blob: bab432665d8bf6fa62c1571764010d2046727be0 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020080#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
356
357
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100358/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100359struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100360 unsigned long long int xxh64;
361 unsigned char ciphersuite_len;
362 char ciphersuite[0];
363};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100364struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200366static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100367
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100368static int ssl_pkey_info_index = -1;
369
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200370#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
371struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
372#endif
373
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200374#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000375static unsigned int openssl_engines_initialized;
376struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
377struct ssl_engine_list {
378 struct list list;
379 ENGINE *e;
380};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000382
Remi Gacogne8de54152014-07-15 11:36:40 +0200383#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200384static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200385static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200386static DH *local_dh_1024 = NULL;
387static DH *local_dh_2048 = NULL;
388static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100389static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#endif /* OPENSSL_NO_DH */
391
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100392#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200393/* X509V3 Extensions that will be added on generated certificates */
394#define X509V3_EXT_SIZE 5
395static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
396 "basicConstraints",
397 "nsComment",
398 "subjectKeyIdentifier",
399 "authorityKeyIdentifier",
400 "keyUsage",
401};
402static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
403 "CA:FALSE",
404 "\"OpenSSL Generated Certificate\"",
405 "hash",
406 "keyid,issuer:always",
407 "nonRepudiation,digitalSignature,keyEncipherment"
408};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200409/* LRU cache to store generated certificate */
410static struct lru64_head *ssl_ctx_lru_tree = NULL;
411static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200412static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100413__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200414
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200415#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
416
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100417static struct ssl_bind_kw ssl_bind_kws[];
418
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200419#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500420/* The order here matters for picking a default context,
421 * keep the most common keytype at the bottom of the list
422 */
423const char *SSL_SOCK_KEYTYPE_NAMES[] = {
424 "dsa",
425 "ecdsa",
426 "rsa"
427};
428#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100429#else
430#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500431#endif
432
William Lallemandc3cd35f2017-11-28 11:04:43 +0100433static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100434static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
435
436#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
437
438#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
439 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
440
441#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
442 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200443
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100444/*
445 * This function gives the detail of the SSL error. It is used only
446 * if the debug mode and the verbose mode are activated. It dump all
447 * the SSL error until the stack was empty.
448 */
449static forceinline void ssl_sock_dump_errors(struct connection *conn)
450{
451 unsigned long ret;
452
453 if (unlikely(global.mode & MODE_DEBUG)) {
454 while(1) {
455 ret = ERR_get_error();
456 if (ret == 0)
457 return;
458 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200459 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100460 ERR_func_error_string(ret), ERR_reason_error_string(ret));
461 }
462 }
463}
464
yanbzhube2774d2015-12-10 15:07:30 -0500465
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200466#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000467static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
468{
469 int err_code = ERR_ABORT;
470 ENGINE *engine;
471 struct ssl_engine_list *el;
472
473 /* grab the structural reference to the engine */
474 engine = ENGINE_by_id(engine_id);
475 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100476 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000477 goto fail_get;
478 }
479
480 if (!ENGINE_init(engine)) {
481 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100482 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000483 goto fail_init;
484 }
485
486 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100487 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000488 goto fail_set_method;
489 }
490
491 el = calloc(1, sizeof(*el));
492 el->e = engine;
493 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100494 nb_engines++;
495 if (global_ssl.async)
496 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000497 return 0;
498
499fail_set_method:
500 /* release the functional reference from ENGINE_init() */
501 ENGINE_finish(engine);
502
503fail_init:
504 /* release the structural reference from ENGINE_by_id() */
505 ENGINE_free(engine);
506
507fail_get:
508 return err_code;
509}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200510#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000511
Willy Tarreau5db847a2019-05-09 14:13:35 +0200512#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200513/*
514 * openssl async fd handler
515 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200516void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000517{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200518 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000519
Emeric Brun3854e012017-05-17 20:42:48 +0200520 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000521 * to poll this fd until it is requested
522 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000523 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000524 fd_cant_recv(fd);
525
526 /* crypto engine is available, let's notify the associated
527 * connection that it can pursue its processing.
528 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200529 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000530}
531
Emeric Brun3854e012017-05-17 20:42:48 +0200532/*
533 * openssl async delayed SSL_free handler
534 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200535void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000536{
537 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200538 OSSL_ASYNC_FD all_fd[32];
539 size_t num_all_fds = 0;
540 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000541
Emeric Brun3854e012017-05-17 20:42:48 +0200542 /* We suppose that the async job for a same SSL *
543 * are serialized. So if we are awake it is
544 * because the running job has just finished
545 * and we can remove all async fds safely
546 */
547 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
548 if (num_all_fds > 32) {
549 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
550 return;
551 }
552
553 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
554 for (i=0 ; i < num_all_fds ; i++)
555 fd_remove(all_fd[i]);
556
557 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000558 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100559 _HA_ATOMIC_SUB(&sslconns, 1);
560 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000561}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000562/*
Emeric Brun3854e012017-05-17 20:42:48 +0200563 * function used to manage a returned SSL_ERROR_WANT_ASYNC
564 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000565 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200566static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000567{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100568 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200569 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200570 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000571 size_t num_add_fds = 0;
572 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200573 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000574
575 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
576 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200577 if (num_add_fds > 32 || num_del_fds > 32) {
578 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000579 return;
580 }
581
Emeric Brun3854e012017-05-17 20:42:48 +0200582 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000583
Emeric Brun3854e012017-05-17 20:42:48 +0200584 /* We remove unused fds from the fdtab */
585 for (i=0 ; i < num_del_fds ; i++)
586 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587
Emeric Brun3854e012017-05-17 20:42:48 +0200588 /* We add new fds to the fdtab */
589 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200590 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591 }
592
Emeric Brun3854e012017-05-17 20:42:48 +0200593 num_add_fds = 0;
594 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
595 if (num_add_fds > 32) {
596 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
597 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000598 }
Emeric Brun3854e012017-05-17 20:42:48 +0200599
600 /* We activate the polling for all known async fds */
601 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000602 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200603 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000604 /* To ensure that the fd cache won't be used
605 * We'll prefer to catch a real RD event
606 * because handling an EAGAIN on this fd will
607 * result in a context switch and also
608 * some engines uses a fd in blocking mode.
609 */
610 fd_cant_recv(add_fd[i]);
611 }
Emeric Brun3854e012017-05-17 20:42:48 +0200612
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613}
614#endif
615
William Lallemandc33d83d2019-10-14 14:14:59 +0200616#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200617/*
618 * This function returns the number of seconds elapsed
619 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
620 * date presented un ASN1_GENERALIZEDTIME.
621 *
622 * In parsing error case, it returns -1.
623 */
624static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
625{
626 long epoch;
627 char *p, *end;
628 const unsigned short month_offset[12] = {
629 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
630 };
631 int year, month;
632
633 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
634
635 p = (char *)d->data;
636 end = p + d->length;
637
638 if (end - p < 4) return -1;
639 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
640 p += 4;
641 if (end - p < 2) return -1;
642 month = 10 * (p[0] - '0') + p[1] - '0';
643 if (month < 1 || month > 12) return -1;
644 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
645 We consider leap years and the current month (<marsh or not) */
646 epoch = ( ((year - 1970) * 365)
647 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
648 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
649 + month_offset[month-1]
650 ) * 24 * 60 * 60;
651 p += 2;
652 if (end - p < 2) return -1;
653 /* Add the number of seconds of completed days of current month */
654 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
655 p += 2;
656 if (end - p < 2) return -1;
657 /* Add the completed hours of the current day */
658 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
659 p += 2;
660 if (end - p < 2) return -1;
661 /* Add the completed minutes of the current hour */
662 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
663 p += 2;
664 if (p == end) return -1;
665 /* Test if there is available seconds */
666 if (p[0] < '0' || p[0] > '9')
667 goto nosec;
668 if (end - p < 2) return -1;
669 /* Add the seconds of the current minute */
670 epoch += 10 * (p[0] - '0') + p[1] - '0';
671 p += 2;
672 if (p == end) return -1;
673 /* Ignore seconds float part if present */
674 if (p[0] == '.') {
675 do {
676 if (++p == end) return -1;
677 } while (p[0] >= '0' && p[0] <= '9');
678 }
679
680nosec:
681 if (p[0] == 'Z') {
682 if (end - p != 1) return -1;
683 return epoch;
684 }
685 else if (p[0] == '+') {
686 if (end - p != 5) return -1;
687 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700688 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200689 }
690 else if (p[0] == '-') {
691 if (end - p != 5) return -1;
692 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700693 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200694 }
695
696 return -1;
697}
698
William Lallemandc33d83d2019-10-14 14:14:59 +0200699/*
700 * struct alignment works here such that the key.key is the same as key_data
701 * Do not change the placement of key_data
702 */
703struct certificate_ocsp {
704 struct ebmb_node key;
705 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
706 struct buffer response;
707 long expire;
708};
709
710struct ocsp_cbk_arg {
711 int is_single;
712 int single_kt;
713 union {
714 struct certificate_ocsp *s_ocsp;
715 /*
716 * m_ocsp will have multiple entries dependent on key type
717 * Entry 0 - DSA
718 * Entry 1 - ECDSA
719 * Entry 2 - RSA
720 */
721 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
722 };
723};
724
Emeric Brun1d3865b2014-06-20 15:37:32 +0200725static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200726
727/* This function starts to check if the OCSP response (in DER format) contained
728 * in chunk 'ocsp_response' is valid (else exits on error).
729 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
730 * contained in the OCSP Response and exits on error if no match.
731 * If it's a valid OCSP Response:
732 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
733 * pointed by 'ocsp'.
734 * If 'ocsp' is NULL, the function looks up into the OCSP response's
735 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
736 * from the response) and exits on error if not found. Finally, If an OCSP response is
737 * already present in the container, it will be overwritten.
738 *
739 * Note: OCSP response containing more than one OCSP Single response is not
740 * considered valid.
741 *
742 * Returns 0 on success, 1 in error case.
743 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200744static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
745 struct certificate_ocsp *ocsp,
746 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200747{
748 OCSP_RESPONSE *resp;
749 OCSP_BASICRESP *bs = NULL;
750 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200751 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200752 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200753 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200754 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200755 int reason;
756 int ret = 1;
757
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200758 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
759 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200760 if (!resp) {
761 memprintf(err, "Unable to parse OCSP response");
762 goto out;
763 }
764
765 rc = OCSP_response_status(resp);
766 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
767 memprintf(err, "OCSP response status not successful");
768 goto out;
769 }
770
771 bs = OCSP_response_get1_basic(resp);
772 if (!bs) {
773 memprintf(err, "Failed to get basic response from OCSP Response");
774 goto out;
775 }
776
777 count_sr = OCSP_resp_count(bs);
778 if (count_sr > 1) {
779 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
780 goto out;
781 }
782
783 sr = OCSP_resp_get0(bs, 0);
784 if (!sr) {
785 memprintf(err, "Failed to get OCSP single response");
786 goto out;
787 }
788
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200789 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
790
Emeric Brun4147b2e2014-06-16 18:36:30 +0200791 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200792 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200793 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200794 goto out;
795 }
796
Emeric Brun13a6b482014-06-20 15:44:34 +0200797 if (!nextupd) {
798 memprintf(err, "OCSP single response: missing nextupdate");
799 goto out;
800 }
801
Emeric Brunc8b27b62014-06-19 14:16:17 +0200802 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200803 if (!rc) {
804 memprintf(err, "OCSP single response: no longer valid.");
805 goto out;
806 }
807
808 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200809 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200810 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
811 goto out;
812 }
813 }
814
815 if (!ocsp) {
816 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
817 unsigned char *p;
818
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200819 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200820 if (!rc) {
821 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
822 goto out;
823 }
824
825 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
826 memprintf(err, "OCSP single response: Certificate ID too long");
827 goto out;
828 }
829
830 p = key;
831 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200832 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200833 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
834 if (!ocsp) {
835 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
836 goto out;
837 }
838 }
839
840 /* According to comments on "chunk_dup", the
841 previous chunk buffer will be freed */
842 if (!chunk_dup(&ocsp->response, ocsp_response)) {
843 memprintf(err, "OCSP response: Memory allocation error");
844 goto out;
845 }
846
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200847 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
848
Emeric Brun4147b2e2014-06-16 18:36:30 +0200849 ret = 0;
850out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100851 ERR_clear_error();
852
Emeric Brun4147b2e2014-06-16 18:36:30 +0200853 if (bs)
854 OCSP_BASICRESP_free(bs);
855
856 if (resp)
857 OCSP_RESPONSE_free(resp);
858
859 return ret;
860}
861/*
862 * External function use to update the OCSP response in the OCSP response's
863 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
864 * to update in DER format.
865 *
866 * Returns 0 on success, 1 in error case.
867 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200868int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200869{
870 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
871}
872
873/*
874 * This function load the OCSP Resonse in DER format contained in file at
875 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
876 *
877 * Returns 0 on success, 1 in error case.
878 */
879static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
880{
881 int fd = -1;
882 int r = 0;
883 int ret = 1;
884
885 fd = open(ocsp_path, O_RDONLY);
886 if (fd == -1) {
887 memprintf(err, "Error opening OCSP response file");
888 goto end;
889 }
890
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200891 trash.data = 0;
892 while (trash.data < trash.size) {
893 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200894 if (r < 0) {
895 if (errno == EINTR)
896 continue;
897
898 memprintf(err, "Error reading OCSP response from file");
899 goto end;
900 }
901 else if (r == 0) {
902 break;
903 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200904 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200905 }
906
907 close(fd);
908 fd = -1;
909
910 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
911end:
912 if (fd != -1)
913 close(fd);
914
915 return ret;
916}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100917#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200918
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100919#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
920static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
921{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100922 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100923 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100924 struct connection *conn;
925 int head;
926 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100927 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100928
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200929 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200930 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100931 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
932
933 keys = ref->tlskeys;
934 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100935
936 if (enc) {
937 memcpy(key_name, keys[head].name, 16);
938
939 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100940 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100941
Emeric Brun9e754772019-01-10 17:51:55 +0100942 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100943
Emeric Brun9e754772019-01-10 17:51:55 +0100944 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
945 goto end;
946
Willy Tarreau9356dac2019-05-10 09:22:53 +0200947 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100948 ret = 1;
949 }
950 else if (ref->key_size_bits == 256 ) {
951
952 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
953 goto end;
954
Willy Tarreau9356dac2019-05-10 09:22:53 +0200955 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100956 ret = 1;
957 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100958 } else {
959 for (i = 0; i < TLS_TICKETS_NO; i++) {
960 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
961 goto found;
962 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100963 ret = 0;
964 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100965
Christopher Faulet16f45c82018-02-16 11:23:49 +0100966 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100967 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200968 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100969 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
970 goto end;
971 /* 2 for key renewal, 1 if current key is still valid */
972 ret = i ? 2 : 1;
973 }
974 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200975 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100976 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
977 goto end;
978 /* 2 for key renewal, 1 if current key is still valid */
979 ret = i ? 2 : 1;
980 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100981 }
Emeric Brun9e754772019-01-10 17:51:55 +0100982
Christopher Faulet16f45c82018-02-16 11:23:49 +0100983 end:
984 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
985 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200986}
987
988struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
989{
990 struct tls_keys_ref *ref;
991
992 list_for_each_entry(ref, &tlskeys_reference, list)
993 if (ref->filename && strcmp(filename, ref->filename) == 0)
994 return ref;
995 return NULL;
996}
997
998struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
999{
1000 struct tls_keys_ref *ref;
1001
1002 list_for_each_entry(ref, &tlskeys_reference, list)
1003 if (ref->unique_id == unique_id)
1004 return ref;
1005 return NULL;
1006}
1007
Emeric Brun9e754772019-01-10 17:51:55 +01001008/* Update the key into ref: if keysize doesnt
1009 * match existing ones, this function returns -1
1010 * else it returns 0 on success.
1011 */
1012int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001013 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001014{
Emeric Brun9e754772019-01-10 17:51:55 +01001015 if (ref->key_size_bits == 128) {
1016 if (tlskey->data != sizeof(struct tls_sess_key_128))
1017 return -1;
1018 }
1019 else if (ref->key_size_bits == 256) {
1020 if (tlskey->data != sizeof(struct tls_sess_key_256))
1021 return -1;
1022 }
1023 else
1024 return -1;
1025
Christopher Faulet16f45c82018-02-16 11:23:49 +01001026 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001027 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1028 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001029 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1030 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001031
1032 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001033}
1034
Willy Tarreau83061a82018-07-13 11:56:34 +02001035int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001036{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001037 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1038
1039 if(!ref) {
1040 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1041 return 1;
1042 }
Emeric Brun9e754772019-01-10 17:51:55 +01001043 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1044 memprintf(err, "Invalid key size");
1045 return 1;
1046 }
1047
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001048 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001049}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001050
1051/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001052 * automatic ids. It's called just after the basic checks. It returns
1053 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001054 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001055static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001056{
1057 int i = 0;
1058 struct tls_keys_ref *ref, *ref2, *ref3;
1059 struct list tkr = LIST_HEAD_INIT(tkr);
1060
1061 list_for_each_entry(ref, &tlskeys_reference, list) {
1062 if (ref->unique_id == -1) {
1063 /* Look for the first free id. */
1064 while (1) {
1065 list_for_each_entry(ref2, &tlskeys_reference, list) {
1066 if (ref2->unique_id == i) {
1067 i++;
1068 break;
1069 }
1070 }
1071 if (&ref2->list == &tlskeys_reference)
1072 break;
1073 }
1074
1075 /* Uses the unique id and increment it for the next entry. */
1076 ref->unique_id = i;
1077 i++;
1078 }
1079 }
1080
1081 /* This sort the reference list by id. */
1082 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1083 LIST_DEL(&ref->list);
1084 list_for_each_entry(ref3, &tkr, list) {
1085 if (ref->unique_id < ref3->unique_id) {
1086 LIST_ADDQ(&ref3->list, &ref->list);
1087 break;
1088 }
1089 }
1090 if (&ref3->list == &tkr)
1091 LIST_ADDQ(&tkr, &ref->list);
1092 }
1093
1094 /* swap root */
1095 LIST_ADD(&tkr, &tlskeys_reference);
1096 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001097 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001098}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001099#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1100
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001101#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001102int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1103{
1104 switch (evp_keytype) {
1105 case EVP_PKEY_RSA:
1106 return 2;
1107 case EVP_PKEY_DSA:
1108 return 0;
1109 case EVP_PKEY_EC:
1110 return 1;
1111 }
1112
1113 return -1;
1114}
1115
Emeric Brun4147b2e2014-06-16 18:36:30 +02001116/*
1117 * Callback used to set OCSP status extension content in server hello.
1118 */
1119int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1120{
yanbzhube2774d2015-12-10 15:07:30 -05001121 struct certificate_ocsp *ocsp;
1122 struct ocsp_cbk_arg *ocsp_arg;
1123 char *ssl_buf;
1124 EVP_PKEY *ssl_pkey;
1125 int key_type;
1126 int index;
1127
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001128 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001129
1130 ssl_pkey = SSL_get_privatekey(ssl);
1131 if (!ssl_pkey)
1132 return SSL_TLSEXT_ERR_NOACK;
1133
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001134 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001135
1136 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1137 ocsp = ocsp_arg->s_ocsp;
1138 else {
1139 /* For multiple certs per context, we have to find the correct OCSP response based on
1140 * the certificate type
1141 */
1142 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1143
1144 if (index < 0)
1145 return SSL_TLSEXT_ERR_NOACK;
1146
1147 ocsp = ocsp_arg->m_ocsp[index];
1148
1149 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001150
1151 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001152 !ocsp->response.area ||
1153 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001154 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001155 return SSL_TLSEXT_ERR_NOACK;
1156
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001157 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001158 if (!ssl_buf)
1159 return SSL_TLSEXT_ERR_NOACK;
1160
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001161 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1162 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001163
1164 return SSL_TLSEXT_ERR_OK;
1165}
1166
1167/*
1168 * This function enables the handling of OCSP status extension on 'ctx' if a
1169 * file name 'cert_path' suffixed using ".ocsp" is present.
1170 * To enable OCSP status extension, the issuer's certificate is mandatory.
1171 * It should be present in the certificate's extra chain builded from file
1172 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1173 * named 'cert_path' suffixed using '.issuer'.
1174 *
1175 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1176 * response. If file is empty or content is not a valid OCSP response,
1177 * OCSP status extension is enabled but OCSP response is ignored (a warning
1178 * is displayed).
1179 *
1180 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001181 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001182 */
1183static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1184{
1185
1186 BIO *in = NULL;
1187 X509 *x, *xi = NULL, *issuer = NULL;
1188 STACK_OF(X509) *chain = NULL;
1189 OCSP_CERTID *cid = NULL;
1190 SSL *ssl;
1191 char ocsp_path[MAXPATHLEN+1];
1192 int i, ret = -1;
1193 struct stat st;
1194 struct certificate_ocsp *ocsp = NULL, *iocsp;
1195 char *warn = NULL;
1196 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001197 pem_password_cb *passwd_cb;
1198 void *passwd_cb_userdata;
1199 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001200
1201 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1202
1203 if (stat(ocsp_path, &st))
1204 return 1;
1205
1206 ssl = SSL_new(ctx);
1207 if (!ssl)
1208 goto out;
1209
1210 x = SSL_get_certificate(ssl);
1211 if (!x)
1212 goto out;
1213
1214 /* Try to lookup for issuer in certificate extra chain */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001215 SSL_CTX_get_extra_chain_certs(ctx, &chain);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001216 for (i = 0; i < sk_X509_num(chain); i++) {
1217 issuer = sk_X509_value(chain, i);
1218 if (X509_check_issued(issuer, x) == X509_V_OK)
1219 break;
1220 else
1221 issuer = NULL;
1222 }
1223
1224 /* If not found try to load issuer from a suffixed file */
1225 if (!issuer) {
1226 char issuer_path[MAXPATHLEN+1];
1227
1228 in = BIO_new(BIO_s_file());
1229 if (!in)
1230 goto out;
1231
1232 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1233 if (BIO_read_filename(in, issuer_path) <= 0)
1234 goto out;
1235
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001236 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1237 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1238
1239 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001240 if (!xi)
1241 goto out;
1242
1243 if (X509_check_issued(xi, x) != X509_V_OK)
1244 goto out;
1245
1246 issuer = xi;
1247 }
1248
1249 cid = OCSP_cert_to_id(0, x, issuer);
1250 if (!cid)
1251 goto out;
1252
1253 i = i2d_OCSP_CERTID(cid, NULL);
1254 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1255 goto out;
1256
Vincent Bernat02779b62016-04-03 13:48:43 +02001257 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001258 if (!ocsp)
1259 goto out;
1260
1261 p = ocsp->key_data;
1262 i2d_OCSP_CERTID(cid, &p);
1263
1264 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1265 if (iocsp == ocsp)
1266 ocsp = NULL;
1267
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001268#ifndef SSL_CTX_get_tlsext_status_cb
1269# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1270 *cb = (void (*) (void))ctx->tlsext_status_cb;
1271#endif
1272 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1273
1274 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001275 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001276 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001277
1278 cb_arg->is_single = 1;
1279 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001280
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001281 pkey = X509_get_pubkey(x);
1282 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1283 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001284
1285 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1286 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1287 } else {
1288 /*
1289 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1290 * Update that cb_arg with the new cert's staple
1291 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001292 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001293 struct certificate_ocsp *tmp_ocsp;
1294 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001295 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001296 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001297
1298#ifdef SSL_CTX_get_tlsext_status_arg
1299 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1300#else
1301 cb_arg = ctx->tlsext_status_arg;
1302#endif
yanbzhube2774d2015-12-10 15:07:30 -05001303
1304 /*
1305 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1306 * the order of operations below matter, take care when changing it
1307 */
1308 tmp_ocsp = cb_arg->s_ocsp;
1309 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1310 cb_arg->s_ocsp = NULL;
1311 cb_arg->m_ocsp[index] = tmp_ocsp;
1312 cb_arg->is_single = 0;
1313 cb_arg->single_kt = 0;
1314
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001315 pkey = X509_get_pubkey(x);
1316 key_type = EVP_PKEY_base_id(pkey);
1317 EVP_PKEY_free(pkey);
1318
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001319 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001320 if (index >= 0 && !cb_arg->m_ocsp[index])
1321 cb_arg->m_ocsp[index] = iocsp;
1322
1323 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001324
1325 ret = 0;
1326
1327 warn = NULL;
1328 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1329 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001330 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001331 }
1332
1333out:
1334 if (ssl)
1335 SSL_free(ssl);
1336
1337 if (in)
1338 BIO_free(in);
1339
1340 if (xi)
1341 X509_free(xi);
1342
1343 if (cid)
1344 OCSP_CERTID_free(cid);
1345
1346 if (ocsp)
1347 free(ocsp);
1348
1349 if (warn)
1350 free(warn);
1351
1352
1353 return ret;
1354}
1355
1356#endif
1357
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001358#ifdef OPENSSL_IS_BORINGSSL
1359static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1360{
1361 char ocsp_path[MAXPATHLEN+1];
1362 struct stat st;
1363 int fd = -1, r = 0;
1364
1365 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1366 if (stat(ocsp_path, &st))
1367 return 0;
1368
1369 fd = open(ocsp_path, O_RDONLY);
1370 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001371 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001372 return -1;
1373 }
1374
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001375 trash.data = 0;
1376 while (trash.data < trash.size) {
1377 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001378 if (r < 0) {
1379 if (errno == EINTR)
1380 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001381 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001382 close(fd);
1383 return -1;
1384 }
1385 else if (r == 0) {
1386 break;
1387 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001388 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001389 }
1390 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001391 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1392 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001393}
1394#endif
1395
Willy Tarreau5db847a2019-05-09 14:13:35 +02001396#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001397
1398#define CT_EXTENSION_TYPE 18
1399
1400static int sctl_ex_index = -1;
1401
1402/*
1403 * Try to parse Signed Certificate Timestamp List structure. This function
1404 * makes only basic test if the data seems like SCTL. No signature validation
1405 * is performed.
1406 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001407static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001408{
1409 int ret = 1;
1410 int len, pos, sct_len;
1411 unsigned char *data;
1412
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001413 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001414 goto out;
1415
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001416 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001417 len = (data[0] << 8) | data[1];
1418
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001419 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001420 goto out;
1421
1422 data = data + 2;
1423 pos = 0;
1424 while (pos < len) {
1425 if (len - pos < 2)
1426 goto out;
1427
1428 sct_len = (data[pos] << 8) | data[pos + 1];
1429 if (pos + sct_len + 2 > len)
1430 goto out;
1431
1432 pos += sct_len + 2;
1433 }
1434
1435 ret = 0;
1436
1437out:
1438 return ret;
1439}
1440
Willy Tarreau83061a82018-07-13 11:56:34 +02001441static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1442 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001443{
1444 int fd = -1;
1445 int r = 0;
1446 int ret = 1;
1447
1448 *sctl = NULL;
1449
1450 fd = open(sctl_path, O_RDONLY);
1451 if (fd == -1)
1452 goto end;
1453
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001454 trash.data = 0;
1455 while (trash.data < trash.size) {
1456 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001457 if (r < 0) {
1458 if (errno == EINTR)
1459 continue;
1460
1461 goto end;
1462 }
1463 else if (r == 0) {
1464 break;
1465 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001466 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001467 }
1468
1469 ret = ssl_sock_parse_sctl(&trash);
1470 if (ret)
1471 goto end;
1472
Vincent Bernat02779b62016-04-03 13:48:43 +02001473 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001474 if (!chunk_dup(*sctl, &trash)) {
1475 free(*sctl);
1476 *sctl = NULL;
1477 goto end;
1478 }
1479
1480end:
1481 if (fd != -1)
1482 close(fd);
1483
1484 return ret;
1485}
1486
1487int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1488{
Willy Tarreau83061a82018-07-13 11:56:34 +02001489 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001490
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001491 *out = (unsigned char *) sctl->area;
1492 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001493
1494 return 1;
1495}
1496
1497int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1498{
1499 return 1;
1500}
1501
1502static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1503{
1504 char sctl_path[MAXPATHLEN+1];
1505 int ret = -1;
1506 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001507 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001508
1509 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1510
1511 if (stat(sctl_path, &st))
1512 return 1;
1513
1514 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1515 goto out;
1516
1517 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1518 free(sctl);
1519 goto out;
1520 }
1521
1522 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1523
1524 ret = 0;
1525
1526out:
1527 return ret;
1528}
1529
1530#endif
1531
Emeric Brune1f38db2012-09-03 20:36:47 +02001532void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1533{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001534 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001535 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001536 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001537 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001538
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001539#ifndef SSL_OP_NO_RENEGOTIATION
1540 /* Please note that BoringSSL defines this macro to zero so don't
1541 * change this to #if and do not assign a default value to this macro!
1542 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001543 if (where & SSL_CB_HANDSHAKE_START) {
1544 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001545 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001546 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001547 conn->err_code = CO_ER_SSL_RENEG;
1548 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001549 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001550#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001551
1552 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001553 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001554 /* Long certificate chains optimz
1555 If write and read bios are differents, we
1556 consider that the buffering was activated,
1557 so we rise the output buffer size from 4k
1558 to 16k */
1559 write_bio = SSL_get_wbio(ssl);
1560 if (write_bio != SSL_get_rbio(ssl)) {
1561 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001562 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001563 }
1564 }
1565 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001566}
1567
Emeric Brune64aef12012-09-21 13:15:06 +02001568/* Callback is called for each certificate of the chain during a verify
1569 ok is set to 1 if preverify detect no error on current certificate.
1570 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001571int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001572{
1573 SSL *ssl;
1574 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001575 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001576 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001577
1578 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001579 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001580
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001581 ctx = conn->xprt_ctx;
1582
1583 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001584
Emeric Brun81c00f02012-09-21 14:31:21 +02001585 if (ok) /* no errors */
1586 return ok;
1587
1588 depth = X509_STORE_CTX_get_error_depth(x_store);
1589 err = X509_STORE_CTX_get_error(x_store);
1590
1591 /* check if CA error needs to be ignored */
1592 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001593 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1594 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1595 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001596 }
1597
Willy Tarreau07d94e42018-09-20 10:57:52 +02001598 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001599 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001600 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001601 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001602 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001603
Willy Tarreau20879a02012-12-03 16:32:10 +01001604 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001605 return 0;
1606 }
1607
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001608 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1609 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001610
Emeric Brun81c00f02012-09-21 14:31:21 +02001611 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001612 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001613 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001614 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001615 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001616 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001617
Willy Tarreau20879a02012-12-03 16:32:10 +01001618 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001619 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001620}
1621
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001622static inline
1623void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001624 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001625{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001626 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001627 unsigned char *msg;
1628 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001629 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001630
1631 /* This function is called for "from client" and "to server"
1632 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001633 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001634 */
1635
1636 /* "write_p" is set to 0 is the bytes are received messages,
1637 * otherwise it is set to 1.
1638 */
1639 if (write_p != 0)
1640 return;
1641
1642 /* content_type contains the type of message received or sent
1643 * according with the SSL/TLS protocol spec. This message is
1644 * encoded with one byte. The value 256 (two bytes) is used
1645 * for designing the SSL/TLS record layer. According with the
1646 * rfc6101, the expected message (other than 256) are:
1647 * - change_cipher_spec(20)
1648 * - alert(21)
1649 * - handshake(22)
1650 * - application_data(23)
1651 * - (255)
1652 * We are interessed by the handshake and specially the client
1653 * hello.
1654 */
1655 if (content_type != 22)
1656 return;
1657
1658 /* The message length is at least 4 bytes, containing the
1659 * message type and the message length.
1660 */
1661 if (len < 4)
1662 return;
1663
1664 /* First byte of the handshake message id the type of
1665 * message. The konwn types are:
1666 * - hello_request(0)
1667 * - client_hello(1)
1668 * - server_hello(2)
1669 * - certificate(11)
1670 * - server_key_exchange (12)
1671 * - certificate_request(13)
1672 * - server_hello_done(14)
1673 * We are interested by the client hello.
1674 */
1675 msg = (unsigned char *)buf;
1676 if (msg[0] != 1)
1677 return;
1678
1679 /* Next three bytes are the length of the message. The total length
1680 * must be this decoded length + 4. If the length given as argument
1681 * is not the same, we abort the protocol dissector.
1682 */
1683 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1684 if (len < rec_len + 4)
1685 return;
1686 msg += 4;
1687 end = msg + rec_len;
1688 if (end < msg)
1689 return;
1690
1691 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1692 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001693 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1694 */
1695 msg += 1 + 1 + 4 + 28;
1696 if (msg > end)
1697 return;
1698
1699 /* Next, is session id:
1700 * if present, we have to jump by length + 1 for the size information
1701 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001702 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001703 if (msg[0] > 0)
1704 msg += msg[0];
1705 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001706 if (msg > end)
1707 return;
1708
1709 /* Next two bytes are the ciphersuite length. */
1710 if (msg + 2 > end)
1711 return;
1712 rec_len = (msg[0] << 8) + msg[1];
1713 msg += 2;
1714 if (msg + rec_len > end || msg + rec_len < msg)
1715 return;
1716
Willy Tarreaubafbe012017-11-24 17:34:44 +01001717 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001718 if (!capture)
1719 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001720 /* Compute the xxh64 of the ciphersuite. */
1721 capture->xxh64 = XXH64(msg, rec_len, 0);
1722
1723 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001724 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1725 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001726 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001727
1728 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001729}
1730
Emeric Brun29f037d2014-04-25 19:05:36 +02001731/* Callback is called for ssl protocol analyse */
1732void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1733{
Emeric Brun29f037d2014-04-25 19:05:36 +02001734#ifdef TLS1_RT_HEARTBEAT
1735 /* test heartbeat received (write_p is set to 0
1736 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001737 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001738 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001739 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001740 const unsigned char *p = buf;
1741 unsigned int payload;
1742
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001743 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001744
1745 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1746 if (*p != TLS1_HB_REQUEST)
1747 return;
1748
Willy Tarreauaeed6722014-04-25 23:59:58 +02001749 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001750 goto kill_it;
1751
1752 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001753 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001754 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001755 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001756 /* We have a clear heartbleed attack (CVE-2014-0160), the
1757 * advertised payload is larger than the advertised packet
1758 * length, so we have garbage in the buffer between the
1759 * payload and the end of the buffer (p+len). We can't know
1760 * if the SSL stack is patched, and we don't know if we can
1761 * safely wipe out the area between p+3+len and payload.
1762 * So instead, we prevent the response from being sent by
1763 * setting the max_send_fragment to 0 and we report an SSL
1764 * error, which will kill this connection. It will be reported
1765 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001766 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1767 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001768 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001769 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1770 return;
1771 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001772#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001773 if (global_ssl.capture_cipherlist > 0)
1774 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001775}
1776
Bernard Spil13c53f82018-02-15 13:34:58 +01001777#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001778static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1779 const unsigned char *in, unsigned int inlen,
1780 void *arg)
1781{
1782 struct server *srv = arg;
1783
1784 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1785 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1786 return SSL_TLSEXT_ERR_OK;
1787 return SSL_TLSEXT_ERR_NOACK;
1788}
1789#endif
1790
1791#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001792/* This callback is used so that the server advertises the list of
1793 * negociable protocols for NPN.
1794 */
1795static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1796 unsigned int *len, void *arg)
1797{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001798 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001799
1800 *data = (const unsigned char *)conf->npn_str;
1801 *len = conf->npn_len;
1802 return SSL_TLSEXT_ERR_OK;
1803}
1804#endif
1805
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001806#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001807/* This callback is used so that the server advertises the list of
1808 * negociable protocols for ALPN.
1809 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001810static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1811 unsigned char *outlen,
1812 const unsigned char *server,
1813 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001814{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001815 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001816
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001817 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1818 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1819 return SSL_TLSEXT_ERR_NOACK;
1820 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001821 return SSL_TLSEXT_ERR_OK;
1822}
1823#endif
1824
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001825#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001826#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001827
Christopher Faulet30548802015-06-11 13:39:32 +02001828/* Create a X509 certificate with the specified servername and serial. This
1829 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001830static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001831ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001832{
Christopher Faulet7969a332015-10-09 11:15:03 +02001833 X509 *cacert = bind_conf->ca_sign_cert;
1834 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001835 SSL_CTX *ssl_ctx = NULL;
1836 X509 *newcrt = NULL;
1837 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001838 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001839 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001840 X509_NAME *name;
1841 const EVP_MD *digest;
1842 X509V3_CTX ctx;
1843 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001844 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001845
Christopher Faulet48a83322017-07-28 16:56:09 +02001846 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001847#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001848 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1849#else
1850 tmp_ssl = SSL_new(bind_conf->default_ctx);
1851 if (tmp_ssl)
1852 pkey = SSL_get_privatekey(tmp_ssl);
1853#endif
1854 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001855 goto mkcert_error;
1856
1857 /* Create the certificate */
1858 if (!(newcrt = X509_new()))
1859 goto mkcert_error;
1860
1861 /* Set version number for the certificate (X509v3) and the serial
1862 * number */
1863 if (X509_set_version(newcrt, 2L) != 1)
1864 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001865 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001866
1867 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001868 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1869 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001870 goto mkcert_error;
1871
1872 /* set public key in the certificate */
1873 if (X509_set_pubkey(newcrt, pkey) != 1)
1874 goto mkcert_error;
1875
1876 /* Set issuer name from the CA */
1877 if (!(name = X509_get_subject_name(cacert)))
1878 goto mkcert_error;
1879 if (X509_set_issuer_name(newcrt, name) != 1)
1880 goto mkcert_error;
1881
1882 /* Set the subject name using the same, but the CN */
1883 name = X509_NAME_dup(name);
1884 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1885 (const unsigned char *)servername,
1886 -1, -1, 0) != 1) {
1887 X509_NAME_free(name);
1888 goto mkcert_error;
1889 }
1890 if (X509_set_subject_name(newcrt, name) != 1) {
1891 X509_NAME_free(name);
1892 goto mkcert_error;
1893 }
1894 X509_NAME_free(name);
1895
1896 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001897 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001898 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1899 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1900 X509_EXTENSION *ext;
1901
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001902 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001903 goto mkcert_error;
1904 if (!X509_add_ext(newcrt, ext, -1)) {
1905 X509_EXTENSION_free(ext);
1906 goto mkcert_error;
1907 }
1908 X509_EXTENSION_free(ext);
1909 }
1910
1911 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001912
1913 key_type = EVP_PKEY_base_id(capkey);
1914
1915 if (key_type == EVP_PKEY_DSA)
1916 digest = EVP_sha1();
1917 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001918 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001919 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001920 digest = EVP_sha256();
1921 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001922#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001923 int nid;
1924
1925 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1926 goto mkcert_error;
1927 if (!(digest = EVP_get_digestbynid(nid)))
1928 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001929#else
1930 goto mkcert_error;
1931#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001932 }
1933
Christopher Faulet31af49d2015-06-09 17:29:50 +02001934 if (!(X509_sign(newcrt, capkey, digest)))
1935 goto mkcert_error;
1936
1937 /* Create and set the new SSL_CTX */
1938 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1939 goto mkcert_error;
1940 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1941 goto mkcert_error;
1942 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1943 goto mkcert_error;
1944 if (!SSL_CTX_check_private_key(ssl_ctx))
1945 goto mkcert_error;
1946
1947 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001948
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001949#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001950 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001951#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001952#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1953 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001954 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001955 EC_KEY *ecc;
1956 int nid;
1957
1958 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1959 goto end;
1960 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1961 goto end;
1962 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1963 EC_KEY_free(ecc);
1964 }
1965#endif
1966 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001967 return ssl_ctx;
1968
1969 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001970 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001971 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001972 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1973 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001974 return NULL;
1975}
1976
Christopher Faulet7969a332015-10-09 11:15:03 +02001977SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001978ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001979{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001980 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001981 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001982
Olivier Houchard66ab4982019-02-26 18:37:15 +01001983 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001984}
1985
Christopher Faulet30548802015-06-11 13:39:32 +02001986/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001987 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001988SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001989ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001990{
1991 struct lru64 *lru = NULL;
1992
1993 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001994 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001995 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001996 if (lru && lru->domain) {
1997 if (ssl)
1998 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001999 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002000 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002001 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002002 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002003 }
2004 return NULL;
2005}
2006
Emeric Brun821bb9b2017-06-15 16:37:39 +02002007/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2008 * function is not thread-safe, it should only be used to check if a certificate
2009 * exists in the lru cache (with no warranty it will not be removed by another
2010 * thread). It is kept for backward compatibility. */
2011SSL_CTX *
2012ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2013{
2014 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2015}
2016
Christopher Fauletd2cab922015-07-28 16:03:47 +02002017/* Set a certificate int the LRU cache used to store generated
2018 * certificate. Return 0 on success, otherwise -1 */
2019int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002020ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002021{
2022 struct lru64 *lru = NULL;
2023
2024 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002025 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002026 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002027 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002028 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002029 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002030 }
Christopher Faulet30548802015-06-11 13:39:32 +02002031 if (lru->domain && lru->data)
2032 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002033 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002034 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002035 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002036 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002037 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002038}
2039
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002040/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002041unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002042ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002043{
2044 return XXH32(data, len, ssl_ctx_lru_seed);
2045}
2046
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002047/* Generate a cert and immediately assign it to the SSL session so that the cert's
2048 * refcount is maintained regardless of the cert's presence in the LRU cache.
2049 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002050static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002051ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002052{
2053 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002054 SSL_CTX *ssl_ctx = NULL;
2055 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002056 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002057
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002058 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002059 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002060 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002061 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002062 if (lru && lru->domain)
2063 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002064 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002065 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002066 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002067 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002068 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002069 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002070 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002071 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002072 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002073 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002074 SSL_set_SSL_CTX(ssl, ssl_ctx);
2075 /* No LRU cache, this CTX will be released as soon as the session dies */
2076 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002077 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002078 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002079 return 0;
2080}
2081static int
2082ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2083{
2084 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002085 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002086
2087 conn_get_to_addr(conn);
2088 if (conn->flags & CO_FL_ADDR_TO_SET) {
2089 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002090 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002091 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002092 }
2093 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002094}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002095#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002096
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002097#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002098typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2099
2100static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002101{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002102#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002103 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002104 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2105#endif
2106}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002107static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2108 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002109 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2110}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002111static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002112#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002113 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002114 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2115#endif
2116}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002117static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002118#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002119 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002120 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2121#endif
2122}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002123/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002124static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2125/* Unusable in this context. */
2126static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2127static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2128static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2129static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2130static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002131#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002132typedef enum { SET_MIN, SET_MAX } set_context_func;
2133
2134static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2135 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002136 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2137}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002138static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2139 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2140 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2141}
2142static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2143 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002144 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2145}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002146static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2147 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2148 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2149}
2150static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2151 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002152 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2153}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002154static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2155 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2156 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2157}
2158static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2159 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002160 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2161}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002162static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2163 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2164 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2165}
2166static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002167#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002168 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002169 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2170#endif
2171}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002172static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2173#if SSL_OP_NO_TLSv1_3
2174 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2175 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002176#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002177}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002178#endif
2179static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2180static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002181
2182static struct {
2183 int option;
2184 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002185 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2186 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002187 const char *name;
2188} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002189 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2190 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2191 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2192 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2193 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2194 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002195};
2196
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002197static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2198{
2199 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2200 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2201 SSL_set_SSL_CTX(ssl, ctx);
2202}
2203
Willy Tarreau5db847a2019-05-09 14:13:35 +02002204#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002205
2206static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2207{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002208 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002209 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002210
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002211 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2212 return SSL_TLSEXT_ERR_OK;
2213 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002214}
2215
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002216#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002217static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2218{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002219 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002220#else
2221static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2222{
2223#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002224 struct connection *conn;
2225 struct bind_conf *s;
2226 const uint8_t *extension_data;
2227 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002228 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002229
2230 char *wildp = NULL;
2231 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002232 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002233 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002234 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002235 int i;
2236
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002237 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002238 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002239
Olivier Houchard9679ac92017-10-27 14:58:08 +02002240 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002241 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002242#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002243 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2244 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002245#else
2246 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2247#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002248 /*
2249 * The server_name extension was given too much extensibility when it
2250 * was written, so parsing the normal case is a bit complex.
2251 */
2252 size_t len;
2253 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002254 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002255 /* Extract the length of the supplied list of names. */
2256 len = (*extension_data++) << 8;
2257 len |= *extension_data++;
2258 if (len + 2 != extension_len)
2259 goto abort;
2260 /*
2261 * The list in practice only has a single element, so we only consider
2262 * the first one.
2263 */
2264 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2265 goto abort;
2266 extension_len = len - 1;
2267 /* Now we can finally pull out the byte array with the actual hostname. */
2268 if (extension_len <= 2)
2269 goto abort;
2270 len = (*extension_data++) << 8;
2271 len |= *extension_data++;
2272 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2273 || memchr(extension_data, 0, len) != NULL)
2274 goto abort;
2275 servername = extension_data;
2276 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002277 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002278#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2279 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002280 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002281 }
2282#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002283 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002284 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002285 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002286 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002287 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002288 goto abort;
2289 }
2290
2291 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002292#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002293 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002294#else
2295 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2296#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002297 uint8_t sign;
2298 size_t len;
2299 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002300 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002301 len = (*extension_data++) << 8;
2302 len |= *extension_data++;
2303 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002304 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002305 if (len % 2 != 0)
2306 goto abort;
2307 for (; len > 0; len -= 2) {
2308 extension_data++; /* hash */
2309 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002310 switch (sign) {
2311 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002312 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002313 break;
2314 case TLSEXT_signature_ecdsa:
2315 has_ecdsa_sig = 1;
2316 break;
2317 default:
2318 continue;
2319 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002320 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002321 break;
2322 }
2323 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002324 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002325 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002326 }
2327 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002328 const SSL_CIPHER *cipher;
2329 size_t len;
2330 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002331 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002332#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002333 len = ctx->cipher_suites_len;
2334 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002335#else
2336 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2337#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002338 if (len % 2 != 0)
2339 goto abort;
2340 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002341#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002342 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002343 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002344#else
2345 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2346#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002347 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002348 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002349 break;
2350 }
2351 }
2352 }
2353
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002354 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002355 trash.area[i] = tolower(servername[i]);
2356 if (!wildp && (trash.area[i] == '.'))
2357 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002359 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002360
2361 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002362 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002363
2364 /* lookup a not neg filter */
2365 for (n = node; n; n = ebmb_next_dup(n)) {
2366 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002367 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002368 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002369 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002370 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002371 break;
2372 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002373 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002374 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002375 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002376 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002377 if (!node_anonymous)
2378 node_anonymous = n;
2379 break;
2380 }
2381 }
2382 }
2383 if (wildp) {
2384 /* lookup in wildcards names */
2385 node = ebst_lookup(&s->sni_w_ctx, wildp);
2386 for (n = node; n; n = ebmb_next_dup(n)) {
2387 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002388 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002389 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002390 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002391 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002392 break;
2393 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002394 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002395 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002396 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002397 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002398 if (!node_anonymous)
2399 node_anonymous = n;
2400 break;
2401 }
2402 }
2403 }
2404 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002405 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002406 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2407 : ((has_rsa_sig && node_rsa) ? node_rsa
2408 : (node_anonymous ? node_anonymous
2409 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2410 : node_rsa /* no rsa signature case (far far away) */
2411 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002412 if (node) {
2413 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002414 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002415 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002416 if (conf) {
2417 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2418 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2419 if (conf->early_data)
2420 allow_early = 1;
2421 }
2422 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002423 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002424#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002425 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002426 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002427 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002428 }
2429#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002430 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002431 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002432 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002433 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002434allow_early:
2435#ifdef OPENSSL_IS_BORINGSSL
2436 if (allow_early)
2437 SSL_set_early_data_enabled(ssl, 1);
2438#else
2439 if (!allow_early)
2440 SSL_set_max_early_data(ssl, 0);
2441#endif
2442 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002443 abort:
2444 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2445 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002446#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002447 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002448#else
2449 *al = SSL_AD_UNRECOGNIZED_NAME;
2450 return 0;
2451#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002452}
2453
2454#else /* OPENSSL_IS_BORINGSSL */
2455
Emeric Brunfc0421f2012-09-07 17:30:07 +02002456/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2457 * warning when no match is found, which implies the default (first) cert
2458 * will keep being used.
2459 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002460static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002461{
2462 const char *servername;
2463 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002464 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002465 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002466 int i;
2467 (void)al; /* shut gcc stupid warning */
2468
2469 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002470 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002471#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002472 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2473 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002474#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002475 if (s->strict_sni)
2476 return SSL_TLSEXT_ERR_ALERT_FATAL;
2477 ssl_sock_switchctx_set(ssl, s->default_ctx);
2478 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002479 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002480
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002481 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002482 if (!servername[i])
2483 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002484 trash.area[i] = tolower(servername[i]);
2485 if (!wildp && (trash.area[i] == '.'))
2486 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002487 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002488 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002489
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002490 node = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002491 /* lookup in full qualified names */
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002492 for (n = ebst_lookup(&s->sni_ctx, trash.area); n; n = ebmb_next_dup(n)) {
2493 /* lookup a not neg filter */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002494 if (!container_of(n, struct sni_ctx, name)->neg) {
2495 node = n;
2496 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002497 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002498 }
2499 if (!node && wildp) {
2500 /* lookup in wildcards names */
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002501 for (n = ebst_lookup(&s->sni_w_ctx, wildp); n; n = ebmb_next_dup(n)) {
2502 /* lookup a not neg filter */
2503 if (!container_of(n, struct sni_ctx, name)->neg) {
2504 node = n;
2505 break;
2506 }
2507 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002508 }
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002509 if (!node) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002510#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002511 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2512 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002513 return SSL_TLSEXT_ERR_OK;
2514 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002515#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002516 if (s->strict_sni)
2517 return SSL_TLSEXT_ERR_ALERT_FATAL;
2518 ssl_sock_switchctx_set(ssl, s->default_ctx);
2519 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002520 }
2521
2522 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002523 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002524 return SSL_TLSEXT_ERR_OK;
2525}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002526#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002527#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2528
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002529#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002530
2531static DH * ssl_get_dh_1024(void)
2532{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002533 static unsigned char dh1024_p[]={
2534 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2535 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2536 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2537 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2538 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2539 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2540 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2541 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2542 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2543 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2544 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2545 };
2546 static unsigned char dh1024_g[]={
2547 0x02,
2548 };
2549
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002550 BIGNUM *p;
2551 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002552 DH *dh = DH_new();
2553 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002554 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2555 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002556
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002557 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002558 DH_free(dh);
2559 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002560 } else {
2561 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002562 }
2563 }
2564 return dh;
2565}
2566
2567static DH *ssl_get_dh_2048(void)
2568{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002569 static unsigned char dh2048_p[]={
2570 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2571 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2572 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2573 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2574 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2575 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2576 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2577 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2578 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2579 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2580 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2581 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2582 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2583 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2584 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2585 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2586 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2587 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2588 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2589 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2590 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2591 0xB7,0x1F,0x77,0xF3,
2592 };
2593 static unsigned char dh2048_g[]={
2594 0x02,
2595 };
2596
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002597 BIGNUM *p;
2598 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002599 DH *dh = DH_new();
2600 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002601 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2602 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002603
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002604 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002605 DH_free(dh);
2606 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002607 } else {
2608 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002609 }
2610 }
2611 return dh;
2612}
2613
2614static DH *ssl_get_dh_4096(void)
2615{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002616 static unsigned char dh4096_p[]={
2617 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2618 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2619 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2620 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2621 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2622 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2623 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2624 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2625 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2626 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2627 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2628 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2629 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2630 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2631 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2632 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2633 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2634 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2635 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2636 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2637 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2638 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2639 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2640 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2641 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2642 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2643 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2644 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2645 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2646 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2647 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2648 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2649 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2650 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2651 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2652 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2653 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2654 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2655 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2656 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2657 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2658 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2659 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002660 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002661 static unsigned char dh4096_g[]={
2662 0x02,
2663 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002664
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002665 BIGNUM *p;
2666 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002667 DH *dh = DH_new();
2668 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002669 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2670 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002671
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002672 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002673 DH_free(dh);
2674 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002675 } else {
2676 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002677 }
2678 }
2679 return dh;
2680}
2681
2682/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002683 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002684static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2685{
2686 DH *dh = NULL;
2687 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002688 int type;
2689
2690 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002691
2692 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2693 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2694 */
2695 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2696 keylen = EVP_PKEY_bits(pkey);
2697 }
2698
Willy Tarreauef934602016-12-22 23:12:01 +01002699 if (keylen > global_ssl.default_dh_param) {
2700 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002701 }
2702
Remi Gacogned3a341a2015-05-29 16:26:17 +02002703 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002704 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002705 }
2706 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002707 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002708 }
2709 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002710 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002711 }
2712
2713 return dh;
2714}
2715
Remi Gacogne47783ef2015-05-29 15:53:22 +02002716static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002717{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002718 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002719 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002720
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002721 if (in == NULL)
2722 goto end;
2723
Remi Gacogne47783ef2015-05-29 15:53:22 +02002724 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002725 goto end;
2726
Remi Gacogne47783ef2015-05-29 15:53:22 +02002727 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2728
2729end:
2730 if (in)
2731 BIO_free(in);
2732
Emeric Brune1b4ed42018-08-16 15:14:12 +02002733 ERR_clear_error();
2734
Remi Gacogne47783ef2015-05-29 15:53:22 +02002735 return dh;
2736}
2737
2738int ssl_sock_load_global_dh_param_from_file(const char *filename)
2739{
2740 global_dh = ssl_sock_get_dh_from_file(filename);
2741
2742 if (global_dh) {
2743 return 0;
2744 }
2745
2746 return -1;
2747}
2748
Emeric Bruncfc1afe2019-10-17 13:27:40 +02002749/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2750 * If there is no DH paramater availaible in the ckchs, the global
2751 * DH parameter is loaded into the SSL_CTX and if there is no
2752 * DH parameter available in ckchs nor in global, the default
2753 * DH parameters are applied on the SSL_CTX.
2754 * Returns a bitfield containing the flags:
2755 * ERR_FATAL in any fatal error case
2756 * ERR_ALERT if a reason of the error is availabine in err
2757 * ERR_WARN if a warning is available into err
2758 * The value 0 means there is no error nor warning and
2759 * the operation succeed.
2760 */
2761static int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file, char **err)
2762 {
2763 int ret = 0;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002764 DH *dh = ssl_sock_get_dh_from_file(file);
2765
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002766 if (dh) {
Emeric Brund6de1512019-10-17 14:53:03 +02002767 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
2768 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
2769 err && *err ? *err : "", file);
2770#if defined(SSL_CTX_set_dh_auto)
2771 SSL_CTX_set_dh_auto(ctx, 1);
2772 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2773 err && *err ? *err : "");
2774#else
2775 memprintf(err, "%s, DH ciphers won't be available.\n",
2776 err && *err ? *err : "");
2777#endif
2778 ret |= ERR_WARN;
2779 goto end;
2780 }
Remi Gacogne4f902b82015-05-28 16:23:00 +02002781
2782 if (ssl_dh_ptr_index >= 0) {
2783 /* store a pointer to the DH params to avoid complaining about
2784 ssl-default-dh-param not being set for this SSL_CTX */
2785 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2786 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002787 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002788 else if (global_dh) {
Emeric Brund6de1512019-10-17 14:53:03 +02002789 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
2790 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
2791 err && *err ? *err : "", file);
2792#if defined(SSL_CTX_set_dh_auto)
2793 SSL_CTX_set_dh_auto(ctx, 1);
2794 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2795 err && *err ? *err : "");
2796#else
2797 memprintf(err, "%s, DH ciphers won't be available.\n",
2798 err && *err ? *err : "");
2799#endif
2800 ret |= ERR_WARN;
2801 goto end;
2802 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002803 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002804 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002805 /* Clear openssl global errors stack */
2806 ERR_clear_error();
2807
Willy Tarreauef934602016-12-22 23:12:01 +01002808 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002809 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002810 if (local_dh_1024 == NULL)
2811 local_dh_1024 = ssl_get_dh_1024();
2812
Emeric Bruncfc1afe2019-10-17 13:27:40 +02002813 if (local_dh_1024 == NULL) {
2814 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2815 err && *err ? *err : "", file);
2816 ret |= ERR_ALERT | ERR_FATAL;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002817 goto end;
Emeric Bruncfc1afe2019-10-17 13:27:40 +02002818 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002819
Emeric Brund6de1512019-10-17 14:53:03 +02002820 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
2821 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2822 err && *err ? *err : "", file);
2823#if defined(SSL_CTX_set_dh_auto)
2824 SSL_CTX_set_dh_auto(ctx, 1);
2825 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2826 err && *err ? *err : "");
2827#else
2828 memprintf(err, "%s, DH ciphers won't be available.\n",
2829 err && *err ? *err : "");
2830#endif
2831 ret |= ERR_WARN;
2832 goto end;
2833 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002834 }
2835 else {
2836 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2837 }
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002838 }
Emeric Brun644cde02012-12-14 11:21:13 +01002839
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002840end:
2841 if (dh)
2842 DH_free(dh);
2843
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002844 return ret;
2845}
2846#endif
2847
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002848static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002849 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002850{
2851 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002852 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002853 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002854
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002855 if (*name == '!') {
2856 neg = 1;
2857 name++;
2858 }
2859 if (*name == '*') {
2860 wild = 1;
2861 name++;
2862 }
2863 /* !* filter is a nop */
2864 if (neg && wild)
2865 return order;
2866 if (*name) {
2867 int j, len;
2868 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002869 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002870 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002871 if (j >= trash.size)
William Lallemand24e292c2019-10-03 23:46:33 +02002872 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002873 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002874
2875 /* Check for duplicates. */
2876 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002877 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002878 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002879 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002880 for (; node; node = ebmb_next_dup(node)) {
2881 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002882 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002883 return order;
2884 }
2885
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002886 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002887 if (!sc)
William Lallemand24e292c2019-10-03 23:46:33 +02002888 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002889 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002890 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002891 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002892 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002893 sc->order = order++;
2894 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002895 if (kinfo.sig != TLSEXT_signature_anonymous)
2896 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002897 if (wild)
2898 ebst_insert(&s->sni_w_ctx, &sc->name);
2899 else
2900 ebst_insert(&s->sni_ctx, &sc->name);
2901 }
2902 return order;
2903}
2904
yanbzhu488a4d22015-12-01 15:16:07 -05002905
2906/* The following code is used for loading multiple crt files into
2907 * SSL_CTX's based on CN/SAN
2908 */
Willy Tarreau5db847a2019-05-09 14:13:35 +02002909#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05002910/* This is used to preload the certifcate, private key
2911 * and Cert Chain of a file passed in via the crt
2912 * argument
2913 *
2914 * This way, we do not have to read the file multiple times
2915 */
2916struct cert_key_and_chain {
2917 X509 *cert;
2918 EVP_PKEY *key;
2919 unsigned int num_chain_certs;
2920 /* This is an array of X509 pointers */
2921 X509 **chain_certs;
2922};
2923
yanbzhu08ce6ab2015-12-02 13:01:29 -05002924#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2925
2926struct key_combo_ctx {
2927 SSL_CTX *ctx;
2928 int order;
2929};
2930
2931/* Map used for processing multiple keypairs for a single purpose
2932 *
2933 * This maps CN/SNI name to certificate type
2934 */
2935struct sni_keytype {
2936 int keytypes; /* BITMASK for keytypes */
2937 struct ebmb_node name; /* node holding the servername value */
2938};
2939
2940
yanbzhu488a4d22015-12-01 15:16:07 -05002941/* Frees the contents of a cert_key_and_chain
2942 */
2943static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2944{
2945 int i;
2946
2947 if (!ckch)
2948 return;
2949
2950 /* Free the certificate and set pointer to NULL */
2951 if (ckch->cert)
2952 X509_free(ckch->cert);
2953 ckch->cert = NULL;
2954
2955 /* Free the key and set pointer to NULL */
2956 if (ckch->key)
2957 EVP_PKEY_free(ckch->key);
2958 ckch->key = NULL;
2959
2960 /* Free each certificate in the chain */
2961 for (i = 0; i < ckch->num_chain_certs; i++) {
2962 if (ckch->chain_certs[i])
2963 X509_free(ckch->chain_certs[i]);
2964 }
2965
2966 /* Free the chain obj itself and set to NULL */
2967 if (ckch->num_chain_certs > 0) {
2968 free(ckch->chain_certs);
2969 ckch->num_chain_certs = 0;
2970 ckch->chain_certs = NULL;
2971 }
2972
2973}
2974
2975/* checks if a key and cert exists in the ckch
2976 */
2977static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2978{
2979 return (ckch->cert != NULL && ckch->key != NULL);
2980}
2981
2982
2983/* Loads the contents of a crt file (path) into a cert_key_and_chain
2984 * This allows us to carry the contents of the file without having to
2985 * read the file multiple times.
2986 *
2987 * returns:
2988 * 0 on Success
2989 * 1 on SSL Failure
2990 * 2 on file not found
2991 */
2992static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2993{
2994
2995 BIO *in;
2996 X509 *ca = NULL;
2997 int ret = 1;
2998
2999 ssl_sock_free_cert_key_and_chain_contents(ckch);
3000
3001 in = BIO_new(BIO_s_file());
3002 if (in == NULL)
3003 goto end;
3004
3005 if (BIO_read_filename(in, path) <= 0)
3006 goto end;
3007
yanbzhu488a4d22015-12-01 15:16:07 -05003008 /* Read Private Key */
3009 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3010 if (ckch->key == NULL) {
3011 memprintf(err, "%sunable to load private key from file '%s'.\n",
3012 err && *err ? *err : "", path);
3013 goto end;
3014 }
3015
Willy Tarreaubb137a82016-04-06 19:02:38 +02003016 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003017 if (BIO_reset(in) == -1) {
3018 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3019 err && *err ? *err : "", path);
3020 goto end;
3021 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003022
3023 /* Read Certificate */
3024 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3025 if (ckch->cert == NULL) {
3026 memprintf(err, "%sunable to load certificate from file '%s'.\n",
3027 err && *err ? *err : "", path);
3028 goto end;
3029 }
3030
yanbzhu488a4d22015-12-01 15:16:07 -05003031 /* Read Certificate Chain */
3032 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
3033 /* Grow the chain certs */
3034 ckch->num_chain_certs++;
3035 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
3036
3037 /* use - 1 here since we just incremented it above */
3038 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
3039 }
3040 ret = ERR_get_error();
3041 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3042 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
3043 err && *err ? *err : "", path);
3044 ret = 1;
3045 goto end;
3046 }
3047
3048 ret = 0;
3049
3050end:
3051
3052 ERR_clear_error();
3053 if (in)
3054 BIO_free(in);
3055
3056 /* Something went wrong in one of the reads */
3057 if (ret != 0)
3058 ssl_sock_free_cert_key_and_chain_contents(ckch);
3059
3060 return ret;
3061}
3062
3063/* Loads the info in ckch into ctx
Emeric Brun394701d2019-10-17 13:25:14 +02003064 * Returns a bitfield containing the flags:
3065 * ERR_FATAL in any fatal error case
3066 * ERR_ALERT if the reason of the error is available in err
3067 * ERR_WARN if a warning is available into err
3068 * The value 0 means there is no error nor warning and
3069 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003070 */
3071static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3072{
3073 int i = 0;
Emeric Brun394701d2019-10-17 13:25:14 +02003074 int errcode = 0;
yanbzhu488a4d22015-12-01 15:16:07 -05003075
3076 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3077 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3078 err && *err ? *err : "", path);
Emeric Brun394701d2019-10-17 13:25:14 +02003079 errcode |= ERR_ALERT | ERR_FATAL;
3080 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003081 }
3082
3083 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3084 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3085 err && *err ? *err : "", path);
Emeric Brun394701d2019-10-17 13:25:14 +02003086 errcode |= ERR_ALERT | ERR_FATAL;
3087 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003088 }
3089
yanbzhu488a4d22015-12-01 15:16:07 -05003090 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3091 for (i = 0; i < ckch->num_chain_certs; i++) {
3092 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003093 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3094 err && *err ? *err : "", (i+1), path);
Emeric Brun394701d2019-10-17 13:25:14 +02003095 errcode |= ERR_ALERT | ERR_FATAL;
3096 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003097 }
3098 }
3099
3100 if (SSL_CTX_check_private_key(ctx) <= 0) {
3101 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3102 err && *err ? *err : "", path);
Emeric Brun394701d2019-10-17 13:25:14 +02003103 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu488a4d22015-12-01 15:16:07 -05003104 }
3105
Emeric Brun394701d2019-10-17 13:25:14 +02003106 end:
3107 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003108}
3109
yanbzhu08ce6ab2015-12-02 13:01:29 -05003110
William Lallemand4801c702019-10-04 17:36:55 +02003111static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003112{
3113 struct sni_keytype *s_kt = NULL;
3114 struct ebmb_node *node;
3115 int i;
3116
3117 for (i = 0; i < trash.size; i++) {
3118 if (!str[i])
3119 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003120 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003121 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003122 trash.area[i] = 0;
3123 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003124 if (!node) {
3125 /* CN not found in tree */
3126 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3127 /* Using memcpy here instead of strncpy.
3128 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3129 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3130 */
William Lallemand4801c702019-10-04 17:36:55 +02003131 if (!s_kt)
3132 return -1;
3133
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003134 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003135 s_kt->keytypes = 0;
3136 ebst_insert(sni_keytypes, &s_kt->name);
3137 } else {
3138 /* CN found in tree */
3139 s_kt = container_of(node, struct sni_keytype, name);
3140 }
3141
3142 /* Mark that this CN has the keytype of key_index via keytypes mask */
3143 s_kt->keytypes |= 1<<key_index;
3144
William Lallemand4801c702019-10-04 17:36:55 +02003145 return 0;
3146
yanbzhu08ce6ab2015-12-02 13:01:29 -05003147}
3148
3149
3150/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3151 * If any are found, group these files into a set of SSL_CTX*
3152 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3153 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003154 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003155 *
Willy Tarreaub131c872019-10-16 16:42:19 +02003156 * Returns a set of ERR_* flags possibly with an error in <err>.
3157 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003158 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003159static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3160 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003161{
3162 char fp[MAXPATHLEN+1] = {0};
3163 int n = 0;
3164 int i = 0;
3165 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3166 struct eb_root sni_keytypes_map = { {0} };
3167 struct ebmb_node *node;
3168 struct ebmb_node *next;
3169 /* Array of SSL_CTX pointers corresponding to each possible combo
3170 * of keytypes
3171 */
3172 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Willy Tarreaub131c872019-10-16 16:42:19 +02003173 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003174 X509_NAME *xname = NULL;
3175 char *str = NULL;
3176#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3177 STACK_OF(GENERAL_NAME) *names = NULL;
3178#endif
3179
3180 /* Load all possible certs and keys */
3181 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3182 struct stat buf;
3183
3184 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3185 if (stat(fp, &buf) == 0) {
3186 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
Willy Tarreaub131c872019-10-16 16:42:19 +02003187 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003188 goto end;
3189 }
3190 }
3191 }
3192
3193 /* Process each ckch and update keytypes for each CN/SAN
3194 * for example, if CN/SAN www.a.com is associated with
3195 * certs with keytype 0 and 2, then at the end of the loop,
3196 * www.a.com will have:
3197 * keyindex = 0 | 1 | 4 = 5
3198 */
3199 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand4801c702019-10-04 17:36:55 +02003200 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003201
3202 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3203 continue;
3204
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003205 if (fcount) {
William Lallemand4801c702019-10-04 17:36:55 +02003206 for (i = 0; i < fcount; i++) {
3207 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3208 if (ret < 0) {
3209 memprintf(err, "%sunable to allocate SSL context.\n",
3210 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003211 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand4801c702019-10-04 17:36:55 +02003212 goto end;
3213 }
3214 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003215 } else {
3216 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3217 * so the line that contains logic is marked via comments
3218 */
3219 xname = X509_get_subject_name(certs_and_keys[n].cert);
3220 i = -1;
3221 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3222 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003223 ASN1_STRING *value;
3224 value = X509_NAME_ENTRY_get_data(entry);
3225 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003226 /* Important line is here */
William Lallemand4801c702019-10-04 17:36:55 +02003227 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003228
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003229 OPENSSL_free(str);
3230 str = NULL;
William Lallemand4801c702019-10-04 17:36:55 +02003231 if (ret < 0) {
3232 memprintf(err, "%sunable to allocate SSL context.\n",
3233 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003234 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand4801c702019-10-04 17:36:55 +02003235 goto end;
3236 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003237 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003238 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003239
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003240 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003241#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003242 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3243 if (names) {
3244 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3245 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003246
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003247 if (name->type == GEN_DNS) {
3248 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3249 /* Important line is here */
William Lallemand4801c702019-10-04 17:36:55 +02003250 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003251
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003252 OPENSSL_free(str);
3253 str = NULL;
William Lallemand4801c702019-10-04 17:36:55 +02003254 if (ret < 0) {
3255 memprintf(err, "%sunable to allocate SSL context.\n",
3256 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003257 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand4801c702019-10-04 17:36:55 +02003258 goto end;
3259 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003260 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003261 }
3262 }
3263 }
3264 }
3265#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3266 }
3267
3268 /* If no files found, return error */
3269 if (eb_is_empty(&sni_keytypes_map)) {
3270 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3271 err && *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003272 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003273 goto end;
3274 }
3275
3276 /* We now have a map of CN/SAN to keytypes that are loaded in
3277 * Iterate through the map to create the SSL_CTX's (if needed)
3278 * and add each CTX to the SNI tree
3279 *
3280 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003281 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003282 * combination is denoted by the key in the map. Each key
3283 * has a value between 1 and 2^n - 1. Conveniently, the array
3284 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3285 * entry in the array to correspond to the unique combo (key)
3286 * associated with i. This unique key combo (i) will be associated
3287 * with combos[i-1]
3288 */
3289
3290 node = ebmb_first(&sni_keytypes_map);
3291 while (node) {
3292 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003293 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003294 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003295
3296 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3297 i = container_of(node, struct sni_keytype, name)->keytypes;
3298 cur_ctx = key_combos[i-1].ctx;
3299
3300 if (cur_ctx == NULL) {
3301 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003302 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003303 if (cur_ctx == NULL) {
3304 memprintf(err, "%sunable to allocate SSL context.\n",
3305 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003306 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003307 goto end;
3308 }
3309
yanbzhube2774d2015-12-10 15:07:30 -05003310 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003311 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3312 if (i & (1<<n)) {
3313 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003314 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Brun394701d2019-10-17 13:25:14 +02003315 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3316 if (errcode & ERR_CODE) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003317 SSL_CTX_free(cur_ctx);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003318 goto end;
3319 }
yanbzhube2774d2015-12-10 15:07:30 -05003320
3321#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3322 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003323 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003324 if (err)
3325 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003326 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003327 SSL_CTX_free(cur_ctx);
Willy Tarreaub131c872019-10-16 16:42:19 +02003328 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhube2774d2015-12-10 15:07:30 -05003329 goto end;
3330 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003331#elif (defined OPENSSL_IS_BORINGSSL)
3332 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003333#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003334 }
3335 }
3336
3337 /* Load DH params into the ctx to support DHE keys */
3338#ifndef OPENSSL_NO_DH
3339 if (ssl_dh_ptr_index >= 0)
3340 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3341
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003342 errcode |= ssl_sock_load_dh_params(cur_ctx, NULL, err);
3343 if (errcode & ERR_CODE) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003344 if (err)
3345 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3346 *err ? *err : "", path);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003347 goto end;
3348 }
3349#endif
3350
3351 /* Update key_combos */
3352 key_combos[i-1].ctx = cur_ctx;
3353 }
3354
3355 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003356 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
William Lallemand24e292c2019-10-03 23:46:33 +02003357 kinfo, str, key_combos[i-1].order);
3358 if (key_combos[i-1].order < 0) {
3359 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003360 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand24e292c2019-10-03 23:46:33 +02003361 goto end;
3362 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003363 node = ebmb_next(node);
3364 }
3365
3366
3367 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3368 if (!bind_conf->default_ctx) {
3369 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3370 if (key_combos[i].ctx) {
3371 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003372 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003373 break;
3374 }
3375 }
3376 }
3377
3378end:
3379
3380 if (names)
3381 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3382
3383 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3384 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3385
3386 node = ebmb_first(&sni_keytypes_map);
3387 while (node) {
3388 next = ebmb_next(node);
3389 ebmb_delete(node);
William Lallemande92c0302019-10-04 17:24:39 +02003390 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05003391 node = next;
3392 }
3393
Willy Tarreaub131c872019-10-16 16:42:19 +02003394 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003395}
3396#else
3397/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003398static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3399 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003400{
3401 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3402 err && *err ? *err : "", path, strerror(errno));
3403 return 1;
3404}
3405
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003406#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003407
Emeric Brunfc0421f2012-09-07 17:30:07 +02003408/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3409 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3410 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003411static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3412 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003413{
3414 BIO *in;
3415 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003416 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003417 int ret = -1;
3418 int order = 0;
3419 X509_NAME *xname;
3420 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003421 pem_password_cb *passwd_cb;
3422 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003423 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003424 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003425
Emeric Brunfc0421f2012-09-07 17:30:07 +02003426#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3427 STACK_OF(GENERAL_NAME) *names;
3428#endif
3429
3430 in = BIO_new(BIO_s_file());
3431 if (in == NULL)
3432 goto end;
3433
3434 if (BIO_read_filename(in, file) <= 0)
3435 goto end;
3436
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003437
3438 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3439 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3440
3441 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003442 if (x == NULL)
3443 goto end;
3444
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003445 pkey = X509_get_pubkey(x);
3446 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003447 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003448 switch(EVP_PKEY_base_id(pkey)) {
3449 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003450 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003451 break;
3452 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003453 kinfo.sig = TLSEXT_signature_ecdsa;
3454 break;
3455 case EVP_PKEY_DSA:
3456 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003457 break;
3458 }
3459 EVP_PKEY_free(pkey);
3460 }
3461
Emeric Brun50bcecc2013-04-22 13:05:23 +02003462 if (fcount) {
William Lallemand24e292c2019-10-03 23:46:33 +02003463 while (fcount--) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003464 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemand24e292c2019-10-03 23:46:33 +02003465 if (order < 0)
3466 goto end;
3467 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003468 }
3469 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003470#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003471 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3472 if (names) {
3473 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3474 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3475 if (name->type == GEN_DNS) {
3476 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003477 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003478 OPENSSL_free(str);
William Lallemand24e292c2019-10-03 23:46:33 +02003479 if (order < 0)
3480 goto end;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003481 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003482 }
3483 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003484 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003485 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003486#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003487 xname = X509_get_subject_name(x);
3488 i = -1;
3489 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3490 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003491 ASN1_STRING *value;
3492
3493 value = X509_NAME_ENTRY_get_data(entry);
3494 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003495 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003496 OPENSSL_free(str);
William Lallemand24e292c2019-10-03 23:46:33 +02003497 if (order < 0)
3498 goto end;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003499 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003500 }
3501 }
3502
3503 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3504 if (!SSL_CTX_use_certificate(ctx, x))
3505 goto end;
3506
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003507#ifdef SSL_CTX_clear_extra_chain_certs
3508 SSL_CTX_clear_extra_chain_certs(ctx);
3509#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003510 if (ctx->extra_certs != NULL) {
3511 sk_X509_pop_free(ctx->extra_certs, X509_free);
3512 ctx->extra_certs = NULL;
3513 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003514#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003515
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003516 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003517 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3518 X509_free(ca);
3519 goto end;
3520 }
3521 }
3522
3523 err = ERR_get_error();
3524 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3525 /* we successfully reached the last cert in the file */
3526 ret = 1;
3527 }
3528 ERR_clear_error();
3529
3530end:
3531 if (x)
3532 X509_free(x);
3533
3534 if (in)
3535 BIO_free(in);
3536
3537 return ret;
3538}
3539
Willy Tarreaub131c872019-10-16 16:42:19 +02003540/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003541static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3542 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003543{
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003544 int errcode = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003545 int ret;
3546 SSL_CTX *ctx;
3547
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003548 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003549 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003550 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3551 err && *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003552 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003553 }
3554
3555 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003556 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3557 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003558 SSL_CTX_free(ctx);
Willy Tarreaub131c872019-10-16 16:42:19 +02003559 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003560 }
3561
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003562 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003563 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003564 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3565 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003566 if (ret < 0) /* serious error, must do that ourselves */
3567 SSL_CTX_free(ctx);
Willy Tarreaub131c872019-10-16 16:42:19 +02003568 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003569 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003570
3571 if (SSL_CTX_check_private_key(ctx) <= 0) {
3572 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3573 err && *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003574 return ERR_ALERT | ERR_FATAL;
Emeric Brun61694ab2012-10-26 13:35:33 +02003575 }
3576
Emeric Brunfc0421f2012-09-07 17:30:07 +02003577 /* we must not free the SSL_CTX anymore below, since it's already in
3578 * the tree, so it will be discovered and cleaned in time.
3579 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003580#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003581 /* store a NULL pointer to indicate we have not yet loaded
3582 a custom DH param file */
3583 if (ssl_dh_ptr_index >= 0) {
3584 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3585 }
3586
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003587 errcode |= ssl_sock_load_dh_params(ctx, path, err);
3588 if (errcode & ERR_CODE) {
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003589 if (err)
3590 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3591 *err ? *err : "", path);
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003592 return errcode;
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003593 }
3594#endif
3595
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003596#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003597 ret = ssl_sock_load_ocsp(ctx, path);
3598 if (ret < 0) {
3599 if (err)
3600 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3601 *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003602 return ERR_ALERT | ERR_FATAL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02003603 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003604#elif (defined OPENSSL_IS_BORINGSSL)
3605 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003606#endif
3607
Willy Tarreau5db847a2019-05-09 14:13:35 +02003608#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003609 if (sctl_ex_index >= 0) {
3610 ret = ssl_sock_load_sctl(ctx, path);
3611 if (ret < 0) {
3612 if (err)
3613 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3614 *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003615 return ERR_ALERT | ERR_FATAL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003616 }
3617 }
3618#endif
3619
Emeric Brunfc0421f2012-09-07 17:30:07 +02003620#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003621 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003622 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3623 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003624 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003625 }
3626#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003627 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003628 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003629 bind_conf->default_ssl_conf = ssl_conf;
3630 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003631
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003632 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003633}
3634
Willy Tarreaub131c872019-10-16 16:42:19 +02003635
3636/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01003637int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003638{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003639 struct dirent **de_list;
3640 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003641 DIR *dir;
3642 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003643 char *end;
3644 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003645 int cfgerr = 0;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003646#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003647 int is_bundle;
3648 int j;
3649#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003650
yanbzhu08ce6ab2015-12-02 13:01:29 -05003651 if (stat(path, &buf) == 0) {
3652 dir = opendir(path);
3653 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003654 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003655
yanbzhu08ce6ab2015-12-02 13:01:29 -05003656 /* strip trailing slashes, including first one */
3657 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3658 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003659
yanbzhu08ce6ab2015-12-02 13:01:29 -05003660 n = scandir(path, &de_list, 0, alphasort);
3661 if (n < 0) {
3662 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3663 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaub131c872019-10-16 16:42:19 +02003664 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003665 }
3666 else {
3667 for (i = 0; i < n; i++) {
3668 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003669
yanbzhu08ce6ab2015-12-02 13:01:29 -05003670 end = strrchr(de->d_name, '.');
3671 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3672 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003673
yanbzhu08ce6ab2015-12-02 13:01:29 -05003674 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3675 if (stat(fp, &buf) != 0) {
3676 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3677 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaub131c872019-10-16 16:42:19 +02003678 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003679 goto ignore_entry;
3680 }
3681 if (!S_ISREG(buf.st_mode))
3682 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003683
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003684#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003685 is_bundle = 0;
3686 /* Check if current entry in directory is part of a multi-cert bundle */
3687
3688 if (end) {
3689 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3690 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3691 is_bundle = 1;
3692 break;
3693 }
3694 }
3695
3696 if (is_bundle) {
3697 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3698 int dp_len;
3699
3700 dp_len = end - de->d_name;
3701 snprintf(dp, dp_len + 1, "%s", de->d_name);
3702
3703 /* increment i and free de until we get to a non-bundle cert
3704 * Note here that we look at de_list[i + 1] before freeing de
3705 * this is important since ignore_entry will free de
3706 */
3707 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3708 free(de);
3709 i++;
3710 de = de_list[i];
3711 }
3712
3713 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Willy Tarreaub131c872019-10-16 16:42:19 +02003714 cfgerr |= ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003715
3716 /* Successfully processed the bundle */
3717 goto ignore_entry;
3718 }
3719 }
3720
3721#endif
Willy Tarreaub131c872019-10-16 16:42:19 +02003722 cfgerr |= ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003723ignore_entry:
3724 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003725 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003726 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003727 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003728 closedir(dir);
3729 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003730 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003731
Willy Tarreaub131c872019-10-16 16:42:19 +02003732 cfgerr |= ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003733
Emeric Brunfc0421f2012-09-07 17:30:07 +02003734 return cfgerr;
3735}
3736
Thierry Fournier383085f2013-01-24 14:15:43 +01003737/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3738 * done once. Zero is returned if the operation fails. No error is returned
3739 * if the random is said as not implemented, because we expect that openssl
3740 * will use another method once needed.
3741 */
3742static int ssl_initialize_random()
3743{
3744 unsigned char random;
3745 static int random_initialized = 0;
3746
3747 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3748 random_initialized = 1;
3749
3750 return random_initialized;
3751}
3752
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003753/* release ssl bind conf */
3754void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003755{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003756 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003757#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003758 free(conf->npn_str);
3759 conf->npn_str = NULL;
3760#endif
3761#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3762 free(conf->alpn_str);
3763 conf->alpn_str = NULL;
3764#endif
3765 free(conf->ca_file);
3766 conf->ca_file = NULL;
3767 free(conf->crl_file);
3768 conf->crl_file = NULL;
3769 free(conf->ciphers);
3770 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02003771#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003772 free(conf->ciphersuites);
3773 conf->ciphersuites = NULL;
3774#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003775 free(conf->curves);
3776 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003777 free(conf->ecdhe);
3778 conf->ecdhe = NULL;
3779 }
3780}
3781
Willy Tarreaub131c872019-10-16 16:42:19 +02003782/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003783int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3784{
3785 char thisline[CRT_LINESIZE];
3786 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003787 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003788 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003789 int linenum = 0;
3790 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003791
Willy Tarreauad1731d2013-04-02 17:35:58 +02003792 if ((f = fopen(file, "r")) == NULL) {
3793 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaub131c872019-10-16 16:42:19 +02003794 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003795 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003796
3797 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003798 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003799 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003800 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003801 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003802 char *crt_path;
3803 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003804
3805 linenum++;
3806 end = line + strlen(line);
3807 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3808 /* Check if we reached the limit and the last char is not \n.
3809 * Watch out for the last line without the terminating '\n'!
3810 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003811 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3812 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaub131c872019-10-16 16:42:19 +02003813 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003814 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003815 }
3816
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003817 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003818 newarg = 1;
3819 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003820 if (*line == '#' || *line == '\n' || *line == '\r') {
3821 /* end of string, end of loop */
3822 *line = 0;
3823 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003824 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003825 newarg = 1;
3826 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003827 } else if (*line == '[') {
3828 if (ssl_b) {
3829 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003830 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003831 break;
3832 }
3833 if (!arg) {
3834 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003835 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003836 break;
3837 }
3838 ssl_b = arg;
3839 newarg = 1;
3840 *line = 0;
3841 } else if (*line == ']') {
3842 if (ssl_e) {
3843 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003844 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003845 break;
3846 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003847 if (!ssl_b) {
3848 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003849 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003850 break;
3851 }
3852 ssl_e = arg;
3853 newarg = 1;
3854 *line = 0;
3855 } else if (newarg) {
3856 if (arg == MAX_CRT_ARGS) {
3857 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003858 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003859 break;
3860 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003861 newarg = 0;
3862 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003863 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003864 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003865 }
Willy Tarreaub131c872019-10-16 16:42:19 +02003866 if (cfgerr & ERR_CODE)
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003867 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003868 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003869
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003870 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003871 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003872 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003873
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003874 crt_path = args[0];
3875 if (*crt_path != '/' && global_ssl.crt_base) {
3876 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3877 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3878 crt_path, linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003879 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003880 break;
3881 }
3882 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3883 crt_path = path;
3884 }
3885
3886 ssl_conf = calloc(1, sizeof *ssl_conf);
3887 cur_arg = ssl_b ? ssl_b : 1;
3888 while (cur_arg < ssl_e) {
3889 newarg = 0;
3890 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3891 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3892 newarg = 1;
Willy Tarreaub131c872019-10-16 16:42:19 +02003893 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003894 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3895 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3896 args[cur_arg], linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003897 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003898 }
3899 cur_arg += 1 + ssl_bind_kws[i].skip;
3900 break;
3901 }
3902 }
3903 if (!cfgerr && !newarg) {
3904 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3905 args[cur_arg], linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003906 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003907 break;
3908 }
3909 }
Willy Tarreaub131c872019-10-16 16:42:19 +02003910
3911 if (cfgerr & ERR_CODE) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003912 ssl_sock_free_ssl_conf(ssl_conf);
3913 free(ssl_conf);
3914 ssl_conf = NULL;
3915 break;
3916 }
3917
3918 if (stat(crt_path, &buf) == 0) {
Willy Tarreaub131c872019-10-16 16:42:19 +02003919 cfgerr |= ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003920 &args[cur_arg], arg - cur_arg - 1, err);
Willy Tarreaub131c872019-10-16 16:42:19 +02003921 } else {
3922 cfgerr |= ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3923 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003924 }
3925
Willy Tarreaub131c872019-10-16 16:42:19 +02003926 if (cfgerr & ERR_CODE) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02003927 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003928 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003929 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003930 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003931 fclose(f);
3932 return cfgerr;
3933}
3934
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003935/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003936static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003937ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003938{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003939 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003940 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003941 SSL_OP_ALL | /* all known workarounds for bugs */
3942 SSL_OP_NO_SSLv2 |
3943 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003944 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003945 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003946 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003947 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003948 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003949 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003950 SSL_MODE_ENABLE_PARTIAL_WRITE |
3951 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003952 SSL_MODE_RELEASE_BUFFERS |
3953 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003954 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003955 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003956 int flags = MC_SSL_O_ALL;
3957 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003958
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003959 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003960 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003961
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003962 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003963 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3964 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3965 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003966 else
3967 flags = conf_ssl_methods->flags;
3968
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003969 min = conf_ssl_methods->min;
3970 max = conf_ssl_methods->max;
3971 /* start with TLSv10 to remove SSLv3 per default */
3972 if (!min && (!max || max >= CONF_TLSV10))
3973 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003974 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003975 if (min)
3976 flags |= (methodVersions[min].flag - 1);
3977 if (max)
3978 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003979 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003980 min = max = CONF_TLSV_NONE;
3981 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003982 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003983 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003984 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003985 if (min) {
3986 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003987 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3988 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3989 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3990 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003991 hole = 0;
3992 }
3993 max = i;
3994 }
3995 else {
3996 min = max = i;
3997 }
3998 }
3999 else {
4000 if (min)
4001 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004002 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004003 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004004 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4005 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004006 cfgerr += 1;
4007 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004008 /* save real min/max in bind_conf */
4009 conf_ssl_methods->min = min;
4010 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004011
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004012#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004013 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004014 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004015 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004016 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004017 else
4018 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4019 if (flags & methodVersions[i].flag)
4020 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004021#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004022 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004023 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4024 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004025#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004026
4027 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4028 options |= SSL_OP_NO_TICKET;
4029 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4030 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004031
4032#ifdef SSL_OP_NO_RENEGOTIATION
4033 options |= SSL_OP_NO_RENEGOTIATION;
4034#endif
4035
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004036 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004037
Willy Tarreau5db847a2019-05-09 14:13:35 +02004038#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004039 if (global_ssl.async)
4040 mode |= SSL_MODE_ASYNC;
4041#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004042 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004043 if (global_ssl.life_time)
4044 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004045
4046#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4047#ifdef OPENSSL_IS_BORINGSSL
4048 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4049 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004050#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004051 if (bind_conf->ssl_conf.early_data) {
4052 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
4053 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
4054 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004055 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4056 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004057#else
4058 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004059#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004060 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004061#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004062 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004063}
4064
William Lallemand4f45bb92017-10-30 20:08:51 +01004065
4066static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4067{
4068 if (first == block) {
4069 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4070 if (first->len > 0)
4071 sh_ssl_sess_tree_delete(sh_ssl_sess);
4072 }
4073}
4074
4075/* return first block from sh_ssl_sess */
4076static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4077{
4078 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4079
4080}
4081
4082/* store a session into the cache
4083 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4084 * data: asn1 encoded session
4085 * data_len: asn1 encoded session length
4086 * Returns 1 id session was stored (else 0)
4087 */
4088static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4089{
4090 struct shared_block *first;
4091 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4092
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004093 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004094 if (!first) {
4095 /* Could not retrieve enough free blocks to store that session */
4096 return 0;
4097 }
4098
4099 /* STORE the key in the first elem */
4100 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4101 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4102 first->len = sizeof(struct sh_ssl_sess_hdr);
4103
4104 /* it returns the already existing node
4105 or current node if none, never returns null */
4106 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4107 if (oldsh_ssl_sess != sh_ssl_sess) {
4108 /* NOTE: Row couldn't be in use because we lock read & write function */
4109 /* release the reserved row */
4110 shctx_row_dec_hot(ssl_shctx, first);
4111 /* replace the previous session already in the tree */
4112 sh_ssl_sess = oldsh_ssl_sess;
4113 /* ignore the previous session data, only use the header */
4114 first = sh_ssl_sess_first_block(sh_ssl_sess);
4115 shctx_row_inc_hot(ssl_shctx, first);
4116 first->len = sizeof(struct sh_ssl_sess_hdr);
4117 }
4118
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004119 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004120 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004121 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004122 }
4123
4124 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004125
4126 return 1;
4127}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004128
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004129/* SSL callback used when a new session is created while connecting to a server */
4130static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4131{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004132 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004133 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004134
Willy Tarreau07d94e42018-09-20 10:57:52 +02004135 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004136
Olivier Houcharde6060c52017-11-16 17:42:52 +01004137 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4138 int len;
4139 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004140
Olivier Houcharde6060c52017-11-16 17:42:52 +01004141 len = i2d_SSL_SESSION(sess, NULL);
4142 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4143 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4144 } else {
4145 free(s->ssl_ctx.reused_sess[tid].ptr);
4146 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4147 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4148 }
4149 if (s->ssl_ctx.reused_sess[tid].ptr) {
4150 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4151 &ptr);
4152 }
4153 } else {
4154 free(s->ssl_ctx.reused_sess[tid].ptr);
4155 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4156 }
4157
4158 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004159}
4160
Olivier Houcharde6060c52017-11-16 17:42:52 +01004161
William Lallemanded0b5ad2017-10-30 19:36:36 +01004162/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004163int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004164{
4165 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4166 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4167 unsigned char *p;
4168 int data_len;
Emeric Brun7b34de32019-10-08 18:27:37 +02004169 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004170 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004171
4172 /* Session id is already stored in to key and session id is known
4173 * so we dont store it to keep size.
Emeric Brun7b34de32019-10-08 18:27:37 +02004174 * note: SSL_SESSION_set1_id is using
4175 * a memcpy so we need to use a different pointer
4176 * than sid_data or sid_ctx_data to avoid valgrind
4177 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004178 */
4179
4180 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Brun7b34de32019-10-08 18:27:37 +02004181
4182 /* copy value in an other buffer */
4183 memcpy(encid, sid_data, sid_length);
4184
4185 /* pad with 0 */
4186 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4187 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4188
4189 /* force length to zero to avoid ASN1 encoding */
4190 SSL_SESSION_set1_id(sess, encid, 0);
4191
4192 /* force length to zero to avoid ASN1 encoding */
4193 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004194
4195 /* check if buffer is large enough for the ASN1 encoded session */
4196 data_len = i2d_SSL_SESSION(sess, NULL);
4197 if (data_len > SHSESS_MAX_DATA_LEN)
4198 goto err;
4199
4200 p = encsess;
4201
4202 /* process ASN1 session encoding before the lock */
4203 i2d_SSL_SESSION(sess, &p);
4204
William Lallemanded0b5ad2017-10-30 19:36:36 +01004205
William Lallemanda3c77cf2017-10-30 23:44:40 +01004206 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004207 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004208 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004209 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004210err:
4211 /* reset original length values */
Emeric Brun7b34de32019-10-08 18:27:37 +02004212 SSL_SESSION_set1_id(sess, encid, sid_length);
4213 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004214
4215 return 0; /* do not increment session reference count */
4216}
4217
4218/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004219SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004220{
William Lallemand4f45bb92017-10-30 20:08:51 +01004221 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004222 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4223 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004224 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004225 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004226
4227 global.shctx_lookups++;
4228
4229 /* allow the session to be freed automatically by openssl */
4230 *do_copy = 0;
4231
4232 /* tree key is zeros padded sessionid */
4233 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4234 memcpy(tmpkey, key, key_len);
4235 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4236 key = tmpkey;
4237 }
4238
4239 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004240 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004241
4242 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004243 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4244 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004245 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004246 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004247 global.shctx_misses++;
4248 return NULL;
4249 }
4250
William Lallemand4f45bb92017-10-30 20:08:51 +01004251 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4252 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004253
William Lallemand4f45bb92017-10-30 20:08:51 +01004254 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004255
William Lallemanda3c77cf2017-10-30 23:44:40 +01004256 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004257
4258 /* decode ASN1 session */
4259 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004260 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004261 /* Reset session id and session id contenxt */
4262 if (sess) {
4263 SSL_SESSION_set1_id(sess, key, key_len);
4264 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4265 }
4266
4267 return sess;
4268}
4269
William Lallemand4f45bb92017-10-30 20:08:51 +01004270
William Lallemanded0b5ad2017-10-30 19:36:36 +01004271/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004272void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004273{
William Lallemand4f45bb92017-10-30 20:08:51 +01004274 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004275 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4276 unsigned int sid_length;
4277 const unsigned char *sid_data;
4278 (void)ctx;
4279
4280 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4281 /* tree key is zeros padded sessionid */
4282 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4283 memcpy(tmpkey, sid_data, sid_length);
4284 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4285 sid_data = tmpkey;
4286 }
4287
William Lallemanda3c77cf2017-10-30 23:44:40 +01004288 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004289
4290 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004291 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4292 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004293 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004294 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004295 }
4296
4297 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004298 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004299}
4300
4301/* Set session cache mode to server and disable openssl internal cache.
4302 * Set shared cache callbacks on an ssl context.
4303 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004304void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004305{
4306 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4307
4308 if (!ssl_shctx) {
4309 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4310 return;
4311 }
4312
4313 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4314 SSL_SESS_CACHE_NO_INTERNAL |
4315 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4316
4317 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004318 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4319 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4320 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004321}
4322
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004323int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4324{
4325 struct proxy *curproxy = bind_conf->frontend;
4326 int cfgerr = 0;
4327 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004328 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004329 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004330#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004331 const char *conf_ciphersuites;
4332#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004333 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004334
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004335 if (ssl_conf) {
4336 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4337 int i, min, max;
4338 int flags = MC_SSL_O_ALL;
4339
4340 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004341 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4342 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004343 if (min)
4344 flags |= (methodVersions[min].flag - 1);
4345 if (max)
4346 flags |= ~((methodVersions[max].flag << 1) - 1);
4347 min = max = CONF_TLSV_NONE;
4348 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4349 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4350 if (min)
4351 max = i;
4352 else
4353 min = max = i;
4354 }
4355 /* save real min/max */
4356 conf_ssl_methods->min = min;
4357 conf_ssl_methods->max = max;
4358 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004359 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4360 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004361 cfgerr += 1;
4362 }
4363 }
4364
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004365 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004366 case SSL_SOCK_VERIFY_NONE:
4367 verify = SSL_VERIFY_NONE;
4368 break;
4369 case SSL_SOCK_VERIFY_OPTIONAL:
4370 verify = SSL_VERIFY_PEER;
4371 break;
4372 case SSL_SOCK_VERIFY_REQUIRED:
4373 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4374 break;
4375 }
4376 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4377 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004378 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4379 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4380 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004381 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004382 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004383 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4384 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004385 cfgerr++;
4386 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004387 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4388 /* set CA names for client cert request, function returns void */
4389 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4390 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004391 }
Emeric Brun850efd52014-01-29 12:24:34 +01004392 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004393 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4394 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004395 cfgerr++;
4396 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004397#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004398 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004399 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4400
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004401 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004402 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4403 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004404 cfgerr++;
4405 }
Emeric Brun561e5742012-10-02 15:20:55 +02004406 else {
4407 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4408 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004409 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004410#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004411 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004412 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004413#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004414 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004415 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004416 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4417 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004418 cfgerr++;
4419 }
4420 }
4421#endif
4422
William Lallemand4f45bb92017-10-30 20:08:51 +01004423 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004424 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4425 if (conf_ciphers &&
4426 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004427 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4428 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004429 cfgerr++;
4430 }
4431
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004432#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004433 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4434 if (conf_ciphersuites &&
4435 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4436 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4437 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4438 cfgerr++;
4439 }
4440#endif
4441
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004442#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004443 /* If tune.ssl.default-dh-param has not been set,
4444 neither has ssl-default-dh-file and no static DH
4445 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004446 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004447 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004448 (ssl_dh_ptr_index == -1 ||
4449 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004450 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4451 const SSL_CIPHER * cipher = NULL;
4452 char cipher_description[128];
4453 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4454 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4455 which is not ephemeral DH. */
4456 const char dhe_description[] = " Kx=DH ";
4457 const char dhe_export_description[] = " Kx=DH(";
4458 int idx = 0;
4459 int dhe_found = 0;
4460 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004461
Remi Gacogne23d5d372014-10-10 17:04:26 +02004462 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004463
Remi Gacogne23d5d372014-10-10 17:04:26 +02004464 if (ssl) {
4465 ciphers = SSL_get_ciphers(ssl);
4466
4467 if (ciphers) {
4468 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4469 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4470 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4471 if (strstr(cipher_description, dhe_description) != NULL ||
4472 strstr(cipher_description, dhe_export_description) != NULL) {
4473 dhe_found = 1;
4474 break;
4475 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004476 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004477 }
4478 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004479 SSL_free(ssl);
4480 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004481 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004482
Lukas Tribus90132722014-08-18 00:56:33 +02004483 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004484 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004485 }
4486
Willy Tarreauef934602016-12-22 23:12:01 +01004487 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004488 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004489
Willy Tarreauef934602016-12-22 23:12:01 +01004490 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004491 if (local_dh_1024 == NULL) {
4492 local_dh_1024 = ssl_get_dh_1024();
4493 }
Willy Tarreauef934602016-12-22 23:12:01 +01004494 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004495 if (local_dh_2048 == NULL) {
4496 local_dh_2048 = ssl_get_dh_2048();
4497 }
Willy Tarreauef934602016-12-22 23:12:01 +01004498 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004499 if (local_dh_4096 == NULL) {
4500 local_dh_4096 = ssl_get_dh_4096();
4501 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004502 }
4503 }
4504 }
4505#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004506
Emeric Brunfc0421f2012-09-07 17:30:07 +02004507 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004508#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004509 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004510#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004511
Bernard Spil13c53f82018-02-15 13:34:58 +01004512#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004513 ssl_conf_cur = NULL;
4514 if (ssl_conf && ssl_conf->npn_str)
4515 ssl_conf_cur = ssl_conf;
4516 else if (bind_conf->ssl_conf.npn_str)
4517 ssl_conf_cur = &bind_conf->ssl_conf;
4518 if (ssl_conf_cur)
4519 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004520#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004521#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004522 ssl_conf_cur = NULL;
4523 if (ssl_conf && ssl_conf->alpn_str)
4524 ssl_conf_cur = ssl_conf;
4525 else if (bind_conf->ssl_conf.alpn_str)
4526 ssl_conf_cur = &bind_conf->ssl_conf;
4527 if (ssl_conf_cur)
4528 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004529#endif
Lukas Tribusd13e9252019-11-24 18:20:40 +01004530#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004531 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4532 if (conf_curves) {
4533 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004534 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4535 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004536 cfgerr++;
4537 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004538#if defined(SSL_CTX_set_ecdh_auto)
4539 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4540#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004541 }
4542#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004543#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004544 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004545 int i;
4546 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004547#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004548 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004549 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4550 NULL);
4551
4552 if (ecdhe == NULL) {
Eric Salama27c21cd2019-11-20 11:33:40 +01004553 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02004554 return cfgerr;
4555 }
4556#else
4557 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4558 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4559 ECDHE_DEFAULT_CURVE);
4560#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004561
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004562 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004563 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004564 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4565 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004566 cfgerr++;
4567 }
4568 else {
4569 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4570 EC_KEY_free(ecdh);
4571 }
4572 }
4573#endif
4574
Emeric Brunfc0421f2012-09-07 17:30:07 +02004575 return cfgerr;
4576}
4577
Evan Broderbe554312013-06-27 00:05:25 -07004578static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4579{
4580 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4581 size_t prefixlen, suffixlen;
4582
4583 /* Trivial case */
4584 if (strcmp(pattern, hostname) == 0)
4585 return 1;
4586
Evan Broderbe554312013-06-27 00:05:25 -07004587 /* The rest of this logic is based on RFC 6125, section 6.4.3
4588 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4589
Emeric Bruna848dae2013-10-08 11:27:28 +02004590 pattern_wildcard = NULL;
4591 pattern_left_label_end = pattern;
4592 while (*pattern_left_label_end != '.') {
4593 switch (*pattern_left_label_end) {
4594 case 0:
4595 /* End of label not found */
4596 return 0;
4597 case '*':
4598 /* If there is more than one wildcards */
4599 if (pattern_wildcard)
4600 return 0;
4601 pattern_wildcard = pattern_left_label_end;
4602 break;
4603 }
4604 pattern_left_label_end++;
4605 }
4606
4607 /* If it's not trivial and there is no wildcard, it can't
4608 * match */
4609 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004610 return 0;
4611
4612 /* Make sure all labels match except the leftmost */
4613 hostname_left_label_end = strchr(hostname, '.');
4614 if (!hostname_left_label_end
4615 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4616 return 0;
4617
4618 /* Make sure the leftmost label of the hostname is long enough
4619 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004620 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004621 return 0;
4622
4623 /* Finally compare the string on either side of the
4624 * wildcard */
4625 prefixlen = pattern_wildcard - pattern;
4626 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004627 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4628 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004629 return 0;
4630
4631 return 1;
4632}
4633
4634static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4635{
4636 SSL *ssl;
4637 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004638 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004639 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004640 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004641
4642 int depth;
4643 X509 *cert;
4644 STACK_OF(GENERAL_NAME) *alt_names;
4645 int i;
4646 X509_NAME *cert_subject;
4647 char *str;
4648
4649 if (ok == 0)
4650 return ok;
4651
4652 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004653 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004654 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004655
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004656 /* We're checking if the provided hostnames match the desired one. The
4657 * desired hostname comes from the SNI we presented if any, or if not
4658 * provided then it may have been explicitly stated using a "verifyhost"
4659 * directive. If neither is set, we don't care about the name so the
4660 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004661 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004662 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004663 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004664 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004665 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004666 if (!servername)
4667 return ok;
4668 }
Evan Broderbe554312013-06-27 00:05:25 -07004669
4670 /* We only need to verify the CN on the actual server cert,
4671 * not the indirect CAs */
4672 depth = X509_STORE_CTX_get_error_depth(ctx);
4673 if (depth != 0)
4674 return ok;
4675
4676 /* At this point, the cert is *not* OK unless we can find a
4677 * hostname match */
4678 ok = 0;
4679
4680 cert = X509_STORE_CTX_get_current_cert(ctx);
4681 /* It seems like this might happen if verify peer isn't set */
4682 if (!cert)
4683 return ok;
4684
4685 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4686 if (alt_names) {
4687 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4688 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4689 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004690#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02004691 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4692#else
Evan Broderbe554312013-06-27 00:05:25 -07004693 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004694#endif
Evan Broderbe554312013-06-27 00:05:25 -07004695 ok = ssl_sock_srv_hostcheck(str, servername);
4696 OPENSSL_free(str);
4697 }
4698 }
4699 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004700 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004701 }
4702
4703 cert_subject = X509_get_subject_name(cert);
4704 i = -1;
4705 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4706 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004707 ASN1_STRING *value;
4708 value = X509_NAME_ENTRY_get_data(entry);
4709 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004710 ok = ssl_sock_srv_hostcheck(str, servername);
4711 OPENSSL_free(str);
4712 }
4713 }
4714
Willy Tarreau71d058c2017-07-26 20:09:56 +02004715 /* report the mismatch and indicate if SNI was used or not */
4716 if (!ok && !conn->err_code)
4717 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004718 return ok;
4719}
4720
Emeric Brun94324a42012-10-11 14:00:19 +02004721/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004722int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004723{
Willy Tarreau03209342016-12-22 17:08:28 +01004724 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004725 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004726 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004727 SSL_OP_ALL | /* all known workarounds for bugs */
4728 SSL_OP_NO_SSLv2 |
4729 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004730 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004731 SSL_MODE_ENABLE_PARTIAL_WRITE |
4732 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004733 SSL_MODE_RELEASE_BUFFERS |
4734 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004735 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004736 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004737 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004738 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004739 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004740
Thierry Fournier383085f2013-01-24 14:15:43 +01004741 /* Make sure openssl opens /dev/urandom before the chroot */
4742 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004743 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004744 cfgerr++;
4745 }
4746
Willy Tarreaufce03112015-01-15 21:32:40 +01004747 /* Automatic memory computations need to know we use SSL there */
4748 global.ssl_used_backend = 1;
4749
4750 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004751 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004752 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004753 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4754 curproxy->id, srv->id,
4755 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004756 cfgerr++;
4757 return cfgerr;
4758 }
4759 }
Emeric Brun94324a42012-10-11 14:00:19 +02004760 if (srv->use_ssl)
4761 srv->xprt = &ssl_sock;
4762 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004763 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004764
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004765 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004766 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004767 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4768 proxy_type_str(curproxy), curproxy->id,
4769 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004770 cfgerr++;
4771 return cfgerr;
4772 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004773
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004774 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004775 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4776 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4777 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004778 else
4779 flags = conf_ssl_methods->flags;
4780
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004781 /* Real min and max should be determinate with configuration and openssl's capabilities */
4782 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004783 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004784 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004785 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004786
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004787 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004788 min = max = CONF_TLSV_NONE;
4789 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004790 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004791 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004792 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004793 if (min) {
4794 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004795 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4796 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4797 proxy_type_str(curproxy), curproxy->id, srv->id,
4798 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004799 hole = 0;
4800 }
4801 max = i;
4802 }
4803 else {
4804 min = max = i;
4805 }
4806 }
4807 else {
4808 if (min)
4809 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004810 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004811 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004812 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4813 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004814 cfgerr += 1;
4815 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004816
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004817#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004818 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004819 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004820 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004821 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004822 else
4823 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4824 if (flags & methodVersions[i].flag)
4825 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004826#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004827 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004828 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4829 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004830#endif
4831
4832 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4833 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004834 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004835
Willy Tarreau5db847a2019-05-09 14:13:35 +02004836#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004837 if (global_ssl.async)
4838 mode |= SSL_MODE_ASYNC;
4839#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004840 SSL_CTX_set_mode(ctx, mode);
4841 srv->ssl_ctx.ctx = ctx;
4842
Emeric Bruna7aa3092012-10-26 12:58:00 +02004843 if (srv->ssl_ctx.client_crt) {
4844 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004845 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4846 proxy_type_str(curproxy), curproxy->id,
4847 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004848 cfgerr++;
4849 }
4850 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004851 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4852 proxy_type_str(curproxy), curproxy->id,
4853 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004854 cfgerr++;
4855 }
4856 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004857 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4858 proxy_type_str(curproxy), curproxy->id,
4859 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004860 cfgerr++;
4861 }
4862 }
Emeric Brun94324a42012-10-11 14:00:19 +02004863
Emeric Brun850efd52014-01-29 12:24:34 +01004864 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4865 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004866 switch (srv->ssl_ctx.verify) {
4867 case SSL_SOCK_VERIFY_NONE:
4868 verify = SSL_VERIFY_NONE;
4869 break;
4870 case SSL_SOCK_VERIFY_REQUIRED:
4871 verify = SSL_VERIFY_PEER;
4872 break;
4873 }
Evan Broderbe554312013-06-27 00:05:25 -07004874 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004875 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004876 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004877 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004878 if (srv->ssl_ctx.ca_file) {
4879 /* load CAfile to verify */
4880 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004881 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4882 curproxy->id, srv->id,
4883 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004884 cfgerr++;
4885 }
4886 }
Emeric Brun850efd52014-01-29 12:24:34 +01004887 else {
4888 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004889 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4890 curproxy->id, srv->id,
4891 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004892 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004893 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4894 curproxy->id, srv->id,
4895 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004896 cfgerr++;
4897 }
Emeric Brunef42d922012-10-11 16:11:36 +02004898#ifdef X509_V_FLAG_CRL_CHECK
4899 if (srv->ssl_ctx.crl_file) {
4900 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4901
4902 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004903 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4904 curproxy->id, srv->id,
4905 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004906 cfgerr++;
4907 }
4908 else {
4909 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4910 }
4911 }
4912#endif
4913 }
4914
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004915 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4916 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4917 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004918 if (srv->ssl_ctx.ciphers &&
4919 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004920 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4921 curproxy->id, srv->id,
4922 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004923 cfgerr++;
4924 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004925
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004926#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004927 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004928 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004929 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4930 curproxy->id, srv->id,
4931 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4932 cfgerr++;
4933 }
4934#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004935#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4936 if (srv->ssl_ctx.npn_str)
4937 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4938#endif
4939#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4940 if (srv->ssl_ctx.alpn_str)
4941 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4942#endif
4943
Emeric Brun94324a42012-10-11 14:00:19 +02004944
4945 return cfgerr;
4946}
4947
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004948/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004949 * be NULL, in which case nothing is done. Returns the number of errors
4950 * encountered.
4951 */
Willy Tarreau03209342016-12-22 17:08:28 +01004952int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004953{
4954 struct ebmb_node *node;
4955 struct sni_ctx *sni;
4956 int err = 0;
4957
Willy Tarreaufce03112015-01-15 21:32:40 +01004958 /* Automatic memory computations need to know we use SSL there */
4959 global.ssl_used_frontend = 1;
4960
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004961 /* Make sure openssl opens /dev/urandom before the chroot */
4962 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004963 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004964 err++;
4965 }
4966 /* Create initial_ctx used to start the ssl connection before do switchctx */
4967 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004968 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004969 /* It should not be necessary to call this function, but it's
4970 necessary first to check and move all initialisation related
4971 to initial_ctx in ssl_sock_initial_ctx. */
4972 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4973 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004974 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004975 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004976
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004977 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004978 while (node) {
4979 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004980 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4981 /* only initialize the CTX on its first occurrence and
4982 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004983 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004984 node = ebmb_next(node);
4985 }
4986
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004987 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004988 while (node) {
4989 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004990 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4991 /* only initialize the CTX on its first occurrence and
4992 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004993 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004994 node = ebmb_next(node);
4995 }
4996 return err;
4997}
4998
Willy Tarreau55d37912016-12-21 23:38:39 +01004999/* Prepares all the contexts for a bind_conf and allocates the shared SSL
5000 * context if needed. Returns < 0 on error, 0 on success. The warnings and
5001 * alerts are directly emitted since the rest of the stack does it below.
5002 */
5003int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
5004{
5005 struct proxy *px = bind_conf->frontend;
5006 int alloc_ctx;
5007 int err;
5008
5009 if (!bind_conf->is_ssl) {
5010 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005011 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5012 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005013 }
5014 return 0;
5015 }
5016 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005017 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005018 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5019 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005020 }
5021 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005022 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5023 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005024 return -1;
5025 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005026 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005027 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005028 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005029 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005030 sizeof(*sh_ssl_sess_tree),
5031 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005032 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005033 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5034 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5035 else
5036 ha_alert("Unable to allocate SSL session cache.\n");
5037 return -1;
5038 }
5039 /* free block callback */
5040 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5041 /* init the root tree within the extra space */
5042 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5043 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005044 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005045 err = 0;
5046 /* initialize all certificate contexts */
5047 err += ssl_sock_prepare_all_ctx(bind_conf);
5048
5049 /* initialize CA variables if the certificates generation is enabled */
5050 err += ssl_sock_load_ca(bind_conf);
5051
5052 return -err;
5053}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005054
5055/* release ssl context allocated for servers. */
5056void ssl_sock_free_srv_ctx(struct server *srv)
5057{
Olivier Houchardc7566002018-11-20 23:33:50 +01005058#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5059 if (srv->ssl_ctx.alpn_str)
5060 free(srv->ssl_ctx.alpn_str);
5061#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005062#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005063 if (srv->ssl_ctx.npn_str)
5064 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005065#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005066 if (srv->ssl_ctx.ctx)
5067 SSL_CTX_free(srv->ssl_ctx.ctx);
5068}
5069
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005070/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005071 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5072 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005073void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005074{
5075 struct ebmb_node *node, *back;
5076 struct sni_ctx *sni;
5077
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005078 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005079 while (node) {
5080 sni = ebmb_entry(node, struct sni_ctx, name);
5081 back = ebmb_next(node);
5082 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005083 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005084 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005085 ssl_sock_free_ssl_conf(sni->conf);
5086 free(sni->conf);
5087 sni->conf = NULL;
5088 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005089 free(sni);
5090 node = back;
5091 }
5092
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005093 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005094 while (node) {
5095 sni = ebmb_entry(node, struct sni_ctx, name);
5096 back = ebmb_next(node);
5097 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005098 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005099 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005100 ssl_sock_free_ssl_conf(sni->conf);
5101 free(sni->conf);
5102 sni->conf = NULL;
5103 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005104 free(sni);
5105 node = back;
5106 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005107 SSL_CTX_free(bind_conf->initial_ctx);
5108 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005109 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005110 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005111}
5112
Willy Tarreau795cdab2016-12-22 17:30:54 +01005113/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5114void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5115{
5116 ssl_sock_free_ca(bind_conf);
5117 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005118 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005119 free(bind_conf->ca_sign_file);
5120 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005121 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005122 free(bind_conf->keys_ref->filename);
5123 free(bind_conf->keys_ref->tlskeys);
5124 LIST_DEL(&bind_conf->keys_ref->list);
5125 free(bind_conf->keys_ref);
5126 }
5127 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005128 bind_conf->ca_sign_pass = NULL;
5129 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005130}
5131
Christopher Faulet31af49d2015-06-09 17:29:50 +02005132/* Load CA cert file and private key used to generate certificates */
5133int
Willy Tarreau03209342016-12-22 17:08:28 +01005134ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005135{
Willy Tarreau03209342016-12-22 17:08:28 +01005136 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005137 FILE *fp;
5138 X509 *cacert = NULL;
5139 EVP_PKEY *capkey = NULL;
5140 int err = 0;
5141
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005142 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005143 return err;
5144
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005145#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005146 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005147 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005148 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005149 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005150 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005151#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005152
Christopher Faulet31af49d2015-06-09 17:29:50 +02005153 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005154 ha_alert("Proxy '%s': cannot enable certificate generation, "
5155 "no CA certificate File configured at [%s:%d].\n",
5156 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005157 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005158 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005159
5160 /* read in the CA certificate */
5161 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005162 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5163 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005164 goto load_error;
5165 }
5166 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005167 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5168 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005169 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005170 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005171 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005172 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005173 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5174 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005175 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005176 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005177
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005178 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005179 bind_conf->ca_sign_cert = cacert;
5180 bind_conf->ca_sign_pkey = capkey;
5181 return err;
5182
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005183 read_error:
5184 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005185 if (capkey) EVP_PKEY_free(capkey);
5186 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005187 load_error:
5188 bind_conf->generate_certs = 0;
5189 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005190 return err;
5191}
5192
5193/* Release CA cert and private key used to generate certificated */
5194void
5195ssl_sock_free_ca(struct bind_conf *bind_conf)
5196{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005197 if (bind_conf->ca_sign_pkey)
5198 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5199 if (bind_conf->ca_sign_cert)
5200 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005201 bind_conf->ca_sign_pkey = NULL;
5202 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005203}
5204
Emeric Brun46591952012-05-18 15:47:34 +02005205/*
5206 * This function is called if SSL * context is not yet allocated. The function
5207 * is designed to be called before any other data-layer operation and sets the
5208 * handshake flag on the connection. It is safe to call it multiple times.
5209 * It returns 0 on success and -1 in error case.
5210 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005211static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005212{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005213 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005214 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005215 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005216 return 0;
5217
Willy Tarreau3c728722014-01-23 13:50:42 +01005218 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005219 return 0;
5220
Olivier Houchard66ab4982019-02-26 18:37:15 +01005221 ctx = pool_alloc(ssl_sock_ctx_pool);
5222 if (!ctx) {
5223 conn->err_code = CO_ER_SSL_NO_MEM;
5224 return -1;
5225 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005226 ctx->wait_event.tasklet = tasklet_new();
5227 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005228 conn->err_code = CO_ER_SSL_NO_MEM;
5229 pool_free(ssl_sock_ctx_pool, ctx);
5230 return -1;
5231 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005232 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5233 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005234 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005235 ctx->sent_early_data = 0;
5236 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005237 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005238 ctx->send_wait = NULL;
5239 ctx->recv_wait = NULL;
Emeric Brun87cfd662019-09-06 15:36:02 +02005240 ctx->xprt_st = 0;
5241 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005242
5243 /* Only work with sockets for now, this should be adapted when we'll
5244 * add QUIC support.
5245 */
5246 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005247 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005248 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5249 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005250 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005251
Willy Tarreau20879a02012-12-03 16:32:10 +01005252 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5253 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005254 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005255 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005256
Emeric Brun46591952012-05-18 15:47:34 +02005257 /* If it is in client mode initiate SSL session
5258 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005259 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005260 int may_retry = 1;
5261
5262 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005263 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005264 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5265 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005266 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005267 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005268 goto retry_connect;
5269 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005270 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005271 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005272 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005273 ctx->bio = BIO_new(ha_meth);
5274 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005275 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005276 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005277 goto retry_connect;
5278 }
Emeric Brun55476152014-11-12 17:35:37 +01005279 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005280 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005281 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005282 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005283 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005284
Evan Broderbe554312013-06-27 00:05:25 -07005285 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005286 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5287 SSL_free(ctx->ssl);
5288 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005289 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005290 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005291 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005292 goto retry_connect;
5293 }
Emeric Brun55476152014-11-12 17:35:37 +01005294 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005295 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005296 }
5297
Olivier Houchard66ab4982019-02-26 18:37:15 +01005298 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005299 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5300 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5301 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005302 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005303 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005304 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5305 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005306 } else if (sess) {
5307 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005308 }
5309 }
Evan Broderbe554312013-06-27 00:05:25 -07005310
Emeric Brun46591952012-05-18 15:47:34 +02005311 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005312 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005313
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005314 _HA_ATOMIC_ADD(&sslconns, 1);
5315 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005316 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005317 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005318 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005319 if (conn->flags & CO_FL_ERROR)
5320 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005321 return 0;
5322 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005323 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005324 int may_retry = 1;
5325
5326 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005327 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005328 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5329 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005330 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005331 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005332 goto retry_accept;
5333 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005334 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005335 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005336 }
Emeric Brun46591952012-05-18 15:47:34 +02005337
Olivier Houcharda8955d52019-04-07 22:00:38 +02005338 ctx->bio = BIO_new(ha_meth);
5339 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005340 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005341 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005342 goto retry_accept;
5343 }
Emeric Brun55476152014-11-12 17:35:37 +01005344 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005345 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005346 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005347 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005348 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005349
Emeric Brune1f38db2012-09-03 20:36:47 +02005350 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005351 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5352 SSL_free(ctx->ssl);
5353 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005354 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005355 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005356 goto retry_accept;
5357 }
Emeric Brun55476152014-11-12 17:35:37 +01005358 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005359 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005360 }
5361
Olivier Houchard66ab4982019-02-26 18:37:15 +01005362 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005363
Emeric Brun46591952012-05-18 15:47:34 +02005364 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005365 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005366#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005367 conn->flags |= CO_FL_EARLY_SSL_HS;
5368#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005369
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005370 _HA_ATOMIC_ADD(&sslconns, 1);
5371 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005372 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005373 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005374 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005375 if (conn->flags & CO_FL_ERROR)
5376 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005377 return 0;
5378 }
5379 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005380 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005381err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005382 if (ctx && ctx->wait_event.tasklet)
5383 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005384 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005385 return -1;
5386}
5387
5388
5389/* This is the callback which is used when an SSL handshake is pending. It
5390 * updates the FD status if it wants some polling before being called again.
5391 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5392 * otherwise it returns non-zero and removes itself from the connection's
5393 * flags (the bit is provided in <flag> by the caller).
5394 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005395static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005396{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005397 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005398 int ret;
5399
Willy Tarreau3c728722014-01-23 13:50:42 +01005400 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005401 return 0;
5402
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005403 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005404 goto out_error;
5405
Willy Tarreau5db847a2019-05-09 14:13:35 +02005406#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005407 /*
5408 * Check if we have early data. If we do, we have to read them
5409 * before SSL_do_handshake() is called, And there's no way to
5410 * detect early data, except to try to read them
5411 */
5412 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5413 size_t read_data;
5414
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005415 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005416 1, &read_data);
5417 if (ret == SSL_READ_EARLY_DATA_ERROR)
5418 goto check_error;
5419 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5420 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5421 return 1;
5422 } else
5423 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5424 }
5425#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005426 /* If we use SSL_do_handshake to process a reneg initiated by
5427 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5428 * Usually SSL_write and SSL_read are used and process implicitly
5429 * the reneg handshake.
5430 * Here we use SSL_peek as a workaround for reneg.
5431 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005432 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005433 char c;
5434
Olivier Houchard66ab4982019-02-26 18:37:15 +01005435 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005436 if (ret <= 0) {
5437 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005438 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005439
Emeric Brun674b7432012-11-08 19:21:55 +01005440 if (ret == SSL_ERROR_WANT_WRITE) {
5441 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005442 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005443 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005444 return 0;
5445 }
5446 else if (ret == SSL_ERROR_WANT_READ) {
5447 /* handshake may have been completed but we have
5448 * no more data to read.
5449 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005450 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005451 ret = 1;
5452 goto reneg_ok;
5453 }
5454 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005455 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005456 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005457 return 0;
5458 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005459#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005460 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005461 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005462 return 0;
5463 }
5464#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005465 else if (ret == SSL_ERROR_SYSCALL) {
5466 /* if errno is null, then connection was successfully established */
5467 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5468 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005469 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005470#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5471 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005472 conn->err_code = CO_ER_SSL_HANDSHAKE;
5473#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005474 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005475#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005476 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005477 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005478 empty_handshake = state == TLS_ST_BEFORE;
5479#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005480 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5481 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005482#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005483 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005484 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005485 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005486 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5487 else
5488 conn->err_code = CO_ER_SSL_EMPTY;
5489 }
5490 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005491 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005492 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5493 else
5494 conn->err_code = CO_ER_SSL_ABORT;
5495 }
5496 }
5497 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005498 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005499 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005500 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005501 conn->err_code = CO_ER_SSL_HANDSHAKE;
5502 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005503#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005504 }
Emeric Brun674b7432012-11-08 19:21:55 +01005505 goto out_error;
5506 }
5507 else {
5508 /* Fail on all other handshake errors */
5509 /* Note: OpenSSL may leave unread bytes in the socket's
5510 * buffer, causing an RST to be emitted upon close() on
5511 * TCP sockets. We first try to drain possibly pending
5512 * data to avoid this as much as possible.
5513 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005514 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005515 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005516 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005517 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005518 goto out_error;
5519 }
5520 }
5521 /* read some data: consider handshake completed */
5522 goto reneg_ok;
5523 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005524 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005525check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005526 if (ret != 1) {
5527 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005528 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005529
5530 if (ret == SSL_ERROR_WANT_WRITE) {
5531 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005532 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005533 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005534 return 0;
5535 }
5536 else if (ret == SSL_ERROR_WANT_READ) {
5537 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02005538 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005539 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5540 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005541 return 0;
5542 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005543#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005544 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005545 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005546 return 0;
5547 }
5548#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005549 else if (ret == SSL_ERROR_SYSCALL) {
5550 /* if errno is null, then connection was successfully established */
5551 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5552 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005553 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005554#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5555 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005556 conn->err_code = CO_ER_SSL_HANDSHAKE;
5557#else
5558 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005559#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005560 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005561 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005562 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005563#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005564 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5565 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005566#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005567 if (empty_handshake) {
5568 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005569 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005570 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5571 else
5572 conn->err_code = CO_ER_SSL_EMPTY;
5573 }
5574 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005575 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005576 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5577 else
5578 conn->err_code = CO_ER_SSL_ABORT;
5579 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005580 }
5581 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005582 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005583 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5584 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005585 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005586 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005587#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02005588 }
Willy Tarreau89230192012-09-28 20:22:13 +02005589 goto out_error;
5590 }
Emeric Brun46591952012-05-18 15:47:34 +02005591 else {
5592 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005593 /* Note: OpenSSL may leave unread bytes in the socket's
5594 * buffer, causing an RST to be emitted upon close() on
5595 * TCP sockets. We first try to drain possibly pending
5596 * data to avoid this as much as possible.
5597 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005598 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005599 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005600 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005601 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005602 goto out_error;
5603 }
5604 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005605#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01005606 else {
5607 /*
5608 * If the server refused the early data, we have to send a
5609 * 425 to the client, as we no longer have the data to sent
5610 * them again.
5611 */
5612 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005613 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005614 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5615 goto out_error;
5616 }
5617 }
5618 }
5619#endif
5620
Emeric Brun46591952012-05-18 15:47:34 +02005621
Emeric Brun674b7432012-11-08 19:21:55 +01005622reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005623
Willy Tarreau5db847a2019-05-09 14:13:35 +02005624#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005625 /* ASYNC engine API doesn't support moving read/write
5626 * buffers. So we disable ASYNC mode right after
5627 * the handshake to avoid buffer oveflows.
5628 */
5629 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005630 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005631#endif
Emeric Brun46591952012-05-18 15:47:34 +02005632 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005633 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005634 if (objt_server(conn->target)) {
5635 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5636 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5637 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005638 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005639 else {
5640 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5641 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5642 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5643 }
Emeric Brun46591952012-05-18 15:47:34 +02005644 }
5645
5646 /* The connection is now established at both layers, it's time to leave */
5647 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5648 return 1;
5649
5650 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005651 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005652 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005653 ERR_clear_error();
5654
Emeric Brun9fa89732012-10-04 17:09:56 +02005655 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005656 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5657 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5658 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005659 }
5660
Emeric Brun46591952012-05-18 15:47:34 +02005661 /* Fail on all other handshake errors */
5662 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005663 if (!conn->err_code)
5664 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005665 return 0;
5666}
5667
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005668static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005669{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005670 struct wait_event *sw;
5671 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005672
Olivier Houcharda37eb6a2019-06-24 18:57:39 +02005673 if (!ctx)
5674 return -1;
5675
Olivier Houchardea8dd942019-05-20 14:02:16 +02005676 if (event_type & SUB_RETRY_RECV) {
5677 sw = param;
5678 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
5679 sw->events |= SUB_RETRY_RECV;
5680 ctx->recv_wait = sw;
5681 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5682 !(ctx->wait_event.events & SUB_RETRY_RECV))
5683 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
5684 event_type &= ~SUB_RETRY_RECV;
5685 }
5686 if (event_type & SUB_RETRY_SEND) {
5687sw = param;
5688 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
5689 sw->events |= SUB_RETRY_SEND;
5690 ctx->send_wait = sw;
5691 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5692 !(ctx->wait_event.events & SUB_RETRY_SEND))
5693 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
5694 event_type &= ~SUB_RETRY_SEND;
5695
5696 }
5697 if (event_type != 0)
5698 return -1;
5699 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005700}
5701
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005702static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005703{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005704 struct wait_event *sw;
5705 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005706
Olivier Houchardea8dd942019-05-20 14:02:16 +02005707 if (event_type & SUB_RETRY_RECV) {
5708 sw = param;
5709 BUG_ON(ctx->recv_wait != sw);
5710 ctx->recv_wait = NULL;
5711 sw->events &= ~SUB_RETRY_RECV;
5712 /* If we subscribed, and we're not doing the handshake,
5713 * then we subscribed because the upper layer asked for it,
5714 * as the upper layer is no longer interested, we can
5715 * unsubscribe too.
5716 */
5717 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5718 (ctx->wait_event.events & SUB_RETRY_RECV))
5719 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
5720 &ctx->wait_event);
5721 }
5722 if (event_type & SUB_RETRY_SEND) {
5723 sw = param;
5724 BUG_ON(ctx->send_wait != sw);
5725 ctx->send_wait = NULL;
5726 sw->events &= ~SUB_RETRY_SEND;
5727 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5728 (ctx->wait_event.events & SUB_RETRY_SEND))
5729 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
5730 &ctx->wait_event);
5731
5732 }
5733
5734 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005735}
5736
Olivier Houchard2e055482019-05-27 19:50:12 +02005737/* Use the provided XPRT as an underlying XPRT, and provide the old one.
5738 * Returns 0 on success, and non-zero on failure.
5739 */
5740static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
5741{
5742 struct ssl_sock_ctx *ctx = xprt_ctx;
5743
5744 if (oldxprt_ops != NULL)
5745 *oldxprt_ops = ctx->xprt;
5746 if (oldxprt_ctx != NULL)
5747 *oldxprt_ctx = ctx->xprt_ctx;
5748 ctx->xprt = toadd_ops;
5749 ctx->xprt_ctx = toadd_ctx;
5750 return 0;
5751}
5752
Olivier Houchard5149b592019-05-23 17:47:36 +02005753/* Remove the specified xprt. If if it our underlying XPRT, remove it and
5754 * return 0, otherwise just call the remove_xprt method from the underlying
5755 * XPRT.
5756 */
5757static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
5758{
5759 struct ssl_sock_ctx *ctx = xprt_ctx;
5760
5761 if (ctx->xprt_ctx == toremove_ctx) {
5762 ctx->xprt_ctx = newctx;
5763 ctx->xprt = newops;
5764 return 0;
5765 }
5766 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
5767}
5768
Olivier Houchardea8dd942019-05-20 14:02:16 +02005769static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
5770{
5771 struct ssl_sock_ctx *ctx = context;
5772
5773 /* First if we're doing an handshake, try that */
5774 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
5775 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
5776 /* If we had an error, or the handshake is done and I/O is available,
5777 * let the upper layer know.
5778 * If no mux was set up yet, and nobody subscribed, then call
5779 * xprt_done_cb() ourself if it's set, or destroy the connection,
5780 * we can't be sure conn_fd_handler() will be called again.
5781 */
5782 if ((ctx->conn->flags & CO_FL_ERROR) ||
5783 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
5784 int ret = 0;
5785 int woke = 0;
5786
5787 /* On error, wake any waiter */
5788 if (ctx->recv_wait) {
5789 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005790 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005791 ctx->recv_wait = NULL;
5792 woke = 1;
5793 }
5794 if (ctx->send_wait) {
5795 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005796 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005797 ctx->send_wait = NULL;
5798 woke = 1;
5799 }
5800 /* If we're the first xprt for the connection, let the
5801 * upper layers know. If xprt_done_cb() is set, call it,
5802 * otherwise, we should have a mux, so call its wake
5803 * method if we didn't woke a tasklet already.
5804 */
5805 if (ctx->conn->xprt_ctx == ctx) {
5806 if (ctx->conn->xprt_done_cb)
5807 ret = ctx->conn->xprt_done_cb(ctx->conn);
5808 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
5809 ctx->conn->mux->wake(ctx->conn);
5810 return NULL;
5811 }
5812 }
5813 return NULL;
5814}
5815
Emeric Brun46591952012-05-18 15:47:34 +02005816/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005817 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005818 * buffer wraps, in which case a second call may be performed. The connection's
5819 * flags are updated with whatever special event is detected (error, read0,
5820 * empty). The caller is responsible for taking care of those events and
5821 * avoiding the call if inappropriate. The function does not call the
5822 * connection's polling update function, so the caller is responsible for this.
5823 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005824static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005825{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005826 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005827 ssize_t ret;
5828 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005829
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005830 conn_refresh_polling_flags(conn);
5831
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005832 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005833 goto out_error;
5834
5835 if (conn->flags & CO_FL_HANDSHAKE)
5836 /* a handshake was requested */
5837 return 0;
5838
Emeric Brun46591952012-05-18 15:47:34 +02005839 /* read the largest possible block. For this, we perform only one call
5840 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5841 * in which case we accept to do it once again. A new attempt is made on
5842 * EINTR too.
5843 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005844 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005845 int need_out = 0;
5846
Willy Tarreau591d4452018-06-15 17:21:00 +02005847 try = b_contig_space(buf);
5848 if (!try)
5849 break;
5850
Willy Tarreauabf08d92014-01-14 11:31:27 +01005851 if (try > count)
5852 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005853
Olivier Houchardc2aae742017-09-22 18:26:28 +02005854 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005855 ctx->tmp_early_data != -1) {
5856 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005857 done++;
5858 try--;
5859 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005860 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005861 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005862 continue;
5863 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005864
Willy Tarreau5db847a2019-05-09 14:13:35 +02005865#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005866 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5867 size_t read_length;
5868
Olivier Houchard66ab4982019-02-26 18:37:15 +01005869 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005870 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005871 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5872 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005873 conn->flags |= CO_FL_EARLY_DATA;
5874 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5875 ret == SSL_READ_EARLY_DATA_FINISH) {
5876 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5877 /*
5878 * We're done reading the early data,
5879 * let's make the handshake
5880 */
5881 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5882 conn->flags |= CO_FL_SSL_WAIT_HS;
5883 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005884 /* Now initiate the handshake */
5885 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005886 if (read_length == 0)
5887 break;
5888 }
5889 ret = read_length;
5890 }
5891 } else
5892#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005893 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005894
Emeric Brune1f38db2012-09-03 20:36:47 +02005895 if (conn->flags & CO_FL_ERROR) {
5896 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005897 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005898 }
Emeric Brun46591952012-05-18 15:47:34 +02005899 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005900 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005901 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005902 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005903 }
Emeric Brun46591952012-05-18 15:47:34 +02005904 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005905 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005906 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005907 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005908 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005909 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005910#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005911 /* Async mode can be re-enabled, because we're leaving data state.*/
5912 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005913 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005914#endif
Emeric Brun46591952012-05-18 15:47:34 +02005915 break;
5916 }
5917 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005918 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005919 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5920 SUB_RETRY_RECV,
5921 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01005922 /* handshake is running, and it may need to re-enable read */
5923 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005924#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005925 /* Async mode can be re-enabled, because we're leaving data state.*/
5926 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005927 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005928#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005929 break;
5930 }
Emeric Brun46591952012-05-18 15:47:34 +02005931 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005932 } else if (ret == SSL_ERROR_ZERO_RETURN)
5933 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005934 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5935 * stack before shutting down the connection for
5936 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005937 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5938 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005939 /* otherwise it's a real error */
5940 goto out_error;
5941 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005942 if (need_out)
5943 break;
Emeric Brun46591952012-05-18 15:47:34 +02005944 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005945 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005946 return done;
5947
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005948 clear_ssl_error:
5949 /* Clear openssl global errors stack */
5950 ssl_sock_dump_errors(conn);
5951 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005952 read0:
5953 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005954 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005955
Emeric Brun46591952012-05-18 15:47:34 +02005956 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005957 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005958 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005959 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005960 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005961 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005962}
5963
5964
Willy Tarreau787db9a2018-06-14 18:31:46 +02005965/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5966 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5967 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005968 * Only one call to send() is performed, unless the buffer wraps, in which case
5969 * a second call may be performed. The connection's flags are updated with
5970 * whatever special event is detected (error, empty). The caller is responsible
5971 * for taking care of those events and avoiding the call if inappropriate. The
5972 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005973 * is responsible for this. The buffer's output is not adjusted, it's up to the
5974 * caller to take care of this. It's up to the caller to update the buffer's
5975 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005976 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005977static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005978{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005979 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005980 ssize_t ret;
5981 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005982
5983 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005984 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005985
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005986 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005987 goto out_error;
5988
Olivier Houchard010941f2019-05-03 20:56:19 +02005989 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02005990 /* a handshake was requested */
5991 return 0;
5992
5993 /* send the largest possible block. For this we perform only one call
5994 * to send() unless the buffer wraps and we exactly fill the first hunk,
5995 * in which case we accept to do it once again.
5996 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005997 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02005998#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005999 size_t written_data;
6000#endif
6001
Willy Tarreau787db9a2018-06-14 18:31:46 +02006002 try = b_contig_data(buf, done);
6003 if (try > count)
6004 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006005
Willy Tarreau7bed9452014-02-02 02:00:24 +01006006 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006007 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006008 global_ssl.max_record && try > global_ssl.max_record) {
6009 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006010 }
6011 else {
6012 /* we need to keep the information about the fact that
6013 * we're not limiting the upcoming send(), because if it
6014 * fails, we'll have to retry with at least as many data.
6015 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006016 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006017 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006018
Willy Tarreau5db847a2019-05-09 14:13:35 +02006019#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006020 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006021 unsigned int max_early;
6022
Olivier Houchard522eea72017-11-03 16:27:47 +01006023 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006024 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006025 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006026 if (SSL_get0_session(ctx->ssl))
6027 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006028 else
6029 max_early = 0;
6030 }
6031
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006032 if (try + ctx->sent_early_data > max_early) {
6033 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006034 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006035 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006036 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006037 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006038 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006039 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006040 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006041 if (ret == 1) {
6042 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006043 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006044 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006045 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006046 /* Initiate the handshake, now */
6047 tasklet_wakeup(ctx->wait_event.tasklet);
6048 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006049
Olivier Houchardc2aae742017-09-22 18:26:28 +02006050 }
6051
6052 } else
6053#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006054 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006055
Emeric Brune1f38db2012-09-03 20:36:47 +02006056 if (conn->flags & CO_FL_ERROR) {
6057 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006058 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006059 }
Emeric Brun46591952012-05-18 15:47:34 +02006060 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006061 /* A send succeeded, so we can consier ourself connected */
6062 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006063 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006064 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006065 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006066 }
6067 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006068 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006069
Emeric Brun46591952012-05-18 15:47:34 +02006070 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006071 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006072 /* handshake is running, and it may need to re-enable write */
6073 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006074 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006075#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006076 /* Async mode can be re-enabled, because we're leaving data state.*/
6077 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006078 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006079#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006080 break;
6081 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006082
Emeric Brun46591952012-05-18 15:47:34 +02006083 break;
6084 }
6085 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006086 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006087 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006088 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6089 SUB_RETRY_RECV,
6090 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006091#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006092 /* Async mode can be re-enabled, because we're leaving data state.*/
6093 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006094 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006095#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006096 break;
6097 }
Emeric Brun46591952012-05-18 15:47:34 +02006098 goto out_error;
6099 }
6100 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006101 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006102 return done;
6103
6104 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006105 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006106 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006107 ERR_clear_error();
6108
Emeric Brun46591952012-05-18 15:47:34 +02006109 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006110 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006111}
6112
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006113static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006114
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006115 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006116
Olivier Houchardea8dd942019-05-20 14:02:16 +02006117
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006118 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006119 if (ctx->wait_event.events != 0)
6120 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6121 ctx->wait_event.events,
6122 &ctx->wait_event);
6123 if (ctx->send_wait) {
6124 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006125 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006126 }
6127 if (ctx->recv_wait) {
6128 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006129 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006130 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006131 if (ctx->xprt->close)
6132 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006133#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006134 if (global_ssl.async) {
6135 OSSL_ASYNC_FD all_fd[32], afd;
6136 size_t num_all_fds = 0;
6137 int i;
6138
Olivier Houchard66ab4982019-02-26 18:37:15 +01006139 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006140 if (num_all_fds > 32) {
6141 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6142 return;
6143 }
6144
Olivier Houchard66ab4982019-02-26 18:37:15 +01006145 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006146
6147 /* If an async job is pending, we must try to
6148 to catch the end using polling before calling
6149 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006150 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006151 for (i=0 ; i < num_all_fds ; i++) {
6152 /* switch on an handler designed to
6153 * handle the SSL_free
6154 */
6155 afd = all_fd[i];
6156 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006157 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006158 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006159 /* To ensure that the fd cache won't be used
6160 * and we'll catch a real RD event.
6161 */
6162 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006163 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006164 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006165 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006166 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006167 return;
6168 }
Emeric Brun3854e012017-05-17 20:42:48 +02006169 /* Else we can remove the fds from the fdtab
6170 * and call SSL_free.
6171 * note: we do a fd_remove and not a delete
6172 * because the fd is owned by the engine.
6173 * the engine is responsible to close
6174 */
6175 for (i=0 ; i < num_all_fds ; i++)
6176 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006177 }
6178#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006179 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006180 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006181 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006182 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006183 }
Emeric Brun46591952012-05-18 15:47:34 +02006184}
6185
6186/* This function tries to perform a clean shutdown on an SSL connection, and in
6187 * any case, flags the connection as reusable if no handshake was in progress.
6188 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006189static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006190{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006191 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006192
Emeric Brun46591952012-05-18 15:47:34 +02006193 if (conn->flags & CO_FL_HANDSHAKE)
6194 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006195 if (!clean)
6196 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006197 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006198 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006199 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006200 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006201 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006202 ERR_clear_error();
6203 }
Emeric Brun46591952012-05-18 15:47:34 +02006204}
6205
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006206/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006207int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006208{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006209 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006210 struct pkey_info *pkinfo;
6211 int bits = 0;
6212 int sig = TLSEXT_signature_anonymous;
6213 int len = -1;
6214
6215 if (!ssl_sock_is_ssl(conn))
6216 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006217 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006218 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006219 if (pkinfo) {
6220 sig = pkinfo->sig;
6221 bits = pkinfo->bits;
6222 } else {
6223 /* multicert and generated cert have no pkey info */
6224 X509 *crt;
6225 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006226 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006227 if (!crt)
6228 return 0;
6229 pkey = X509_get_pubkey(crt);
6230 if (pkey) {
6231 bits = EVP_PKEY_bits(pkey);
6232 switch(EVP_PKEY_base_id(pkey)) {
6233 case EVP_PKEY_RSA:
6234 sig = TLSEXT_signature_rsa;
6235 break;
6236 case EVP_PKEY_EC:
6237 sig = TLSEXT_signature_ecdsa;
6238 break;
6239 case EVP_PKEY_DSA:
6240 sig = TLSEXT_signature_dsa;
6241 break;
6242 }
6243 EVP_PKEY_free(pkey);
6244 }
6245 }
6246
6247 switch(sig) {
6248 case TLSEXT_signature_rsa:
6249 len = chunk_printf(out, "RSA%d", bits);
6250 break;
6251 case TLSEXT_signature_ecdsa:
6252 len = chunk_printf(out, "EC%d", bits);
6253 break;
6254 case TLSEXT_signature_dsa:
6255 len = chunk_printf(out, "DSA%d", bits);
6256 break;
6257 default:
6258 return 0;
6259 }
6260 if (len < 0)
6261 return 0;
6262 return 1;
6263}
6264
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006265/* used for ppv2 cert signature (can be used for logging) */
6266const char *ssl_sock_get_cert_sig(struct connection *conn)
6267{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006268 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006269
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006270 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6271 X509 *crt;
6272
6273 if (!ssl_sock_is_ssl(conn))
6274 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006275 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006276 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006277 if (!crt)
6278 return NULL;
6279 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6280 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6281}
6282
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006283/* used for ppv2 authority */
6284const char *ssl_sock_get_sni(struct connection *conn)
6285{
6286#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006287 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006288
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006289 if (!ssl_sock_is_ssl(conn))
6290 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006291 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006292 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006293#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006294 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006295#endif
6296}
6297
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006298/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006299const char *ssl_sock_get_cipher_name(struct connection *conn)
6300{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006301 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006302
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006303 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006304 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006305 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006306 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006307}
6308
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006309/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006310const char *ssl_sock_get_proto_version(struct connection *conn)
6311{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006312 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006313
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006314 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006315 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006316 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006317 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006318}
6319
Willy Tarreau8d598402012-10-22 17:58:39 +02006320/* Extract a serial from a cert, and copy it to a chunk.
6321 * Returns 1 if serial is found and copied, 0 if no serial found and
6322 * -1 if output is not large enough.
6323 */
6324static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006325ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006326{
6327 ASN1_INTEGER *serial;
6328
6329 serial = X509_get_serialNumber(crt);
6330 if (!serial)
6331 return 0;
6332
6333 if (out->size < serial->length)
6334 return -1;
6335
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006336 memcpy(out->area, serial->data, serial->length);
6337 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006338 return 1;
6339}
6340
Emeric Brun43e79582014-10-29 19:03:26 +01006341/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006342 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6343 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006344 */
6345static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006346ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006347{
6348 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006349 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006350
6351 len =i2d_X509(crt, NULL);
6352 if (len <= 0)
6353 return 1;
6354
6355 if (out->size < len)
6356 return -1;
6357
6358 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006359 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006360 return 1;
6361}
6362
Emeric Brunce5ad802012-10-22 14:11:22 +02006363
Willy Tarreau83061a82018-07-13 11:56:34 +02006364/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006365 * Returns 1 if serial is found and copied, 0 if no valid time found
6366 * and -1 if output is not large enough.
6367 */
6368static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006369ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006370{
6371 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6372 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6373
6374 if (gentm->length < 12)
6375 return 0;
6376 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6377 return 0;
6378 if (out->size < gentm->length-2)
6379 return -1;
6380
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006381 memcpy(out->area, gentm->data+2, gentm->length-2);
6382 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006383 return 1;
6384 }
6385 else if (tm->type == V_ASN1_UTCTIME) {
6386 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6387
6388 if (utctm->length < 10)
6389 return 0;
6390 if (utctm->data[0] >= 0x35)
6391 return 0;
6392 if (out->size < utctm->length)
6393 return -1;
6394
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006395 memcpy(out->area, utctm->data, utctm->length);
6396 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006397 return 1;
6398 }
6399
6400 return 0;
6401}
6402
Emeric Brun87855892012-10-17 17:39:35 +02006403/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6404 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6405 */
6406static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006407ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6408 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006409{
6410 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006411 ASN1_OBJECT *obj;
6412 ASN1_STRING *data;
6413 const unsigned char *data_ptr;
6414 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006415 int i, j, n;
6416 int cur = 0;
6417 const char *s;
6418 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006419 int name_count;
6420
6421 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006422
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006423 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006424 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006425 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006426 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006427 else
6428 j = i;
6429
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006430 ne = X509_NAME_get_entry(a, j);
6431 obj = X509_NAME_ENTRY_get_object(ne);
6432 data = X509_NAME_ENTRY_get_data(ne);
6433 data_ptr = ASN1_STRING_get0_data(data);
6434 data_len = ASN1_STRING_length(data);
6435 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006436 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006437 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006438 s = tmp;
6439 }
6440
6441 if (chunk_strcasecmp(entry, s) != 0)
6442 continue;
6443
6444 if (pos < 0)
6445 cur--;
6446 else
6447 cur++;
6448
6449 if (cur != pos)
6450 continue;
6451
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006452 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006453 return -1;
6454
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006455 memcpy(out->area, data_ptr, data_len);
6456 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006457 return 1;
6458 }
6459
6460 return 0;
6461
6462}
6463
6464/* Extract and format full DN from a X509_NAME and copy result into a chunk
6465 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6466 */
6467static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006468ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006469{
6470 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006471 ASN1_OBJECT *obj;
6472 ASN1_STRING *data;
6473 const unsigned char *data_ptr;
6474 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006475 int i, n, ln;
6476 int l = 0;
6477 const char *s;
6478 char *p;
6479 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006480 int name_count;
6481
6482
6483 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006484
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006485 out->data = 0;
6486 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006487 for (i = 0; i < name_count; i++) {
6488 ne = X509_NAME_get_entry(a, i);
6489 obj = X509_NAME_ENTRY_get_object(ne);
6490 data = X509_NAME_ENTRY_get_data(ne);
6491 data_ptr = ASN1_STRING_get0_data(data);
6492 data_len = ASN1_STRING_length(data);
6493 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006494 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006495 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006496 s = tmp;
6497 }
6498 ln = strlen(s);
6499
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006500 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006501 if (l > out->size)
6502 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006503 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006504
6505 *(p++)='/';
6506 memcpy(p, s, ln);
6507 p += ln;
6508 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006509 memcpy(p, data_ptr, data_len);
6510 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006511 }
6512
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006513 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006514 return 0;
6515
6516 return 1;
6517}
6518
Olivier Houchardab28a322018-12-21 19:45:40 +01006519void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6520{
6521#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006522 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006523
Olivier Houchardaa2ecea2019-06-28 14:10:33 +02006524 if (!ssl_sock_is_ssl(conn))
6525 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006526 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006527 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006528#endif
6529}
6530
Willy Tarreau119a4082016-12-22 21:58:38 +01006531/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6532 * to disable SNI.
6533 */
Willy Tarreau63076412015-07-10 11:33:32 +02006534void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6535{
6536#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006537 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006538
Willy Tarreau119a4082016-12-22 21:58:38 +01006539 char *prev_name;
6540
Willy Tarreau63076412015-07-10 11:33:32 +02006541 if (!ssl_sock_is_ssl(conn))
6542 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006543 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02006544
Willy Tarreau119a4082016-12-22 21:58:38 +01006545 /* if the SNI changes, we must destroy the reusable context so that a
6546 * new connection will present a new SNI. As an optimization we could
6547 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6548 * server.
6549 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006550 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006551 if ((!prev_name && hostname) ||
6552 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006553 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006554
Olivier Houchard66ab4982019-02-26 18:37:15 +01006555 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006556#endif
6557}
6558
Emeric Brun0abf8362014-06-24 18:26:41 +02006559/* Extract peer certificate's common name into the chunk dest
6560 * Returns
6561 * the len of the extracted common name
6562 * or 0 if no CN found in DN
6563 * or -1 on error case (i.e. no peer certificate)
6564 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006565int ssl_sock_get_remote_common_name(struct connection *conn,
6566 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006567{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006568 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04006569 X509 *crt = NULL;
6570 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006571 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006572 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006573 .area = (char *)&find_cn,
6574 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006575 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006576 int result = -1;
David Safb76832014-05-08 23:42:08 -04006577
6578 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006579 goto out;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006580 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006581
6582 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006583 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006584 if (!crt)
6585 goto out;
6586
6587 name = X509_get_subject_name(crt);
6588 if (!name)
6589 goto out;
David Safb76832014-05-08 23:42:08 -04006590
Emeric Brun0abf8362014-06-24 18:26:41 +02006591 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6592out:
David Safb76832014-05-08 23:42:08 -04006593 if (crt)
6594 X509_free(crt);
6595
6596 return result;
6597}
6598
Dave McCowan328fb582014-07-30 10:39:13 -04006599/* returns 1 if client passed a certificate for this session, 0 if not */
6600int ssl_sock_get_cert_used_sess(struct connection *conn)
6601{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006602 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006603 X509 *crt = NULL;
6604
6605 if (!ssl_sock_is_ssl(conn))
6606 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006607 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006608
6609 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006610 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006611 if (!crt)
6612 return 0;
6613
6614 X509_free(crt);
6615 return 1;
6616}
6617
6618/* returns 1 if client passed a certificate for this connection, 0 if not */
6619int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006620{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006621 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006622
David Safb76832014-05-08 23:42:08 -04006623 if (!ssl_sock_is_ssl(conn))
6624 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006625 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006626 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006627}
6628
6629/* returns result from SSL verify */
6630unsigned int ssl_sock_get_verify_result(struct connection *conn)
6631{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006632 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006633
David Safb76832014-05-08 23:42:08 -04006634 if (!ssl_sock_is_ssl(conn))
6635 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006636 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006637 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006638}
6639
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006640/* Returns the application layer protocol name in <str> and <len> when known.
6641 * Zero is returned if the protocol name was not found, otherwise non-zero is
6642 * returned. The string is allocated in the SSL context and doesn't have to be
6643 * freed by the caller. NPN is also checked if available since older versions
6644 * of openssl (1.0.1) which are more common in field only support this one.
6645 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006646static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006647{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006648#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6649 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006650 struct ssl_sock_ctx *ctx = xprt_ctx;
6651 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006652 return 0;
6653
6654 *str = NULL;
6655
6656#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006657 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006658 if (*str)
6659 return 1;
6660#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006661#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006662 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006663 if (*str)
6664 return 1;
6665#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006666#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006667 return 0;
6668}
6669
Willy Tarreau7875d092012-09-10 08:20:03 +02006670/***** Below are some sample fetching functions for ACL/patterns *****/
6671
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006672static int
6673smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6674{
6675 struct connection *conn;
6676
6677 conn = objt_conn(smp->sess->origin);
6678 if (!conn || conn->xprt != &ssl_sock)
6679 return 0;
6680
6681 smp->flags = 0;
6682 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006683#ifdef OPENSSL_IS_BORINGSSL
6684 {
6685 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6686 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
6687 SSL_early_data_accepted(ctx->ssl));
6688 }
6689#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006690 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6691 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006692#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006693 return 1;
6694}
6695
Emeric Brune64aef12012-09-21 13:15:06 +02006696/* boolean, returns true if client cert was present */
6697static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006698smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006699{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006700 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006701 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006702
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006703 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006704 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006705 return 0;
6706
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006707 ctx = conn->xprt_ctx;
6708
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006709 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006710 smp->flags |= SMP_F_MAY_CHANGE;
6711 return 0;
6712 }
6713
6714 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006715 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006716 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006717
6718 return 1;
6719}
6720
Emeric Brun43e79582014-10-29 19:03:26 +01006721/* binary, returns a certificate in a binary chunk (der/raw).
6722 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6723 * should be use.
6724 */
6725static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006726smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006727{
6728 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6729 X509 *crt = NULL;
6730 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006731 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006732 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006733 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006734
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006735 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006736 if (!conn || conn->xprt != &ssl_sock)
6737 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006738 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006739
6740 if (!(conn->flags & CO_FL_CONNECTED)) {
6741 smp->flags |= SMP_F_MAY_CHANGE;
6742 return 0;
6743 }
6744
6745 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006746 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006747 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006748 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006749
6750 if (!crt)
6751 goto out;
6752
6753 smp_trash = get_trash_chunk();
6754 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6755 goto out;
6756
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006757 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006758 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006759 ret = 1;
6760out:
6761 /* SSL_get_peer_certificate, it increase X509 * ref count */
6762 if (cert_peer && crt)
6763 X509_free(crt);
6764 return ret;
6765}
6766
Emeric Brunba841a12014-04-30 17:05:08 +02006767/* binary, returns serial of certificate in a binary chunk.
6768 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6769 * should be use.
6770 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006771static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006772smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006773{
Emeric Brunba841a12014-04-30 17:05:08 +02006774 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006775 X509 *crt = NULL;
6776 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006777 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006778 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006779 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006780
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006781 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006782 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006783 return 0;
6784
Olivier Houchard66ab4982019-02-26 18:37:15 +01006785 ctx = conn->xprt_ctx;
6786
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006787 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006788 smp->flags |= SMP_F_MAY_CHANGE;
6789 return 0;
6790 }
6791
Emeric Brunba841a12014-04-30 17:05:08 +02006792 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006793 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006794 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006795 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006796
Willy Tarreau8d598402012-10-22 17:58:39 +02006797 if (!crt)
6798 goto out;
6799
Willy Tarreau47ca5452012-12-23 20:22:19 +01006800 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006801 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6802 goto out;
6803
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006804 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006805 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006806 ret = 1;
6807out:
Emeric Brunba841a12014-04-30 17:05:08 +02006808 /* SSL_get_peer_certificate, it increase X509 * ref count */
6809 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006810 X509_free(crt);
6811 return ret;
6812}
Emeric Brune64aef12012-09-21 13:15:06 +02006813
Emeric Brunba841a12014-04-30 17:05:08 +02006814/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6815 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6816 * should be use.
6817 */
James Votha051b4a2013-05-14 20:37:59 +02006818static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006819smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006820{
Emeric Brunba841a12014-04-30 17:05:08 +02006821 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006822 X509 *crt = NULL;
6823 const EVP_MD *digest;
6824 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006825 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006826 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006827 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006828
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006829 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006830 if (!conn || conn->xprt != &ssl_sock)
6831 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006832 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006833
6834 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006835 smp->flags |= SMP_F_MAY_CHANGE;
6836 return 0;
6837 }
6838
Emeric Brunba841a12014-04-30 17:05:08 +02006839 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006840 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006841 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006842 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006843 if (!crt)
6844 goto out;
6845
6846 smp_trash = get_trash_chunk();
6847 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006848 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6849 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006850
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006851 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006852 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006853 ret = 1;
6854out:
Emeric Brunba841a12014-04-30 17:05:08 +02006855 /* SSL_get_peer_certificate, it increase X509 * ref count */
6856 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006857 X509_free(crt);
6858 return ret;
6859}
6860
Emeric Brunba841a12014-04-30 17:05:08 +02006861/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6862 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6863 * should be use.
6864 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006865static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006866smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006867{
Emeric Brunba841a12014-04-30 17:05:08 +02006868 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006869 X509 *crt = NULL;
6870 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006871 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006872 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006873 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006874
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006875 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006876 if (!conn || conn->xprt != &ssl_sock)
6877 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006878 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006879
6880 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006881 smp->flags |= SMP_F_MAY_CHANGE;
6882 return 0;
6883 }
6884
Emeric Brunba841a12014-04-30 17:05:08 +02006885 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006886 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006887 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006888 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006889 if (!crt)
6890 goto out;
6891
Willy Tarreau47ca5452012-12-23 20:22:19 +01006892 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006893 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006894 goto out;
6895
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006896 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006897 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006898 ret = 1;
6899out:
Emeric Brunba841a12014-04-30 17:05:08 +02006900 /* SSL_get_peer_certificate, it increase X509 * ref count */
6901 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006902 X509_free(crt);
6903 return ret;
6904}
6905
Emeric Brunba841a12014-04-30 17:05:08 +02006906/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6907 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6908 * should be use.
6909 */
Emeric Brun87855892012-10-17 17:39:35 +02006910static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006911smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006912{
Emeric Brunba841a12014-04-30 17:05:08 +02006913 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006914 X509 *crt = NULL;
6915 X509_NAME *name;
6916 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006917 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006918 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006919 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006920
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006921 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006922 if (!conn || conn->xprt != &ssl_sock)
6923 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006924 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006925
6926 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006927 smp->flags |= SMP_F_MAY_CHANGE;
6928 return 0;
6929 }
6930
Emeric Brunba841a12014-04-30 17:05:08 +02006931 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006932 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006933 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006934 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006935 if (!crt)
6936 goto out;
6937
6938 name = X509_get_issuer_name(crt);
6939 if (!name)
6940 goto out;
6941
Willy Tarreau47ca5452012-12-23 20:22:19 +01006942 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006943 if (args && args[0].type == ARGT_STR) {
6944 int pos = 1;
6945
6946 if (args[1].type == ARGT_SINT)
6947 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006948
6949 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6950 goto out;
6951 }
6952 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6953 goto out;
6954
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006955 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006956 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006957 ret = 1;
6958out:
Emeric Brunba841a12014-04-30 17:05:08 +02006959 /* SSL_get_peer_certificate, it increase X509 * ref count */
6960 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006961 X509_free(crt);
6962 return ret;
6963}
6964
Emeric Brunba841a12014-04-30 17:05:08 +02006965/* string, returns notbefore date in ASN1_UTCTIME format.
6966 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6967 * should be use.
6968 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006969static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006970smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006971{
Emeric Brunba841a12014-04-30 17:05:08 +02006972 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006973 X509 *crt = NULL;
6974 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006975 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006976 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006977 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006978
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006979 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006980 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006981 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006982 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006983
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006984 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006985 smp->flags |= SMP_F_MAY_CHANGE;
6986 return 0;
6987 }
6988
Emeric Brunba841a12014-04-30 17:05:08 +02006989 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006990 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006991 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006992 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006993 if (!crt)
6994 goto out;
6995
Willy Tarreau47ca5452012-12-23 20:22:19 +01006996 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006997 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006998 goto out;
6999
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007000 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007001 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007002 ret = 1;
7003out:
Emeric Brunba841a12014-04-30 17:05:08 +02007004 /* SSL_get_peer_certificate, it increase X509 * ref count */
7005 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007006 X509_free(crt);
7007 return ret;
7008}
7009
Emeric Brunba841a12014-04-30 17:05:08 +02007010/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
7011 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7012 * should be use.
7013 */
Emeric Brun87855892012-10-17 17:39:35 +02007014static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007015smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007016{
Emeric Brunba841a12014-04-30 17:05:08 +02007017 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007018 X509 *crt = NULL;
7019 X509_NAME *name;
7020 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007021 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007022 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007023 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007024
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007025 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007026 if (!conn || conn->xprt != &ssl_sock)
7027 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007028 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007029
7030 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007031 smp->flags |= SMP_F_MAY_CHANGE;
7032 return 0;
7033 }
7034
Emeric Brunba841a12014-04-30 17:05:08 +02007035 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007036 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007037 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007038 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007039 if (!crt)
7040 goto out;
7041
7042 name = X509_get_subject_name(crt);
7043 if (!name)
7044 goto out;
7045
Willy Tarreau47ca5452012-12-23 20:22:19 +01007046 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007047 if (args && args[0].type == ARGT_STR) {
7048 int pos = 1;
7049
7050 if (args[1].type == ARGT_SINT)
7051 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007052
7053 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7054 goto out;
7055 }
7056 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7057 goto out;
7058
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007059 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007060 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007061 ret = 1;
7062out:
Emeric Brunba841a12014-04-30 17:05:08 +02007063 /* SSL_get_peer_certificate, it increase X509 * ref count */
7064 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007065 X509_free(crt);
7066 return ret;
7067}
Emeric Brun9143d372012-12-20 15:44:16 +01007068
7069/* integer, returns true if current session use a client certificate */
7070static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007071smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007072{
7073 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007074 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007075 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007076
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007077 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007078 if (!conn || conn->xprt != &ssl_sock)
7079 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007080 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007081
7082 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007083 smp->flags |= SMP_F_MAY_CHANGE;
7084 return 0;
7085 }
7086
7087 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007088 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007089 if (crt) {
7090 X509_free(crt);
7091 }
7092
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007093 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007094 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007095 return 1;
7096}
7097
Emeric Brunba841a12014-04-30 17:05:08 +02007098/* integer, returns the certificate version
7099 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7100 * should be use.
7101 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007102static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007103smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007104{
Emeric Brunba841a12014-04-30 17:05:08 +02007105 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007106 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007107 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007108 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007109
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007110 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007111 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007112 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007113 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007114
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007115 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007116 smp->flags |= SMP_F_MAY_CHANGE;
7117 return 0;
7118 }
7119
Emeric Brunba841a12014-04-30 17:05:08 +02007120 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007121 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007122 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007123 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007124 if (!crt)
7125 return 0;
7126
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007127 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007128 /* SSL_get_peer_certificate increase X509 * ref count */
7129 if (cert_peer)
7130 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007131 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007132
7133 return 1;
7134}
7135
Emeric Brunba841a12014-04-30 17:05:08 +02007136/* string, returns the certificate's signature algorithm.
7137 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7138 * should be use.
7139 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007140static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007141smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007142{
Emeric Brunba841a12014-04-30 17:05:08 +02007143 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007144 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007145 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007146 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007147 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007148 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007149
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007150 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007151 if (!conn || conn->xprt != &ssl_sock)
7152 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007153 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007154
7155 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007156 smp->flags |= SMP_F_MAY_CHANGE;
7157 return 0;
7158 }
7159
Emeric Brunba841a12014-04-30 17:05:08 +02007160 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007161 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007162 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007163 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007164 if (!crt)
7165 return 0;
7166
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007167 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7168 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007169
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007170 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7171 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007172 /* SSL_get_peer_certificate increase X509 * ref count */
7173 if (cert_peer)
7174 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007175 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007176 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007177
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007178 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007179 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007180 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007181 /* SSL_get_peer_certificate increase X509 * ref count */
7182 if (cert_peer)
7183 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007184
7185 return 1;
7186}
7187
Emeric Brunba841a12014-04-30 17:05:08 +02007188/* string, returns the certificate's key algorithm.
7189 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7190 * should be use.
7191 */
Emeric Brun521a0112012-10-22 12:22:55 +02007192static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007193smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007194{
Emeric Brunba841a12014-04-30 17:05:08 +02007195 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007196 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007197 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007198 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007199 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007200 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007201
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007202 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007203 if (!conn || conn->xprt != &ssl_sock)
7204 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007205 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007206
7207 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007208 smp->flags |= SMP_F_MAY_CHANGE;
7209 return 0;
7210 }
7211
Emeric Brunba841a12014-04-30 17:05:08 +02007212 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007213 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007214 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007215 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007216 if (!crt)
7217 return 0;
7218
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007219 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7220 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007221
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007222 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7223 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007224 /* SSL_get_peer_certificate increase X509 * ref count */
7225 if (cert_peer)
7226 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007227 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007228 }
Emeric Brun521a0112012-10-22 12:22:55 +02007229
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007230 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007231 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007232 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007233 if (cert_peer)
7234 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007235
7236 return 1;
7237}
7238
Emeric Brun645ae792014-04-30 14:21:06 +02007239/* boolean, returns true if front conn. transport layer is SSL.
7240 * This function is also usable on backend conn if the fetch keyword 5th
7241 * char is 'b'.
7242 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007243static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007244smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007245{
Emeric Bruneb8def92018-02-19 15:59:48 +01007246 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7247 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007248
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007249 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007250 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007251 return 1;
7252}
7253
Emeric Brun2525b6b2012-10-18 15:59:43 +02007254/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007255static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007256smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007257{
7258#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007259 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007260 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007261
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007262 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007263 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007264 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007265 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007266 return 1;
7267#else
7268 return 0;
7269#endif
7270}
7271
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007272/* boolean, returns true if client session has been resumed.
7273 * This function is also usable on backend conn if the fetch keyword 5th
7274 * char is 'b'.
7275 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007276static int
7277smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7278{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007279 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7280 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007281 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007282
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007283
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007284 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007285 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007286 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007287 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007288 return 1;
7289}
7290
Emeric Brun645ae792014-04-30 14:21:06 +02007291/* string, returns the used cipher if front conn. transport layer is SSL.
7292 * This function is also usable on backend conn if the fetch keyword 5th
7293 * char is 'b'.
7294 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007295static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007296smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007297{
Emeric Bruneb8def92018-02-19 15:59:48 +01007298 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7299 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007300 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007301
Willy Tarreaube508f12016-03-10 11:47:01 +01007302 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007303 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007304 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007305 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007306
Olivier Houchard66ab4982019-02-26 18:37:15 +01007307 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007308 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007309 return 0;
7310
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007311 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007312 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007313 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007314
7315 return 1;
7316}
7317
Emeric Brun645ae792014-04-30 14:21:06 +02007318/* integer, returns the algoritm's keysize if front conn. transport layer
7319 * is SSL.
7320 * This function is also usable on backend conn if the fetch keyword 5th
7321 * char is 'b'.
7322 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007323static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007324smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007325{
Emeric Bruneb8def92018-02-19 15:59:48 +01007326 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7327 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007328 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007329 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007330
Emeric Brun589fcad2012-10-16 14:13:26 +02007331 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007332 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007333 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007334 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007335
Olivier Houchard66ab4982019-02-26 18:37:15 +01007336 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007337 return 0;
7338
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007339 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007340 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007341
7342 return 1;
7343}
7344
Emeric Brun645ae792014-04-30 14:21:06 +02007345/* integer, returns the used keysize if front conn. transport layer is SSL.
7346 * This function is also usable on backend conn if the fetch keyword 5th
7347 * char is 'b'.
7348 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007349static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007350smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007351{
Emeric Bruneb8def92018-02-19 15:59:48 +01007352 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7353 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007354 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007355
Emeric Brun589fcad2012-10-16 14:13:26 +02007356 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007357 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7358 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007359 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007360
Olivier Houchard66ab4982019-02-26 18:37:15 +01007361 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007362 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007363 return 0;
7364
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007365 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007366
7367 return 1;
7368}
7369
Bernard Spil13c53f82018-02-15 13:34:58 +01007370#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007371static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007372smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007373{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007374 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007375 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007376
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007377 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007378 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007379
Olivier Houchard6b77f492018-11-22 18:18:29 +01007380 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7381 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007382 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7383 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007384 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007385
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007386 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007387 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007388 (const unsigned char **)&smp->data.u.str.area,
7389 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007390
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007391 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007392 return 0;
7393
7394 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007395}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007396#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007397
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007398#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007399static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007400smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007401{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007402 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007403 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007404
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007405 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007406 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007407
Olivier Houchard6b77f492018-11-22 18:18:29 +01007408 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7409 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7410
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007411 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007412 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007413 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007414
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007415 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007416 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007417 (const unsigned char **)&smp->data.u.str.area,
7418 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007419
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007420 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007421 return 0;
7422
7423 return 1;
7424}
7425#endif
7426
Emeric Brun645ae792014-04-30 14:21:06 +02007427/* string, returns the used protocol if front conn. transport layer is SSL.
7428 * This function is also usable on backend conn if the fetch keyword 5th
7429 * char is 'b'.
7430 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007431static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007432smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007433{
Emeric Bruneb8def92018-02-19 15:59:48 +01007434 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7435 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007436 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007437
Emeric Brun589fcad2012-10-16 14:13:26 +02007438 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007439 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7440 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007441 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007442
Olivier Houchard66ab4982019-02-26 18:37:15 +01007443 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007444 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007445 return 0;
7446
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007447 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007448 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007449 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007450
7451 return 1;
7452}
7453
Willy Tarreau87b09662015-04-03 00:22:06 +02007454/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007455 * This function is also usable on backend conn if the fetch keyword 5th
7456 * char is 'b'.
7457 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007458#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007459static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007460smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007461{
Emeric Bruneb8def92018-02-19 15:59:48 +01007462 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7463 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007464 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007465 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007466
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007467 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007468 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007469
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007470 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7471 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007472 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007473
Olivier Houchard66ab4982019-02-26 18:37:15 +01007474 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007475 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007476 return 0;
7477
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007478 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7479 (unsigned int *)&smp->data.u.str.data);
7480 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007481 return 0;
7482
7483 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007484}
Patrick Hemmer41966772018-04-28 19:15:48 -04007485#endif
7486
Emeric Brunfe68f682012-10-16 14:59:28 +02007487
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007488#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007489static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007490smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7491{
7492 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7493 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7494 struct buffer *data;
7495 struct ssl_sock_ctx *ctx;
7496
7497 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7498 return 0;
7499 ctx = conn->xprt_ctx;
7500
7501 data = get_trash_chunk();
7502 if (kw[7] == 'c')
7503 data->data = SSL_get_client_random(ctx->ssl,
7504 (unsigned char *) data->area,
7505 data->size);
7506 else
7507 data->data = SSL_get_server_random(ctx->ssl,
7508 (unsigned char *) data->area,
7509 data->size);
7510 if (!data->data)
7511 return 0;
7512
7513 smp->flags = 0;
7514 smp->data.type = SMP_T_BIN;
7515 smp->data.u.str = *data;
7516
7517 return 1;
7518}
7519
7520static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007521smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7522{
7523 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7524 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7525 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007526 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007527 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007528
7529 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7530 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007531 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007532
Olivier Houchard66ab4982019-02-26 18:37:15 +01007533 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007534 if (!ssl_sess)
7535 return 0;
7536
7537 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007538 data->data = SSL_SESSION_get_master_key(ssl_sess,
7539 (unsigned char *) data->area,
7540 data->size);
7541 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007542 return 0;
7543
7544 smp->flags = 0;
7545 smp->data.type = SMP_T_BIN;
7546 smp->data.u.str = *data;
7547
7548 return 1;
7549}
7550#endif
7551
Patrick Hemmer41966772018-04-28 19:15:48 -04007552#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007553static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007554smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007555{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007556 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007557 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007558
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007559 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007560 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007561
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007562 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007563 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7564 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007565 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007566
Olivier Houchard66ab4982019-02-26 18:37:15 +01007567 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007568 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007569 return 0;
7570
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007571 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007572 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007573}
Patrick Hemmer41966772018-04-28 19:15:48 -04007574#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007575
David Sc1ad52e2014-04-08 18:48:47 -04007576static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007577smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7578{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007579 struct connection *conn;
7580 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007581 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007582
7583 conn = objt_conn(smp->sess->origin);
7584 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7585 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007586 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007587
Olivier Houchard66ab4982019-02-26 18:37:15 +01007588 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007589 if (!capture)
7590 return 0;
7591
7592 smp->flags = SMP_F_CONST;
7593 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007594 smp->data.u.str.area = capture->ciphersuite;
7595 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007596 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007597}
7598
7599static int
7600smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7601{
Willy Tarreau83061a82018-07-13 11:56:34 +02007602 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007603
7604 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7605 return 0;
7606
7607 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007608 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007609 smp->data.type = SMP_T_BIN;
7610 smp->data.u.str = *data;
7611 return 1;
7612}
7613
7614static int
7615smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7616{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007617 struct connection *conn;
7618 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007619 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007620
7621 conn = objt_conn(smp->sess->origin);
7622 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7623 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007624 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007625
Olivier Houchard66ab4982019-02-26 18:37:15 +01007626 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007627 if (!capture)
7628 return 0;
7629
7630 smp->data.type = SMP_T_SINT;
7631 smp->data.u.sint = capture->xxh64;
7632 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007633}
7634
7635static int
7636smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7637{
Willy Tarreau5db847a2019-05-09 14:13:35 +02007638#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02007639 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007640 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007641
7642 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7643 return 0;
7644
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007645 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007646 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007647 const char *str;
7648 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007649 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007650 uint16_t id = (bin[0] << 8) | bin[1];
7651#if defined(OPENSSL_IS_BORINGSSL)
7652 cipher = SSL_get_cipher_by_value(id);
7653#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007654 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007655 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7656 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007657#endif
7658 str = SSL_CIPHER_get_name(cipher);
7659 if (!str || strcmp(str, "(NONE)") == 0)
7660 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007661 else
7662 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7663 }
7664 smp->data.type = SMP_T_STR;
7665 smp->data.u.str = *data;
7666 return 1;
7667#else
7668 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7669#endif
7670}
7671
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007672#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007673static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007674smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007675{
Emeric Bruneb8def92018-02-19 15:59:48 +01007676 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7677 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007678 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007679 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007680 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007681
7682 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007683 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7684 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007685 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007686
7687 if (!(conn->flags & CO_FL_CONNECTED)) {
7688 smp->flags |= SMP_F_MAY_CHANGE;
7689 return 0;
7690 }
7691
7692 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007693 if (!SSL_session_reused(ctx->ssl))
7694 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007695 finished_trash->area,
7696 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007697 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007698 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007699 finished_trash->area,
7700 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007701
7702 if (!finished_len)
7703 return 0;
7704
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007705 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007706 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007707 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007708
7709 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007710}
Patrick Hemmer41966772018-04-28 19:15:48 -04007711#endif
David Sc1ad52e2014-04-08 18:48:47 -04007712
Emeric Brun2525b6b2012-10-18 15:59:43 +02007713/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007714static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007715smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007716{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007717 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007718 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007719
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007720 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007721 if (!conn || conn->xprt != &ssl_sock)
7722 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007723 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007724
7725 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007726 smp->flags = SMP_F_MAY_CHANGE;
7727 return 0;
7728 }
7729
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007730 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007731 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007732 smp->flags = 0;
7733
7734 return 1;
7735}
7736
Emeric Brun2525b6b2012-10-18 15:59:43 +02007737/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007738static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007739smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007740{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007741 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007742 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007743
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007744 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007745 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007746 return 0;
7747
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007748 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007749 smp->flags = SMP_F_MAY_CHANGE;
7750 return 0;
7751 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007752 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007753
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007754 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007755 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007756 smp->flags = 0;
7757
7758 return 1;
7759}
7760
Emeric Brun2525b6b2012-10-18 15:59:43 +02007761/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007762static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007763smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007764{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007765 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007766 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007767
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007768 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007769 if (!conn || conn->xprt != &ssl_sock)
7770 return 0;
7771
7772 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007773 smp->flags = SMP_F_MAY_CHANGE;
7774 return 0;
7775 }
7776
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007777 ctx = conn->xprt_ctx;
7778
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007779 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007780 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007781 smp->flags = 0;
7782
7783 return 1;
7784}
7785
Emeric Brun2525b6b2012-10-18 15:59:43 +02007786/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007787static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007788smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007789{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007790 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007791 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007792
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007793 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007794 if (!conn || conn->xprt != &ssl_sock)
7795 return 0;
7796
7797 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007798 smp->flags = SMP_F_MAY_CHANGE;
7799 return 0;
7800 }
7801
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007802 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007803 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007804 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007805
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007806 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007807 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007808 smp->flags = 0;
7809
7810 return 1;
7811}
7812
Emeric Brunfb510ea2012-10-05 12:00:26 +02007813/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007814static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007815{
7816 if (!*args[cur_arg + 1]) {
7817 if (err)
7818 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7819 return ERR_ALERT | ERR_FATAL;
7820 }
7821
Willy Tarreauef934602016-12-22 23:12:01 +01007822 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7823 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007824 else
7825 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007826
Emeric Brund94b3fe2012-09-20 18:23:56 +02007827 return 0;
7828}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007829static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7830{
7831 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7832}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007833
Christopher Faulet31af49d2015-06-09 17:29:50 +02007834/* parse the "ca-sign-file" bind keyword */
7835static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7836{
7837 if (!*args[cur_arg + 1]) {
7838 if (err)
7839 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7840 return ERR_ALERT | ERR_FATAL;
7841 }
7842
Willy Tarreauef934602016-12-22 23:12:01 +01007843 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7844 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007845 else
7846 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7847
7848 return 0;
7849}
7850
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007851/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007852static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7853{
7854 if (!*args[cur_arg + 1]) {
7855 if (err)
7856 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7857 return ERR_ALERT | ERR_FATAL;
7858 }
7859 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7860 return 0;
7861}
7862
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007863/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007864static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007865{
7866 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007867 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007868 return ERR_ALERT | ERR_FATAL;
7869 }
7870
Emeric Brun76d88952012-10-05 15:47:31 +02007871 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007872 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007873 return 0;
7874}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007875static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7876{
7877 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7878}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007879
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007880#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007881/* parse the "ciphersuites" bind keyword */
7882static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7883{
7884 if (!*args[cur_arg + 1]) {
7885 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7886 return ERR_ALERT | ERR_FATAL;
7887 }
7888
7889 free(conf->ciphersuites);
7890 conf->ciphersuites = strdup(args[cur_arg + 1]);
7891 return 0;
7892}
7893static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7894{
7895 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7896}
7897#endif
7898
Willy Tarreaub131c872019-10-16 16:42:19 +02007899/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007900static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007901{
Willy Tarreau38011032013-08-13 16:59:39 +02007902 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007903
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007904 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007905 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007906 return ERR_ALERT | ERR_FATAL;
7907 }
7908
Willy Tarreauef934602016-12-22 23:12:01 +01007909 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7910 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007911 memprintf(err, "'%s' : path too long", args[cur_arg]);
7912 return ERR_ALERT | ERR_FATAL;
7913 }
Willy Tarreauef934602016-12-22 23:12:01 +01007914 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaub131c872019-10-16 16:42:19 +02007915 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007916 }
7917
Willy Tarreaub131c872019-10-16 16:42:19 +02007918 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02007919}
7920
Willy Tarreaub131c872019-10-16 16:42:19 +02007921/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007922static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7923{
Willy Tarreaub131c872019-10-16 16:42:19 +02007924 int err_code;
7925
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007926 if (!*args[cur_arg + 1]) {
7927 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7928 return ERR_ALERT | ERR_FATAL;
7929 }
7930
Willy Tarreaub131c872019-10-16 16:42:19 +02007931 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
7932 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02007933 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007934
Willy Tarreaub131c872019-10-16 16:42:19 +02007935 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007936}
7937
Emeric Brunfb510ea2012-10-05 12:00:26 +02007938/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007939static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007940{
Emeric Brun051cdab2012-10-02 19:25:50 +02007941#ifndef X509_V_FLAG_CRL_CHECK
7942 if (err)
7943 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7944 return ERR_ALERT | ERR_FATAL;
7945#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007946 if (!*args[cur_arg + 1]) {
7947 if (err)
7948 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7949 return ERR_ALERT | ERR_FATAL;
7950 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007951
Willy Tarreauef934602016-12-22 23:12:01 +01007952 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7953 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007954 else
7955 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007956
Emeric Brun2b58d042012-09-20 17:10:03 +02007957 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007958#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007959}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007960static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7961{
7962 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7963}
Emeric Brun2b58d042012-09-20 17:10:03 +02007964
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007965/* parse the "curves" bind keyword keyword */
7966static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7967{
Lukas Tribusd13e9252019-11-24 18:20:40 +01007968#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007969 if (!*args[cur_arg + 1]) {
7970 if (err)
7971 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7972 return ERR_ALERT | ERR_FATAL;
7973 }
7974 conf->curves = strdup(args[cur_arg + 1]);
7975 return 0;
7976#else
7977 if (err)
7978 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7979 return ERR_ALERT | ERR_FATAL;
7980#endif
7981}
7982static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7983{
7984 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7985}
7986
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007987/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007988static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007989{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007990#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02007991 if (err)
7992 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7993 return ERR_ALERT | ERR_FATAL;
7994#elif defined(OPENSSL_NO_ECDH)
7995 if (err)
7996 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7997 return ERR_ALERT | ERR_FATAL;
7998#else
7999 if (!*args[cur_arg + 1]) {
8000 if (err)
8001 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
8002 return ERR_ALERT | ERR_FATAL;
8003 }
8004
8005 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008006
8007 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008008#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008009}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008010static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8011{
8012 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8013}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008014
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008015/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008016static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8017{
8018 int code;
8019 char *p = args[cur_arg + 1];
8020 unsigned long long *ignerr = &conf->crt_ignerr;
8021
8022 if (!*p) {
8023 if (err)
8024 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
8025 return ERR_ALERT | ERR_FATAL;
8026 }
8027
8028 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8029 ignerr = &conf->ca_ignerr;
8030
8031 if (strcmp(p, "all") == 0) {
8032 *ignerr = ~0ULL;
8033 return 0;
8034 }
8035
8036 while (p) {
8037 code = atoi(p);
8038 if ((code <= 0) || (code > 63)) {
8039 if (err)
8040 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8041 args[cur_arg], code, args[cur_arg + 1]);
8042 return ERR_ALERT | ERR_FATAL;
8043 }
8044 *ignerr |= 1ULL << code;
8045 p = strchr(p, ',');
8046 if (p)
8047 p++;
8048 }
8049
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008050 return 0;
8051}
8052
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008053/* parse tls_method_options "no-xxx" and "force-xxx" */
8054static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008055{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008056 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008057 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008058 p = strchr(arg, '-');
8059 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008060 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008061 p++;
8062 if (!strcmp(p, "sslv3"))
8063 v = CONF_SSLV3;
8064 else if (!strcmp(p, "tlsv10"))
8065 v = CONF_TLSV10;
8066 else if (!strcmp(p, "tlsv11"))
8067 v = CONF_TLSV11;
8068 else if (!strcmp(p, "tlsv12"))
8069 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008070 else if (!strcmp(p, "tlsv13"))
8071 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008072 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008073 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008074 if (!strncmp(arg, "no-", 3))
8075 methods->flags |= methodVersions[v].flag;
8076 else if (!strncmp(arg, "force-", 6))
8077 methods->min = methods->max = v;
8078 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008079 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008080 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008081 fail:
8082 if (err)
8083 memprintf(err, "'%s' : option not implemented", arg);
8084 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008085}
8086
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008087static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008088{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008089 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008090}
8091
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008092static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008093{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008094 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8095}
8096
8097/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8098static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8099{
8100 uint16_t i, v = 0;
8101 char *argv = args[cur_arg + 1];
8102 if (!*argv) {
8103 if (err)
8104 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
8105 return ERR_ALERT | ERR_FATAL;
8106 }
8107 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8108 if (!strcmp(argv, methodVersions[i].name))
8109 v = i;
8110 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008111 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008112 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008113 return ERR_ALERT | ERR_FATAL;
8114 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008115 if (!strcmp("ssl-min-ver", args[cur_arg]))
8116 methods->min = v;
8117 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8118 methods->max = v;
8119 else {
8120 if (err)
8121 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8122 return ERR_ALERT | ERR_FATAL;
8123 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008124 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008125}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008126
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008127static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8128{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008129#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008130 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008131#endif
8132 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8133}
8134
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008135static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8136{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008137 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008138}
8139
8140static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8141{
8142 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8143}
8144
Emeric Brun2d0c4822012-10-02 13:45:20 +02008145/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008146static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008147{
Emeric Brun89675492012-10-05 13:48:26 +02008148 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008149 return 0;
8150}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008151
Olivier Houchardc2aae742017-09-22 18:26:28 +02008152/* parse the "allow-0rtt" bind keyword */
8153static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8154{
8155 conf->early_data = 1;
8156 return 0;
8157}
8158
8159static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8160{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008161 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008162 return 0;
8163}
8164
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008165/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008166static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008167{
Bernard Spil13c53f82018-02-15 13:34:58 +01008168#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008169 char *p1, *p2;
8170
8171 if (!*args[cur_arg + 1]) {
8172 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8173 return ERR_ALERT | ERR_FATAL;
8174 }
8175
8176 free(conf->npn_str);
8177
Willy Tarreau3724da12016-02-12 17:11:12 +01008178 /* the NPN string is built as a suite of (<len> <name>)*,
8179 * so we reuse each comma to store the next <len> and need
8180 * one more for the end of the string.
8181 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008182 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008183 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008184 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8185
8186 /* replace commas with the name length */
8187 p1 = conf->npn_str;
8188 p2 = p1 + 1;
8189 while (1) {
8190 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8191 if (!p2)
8192 p2 = p1 + 1 + strlen(p1 + 1);
8193
8194 if (p2 - (p1 + 1) > 255) {
8195 *p2 = '\0';
8196 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8197 return ERR_ALERT | ERR_FATAL;
8198 }
8199
8200 *p1 = p2 - (p1 + 1);
8201 p1 = p2;
8202
8203 if (!*p2)
8204 break;
8205
8206 *(p2++) = '\0';
8207 }
8208 return 0;
8209#else
8210 if (err)
8211 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8212 return ERR_ALERT | ERR_FATAL;
8213#endif
8214}
8215
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008216static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8217{
8218 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8219}
8220
Willy Tarreauab861d32013-04-02 02:30:41 +02008221/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008222static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008223{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008224#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008225 char *p1, *p2;
8226
8227 if (!*args[cur_arg + 1]) {
8228 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8229 return ERR_ALERT | ERR_FATAL;
8230 }
8231
8232 free(conf->alpn_str);
8233
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008234 /* the ALPN string is built as a suite of (<len> <name>)*,
8235 * so we reuse each comma to store the next <len> and need
8236 * one more for the end of the string.
8237 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008238 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008239 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008240 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8241
8242 /* replace commas with the name length */
8243 p1 = conf->alpn_str;
8244 p2 = p1 + 1;
8245 while (1) {
8246 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8247 if (!p2)
8248 p2 = p1 + 1 + strlen(p1 + 1);
8249
8250 if (p2 - (p1 + 1) > 255) {
8251 *p2 = '\0';
8252 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8253 return ERR_ALERT | ERR_FATAL;
8254 }
8255
8256 *p1 = p2 - (p1 + 1);
8257 p1 = p2;
8258
8259 if (!*p2)
8260 break;
8261
8262 *(p2++) = '\0';
8263 }
8264 return 0;
8265#else
8266 if (err)
8267 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8268 return ERR_ALERT | ERR_FATAL;
8269#endif
8270}
8271
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008272static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8273{
8274 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8275}
8276
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008277/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008278static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008279{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008280 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008281 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008282
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008283 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8284 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008285#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008286 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8287 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8288#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008289 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008290 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8291 if (!conf->ssl_conf.ssl_methods.min)
8292 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8293 if (!conf->ssl_conf.ssl_methods.max)
8294 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008295
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008296 return 0;
8297}
8298
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008299/* parse the "prefer-client-ciphers" bind keyword */
8300static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8301{
8302 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8303 return 0;
8304}
8305
Christopher Faulet31af49d2015-06-09 17:29:50 +02008306/* parse the "generate-certificates" bind keyword */
8307static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8308{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008309#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008310 conf->generate_certs = 1;
8311#else
8312 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8313 err && *err ? *err : "");
8314#endif
8315 return 0;
8316}
8317
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008318/* parse the "strict-sni" bind keyword */
8319static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8320{
8321 conf->strict_sni = 1;
8322 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008323}
8324
8325/* parse the "tls-ticket-keys" bind keyword */
8326static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8327{
8328#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008329 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008330 int i = 0;
8331 char thisline[LINESIZE];
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008332 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008333
8334 if (!*args[cur_arg + 1]) {
8335 if (err)
8336 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008337 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008338 }
8339
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008340 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008341 if (keys_ref) {
8342 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008343 conf->keys_ref = keys_ref;
8344 return 0;
8345 }
8346
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008347 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008348 if (!keys_ref) {
8349 if (err)
8350 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008351 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008352 }
8353
Emeric Brun9e754772019-01-10 17:51:55 +01008354 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008355 if (!keys_ref->tlskeys) {
Emeric Brun09852f72019-01-10 10:51:13 +01008356 if (err)
8357 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008358 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008359 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008360
8361 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
8362 if (err)
8363 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008364 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008365 }
8366
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008367 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008368 if (!keys_ref->filename) {
Emeric Brun09852f72019-01-10 10:51:13 +01008369 if (err)
8370 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008371 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008372 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008373
Emeric Brun9e754772019-01-10 17:51:55 +01008374 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008375 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8376 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008377 int dec_size;
8378
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008379 /* Strip newline characters from the end */
8380 if(thisline[len - 1] == '\n')
8381 thisline[--len] = 0;
8382
8383 if(thisline[len - 1] == '\r')
8384 thisline[--len] = 0;
8385
Emeric Brun9e754772019-01-10 17:51:55 +01008386 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8387 if (dec_size < 0) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008388 if (err)
8389 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008390 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008391 }
Emeric Brun9e754772019-01-10 17:51:55 +01008392 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8393 keys_ref->key_size_bits = 128;
8394 }
8395 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8396 keys_ref->key_size_bits = 256;
8397 }
8398 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8399 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8400 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Emeric Brun9e754772019-01-10 17:51:55 +01008401 if (err)
8402 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008403 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01008404 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008405 i++;
8406 }
8407
8408 if (i < TLS_TICKETS_NO) {
8409 if (err)
8410 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008411 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008412 }
8413
8414 fclose(f);
8415
8416 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008417 i -= 2;
8418 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008419 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008420 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008421 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008422 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008423
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008424 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8425
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008426 return 0;
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008427
8428 fail:
8429 if (f)
8430 fclose(f);
8431 if (keys_ref) {
8432 free(keys_ref->filename);
8433 free(keys_ref->tlskeys);
8434 free(keys_ref);
8435 }
8436 return ERR_ALERT | ERR_FATAL;
8437
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008438#else
8439 if (err)
8440 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8441 return ERR_ALERT | ERR_FATAL;
8442#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008443}
8444
Emeric Brund94b3fe2012-09-20 18:23:56 +02008445/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008446static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008447{
8448 if (!*args[cur_arg + 1]) {
8449 if (err)
8450 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8451 return ERR_ALERT | ERR_FATAL;
8452 }
8453
8454 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008455 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008456 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008457 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008458 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008459 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008460 else {
8461 if (err)
8462 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8463 args[cur_arg], args[cur_arg + 1]);
8464 return ERR_ALERT | ERR_FATAL;
8465 }
8466
8467 return 0;
8468}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008469static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8470{
8471 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8472}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008473
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008474/* parse the "no-ca-names" bind keyword */
8475static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8476{
8477 conf->no_ca_names = 1;
8478 return 0;
8479}
8480static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8481{
8482 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8483}
8484
Willy Tarreau92faadf2012-10-10 23:04:25 +02008485/************** "server" keywords ****************/
8486
Olivier Houchardc7566002018-11-20 23:33:50 +01008487/* parse the "npn" bind keyword */
8488static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8489{
8490#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8491 char *p1, *p2;
8492
8493 if (!*args[*cur_arg + 1]) {
8494 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8495 return ERR_ALERT | ERR_FATAL;
8496 }
8497
8498 free(newsrv->ssl_ctx.npn_str);
8499
8500 /* the NPN string is built as a suite of (<len> <name>)*,
8501 * so we reuse each comma to store the next <len> and need
8502 * one more for the end of the string.
8503 */
8504 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8505 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8506 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8507 newsrv->ssl_ctx.npn_len);
8508
8509 /* replace commas with the name length */
8510 p1 = newsrv->ssl_ctx.npn_str;
8511 p2 = p1 + 1;
8512 while (1) {
8513 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8514 newsrv->ssl_ctx.npn_len - (p1 + 1));
8515 if (!p2)
8516 p2 = p1 + 1 + strlen(p1 + 1);
8517
8518 if (p2 - (p1 + 1) > 255) {
8519 *p2 = '\0';
8520 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8521 return ERR_ALERT | ERR_FATAL;
8522 }
8523
8524 *p1 = p2 - (p1 + 1);
8525 p1 = p2;
8526
8527 if (!*p2)
8528 break;
8529
8530 *(p2++) = '\0';
8531 }
8532 return 0;
8533#else
8534 if (err)
8535 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8536 return ERR_ALERT | ERR_FATAL;
8537#endif
8538}
8539
Olivier Houchard92150142018-12-21 19:47:01 +01008540/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008541static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8542{
8543#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8544 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008545 char **alpn_str;
8546 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008547
Olivier Houchard92150142018-12-21 19:47:01 +01008548 if (*args[*cur_arg] == 'c') {
8549 alpn_str = &newsrv->check.alpn_str;
8550 alpn_len = &newsrv->check.alpn_len;
8551 } else {
8552 alpn_str = &newsrv->ssl_ctx.alpn_str;
8553 alpn_len = &newsrv->ssl_ctx.alpn_len;
8554
8555 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008556 if (!*args[*cur_arg + 1]) {
8557 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8558 return ERR_ALERT | ERR_FATAL;
8559 }
8560
Olivier Houchard92150142018-12-21 19:47:01 +01008561 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008562
8563 /* the ALPN string is built as a suite of (<len> <name>)*,
8564 * so we reuse each comma to store the next <len> and need
8565 * one more for the end of the string.
8566 */
Olivier Houchard92150142018-12-21 19:47:01 +01008567 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8568 *alpn_str = calloc(1, *alpn_len + 1);
8569 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008570
8571 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008572 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008573 p2 = p1 + 1;
8574 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008575 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008576 if (!p2)
8577 p2 = p1 + 1 + strlen(p1 + 1);
8578
8579 if (p2 - (p1 + 1) > 255) {
8580 *p2 = '\0';
8581 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8582 return ERR_ALERT | ERR_FATAL;
8583 }
8584
8585 *p1 = p2 - (p1 + 1);
8586 p1 = p2;
8587
8588 if (!*p2)
8589 break;
8590
8591 *(p2++) = '\0';
8592 }
8593 return 0;
8594#else
8595 if (err)
8596 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8597 return ERR_ALERT | ERR_FATAL;
8598#endif
8599}
8600
Emeric Brunef42d922012-10-11 16:11:36 +02008601/* parse the "ca-file" server keyword */
8602static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8603{
8604 if (!*args[*cur_arg + 1]) {
8605 if (err)
8606 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8607 return ERR_ALERT | ERR_FATAL;
8608 }
8609
Willy Tarreauef934602016-12-22 23:12:01 +01008610 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8611 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008612 else
8613 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8614
8615 return 0;
8616}
8617
Olivier Houchard9130a962017-10-17 17:33:43 +02008618/* parse the "check-sni" server keyword */
8619static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8620{
8621 if (!*args[*cur_arg + 1]) {
8622 if (err)
8623 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8624 return ERR_ALERT | ERR_FATAL;
8625 }
8626
8627 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8628 if (!newsrv->check.sni) {
8629 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8630 return ERR_ALERT | ERR_FATAL;
8631 }
8632 return 0;
8633
8634}
8635
Willy Tarreau92faadf2012-10-10 23:04:25 +02008636/* parse the "check-ssl" server keyword */
8637static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8638{
8639 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008640 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8641 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008642#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008643 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8644 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8645#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008646 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008647 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8648 if (!newsrv->ssl_ctx.methods.min)
8649 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8650 if (!newsrv->ssl_ctx.methods.max)
8651 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8652
Willy Tarreau92faadf2012-10-10 23:04:25 +02008653 return 0;
8654}
8655
8656/* parse the "ciphers" server keyword */
8657static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8658{
8659 if (!*args[*cur_arg + 1]) {
8660 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8661 return ERR_ALERT | ERR_FATAL;
8662 }
8663
8664 free(newsrv->ssl_ctx.ciphers);
8665 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8666 return 0;
8667}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008668
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008669#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008670/* parse the "ciphersuites" server keyword */
8671static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8672{
8673 if (!*args[*cur_arg + 1]) {
8674 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8675 return ERR_ALERT | ERR_FATAL;
8676 }
8677
8678 free(newsrv->ssl_ctx.ciphersuites);
8679 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8680 return 0;
8681}
8682#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008683
Emeric Brunef42d922012-10-11 16:11:36 +02008684/* parse the "crl-file" server keyword */
8685static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8686{
8687#ifndef X509_V_FLAG_CRL_CHECK
8688 if (err)
8689 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8690 return ERR_ALERT | ERR_FATAL;
8691#else
8692 if (!*args[*cur_arg + 1]) {
8693 if (err)
8694 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8695 return ERR_ALERT | ERR_FATAL;
8696 }
8697
Willy Tarreauef934602016-12-22 23:12:01 +01008698 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8699 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008700 else
8701 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8702
8703 return 0;
8704#endif
8705}
8706
Emeric Bruna7aa3092012-10-26 12:58:00 +02008707/* parse the "crt" server keyword */
8708static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8709{
8710 if (!*args[*cur_arg + 1]) {
8711 if (err)
8712 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8713 return ERR_ALERT | ERR_FATAL;
8714 }
8715
Willy Tarreauef934602016-12-22 23:12:01 +01008716 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008717 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008718 else
8719 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8720
8721 return 0;
8722}
Emeric Brunef42d922012-10-11 16:11:36 +02008723
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008724/* parse the "no-check-ssl" server keyword */
8725static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8726{
8727 newsrv->check.use_ssl = 0;
8728 free(newsrv->ssl_ctx.ciphers);
8729 newsrv->ssl_ctx.ciphers = NULL;
8730 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8731 return 0;
8732}
8733
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008734/* parse the "no-send-proxy-v2-ssl" server keyword */
8735static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8736{
8737 newsrv->pp_opts &= ~SRV_PP_V2;
8738 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8739 return 0;
8740}
8741
8742/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8743static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8744{
8745 newsrv->pp_opts &= ~SRV_PP_V2;
8746 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8747 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8748 return 0;
8749}
8750
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008751/* parse the "no-ssl" server keyword */
8752static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8753{
8754 newsrv->use_ssl = 0;
8755 free(newsrv->ssl_ctx.ciphers);
8756 newsrv->ssl_ctx.ciphers = NULL;
8757 return 0;
8758}
8759
Olivier Houchard522eea72017-11-03 16:27:47 +01008760/* parse the "allow-0rtt" server keyword */
8761static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8762{
8763 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8764 return 0;
8765}
8766
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008767/* parse the "no-ssl-reuse" server keyword */
8768static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8769{
8770 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8771 return 0;
8772}
8773
Emeric Brunf9c5c472012-10-11 15:28:34 +02008774/* parse the "no-tls-tickets" server keyword */
8775static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8776{
8777 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8778 return 0;
8779}
David Safb76832014-05-08 23:42:08 -04008780/* parse the "send-proxy-v2-ssl" server keyword */
8781static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8782{
8783 newsrv->pp_opts |= SRV_PP_V2;
8784 newsrv->pp_opts |= SRV_PP_V2_SSL;
8785 return 0;
8786}
8787
8788/* parse the "send-proxy-v2-ssl-cn" server keyword */
8789static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8790{
8791 newsrv->pp_opts |= SRV_PP_V2;
8792 newsrv->pp_opts |= SRV_PP_V2_SSL;
8793 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8794 return 0;
8795}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008796
Willy Tarreau732eac42015-07-09 11:40:25 +02008797/* parse the "sni" server keyword */
8798static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8799{
8800#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8801 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8802 return ERR_ALERT | ERR_FATAL;
8803#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008804 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008805
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008806 arg = args[*cur_arg + 1];
8807 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008808 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8809 return ERR_ALERT | ERR_FATAL;
8810 }
8811
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008812 free(newsrv->sni_expr);
8813 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008814
Willy Tarreau732eac42015-07-09 11:40:25 +02008815 return 0;
8816#endif
8817}
8818
Willy Tarreau92faadf2012-10-10 23:04:25 +02008819/* parse the "ssl" server keyword */
8820static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8821{
8822 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008823 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8824 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008825#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008826 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8827 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8828#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008829 return 0;
8830}
8831
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008832/* parse the "ssl-reuse" server keyword */
8833static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8834{
8835 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8836 return 0;
8837}
8838
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008839/* parse the "tls-tickets" server keyword */
8840static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8841{
8842 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8843 return 0;
8844}
8845
Emeric Brunef42d922012-10-11 16:11:36 +02008846/* parse the "verify" server keyword */
8847static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8848{
8849 if (!*args[*cur_arg + 1]) {
8850 if (err)
8851 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8852 return ERR_ALERT | ERR_FATAL;
8853 }
8854
8855 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008856 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008857 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008858 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008859 else {
8860 if (err)
8861 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8862 args[*cur_arg], args[*cur_arg + 1]);
8863 return ERR_ALERT | ERR_FATAL;
8864 }
8865
Evan Broderbe554312013-06-27 00:05:25 -07008866 return 0;
8867}
8868
8869/* parse the "verifyhost" server keyword */
8870static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8871{
8872 if (!*args[*cur_arg + 1]) {
8873 if (err)
8874 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8875 return ERR_ALERT | ERR_FATAL;
8876 }
8877
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008878 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008879 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8880
Emeric Brunef42d922012-10-11 16:11:36 +02008881 return 0;
8882}
8883
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008884/* parse the "ssl-default-bind-options" keyword in global section */
8885static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8886 struct proxy *defpx, const char *file, int line,
8887 char **err) {
8888 int i = 1;
8889
8890 if (*(args[i]) == 0) {
8891 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8892 return -1;
8893 }
8894 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008895 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008896 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008897 else if (!strcmp(args[i], "prefer-client-ciphers"))
8898 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008899 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8900 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8901 i++;
8902 else {
8903 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8904 return -1;
8905 }
8906 }
8907 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008908 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8909 return -1;
8910 }
8911 i++;
8912 }
8913 return 0;
8914}
8915
8916/* parse the "ssl-default-server-options" keyword in global section */
8917static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8918 struct proxy *defpx, const char *file, int line,
8919 char **err) {
8920 int i = 1;
8921
8922 if (*(args[i]) == 0) {
8923 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8924 return -1;
8925 }
8926 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008927 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008928 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008929 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8930 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8931 i++;
8932 else {
8933 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8934 return -1;
8935 }
8936 }
8937 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008938 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8939 return -1;
8940 }
8941 i++;
8942 }
8943 return 0;
8944}
8945
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008946/* parse the "ca-base" / "crt-base" keywords in global section.
8947 * Returns <0 on alert, >0 on warning, 0 on success.
8948 */
8949static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8950 struct proxy *defpx, const char *file, int line,
8951 char **err)
8952{
8953 char **target;
8954
Willy Tarreauef934602016-12-22 23:12:01 +01008955 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008956
8957 if (too_many_args(1, args, err, NULL))
8958 return -1;
8959
8960 if (*target) {
8961 memprintf(err, "'%s' already specified.", args[0]);
8962 return -1;
8963 }
8964
8965 if (*(args[1]) == 0) {
8966 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8967 return -1;
8968 }
8969 *target = strdup(args[1]);
8970 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008971}
8972
8973/* parse the "ssl-mode-async" keyword in global section.
8974 * Returns <0 on alert, >0 on warning, 0 on success.
8975 */
8976static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8977 struct proxy *defpx, const char *file, int line,
8978 char **err)
8979{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008980#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008981 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008982 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008983 return 0;
8984#else
8985 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8986 return -1;
8987#endif
8988}
8989
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008990#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008991static int ssl_check_async_engine_count(void) {
8992 int err_code = 0;
8993
Emeric Brun3854e012017-05-17 20:42:48 +02008994 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008995 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008996 err_code = ERR_ABORT;
8997 }
8998 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008999}
9000
Grant Zhang872f9c22017-01-21 01:10:18 +00009001/* parse the "ssl-engine" keyword in global section.
9002 * Returns <0 on alert, >0 on warning, 0 on success.
9003 */
9004static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9005 struct proxy *defpx, const char *file, int line,
9006 char **err)
9007{
9008 char *algo;
9009 int ret = -1;
9010
9011 if (*(args[1]) == 0) {
9012 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9013 return ret;
9014 }
9015
9016 if (*(args[2]) == 0) {
9017 /* if no list of algorithms is given, it defaults to ALL */
9018 algo = strdup("ALL");
9019 goto add_engine;
9020 }
9021
9022 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9023 if (strcmp(args[2], "algo") != 0) {
9024 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9025 return ret;
9026 }
9027
9028 if (*(args[3]) == 0) {
9029 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9030 return ret;
9031 }
9032 algo = strdup(args[3]);
9033
9034add_engine:
9035 if (ssl_init_single_engine(args[1], algo)==0) {
9036 openssl_engines_initialized++;
9037 ret = 0;
9038 }
9039 free(algo);
9040 return ret;
9041}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009042#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009043
Willy Tarreauf22e9682016-12-21 23:23:19 +01009044/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9045 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9046 */
9047static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9048 struct proxy *defpx, const char *file, int line,
9049 char **err)
9050{
9051 char **target;
9052
Willy Tarreauef934602016-12-22 23:12:01 +01009053 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009054
9055 if (too_many_args(1, args, err, NULL))
9056 return -1;
9057
9058 if (*(args[1]) == 0) {
9059 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9060 return -1;
9061 }
9062
9063 free(*target);
9064 *target = strdup(args[1]);
9065 return 0;
9066}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009067
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009068#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009069/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9070 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9071 */
9072static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9073 struct proxy *defpx, const char *file, int line,
9074 char **err)
9075{
9076 char **target;
9077
9078 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9079
9080 if (too_many_args(1, args, err, NULL))
9081 return -1;
9082
9083 if (*(args[1]) == 0) {
9084 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9085 return -1;
9086 }
9087
9088 free(*target);
9089 *target = strdup(args[1]);
9090 return 0;
9091}
9092#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009093
Willy Tarreau9ceda382016-12-21 23:13:03 +01009094/* parse various global tune.ssl settings consisting in positive integers.
9095 * Returns <0 on alert, >0 on warning, 0 on success.
9096 */
9097static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9098 struct proxy *defpx, const char *file, int line,
9099 char **err)
9100{
9101 int *target;
9102
9103 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9104 target = &global.tune.sslcachesize;
9105 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009106 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009107 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009108 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009109 else if (strcmp(args[0], "maxsslconn") == 0)
9110 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009111 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9112 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009113 else {
9114 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9115 return -1;
9116 }
9117
9118 if (too_many_args(1, args, err, NULL))
9119 return -1;
9120
9121 if (*(args[1]) == 0) {
9122 memprintf(err, "'%s' expects an integer argument.", args[0]);
9123 return -1;
9124 }
9125
9126 *target = atoi(args[1]);
9127 if (*target < 0) {
9128 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9129 return -1;
9130 }
9131 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009132}
9133
9134static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9135 struct proxy *defpx, const char *file, int line,
9136 char **err)
9137{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009138 int ret;
9139
9140 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9141 if (ret != 0)
9142 return ret;
9143
Willy Tarreaubafbe012017-11-24 17:34:44 +01009144 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009145 memprintf(err, "'%s' is already configured.", args[0]);
9146 return -1;
9147 }
9148
Willy Tarreaubafbe012017-11-24 17:34:44 +01009149 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9150 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009151 memprintf(err, "Out of memory error.");
9152 return -1;
9153 }
9154 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009155}
9156
9157/* parse "ssl.force-private-cache".
9158 * Returns <0 on alert, >0 on warning, 0 on success.
9159 */
9160static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9161 struct proxy *defpx, const char *file, int line,
9162 char **err)
9163{
9164 if (too_many_args(0, args, err, NULL))
9165 return -1;
9166
Willy Tarreauef934602016-12-22 23:12:01 +01009167 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009168 return 0;
9169}
9170
9171/* parse "ssl.lifetime".
9172 * Returns <0 on alert, >0 on warning, 0 on success.
9173 */
9174static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9175 struct proxy *defpx, const char *file, int line,
9176 char **err)
9177{
9178 const char *res;
9179
9180 if (too_many_args(1, args, err, NULL))
9181 return -1;
9182
9183 if (*(args[1]) == 0) {
9184 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9185 return -1;
9186 }
9187
Willy Tarreauef934602016-12-22 23:12:01 +01009188 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009189 if (res == PARSE_TIME_OVER) {
9190 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9191 args[1], args[0]);
9192 return -1;
9193 }
9194 else if (res == PARSE_TIME_UNDER) {
9195 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9196 args[1], args[0]);
9197 return -1;
9198 }
9199 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009200 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9201 return -1;
9202 }
9203 return 0;
9204}
9205
9206#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009207/* parse "ssl-dh-param-file".
9208 * Returns <0 on alert, >0 on warning, 0 on success.
9209 */
9210static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9211 struct proxy *defpx, const char *file, int line,
9212 char **err)
9213{
9214 if (too_many_args(1, args, err, NULL))
9215 return -1;
9216
9217 if (*(args[1]) == 0) {
9218 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9219 return -1;
9220 }
9221
9222 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9223 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9224 return -1;
9225 }
9226 return 0;
9227}
9228
Willy Tarreau9ceda382016-12-21 23:13:03 +01009229/* parse "ssl.default-dh-param".
9230 * Returns <0 on alert, >0 on warning, 0 on success.
9231 */
9232static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9233 struct proxy *defpx, const char *file, int line,
9234 char **err)
9235{
9236 if (too_many_args(1, args, err, NULL))
9237 return -1;
9238
9239 if (*(args[1]) == 0) {
9240 memprintf(err, "'%s' expects an integer argument.", args[0]);
9241 return -1;
9242 }
9243
Willy Tarreauef934602016-12-22 23:12:01 +01009244 global_ssl.default_dh_param = atoi(args[1]);
9245 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009246 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9247 return -1;
9248 }
9249 return 0;
9250}
9251#endif
9252
9253
William Lallemand32af2032016-10-29 18:09:35 +02009254/* This function is used with TLS ticket keys management. It permits to browse
9255 * each reference. The variable <getnext> must contain the current node,
9256 * <end> point to the root node.
9257 */
9258#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9259static inline
9260struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9261{
9262 struct tls_keys_ref *ref = getnext;
9263
9264 while (1) {
9265
9266 /* Get next list entry. */
9267 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9268
9269 /* If the entry is the last of the list, return NULL. */
9270 if (&ref->list == end)
9271 return NULL;
9272
9273 return ref;
9274 }
9275}
9276
9277static inline
9278struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9279{
9280 int id;
9281 char *error;
9282
9283 /* If the reference starts by a '#', this is numeric id. */
9284 if (reference[0] == '#') {
9285 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9286 id = strtol(reference + 1, &error, 10);
9287 if (*error != '\0')
9288 return NULL;
9289
9290 /* Perform the unique id lookup. */
9291 return tlskeys_ref_lookupid(id);
9292 }
9293
9294 /* Perform the string lookup. */
9295 return tlskeys_ref_lookup(reference);
9296}
9297#endif
9298
9299
9300#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9301
9302static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9303
9304static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9305 return cli_io_handler_tlskeys_files(appctx);
9306}
9307
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009308/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9309 * (next index to be dumped), and cli.p0 (next key reference).
9310 */
William Lallemand32af2032016-10-29 18:09:35 +02009311static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9312
9313 struct stream_interface *si = appctx->owner;
9314
9315 switch (appctx->st2) {
9316 case STAT_ST_INIT:
9317 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009318 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009319 * later and restart at the state "STAT_ST_INIT".
9320 */
9321 chunk_reset(&trash);
9322
9323 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9324 chunk_appendf(&trash, "# id secret\n");
9325 else
9326 chunk_appendf(&trash, "# id (file)\n");
9327
Willy Tarreau06d80a92017-10-19 14:32:15 +02009328 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009329 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009330 return 0;
9331 }
9332
William Lallemand32af2032016-10-29 18:09:35 +02009333 /* Now, we start the browsing of the references lists.
9334 * Note that the following call to LIST_ELEM return bad pointer. The only
9335 * available field of this pointer is <list>. It is used with the function
9336 * tlskeys_list_get_next() for retruning the first available entry
9337 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009338 if (appctx->ctx.cli.p0 == NULL) {
9339 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9340 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009341 }
9342
9343 appctx->st2 = STAT_ST_LIST;
9344 /* fall through */
9345
9346 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009347 while (appctx->ctx.cli.p0) {
9348 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009349
9350 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009351 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009352 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009353
9354 if (appctx->ctx.cli.i1 == 0)
9355 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9356
William Lallemand32af2032016-10-29 18:09:35 +02009357 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009358 int head;
9359
9360 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9361 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009362 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009363 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009364
9365 chunk_reset(t2);
9366 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009367 if (ref->key_size_bits == 128) {
9368 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9369 sizeof(struct tls_sess_key_128),
9370 t2->area, t2->size);
9371 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9372 t2->area);
9373 }
9374 else if (ref->key_size_bits == 256) {
9375 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9376 sizeof(struct tls_sess_key_256),
9377 t2->area, t2->size);
9378 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9379 t2->area);
9380 }
9381 else {
9382 /* This case should never happen */
9383 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9384 }
William Lallemand32af2032016-10-29 18:09:35 +02009385
Willy Tarreau06d80a92017-10-19 14:32:15 +02009386 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009387 /* let's try again later from this stream. We add ourselves into
9388 * this stream's users so that it can remove us upon termination.
9389 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009390 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009391 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009392 return 0;
9393 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009394 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009395 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009396 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009397 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009398 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009399 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009400 /* let's try again later from this stream. We add ourselves into
9401 * this stream's users so that it can remove us upon termination.
9402 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009403 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009404 return 0;
9405 }
9406
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009407 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009408 break;
9409
9410 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009411 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009412 }
9413
9414 appctx->st2 = STAT_ST_FIN;
9415 /* fall through */
9416
9417 default:
9418 appctx->st2 = STAT_ST_FIN;
9419 return 1;
9420 }
9421 return 0;
9422}
9423
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009424/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009425static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009426{
William Lallemand32af2032016-10-29 18:09:35 +02009427 /* no parameter, shows only file list */
9428 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009429 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009430 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009431 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009432 }
9433
9434 if (args[2][0] == '*') {
9435 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009436 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009437 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009438 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
9439 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009440 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009441 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009442 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009443 return 1;
9444 }
9445 }
William Lallemand32af2032016-10-29 18:09:35 +02009446 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009447 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009448}
9449
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009450static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009451{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009452 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009453 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009454
William Lallemand32af2032016-10-29 18:09:35 +02009455 /* Expect two parameters: the filename and the new new TLS key in encoding */
9456 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009457 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009458 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009459 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009460 return 1;
9461 }
9462
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009463 ref = tlskeys_ref_lookup_ref(args[3]);
9464 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009465 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009466 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009467 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009468 return 1;
9469 }
9470
Willy Tarreau1c913e42018-08-22 05:26:57 +02009471 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009472 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009473 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009474 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009475 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009476 return 1;
9477 }
Emeric Brun9e754772019-01-10 17:51:55 +01009478
Willy Tarreau1c913e42018-08-22 05:26:57 +02009479 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009480 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9481 appctx->ctx.cli.severity = LOG_ERR;
9482 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9483 appctx->st0 = CLI_ST_PRINT;
9484 return 1;
9485 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009486 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009487 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009488 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009489 return 1;
9490
9491}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009492#endif
William Lallemand32af2032016-10-29 18:09:35 +02009493
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009494static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009495{
9496#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9497 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009498 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009499
9500 if (!payload)
9501 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009502
9503 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009504 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009505 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009506 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009507 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009508 return 1;
9509 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009510
9511 /* remove \r and \n from the payload */
9512 for (i = 0, j = 0; payload[i]; i++) {
9513 if (payload[i] == '\r' || payload[i] == '\n')
9514 continue;
9515 payload[j++] = payload[i];
9516 }
9517 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009518
Willy Tarreau1c913e42018-08-22 05:26:57 +02009519 ret = base64dec(payload, j, trash.area, trash.size);
9520 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009521 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009522 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009523 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009524 return 1;
9525 }
9526
Willy Tarreau1c913e42018-08-22 05:26:57 +02009527 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009528 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9529 if (err) {
9530 memprintf(&err, "%s.\n", err);
9531 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009532 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009533 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009534 else {
9535 appctx->ctx.cli.severity = LOG_ERR;
9536 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9537 appctx->st0 = CLI_ST_PRINT;
9538 }
William Lallemand32af2032016-10-29 18:09:35 +02009539 return 1;
9540 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009541 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009542 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009543 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009544 return 1;
9545#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009546 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009547 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009548 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009549 return 1;
9550#endif
9551
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009552}
9553
Willy Tarreau86a394e2019-05-09 14:15:32 +02009554#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009555static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9556{
9557 switch (arg->type) {
9558 case ARGT_STR:
9559 smp->data.type = SMP_T_STR;
9560 smp->data.u.str = arg->data.str;
9561 return 1;
9562 case ARGT_VAR:
9563 if (!vars_get_by_desc(&arg->data.var, smp))
9564 return 0;
9565 if (!sample_casts[smp->data.type][SMP_T_STR])
9566 return 0;
9567 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9568 return 0;
9569 return 1;
9570 default:
9571 return 0;
9572 }
9573}
9574
9575static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9576 const char *file, int line, char **err)
9577{
9578 switch(args[0].data.sint) {
9579 case 128:
9580 case 192:
9581 case 256:
9582 break;
9583 default:
9584 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9585 return 0;
9586 }
9587 /* Try to decode a variable. */
9588 vars_check_arg(&args[1], NULL);
9589 vars_check_arg(&args[2], NULL);
9590 vars_check_arg(&args[3], NULL);
9591 return 1;
9592}
9593
9594/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9595static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9596{
9597 struct sample nonce, key, aead_tag;
9598 struct buffer *smp_trash, *smp_trash_alloc;
9599 EVP_CIPHER_CTX *ctx;
9600 int dec_size, ret;
9601
9602 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9603 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9604 return 0;
9605
9606 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9607 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9608 return 0;
9609
9610 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9611 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9612 return 0;
9613
9614 smp_trash = get_trash_chunk();
9615 smp_trash_alloc = alloc_trash_chunk();
9616 if (!smp_trash_alloc)
9617 return 0;
9618
9619 ctx = EVP_CIPHER_CTX_new();
9620
9621 if (!ctx)
9622 goto err;
9623
9624 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9625 if (dec_size < 0)
9626 goto err;
9627 smp_trash->data = dec_size;
9628
9629 /* Set cipher type and mode */
9630 switch(arg_p[0].data.sint) {
9631 case 128:
9632 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9633 break;
9634 case 192:
9635 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9636 break;
9637 case 256:
9638 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9639 break;
9640 }
9641
9642 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9643
9644 /* Initialise IV */
9645 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9646 goto err;
9647
9648 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9649 if (dec_size < 0)
9650 goto err;
9651 smp_trash->data = dec_size;
9652
9653 /* Initialise key */
9654 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9655 goto err;
9656
9657 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9658 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9659 goto err;
9660
9661 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9662 if (dec_size < 0)
9663 goto err;
9664 smp_trash_alloc->data = dec_size;
9665 dec_size = smp_trash->data;
9666
9667 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9668 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9669
9670 if (ret <= 0)
9671 goto err;
9672
9673 smp->data.u.str.data = dec_size + smp_trash->data;
9674 smp->data.u.str.area = smp_trash->area;
9675 smp->data.type = SMP_T_BIN;
9676 smp->flags &= ~SMP_F_CONST;
9677 free_trash_chunk(smp_trash_alloc);
9678 return 1;
9679
9680err:
9681 free_trash_chunk(smp_trash_alloc);
9682 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009683}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009684# endif
William Lallemand32af2032016-10-29 18:09:35 +02009685
9686/* register cli keywords */
9687static struct cli_kw_list cli_kws = {{ },{
9688#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9689 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009690 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009691#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009692 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009693 { { NULL }, NULL, NULL, NULL }
9694}};
9695
Willy Tarreau0108d902018-11-25 19:14:37 +01009696INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009697
Willy Tarreau7875d092012-09-10 08:20:03 +02009698/* Note: must not be declared <const> as its list will be overwritten.
9699 * Please take care of keeping this list alphabetically sorted.
9700 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009701static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009702 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009703 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009704#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009705 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009706#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009707 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009708#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9709 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9710#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009711 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009712 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009713 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009714 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009715#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009716 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009717#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009718#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009719 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9720 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -04009721 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9722#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009723 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9724 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009725 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009726 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009727 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9728 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9729 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9730 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9731 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9732 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9733 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9734 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009735 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009736 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9737 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009738 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009739 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9740 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9741 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9742 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9743 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9744 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9745 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009746 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009747 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009748 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009749 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009750 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009751 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009752 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009753 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009754 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009755#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009756 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009757#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009758#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009759 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009760#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009761 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009762#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009763 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009764#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009765 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009766#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009767 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009768#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009769#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009770 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9771 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -04009772 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9773#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009774#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009775 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009776#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009777 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9778 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9779 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9780 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009781 { NULL, NULL, 0, 0, 0 },
9782}};
9783
Willy Tarreau0108d902018-11-25 19:14:37 +01009784INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9785
Willy Tarreau7875d092012-09-10 08:20:03 +02009786/* Note: must not be declared <const> as its list will be overwritten.
9787 * Please take care of keeping this list alphabetically sorted.
9788 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009789static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009790 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9791 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009792 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009793}};
9794
Willy Tarreau0108d902018-11-25 19:14:37 +01009795INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9796
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009797/* Note: must not be declared <const> as its list will be overwritten.
9798 * Please take care of keeping this list alphabetically sorted, doing so helps
9799 * all code contributors.
9800 * Optional keywords are also declared with a NULL ->parse() function so that
9801 * the config parser can report an appropriate error when a known keyword was
9802 * not enabled.
9803 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009804static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009805 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009806 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9807 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9808 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009809#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009810 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9811#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009812 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009813 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009814 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009815 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009816 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009817 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9818 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009819 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9820 { NULL, NULL, 0 },
9821};
9822
Willy Tarreau0108d902018-11-25 19:14:37 +01009823/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9824
Willy Tarreau51fb7652012-09-18 18:24:39 +02009825static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009826 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009827 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9828 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9829 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9830 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9831 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9832 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009833#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009834 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9835#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009836 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9837 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9838 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9839 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9840 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9841 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9842 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9843 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9844 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9845 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009846 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009847 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009848 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009849 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9850 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9851 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9852 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009853 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009854 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9855 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009856 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9857 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009858 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9859 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9860 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9861 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9862 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009863 { NULL, NULL, 0 },
9864}};
Emeric Brun46591952012-05-18 15:47:34 +02009865
Willy Tarreau0108d902018-11-25 19:14:37 +01009866INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9867
Willy Tarreau92faadf2012-10-10 23:04:25 +02009868/* Note: must not be declared <const> as its list will be overwritten.
9869 * Please take care of keeping this list alphabetically sorted, doing so helps
9870 * all code contributors.
9871 * Optional keywords are also declared with a NULL ->parse() function so that
9872 * the config parser can report an appropriate error when a known keyword was
9873 * not enabled.
9874 */
9875static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009876 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009877 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009878 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009879 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009880 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009881 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9882 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009883#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009884 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9885#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009886 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9887 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9888 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9889 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9890 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9891 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9892 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9893 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9894 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9895 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9896 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9897 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9898 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9899 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9900 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9901 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9902 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9903 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009904 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009905 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9906 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9907 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9908 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9909 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9910 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9911 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9912 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9913 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9914 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009915 { NULL, NULL, 0, 0 },
9916}};
9917
Willy Tarreau0108d902018-11-25 19:14:37 +01009918INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9919
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009920static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009921 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9922 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009923 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009924 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9925 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009926#ifndef OPENSSL_NO_DH
9927 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9928#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009929 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009930#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009931 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009932#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009933 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9934#ifndef OPENSSL_NO_DH
9935 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9936#endif
9937 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9938 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9939 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9940 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009941 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009942 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9943 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009944#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009945 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9946 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9947#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009948 { 0, NULL, NULL },
9949}};
9950
Willy Tarreau0108d902018-11-25 19:14:37 +01009951INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9952
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009953/* Note: must not be declared <const> as its list will be overwritten */
9954static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +02009955#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009956 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9957#endif
9958 { NULL, NULL, 0, 0, 0 },
9959}};
9960
9961INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9962
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009963/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009964static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009965 .snd_buf = ssl_sock_from_buf,
9966 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01009967 .subscribe = ssl_subscribe,
9968 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +02009969 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +02009970 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +02009971 .rcv_pipe = NULL,
9972 .snd_pipe = NULL,
9973 .shutr = NULL,
9974 .shutw = ssl_sock_shutw,
9975 .close = ssl_sock_close,
9976 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009977 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009978 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009979 .prepare_srv = ssl_sock_prepare_srv_ctx,
9980 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009981 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009982 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009983};
9984
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009985enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9986 struct session *sess, struct stream *s, int flags)
9987{
9988 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009989 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009990
9991 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009992 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009993
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009994 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009995 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009996 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009997 s->req.flags |= CF_READ_NULL;
9998 return ACT_RET_YIELD;
9999 }
10000 }
10001 return (ACT_RET_CONT);
10002}
10003
10004static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
10005{
10006 rule->action_ptr = ssl_action_wait_for_hs;
10007
10008 return ACT_RET_PRS_OK;
10009}
10010
10011static struct action_kw_list http_req_actions = {ILH, {
10012 { "wait-for-handshake", ssl_parse_wait_for_hs },
10013 { /* END */ }
10014}};
10015
Willy Tarreau0108d902018-11-25 19:14:37 +010010016INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
10017
Willy Tarreau5db847a2019-05-09 14:13:35 +020010018#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010019
10020static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10021{
10022 if (ptr) {
10023 chunk_destroy(ptr);
10024 free(ptr);
10025 }
10026}
10027
10028#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010029static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10030{
Willy Tarreaubafbe012017-11-24 17:34:44 +010010031 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010032}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010033
Emeric Brun46591952012-05-18 15:47:34 +020010034__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020010035static void __ssl_sock_init(void)
10036{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010037#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010038 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010039 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010040#endif
Emeric Brun46591952012-05-18 15:47:34 +020010041
Willy Tarreauef934602016-12-22 23:12:01 +010010042 if (global_ssl.listen_default_ciphers)
10043 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
10044 if (global_ssl.connect_default_ciphers)
10045 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010046#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010047 if (global_ssl.listen_default_ciphersuites)
10048 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
10049 if (global_ssl.connect_default_ciphersuites)
10050 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
10051#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010010052
Willy Tarreau13e14102016-12-22 20:25:26 +010010053 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010054#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020010055 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080010056#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010057#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010058 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010059 n = sk_SSL_COMP_num(cm);
10060 while (n--) {
10061 (void) sk_SSL_COMP_pop(cm);
10062 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010063#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010064
Willy Tarreau5db847a2019-05-09 14:13:35 +020010065#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010066 ssl_locking_init();
10067#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020010068#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010069 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
10070#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020010071 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020010072 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +010010073 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010074#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010075 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010076 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010077#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010010078#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10079 hap_register_post_check(tlskeys_finalize_config);
10080#endif
Willy Tarreau80713382018-11-26 10:19:54 +010010081
10082 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
10083 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
10084
10085#ifndef OPENSSL_NO_DH
10086 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
10087 hap_register_post_deinit(ssl_free_dh);
10088#endif
10089#ifndef OPENSSL_NO_ENGINE
10090 hap_register_post_deinit(ssl_free_engines);
10091#endif
10092 /* Load SSL string for the verbose & debug mode. */
10093 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020010094 ha_meth = BIO_meth_new(0x666, "ha methods");
10095 BIO_meth_set_write(ha_meth, ha_ssl_write);
10096 BIO_meth_set_read(ha_meth, ha_ssl_read);
10097 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
10098 BIO_meth_set_create(ha_meth, ha_ssl_new);
10099 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
10100 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
10101 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
Willy Tarreau80713382018-11-26 10:19:54 +010010102}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010010103
Willy Tarreau80713382018-11-26 10:19:54 +010010104/* Compute and register the version string */
10105static void ssl_register_build_options()
10106{
10107 char *ptr = NULL;
10108 int i;
10109
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010110 memprintf(&ptr, "Built with OpenSSL version : "
10111#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010112 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010113#else /* OPENSSL_IS_BORINGSSL */
10114 OPENSSL_VERSION_TEXT
10115 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080010116 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020010117 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010118#endif
10119 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010120#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010121 "no (library version too old)"
10122#elif defined(OPENSSL_NO_TLSEXT)
10123 "no (disabled via OPENSSL_NO_TLSEXT)"
10124#else
10125 "yes"
10126#endif
10127 "", ptr);
10128
10129 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
10130#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10131 "yes"
10132#else
10133#ifdef OPENSSL_NO_TLSEXT
10134 "no (because of OPENSSL_NO_TLSEXT)"
10135#else
10136 "no (version might be too old, 0.9.8f min needed)"
10137#endif
10138#endif
10139 "", ptr);
10140
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020010141 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
10142 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
10143 if (methodVersions[i].option)
10144 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010145
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010146 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010010147}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010148
Willy Tarreau80713382018-11-26 10:19:54 +010010149INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020010150
Emeric Brun46591952012-05-18 15:47:34 +020010151
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010152#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010153void ssl_free_engines(void) {
10154 struct ssl_engine_list *wl, *wlb;
10155 /* free up engine list */
10156 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
10157 ENGINE_finish(wl->e);
10158 ENGINE_free(wl->e);
10159 LIST_DEL(&wl->list);
10160 free(wl);
10161 }
10162}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010163#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020010164
Remi Gacogned3a23c32015-05-28 16:39:47 +020010165#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000010166void ssl_free_dh(void) {
10167 if (local_dh_1024) {
10168 DH_free(local_dh_1024);
10169 local_dh_1024 = NULL;
10170 }
10171 if (local_dh_2048) {
10172 DH_free(local_dh_2048);
10173 local_dh_2048 = NULL;
10174 }
10175 if (local_dh_4096) {
10176 DH_free(local_dh_4096);
10177 local_dh_4096 = NULL;
10178 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020010179 if (global_dh) {
10180 DH_free(global_dh);
10181 global_dh = NULL;
10182 }
Grant Zhang872f9c22017-01-21 01:10:18 +000010183}
10184#endif
10185
10186__attribute__((destructor))
10187static void __ssl_sock_deinit(void)
10188{
10189#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010190 if (ssl_ctx_lru_tree) {
10191 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010010192 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020010193 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020010194#endif
10195
Willy Tarreau5db847a2019-05-09 14:13:35 +020010196#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010197 ERR_remove_state(0);
10198 ERR_free_strings();
10199
10200 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080010201#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020010202
Willy Tarreau5db847a2019-05-09 14:13:35 +020010203#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010204 CRYPTO_cleanup_all_ex_data();
10205#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020010206 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020010207}
10208
10209
Emeric Brun46591952012-05-18 15:47:34 +020010210/*
10211 * Local variables:
10212 * c-indent-level: 8
10213 * c-basic-offset: 8
10214 * End:
10215 */