauef934602016-12-22 23:12:01 +01008989 global_ssl.default_dh_param = atoi(args[1]);
8990 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008991 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8992 return -1;
8993 }
8994 return 0;
8995}
8996#endif
8997
8998
William Lallemand32af2032016-10-29 18:09:35 +02008999/* This function is used with TLS ticket keys management. It permits to browse
9000 * each reference. The variable <getnext> must contain the current node,
9001 * <end> point to the root node.
9002 */
9003#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9004static inline
9005struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9006{
9007 struct tls_keys_ref *ref = getnext;
9008
9009 while (1) {
9010
9011 /* Get next list entry. */
9012 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9013
9014 /* If the entry is the last of the list, return NULL. */
9015 if (&ref->list == end)
9016 return NULL;
9017
9018 return ref;
9019 }
9020}
9021
9022static inline
9023struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9024{
9025 int id;
9026 char *error;
9027
9028 /* If the reference starts by a '#', this is numeric id. */
9029 if (reference[0] == '#') {
9030 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9031 id = strtol(reference + 1, &error, 10);
9032 if (*error != '\0')
9033 return NULL;
9034
9035 /* Perform the unique id lookup. */
9036 return tlskeys_ref_lookupid(id);
9037 }
9038
9039 /* Perform the string lookup. */
9040 return tlskeys_ref_lookup(reference);
9041}
9042#endif
9043
9044
9045#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9046
9047static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9048
9049static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9050 return cli_io_handler_tlskeys_files(appctx);
9051}
9052
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009053/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9054 * (next index to be dumped), and cli.p0 (next key reference).
9055 */
William Lallemand32af2032016-10-29 18:09:35 +02009056static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9057
9058 struct stream_interface *si = appctx->owner;
9059
9060 switch (appctx->st2) {
9061 case STAT_ST_INIT:
9062 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009063 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009064 * later and restart at the state "STAT_ST_INIT".
9065 */
9066 chunk_reset(&trash);
9067
9068 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9069 chunk_appendf(&trash, "# id secret\n");
9070 else
9071 chunk_appendf(&trash, "# id (file)\n");
9072
Willy Tarreau06d80a92017-10-19 14:32:15 +02009073 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009074 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009075 return 0;
9076 }
9077
William Lallemand32af2032016-10-29 18:09:35 +02009078 /* Now, we start the browsing of the references lists.
9079 * Note that the following call to LIST_ELEM return bad pointer. The only
9080 * available field of this pointer is <list>. It is used with the function
9081 * tlskeys_list_get_next() for retruning the first available entry
9082 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009083 if (appctx->ctx.cli.p0 == NULL) {
9084 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9085 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009086 }
9087
9088 appctx->st2 = STAT_ST_LIST;
9089 /* fall through */
9090
9091 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009092 while (appctx->ctx.cli.p0) {
9093 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009094
9095 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009096 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009097 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009098
9099 if (appctx->ctx.cli.i1 == 0)
9100 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9101
William Lallemand32af2032016-10-29 18:09:35 +02009102 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009103 int head;
9104
9105 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9106 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009107 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009108 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009109
9110 chunk_reset(t2);
9111 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009112 if (ref->key_size_bits == 128) {
9113 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9114 sizeof(struct tls_sess_key_128),
9115 t2->area, t2->size);
9116 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9117 t2->area);
9118 }
9119 else if (ref->key_size_bits == 256) {
9120 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9121 sizeof(struct tls_sess_key_256),
9122 t2->area, t2->size);
9123 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9124 t2->area);
9125 }
9126 else {
9127 /* This case should never happen */
9128 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9129 }
William Lallemand32af2032016-10-29 18:09:35 +02009130
Willy Tarreau06d80a92017-10-19 14:32:15 +02009131 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009132 /* let's try again later from this stream. We add ourselves into
9133 * this stream's users so that it can remove us upon termination.
9134 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009135 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009136 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009137 return 0;
9138 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009139 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009140 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009141 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009142 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009143 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009144 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009145 /* let's try again later from this stream. We add ourselves into
9146 * this stream's users so that it can remove us upon termination.
9147 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009148 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009149 return 0;
9150 }
9151
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009152 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009153 break;
9154
9155 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009156 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009157 }
9158
9159 appctx->st2 = STAT_ST_FIN;
9160 /* fall through */
9161
9162 default:
9163 appctx->st2 = STAT_ST_FIN;
9164 return 1;
9165 }
9166 return 0;
9167}
9168
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009169/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009170static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009171{
William Lallemand32af2032016-10-29 18:09:35 +02009172 /* no parameter, shows only file list */
9173 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009174 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009175 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009176 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009177 }
9178
9179 if (args[2][0] == '*') {
9180 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009181 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009182 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009183 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
9184 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009185 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009186 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009187 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009188 return 1;
9189 }
9190 }
William Lallemand32af2032016-10-29 18:09:35 +02009191 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009192 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009193}
9194
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009195static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009196{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009197 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009198 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009199
William Lallemand32af2032016-10-29 18:09:35 +02009200 /* Expect two parameters: the filename and the new new TLS key in encoding */
9201 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009202 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009203 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009204 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009205 return 1;
9206 }
9207
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009208 ref = tlskeys_ref_lookup_ref(args[3]);
9209 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009210 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009211 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009212 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009213 return 1;
9214 }
9215
Willy Tarreau1c913e42018-08-22 05:26:57 +02009216 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009217 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009218 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009219 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009220 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009221 return 1;
9222 }
Emeric Brun9e754772019-01-10 17:51:55 +01009223
Willy Tarreau1c913e42018-08-22 05:26:57 +02009224 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009225 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9226 appctx->ctx.cli.severity = LOG_ERR;
9227 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9228 appctx->st0 = CLI_ST_PRINT;
9229 return 1;
9230 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009231 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009232 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009233 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009234 return 1;
9235
9236}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009237#endif
William Lallemand32af2032016-10-29 18:09:35 +02009238
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009239static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009240{
9241#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9242 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009243 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009244
9245 if (!payload)
9246 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009247
9248 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009249 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009250 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009251 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009252 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009253 return 1;
9254 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009255
9256 /* remove \r and \n from the payload */
9257 for (i = 0, j = 0; payload[i]; i++) {
9258 if (payload[i] == '\r' || payload[i] == '\n')
9259 continue;
9260 payload[j++] = payload[i];
9261 }
9262 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009263
Willy Tarreau1c913e42018-08-22 05:26:57 +02009264 ret = base64dec(payload, j, trash.area, trash.size);
9265 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009266 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009267 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009268 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009269 return 1;
9270 }
9271
Willy Tarreau1c913e42018-08-22 05:26:57 +02009272 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009273 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9274 if (err) {
9275 memprintf(&err, "%s.\n", err);
9276 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009277 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009278 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009279 else {
9280 appctx->ctx.cli.severity = LOG_ERR;
9281 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9282 appctx->st0 = CLI_ST_PRINT;
9283 }
William Lallemand32af2032016-10-29 18:09:35 +02009284 return 1;
9285 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009286 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009287 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009288 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009289 return 1;
9290#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009291 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009292 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009293 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009294 return 1;
9295#endif
9296
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009297}
9298
Willy Tarreau86a394e2019-05-09 14:15:32 +02009299#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009300static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9301{
9302 switch (arg->type) {
9303 case ARGT_STR:
9304 smp->data.type = SMP_T_STR;
9305 smp->data.u.str = arg->data.str;
9306 return 1;
9307 case ARGT_VAR:
9308 if (!vars_get_by_desc(&arg->data.var, smp))
9309 return 0;
9310 if (!sample_casts[smp->data.type][SMP_T_STR])
9311 return 0;
9312 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9313 return 0;
9314 return 1;
9315 default:
9316 return 0;
9317 }
9318}
9319
9320static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9321 const char *file, int line, char **err)
9322{
9323 switch(args[0].data.sint) {
9324 case 128:
9325 case 192:
9326 case 256:
9327 break;
9328 default:
9329 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9330 return 0;
9331 }
9332 /* Try to decode a variable. */
9333 vars_check_arg(&args[1], NULL);
9334 vars_check_arg(&args[2], NULL);
9335 vars_check_arg(&args[3], NULL);
9336 return 1;
9337}
9338
9339/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9340static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9341{
9342 struct sample nonce, key, aead_tag;
9343 struct buffer *smp_trash, *smp_trash_alloc;
9344 EVP_CIPHER_CTX *ctx;
9345 int dec_size, ret;
9346
9347 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9348 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9349 return 0;
9350
9351 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9352 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9353 return 0;
9354
9355 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9356 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9357 return 0;
9358
9359 smp_trash = get_trash_chunk();
9360 smp_trash_alloc = alloc_trash_chunk();
9361 if (!smp_trash_alloc)
9362 return 0;
9363
9364 ctx = EVP_CIPHER_CTX_new();
9365
9366 if (!ctx)
9367 goto err;
9368
9369 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9370 if (dec_size < 0)
9371 goto err;
9372 smp_trash->data = dec_size;
9373
9374 /* Set cipher type and mode */
9375 switch(arg_p[0].data.sint) {
9376 case 128:
9377 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9378 break;
9379 case 192:
9380 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9381 break;
9382 case 256:
9383 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9384 break;
9385 }
9386
9387 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9388
9389 /* Initialise IV */
9390 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9391 goto err;
9392
9393 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9394 if (dec_size < 0)
9395 goto err;
9396 smp_trash->data = dec_size;
9397
9398 /* Initialise key */
9399 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9400 goto err;
9401
9402 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9403 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9404 goto err;
9405
9406 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9407 if (dec_size < 0)
9408 goto err;
9409 smp_trash_alloc->data = dec_size;
9410 dec_size = smp_trash->data;
9411
9412 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9413 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9414
9415 if (ret <= 0)
9416 goto err;
9417
9418 smp->data.u.str.data = dec_size + smp_trash->data;
9419 smp->data.u.str.area = smp_trash->area;
9420 smp->data.type = SMP_T_BIN;
9421 smp->flags &= ~SMP_F_CONST;
9422 free_trash_chunk(smp_trash_alloc);
9423 return 1;
9424
9425err:
9426 free_trash_chunk(smp_trash_alloc);
9427 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009428}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009429# endif
William Lallemand32af2032016-10-29 18:09:35 +02009430
9431/* register cli keywords */
9432static struct cli_kw_list cli_kws = {{ },{
9433#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9434 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009435 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009436#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009437 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009438 { { NULL }, NULL, NULL, NULL }
9439}};
9440
Willy Tarreau0108d902018-11-25 19:14:37 +01009441INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009442
Willy Tarreau7875d092012-09-10 08:20:03 +02009443/* Note: must not be declared <const> as its list will be overwritten.
9444 * Please take care of keeping this list alphabetically sorted.
9445 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009446static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009447 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009448 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009449#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009450 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009451#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009452 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009453#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9454 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9455#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009456 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009457 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009458 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009459 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009460#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009461 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009462#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009463#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
Patrick Hemmere0275472018-04-28 19:15:51 -04009464 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9465#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009466 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9467 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009468 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009469 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009470 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9471 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9472 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9473 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9474 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9475 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9476 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9477 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009478 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009479 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9480 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009481 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009482 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9483 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9484 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9485 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9486 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9487 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9488 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009489 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009490 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009491 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009492 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009493 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009494 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009495 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009496 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009497 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009498#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009499 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009500#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009501#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009502 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009503#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009504 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009505#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009506 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009507#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009508 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009509#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009510 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009511#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009512#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
Patrick Hemmere0275472018-04-28 19:15:51 -04009513 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9514#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009515#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009516 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009517#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009518 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9519 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9520 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9521 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009522 { NULL, NULL, 0, 0, 0 },
9523}};
9524
Willy Tarreau0108d902018-11-25 19:14:37 +01009525INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9526
Willy Tarreau7875d092012-09-10 08:20:03 +02009527/* Note: must not be declared <const> as its list will be overwritten.
9528 * Please take care of keeping this list alphabetically sorted.
9529 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009530static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009531 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9532 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009533 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009534}};
9535
Willy Tarreau0108d902018-11-25 19:14:37 +01009536INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9537
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009538/* Note: must not be declared <const> as its list will be overwritten.
9539 * Please take care of keeping this list alphabetically sorted, doing so helps
9540 * all code contributors.
9541 * Optional keywords are also declared with a NULL ->parse() function so that
9542 * the config parser can report an appropriate error when a known keyword was
9543 * not enabled.
9544 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009545static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009546 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009547 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9548 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9549 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Willy Tarreau5db847a2019-05-09 14:13:35 +02009550#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009551 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9552#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009553 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009554 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009555 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009556 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009557 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009558 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9559 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009560 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9561 { NULL, NULL, 0 },
9562};
9563
Willy Tarreau0108d902018-11-25 19:14:37 +01009564/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9565
Willy Tarreau51fb7652012-09-18 18:24:39 +02009566static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009567 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009568 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9569 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9570 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9571 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9572 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9573 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Willy Tarreau5db847a2019-05-09 14:13:35 +02009574#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009575 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9576#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009577 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9578 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9579 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9580 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9581 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9582 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9583 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9584 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9585 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9586 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009587 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009588 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009589 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009590 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9591 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9592 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9593 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009594 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009595 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9596 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009597 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9598 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009599 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9600 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9601 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9602 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9603 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009604 { NULL, NULL, 0 },
9605}};
Emeric Brun46591952012-05-18 15:47:34 +02009606
Willy Tarreau0108d902018-11-25 19:14:37 +01009607INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9608
Willy Tarreau92faadf2012-10-10 23:04:25 +02009609/* Note: must not be declared <const> as its list will be overwritten.
9610 * Please take care of keeping this list alphabetically sorted, doing so helps
9611 * all code contributors.
9612 * Optional keywords are also declared with a NULL ->parse() function so that
9613 * the config parser can report an appropriate error when a known keyword was
9614 * not enabled.
9615 */
9616static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009617 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009618 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009619 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009620 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009621 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009622 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9623 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Willy Tarreau5db847a2019-05-09 14:13:35 +02009624#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009625 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9626#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009627 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9628 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9629 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9630 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9631 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9632 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9633 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9634 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9635 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9636 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9637 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9638 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9639 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9640 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9641 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9642 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9643 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9644 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009645 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009646 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9647 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9648 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9649 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9650 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9651 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9652 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9653 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9654 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9655 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009656 { NULL, NULL, 0, 0 },
9657}};
9658
Willy Tarreau0108d902018-11-25 19:14:37 +01009659INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9660
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009661static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009662 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9663 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009664 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009665 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9666 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009667#ifndef OPENSSL_NO_DH
9668 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9669#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009670 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009671#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009672 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009673#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009674 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9675#ifndef OPENSSL_NO_DH
9676 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9677#endif
9678 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9679 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9680 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9681 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009682 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009683 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9684 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Willy Tarreau5db847a2019-05-09 14:13:35 +02009685#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009686 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9687 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9688#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009689 { 0, NULL, NULL },
9690}};
9691
Willy Tarreau0108d902018-11-25 19:14:37 +01009692INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9693
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009694/* Note: must not be declared <const> as its list will be overwritten */
9695static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +02009696#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009697 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9698#endif
9699 { NULL, NULL, 0, 0, 0 },
9700}};
9701
9702INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9703
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009704/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009705static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009706 .snd_buf = ssl_sock_from_buf,
9707 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01009708 .subscribe = ssl_subscribe,
9709 .unsubscribe = ssl_unsubscribe,
Emeric Brun46591952012-05-18 15:47:34 +02009710 .rcv_pipe = NULL,
9711 .snd_pipe = NULL,
9712 .shutr = NULL,
9713 .shutw = ssl_sock_shutw,
9714 .close = ssl_sock_close,
9715 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009716 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009717 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009718 .prepare_srv = ssl_sock_prepare_srv_ctx,
9719 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009720 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009721 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009722};
9723
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009724enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9725 struct session *sess, struct stream *s, int flags)
9726{
9727 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009728 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009729
9730 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009731 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009732
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009733 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009734 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009735 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009736 s->req.flags |= CF_READ_NULL;
9737 return ACT_RET_YIELD;
9738 }
9739 }
9740 return (ACT_RET_CONT);
9741}
9742
9743static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9744{
9745 rule->action_ptr = ssl_action_wait_for_hs;
9746
9747 return ACT_RET_PRS_OK;
9748}
9749
9750static struct action_kw_list http_req_actions = {ILH, {
9751 { "wait-for-handshake", ssl_parse_wait_for_hs },
9752 { /* END */ }
9753}};
9754
Willy Tarreau0108d902018-11-25 19:14:37 +01009755INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9756
Willy Tarreau5db847a2019-05-09 14:13:35 +02009757#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009758
9759static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9760{
9761 if (ptr) {
9762 chunk_destroy(ptr);
9763 free(ptr);
9764 }
9765}
9766
9767#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009768static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9769{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009770 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009771}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009772
Emeric Brun46591952012-05-18 15:47:34 +02009773__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009774static void __ssl_sock_init(void)
9775{
Emeric Brun46591952012-05-18 15:47:34 +02009776 STACK_OF(SSL_COMP)* cm;
9777
Willy Tarreauef934602016-12-22 23:12:01 +01009778 if (global_ssl.listen_default_ciphers)
9779 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9780 if (global_ssl.connect_default_ciphers)
9781 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau5db847a2019-05-09 14:13:35 +02009782#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined OPENSSL_IS_BORINGSSL)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009783 if (global_ssl.listen_default_ciphersuites)
9784 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9785 if (global_ssl.connect_default_ciphersuites)
9786 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9787#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009788
Willy Tarreau13e14102016-12-22 20:25:26 +01009789 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009790#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +02009791 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -08009792#endif
Emeric Brun46591952012-05-18 15:47:34 +02009793 cm = SSL_COMP_get_compression_methods();
9794 sk_SSL_COMP_zero(cm);
Willy Tarreau5db847a2019-05-09 14:13:35 +02009795#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009796 ssl_locking_init();
9797#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +02009798#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009799 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
9800#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02009801 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02009802 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01009803 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009804#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009805 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009806 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009807#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01009808#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9809 hap_register_post_check(tlskeys_finalize_config);
9810#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009811
9812 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9813 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
9814
9815#ifndef OPENSSL_NO_DH
9816 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
9817 hap_register_post_deinit(ssl_free_dh);
9818#endif
9819#ifndef OPENSSL_NO_ENGINE
9820 hap_register_post_deinit(ssl_free_engines);
9821#endif
9822 /* Load SSL string for the verbose & debug mode. */
9823 ERR_load_SSL_strings();
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009824#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Olivier Houcharda8955d52019-04-07 22:00:38 +02009825 ha_meth = malloc(sizeof(*ha_meth));
Olivier Houchard66a7b332019-04-18 15:58:15 +02009826 bzero(ha_meth, sizeof(*ha_meth));
Olivier Houcharda8955d52019-04-07 22:00:38 +02009827 ha_meth->bwrite = ha_ssl_write;
9828 ha_meth->bread = ha_ssl_read;
9829 ha_meth->ctrl = ha_ssl_ctrl;
9830 ha_meth->create = ha_ssl_new;
9831 ha_meth->destroy = ha_ssl_free;
9832 ha_meth->bputs = ha_ssl_puts;
9833 ha_meth->bgets = ha_ssl_gets;
9834#else
9835 ha_meth = BIO_meth_new(0x666, "ha methods");
9836 BIO_meth_set_write(ha_meth, ha_ssl_write);
9837 BIO_meth_set_read(ha_meth, ha_ssl_read);
9838 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
9839 BIO_meth_set_create(ha_meth, ha_ssl_new);
9840 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
9841 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
9842 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
9843#endif
Willy Tarreau80713382018-11-26 10:19:54 +01009844}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009845
Willy Tarreau80713382018-11-26 10:19:54 +01009846/* Compute and register the version string */
9847static void ssl_register_build_options()
9848{
9849 char *ptr = NULL;
9850 int i;
9851
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009852 memprintf(&ptr, "Built with OpenSSL version : "
9853#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009854 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009855#else /* OPENSSL_IS_BORINGSSL */
9856 OPENSSL_VERSION_TEXT
9857 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -08009858 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +02009859 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009860#endif
9861 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009862#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009863 "no (library version too old)"
9864#elif defined(OPENSSL_NO_TLSEXT)
9865 "no (disabled via OPENSSL_NO_TLSEXT)"
9866#else
9867 "yes"
9868#endif
9869 "", ptr);
9870
9871 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
9872#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
9873 "yes"
9874#else
9875#ifdef OPENSSL_NO_TLSEXT
9876 "no (because of OPENSSL_NO_TLSEXT)"
9877#else
9878 "no (version might be too old, 0.9.8f min needed)"
9879#endif
9880#endif
9881 "", ptr);
9882
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009883 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9884 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9885 if (methodVersions[i].option)
9886 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009887
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009888 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +01009889}
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009890
Willy Tarreau80713382018-11-26 10:19:54 +01009891INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009892
Emeric Brun46591952012-05-18 15:47:34 +02009893
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009894#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009895void ssl_free_engines(void) {
9896 struct ssl_engine_list *wl, *wlb;
9897 /* free up engine list */
9898 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9899 ENGINE_finish(wl->e);
9900 ENGINE_free(wl->e);
9901 LIST_DEL(&wl->list);
9902 free(wl);
9903 }
9904}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009905#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009906
Remi Gacogned3a23c32015-05-28 16:39:47 +02009907#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009908void ssl_free_dh(void) {
9909 if (local_dh_1024) {
9910 DH_free(local_dh_1024);
9911 local_dh_1024 = NULL;
9912 }
9913 if (local_dh_2048) {
9914 DH_free(local_dh_2048);
9915 local_dh_2048 = NULL;
9916 }
9917 if (local_dh_4096) {
9918 DH_free(local_dh_4096);
9919 local_dh_4096 = NULL;
9920 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009921 if (global_dh) {
9922 DH_free(global_dh);
9923 global_dh = NULL;
9924 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009925}
9926#endif
9927
9928__attribute__((destructor))
9929static void __ssl_sock_deinit(void)
9930{
9931#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009932 if (ssl_ctx_lru_tree) {
9933 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009934 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009935 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009936#endif
9937
Willy Tarreau5db847a2019-05-09 14:13:35 +02009938#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009939 ERR_remove_state(0);
9940 ERR_free_strings();
9941
9942 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -08009943#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +02009944
Willy Tarreau5db847a2019-05-09 14:13:35 +02009945#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +02009946 CRYPTO_cleanup_all_ex_data();
9947#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009948#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Olivier Houcharda8955d52019-04-07 22:00:38 +02009949 free(ha_meth);
9950#else
9951 BIO_meth_free(ha_meth);
9952#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +02009953}
9954
9955
Emeric Brun46591952012-05-18 15:47:34 +02009956/*
9957 * Local variables:
9958 * c-indent-level: 8
9959 * c-basic-offset: 8
9960 * End:
9961 */