blob: 98f677bea2b27d2fdba012a8287f758994049d19 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Christopher Fauletfc9cfe42019-07-16 14:54:53 +020080#include <proto/http_ana.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
220 int tmp_early_data; /* 1st byte of early data, if any */
221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
356
357
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100358/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100359struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100360 unsigned long long int xxh64;
361 unsigned char ciphersuite_len;
362 char ciphersuite[0];
363};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100364struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200366static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100367
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100368static int ssl_pkey_info_index = -1;
369
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200370#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
371struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
372#endif
373
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200374#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000375static unsigned int openssl_engines_initialized;
376struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
377struct ssl_engine_list {
378 struct list list;
379 ENGINE *e;
380};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000382
Remi Gacogne8de54152014-07-15 11:36:40 +0200383#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200384static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200385static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200386static DH *local_dh_1024 = NULL;
387static DH *local_dh_2048 = NULL;
388static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100389static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#endif /* OPENSSL_NO_DH */
391
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100392#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200393/* X509V3 Extensions that will be added on generated certificates */
394#define X509V3_EXT_SIZE 5
395static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
396 "basicConstraints",
397 "nsComment",
398 "subjectKeyIdentifier",
399 "authorityKeyIdentifier",
400 "keyUsage",
401};
402static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
403 "CA:FALSE",
404 "\"OpenSSL Generated Certificate\"",
405 "hash",
406 "keyid,issuer:always",
407 "nonRepudiation,digitalSignature,keyEncipherment"
408};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200409/* LRU cache to store generated certificate */
410static struct lru64_head *ssl_ctx_lru_tree = NULL;
411static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200412static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100413__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200414
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200415#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
416
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100417static struct ssl_bind_kw ssl_bind_kws[];
418
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200419#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500420/* The order here matters for picking a default context,
421 * keep the most common keytype at the bottom of the list
422 */
423const char *SSL_SOCK_KEYTYPE_NAMES[] = {
424 "dsa",
425 "ecdsa",
426 "rsa"
427};
428#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100429#else
430#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500431#endif
432
William Lallemandc3cd35f2017-11-28 11:04:43 +0100433static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100434static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
435
436#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
437
438#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
439 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
440
441#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
442 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200443
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100444/*
445 * This function gives the detail of the SSL error. It is used only
446 * if the debug mode and the verbose mode are activated. It dump all
447 * the SSL error until the stack was empty.
448 */
449static forceinline void ssl_sock_dump_errors(struct connection *conn)
450{
451 unsigned long ret;
452
453 if (unlikely(global.mode & MODE_DEBUG)) {
454 while(1) {
455 ret = ERR_get_error();
456 if (ret == 0)
457 return;
458 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200459 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100460 ERR_func_error_string(ret), ERR_reason_error_string(ret));
461 }
462 }
463}
464
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200465#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500466/*
467 * struct alignment works here such that the key.key is the same as key_data
468 * Do not change the placement of key_data
469 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200470struct certificate_ocsp {
471 struct ebmb_node key;
472 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
Willy Tarreau83061a82018-07-13 11:56:34 +0200473 struct buffer response;
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200474 long expire;
475};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200476
yanbzhube2774d2015-12-10 15:07:30 -0500477struct ocsp_cbk_arg {
478 int is_single;
479 int single_kt;
480 union {
481 struct certificate_ocsp *s_ocsp;
482 /*
483 * m_ocsp will have multiple entries dependent on key type
484 * Entry 0 - DSA
485 * Entry 1 - ECDSA
486 * Entry 2 - RSA
487 */
488 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
489 };
490};
491
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200492#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000493static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
494{
495 int err_code = ERR_ABORT;
496 ENGINE *engine;
497 struct ssl_engine_list *el;
498
499 /* grab the structural reference to the engine */
500 engine = ENGINE_by_id(engine_id);
501 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100502 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000503 goto fail_get;
504 }
505
506 if (!ENGINE_init(engine)) {
507 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100508 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000509 goto fail_init;
510 }
511
512 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100513 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000514 goto fail_set_method;
515 }
516
517 el = calloc(1, sizeof(*el));
518 el->e = engine;
519 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100520 nb_engines++;
521 if (global_ssl.async)
522 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000523 return 0;
524
525fail_set_method:
526 /* release the functional reference from ENGINE_init() */
527 ENGINE_finish(engine);
528
529fail_init:
530 /* release the structural reference from ENGINE_by_id() */
531 ENGINE_free(engine);
532
533fail_get:
534 return err_code;
535}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200536#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000537
Willy Tarreau5db847a2019-05-09 14:13:35 +0200538#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200539/*
540 * openssl async fd handler
541 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200542void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000543{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200544 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000545
Emeric Brun3854e012017-05-17 20:42:48 +0200546 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000547 * to poll this fd until it is requested
548 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000549 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000550 fd_cant_recv(fd);
551
552 /* crypto engine is available, let's notify the associated
553 * connection that it can pursue its processing.
554 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200555 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000556}
557
Emeric Brun3854e012017-05-17 20:42:48 +0200558/*
559 * openssl async delayed SSL_free handler
560 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200561void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000562{
563 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200564 OSSL_ASYNC_FD all_fd[32];
565 size_t num_all_fds = 0;
566 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000567
Emeric Brun3854e012017-05-17 20:42:48 +0200568 /* We suppose that the async job for a same SSL *
569 * are serialized. So if we are awake it is
570 * because the running job has just finished
571 * and we can remove all async fds safely
572 */
573 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
574 if (num_all_fds > 32) {
575 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
576 return;
577 }
578
579 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
580 for (i=0 ; i < num_all_fds ; i++)
581 fd_remove(all_fd[i]);
582
583 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000584 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100585 _HA_ATOMIC_SUB(&sslconns, 1);
586 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000588/*
Emeric Brun3854e012017-05-17 20:42:48 +0200589 * function used to manage a returned SSL_ERROR_WANT_ASYNC
590 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200592static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000593{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100594 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200595 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200596 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000597 size_t num_add_fds = 0;
598 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200599 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000600
601 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
602 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200603 if (num_add_fds > 32 || num_del_fds > 32) {
604 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000605 return;
606 }
607
Emeric Brun3854e012017-05-17 20:42:48 +0200608 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000609
Emeric Brun3854e012017-05-17 20:42:48 +0200610 /* We remove unused fds from the fdtab */
611 for (i=0 ; i < num_del_fds ; i++)
612 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613
Emeric Brun3854e012017-05-17 20:42:48 +0200614 /* We add new fds to the fdtab */
615 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200616 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000617 }
618
Emeric Brun3854e012017-05-17 20:42:48 +0200619 num_add_fds = 0;
620 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
621 if (num_add_fds > 32) {
622 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
623 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000624 }
Emeric Brun3854e012017-05-17 20:42:48 +0200625
626 /* We activate the polling for all known async fds */
627 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000628 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200629 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000630 /* To ensure that the fd cache won't be used
631 * We'll prefer to catch a real RD event
632 * because handling an EAGAIN on this fd will
633 * result in a context switch and also
634 * some engines uses a fd in blocking mode.
635 */
636 fd_cant_recv(add_fd[i]);
637 }
Emeric Brun3854e012017-05-17 20:42:48 +0200638
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000639}
640#endif
641
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200642/*
643 * This function returns the number of seconds elapsed
644 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
645 * date presented un ASN1_GENERALIZEDTIME.
646 *
647 * In parsing error case, it returns -1.
648 */
649static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
650{
651 long epoch;
652 char *p, *end;
653 const unsigned short month_offset[12] = {
654 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
655 };
656 int year, month;
657
658 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
659
660 p = (char *)d->data;
661 end = p + d->length;
662
663 if (end - p < 4) return -1;
664 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
665 p += 4;
666 if (end - p < 2) return -1;
667 month = 10 * (p[0] - '0') + p[1] - '0';
668 if (month < 1 || month > 12) return -1;
669 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
670 We consider leap years and the current month (<marsh or not) */
671 epoch = ( ((year - 1970) * 365)
672 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
673 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
674 + month_offset[month-1]
675 ) * 24 * 60 * 60;
676 p += 2;
677 if (end - p < 2) return -1;
678 /* Add the number of seconds of completed days of current month */
679 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
680 p += 2;
681 if (end - p < 2) return -1;
682 /* Add the completed hours of the current day */
683 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
684 p += 2;
685 if (end - p < 2) return -1;
686 /* Add the completed minutes of the current hour */
687 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
688 p += 2;
689 if (p == end) return -1;
690 /* Test if there is available seconds */
691 if (p[0] < '0' || p[0] > '9')
692 goto nosec;
693 if (end - p < 2) return -1;
694 /* Add the seconds of the current minute */
695 epoch += 10 * (p[0] - '0') + p[1] - '0';
696 p += 2;
697 if (p == end) return -1;
698 /* Ignore seconds float part if present */
699 if (p[0] == '.') {
700 do {
701 if (++p == end) return -1;
702 } while (p[0] >= '0' && p[0] <= '9');
703 }
704
705nosec:
706 if (p[0] == 'Z') {
707 if (end - p != 1) return -1;
708 return epoch;
709 }
710 else if (p[0] == '+') {
711 if (end - p != 5) return -1;
712 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700713 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200714 }
715 else if (p[0] == '-') {
716 if (end - p != 5) return -1;
717 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700718 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200719 }
720
721 return -1;
722}
723
Emeric Brun1d3865b2014-06-20 15:37:32 +0200724static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200725
726/* This function starts to check if the OCSP response (in DER format) contained
727 * in chunk 'ocsp_response' is valid (else exits on error).
728 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
729 * contained in the OCSP Response and exits on error if no match.
730 * If it's a valid OCSP Response:
731 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
732 * pointed by 'ocsp'.
733 * If 'ocsp' is NULL, the function looks up into the OCSP response's
734 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
735 * from the response) and exits on error if not found. Finally, If an OCSP response is
736 * already present in the container, it will be overwritten.
737 *
738 * Note: OCSP response containing more than one OCSP Single response is not
739 * considered valid.
740 *
741 * Returns 0 on success, 1 in error case.
742 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200743static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
744 struct certificate_ocsp *ocsp,
745 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200746{
747 OCSP_RESPONSE *resp;
748 OCSP_BASICRESP *bs = NULL;
749 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200750 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200751 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200752 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200753 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200754 int reason;
755 int ret = 1;
756
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200757 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
758 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200759 if (!resp) {
760 memprintf(err, "Unable to parse OCSP response");
761 goto out;
762 }
763
764 rc = OCSP_response_status(resp);
765 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
766 memprintf(err, "OCSP response status not successful");
767 goto out;
768 }
769
770 bs = OCSP_response_get1_basic(resp);
771 if (!bs) {
772 memprintf(err, "Failed to get basic response from OCSP Response");
773 goto out;
774 }
775
776 count_sr = OCSP_resp_count(bs);
777 if (count_sr > 1) {
778 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
779 goto out;
780 }
781
782 sr = OCSP_resp_get0(bs, 0);
783 if (!sr) {
784 memprintf(err, "Failed to get OCSP single response");
785 goto out;
786 }
787
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200788 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
789
Emeric Brun4147b2e2014-06-16 18:36:30 +0200790 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200791 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200792 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200793 goto out;
794 }
795
Emeric Brun13a6b482014-06-20 15:44:34 +0200796 if (!nextupd) {
797 memprintf(err, "OCSP single response: missing nextupdate");
798 goto out;
799 }
800
Emeric Brunc8b27b62014-06-19 14:16:17 +0200801 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200802 if (!rc) {
803 memprintf(err, "OCSP single response: no longer valid.");
804 goto out;
805 }
806
807 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200808 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200809 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
810 goto out;
811 }
812 }
813
814 if (!ocsp) {
815 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
816 unsigned char *p;
817
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200818 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200819 if (!rc) {
820 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
821 goto out;
822 }
823
824 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
825 memprintf(err, "OCSP single response: Certificate ID too long");
826 goto out;
827 }
828
829 p = key;
830 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200831 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200832 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
833 if (!ocsp) {
834 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
835 goto out;
836 }
837 }
838
839 /* According to comments on "chunk_dup", the
840 previous chunk buffer will be freed */
841 if (!chunk_dup(&ocsp->response, ocsp_response)) {
842 memprintf(err, "OCSP response: Memory allocation error");
843 goto out;
844 }
845
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200846 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
847
Emeric Brun4147b2e2014-06-16 18:36:30 +0200848 ret = 0;
849out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100850 ERR_clear_error();
851
Emeric Brun4147b2e2014-06-16 18:36:30 +0200852 if (bs)
853 OCSP_BASICRESP_free(bs);
854
855 if (resp)
856 OCSP_RESPONSE_free(resp);
857
858 return ret;
859}
860/*
861 * External function use to update the OCSP response in the OCSP response's
862 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
863 * to update in DER format.
864 *
865 * Returns 0 on success, 1 in error case.
866 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200867int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200868{
869 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
870}
871
872/*
873 * This function load the OCSP Resonse in DER format contained in file at
874 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
875 *
876 * Returns 0 on success, 1 in error case.
877 */
878static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
879{
880 int fd = -1;
881 int r = 0;
882 int ret = 1;
883
884 fd = open(ocsp_path, O_RDONLY);
885 if (fd == -1) {
886 memprintf(err, "Error opening OCSP response file");
887 goto end;
888 }
889
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200890 trash.data = 0;
891 while (trash.data < trash.size) {
892 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200893 if (r < 0) {
894 if (errno == EINTR)
895 continue;
896
897 memprintf(err, "Error reading OCSP response from file");
898 goto end;
899 }
900 else if (r == 0) {
901 break;
902 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200903 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200904 }
905
906 close(fd);
907 fd = -1;
908
909 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
910end:
911 if (fd != -1)
912 close(fd);
913
914 return ret;
915}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100916#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200917
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100918#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
919static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
920{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100921 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100922 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100923 struct connection *conn;
924 int head;
925 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100926 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100927
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200928 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200929 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100930 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
931
932 keys = ref->tlskeys;
933 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100934
935 if (enc) {
936 memcpy(key_name, keys[head].name, 16);
937
938 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100939 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100940
Emeric Brun9e754772019-01-10 17:51:55 +0100941 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100942
Emeric Brun9e754772019-01-10 17:51:55 +0100943 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
944 goto end;
945
Willy Tarreau9356dac2019-05-10 09:22:53 +0200946 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100947 ret = 1;
948 }
949 else if (ref->key_size_bits == 256 ) {
950
951 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
952 goto end;
953
Willy Tarreau9356dac2019-05-10 09:22:53 +0200954 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100955 ret = 1;
956 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100957 } else {
958 for (i = 0; i < TLS_TICKETS_NO; i++) {
959 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
960 goto found;
961 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100962 ret = 0;
963 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100964
Christopher Faulet16f45c82018-02-16 11:23:49 +0100965 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100966 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200967 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100968 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
969 goto end;
970 /* 2 for key renewal, 1 if current key is still valid */
971 ret = i ? 2 : 1;
972 }
973 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200974 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100975 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
976 goto end;
977 /* 2 for key renewal, 1 if current key is still valid */
978 ret = i ? 2 : 1;
979 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100980 }
Emeric Brun9e754772019-01-10 17:51:55 +0100981
Christopher Faulet16f45c82018-02-16 11:23:49 +0100982 end:
983 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
984 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200985}
986
987struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
988{
989 struct tls_keys_ref *ref;
990
991 list_for_each_entry(ref, &tlskeys_reference, list)
992 if (ref->filename && strcmp(filename, ref->filename) == 0)
993 return ref;
994 return NULL;
995}
996
997struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
998{
999 struct tls_keys_ref *ref;
1000
1001 list_for_each_entry(ref, &tlskeys_reference, list)
1002 if (ref->unique_id == unique_id)
1003 return ref;
1004 return NULL;
1005}
1006
Emeric Brun9e754772019-01-10 17:51:55 +01001007/* Update the key into ref: if keysize doesnt
1008 * match existing ones, this function returns -1
1009 * else it returns 0 on success.
1010 */
1011int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001012 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001013{
Emeric Brun9e754772019-01-10 17:51:55 +01001014 if (ref->key_size_bits == 128) {
1015 if (tlskey->data != sizeof(struct tls_sess_key_128))
1016 return -1;
1017 }
1018 else if (ref->key_size_bits == 256) {
1019 if (tlskey->data != sizeof(struct tls_sess_key_256))
1020 return -1;
1021 }
1022 else
1023 return -1;
1024
Christopher Faulet16f45c82018-02-16 11:23:49 +01001025 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001026 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1027 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001028 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1029 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001030
1031 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001032}
1033
Willy Tarreau83061a82018-07-13 11:56:34 +02001034int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001035{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001036 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1037
1038 if(!ref) {
1039 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1040 return 1;
1041 }
Emeric Brun9e754772019-01-10 17:51:55 +01001042 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1043 memprintf(err, "Invalid key size");
1044 return 1;
1045 }
1046
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001047 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001048}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001049
1050/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001051 * automatic ids. It's called just after the basic checks. It returns
1052 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001053 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001054static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001055{
1056 int i = 0;
1057 struct tls_keys_ref *ref, *ref2, *ref3;
1058 struct list tkr = LIST_HEAD_INIT(tkr);
1059
1060 list_for_each_entry(ref, &tlskeys_reference, list) {
1061 if (ref->unique_id == -1) {
1062 /* Look for the first free id. */
1063 while (1) {
1064 list_for_each_entry(ref2, &tlskeys_reference, list) {
1065 if (ref2->unique_id == i) {
1066 i++;
1067 break;
1068 }
1069 }
1070 if (&ref2->list == &tlskeys_reference)
1071 break;
1072 }
1073
1074 /* Uses the unique id and increment it for the next entry. */
1075 ref->unique_id = i;
1076 i++;
1077 }
1078 }
1079
1080 /* This sort the reference list by id. */
1081 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1082 LIST_DEL(&ref->list);
1083 list_for_each_entry(ref3, &tkr, list) {
1084 if (ref->unique_id < ref3->unique_id) {
1085 LIST_ADDQ(&ref3->list, &ref->list);
1086 break;
1087 }
1088 }
1089 if (&ref3->list == &tkr)
1090 LIST_ADDQ(&tkr, &ref->list);
1091 }
1092
1093 /* swap root */
1094 LIST_ADD(&tkr, &tlskeys_reference);
1095 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001096 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001097}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001098#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1099
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001100#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001101int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1102{
1103 switch (evp_keytype) {
1104 case EVP_PKEY_RSA:
1105 return 2;
1106 case EVP_PKEY_DSA:
1107 return 0;
1108 case EVP_PKEY_EC:
1109 return 1;
1110 }
1111
1112 return -1;
1113}
1114
Emeric Brun4147b2e2014-06-16 18:36:30 +02001115/*
1116 * Callback used to set OCSP status extension content in server hello.
1117 */
1118int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1119{
yanbzhube2774d2015-12-10 15:07:30 -05001120 struct certificate_ocsp *ocsp;
1121 struct ocsp_cbk_arg *ocsp_arg;
1122 char *ssl_buf;
1123 EVP_PKEY *ssl_pkey;
1124 int key_type;
1125 int index;
1126
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001127 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001128
1129 ssl_pkey = SSL_get_privatekey(ssl);
1130 if (!ssl_pkey)
1131 return SSL_TLSEXT_ERR_NOACK;
1132
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001133 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001134
1135 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1136 ocsp = ocsp_arg->s_ocsp;
1137 else {
1138 /* For multiple certs per context, we have to find the correct OCSP response based on
1139 * the certificate type
1140 */
1141 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1142
1143 if (index < 0)
1144 return SSL_TLSEXT_ERR_NOACK;
1145
1146 ocsp = ocsp_arg->m_ocsp[index];
1147
1148 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001149
1150 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001151 !ocsp->response.area ||
1152 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001153 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001154 return SSL_TLSEXT_ERR_NOACK;
1155
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001156 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001157 if (!ssl_buf)
1158 return SSL_TLSEXT_ERR_NOACK;
1159
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001160 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1161 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001162
1163 return SSL_TLSEXT_ERR_OK;
1164}
1165
1166/*
1167 * This function enables the handling of OCSP status extension on 'ctx' if a
1168 * file name 'cert_path' suffixed using ".ocsp" is present.
1169 * To enable OCSP status extension, the issuer's certificate is mandatory.
1170 * It should be present in the certificate's extra chain builded from file
1171 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1172 * named 'cert_path' suffixed using '.issuer'.
1173 *
1174 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1175 * response. If file is empty or content is not a valid OCSP response,
1176 * OCSP status extension is enabled but OCSP response is ignored (a warning
1177 * is displayed).
1178 *
1179 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001180 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001181 */
1182static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1183{
1184
1185 BIO *in = NULL;
1186 X509 *x, *xi = NULL, *issuer = NULL;
1187 STACK_OF(X509) *chain = NULL;
1188 OCSP_CERTID *cid = NULL;
1189 SSL *ssl;
1190 char ocsp_path[MAXPATHLEN+1];
1191 int i, ret = -1;
1192 struct stat st;
1193 struct certificate_ocsp *ocsp = NULL, *iocsp;
1194 char *warn = NULL;
1195 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001196 pem_password_cb *passwd_cb;
1197 void *passwd_cb_userdata;
1198 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001199
1200 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1201
1202 if (stat(ocsp_path, &st))
1203 return 1;
1204
1205 ssl = SSL_new(ctx);
1206 if (!ssl)
1207 goto out;
1208
1209 x = SSL_get_certificate(ssl);
1210 if (!x)
1211 goto out;
1212
1213 /* Try to lookup for issuer in certificate extra chain */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001214 SSL_CTX_get_extra_chain_certs(ctx, &chain);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001215 for (i = 0; i < sk_X509_num(chain); i++) {
1216 issuer = sk_X509_value(chain, i);
1217 if (X509_check_issued(issuer, x) == X509_V_OK)
1218 break;
1219 else
1220 issuer = NULL;
1221 }
1222
1223 /* If not found try to load issuer from a suffixed file */
1224 if (!issuer) {
1225 char issuer_path[MAXPATHLEN+1];
1226
1227 in = BIO_new(BIO_s_file());
1228 if (!in)
1229 goto out;
1230
1231 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1232 if (BIO_read_filename(in, issuer_path) <= 0)
1233 goto out;
1234
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001235 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1236 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1237
1238 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001239 if (!xi)
1240 goto out;
1241
1242 if (X509_check_issued(xi, x) != X509_V_OK)
1243 goto out;
1244
1245 issuer = xi;
1246 }
1247
1248 cid = OCSP_cert_to_id(0, x, issuer);
1249 if (!cid)
1250 goto out;
1251
1252 i = i2d_OCSP_CERTID(cid, NULL);
1253 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1254 goto out;
1255
Vincent Bernat02779b62016-04-03 13:48:43 +02001256 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001257 if (!ocsp)
1258 goto out;
1259
1260 p = ocsp->key_data;
1261 i2d_OCSP_CERTID(cid, &p);
1262
1263 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1264 if (iocsp == ocsp)
1265 ocsp = NULL;
1266
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001267#ifndef SSL_CTX_get_tlsext_status_cb
1268# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1269 *cb = (void (*) (void))ctx->tlsext_status_cb;
1270#endif
1271 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1272
1273 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001274 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001275 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001276
1277 cb_arg->is_single = 1;
1278 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001279
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001280 pkey = X509_get_pubkey(x);
1281 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1282 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001283
1284 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1285 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1286 } else {
1287 /*
1288 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1289 * Update that cb_arg with the new cert's staple
1290 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001291 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001292 struct certificate_ocsp *tmp_ocsp;
1293 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001294 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001295 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001296
1297#ifdef SSL_CTX_get_tlsext_status_arg
1298 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1299#else
1300 cb_arg = ctx->tlsext_status_arg;
1301#endif
yanbzhube2774d2015-12-10 15:07:30 -05001302
1303 /*
1304 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1305 * the order of operations below matter, take care when changing it
1306 */
1307 tmp_ocsp = cb_arg->s_ocsp;
1308 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1309 cb_arg->s_ocsp = NULL;
1310 cb_arg->m_ocsp[index] = tmp_ocsp;
1311 cb_arg->is_single = 0;
1312 cb_arg->single_kt = 0;
1313
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001314 pkey = X509_get_pubkey(x);
1315 key_type = EVP_PKEY_base_id(pkey);
1316 EVP_PKEY_free(pkey);
1317
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001318 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001319 if (index >= 0 && !cb_arg->m_ocsp[index])
1320 cb_arg->m_ocsp[index] = iocsp;
1321
1322 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001323
1324 ret = 0;
1325
1326 warn = NULL;
1327 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1328 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001329 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001330 }
1331
1332out:
1333 if (ssl)
1334 SSL_free(ssl);
1335
1336 if (in)
1337 BIO_free(in);
1338
1339 if (xi)
1340 X509_free(xi);
1341
1342 if (cid)
1343 OCSP_CERTID_free(cid);
1344
1345 if (ocsp)
1346 free(ocsp);
1347
1348 if (warn)
1349 free(warn);
1350
1351
1352 return ret;
1353}
1354
1355#endif
1356
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001357#ifdef OPENSSL_IS_BORINGSSL
1358static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1359{
1360 char ocsp_path[MAXPATHLEN+1];
1361 struct stat st;
1362 int fd = -1, r = 0;
1363
1364 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1365 if (stat(ocsp_path, &st))
1366 return 0;
1367
1368 fd = open(ocsp_path, O_RDONLY);
1369 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001370 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001371 return -1;
1372 }
1373
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001374 trash.data = 0;
1375 while (trash.data < trash.size) {
1376 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001377 if (r < 0) {
1378 if (errno == EINTR)
1379 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001380 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001381 close(fd);
1382 return -1;
1383 }
1384 else if (r == 0) {
1385 break;
1386 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001387 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001388 }
1389 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001390 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1391 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001392}
1393#endif
1394
Willy Tarreau5db847a2019-05-09 14:13:35 +02001395#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001396
1397#define CT_EXTENSION_TYPE 18
1398
1399static int sctl_ex_index = -1;
1400
1401/*
1402 * Try to parse Signed Certificate Timestamp List structure. This function
1403 * makes only basic test if the data seems like SCTL. No signature validation
1404 * is performed.
1405 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001406static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001407{
1408 int ret = 1;
1409 int len, pos, sct_len;
1410 unsigned char *data;
1411
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001412 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001413 goto out;
1414
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001415 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001416 len = (data[0] << 8) | data[1];
1417
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001418 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001419 goto out;
1420
1421 data = data + 2;
1422 pos = 0;
1423 while (pos < len) {
1424 if (len - pos < 2)
1425 goto out;
1426
1427 sct_len = (data[pos] << 8) | data[pos + 1];
1428 if (pos + sct_len + 2 > len)
1429 goto out;
1430
1431 pos += sct_len + 2;
1432 }
1433
1434 ret = 0;
1435
1436out:
1437 return ret;
1438}
1439
Willy Tarreau83061a82018-07-13 11:56:34 +02001440static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1441 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001442{
1443 int fd = -1;
1444 int r = 0;
1445 int ret = 1;
1446
1447 *sctl = NULL;
1448
1449 fd = open(sctl_path, O_RDONLY);
1450 if (fd == -1)
1451 goto end;
1452
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001453 trash.data = 0;
1454 while (trash.data < trash.size) {
1455 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001456 if (r < 0) {
1457 if (errno == EINTR)
1458 continue;
1459
1460 goto end;
1461 }
1462 else if (r == 0) {
1463 break;
1464 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001465 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001466 }
1467
1468 ret = ssl_sock_parse_sctl(&trash);
1469 if (ret)
1470 goto end;
1471
Vincent Bernat02779b62016-04-03 13:48:43 +02001472 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001473 if (!chunk_dup(*sctl, &trash)) {
1474 free(*sctl);
1475 *sctl = NULL;
1476 goto end;
1477 }
1478
1479end:
1480 if (fd != -1)
1481 close(fd);
1482
1483 return ret;
1484}
1485
1486int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1487{
Willy Tarreau83061a82018-07-13 11:56:34 +02001488 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001489
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001490 *out = (unsigned char *) sctl->area;
1491 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001492
1493 return 1;
1494}
1495
1496int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1497{
1498 return 1;
1499}
1500
1501static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1502{
1503 char sctl_path[MAXPATHLEN+1];
1504 int ret = -1;
1505 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001506 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001507
1508 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1509
1510 if (stat(sctl_path, &st))
1511 return 1;
1512
1513 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1514 goto out;
1515
1516 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1517 free(sctl);
1518 goto out;
1519 }
1520
1521 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1522
1523 ret = 0;
1524
1525out:
1526 return ret;
1527}
1528
1529#endif
1530
Emeric Brune1f38db2012-09-03 20:36:47 +02001531void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1532{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001533 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001534 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001535 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001536 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001537
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001538#ifndef SSL_OP_NO_RENEGOTIATION
1539 /* Please note that BoringSSL defines this macro to zero so don't
1540 * change this to #if and do not assign a default value to this macro!
1541 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001542 if (where & SSL_CB_HANDSHAKE_START) {
1543 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001544 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001545 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001546 conn->err_code = CO_ER_SSL_RENEG;
1547 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001548 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001549#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001550
1551 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001552 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001553 /* Long certificate chains optimz
1554 If write and read bios are differents, we
1555 consider that the buffering was activated,
1556 so we rise the output buffer size from 4k
1557 to 16k */
1558 write_bio = SSL_get_wbio(ssl);
1559 if (write_bio != SSL_get_rbio(ssl)) {
1560 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001561 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001562 }
1563 }
1564 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001565}
1566
Emeric Brune64aef12012-09-21 13:15:06 +02001567/* Callback is called for each certificate of the chain during a verify
1568 ok is set to 1 if preverify detect no error on current certificate.
1569 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001570int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001571{
1572 SSL *ssl;
1573 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001574 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001575 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001576
1577 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001578 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001579
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001580 ctx = conn->xprt_ctx;
1581
1582 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001583
Emeric Brun81c00f02012-09-21 14:31:21 +02001584 if (ok) /* no errors */
1585 return ok;
1586
1587 depth = X509_STORE_CTX_get_error_depth(x_store);
1588 err = X509_STORE_CTX_get_error(x_store);
1589
1590 /* check if CA error needs to be ignored */
1591 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001592 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1593 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1594 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001595 }
1596
Willy Tarreau07d94e42018-09-20 10:57:52 +02001597 if (__objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001598 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001599 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001600 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001601 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001602
Willy Tarreau20879a02012-12-03 16:32:10 +01001603 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001604 return 0;
1605 }
1606
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001607 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1608 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001609
Emeric Brun81c00f02012-09-21 14:31:21 +02001610 /* check if certificate error needs to be ignored */
Willy Tarreau07d94e42018-09-20 10:57:52 +02001611 if (__objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001612 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001613 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001614 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001615 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001616
Willy Tarreau20879a02012-12-03 16:32:10 +01001617 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001618 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001619}
1620
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001621static inline
1622void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001623 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001624{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001625 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001626 unsigned char *msg;
1627 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001628 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001629
1630 /* This function is called for "from client" and "to server"
1631 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001632 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001633 */
1634
1635 /* "write_p" is set to 0 is the bytes are received messages,
1636 * otherwise it is set to 1.
1637 */
1638 if (write_p != 0)
1639 return;
1640
1641 /* content_type contains the type of message received or sent
1642 * according with the SSL/TLS protocol spec. This message is
1643 * encoded with one byte. The value 256 (two bytes) is used
1644 * for designing the SSL/TLS record layer. According with the
1645 * rfc6101, the expected message (other than 256) are:
1646 * - change_cipher_spec(20)
1647 * - alert(21)
1648 * - handshake(22)
1649 * - application_data(23)
1650 * - (255)
1651 * We are interessed by the handshake and specially the client
1652 * hello.
1653 */
1654 if (content_type != 22)
1655 return;
1656
1657 /* The message length is at least 4 bytes, containing the
1658 * message type and the message length.
1659 */
1660 if (len < 4)
1661 return;
1662
1663 /* First byte of the handshake message id the type of
1664 * message. The konwn types are:
1665 * - hello_request(0)
1666 * - client_hello(1)
1667 * - server_hello(2)
1668 * - certificate(11)
1669 * - server_key_exchange (12)
1670 * - certificate_request(13)
1671 * - server_hello_done(14)
1672 * We are interested by the client hello.
1673 */
1674 msg = (unsigned char *)buf;
1675 if (msg[0] != 1)
1676 return;
1677
1678 /* Next three bytes are the length of the message. The total length
1679 * must be this decoded length + 4. If the length given as argument
1680 * is not the same, we abort the protocol dissector.
1681 */
1682 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1683 if (len < rec_len + 4)
1684 return;
1685 msg += 4;
1686 end = msg + rec_len;
1687 if (end < msg)
1688 return;
1689
1690 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1691 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001692 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1693 */
1694 msg += 1 + 1 + 4 + 28;
1695 if (msg > end)
1696 return;
1697
1698 /* Next, is session id:
1699 * if present, we have to jump by length + 1 for the size information
1700 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001701 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001702 if (msg[0] > 0)
1703 msg += msg[0];
1704 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001705 if (msg > end)
1706 return;
1707
1708 /* Next two bytes are the ciphersuite length. */
1709 if (msg + 2 > end)
1710 return;
1711 rec_len = (msg[0] << 8) + msg[1];
1712 msg += 2;
1713 if (msg + rec_len > end || msg + rec_len < msg)
1714 return;
1715
Willy Tarreaubafbe012017-11-24 17:34:44 +01001716 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001717 if (!capture)
1718 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001719 /* Compute the xxh64 of the ciphersuite. */
1720 capture->xxh64 = XXH64(msg, rec_len, 0);
1721
1722 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001723 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1724 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001725 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001726
1727 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001728}
1729
Emeric Brun29f037d2014-04-25 19:05:36 +02001730/* Callback is called for ssl protocol analyse */
1731void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1732{
Emeric Brun29f037d2014-04-25 19:05:36 +02001733#ifdef TLS1_RT_HEARTBEAT
1734 /* test heartbeat received (write_p is set to 0
1735 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001736 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001737 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001738 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001739 const unsigned char *p = buf;
1740 unsigned int payload;
1741
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001742 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001743
1744 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1745 if (*p != TLS1_HB_REQUEST)
1746 return;
1747
Willy Tarreauaeed6722014-04-25 23:59:58 +02001748 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001749 goto kill_it;
1750
1751 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001752 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001753 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001754 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001755 /* We have a clear heartbleed attack (CVE-2014-0160), the
1756 * advertised payload is larger than the advertised packet
1757 * length, so we have garbage in the buffer between the
1758 * payload and the end of the buffer (p+len). We can't know
1759 * if the SSL stack is patched, and we don't know if we can
1760 * safely wipe out the area between p+3+len and payload.
1761 * So instead, we prevent the response from being sent by
1762 * setting the max_send_fragment to 0 and we report an SSL
1763 * error, which will kill this connection. It will be reported
1764 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001765 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1766 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001767 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001768 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1769 return;
1770 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001771#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001772 if (global_ssl.capture_cipherlist > 0)
1773 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001774}
1775
Bernard Spil13c53f82018-02-15 13:34:58 +01001776#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001777static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1778 const unsigned char *in, unsigned int inlen,
1779 void *arg)
1780{
1781 struct server *srv = arg;
1782
1783 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1784 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1785 return SSL_TLSEXT_ERR_OK;
1786 return SSL_TLSEXT_ERR_NOACK;
1787}
1788#endif
1789
1790#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001791/* This callback is used so that the server advertises the list of
1792 * negociable protocols for NPN.
1793 */
1794static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1795 unsigned int *len, void *arg)
1796{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001797 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001798
1799 *data = (const unsigned char *)conf->npn_str;
1800 *len = conf->npn_len;
1801 return SSL_TLSEXT_ERR_OK;
1802}
1803#endif
1804
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001805#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001806/* This callback is used so that the server advertises the list of
1807 * negociable protocols for ALPN.
1808 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001809static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1810 unsigned char *outlen,
1811 const unsigned char *server,
1812 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001813{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001814 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001815
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001816 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1817 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1818 return SSL_TLSEXT_ERR_NOACK;
1819 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001820 return SSL_TLSEXT_ERR_OK;
1821}
1822#endif
1823
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001824#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001825#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001826
Christopher Faulet30548802015-06-11 13:39:32 +02001827/* Create a X509 certificate with the specified servername and serial. This
1828 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001829static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001830ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001831{
Christopher Faulet7969a332015-10-09 11:15:03 +02001832 X509 *cacert = bind_conf->ca_sign_cert;
1833 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001834 SSL_CTX *ssl_ctx = NULL;
1835 X509 *newcrt = NULL;
1836 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001837 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001838 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001839 X509_NAME *name;
1840 const EVP_MD *digest;
1841 X509V3_CTX ctx;
1842 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001843 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001844
Christopher Faulet48a83322017-07-28 16:56:09 +02001845 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001846#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001847 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1848#else
1849 tmp_ssl = SSL_new(bind_conf->default_ctx);
1850 if (tmp_ssl)
1851 pkey = SSL_get_privatekey(tmp_ssl);
1852#endif
1853 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001854 goto mkcert_error;
1855
1856 /* Create the certificate */
1857 if (!(newcrt = X509_new()))
1858 goto mkcert_error;
1859
1860 /* Set version number for the certificate (X509v3) and the serial
1861 * number */
1862 if (X509_set_version(newcrt, 2L) != 1)
1863 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001864 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001865
1866 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001867 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1868 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001869 goto mkcert_error;
1870
1871 /* set public key in the certificate */
1872 if (X509_set_pubkey(newcrt, pkey) != 1)
1873 goto mkcert_error;
1874
1875 /* Set issuer name from the CA */
1876 if (!(name = X509_get_subject_name(cacert)))
1877 goto mkcert_error;
1878 if (X509_set_issuer_name(newcrt, name) != 1)
1879 goto mkcert_error;
1880
1881 /* Set the subject name using the same, but the CN */
1882 name = X509_NAME_dup(name);
1883 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1884 (const unsigned char *)servername,
1885 -1, -1, 0) != 1) {
1886 X509_NAME_free(name);
1887 goto mkcert_error;
1888 }
1889 if (X509_set_subject_name(newcrt, name) != 1) {
1890 X509_NAME_free(name);
1891 goto mkcert_error;
1892 }
1893 X509_NAME_free(name);
1894
1895 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001896 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001897 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1898 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1899 X509_EXTENSION *ext;
1900
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001901 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001902 goto mkcert_error;
1903 if (!X509_add_ext(newcrt, ext, -1)) {
1904 X509_EXTENSION_free(ext);
1905 goto mkcert_error;
1906 }
1907 X509_EXTENSION_free(ext);
1908 }
1909
1910 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001911
1912 key_type = EVP_PKEY_base_id(capkey);
1913
1914 if (key_type == EVP_PKEY_DSA)
1915 digest = EVP_sha1();
1916 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001917 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001918 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001919 digest = EVP_sha256();
1920 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001921#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001922 int nid;
1923
1924 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1925 goto mkcert_error;
1926 if (!(digest = EVP_get_digestbynid(nid)))
1927 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001928#else
1929 goto mkcert_error;
1930#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001931 }
1932
Christopher Faulet31af49d2015-06-09 17:29:50 +02001933 if (!(X509_sign(newcrt, capkey, digest)))
1934 goto mkcert_error;
1935
1936 /* Create and set the new SSL_CTX */
1937 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1938 goto mkcert_error;
1939 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1940 goto mkcert_error;
1941 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1942 goto mkcert_error;
1943 if (!SSL_CTX_check_private_key(ssl_ctx))
1944 goto mkcert_error;
1945
1946 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001947
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001948#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001949 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001950#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001951#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1952 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001953 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001954 EC_KEY *ecc;
1955 int nid;
1956
1957 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1958 goto end;
1959 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1960 goto end;
1961 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1962 EC_KEY_free(ecc);
1963 }
1964#endif
1965 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001966 return ssl_ctx;
1967
1968 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001969 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001970 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001971 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1972 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001973 return NULL;
1974}
1975
Christopher Faulet7969a332015-10-09 11:15:03 +02001976SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001977ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001978{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001979 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001980 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001981
Olivier Houchard66ab4982019-02-26 18:37:15 +01001982 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001983}
1984
Christopher Faulet30548802015-06-11 13:39:32 +02001985/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001986 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001987SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001988ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001989{
1990 struct lru64 *lru = NULL;
1991
1992 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001993 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001994 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001995 if (lru && lru->domain) {
1996 if (ssl)
1997 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001998 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001999 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002000 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002001 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002002 }
2003 return NULL;
2004}
2005
Emeric Brun821bb9b2017-06-15 16:37:39 +02002006/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2007 * function is not thread-safe, it should only be used to check if a certificate
2008 * exists in the lru cache (with no warranty it will not be removed by another
2009 * thread). It is kept for backward compatibility. */
2010SSL_CTX *
2011ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2012{
2013 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2014}
2015
Christopher Fauletd2cab922015-07-28 16:03:47 +02002016/* Set a certificate int the LRU cache used to store generated
2017 * certificate. Return 0 on success, otherwise -1 */
2018int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002019ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002020{
2021 struct lru64 *lru = NULL;
2022
2023 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002024 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002025 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002026 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002027 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002028 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002029 }
Christopher Faulet30548802015-06-11 13:39:32 +02002030 if (lru->domain && lru->data)
2031 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002032 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002033 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002034 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002035 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002036 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002037}
2038
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002039/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002040unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002041ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002042{
2043 return XXH32(data, len, ssl_ctx_lru_seed);
2044}
2045
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002046/* Generate a cert and immediately assign it to the SSL session so that the cert's
2047 * refcount is maintained regardless of the cert's presence in the LRU cache.
2048 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002049static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002050ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002051{
2052 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002053 SSL_CTX *ssl_ctx = NULL;
2054 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002055 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002056
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002057 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002058 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002059 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002060 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002061 if (lru && lru->domain)
2062 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002063 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002064 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002065 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002066 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002067 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002068 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002069 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002070 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002071 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002072 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002073 SSL_set_SSL_CTX(ssl, ssl_ctx);
2074 /* No LRU cache, this CTX will be released as soon as the session dies */
2075 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002076 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002077 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002078 return 0;
2079}
2080static int
2081ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2082{
2083 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002084 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002085
Willy Tarreauf5bdb642019-07-17 11:29:32 +02002086 if (conn_get_dst(conn)) {
Willy Tarreau085a1512019-07-17 14:47:35 +02002087 key = ssl_sock_generated_cert_key(conn->dst, get_addr_len(conn->dst));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002088 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002089 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002090 }
2091 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002092}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002093#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002094
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002095#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002096typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2097
2098static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002099{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002100#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002101 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002102 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2103#endif
2104}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002105static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2106 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002107 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2108}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002109static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002110#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002111 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002112 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2113#endif
2114}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002115static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002116#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002117 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002118 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2119#endif
2120}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002121/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002122static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2123/* Unusable in this context. */
2124static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2125static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2126static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2127static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2128static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002129#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002130typedef enum { SET_MIN, SET_MAX } set_context_func;
2131
2132static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2133 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002134 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2135}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002136static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2137 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2138 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2139}
2140static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2141 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002142 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2143}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002144static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2145 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2146 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2147}
2148static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2149 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002150 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2151}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002152static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2153 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2154 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2155}
2156static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2157 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002158 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2159}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002160static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2161 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2162 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2163}
2164static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002165#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002166 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002167 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2168#endif
2169}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002170static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2171#if SSL_OP_NO_TLSv1_3
2172 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2173 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002174#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002175}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002176#endif
2177static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2178static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002179
2180static struct {
2181 int option;
2182 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002183 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2184 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002185 const char *name;
2186} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002187 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2188 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2189 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2190 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2191 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2192 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002193};
2194
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002195static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2196{
2197 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2198 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2199 SSL_set_SSL_CTX(ssl, ctx);
2200}
2201
Willy Tarreau5db847a2019-05-09 14:13:35 +02002202#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002203
2204static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2205{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002206 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002207 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002208
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002209 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2210 return SSL_TLSEXT_ERR_OK;
2211 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002212}
2213
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002214#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002215static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2216{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002217 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002218#else
2219static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2220{
2221#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002222 struct connection *conn;
2223 struct bind_conf *s;
2224 const uint8_t *extension_data;
2225 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002226 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002227
2228 char *wildp = NULL;
2229 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002230 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002231 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002232 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002233 int i;
2234
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002235 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002236 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002237
Olivier Houchard9679ac92017-10-27 14:58:08 +02002238 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002239 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002240#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002241 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2242 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002243#else
2244 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2245#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002246 /*
2247 * The server_name extension was given too much extensibility when it
2248 * was written, so parsing the normal case is a bit complex.
2249 */
2250 size_t len;
2251 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002252 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002253 /* Extract the length of the supplied list of names. */
2254 len = (*extension_data++) << 8;
2255 len |= *extension_data++;
2256 if (len + 2 != extension_len)
2257 goto abort;
2258 /*
2259 * The list in practice only has a single element, so we only consider
2260 * the first one.
2261 */
2262 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2263 goto abort;
2264 extension_len = len - 1;
2265 /* Now we can finally pull out the byte array with the actual hostname. */
2266 if (extension_len <= 2)
2267 goto abort;
2268 len = (*extension_data++) << 8;
2269 len |= *extension_data++;
2270 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2271 || memchr(extension_data, 0, len) != NULL)
2272 goto abort;
2273 servername = extension_data;
2274 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002275 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002276#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2277 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002278 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002279 }
2280#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002281 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002282 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002283 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002284 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002285 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002286 goto abort;
2287 }
2288
2289 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002290#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002291 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002292#else
2293 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2294#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002295 uint8_t sign;
2296 size_t len;
2297 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002298 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002299 len = (*extension_data++) << 8;
2300 len |= *extension_data++;
2301 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002302 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002303 if (len % 2 != 0)
2304 goto abort;
2305 for (; len > 0; len -= 2) {
2306 extension_data++; /* hash */
2307 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002308 switch (sign) {
2309 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002310 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002311 break;
2312 case TLSEXT_signature_ecdsa:
2313 has_ecdsa_sig = 1;
2314 break;
2315 default:
2316 continue;
2317 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002318 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002319 break;
2320 }
2321 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002322 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002323 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002324 }
2325 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002326 const SSL_CIPHER *cipher;
2327 size_t len;
2328 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002329 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002330#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002331 len = ctx->cipher_suites_len;
2332 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002333#else
2334 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2335#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002336 if (len % 2 != 0)
2337 goto abort;
2338 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002339#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002340 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002341 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002342#else
2343 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2344#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002345 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002346 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002347 break;
2348 }
2349 }
2350 }
2351
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002352 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002353 trash.area[i] = tolower(servername[i]);
2354 if (!wildp && (trash.area[i] == '.'))
2355 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002356 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002357 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002358
2359 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002360 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002361
2362 /* lookup a not neg filter */
2363 for (n = node; n; n = ebmb_next_dup(n)) {
2364 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002365 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002366 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002367 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002368 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002369 break;
2370 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002371 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002372 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002373 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002374 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002375 if (!node_anonymous)
2376 node_anonymous = n;
2377 break;
2378 }
2379 }
2380 }
2381 if (wildp) {
2382 /* lookup in wildcards names */
2383 node = ebst_lookup(&s->sni_w_ctx, wildp);
2384 for (n = node; n; n = ebmb_next_dup(n)) {
2385 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002386 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002387 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002388 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002389 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002390 break;
2391 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002392 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002393 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002394 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002395 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002396 if (!node_anonymous)
2397 node_anonymous = n;
2398 break;
2399 }
2400 }
2401 }
2402 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002403 /* select by key_signature priority order */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002404 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2405 : ((has_rsa_sig && node_rsa) ? node_rsa
2406 : (node_anonymous ? node_anonymous
2407 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2408 : node_rsa /* no rsa signature case (far far away) */
2409 )));
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002410 if (node) {
2411 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002412 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002413 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002414 if (conf) {
2415 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2416 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2417 if (conf->early_data)
2418 allow_early = 1;
2419 }
2420 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002421 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002422#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002423 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002424 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002425 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002426 }
2427#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002428 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002429 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002430 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002431 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002432allow_early:
2433#ifdef OPENSSL_IS_BORINGSSL
2434 if (allow_early)
2435 SSL_set_early_data_enabled(ssl, 1);
2436#else
2437 if (!allow_early)
2438 SSL_set_max_early_data(ssl, 0);
2439#endif
2440 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002441 abort:
2442 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2443 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002444#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002445 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002446#else
2447 *al = SSL_AD_UNRECOGNIZED_NAME;
2448 return 0;
2449#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002450}
2451
2452#else /* OPENSSL_IS_BORINGSSL */
2453
Emeric Brunfc0421f2012-09-07 17:30:07 +02002454/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2455 * warning when no match is found, which implies the default (first) cert
2456 * will keep being used.
2457 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002458static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002459{
2460 const char *servername;
2461 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002462 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002463 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002464 int i;
2465 (void)al; /* shut gcc stupid warning */
2466
2467 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002468 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002469#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002470 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2471 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002472#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002473 if (s->strict_sni)
2474 return SSL_TLSEXT_ERR_ALERT_FATAL;
2475 ssl_sock_switchctx_set(ssl, s->default_ctx);
2476 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002477 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002478
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002479 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002480 if (!servername[i])
2481 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002482 trash.area[i] = tolower(servername[i]);
2483 if (!wildp && (trash.area[i] == '.'))
2484 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002485 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002486 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002487
2488 /* lookup in full qualified names */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002489 node = ebst_lookup(&s->sni_ctx, trash.area);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002490
2491 /* lookup a not neg filter */
2492 for (n = node; n; n = ebmb_next_dup(n)) {
2493 if (!container_of(n, struct sni_ctx, name)->neg) {
2494 node = n;
2495 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002496 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002497 }
2498 if (!node && wildp) {
2499 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002500 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002501 }
2502 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002503#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002504 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2505 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002506 return SSL_TLSEXT_ERR_OK;
2507 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002508#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002509 if (s->strict_sni)
2510 return SSL_TLSEXT_ERR_ALERT_FATAL;
2511 ssl_sock_switchctx_set(ssl, s->default_ctx);
2512 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002513 }
2514
2515 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002516 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002517 return SSL_TLSEXT_ERR_OK;
2518}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002519#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002520#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2521
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002522#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002523
2524static DH * ssl_get_dh_1024(void)
2525{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002526 static unsigned char dh1024_p[]={
2527 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2528 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2529 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2530 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2531 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2532 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2533 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2534 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2535 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2536 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2537 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2538 };
2539 static unsigned char dh1024_g[]={
2540 0x02,
2541 };
2542
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002543 BIGNUM *p;
2544 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002545 DH *dh = DH_new();
2546 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002547 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2548 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002549
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002550 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002551 DH_free(dh);
2552 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002553 } else {
2554 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002555 }
2556 }
2557 return dh;
2558}
2559
2560static DH *ssl_get_dh_2048(void)
2561{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002562 static unsigned char dh2048_p[]={
2563 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2564 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2565 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2566 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2567 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2568 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2569 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2570 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2571 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2572 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2573 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2574 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2575 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2576 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2577 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2578 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2579 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2580 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2581 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2582 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2583 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2584 0xB7,0x1F,0x77,0xF3,
2585 };
2586 static unsigned char dh2048_g[]={
2587 0x02,
2588 };
2589
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002590 BIGNUM *p;
2591 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002592 DH *dh = DH_new();
2593 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002594 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2595 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002596
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002597 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002598 DH_free(dh);
2599 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002600 } else {
2601 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002602 }
2603 }
2604 return dh;
2605}
2606
2607static DH *ssl_get_dh_4096(void)
2608{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002609 static unsigned char dh4096_p[]={
2610 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2611 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2612 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2613 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2614 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2615 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2616 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2617 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2618 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2619 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2620 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2621 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2622 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2623 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2624 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2625 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2626 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2627 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2628 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2629 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2630 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2631 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2632 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2633 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2634 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2635 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2636 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2637 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2638 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2639 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2640 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2641 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2642 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2643 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2644 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2645 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2646 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2647 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2648 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2649 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2650 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2651 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2652 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002653 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002654 static unsigned char dh4096_g[]={
2655 0x02,
2656 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002657
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002658 BIGNUM *p;
2659 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002660 DH *dh = DH_new();
2661 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002662 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2663 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002664
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002665 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002666 DH_free(dh);
2667 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002668 } else {
2669 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002670 }
2671 }
2672 return dh;
2673}
2674
2675/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002676 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002677static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2678{
2679 DH *dh = NULL;
2680 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002681 int type;
2682
2683 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002684
2685 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2686 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2687 */
2688 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2689 keylen = EVP_PKEY_bits(pkey);
2690 }
2691
Willy Tarreauef934602016-12-22 23:12:01 +01002692 if (keylen > global_ssl.default_dh_param) {
2693 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002694 }
2695
Remi Gacogned3a341a2015-05-29 16:26:17 +02002696 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002697 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002698 }
2699 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002700 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002701 }
2702 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002703 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002704 }
2705
2706 return dh;
2707}
2708
Remi Gacogne47783ef2015-05-29 15:53:22 +02002709static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002710{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002711 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002712 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002713
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002714 if (in == NULL)
2715 goto end;
2716
Remi Gacogne47783ef2015-05-29 15:53:22 +02002717 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002718 goto end;
2719
Remi Gacogne47783ef2015-05-29 15:53:22 +02002720 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2721
2722end:
2723 if (in)
2724 BIO_free(in);
2725
Emeric Brune1b4ed42018-08-16 15:14:12 +02002726 ERR_clear_error();
2727
Remi Gacogne47783ef2015-05-29 15:53:22 +02002728 return dh;
2729}
2730
2731int ssl_sock_load_global_dh_param_from_file(const char *filename)
2732{
2733 global_dh = ssl_sock_get_dh_from_file(filename);
2734
2735 if (global_dh) {
2736 return 0;
2737 }
2738
2739 return -1;
2740}
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002741#endif
2742
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002743static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002744 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002745{
2746 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002747 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002748 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002749
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002750 if (*name == '!') {
2751 neg = 1;
2752 name++;
2753 }
2754 if (*name == '*') {
2755 wild = 1;
2756 name++;
2757 }
2758 /* !* filter is a nop */
2759 if (neg && wild)
2760 return order;
2761 if (*name) {
2762 int j, len;
2763 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002764 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002765 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002766 if (j >= trash.size)
2767 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002768 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002769
2770 /* Check for duplicates. */
2771 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002772 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002773 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002774 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002775 for (; node; node = ebmb_next_dup(node)) {
2776 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002777 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002778 return order;
2779 }
2780
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002781 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002782 if (!sc)
2783 return order;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002784 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002785 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002786 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002787 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002788 sc->order = order++;
2789 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002790 if (kinfo.sig != TLSEXT_signature_anonymous)
2791 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002792 if (wild)
2793 ebst_insert(&s->sni_w_ctx, &sc->name);
2794 else
2795 ebst_insert(&s->sni_ctx, &sc->name);
2796 }
2797 return order;
2798}
2799
yanbzhu488a4d22015-12-01 15:16:07 -05002800
2801/* The following code is used for loading multiple crt files into
2802 * SSL_CTX's based on CN/SAN
2803 */
yanbzhu488a4d22015-12-01 15:16:07 -05002804/* This is used to preload the certifcate, private key
2805 * and Cert Chain of a file passed in via the crt
2806 * argument
2807 *
2808 * This way, we do not have to read the file multiple times
2809 */
2810struct cert_key_and_chain {
2811 X509 *cert;
2812 EVP_PKEY *key;
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002813 STACK_OF(X509) *chain;
William Lallemandfa892222019-07-23 16:06:08 +02002814 DH *dh;
yanbzhu488a4d22015-12-01 15:16:07 -05002815};
2816
William Lallemand36b84632019-07-18 19:28:17 +02002817/*
2818 * this is used to store 1 to SSL_SOCK_NUM_KEYTYPES cert_key_and_chain and
2819 * metadata.
2820 */
2821struct ckch_node {
2822 struct cert_key_and_chain *ckch;
2823 int multi; /* is it a multi-cert bundle ? */
William Lallemand6af03992019-07-23 15:00:54 +02002824 struct ebmb_node node;
2825 char path[0];
William Lallemand36b84632019-07-18 19:28:17 +02002826};
2827
William Lallemand6af03992019-07-23 15:00:54 +02002828/*
2829 * tree used to store the ckchn ordered by filename/bundle name
2830 */
2831struct eb_root ckchn_tree = EB_ROOT_UNIQUE;
2832
William Lallemandc4ecddf2019-07-31 16:50:08 +02002833#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
2834
yanbzhu08ce6ab2015-12-02 13:01:29 -05002835#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2836
2837struct key_combo_ctx {
2838 SSL_CTX *ctx;
2839 int order;
2840};
2841
2842/* Map used for processing multiple keypairs for a single purpose
2843 *
2844 * This maps CN/SNI name to certificate type
2845 */
2846struct sni_keytype {
2847 int keytypes; /* BITMASK for keytypes */
2848 struct ebmb_node name; /* node holding the servername value */
2849};
2850
William Lallemandc4ecddf2019-07-31 16:50:08 +02002851#endif
William Lallemandfa892222019-07-23 16:06:08 +02002852
2853/* Loads Diffie-Hellman parameter from a ckchn. Returns 1 if loaded, else -1
2854 if an error occurred, and 0 if parameter not found. */
2855#ifndef OPENSSL_NO_DH
2856static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain *ckch)
2857{
2858 int ret = -1;
2859 DH *dh = NULL;
2860
William Lallemanda8c73742019-07-31 18:31:34 +02002861 if (ckch && ckch->dh) {
William Lallemandfa892222019-07-23 16:06:08 +02002862 dh = ckch->dh;
William Lallemandfa892222019-07-23 16:06:08 +02002863 ret = 1;
2864 SSL_CTX_set_tmp_dh(ctx, dh);
2865
2866 if (ssl_dh_ptr_index >= 0) {
2867 /* store a pointer to the DH params to avoid complaining about
2868 ssl-default-dh-param not being set for this SSL_CTX */
2869 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2870 }
2871 }
2872 else if (global_dh) {
2873 SSL_CTX_set_tmp_dh(ctx, global_dh);
2874 ret = 0; /* DH params not found */
2875 }
2876 else {
2877 /* Clear openssl global errors stack */
2878 ERR_clear_error();
2879
2880 if (global_ssl.default_dh_param <= 1024) {
2881 /* we are limited to DH parameter of 1024 bits anyway */
2882 if (local_dh_1024 == NULL)
2883 local_dh_1024 = ssl_get_dh_1024();
2884
2885 if (local_dh_1024 == NULL)
2886 goto end;
2887
2888 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
2889 }
2890 else {
2891 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2892 }
2893
2894 ret = 0; /* DH params not found */
2895 }
2896
2897end:
William Lallemandfa892222019-07-23 16:06:08 +02002898 return ret;
2899}
2900#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05002901
yanbzhu488a4d22015-12-01 15:16:07 -05002902/* Frees the contents of a cert_key_and_chain
2903 */
2904static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2905{
yanbzhu488a4d22015-12-01 15:16:07 -05002906 if (!ckch)
2907 return;
2908
2909 /* Free the certificate and set pointer to NULL */
2910 if (ckch->cert)
2911 X509_free(ckch->cert);
2912 ckch->cert = NULL;
2913
2914 /* Free the key and set pointer to NULL */
2915 if (ckch->key)
2916 EVP_PKEY_free(ckch->key);
2917 ckch->key = NULL;
2918
2919 /* Free each certificate in the chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002920 if (ckch->chain)
2921 sk_X509_pop_free(ckch->chain, X509_free);
2922 ckch->chain = NULL;
yanbzhu488a4d22015-12-01 15:16:07 -05002923
2924}
2925
2926/* checks if a key and cert exists in the ckch
2927 */
2928static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2929{
2930 return (ckch->cert != NULL && ckch->key != NULL);
2931}
2932
2933
2934/* Loads the contents of a crt file (path) into a cert_key_and_chain
2935 * This allows us to carry the contents of the file without having to
2936 * read the file multiple times.
Emmanuel Hocdetefa4b952018-12-04 17:37:47 +01002937 * The caller must call ssl_sock_free_cert_key_and_chain_contents.
yanbzhu488a4d22015-12-01 15:16:07 -05002938 *
2939 * returns:
2940 * 0 on Success
2941 * 1 on SSL Failure
yanbzhu488a4d22015-12-01 15:16:07 -05002942 */
2943static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2944{
2945
2946 BIO *in;
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002947 X509 *ca;
yanbzhu488a4d22015-12-01 15:16:07 -05002948 int ret = 1;
2949
yanbzhu488a4d22015-12-01 15:16:07 -05002950 in = BIO_new(BIO_s_file());
2951 if (in == NULL)
2952 goto end;
2953
2954 if (BIO_read_filename(in, path) <= 0)
2955 goto end;
2956
yanbzhu488a4d22015-12-01 15:16:07 -05002957 /* Read Private Key */
2958 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2959 if (ckch->key == NULL) {
2960 memprintf(err, "%sunable to load private key from file '%s'.\n",
2961 err && *err ? *err : "", path);
2962 goto end;
2963 }
2964
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02002965#ifndef OPENSSL_NO_DH
William Lallemandfa892222019-07-23 16:06:08 +02002966 /* Seek back to beginning of file */
2967 if (BIO_reset(in) == -1) {
2968 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2969 err && *err ? *err : "", path);
2970 goto end;
2971 }
2972
2973 ckch->dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2974 /* no need to check for NULL there, dh is not mandatory */
Emmanuel Hocdet54227d82019-07-30 17:04:01 +02002975#endif
William Lallemandfa892222019-07-23 16:06:08 +02002976
Willy Tarreaubb137a82016-04-06 19:02:38 +02002977 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002978 if (BIO_reset(in) == -1) {
2979 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2980 err && *err ? *err : "", path);
2981 goto end;
2982 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002983
2984 /* Read Certificate */
2985 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2986 if (ckch->cert == NULL) {
2987 memprintf(err, "%sunable to load certificate from file '%s'.\n",
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002988 err && *err ? *err : "", path);
Willy Tarreaubb137a82016-04-06 19:02:38 +02002989 goto end;
2990 }
2991
Emmanuel Hocdet03e09f32019-07-30 14:21:25 +02002992 if (!X509_check_private_key(ckch->cert, ckch->key)) {
2993 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
2994 err && *err ? *err : "", path);
2995 goto end;
2996 }
2997
yanbzhu488a4d22015-12-01 15:16:07 -05002998 /* Read Certificate Chain */
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01002999 ckch->chain = sk_X509_new_null();
3000 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)))
3001 if (!sk_X509_push(ckch->chain, ca)) {
3002 X509_free(ca);
3003 goto end;
3004 }
yanbzhu488a4d22015-12-01 15:16:07 -05003005
yanbzhu488a4d22015-12-01 15:16:07 -05003006 ret = ERR_get_error();
3007 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3008 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
3009 err && *err ? *err : "", path);
3010 ret = 1;
3011 goto end;
3012 }
3013
3014 ret = 0;
3015
3016end:
3017
3018 ERR_clear_error();
3019 if (in)
3020 BIO_free(in);
3021
3022 /* Something went wrong in one of the reads */
3023 if (ret != 0)
3024 ssl_sock_free_cert_key_and_chain_contents(ckch);
3025
3026 return ret;
3027}
3028
3029/* Loads the info in ckch into ctx
3030 * Currently, this does not process any information about ocsp, dhparams or
3031 * sctl
3032 * Returns
3033 * 0 on success
3034 * 1 on failure
3035 */
3036static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3037{
yanbzhu488a4d22015-12-01 15:16:07 -05003038 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3039 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3040 err && *err ? *err : "", path);
3041 return 1;
3042 }
3043
3044 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3045 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3046 err && *err ? *err : "", path);
3047 return 1;
3048 }
3049
yanbzhu488a4d22015-12-01 15:16:07 -05003050 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003051#ifdef SSL_CTX_set1_chain
Emmanuel Hocdet9246f8b2018-11-30 16:00:21 +01003052 if (!SSL_CTX_set1_chain(ctx, ckch->chain)) {
3053 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3054 err && *err ? *err : "", path);
3055 return 1;
yanbzhu488a4d22015-12-01 15:16:07 -05003056 }
Emmanuel Hocdet1c65fdd2018-12-03 18:07:44 +01003057#else
3058 { /* legacy compat (< openssl 1.0.2) */
3059 X509 *ca;
3060 while ((ca = sk_X509_shift(ckch->chain)))
3061 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3062 memprintf(err, "%sunable to load chain certificate into SSL Context '%s'.\n",
3063 err && *err ? *err : "", path);
3064 X509_free(ca);
3065 return 1;
3066 }
3067 }
3068#endif
yanbzhu488a4d22015-12-01 15:16:07 -05003069
William Lallemandfa892222019-07-23 16:06:08 +02003070#ifndef OPENSSL_NO_DH
3071 /* store a NULL pointer to indicate we have not yet loaded
3072 a custom DH param file */
3073 if (ssl_dh_ptr_index >= 0) {
3074 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3075 }
3076
3077 if (ssl_sock_load_dh_params(ctx, ckch) < 0) {
3078 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3079 err && *err ? *err : "", path);
3080 return 1;
3081 }
3082#endif
3083
yanbzhu488a4d22015-12-01 15:16:07 -05003084 return 0;
3085}
3086
William Lallemandc4ecddf2019-07-31 16:50:08 +02003087#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu08ce6ab2015-12-02 13:01:29 -05003088
3089static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
3090{
3091 struct sni_keytype *s_kt = NULL;
3092 struct ebmb_node *node;
3093 int i;
3094
3095 for (i = 0; i < trash.size; i++) {
3096 if (!str[i])
3097 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003098 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003099 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003100 trash.area[i] = 0;
3101 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003102 if (!node) {
3103 /* CN not found in tree */
3104 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3105 /* Using memcpy here instead of strncpy.
3106 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3107 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3108 */
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003109 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003110 s_kt->keytypes = 0;
3111 ebst_insert(sni_keytypes, &s_kt->name);
3112 } else {
3113 /* CN found in tree */
3114 s_kt = container_of(node, struct sni_keytype, name);
3115 }
3116
3117 /* Mark that this CN has the keytype of key_index via keytypes mask */
3118 s_kt->keytypes |= 1<<key_index;
3119
3120}
3121
William Lallemandc4ecddf2019-07-31 16:50:08 +02003122#endif
3123
William Lallemand36b84632019-07-18 19:28:17 +02003124/*
William Lallemand6af03992019-07-23 15:00:54 +02003125 * lookup a path into the ckchn tree.
3126 */
3127static inline struct ckch_node *ckchn_lookup(char *path)
3128{
3129 struct ebmb_node *eb;
3130
3131 eb = ebst_lookup(&ckchn_tree, path);
3132 if (!eb)
3133 return NULL;
3134
3135 return ebmb_entry(eb, struct ckch_node, node);
3136}
3137
3138/*
William Lallemand36b84632019-07-18 19:28:17 +02003139 * This function allocate a ckch_node and populate it with certificates from files.
3140 */
3141static struct ckch_node *ckchn_load_cert_file(char *path, int multi, char **err)
3142{
3143 struct ckch_node *ckchn;
William Lallemand36b84632019-07-18 19:28:17 +02003144
William Lallemand6af03992019-07-23 15:00:54 +02003145 ckchn = calloc(1, sizeof(*ckchn) + strlen(path) + 1);
William Lallemand36b84632019-07-18 19:28:17 +02003146 if (!ckchn) {
3147 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3148 goto end;
3149 }
3150 ckchn->ckch = calloc(1, sizeof(*ckchn->ckch) * (multi ? SSL_SOCK_NUM_KEYTYPES : 1));
3151
3152 if (!ckchn->ckch) {
3153 memprintf(err, "%sunable to allocate memory.\n", err && *err ? *err : "");
3154 goto end;
3155 }
3156
3157 if (!multi) {
3158
3159 if (ssl_sock_load_crt_file_into_ckch(path, ckchn->ckch, err) == 1)
3160 goto end;
3161
William Lallemand6af03992019-07-23 15:00:54 +02003162 /* insert into the ckchn tree */
3163 memcpy(ckchn->path, path, strlen(path) + 1);
3164 ebst_insert(&ckchn_tree, &ckchn->node);
William Lallemand36b84632019-07-18 19:28:17 +02003165 } else {
3166 int found = 0;
William Lallemandc4ecddf2019-07-31 16:50:08 +02003167#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3168 char fp[MAXPATHLEN+1] = {0};
3169 int n = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003170
3171 /* Load all possible certs and keys */
3172 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3173 struct stat buf;
3174 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3175 if (stat(fp, &buf) == 0) {
3176 if (ssl_sock_load_crt_file_into_ckch(fp, &ckchn->ckch[n], err) == 1)
3177 goto end;
3178 found = 1;
3179 ckchn->multi = 1;
3180 }
3181 }
William Lallemandc4ecddf2019-07-31 16:50:08 +02003182#endif
William Lallemand36b84632019-07-18 19:28:17 +02003183
3184 if (!found) {
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003185 memprintf(err, "%sDidn't find any certificate for bundle '%s'.\n", err && *err ? *err : "", path);
William Lallemand36b84632019-07-18 19:28:17 +02003186 goto end;
3187 }
William Lallemand6af03992019-07-23 15:00:54 +02003188 /* insert into the ckchn tree */
3189 memcpy(ckchn->path, path, strlen(path) + 1);
3190 ebst_insert(&ckchn_tree, &ckchn->node);
William Lallemand36b84632019-07-18 19:28:17 +02003191 }
3192 return ckchn;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003193
William Lallemand36b84632019-07-18 19:28:17 +02003194end:
William Lallemand6af03992019-07-23 15:00:54 +02003195 if (ckchn) {
William Lallemand36b84632019-07-18 19:28:17 +02003196 free(ckchn->ckch);
William Lallemand6af03992019-07-23 15:00:54 +02003197 ebmb_delete(&ckchn->node);
3198 }
3199
William Lallemand36b84632019-07-18 19:28:17 +02003200 free(ckchn);
3201
3202 return NULL;
3203}
3204
William Lallemandc4ecddf2019-07-31 16:50:08 +02003205#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
3206
William Lallemand36b84632019-07-18 19:28:17 +02003207/*
3208 * Take a ckch_node which contains a multi-certificate bundle.
3209 * Group these certificates into a set of SSL_CTX*
yanbzhu08ce6ab2015-12-02 13:01:29 -05003210 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3211 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003212 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003213 *
3214 * Returns
3215 * 0 on success
3216 * 1 on failure
William Lallemand36b84632019-07-18 19:28:17 +02003217 *
3218 * TODO: This function shouldn't access files anymore, sctl and ocsp file access
3219 * should be migrated to the ssl_sock_load_crt_file_into_ckch() function
yanbzhu08ce6ab2015-12-02 13:01:29 -05003220 */
William Lallemand36b84632019-07-18 19:28:17 +02003221static int ssl_sock_load_multi_ckchn(const char *path, struct ckch_node *ckch_n,
3222 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3223 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003224{
William Lallemand36b84632019-07-18 19:28:17 +02003225 int i = 0, n = 0;
3226 struct cert_key_and_chain *certs_and_keys;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003227 struct eb_root sni_keytypes_map = { {0} };
3228 struct ebmb_node *node;
3229 struct ebmb_node *next;
3230 /* Array of SSL_CTX pointers corresponding to each possible combo
3231 * of keytypes
3232 */
3233 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
3234 int rv = 0;
3235 X509_NAME *xname = NULL;
3236 char *str = NULL;
3237#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3238 STACK_OF(GENERAL_NAME) *names = NULL;
3239#endif
3240
William Lallemand36b84632019-07-18 19:28:17 +02003241 if (!ckch_n || !ckch_n->ckch || !ckch_n->multi) {
3242 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3243 err && *err ? *err : "", path);
3244 return 1;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003245 }
3246
William Lallemand36b84632019-07-18 19:28:17 +02003247 certs_and_keys = ckch_n->ckch;
3248
yanbzhu08ce6ab2015-12-02 13:01:29 -05003249 /* Process each ckch and update keytypes for each CN/SAN
3250 * for example, if CN/SAN www.a.com is associated with
3251 * certs with keytype 0 and 2, then at the end of the loop,
3252 * www.a.com will have:
3253 * keyindex = 0 | 1 | 4 = 5
3254 */
3255 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3256
3257 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3258 continue;
3259
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003260 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003261 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003262 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3263 } else {
3264 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3265 * so the line that contains logic is marked via comments
3266 */
3267 xname = X509_get_subject_name(certs_and_keys[n].cert);
3268 i = -1;
3269 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3270 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003271 ASN1_STRING *value;
3272 value = X509_NAME_ENTRY_get_data(entry);
3273 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003274 /* Important line is here */
3275 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003276
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003277 OPENSSL_free(str);
3278 str = NULL;
3279 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003280 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003281
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003282 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003283#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003284 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3285 if (names) {
3286 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3287 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003288
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003289 if (name->type == GEN_DNS) {
3290 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3291 /* Important line is here */
3292 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003293
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003294 OPENSSL_free(str);
3295 str = NULL;
3296 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003297 }
3298 }
3299 }
3300 }
3301#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3302 }
3303
3304 /* If no files found, return error */
3305 if (eb_is_empty(&sni_keytypes_map)) {
3306 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3307 err && *err ? *err : "", path);
3308 rv = 1;
3309 goto end;
3310 }
3311
3312 /* We now have a map of CN/SAN to keytypes that are loaded in
3313 * Iterate through the map to create the SSL_CTX's (if needed)
3314 * and add each CTX to the SNI tree
3315 *
3316 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003317 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003318 * combination is denoted by the key in the map. Each key
3319 * has a value between 1 and 2^n - 1. Conveniently, the array
3320 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3321 * entry in the array to correspond to the unique combo (key)
3322 * associated with i. This unique key combo (i) will be associated
3323 * with combos[i-1]
3324 */
3325
3326 node = ebmb_first(&sni_keytypes_map);
3327 while (node) {
3328 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003329 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003330 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003331
3332 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3333 i = container_of(node, struct sni_keytype, name)->keytypes;
3334 cur_ctx = key_combos[i-1].ctx;
3335
3336 if (cur_ctx == NULL) {
3337 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003338 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003339 if (cur_ctx == NULL) {
3340 memprintf(err, "%sunable to allocate SSL context.\n",
3341 err && *err ? *err : "");
3342 rv = 1;
3343 goto end;
3344 }
3345
yanbzhube2774d2015-12-10 15:07:30 -05003346 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003347 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3348 if (i & (1<<n)) {
3349 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003350 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3351 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003352 SSL_CTX_free(cur_ctx);
3353 rv = 1;
3354 goto end;
3355 }
yanbzhube2774d2015-12-10 15:07:30 -05003356
3357#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3358 /* Load OCSP Info into context */
William Lallemand36b84632019-07-18 19:28:17 +02003359 /* TODO: store OCSP in ckch */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003360 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003361 if (err)
3362 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003363 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003364 SSL_CTX_free(cur_ctx);
3365 rv = 1;
3366 goto end;
3367 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003368#elif (defined OPENSSL_IS_BORINGSSL)
3369 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003370#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003371 }
3372 }
3373
yanbzhu08ce6ab2015-12-02 13:01:29 -05003374 /* Update key_combos */
3375 key_combos[i-1].ctx = cur_ctx;
3376 }
3377
3378 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003379 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003380 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003381 node = ebmb_next(node);
3382 }
3383
3384
3385 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3386 if (!bind_conf->default_ctx) {
3387 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3388 if (key_combos[i].ctx) {
3389 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003390 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003391 break;
3392 }
3393 }
3394 }
3395
3396end:
3397
3398 if (names)
3399 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3400
yanbzhu08ce6ab2015-12-02 13:01:29 -05003401 node = ebmb_first(&sni_keytypes_map);
3402 while (node) {
3403 next = ebmb_next(node);
3404 ebmb_delete(node);
3405 node = next;
3406 }
3407
3408 return rv;
3409}
3410#else
3411/* This is a dummy, that just logs an error and returns error */
William Lallemand36b84632019-07-18 19:28:17 +02003412static int ssl_sock_load_multi_ckchn(const char *path, struct ckch_node *ckch_n,
3413 struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3414 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003415{
3416 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3417 err && *err ? *err : "", path, strerror(errno));
3418 return 1;
3419}
3420
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003421#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003422
William Lallemand36b84632019-07-18 19:28:17 +02003423static int ssl_sock_load_ckchn(const char *path, struct ckch_node *ckch_n, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
William Lallemandc9402072019-05-15 15:33:54 +02003424 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003425{
William Lallemandc9402072019-05-15 15:33:54 +02003426 SSL_CTX *ctx;
William Lallemandc9402072019-05-15 15:33:54 +02003427 int i;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003428 int order = 0;
3429 X509_NAME *xname;
3430 char *str;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003431 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003432 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Emeric Brunfc0421f2012-09-07 17:30:07 +02003433#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3434 STACK_OF(GENERAL_NAME) *names;
3435#endif
William Lallemand36b84632019-07-18 19:28:17 +02003436 struct cert_key_and_chain *ckch;
William Lallemanda59191b2019-05-15 16:08:56 +02003437
William Lallemand36b84632019-07-18 19:28:17 +02003438 if (!ckch_n || !ckch_n->ckch)
William Lallemanda59191b2019-05-15 16:08:56 +02003439 return 1;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003440
William Lallemand36b84632019-07-18 19:28:17 +02003441 ckch = ckch_n->ckch;
3442
William Lallemandc9402072019-05-15 15:33:54 +02003443 ctx = SSL_CTX_new(SSLv23_server_method());
3444 if (!ctx) {
3445 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3446 err && *err ? *err : "", path);
3447 return 1;
3448 }
3449
William Lallemand36b84632019-07-18 19:28:17 +02003450 if (ssl_sock_put_ckch_into_ctx(path, ckch, ctx, err) != 0) {
William Lallemandc9402072019-05-15 15:33:54 +02003451 SSL_CTX_free(ctx);
3452 return 1;
3453 }
3454
William Lallemand36b84632019-07-18 19:28:17 +02003455 pkey = X509_get_pubkey(ckch->cert);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003456 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003457 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003458 switch(EVP_PKEY_base_id(pkey)) {
3459 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003460 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003461 break;
3462 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003463 kinfo.sig = TLSEXT_signature_ecdsa;
3464 break;
3465 case EVP_PKEY_DSA:
3466 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003467 break;
3468 }
3469 EVP_PKEY_free(pkey);
3470 }
3471
Emeric Brun50bcecc2013-04-22 13:05:23 +02003472 if (fcount) {
3473 while (fcount--)
William Lallemandc9402072019-05-15 15:33:54 +02003474 order = ssl_sock_add_cert_sni(ctx, bind_conf, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003475 }
3476 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003477#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
William Lallemand36b84632019-07-18 19:28:17 +02003478 names = X509_get_ext_d2i(ckch->cert, NID_subject_alt_name, NULL, NULL);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003479 if (names) {
3480 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3481 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3482 if (name->type == GEN_DNS) {
3483 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
William Lallemandc9402072019-05-15 15:33:54 +02003484 order = ssl_sock_add_cert_sni(ctx, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003485 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003486 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003487 }
3488 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003489 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003490 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003491#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
William Lallemand36b84632019-07-18 19:28:17 +02003492 xname = X509_get_subject_name(ckch->cert);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003493 i = -1;
3494 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3495 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003496 ASN1_STRING *value;
3497
3498 value = X509_NAME_ENTRY_get_data(entry);
3499 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
William Lallemandc9402072019-05-15 15:33:54 +02003500 order = ssl_sock_add_cert_sni(ctx, bind_conf, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003501 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003502 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003503 }
3504 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003505 /* we must not free the SSL_CTX anymore below, since it's already in
3506 * the tree, so it will be discovered and cleaned in time.
3507 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003508
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003509#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emmanuel Hocdeta7a0f992019-07-30 17:17:03 +02003510 if (ssl_sock_load_ocsp(ctx, path) < 0) {
Emeric Brun4147b2e2014-06-16 18:36:30 +02003511 if (err)
3512 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3513 *err ? *err : "", path);
3514 return 1;
3515 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003516#elif (defined OPENSSL_IS_BORINGSSL)
3517 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003518#endif
3519
Willy Tarreau5db847a2019-05-09 14:13:35 +02003520#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003521 if (sctl_ex_index >= 0) {
Emmanuel Hocdeta7a0f992019-07-30 17:17:03 +02003522 if (ssl_sock_load_sctl(ctx, path) < 0) {
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003523 if (err)
3524 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3525 *err ? *err : "", path);
3526 return 1;
3527 }
3528 }
3529#endif
3530
Emeric Brunfc0421f2012-09-07 17:30:07 +02003531#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003532 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003533 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3534 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003535 return 1;
3536 }
3537#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003538 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003539 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003540 bind_conf->default_ssl_conf = ssl_conf;
3541 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003542
3543 return 0;
3544}
3545
Willy Tarreau03209342016-12-22 17:08:28 +01003546int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003547{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003548 struct dirent **de_list;
3549 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003550 DIR *dir;
3551 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003552 char *end;
3553 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003554 int cfgerr = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003555 struct ckch_node *ckchn;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003556#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003557 int is_bundle;
3558 int j;
3559#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003560
William Lallemand6af03992019-07-23 15:00:54 +02003561 if ((ckchn = ckchn_lookup(path))) {
3562
3563 /* we found the ckchn in the tree, we can use it directly */
3564 if (ckchn->multi)
3565 return ssl_sock_load_multi_ckchn(path, ckchn, bind_conf, NULL, NULL, 0, err);
3566 else
3567 return ssl_sock_load_ckchn(path, ckchn, bind_conf, NULL, NULL, 0, err);
3568
3569 }
3570
yanbzhu08ce6ab2015-12-02 13:01:29 -05003571 if (stat(path, &buf) == 0) {
3572 dir = opendir(path);
William Lallemand36b84632019-07-18 19:28:17 +02003573 if (!dir) {
3574 ckchn = ckchn_load_cert_file(path, 0, err);
3575 if (!ckchn)
3576 return 1;
3577 return ssl_sock_load_ckchn(path, ckchn, bind_conf, NULL, NULL, 0, err);
3578 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003579
yanbzhu08ce6ab2015-12-02 13:01:29 -05003580 /* strip trailing slashes, including first one */
3581 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3582 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003583
yanbzhu08ce6ab2015-12-02 13:01:29 -05003584 n = scandir(path, &de_list, 0, alphasort);
3585 if (n < 0) {
3586 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3587 err && *err ? *err : "", path, strerror(errno));
3588 cfgerr++;
3589 }
3590 else {
3591 for (i = 0; i < n; i++) {
3592 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003593
yanbzhu08ce6ab2015-12-02 13:01:29 -05003594 end = strrchr(de->d_name, '.');
3595 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3596 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003597
yanbzhu08ce6ab2015-12-02 13:01:29 -05003598 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3599 if (stat(fp, &buf) != 0) {
3600 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3601 err && *err ? *err : "", fp, strerror(errno));
3602 cfgerr++;
3603 goto ignore_entry;
3604 }
3605 if (!S_ISREG(buf.st_mode))
3606 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003607
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003608#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003609 is_bundle = 0;
3610 /* Check if current entry in directory is part of a multi-cert bundle */
3611
3612 if (end) {
3613 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3614 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3615 is_bundle = 1;
3616 break;
3617 }
3618 }
3619
3620 if (is_bundle) {
3621 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3622 int dp_len;
3623
3624 dp_len = end - de->d_name;
3625 snprintf(dp, dp_len + 1, "%s", de->d_name);
3626
3627 /* increment i and free de until we get to a non-bundle cert
3628 * Note here that we look at de_list[i + 1] before freeing de
3629 * this is important since ignore_entry will free de
3630 */
3631 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3632 free(de);
3633 i++;
3634 de = de_list[i];
3635 }
3636
3637 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
William Lallemand6af03992019-07-23 15:00:54 +02003638 if ((ckchn = ckchn_lookup(fp)) == NULL)
3639 ckchn = ckchn_load_cert_file(fp, 1, err);
William Lallemand36b84632019-07-18 19:28:17 +02003640 if (!ckchn)
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02003641 cfgerr++;
3642 else
3643 cfgerr += ssl_sock_load_multi_ckchn(fp, ckchn, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003644
3645 /* Successfully processed the bundle */
3646 goto ignore_entry;
3647 }
3648 }
3649
3650#endif
William Lallemand6af03992019-07-23 15:00:54 +02003651 if ((ckchn = ckchn_lookup(fp)) == NULL)
3652 ckchn = ckchn_load_cert_file(fp, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02003653 if (!ckchn)
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02003654 cfgerr++;
3655 else
3656 cfgerr += ssl_sock_load_ckchn(fp, ckchn, bind_conf, NULL, NULL, 0, err);
William Lallemand36b84632019-07-18 19:28:17 +02003657
yanbzhu08ce6ab2015-12-02 13:01:29 -05003658ignore_entry:
3659 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003660 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003661 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003662 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003663 closedir(dir);
3664 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003665 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003666
William Lallemand6e5f2ce2019-08-01 14:43:20 +02003667 ckchn = ckchn_load_cert_file(path, 1, err);
William Lallemand36b84632019-07-18 19:28:17 +02003668 if (!ckchn)
3669 return 1;
3670 cfgerr = ssl_sock_load_multi_ckchn(path, ckchn, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003671
Emeric Brunfc0421f2012-09-07 17:30:07 +02003672 return cfgerr;
3673}
3674
Thierry Fournier383085f2013-01-24 14:15:43 +01003675/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3676 * done once. Zero is returned if the operation fails. No error is returned
3677 * if the random is said as not implemented, because we expect that openssl
3678 * will use another method once needed.
3679 */
3680static int ssl_initialize_random()
3681{
3682 unsigned char random;
3683 static int random_initialized = 0;
3684
3685 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3686 random_initialized = 1;
3687
3688 return random_initialized;
3689}
3690
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003691/* release ssl bind conf */
3692void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003693{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003694 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003695#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003696 free(conf->npn_str);
3697 conf->npn_str = NULL;
3698#endif
3699#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3700 free(conf->alpn_str);
3701 conf->alpn_str = NULL;
3702#endif
3703 free(conf->ca_file);
3704 conf->ca_file = NULL;
3705 free(conf->crl_file);
3706 conf->crl_file = NULL;
3707 free(conf->ciphers);
3708 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02003709#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003710 free(conf->ciphersuites);
3711 conf->ciphersuites = NULL;
3712#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003713 free(conf->curves);
3714 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003715 free(conf->ecdhe);
3716 conf->ecdhe = NULL;
3717 }
3718}
3719
3720int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3721{
3722 char thisline[CRT_LINESIZE];
3723 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003724 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003725 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003726 int linenum = 0;
3727 int cfgerr = 0;
William Lallemand36b84632019-07-18 19:28:17 +02003728 struct ckch_node *ckchn;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003729
Willy Tarreauad1731d2013-04-02 17:35:58 +02003730 if ((f = fopen(file, "r")) == NULL) {
3731 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003732 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003733 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003734
3735 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003736 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003737 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003738 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003739 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003740 char *crt_path;
3741 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003742
3743 linenum++;
3744 end = line + strlen(line);
3745 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3746 /* Check if we reached the limit and the last char is not \n.
3747 * Watch out for the last line without the terminating '\n'!
3748 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003749 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3750 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003751 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003752 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003753 }
3754
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003755 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003756 newarg = 1;
3757 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003758 if (*line == '#' || *line == '\n' || *line == '\r') {
3759 /* end of string, end of loop */
3760 *line = 0;
3761 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003762 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003763 newarg = 1;
3764 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003765 } else if (*line == '[') {
3766 if (ssl_b) {
3767 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3768 cfgerr = 1;
3769 break;
3770 }
3771 if (!arg) {
3772 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3773 cfgerr = 1;
3774 break;
3775 }
3776 ssl_b = arg;
3777 newarg = 1;
3778 *line = 0;
3779 } else if (*line == ']') {
3780 if (ssl_e) {
3781 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003782 cfgerr = 1;
3783 break;
3784 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003785 if (!ssl_b) {
3786 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3787 cfgerr = 1;
3788 break;
3789 }
3790 ssl_e = arg;
3791 newarg = 1;
3792 *line = 0;
3793 } else if (newarg) {
3794 if (arg == MAX_CRT_ARGS) {
3795 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3796 cfgerr = 1;
3797 break;
3798 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003799 newarg = 0;
3800 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003801 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003802 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003803 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003804 if (cfgerr)
3805 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003806 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003807
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003808 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003809 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003810 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003811
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003812 crt_path = args[0];
3813 if (*crt_path != '/' && global_ssl.crt_base) {
3814 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3815 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3816 crt_path, linenum, file);
3817 cfgerr = 1;
3818 break;
3819 }
3820 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3821 crt_path = path;
3822 }
3823
3824 ssl_conf = calloc(1, sizeof *ssl_conf);
3825 cur_arg = ssl_b ? ssl_b : 1;
3826 while (cur_arg < ssl_e) {
3827 newarg = 0;
3828 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3829 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3830 newarg = 1;
3831 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3832 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3833 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3834 args[cur_arg], linenum, file);
3835 cfgerr = 1;
3836 }
3837 cur_arg += 1 + ssl_bind_kws[i].skip;
3838 break;
3839 }
3840 }
3841 if (!cfgerr && !newarg) {
3842 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3843 args[cur_arg], linenum, file);
3844 cfgerr = 1;
3845 break;
3846 }
3847 }
3848 if (cfgerr) {
3849 ssl_sock_free_ssl_conf(ssl_conf);
3850 free(ssl_conf);
3851 ssl_conf = NULL;
3852 break;
3853 }
3854
3855 if (stat(crt_path, &buf) == 0) {
William Lallemand36b84632019-07-18 19:28:17 +02003856
3857 ckchn = ckchn_load_cert_file(crt_path, 0, err);
3858 if (!ckchn)
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02003859 cfgerr++;
3860 else
3861 cfgerr = ssl_sock_load_ckchn(crt_path, ckchn, bind_conf, ssl_conf,
3862 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003863 } else {
William Lallemand36b84632019-07-18 19:28:17 +02003864 ckchn = ckchn_load_cert_file(crt_path, 1, err);
3865 if (!ckchn)
Emmanuel Hocdet1503e052019-07-31 18:30:33 +02003866 cfgerr++;
3867 else
3868 cfgerr = ssl_sock_load_multi_ckchn(crt_path, ckchn, bind_conf, ssl_conf,
3869 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003870 }
3871
Willy Tarreauad1731d2013-04-02 17:35:58 +02003872 if (cfgerr) {
3873 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003874 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003875 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003876 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003877 fclose(f);
3878 return cfgerr;
3879}
3880
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003881/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003882static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003883ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003884{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003885 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003886 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003887 SSL_OP_ALL | /* all known workarounds for bugs */
3888 SSL_OP_NO_SSLv2 |
3889 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003890 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003891 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003892 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003893 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003894 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003895 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003896 SSL_MODE_ENABLE_PARTIAL_WRITE |
3897 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003898 SSL_MODE_RELEASE_BUFFERS |
3899 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003900 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003901 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003902 int flags = MC_SSL_O_ALL;
3903 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003904
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003905 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003906 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003907
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003908 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003909 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3910 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3911 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003912 else
3913 flags = conf_ssl_methods->flags;
3914
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003915 min = conf_ssl_methods->min;
3916 max = conf_ssl_methods->max;
3917 /* start with TLSv10 to remove SSLv3 per default */
3918 if (!min && (!max || max >= CONF_TLSV10))
3919 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003920 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003921 if (min)
3922 flags |= (methodVersions[min].flag - 1);
3923 if (max)
3924 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003925 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003926 min = max = CONF_TLSV_NONE;
3927 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003928 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003929 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003930 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003931 if (min) {
3932 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003933 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3934 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3935 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3936 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003937 hole = 0;
3938 }
3939 max = i;
3940 }
3941 else {
3942 min = max = i;
3943 }
3944 }
3945 else {
3946 if (min)
3947 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003948 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003949 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003950 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3951 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003952 cfgerr += 1;
3953 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003954 /* save real min/max in bind_conf */
3955 conf_ssl_methods->min = min;
3956 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003957
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003958#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003959 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08003960 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003961 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003962 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003963 else
3964 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3965 if (flags & methodVersions[i].flag)
3966 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003967#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003968 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003969 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3970 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003971#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003972
3973 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3974 options |= SSL_OP_NO_TICKET;
3975 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3976 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08003977
3978#ifdef SSL_OP_NO_RENEGOTIATION
3979 options |= SSL_OP_NO_RENEGOTIATION;
3980#endif
3981
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003982 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003983
Willy Tarreau5db847a2019-05-09 14:13:35 +02003984#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003985 if (global_ssl.async)
3986 mode |= SSL_MODE_ASYNC;
3987#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003988 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003989 if (global_ssl.life_time)
3990 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003991
3992#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3993#ifdef OPENSSL_IS_BORINGSSL
3994 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3995 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02003996#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard51088ce2019-01-02 18:46:41 +01003997 if (bind_conf->ssl_conf.early_data) {
3998 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
3999 SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
4000 }
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004001 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4002 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004003#else
4004 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004005#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004006 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004007#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004008 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004009}
4010
William Lallemand4f45bb92017-10-30 20:08:51 +01004011
4012static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4013{
4014 if (first == block) {
4015 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4016 if (first->len > 0)
4017 sh_ssl_sess_tree_delete(sh_ssl_sess);
4018 }
4019}
4020
4021/* return first block from sh_ssl_sess */
4022static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4023{
4024 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4025
4026}
4027
4028/* store a session into the cache
4029 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4030 * data: asn1 encoded session
4031 * data_len: asn1 encoded session length
4032 * Returns 1 id session was stored (else 0)
4033 */
4034static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4035{
4036 struct shared_block *first;
4037 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4038
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004039 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004040 if (!first) {
4041 /* Could not retrieve enough free blocks to store that session */
4042 return 0;
4043 }
4044
4045 /* STORE the key in the first elem */
4046 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4047 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4048 first->len = sizeof(struct sh_ssl_sess_hdr);
4049
4050 /* it returns the already existing node
4051 or current node if none, never returns null */
4052 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4053 if (oldsh_ssl_sess != sh_ssl_sess) {
4054 /* NOTE: Row couldn't be in use because we lock read & write function */
4055 /* release the reserved row */
4056 shctx_row_dec_hot(ssl_shctx, first);
4057 /* replace the previous session already in the tree */
4058 sh_ssl_sess = oldsh_ssl_sess;
4059 /* ignore the previous session data, only use the header */
4060 first = sh_ssl_sess_first_block(sh_ssl_sess);
4061 shctx_row_inc_hot(ssl_shctx, first);
4062 first->len = sizeof(struct sh_ssl_sess_hdr);
4063 }
4064
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004065 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004066 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004067 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004068 }
4069
4070 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004071
4072 return 1;
4073}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004074
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004075/* SSL callback used when a new session is created while connecting to a server */
4076static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4077{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004078 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004079 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004080
Willy Tarreau07d94e42018-09-20 10:57:52 +02004081 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004082
Olivier Houcharde6060c52017-11-16 17:42:52 +01004083 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4084 int len;
4085 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004086
Olivier Houcharde6060c52017-11-16 17:42:52 +01004087 len = i2d_SSL_SESSION(sess, NULL);
4088 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4089 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4090 } else {
4091 free(s->ssl_ctx.reused_sess[tid].ptr);
4092 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4093 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4094 }
4095 if (s->ssl_ctx.reused_sess[tid].ptr) {
4096 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4097 &ptr);
4098 }
4099 } else {
4100 free(s->ssl_ctx.reused_sess[tid].ptr);
4101 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4102 }
4103
4104 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004105}
4106
Olivier Houcharde6060c52017-11-16 17:42:52 +01004107
William Lallemanded0b5ad2017-10-30 19:36:36 +01004108/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004109int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004110{
4111 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4112 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4113 unsigned char *p;
4114 int data_len;
4115 unsigned int sid_length, sid_ctx_length;
4116 const unsigned char *sid_data;
4117 const unsigned char *sid_ctx_data;
4118
4119 /* Session id is already stored in to key and session id is known
4120 * so we dont store it to keep size.
4121 */
4122
4123 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4124 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
4125 SSL_SESSION_set1_id(sess, sid_data, 0);
4126 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
4127
4128 /* check if buffer is large enough for the ASN1 encoded session */
4129 data_len = i2d_SSL_SESSION(sess, NULL);
4130 if (data_len > SHSESS_MAX_DATA_LEN)
4131 goto err;
4132
4133 p = encsess;
4134
4135 /* process ASN1 session encoding before the lock */
4136 i2d_SSL_SESSION(sess, &p);
4137
4138 memcpy(encid, sid_data, sid_length);
4139 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4140 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4141
William Lallemanda3c77cf2017-10-30 23:44:40 +01004142 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004143 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004144 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004145 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004146err:
4147 /* reset original length values */
4148 SSL_SESSION_set1_id(sess, sid_data, sid_length);
4149 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
4150
4151 return 0; /* do not increment session reference count */
4152}
4153
4154/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004155SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004156{
William Lallemand4f45bb92017-10-30 20:08:51 +01004157 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004158 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4159 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004160 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004161 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004162
4163 global.shctx_lookups++;
4164
4165 /* allow the session to be freed automatically by openssl */
4166 *do_copy = 0;
4167
4168 /* tree key is zeros padded sessionid */
4169 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4170 memcpy(tmpkey, key, key_len);
4171 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4172 key = tmpkey;
4173 }
4174
4175 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004176 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004177
4178 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004179 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4180 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004181 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004182 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004183 global.shctx_misses++;
4184 return NULL;
4185 }
4186
William Lallemand4f45bb92017-10-30 20:08:51 +01004187 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4188 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004189
William Lallemand4f45bb92017-10-30 20:08:51 +01004190 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004191
William Lallemanda3c77cf2017-10-30 23:44:40 +01004192 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004193
4194 /* decode ASN1 session */
4195 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004196 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004197 /* Reset session id and session id contenxt */
4198 if (sess) {
4199 SSL_SESSION_set1_id(sess, key, key_len);
4200 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4201 }
4202
4203 return sess;
4204}
4205
William Lallemand4f45bb92017-10-30 20:08:51 +01004206
William Lallemanded0b5ad2017-10-30 19:36:36 +01004207/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004208void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004209{
William Lallemand4f45bb92017-10-30 20:08:51 +01004210 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004211 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4212 unsigned int sid_length;
4213 const unsigned char *sid_data;
4214 (void)ctx;
4215
4216 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4217 /* tree key is zeros padded sessionid */
4218 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4219 memcpy(tmpkey, sid_data, sid_length);
4220 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4221 sid_data = tmpkey;
4222 }
4223
William Lallemanda3c77cf2017-10-30 23:44:40 +01004224 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004225
4226 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004227 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4228 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004229 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004230 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004231 }
4232
4233 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004234 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004235}
4236
4237/* Set session cache mode to server and disable openssl internal cache.
4238 * Set shared cache callbacks on an ssl context.
4239 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004240void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004241{
4242 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4243
4244 if (!ssl_shctx) {
4245 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4246 return;
4247 }
4248
4249 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4250 SSL_SESS_CACHE_NO_INTERNAL |
4251 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4252
4253 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004254 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4255 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4256 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004257}
4258
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004259int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4260{
4261 struct proxy *curproxy = bind_conf->frontend;
4262 int cfgerr = 0;
4263 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004264 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004265 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004266#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004267 const char *conf_ciphersuites;
4268#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004269 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004270
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004271 if (ssl_conf) {
4272 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4273 int i, min, max;
4274 int flags = MC_SSL_O_ALL;
4275
4276 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004277 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4278 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004279 if (min)
4280 flags |= (methodVersions[min].flag - 1);
4281 if (max)
4282 flags |= ~((methodVersions[max].flag << 1) - 1);
4283 min = max = CONF_TLSV_NONE;
4284 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4285 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4286 if (min)
4287 max = i;
4288 else
4289 min = max = i;
4290 }
4291 /* save real min/max */
4292 conf_ssl_methods->min = min;
4293 conf_ssl_methods->max = max;
4294 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004295 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4296 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004297 cfgerr += 1;
4298 }
4299 }
4300
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004301 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004302 case SSL_SOCK_VERIFY_NONE:
4303 verify = SSL_VERIFY_NONE;
4304 break;
4305 case SSL_SOCK_VERIFY_OPTIONAL:
4306 verify = SSL_VERIFY_PEER;
4307 break;
4308 case SSL_SOCK_VERIFY_REQUIRED:
4309 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4310 break;
4311 }
4312 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4313 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004314 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4315 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4316 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004317 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004318 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004319 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4320 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004321 cfgerr++;
4322 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004323 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4324 /* set CA names for client cert request, function returns void */
4325 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4326 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004327 }
Emeric Brun850efd52014-01-29 12:24:34 +01004328 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004329 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4330 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004331 cfgerr++;
4332 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004333#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004334 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004335 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4336
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004337 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004338 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4339 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004340 cfgerr++;
4341 }
Emeric Brun561e5742012-10-02 15:20:55 +02004342 else {
4343 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4344 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004345 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004346#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004347 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004348 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004349#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004350 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004351 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004352 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4353 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004354 cfgerr++;
4355 }
4356 }
4357#endif
4358
William Lallemand4f45bb92017-10-30 20:08:51 +01004359 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004360 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4361 if (conf_ciphers &&
4362 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004363 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4364 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004365 cfgerr++;
4366 }
4367
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004368#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004369 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4370 if (conf_ciphersuites &&
4371 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4372 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4373 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4374 cfgerr++;
4375 }
4376#endif
4377
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004378#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004379 /* If tune.ssl.default-dh-param has not been set,
4380 neither has ssl-default-dh-file and no static DH
4381 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004382 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004383 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004384 (ssl_dh_ptr_index == -1 ||
4385 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004386 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4387 const SSL_CIPHER * cipher = NULL;
4388 char cipher_description[128];
4389 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4390 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4391 which is not ephemeral DH. */
4392 const char dhe_description[] = " Kx=DH ";
4393 const char dhe_export_description[] = " Kx=DH(";
4394 int idx = 0;
4395 int dhe_found = 0;
4396 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004397
Remi Gacogne23d5d372014-10-10 17:04:26 +02004398 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004399
Remi Gacogne23d5d372014-10-10 17:04:26 +02004400 if (ssl) {
4401 ciphers = SSL_get_ciphers(ssl);
4402
4403 if (ciphers) {
4404 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4405 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4406 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4407 if (strstr(cipher_description, dhe_description) != NULL ||
4408 strstr(cipher_description, dhe_export_description) != NULL) {
4409 dhe_found = 1;
4410 break;
4411 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004412 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004413 }
4414 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004415 SSL_free(ssl);
4416 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004417 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004418
Lukas Tribus90132722014-08-18 00:56:33 +02004419 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004420 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004421 }
4422
Willy Tarreauef934602016-12-22 23:12:01 +01004423 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004424 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004425
Willy Tarreauef934602016-12-22 23:12:01 +01004426 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004427 if (local_dh_1024 == NULL) {
4428 local_dh_1024 = ssl_get_dh_1024();
4429 }
Willy Tarreauef934602016-12-22 23:12:01 +01004430 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004431 if (local_dh_2048 == NULL) {
4432 local_dh_2048 = ssl_get_dh_2048();
4433 }
Willy Tarreauef934602016-12-22 23:12:01 +01004434 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004435 if (local_dh_4096 == NULL) {
4436 local_dh_4096 = ssl_get_dh_4096();
4437 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004438 }
4439 }
4440 }
4441#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004442
Emeric Brunfc0421f2012-09-07 17:30:07 +02004443 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004444#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004445 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004446#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004447
Bernard Spil13c53f82018-02-15 13:34:58 +01004448#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004449 ssl_conf_cur = NULL;
4450 if (ssl_conf && ssl_conf->npn_str)
4451 ssl_conf_cur = ssl_conf;
4452 else if (bind_conf->ssl_conf.npn_str)
4453 ssl_conf_cur = &bind_conf->ssl_conf;
4454 if (ssl_conf_cur)
4455 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004456#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004457#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004458 ssl_conf_cur = NULL;
4459 if (ssl_conf && ssl_conf->alpn_str)
4460 ssl_conf_cur = ssl_conf;
4461 else if (bind_conf->ssl_conf.alpn_str)
4462 ssl_conf_cur = &bind_conf->ssl_conf;
4463 if (ssl_conf_cur)
4464 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004465#endif
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004466#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004467 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4468 if (conf_curves) {
4469 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004470 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4471 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004472 cfgerr++;
4473 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004474#if defined(SSL_CTX_set_ecdh_auto)
4475 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4476#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004477 }
4478#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004479#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004480 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004481 int i;
4482 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004483#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004484 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004485 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4486 NULL);
4487
4488 if (ecdhe == NULL) {
4489 SSL_CTX_set_dh_auto(ctx, 1);
4490 return cfgerr;
4491 }
4492#else
4493 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4494 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4495 ECDHE_DEFAULT_CURVE);
4496#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004497
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004498 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004499 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004500 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4501 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004502 cfgerr++;
4503 }
4504 else {
4505 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4506 EC_KEY_free(ecdh);
4507 }
4508 }
4509#endif
4510
Emeric Brunfc0421f2012-09-07 17:30:07 +02004511 return cfgerr;
4512}
4513
Evan Broderbe554312013-06-27 00:05:25 -07004514static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4515{
4516 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4517 size_t prefixlen, suffixlen;
4518
4519 /* Trivial case */
4520 if (strcmp(pattern, hostname) == 0)
4521 return 1;
4522
Evan Broderbe554312013-06-27 00:05:25 -07004523 /* The rest of this logic is based on RFC 6125, section 6.4.3
4524 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4525
Emeric Bruna848dae2013-10-08 11:27:28 +02004526 pattern_wildcard = NULL;
4527 pattern_left_label_end = pattern;
4528 while (*pattern_left_label_end != '.') {
4529 switch (*pattern_left_label_end) {
4530 case 0:
4531 /* End of label not found */
4532 return 0;
4533 case '*':
4534 /* If there is more than one wildcards */
4535 if (pattern_wildcard)
4536 return 0;
4537 pattern_wildcard = pattern_left_label_end;
4538 break;
4539 }
4540 pattern_left_label_end++;
4541 }
4542
4543 /* If it's not trivial and there is no wildcard, it can't
4544 * match */
4545 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004546 return 0;
4547
4548 /* Make sure all labels match except the leftmost */
4549 hostname_left_label_end = strchr(hostname, '.');
4550 if (!hostname_left_label_end
4551 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4552 return 0;
4553
4554 /* Make sure the leftmost label of the hostname is long enough
4555 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004556 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004557 return 0;
4558
4559 /* Finally compare the string on either side of the
4560 * wildcard */
4561 prefixlen = pattern_wildcard - pattern;
4562 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004563 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4564 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004565 return 0;
4566
4567 return 1;
4568}
4569
4570static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4571{
4572 SSL *ssl;
4573 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004574 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004575 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004576 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004577
4578 int depth;
4579 X509 *cert;
4580 STACK_OF(GENERAL_NAME) *alt_names;
4581 int i;
4582 X509_NAME *cert_subject;
4583 char *str;
4584
4585 if (ok == 0)
4586 return ok;
4587
4588 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004589 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004590 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004591
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004592 /* We're checking if the provided hostnames match the desired one. The
4593 * desired hostname comes from the SNI we presented if any, or if not
4594 * provided then it may have been explicitly stated using a "verifyhost"
4595 * directive. If neither is set, we don't care about the name so the
4596 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004597 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004598 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004599 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004600 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004601 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004602 if (!servername)
4603 return ok;
4604 }
Evan Broderbe554312013-06-27 00:05:25 -07004605
4606 /* We only need to verify the CN on the actual server cert,
4607 * not the indirect CAs */
4608 depth = X509_STORE_CTX_get_error_depth(ctx);
4609 if (depth != 0)
4610 return ok;
4611
4612 /* At this point, the cert is *not* OK unless we can find a
4613 * hostname match */
4614 ok = 0;
4615
4616 cert = X509_STORE_CTX_get_current_cert(ctx);
4617 /* It seems like this might happen if verify peer isn't set */
4618 if (!cert)
4619 return ok;
4620
4621 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4622 if (alt_names) {
4623 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4624 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4625 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004626#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02004627 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4628#else
Evan Broderbe554312013-06-27 00:05:25 -07004629 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004630#endif
Evan Broderbe554312013-06-27 00:05:25 -07004631 ok = ssl_sock_srv_hostcheck(str, servername);
4632 OPENSSL_free(str);
4633 }
4634 }
4635 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004636 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004637 }
4638
4639 cert_subject = X509_get_subject_name(cert);
4640 i = -1;
4641 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4642 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004643 ASN1_STRING *value;
4644 value = X509_NAME_ENTRY_get_data(entry);
4645 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004646 ok = ssl_sock_srv_hostcheck(str, servername);
4647 OPENSSL_free(str);
4648 }
4649 }
4650
Willy Tarreau71d058c2017-07-26 20:09:56 +02004651 /* report the mismatch and indicate if SNI was used or not */
4652 if (!ok && !conn->err_code)
4653 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004654 return ok;
4655}
4656
Emeric Brun94324a42012-10-11 14:00:19 +02004657/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004658int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004659{
Willy Tarreau03209342016-12-22 17:08:28 +01004660 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004661 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004662 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004663 SSL_OP_ALL | /* all known workarounds for bugs */
4664 SSL_OP_NO_SSLv2 |
4665 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004666 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004667 SSL_MODE_ENABLE_PARTIAL_WRITE |
4668 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004669 SSL_MODE_RELEASE_BUFFERS |
4670 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004671 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004672 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004673 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004674 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004675 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004676
Thierry Fournier383085f2013-01-24 14:15:43 +01004677 /* Make sure openssl opens /dev/urandom before the chroot */
4678 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004679 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004680 cfgerr++;
4681 }
4682
Willy Tarreaufce03112015-01-15 21:32:40 +01004683 /* Automatic memory computations need to know we use SSL there */
4684 global.ssl_used_backend = 1;
4685
4686 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004687 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004688 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004689 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4690 curproxy->id, srv->id,
4691 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004692 cfgerr++;
4693 return cfgerr;
4694 }
4695 }
Emeric Brun94324a42012-10-11 14:00:19 +02004696 if (srv->use_ssl)
4697 srv->xprt = &ssl_sock;
4698 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004699 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004700
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004701 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004702 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004703 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4704 proxy_type_str(curproxy), curproxy->id,
4705 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004706 cfgerr++;
4707 return cfgerr;
4708 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004709
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004710 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004711 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4712 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4713 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004714 else
4715 flags = conf_ssl_methods->flags;
4716
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004717 /* Real min and max should be determinate with configuration and openssl's capabilities */
4718 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004719 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004720 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004721 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004722
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004723 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004724 min = max = CONF_TLSV_NONE;
4725 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004726 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004727 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004728 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004729 if (min) {
4730 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004731 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4732 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4733 proxy_type_str(curproxy), curproxy->id, srv->id,
4734 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004735 hole = 0;
4736 }
4737 max = i;
4738 }
4739 else {
4740 min = max = i;
4741 }
4742 }
4743 else {
4744 if (min)
4745 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004746 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004747 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004748 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4749 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004750 cfgerr += 1;
4751 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004752
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004753#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004754 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004755 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004756 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004757 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004758 else
4759 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4760 if (flags & methodVersions[i].flag)
4761 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004762#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004763 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004764 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4765 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004766#endif
4767
4768 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4769 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004770 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004771
Willy Tarreau5db847a2019-05-09 14:13:35 +02004772#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004773 if (global_ssl.async)
4774 mode |= SSL_MODE_ASYNC;
4775#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004776 SSL_CTX_set_mode(ctx, mode);
4777 srv->ssl_ctx.ctx = ctx;
4778
Emeric Bruna7aa3092012-10-26 12:58:00 +02004779 if (srv->ssl_ctx.client_crt) {
4780 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004781 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4782 proxy_type_str(curproxy), curproxy->id,
4783 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004784 cfgerr++;
4785 }
4786 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004787 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4788 proxy_type_str(curproxy), curproxy->id,
4789 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004790 cfgerr++;
4791 }
4792 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004793 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4794 proxy_type_str(curproxy), curproxy->id,
4795 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004796 cfgerr++;
4797 }
4798 }
Emeric Brun94324a42012-10-11 14:00:19 +02004799
Emeric Brun850efd52014-01-29 12:24:34 +01004800 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4801 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004802 switch (srv->ssl_ctx.verify) {
4803 case SSL_SOCK_VERIFY_NONE:
4804 verify = SSL_VERIFY_NONE;
4805 break;
4806 case SSL_SOCK_VERIFY_REQUIRED:
4807 verify = SSL_VERIFY_PEER;
4808 break;
4809 }
Evan Broderbe554312013-06-27 00:05:25 -07004810 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004811 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004812 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004813 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004814 if (srv->ssl_ctx.ca_file) {
4815 /* load CAfile to verify */
4816 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004817 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4818 curproxy->id, srv->id,
4819 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004820 cfgerr++;
4821 }
4822 }
Emeric Brun850efd52014-01-29 12:24:34 +01004823 else {
4824 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004825 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4826 curproxy->id, srv->id,
4827 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004828 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004829 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4830 curproxy->id, srv->id,
4831 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004832 cfgerr++;
4833 }
Emeric Brunef42d922012-10-11 16:11:36 +02004834#ifdef X509_V_FLAG_CRL_CHECK
4835 if (srv->ssl_ctx.crl_file) {
4836 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4837
4838 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004839 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4840 curproxy->id, srv->id,
4841 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004842 cfgerr++;
4843 }
4844 else {
4845 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4846 }
4847 }
4848#endif
4849 }
4850
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004851 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4852 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4853 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004854 if (srv->ssl_ctx.ciphers &&
4855 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004856 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4857 curproxy->id, srv->id,
4858 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004859 cfgerr++;
4860 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004861
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004862#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004863 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004864 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004865 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4866 curproxy->id, srv->id,
4867 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4868 cfgerr++;
4869 }
4870#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004871#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4872 if (srv->ssl_ctx.npn_str)
4873 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4874#endif
4875#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4876 if (srv->ssl_ctx.alpn_str)
4877 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4878#endif
4879
Emeric Brun94324a42012-10-11 14:00:19 +02004880
4881 return cfgerr;
4882}
4883
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004884/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004885 * be NULL, in which case nothing is done. Returns the number of errors
4886 * encountered.
4887 */
Willy Tarreau03209342016-12-22 17:08:28 +01004888int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004889{
4890 struct ebmb_node *node;
4891 struct sni_ctx *sni;
4892 int err = 0;
4893
Willy Tarreaufce03112015-01-15 21:32:40 +01004894 /* Automatic memory computations need to know we use SSL there */
4895 global.ssl_used_frontend = 1;
4896
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004897 /* Make sure openssl opens /dev/urandom before the chroot */
4898 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004899 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004900 err++;
4901 }
4902 /* Create initial_ctx used to start the ssl connection before do switchctx */
4903 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004904 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004905 /* It should not be necessary to call this function, but it's
4906 necessary first to check and move all initialisation related
4907 to initial_ctx in ssl_sock_initial_ctx. */
4908 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4909 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004910 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004911 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004912
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004913 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004914 while (node) {
4915 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004916 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4917 /* only initialize the CTX on its first occurrence and
4918 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004919 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004920 node = ebmb_next(node);
4921 }
4922
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004923 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004924 while (node) {
4925 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004926 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4927 /* only initialize the CTX on its first occurrence and
4928 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004929 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004930 node = ebmb_next(node);
4931 }
4932 return err;
4933}
4934
Willy Tarreau55d37912016-12-21 23:38:39 +01004935/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4936 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4937 * alerts are directly emitted since the rest of the stack does it below.
4938 */
4939int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4940{
4941 struct proxy *px = bind_conf->frontend;
4942 int alloc_ctx;
4943 int err;
4944
4945 if (!bind_conf->is_ssl) {
4946 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004947 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4948 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004949 }
4950 return 0;
4951 }
4952 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004953 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004954 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4955 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004956 }
4957 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004958 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4959 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004960 return -1;
4961 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004962 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004963 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004964 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02004965 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01004966 sizeof(*sh_ssl_sess_tree),
4967 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02004968 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004969 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4970 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4971 else
4972 ha_alert("Unable to allocate SSL session cache.\n");
4973 return -1;
4974 }
4975 /* free block callback */
4976 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4977 /* init the root tree within the extra space */
4978 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4979 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004980 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004981 err = 0;
4982 /* initialize all certificate contexts */
4983 err += ssl_sock_prepare_all_ctx(bind_conf);
4984
4985 /* initialize CA variables if the certificates generation is enabled */
4986 err += ssl_sock_load_ca(bind_conf);
4987
4988 return -err;
4989}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004990
4991/* release ssl context allocated for servers. */
4992void ssl_sock_free_srv_ctx(struct server *srv)
4993{
Olivier Houchardc7566002018-11-20 23:33:50 +01004994#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4995 if (srv->ssl_ctx.alpn_str)
4996 free(srv->ssl_ctx.alpn_str);
4997#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01004998#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01004999 if (srv->ssl_ctx.npn_str)
5000 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005001#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005002 if (srv->ssl_ctx.ctx)
5003 SSL_CTX_free(srv->ssl_ctx.ctx);
5004}
5005
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005006/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005007 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5008 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005009void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005010{
5011 struct ebmb_node *node, *back;
5012 struct sni_ctx *sni;
5013
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005014 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005015 while (node) {
5016 sni = ebmb_entry(node, struct sni_ctx, name);
5017 back = ebmb_next(node);
5018 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005019 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005020 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005021 ssl_sock_free_ssl_conf(sni->conf);
5022 free(sni->conf);
5023 sni->conf = NULL;
5024 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005025 free(sni);
5026 node = back;
5027 }
5028
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005029 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005030 while (node) {
5031 sni = ebmb_entry(node, struct sni_ctx, name);
5032 back = ebmb_next(node);
5033 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005034 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005035 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005036 ssl_sock_free_ssl_conf(sni->conf);
5037 free(sni->conf);
5038 sni->conf = NULL;
5039 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005040 free(sni);
5041 node = back;
5042 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005043 SSL_CTX_free(bind_conf->initial_ctx);
5044 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005045 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005046 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005047}
5048
Willy Tarreau795cdab2016-12-22 17:30:54 +01005049/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5050void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5051{
5052 ssl_sock_free_ca(bind_conf);
5053 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005054 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005055 free(bind_conf->ca_sign_file);
5056 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005057 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005058 free(bind_conf->keys_ref->filename);
5059 free(bind_conf->keys_ref->tlskeys);
5060 LIST_DEL(&bind_conf->keys_ref->list);
5061 free(bind_conf->keys_ref);
5062 }
5063 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005064 bind_conf->ca_sign_pass = NULL;
5065 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005066}
5067
Christopher Faulet31af49d2015-06-09 17:29:50 +02005068/* Load CA cert file and private key used to generate certificates */
5069int
Willy Tarreau03209342016-12-22 17:08:28 +01005070ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005071{
Willy Tarreau03209342016-12-22 17:08:28 +01005072 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005073 FILE *fp;
5074 X509 *cacert = NULL;
5075 EVP_PKEY *capkey = NULL;
5076 int err = 0;
5077
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005078 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005079 return err;
5080
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005081#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005082 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005083 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005084 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005085 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005086 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005087#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005088
Christopher Faulet31af49d2015-06-09 17:29:50 +02005089 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005090 ha_alert("Proxy '%s': cannot enable certificate generation, "
5091 "no CA certificate File configured at [%s:%d].\n",
5092 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005093 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005094 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005095
5096 /* read in the CA certificate */
5097 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005098 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5099 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005100 goto load_error;
5101 }
5102 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005103 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5104 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005105 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005106 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005107 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005108 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005109 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5110 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005111 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005112 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005113
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005114 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005115 bind_conf->ca_sign_cert = cacert;
5116 bind_conf->ca_sign_pkey = capkey;
5117 return err;
5118
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005119 read_error:
5120 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005121 if (capkey) EVP_PKEY_free(capkey);
5122 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005123 load_error:
5124 bind_conf->generate_certs = 0;
5125 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005126 return err;
5127}
5128
5129/* Release CA cert and private key used to generate certificated */
5130void
5131ssl_sock_free_ca(struct bind_conf *bind_conf)
5132{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005133 if (bind_conf->ca_sign_pkey)
5134 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5135 if (bind_conf->ca_sign_cert)
5136 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005137 bind_conf->ca_sign_pkey = NULL;
5138 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005139}
5140
Emeric Brun46591952012-05-18 15:47:34 +02005141/*
5142 * This function is called if SSL * context is not yet allocated. The function
5143 * is designed to be called before any other data-layer operation and sets the
5144 * handshake flag on the connection. It is safe to call it multiple times.
5145 * It returns 0 on success and -1 in error case.
5146 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005147static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005148{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005149 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005150 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005151 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005152 return 0;
5153
Willy Tarreau3c728722014-01-23 13:50:42 +01005154 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005155 return 0;
5156
Olivier Houchard66ab4982019-02-26 18:37:15 +01005157 ctx = pool_alloc(ssl_sock_ctx_pool);
5158 if (!ctx) {
5159 conn->err_code = CO_ER_SSL_NO_MEM;
5160 return -1;
5161 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005162 ctx->wait_event.tasklet = tasklet_new();
5163 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005164 conn->err_code = CO_ER_SSL_NO_MEM;
5165 pool_free(ssl_sock_ctx_pool, ctx);
5166 return -1;
5167 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005168 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5169 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005170 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005171 ctx->sent_early_data = 0;
5172 ctx->tmp_early_data = -1;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005173 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005174 ctx->send_wait = NULL;
5175 ctx->recv_wait = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005176
5177 /* Only work with sockets for now, this should be adapted when we'll
5178 * add QUIC support.
5179 */
5180 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005181 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005182 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5183 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005184 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005185
Willy Tarreau20879a02012-12-03 16:32:10 +01005186 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5187 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005188 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005189 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005190
Emeric Brun46591952012-05-18 15:47:34 +02005191 /* If it is in client mode initiate SSL session
5192 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005193 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005194 int may_retry = 1;
5195
5196 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005197 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005198 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5199 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005200 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005201 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005202 goto retry_connect;
5203 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005204 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005205 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005206 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005207 ctx->bio = BIO_new(ha_meth);
5208 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005209 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005210 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005211 goto retry_connect;
5212 }
Emeric Brun55476152014-11-12 17:35:37 +01005213 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005214 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005215 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005216 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005217 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005218
Evan Broderbe554312013-06-27 00:05:25 -07005219 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005220 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5221 SSL_free(ctx->ssl);
5222 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005223 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005224 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005225 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005226 goto retry_connect;
5227 }
Emeric Brun55476152014-11-12 17:35:37 +01005228 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005229 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005230 }
5231
Olivier Houchard66ab4982019-02-26 18:37:15 +01005232 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005233 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5234 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5235 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005236 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005237 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005238 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5239 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005240 } else if (sess) {
5241 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005242 }
5243 }
Evan Broderbe554312013-06-27 00:05:25 -07005244
Emeric Brun46591952012-05-18 15:47:34 +02005245 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005246 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005247
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005248 _HA_ATOMIC_ADD(&sslconns, 1);
5249 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005250 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005251 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005252 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005253 if (conn->flags & CO_FL_ERROR)
5254 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005255 return 0;
5256 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005257 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005258 int may_retry = 1;
5259
5260 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005261 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005262 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5263 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005264 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005265 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005266 goto retry_accept;
5267 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005268 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005269 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005270 }
Emeric Brun46591952012-05-18 15:47:34 +02005271
Olivier Houcharda8955d52019-04-07 22:00:38 +02005272 ctx->bio = BIO_new(ha_meth);
5273 if (!ctx->bio) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005274 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005275 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005276 goto retry_accept;
5277 }
Emeric Brun55476152014-11-12 17:35:37 +01005278 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005279 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005280 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005281 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005282 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005283
Emeric Brune1f38db2012-09-03 20:36:47 +02005284 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005285 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5286 SSL_free(ctx->ssl);
5287 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005288 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005289 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005290 goto retry_accept;
5291 }
Emeric Brun55476152014-11-12 17:35:37 +01005292 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005293 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005294 }
5295
Olivier Houchard66ab4982019-02-26 18:37:15 +01005296 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005297
Emeric Brun46591952012-05-18 15:47:34 +02005298 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005299 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005300#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005301 conn->flags |= CO_FL_EARLY_SSL_HS;
5302#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005303
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005304 _HA_ATOMIC_ADD(&sslconns, 1);
5305 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005306 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005307 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005308 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005309 if (conn->flags & CO_FL_ERROR)
5310 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005311 return 0;
5312 }
5313 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005314 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005315err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005316 if (ctx && ctx->wait_event.tasklet)
5317 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005318 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005319 return -1;
5320}
5321
5322
5323/* This is the callback which is used when an SSL handshake is pending. It
5324 * updates the FD status if it wants some polling before being called again.
5325 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5326 * otherwise it returns non-zero and removes itself from the connection's
5327 * flags (the bit is provided in <flag> by the caller).
5328 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005329static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005330{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005331 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005332 int ret;
5333
Willy Tarreau3c728722014-01-23 13:50:42 +01005334 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005335 return 0;
5336
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005337 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005338 goto out_error;
5339
Willy Tarreau5db847a2019-05-09 14:13:35 +02005340#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005341 /*
5342 * Check if we have early data. If we do, we have to read them
5343 * before SSL_do_handshake() is called, And there's no way to
5344 * detect early data, except to try to read them
5345 */
5346 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5347 size_t read_data;
5348
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005349 ret = SSL_read_early_data(ctx->ssl, &ctx->tmp_early_data,
Olivier Houchardc2aae742017-09-22 18:26:28 +02005350 1, &read_data);
5351 if (ret == SSL_READ_EARLY_DATA_ERROR)
5352 goto check_error;
5353 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5354 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5355 return 1;
5356 } else
5357 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5358 }
5359#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005360 /* If we use SSL_do_handshake to process a reneg initiated by
5361 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5362 * Usually SSL_write and SSL_read are used and process implicitly
5363 * the reneg handshake.
5364 * Here we use SSL_peek as a workaround for reneg.
5365 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005366 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005367 char c;
5368
Olivier Houchard66ab4982019-02-26 18:37:15 +01005369 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005370 if (ret <= 0) {
5371 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005372 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005373
Emeric Brun674b7432012-11-08 19:21:55 +01005374 if (ret == SSL_ERROR_WANT_WRITE) {
5375 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005376 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005377 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005378 return 0;
5379 }
5380 else if (ret == SSL_ERROR_WANT_READ) {
5381 /* handshake may have been completed but we have
5382 * no more data to read.
5383 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005384 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005385 ret = 1;
5386 goto reneg_ok;
5387 }
5388 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005389 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005390 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005391 return 0;
5392 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005393#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005394 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005395 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005396 return 0;
5397 }
5398#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005399 else if (ret == SSL_ERROR_SYSCALL) {
5400 /* if errno is null, then connection was successfully established */
5401 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5402 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005403 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02005404#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5405 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005406 conn->err_code = CO_ER_SSL_HANDSHAKE;
5407#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005408 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005409#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02005410 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005411 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005412 empty_handshake = state == TLS_ST_BEFORE;
5413#else
Lukas Tribus49799162019-07-08 14:29:15 +02005414 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5415 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005416#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005417 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005418 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005419 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005420 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5421 else
5422 conn->err_code = CO_ER_SSL_EMPTY;
5423 }
5424 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005425 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005426 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5427 else
5428 conn->err_code = CO_ER_SSL_ABORT;
5429 }
5430 }
5431 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005432 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005433 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005434 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005435 conn->err_code = CO_ER_SSL_HANDSHAKE;
5436 }
Lukas Tribus49799162019-07-08 14:29:15 +02005437#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005438 }
Emeric Brun674b7432012-11-08 19:21:55 +01005439 goto out_error;
5440 }
5441 else {
5442 /* Fail on all other handshake errors */
5443 /* Note: OpenSSL may leave unread bytes in the socket's
5444 * buffer, causing an RST to be emitted upon close() on
5445 * TCP sockets. We first try to drain possibly pending
5446 * data to avoid this as much as possible.
5447 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005448 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005449 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005450 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005451 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005452 goto out_error;
5453 }
5454 }
5455 /* read some data: consider handshake completed */
5456 goto reneg_ok;
5457 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005458 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005459check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005460 if (ret != 1) {
5461 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005462 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005463
5464 if (ret == SSL_ERROR_WANT_WRITE) {
5465 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005466 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005467 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005468 return 0;
5469 }
5470 else if (ret == SSL_ERROR_WANT_READ) {
5471 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02005472 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005473 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5474 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005475 return 0;
5476 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005477#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005478 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005479 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005480 return 0;
5481 }
5482#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005483 else if (ret == SSL_ERROR_SYSCALL) {
5484 /* if errno is null, then connection was successfully established */
5485 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5486 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005487 if (!conn->err_code) {
Lukas Tribus49799162019-07-08 14:29:15 +02005488#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5489 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005490 conn->err_code = CO_ER_SSL_HANDSHAKE;
5491#else
5492 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005493#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus49799162019-07-08 14:29:15 +02005494 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005495 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005496 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005497#else
Lukas Tribus49799162019-07-08 14:29:15 +02005498 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5499 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005500#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005501 if (empty_handshake) {
5502 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005503 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005504 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5505 else
5506 conn->err_code = CO_ER_SSL_EMPTY;
5507 }
5508 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005509 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005510 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5511 else
5512 conn->err_code = CO_ER_SSL_ABORT;
5513 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005514 }
5515 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005516 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005517 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5518 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005519 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005520 }
Lukas Tribus49799162019-07-08 14:29:15 +02005521#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02005522 }
Willy Tarreau89230192012-09-28 20:22:13 +02005523 goto out_error;
5524 }
Emeric Brun46591952012-05-18 15:47:34 +02005525 else {
5526 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005527 /* Note: OpenSSL may leave unread bytes in the socket's
5528 * buffer, causing an RST to be emitted upon close() on
5529 * TCP sockets. We first try to drain possibly pending
5530 * data to avoid this as much as possible.
5531 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005532 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005533 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005534 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005535 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005536 goto out_error;
5537 }
5538 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005539#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01005540 else {
5541 /*
5542 * If the server refused the early data, we have to send a
5543 * 425 to the client, as we no longer have the data to sent
5544 * them again.
5545 */
5546 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005547 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005548 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5549 goto out_error;
5550 }
5551 }
5552 }
5553#endif
5554
Emeric Brun46591952012-05-18 15:47:34 +02005555
Emeric Brun674b7432012-11-08 19:21:55 +01005556reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005557
Willy Tarreau5db847a2019-05-09 14:13:35 +02005558#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005559 /* ASYNC engine API doesn't support moving read/write
5560 * buffers. So we disable ASYNC mode right after
5561 * the handshake to avoid buffer oveflows.
5562 */
5563 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005564 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005565#endif
Emeric Brun46591952012-05-18 15:47:34 +02005566 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005567 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005568 if (objt_server(conn->target)) {
5569 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5570 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5571 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005572 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005573 else {
5574 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5575 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5576 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5577 }
Emeric Brun46591952012-05-18 15:47:34 +02005578 }
5579
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005580#ifdef OPENSSL_IS_BORINGSSL
Olivier Houchard66ab4982019-02-26 18:37:15 +01005581 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(ctx->ssl))
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005582 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5583#endif
Emeric Brun46591952012-05-18 15:47:34 +02005584 /* The connection is now established at both layers, it's time to leave */
5585 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5586 return 1;
5587
5588 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005589 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005590 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005591 ERR_clear_error();
5592
Emeric Brun9fa89732012-10-04 17:09:56 +02005593 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005594 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5595 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5596 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005597 }
5598
Emeric Brun46591952012-05-18 15:47:34 +02005599 /* Fail on all other handshake errors */
5600 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005601 if (!conn->err_code)
5602 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005603 return 0;
5604}
5605
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005606static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005607{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005608 struct wait_event *sw;
5609 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005610
Olivier Houchard0ff28652019-06-24 18:57:39 +02005611 if (!ctx)
5612 return -1;
5613
Olivier Houchardea8dd942019-05-20 14:02:16 +02005614 if (event_type & SUB_RETRY_RECV) {
5615 sw = param;
5616 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
5617 sw->events |= SUB_RETRY_RECV;
5618 ctx->recv_wait = sw;
5619 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5620 !(ctx->wait_event.events & SUB_RETRY_RECV))
5621 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
5622 event_type &= ~SUB_RETRY_RECV;
5623 }
5624 if (event_type & SUB_RETRY_SEND) {
5625sw = param;
5626 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
5627 sw->events |= SUB_RETRY_SEND;
5628 ctx->send_wait = sw;
5629 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5630 !(ctx->wait_event.events & SUB_RETRY_SEND))
5631 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
5632 event_type &= ~SUB_RETRY_SEND;
5633
5634 }
5635 if (event_type != 0)
5636 return -1;
5637 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005638}
5639
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005640static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005641{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005642 struct wait_event *sw;
5643 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005644
Olivier Houchardea8dd942019-05-20 14:02:16 +02005645 if (event_type & SUB_RETRY_RECV) {
5646 sw = param;
5647 BUG_ON(ctx->recv_wait != sw);
5648 ctx->recv_wait = NULL;
5649 sw->events &= ~SUB_RETRY_RECV;
5650 /* If we subscribed, and we're not doing the handshake,
5651 * then we subscribed because the upper layer asked for it,
5652 * as the upper layer is no longer interested, we can
5653 * unsubscribe too.
5654 */
5655 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5656 (ctx->wait_event.events & SUB_RETRY_RECV))
5657 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
5658 &ctx->wait_event);
5659 }
5660 if (event_type & SUB_RETRY_SEND) {
5661 sw = param;
5662 BUG_ON(ctx->send_wait != sw);
5663 ctx->send_wait = NULL;
5664 sw->events &= ~SUB_RETRY_SEND;
5665 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5666 (ctx->wait_event.events & SUB_RETRY_SEND))
5667 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
5668 &ctx->wait_event);
5669
5670 }
5671
5672 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005673}
5674
Olivier Houchard2e055482019-05-27 19:50:12 +02005675/* Use the provided XPRT as an underlying XPRT, and provide the old one.
5676 * Returns 0 on success, and non-zero on failure.
5677 */
5678static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
5679{
5680 struct ssl_sock_ctx *ctx = xprt_ctx;
5681
5682 if (oldxprt_ops != NULL)
5683 *oldxprt_ops = ctx->xprt;
5684 if (oldxprt_ctx != NULL)
5685 *oldxprt_ctx = ctx->xprt_ctx;
5686 ctx->xprt = toadd_ops;
5687 ctx->xprt_ctx = toadd_ctx;
5688 return 0;
5689}
5690
Olivier Houchard5149b592019-05-23 17:47:36 +02005691/* Remove the specified xprt. If if it our underlying XPRT, remove it and
5692 * return 0, otherwise just call the remove_xprt method from the underlying
5693 * XPRT.
5694 */
5695static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
5696{
5697 struct ssl_sock_ctx *ctx = xprt_ctx;
5698
5699 if (ctx->xprt_ctx == toremove_ctx) {
5700 ctx->xprt_ctx = newctx;
5701 ctx->xprt = newops;
5702 return 0;
5703 }
5704 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
5705}
5706
Olivier Houchardea8dd942019-05-20 14:02:16 +02005707static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
5708{
5709 struct ssl_sock_ctx *ctx = context;
5710
5711 /* First if we're doing an handshake, try that */
5712 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
5713 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
5714 /* If we had an error, or the handshake is done and I/O is available,
5715 * let the upper layer know.
5716 * If no mux was set up yet, and nobody subscribed, then call
5717 * xprt_done_cb() ourself if it's set, or destroy the connection,
5718 * we can't be sure conn_fd_handler() will be called again.
5719 */
5720 if ((ctx->conn->flags & CO_FL_ERROR) ||
5721 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
5722 int ret = 0;
5723 int woke = 0;
5724
5725 /* On error, wake any waiter */
5726 if (ctx->recv_wait) {
5727 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005728 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005729 ctx->recv_wait = NULL;
5730 woke = 1;
5731 }
5732 if (ctx->send_wait) {
5733 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005734 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005735 ctx->send_wait = NULL;
5736 woke = 1;
5737 }
5738 /* If we're the first xprt for the connection, let the
5739 * upper layers know. If xprt_done_cb() is set, call it,
5740 * otherwise, we should have a mux, so call its wake
5741 * method if we didn't woke a tasklet already.
5742 */
5743 if (ctx->conn->xprt_ctx == ctx) {
5744 if (ctx->conn->xprt_done_cb)
5745 ret = ctx->conn->xprt_done_cb(ctx->conn);
5746 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
5747 ctx->conn->mux->wake(ctx->conn);
5748 return NULL;
5749 }
5750 }
5751 return NULL;
5752}
5753
Emeric Brun46591952012-05-18 15:47:34 +02005754/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005755 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005756 * buffer wraps, in which case a second call may be performed. The connection's
5757 * flags are updated with whatever special event is detected (error, read0,
5758 * empty). The caller is responsible for taking care of those events and
5759 * avoiding the call if inappropriate. The function does not call the
5760 * connection's polling update function, so the caller is responsible for this.
5761 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005762static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005763{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005764 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005765 ssize_t ret;
5766 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005767
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005768 conn_refresh_polling_flags(conn);
5769
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005770 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005771 goto out_error;
5772
5773 if (conn->flags & CO_FL_HANDSHAKE)
5774 /* a handshake was requested */
5775 return 0;
5776
Emeric Brun46591952012-05-18 15:47:34 +02005777 /* read the largest possible block. For this, we perform only one call
5778 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5779 * in which case we accept to do it once again. A new attempt is made on
5780 * EINTR too.
5781 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005782 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005783 int need_out = 0;
5784
Willy Tarreau591d4452018-06-15 17:21:00 +02005785 try = b_contig_space(buf);
5786 if (!try)
5787 break;
5788
Willy Tarreauabf08d92014-01-14 11:31:27 +01005789 if (try > count)
5790 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005791
Olivier Houchardc2aae742017-09-22 18:26:28 +02005792 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005793 ctx->tmp_early_data != -1) {
5794 *b_tail(buf) = ctx->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005795 done++;
5796 try--;
5797 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005798 b_add(buf, 1);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005799 ctx->tmp_early_data = -1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005800 continue;
5801 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005802
Willy Tarreau5db847a2019-05-09 14:13:35 +02005803#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005804 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5805 size_t read_length;
5806
Olivier Houchard66ab4982019-02-26 18:37:15 +01005807 ret = SSL_read_early_data(ctx->ssl,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005808 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005809 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5810 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005811 conn->flags |= CO_FL_EARLY_DATA;
5812 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5813 ret == SSL_READ_EARLY_DATA_FINISH) {
5814 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5815 /*
5816 * We're done reading the early data,
5817 * let's make the handshake
5818 */
5819 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5820 conn->flags |= CO_FL_SSL_WAIT_HS;
5821 need_out = 1;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005822 /* Now initiate the handshake */
5823 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005824 if (read_length == 0)
5825 break;
5826 }
5827 ret = read_length;
5828 }
5829 } else
5830#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01005831 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005832#ifdef OPENSSL_IS_BORINGSSL
5833 if (conn->flags & CO_FL_EARLY_SSL_HS) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005834 if (SSL_in_early_data(ctx->ssl)) {
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005835 if (ret > 0)
5836 conn->flags |= CO_FL_EARLY_DATA;
5837 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005838 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005839 }
5840 }
5841#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005842 if (conn->flags & CO_FL_ERROR) {
5843 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005844 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005845 }
Emeric Brun46591952012-05-18 15:47:34 +02005846 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005847 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005848 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005849 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005850 }
Emeric Brun46591952012-05-18 15:47:34 +02005851 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005852 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005853 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005854 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005855 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005856 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005857#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005858 /* Async mode can be re-enabled, because we're leaving data state.*/
5859 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005860 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005861#endif
Emeric Brun46591952012-05-18 15:47:34 +02005862 break;
5863 }
5864 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005865 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005866 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5867 SUB_RETRY_RECV,
5868 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01005869 /* handshake is running, and it may need to re-enable read */
5870 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005871#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005872 /* Async mode can be re-enabled, because we're leaving data state.*/
5873 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005874 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005875#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005876 break;
5877 }
Emeric Brun46591952012-05-18 15:47:34 +02005878 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005879 } else if (ret == SSL_ERROR_ZERO_RETURN)
5880 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005881 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5882 * stack before shutting down the connection for
5883 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005884 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5885 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005886 /* otherwise it's a real error */
5887 goto out_error;
5888 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005889 if (need_out)
5890 break;
Emeric Brun46591952012-05-18 15:47:34 +02005891 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005892 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005893 return done;
5894
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005895 clear_ssl_error:
5896 /* Clear openssl global errors stack */
5897 ssl_sock_dump_errors(conn);
5898 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005899 read0:
5900 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005901 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005902
Emeric Brun46591952012-05-18 15:47:34 +02005903 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005904 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005905 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005906 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005907 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005908 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005909}
5910
5911
Willy Tarreau787db9a2018-06-14 18:31:46 +02005912/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5913 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5914 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005915 * Only one call to send() is performed, unless the buffer wraps, in which case
5916 * a second call may be performed. The connection's flags are updated with
5917 * whatever special event is detected (error, empty). The caller is responsible
5918 * for taking care of those events and avoiding the call if inappropriate. The
5919 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005920 * is responsible for this. The buffer's output is not adjusted, it's up to the
5921 * caller to take care of this. It's up to the caller to update the buffer's
5922 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005923 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005924static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005925{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005926 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005927 ssize_t ret;
5928 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005929
5930 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005931 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005932
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005933 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005934 goto out_error;
5935
Olivier Houchard010941f2019-05-03 20:56:19 +02005936 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02005937 /* a handshake was requested */
5938 return 0;
5939
5940 /* send the largest possible block. For this we perform only one call
5941 * to send() unless the buffer wraps and we exactly fill the first hunk,
5942 * in which case we accept to do it once again.
5943 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005944 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02005945#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005946 size_t written_data;
5947#endif
5948
Willy Tarreau787db9a2018-06-14 18:31:46 +02005949 try = b_contig_data(buf, done);
5950 if (try > count)
5951 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005952
Willy Tarreau7bed9452014-02-02 02:00:24 +01005953 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005954 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005955 global_ssl.max_record && try > global_ssl.max_record) {
5956 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005957 }
5958 else {
5959 /* we need to keep the information about the fact that
5960 * we're not limiting the upcoming send(), because if it
5961 * fails, we'll have to retry with at least as many data.
5962 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005963 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005964 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005965
Willy Tarreau5db847a2019-05-09 14:13:35 +02005966#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02005967 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005968 unsigned int max_early;
5969
Olivier Houchard522eea72017-11-03 16:27:47 +01005970 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01005971 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01005972 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005973 if (SSL_get0_session(ctx->ssl))
5974 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01005975 else
5976 max_early = 0;
5977 }
5978
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005979 if (try + ctx->sent_early_data > max_early) {
5980 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005981 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02005982 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005983 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005984 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005985 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005986 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005987 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005988 if (ret == 1) {
5989 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005990 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005991 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005992 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02005993 /* Initiate the handshake, now */
5994 tasklet_wakeup(ctx->wait_event.tasklet);
5995 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005996
Olivier Houchardc2aae742017-09-22 18:26:28 +02005997 }
5998
5999 } else
6000#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006001 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006002
Emeric Brune1f38db2012-09-03 20:36:47 +02006003 if (conn->flags & CO_FL_ERROR) {
6004 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006005 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006006 }
Emeric Brun46591952012-05-18 15:47:34 +02006007 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006008 /* A send succeeded, so we can consier ourself connected */
6009 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006010 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006011 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006012 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006013 }
6014 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006015 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006016
Emeric Brun46591952012-05-18 15:47:34 +02006017 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006018 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006019 /* handshake is running, and it may need to re-enable write */
6020 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006021 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006022#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006023 /* Async mode can be re-enabled, because we're leaving data state.*/
6024 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006025 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006026#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006027 break;
6028 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006029
Emeric Brun46591952012-05-18 15:47:34 +02006030 break;
6031 }
6032 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006033 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006034 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006035 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6036 SUB_RETRY_RECV,
6037 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006038#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006039 /* Async mode can be re-enabled, because we're leaving data state.*/
6040 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006041 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006042#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006043 break;
6044 }
Emeric Brun46591952012-05-18 15:47:34 +02006045 goto out_error;
6046 }
6047 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006048 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006049 return done;
6050
6051 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006052 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006053 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006054 ERR_clear_error();
6055
Emeric Brun46591952012-05-18 15:47:34 +02006056 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006057 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006058}
6059
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006060static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006061
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006062 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006063
Olivier Houchardea8dd942019-05-20 14:02:16 +02006064
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006065 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006066 if (ctx->wait_event.events != 0)
6067 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6068 ctx->wait_event.events,
6069 &ctx->wait_event);
6070 if (ctx->send_wait) {
6071 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006072 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006073 }
6074 if (ctx->recv_wait) {
6075 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006076 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006077 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006078 if (ctx->xprt->close)
6079 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006080#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006081 if (global_ssl.async) {
6082 OSSL_ASYNC_FD all_fd[32], afd;
6083 size_t num_all_fds = 0;
6084 int i;
6085
Olivier Houchard66ab4982019-02-26 18:37:15 +01006086 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006087 if (num_all_fds > 32) {
6088 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6089 return;
6090 }
6091
Olivier Houchard66ab4982019-02-26 18:37:15 +01006092 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006093
6094 /* If an async job is pending, we must try to
6095 to catch the end using polling before calling
6096 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006097 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006098 for (i=0 ; i < num_all_fds ; i++) {
6099 /* switch on an handler designed to
6100 * handle the SSL_free
6101 */
6102 afd = all_fd[i];
6103 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006104 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006105 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006106 /* To ensure that the fd cache won't be used
6107 * and we'll catch a real RD event.
6108 */
6109 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006110 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006111 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006112 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006113 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006114 return;
6115 }
Emeric Brun3854e012017-05-17 20:42:48 +02006116 /* Else we can remove the fds from the fdtab
6117 * and call SSL_free.
6118 * note: we do a fd_remove and not a delete
6119 * because the fd is owned by the engine.
6120 * the engine is responsible to close
6121 */
6122 for (i=0 ; i < num_all_fds ; i++)
6123 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006124 }
6125#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006126 SSL_free(ctx->ssl);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006127 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006128 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006129 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006130 }
Emeric Brun46591952012-05-18 15:47:34 +02006131}
6132
6133/* This function tries to perform a clean shutdown on an SSL connection, and in
6134 * any case, flags the connection as reusable if no handshake was in progress.
6135 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006136static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006137{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006138 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006139
Emeric Brun46591952012-05-18 15:47:34 +02006140 if (conn->flags & CO_FL_HANDSHAKE)
6141 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006142 if (!clean)
6143 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006144 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006145 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006146 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006147 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006148 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006149 ERR_clear_error();
6150 }
Emeric Brun46591952012-05-18 15:47:34 +02006151}
6152
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006153/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006154int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006155{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006156 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006157 struct pkey_info *pkinfo;
6158 int bits = 0;
6159 int sig = TLSEXT_signature_anonymous;
6160 int len = -1;
6161
6162 if (!ssl_sock_is_ssl(conn))
6163 return 0;
6164
Olivier Houchard66ab4982019-02-26 18:37:15 +01006165 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006166 if (pkinfo) {
6167 sig = pkinfo->sig;
6168 bits = pkinfo->bits;
6169 } else {
6170 /* multicert and generated cert have no pkey info */
6171 X509 *crt;
6172 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006173 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006174 if (!crt)
6175 return 0;
6176 pkey = X509_get_pubkey(crt);
6177 if (pkey) {
6178 bits = EVP_PKEY_bits(pkey);
6179 switch(EVP_PKEY_base_id(pkey)) {
6180 case EVP_PKEY_RSA:
6181 sig = TLSEXT_signature_rsa;
6182 break;
6183 case EVP_PKEY_EC:
6184 sig = TLSEXT_signature_ecdsa;
6185 break;
6186 case EVP_PKEY_DSA:
6187 sig = TLSEXT_signature_dsa;
6188 break;
6189 }
6190 EVP_PKEY_free(pkey);
6191 }
6192 }
6193
6194 switch(sig) {
6195 case TLSEXT_signature_rsa:
6196 len = chunk_printf(out, "RSA%d", bits);
6197 break;
6198 case TLSEXT_signature_ecdsa:
6199 len = chunk_printf(out, "EC%d", bits);
6200 break;
6201 case TLSEXT_signature_dsa:
6202 len = chunk_printf(out, "DSA%d", bits);
6203 break;
6204 default:
6205 return 0;
6206 }
6207 if (len < 0)
6208 return 0;
6209 return 1;
6210}
6211
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006212/* used for ppv2 cert signature (can be used for logging) */
6213const char *ssl_sock_get_cert_sig(struct connection *conn)
6214{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006215 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6216
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006217 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6218 X509 *crt;
6219
6220 if (!ssl_sock_is_ssl(conn))
6221 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006222 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006223 if (!crt)
6224 return NULL;
6225 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6226 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6227}
6228
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006229/* used for ppv2 authority */
6230const char *ssl_sock_get_sni(struct connection *conn)
6231{
6232#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Olivier Houchard66ab4982019-02-26 18:37:15 +01006233 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6234
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006235 if (!ssl_sock_is_ssl(conn))
6236 return NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006237 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006238#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006239 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006240#endif
6241}
6242
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006243/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006244const char *ssl_sock_get_cipher_name(struct connection *conn)
6245{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006246 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6247
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006248 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006249 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006250
Olivier Houchard66ab4982019-02-26 18:37:15 +01006251 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006252}
6253
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006254/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006255const char *ssl_sock_get_proto_version(struct connection *conn)
6256{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006257 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6258
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006259 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006260 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006261
Olivier Houchard66ab4982019-02-26 18:37:15 +01006262 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006263}
6264
Willy Tarreau8d598402012-10-22 17:58:39 +02006265/* Extract a serial from a cert, and copy it to a chunk.
6266 * Returns 1 if serial is found and copied, 0 if no serial found and
6267 * -1 if output is not large enough.
6268 */
6269static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006270ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006271{
6272 ASN1_INTEGER *serial;
6273
6274 serial = X509_get_serialNumber(crt);
6275 if (!serial)
6276 return 0;
6277
6278 if (out->size < serial->length)
6279 return -1;
6280
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006281 memcpy(out->area, serial->data, serial->length);
6282 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006283 return 1;
6284}
6285
Emeric Brun43e79582014-10-29 19:03:26 +01006286/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006287 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6288 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006289 */
6290static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006291ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006292{
6293 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006294 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006295
6296 len =i2d_X509(crt, NULL);
6297 if (len <= 0)
6298 return 1;
6299
6300 if (out->size < len)
6301 return -1;
6302
6303 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006304 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006305 return 1;
6306}
6307
Emeric Brunce5ad802012-10-22 14:11:22 +02006308
Willy Tarreau83061a82018-07-13 11:56:34 +02006309/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006310 * Returns 1 if serial is found and copied, 0 if no valid time found
6311 * and -1 if output is not large enough.
6312 */
6313static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006314ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006315{
6316 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6317 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6318
6319 if (gentm->length < 12)
6320 return 0;
6321 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6322 return 0;
6323 if (out->size < gentm->length-2)
6324 return -1;
6325
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006326 memcpy(out->area, gentm->data+2, gentm->length-2);
6327 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006328 return 1;
6329 }
6330 else if (tm->type == V_ASN1_UTCTIME) {
6331 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6332
6333 if (utctm->length < 10)
6334 return 0;
6335 if (utctm->data[0] >= 0x35)
6336 return 0;
6337 if (out->size < utctm->length)
6338 return -1;
6339
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006340 memcpy(out->area, utctm->data, utctm->length);
6341 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006342 return 1;
6343 }
6344
6345 return 0;
6346}
6347
Emeric Brun87855892012-10-17 17:39:35 +02006348/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6349 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6350 */
6351static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006352ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6353 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006354{
6355 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006356 ASN1_OBJECT *obj;
6357 ASN1_STRING *data;
6358 const unsigned char *data_ptr;
6359 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006360 int i, j, n;
6361 int cur = 0;
6362 const char *s;
6363 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006364 int name_count;
6365
6366 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006367
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006368 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006369 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006370 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006371 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006372 else
6373 j = i;
6374
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006375 ne = X509_NAME_get_entry(a, j);
6376 obj = X509_NAME_ENTRY_get_object(ne);
6377 data = X509_NAME_ENTRY_get_data(ne);
6378 data_ptr = ASN1_STRING_get0_data(data);
6379 data_len = ASN1_STRING_length(data);
6380 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006381 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006382 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006383 s = tmp;
6384 }
6385
6386 if (chunk_strcasecmp(entry, s) != 0)
6387 continue;
6388
6389 if (pos < 0)
6390 cur--;
6391 else
6392 cur++;
6393
6394 if (cur != pos)
6395 continue;
6396
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006397 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006398 return -1;
6399
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006400 memcpy(out->area, data_ptr, data_len);
6401 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006402 return 1;
6403 }
6404
6405 return 0;
6406
6407}
6408
6409/* Extract and format full DN from a X509_NAME and copy result into a chunk
6410 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6411 */
6412static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006413ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006414{
6415 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006416 ASN1_OBJECT *obj;
6417 ASN1_STRING *data;
6418 const unsigned char *data_ptr;
6419 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006420 int i, n, ln;
6421 int l = 0;
6422 const char *s;
6423 char *p;
6424 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006425 int name_count;
6426
6427
6428 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006429
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006430 out->data = 0;
6431 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006432 for (i = 0; i < name_count; i++) {
6433 ne = X509_NAME_get_entry(a, i);
6434 obj = X509_NAME_ENTRY_get_object(ne);
6435 data = X509_NAME_ENTRY_get_data(ne);
6436 data_ptr = ASN1_STRING_get0_data(data);
6437 data_len = ASN1_STRING_length(data);
6438 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006439 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006440 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006441 s = tmp;
6442 }
6443 ln = strlen(s);
6444
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006445 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006446 if (l > out->size)
6447 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006448 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006449
6450 *(p++)='/';
6451 memcpy(p, s, ln);
6452 p += ln;
6453 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006454 memcpy(p, data_ptr, data_len);
6455 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006456 }
6457
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006458 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006459 return 0;
6460
6461 return 1;
6462}
6463
Olivier Houchardab28a322018-12-21 19:45:40 +01006464void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6465{
6466#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006467 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6468
Olivier Houcharde488ea82019-06-28 14:10:33 +02006469 if (!ssl_sock_is_ssl(conn))
6470 return;
6471
Olivier Houchard66ab4982019-02-26 18:37:15 +01006472 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006473#endif
6474}
6475
Willy Tarreau119a4082016-12-22 21:58:38 +01006476/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6477 * to disable SNI.
6478 */
Willy Tarreau63076412015-07-10 11:33:32 +02006479void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6480{
6481#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Olivier Houchard66ab4982019-02-26 18:37:15 +01006482 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6483
Willy Tarreau119a4082016-12-22 21:58:38 +01006484 char *prev_name;
6485
Willy Tarreau63076412015-07-10 11:33:32 +02006486 if (!ssl_sock_is_ssl(conn))
6487 return;
6488
Willy Tarreau119a4082016-12-22 21:58:38 +01006489 /* if the SNI changes, we must destroy the reusable context so that a
6490 * new connection will present a new SNI. As an optimization we could
6491 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6492 * server.
6493 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006494 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006495 if ((!prev_name && hostname) ||
6496 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006497 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006498
Olivier Houchard66ab4982019-02-26 18:37:15 +01006499 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006500#endif
6501}
6502
Emeric Brun0abf8362014-06-24 18:26:41 +02006503/* Extract peer certificate's common name into the chunk dest
6504 * Returns
6505 * the len of the extracted common name
6506 * or 0 if no CN found in DN
6507 * or -1 on error case (i.e. no peer certificate)
6508 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006509int ssl_sock_get_remote_common_name(struct connection *conn,
6510 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006511{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006512 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006513 X509 *crt = NULL;
6514 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006515 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006516 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006517 .area = (char *)&find_cn,
6518 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006519 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006520 int result = -1;
David Safb76832014-05-08 23:42:08 -04006521
6522 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006523 goto out;
David Safb76832014-05-08 23:42:08 -04006524
6525 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006526 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006527 if (!crt)
6528 goto out;
6529
6530 name = X509_get_subject_name(crt);
6531 if (!name)
6532 goto out;
David Safb76832014-05-08 23:42:08 -04006533
Emeric Brun0abf8362014-06-24 18:26:41 +02006534 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6535out:
David Safb76832014-05-08 23:42:08 -04006536 if (crt)
6537 X509_free(crt);
6538
6539 return result;
6540}
6541
Dave McCowan328fb582014-07-30 10:39:13 -04006542/* returns 1 if client passed a certificate for this session, 0 if not */
6543int ssl_sock_get_cert_used_sess(struct connection *conn)
6544{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006545 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006546 X509 *crt = NULL;
6547
6548 if (!ssl_sock_is_ssl(conn))
6549 return 0;
6550
6551 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006552 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006553 if (!crt)
6554 return 0;
6555
6556 X509_free(crt);
6557 return 1;
6558}
6559
6560/* returns 1 if client passed a certificate for this connection, 0 if not */
6561int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006562{
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006563 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6564
David Safb76832014-05-08 23:42:08 -04006565 if (!ssl_sock_is_ssl(conn))
6566 return 0;
6567
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006568 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006569}
6570
6571/* returns result from SSL verify */
6572unsigned int ssl_sock_get_verify_result(struct connection *conn)
6573{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006574 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6575
David Safb76832014-05-08 23:42:08 -04006576 if (!ssl_sock_is_ssl(conn))
6577 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6578
Olivier Houchard66ab4982019-02-26 18:37:15 +01006579 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006580}
6581
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006582/* Returns the application layer protocol name in <str> and <len> when known.
6583 * Zero is returned if the protocol name was not found, otherwise non-zero is
6584 * returned. The string is allocated in the SSL context and doesn't have to be
6585 * freed by the caller. NPN is also checked if available since older versions
6586 * of openssl (1.0.1) which are more common in field only support this one.
6587 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006588static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006589{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006590#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6591 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006592 struct ssl_sock_ctx *ctx = xprt_ctx;
6593 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006594 return 0;
6595
6596 *str = NULL;
6597
6598#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006599 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006600 if (*str)
6601 return 1;
6602#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006603#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006604 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006605 if (*str)
6606 return 1;
6607#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006608#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006609 return 0;
6610}
6611
Willy Tarreau7875d092012-09-10 08:20:03 +02006612/***** Below are some sample fetching functions for ACL/patterns *****/
6613
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006614static int
6615smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6616{
6617 struct connection *conn;
6618
6619 conn = objt_conn(smp->sess->origin);
6620 if (!conn || conn->xprt != &ssl_sock)
6621 return 0;
6622
6623 smp->flags = 0;
6624 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006625 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6626 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006627
6628 return 1;
6629}
6630
Emeric Brune64aef12012-09-21 13:15:06 +02006631/* boolean, returns true if client cert was present */
6632static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006633smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006634{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006635 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006636 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006637
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006638 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006639 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006640 return 0;
6641
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006642 ctx = conn->xprt_ctx;
6643
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006644 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006645 smp->flags |= SMP_F_MAY_CHANGE;
6646 return 0;
6647 }
6648
6649 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006650 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006651 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006652
6653 return 1;
6654}
6655
Emeric Brun43e79582014-10-29 19:03:26 +01006656/* binary, returns a certificate in a binary chunk (der/raw).
6657 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6658 * should be use.
6659 */
6660static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006661smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006662{
6663 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6664 X509 *crt = NULL;
6665 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006666 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006667 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006668 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006669
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006670 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006671 if (!conn || conn->xprt != &ssl_sock)
6672 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006673 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006674
6675 if (!(conn->flags & CO_FL_CONNECTED)) {
6676 smp->flags |= SMP_F_MAY_CHANGE;
6677 return 0;
6678 }
6679
6680 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006681 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006682 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006683 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006684
6685 if (!crt)
6686 goto out;
6687
6688 smp_trash = get_trash_chunk();
6689 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6690 goto out;
6691
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006692 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006693 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006694 ret = 1;
6695out:
6696 /* SSL_get_peer_certificate, it increase X509 * ref count */
6697 if (cert_peer && crt)
6698 X509_free(crt);
6699 return ret;
6700}
6701
Emeric Brunba841a12014-04-30 17:05:08 +02006702/* binary, returns serial of certificate in a binary chunk.
6703 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6704 * should be use.
6705 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006706static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006707smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006708{
Emeric Brunba841a12014-04-30 17:05:08 +02006709 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006710 X509 *crt = NULL;
6711 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006712 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006713 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006714 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006715
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006716 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006717 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006718 return 0;
6719
Olivier Houchard66ab4982019-02-26 18:37:15 +01006720 ctx = conn->xprt_ctx;
6721
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006722 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006723 smp->flags |= SMP_F_MAY_CHANGE;
6724 return 0;
6725 }
6726
Emeric Brunba841a12014-04-30 17:05:08 +02006727 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006728 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006729 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006730 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006731
Willy Tarreau8d598402012-10-22 17:58:39 +02006732 if (!crt)
6733 goto out;
6734
Willy Tarreau47ca5452012-12-23 20:22:19 +01006735 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006736 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6737 goto out;
6738
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006739 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006740 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006741 ret = 1;
6742out:
Emeric Brunba841a12014-04-30 17:05:08 +02006743 /* SSL_get_peer_certificate, it increase X509 * ref count */
6744 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006745 X509_free(crt);
6746 return ret;
6747}
Emeric Brune64aef12012-09-21 13:15:06 +02006748
Emeric Brunba841a12014-04-30 17:05:08 +02006749/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6750 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6751 * should be use.
6752 */
James Votha051b4a2013-05-14 20:37:59 +02006753static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006754smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006755{
Emeric Brunba841a12014-04-30 17:05:08 +02006756 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006757 X509 *crt = NULL;
6758 const EVP_MD *digest;
6759 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006760 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006761 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006762 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006763
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006764 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006765 if (!conn || conn->xprt != &ssl_sock)
6766 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006767 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006768
6769 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006770 smp->flags |= SMP_F_MAY_CHANGE;
6771 return 0;
6772 }
6773
Emeric Brunba841a12014-04-30 17:05:08 +02006774 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006775 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006776 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006777 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006778 if (!crt)
6779 goto out;
6780
6781 smp_trash = get_trash_chunk();
6782 digest = EVP_sha1();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006783 X509_digest(crt, digest, (unsigned char *) smp_trash->area,
6784 (unsigned int *)&smp_trash->data);
James Votha051b4a2013-05-14 20:37:59 +02006785
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006786 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006787 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006788 ret = 1;
6789out:
Emeric Brunba841a12014-04-30 17:05:08 +02006790 /* SSL_get_peer_certificate, it increase X509 * ref count */
6791 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006792 X509_free(crt);
6793 return ret;
6794}
6795
Emeric Brunba841a12014-04-30 17:05:08 +02006796/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6797 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6798 * should be use.
6799 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006800static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006801smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006802{
Emeric Brunba841a12014-04-30 17:05:08 +02006803 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006804 X509 *crt = NULL;
6805 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006806 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006807 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006808 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006809
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006810 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006811 if (!conn || conn->xprt != &ssl_sock)
6812 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006813 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006814
6815 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006816 smp->flags |= SMP_F_MAY_CHANGE;
6817 return 0;
6818 }
6819
Emeric Brunba841a12014-04-30 17:05:08 +02006820 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006821 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006822 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006823 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006824 if (!crt)
6825 goto out;
6826
Willy Tarreau47ca5452012-12-23 20:22:19 +01006827 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006828 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006829 goto out;
6830
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006831 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006832 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006833 ret = 1;
6834out:
Emeric Brunba841a12014-04-30 17:05:08 +02006835 /* SSL_get_peer_certificate, it increase X509 * ref count */
6836 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006837 X509_free(crt);
6838 return ret;
6839}
6840
Emeric Brunba841a12014-04-30 17:05:08 +02006841/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6842 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6843 * should be use.
6844 */
Emeric Brun87855892012-10-17 17:39:35 +02006845static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006846smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006847{
Emeric Brunba841a12014-04-30 17:05:08 +02006848 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006849 X509 *crt = NULL;
6850 X509_NAME *name;
6851 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006852 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006853 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006854 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006855
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006856 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006857 if (!conn || conn->xprt != &ssl_sock)
6858 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006859 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006860
6861 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006862 smp->flags |= SMP_F_MAY_CHANGE;
6863 return 0;
6864 }
6865
Emeric Brunba841a12014-04-30 17:05:08 +02006866 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006867 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006868 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006869 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006870 if (!crt)
6871 goto out;
6872
6873 name = X509_get_issuer_name(crt);
6874 if (!name)
6875 goto out;
6876
Willy Tarreau47ca5452012-12-23 20:22:19 +01006877 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006878 if (args && args[0].type == ARGT_STR) {
6879 int pos = 1;
6880
6881 if (args[1].type == ARGT_SINT)
6882 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006883
6884 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6885 goto out;
6886 }
6887 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6888 goto out;
6889
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006890 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006891 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006892 ret = 1;
6893out:
Emeric Brunba841a12014-04-30 17:05:08 +02006894 /* SSL_get_peer_certificate, it increase X509 * ref count */
6895 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006896 X509_free(crt);
6897 return ret;
6898}
6899
Emeric Brunba841a12014-04-30 17:05:08 +02006900/* string, returns notbefore date in ASN1_UTCTIME format.
6901 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6902 * should be use.
6903 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006904static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006905smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006906{
Emeric Brunba841a12014-04-30 17:05:08 +02006907 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006908 X509 *crt = NULL;
6909 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006910 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006911 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006912 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006913
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006914 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006915 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006916 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006917 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006918
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006919 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006920 smp->flags |= SMP_F_MAY_CHANGE;
6921 return 0;
6922 }
6923
Emeric Brunba841a12014-04-30 17:05:08 +02006924 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006925 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006926 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006927 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006928 if (!crt)
6929 goto out;
6930
Willy Tarreau47ca5452012-12-23 20:22:19 +01006931 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006932 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006933 goto out;
6934
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006935 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006936 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006937 ret = 1;
6938out:
Emeric Brunba841a12014-04-30 17:05:08 +02006939 /* SSL_get_peer_certificate, it increase X509 * ref count */
6940 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006941 X509_free(crt);
6942 return ret;
6943}
6944
Emeric Brunba841a12014-04-30 17:05:08 +02006945/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6946 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6947 * should be use.
6948 */
Emeric Brun87855892012-10-17 17:39:35 +02006949static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006950smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006951{
Emeric Brunba841a12014-04-30 17:05:08 +02006952 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006953 X509 *crt = NULL;
6954 X509_NAME *name;
6955 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006956 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006957 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006958 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006959
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006960 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006961 if (!conn || conn->xprt != &ssl_sock)
6962 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006963 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006964
6965 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006966 smp->flags |= SMP_F_MAY_CHANGE;
6967 return 0;
6968 }
6969
Emeric Brunba841a12014-04-30 17:05:08 +02006970 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006971 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006972 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006973 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006974 if (!crt)
6975 goto out;
6976
6977 name = X509_get_subject_name(crt);
6978 if (!name)
6979 goto out;
6980
Willy Tarreau47ca5452012-12-23 20:22:19 +01006981 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006982 if (args && args[0].type == ARGT_STR) {
6983 int pos = 1;
6984
6985 if (args[1].type == ARGT_SINT)
6986 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006987
6988 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6989 goto out;
6990 }
6991 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6992 goto out;
6993
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006994 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006995 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006996 ret = 1;
6997out:
Emeric Brunba841a12014-04-30 17:05:08 +02006998 /* SSL_get_peer_certificate, it increase X509 * ref count */
6999 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007000 X509_free(crt);
7001 return ret;
7002}
Emeric Brun9143d372012-12-20 15:44:16 +01007003
7004/* integer, returns true if current session use a client certificate */
7005static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007006smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007007{
7008 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007009 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007010 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007011
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007012 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007013 if (!conn || conn->xprt != &ssl_sock)
7014 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007015 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007016
7017 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007018 smp->flags |= SMP_F_MAY_CHANGE;
7019 return 0;
7020 }
7021
7022 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007023 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007024 if (crt) {
7025 X509_free(crt);
7026 }
7027
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007028 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007029 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007030 return 1;
7031}
7032
Emeric Brunba841a12014-04-30 17:05:08 +02007033/* integer, returns the certificate version
7034 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7035 * should be use.
7036 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007037static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007038smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007039{
Emeric Brunba841a12014-04-30 17:05:08 +02007040 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007041 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007042 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007043 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007044
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007045 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007046 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007047 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007048 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007049
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007050 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007051 smp->flags |= SMP_F_MAY_CHANGE;
7052 return 0;
7053 }
7054
Emeric Brunba841a12014-04-30 17:05:08 +02007055 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007056 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007057 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007058 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007059 if (!crt)
7060 return 0;
7061
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007062 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007063 /* SSL_get_peer_certificate increase X509 * ref count */
7064 if (cert_peer)
7065 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007066 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007067
7068 return 1;
7069}
7070
Emeric Brunba841a12014-04-30 17:05:08 +02007071/* string, returns the certificate's signature algorithm.
7072 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7073 * should be use.
7074 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007075static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007076smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007077{
Emeric Brunba841a12014-04-30 17:05:08 +02007078 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007079 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007080 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007081 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007082 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007083 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007084
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007085 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007086 if (!conn || conn->xprt != &ssl_sock)
7087 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007088 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007089
7090 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007091 smp->flags |= SMP_F_MAY_CHANGE;
7092 return 0;
7093 }
7094
Emeric Brunba841a12014-04-30 17:05:08 +02007095 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007096 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007097 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007098 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007099 if (!crt)
7100 return 0;
7101
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007102 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7103 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007104
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007105 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7106 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007107 /* SSL_get_peer_certificate increase X509 * ref count */
7108 if (cert_peer)
7109 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007110 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007111 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007112
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007113 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007114 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007115 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007116 /* SSL_get_peer_certificate increase X509 * ref count */
7117 if (cert_peer)
7118 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007119
7120 return 1;
7121}
7122
Emeric Brunba841a12014-04-30 17:05:08 +02007123/* string, returns the certificate's key algorithm.
7124 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7125 * should be use.
7126 */
Emeric Brun521a0112012-10-22 12:22:55 +02007127static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007128smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007129{
Emeric Brunba841a12014-04-30 17:05:08 +02007130 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007131 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007132 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007133 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007134 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007135 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007136
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007137 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007138 if (!conn || conn->xprt != &ssl_sock)
7139 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007140 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007141
7142 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007143 smp->flags |= SMP_F_MAY_CHANGE;
7144 return 0;
7145 }
7146
Emeric Brunba841a12014-04-30 17:05:08 +02007147 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007148 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007149 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007150 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007151 if (!crt)
7152 return 0;
7153
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007154 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7155 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007156
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007157 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7158 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007159 /* SSL_get_peer_certificate increase X509 * ref count */
7160 if (cert_peer)
7161 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007162 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007163 }
Emeric Brun521a0112012-10-22 12:22:55 +02007164
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007165 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007166 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007167 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007168 if (cert_peer)
7169 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007170
7171 return 1;
7172}
7173
Emeric Brun645ae792014-04-30 14:21:06 +02007174/* boolean, returns true if front conn. transport layer is SSL.
7175 * This function is also usable on backend conn if the fetch keyword 5th
7176 * char is 'b'.
7177 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007178static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007179smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007180{
Emeric Bruneb8def92018-02-19 15:59:48 +01007181 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7182 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007183
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007184 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007185 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007186 return 1;
7187}
7188
Emeric Brun2525b6b2012-10-18 15:59:43 +02007189/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007190static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007191smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007192{
7193#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007194 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007195 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007196
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007197 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007198 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007199 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007200 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007201 return 1;
7202#else
7203 return 0;
7204#endif
7205}
7206
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007207/* boolean, returns true if client session has been resumed.
7208 * This function is also usable on backend conn if the fetch keyword 5th
7209 * char is 'b'.
7210 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007211static int
7212smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7213{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007214 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7215 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007216 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007217
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007218
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007219 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007220 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007221 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007222 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007223 return 1;
7224}
7225
Emeric Brun645ae792014-04-30 14:21:06 +02007226/* string, returns the used cipher if front conn. transport layer is SSL.
7227 * This function is also usable on backend conn if the fetch keyword 5th
7228 * char is 'b'.
7229 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007230static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007231smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007232{
Emeric Bruneb8def92018-02-19 15:59:48 +01007233 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7234 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007235 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007236
Willy Tarreaube508f12016-03-10 11:47:01 +01007237 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007238 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007239 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007240 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007241
Olivier Houchard66ab4982019-02-26 18:37:15 +01007242 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007243 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007244 return 0;
7245
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007246 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007247 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007248 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007249
7250 return 1;
7251}
7252
Emeric Brun645ae792014-04-30 14:21:06 +02007253/* integer, returns the algoritm's keysize if front conn. transport layer
7254 * is SSL.
7255 * This function is also usable on backend conn if the fetch keyword 5th
7256 * char is 'b'.
7257 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007258static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007259smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007260{
Emeric Bruneb8def92018-02-19 15:59:48 +01007261 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7262 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007263 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007264 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007265
Emeric Brun589fcad2012-10-16 14:13:26 +02007266 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007267 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007268 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007269 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007270
Olivier Houchard66ab4982019-02-26 18:37:15 +01007271 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007272 return 0;
7273
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007274 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007275 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007276
7277 return 1;
7278}
7279
Emeric Brun645ae792014-04-30 14:21:06 +02007280/* integer, returns the used keysize if front conn. transport layer is SSL.
7281 * This function is also usable on backend conn if the fetch keyword 5th
7282 * char is 'b'.
7283 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007284static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007285smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007286{
Emeric Bruneb8def92018-02-19 15:59:48 +01007287 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7288 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007289 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007290
Emeric Brun589fcad2012-10-16 14:13:26 +02007291 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007292 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7293 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007294 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007295
Olivier Houchard66ab4982019-02-26 18:37:15 +01007296 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007297 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007298 return 0;
7299
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007300 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007301
7302 return 1;
7303}
7304
Bernard Spil13c53f82018-02-15 13:34:58 +01007305#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007306static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007307smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007308{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007309 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007310 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007311
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007312 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007313 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007314
Olivier Houchard6b77f492018-11-22 18:18:29 +01007315 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7316 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007317 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7318 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007319 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007320
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007321 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007322 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007323 (const unsigned char **)&smp->data.u.str.area,
7324 (unsigned *)&smp->data.u.str.data);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007325
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007326 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007327 return 0;
7328
7329 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007330}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007331#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007332
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007333#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007334static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007335smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007336{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007337 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007338 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007339
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007340 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007341 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007342
Olivier Houchard6b77f492018-11-22 18:18:29 +01007343 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7344 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7345
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007346 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007347 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007348 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007349
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007350 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007351 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007352 (const unsigned char **)&smp->data.u.str.area,
7353 (unsigned *)&smp->data.u.str.data);
Willy Tarreauab861d32013-04-02 02:30:41 +02007354
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007355 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007356 return 0;
7357
7358 return 1;
7359}
7360#endif
7361
Emeric Brun645ae792014-04-30 14:21:06 +02007362/* string, returns the used protocol if front conn. transport layer is SSL.
7363 * This function is also usable on backend conn if the fetch keyword 5th
7364 * char is 'b'.
7365 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007366static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007367smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007368{
Emeric Bruneb8def92018-02-19 15:59:48 +01007369 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7370 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007371 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007372
Emeric Brun589fcad2012-10-16 14:13:26 +02007373 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007374 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7375 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007376 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007377
Olivier Houchard66ab4982019-02-26 18:37:15 +01007378 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007379 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007380 return 0;
7381
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007382 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007383 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007384 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007385
7386 return 1;
7387}
7388
Willy Tarreau87b09662015-04-03 00:22:06 +02007389/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007390 * This function is also usable on backend conn if the fetch keyword 5th
7391 * char is 'b'.
7392 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007393#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007394static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007395smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007396{
Emeric Bruneb8def92018-02-19 15:59:48 +01007397 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7398 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007399 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007400 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007401
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007402 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007403 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007404
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007405 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7406 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007407 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007408
Olivier Houchard66ab4982019-02-26 18:37:15 +01007409 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007410 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007411 return 0;
7412
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007413 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess,
7414 (unsigned int *)&smp->data.u.str.data);
7415 if (!smp->data.u.str.area || !smp->data.u.str.data)
Emeric Brunfe68f682012-10-16 14:59:28 +02007416 return 0;
7417
7418 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007419}
Patrick Hemmer41966772018-04-28 19:15:48 -04007420#endif
7421
Emeric Brunfe68f682012-10-16 14:59:28 +02007422
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007423#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007424static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007425smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7426{
7427 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7428 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7429 struct buffer *data;
7430 struct ssl_sock_ctx *ctx;
7431
7432 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7433 return 0;
7434 ctx = conn->xprt_ctx;
7435
7436 data = get_trash_chunk();
7437 if (kw[7] == 'c')
7438 data->data = SSL_get_client_random(ctx->ssl,
7439 (unsigned char *) data->area,
7440 data->size);
7441 else
7442 data->data = SSL_get_server_random(ctx->ssl,
7443 (unsigned char *) data->area,
7444 data->size);
7445 if (!data->data)
7446 return 0;
7447
7448 smp->flags = 0;
7449 smp->data.type = SMP_T_BIN;
7450 smp->data.u.str = *data;
7451
7452 return 1;
7453}
7454
7455static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007456smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7457{
7458 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7459 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7460 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007461 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007462 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007463
7464 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7465 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007466 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007467
Olivier Houchard66ab4982019-02-26 18:37:15 +01007468 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007469 if (!ssl_sess)
7470 return 0;
7471
7472 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007473 data->data = SSL_SESSION_get_master_key(ssl_sess,
7474 (unsigned char *) data->area,
7475 data->size);
7476 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007477 return 0;
7478
7479 smp->flags = 0;
7480 smp->data.type = SMP_T_BIN;
7481 smp->data.u.str = *data;
7482
7483 return 1;
7484}
7485#endif
7486
Patrick Hemmer41966772018-04-28 19:15:48 -04007487#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007488static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007489smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007490{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007491 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007492 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007493
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007494 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007495 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007496
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007497 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007498 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7499 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007500 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007501
Olivier Houchard66ab4982019-02-26 18:37:15 +01007502 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007503 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007504 return 0;
7505
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007506 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007507 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007508}
Patrick Hemmer41966772018-04-28 19:15:48 -04007509#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007510
David Sc1ad52e2014-04-08 18:48:47 -04007511static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007512smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7513{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007514 struct connection *conn;
7515 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007516 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007517
7518 conn = objt_conn(smp->sess->origin);
7519 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7520 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007521 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007522
Olivier Houchard66ab4982019-02-26 18:37:15 +01007523 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007524 if (!capture)
7525 return 0;
7526
7527 smp->flags = SMP_F_CONST;
7528 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007529 smp->data.u.str.area = capture->ciphersuite;
7530 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007531 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007532}
7533
7534static int
7535smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7536{
Willy Tarreau83061a82018-07-13 11:56:34 +02007537 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007538
7539 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7540 return 0;
7541
7542 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007543 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007544 smp->data.type = SMP_T_BIN;
7545 smp->data.u.str = *data;
7546 return 1;
7547}
7548
7549static int
7550smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7551{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007552 struct connection *conn;
7553 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007554 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007555
7556 conn = objt_conn(smp->sess->origin);
7557 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7558 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007559 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007560
Olivier Houchard66ab4982019-02-26 18:37:15 +01007561 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007562 if (!capture)
7563 return 0;
7564
7565 smp->data.type = SMP_T_SINT;
7566 smp->data.u.sint = capture->xxh64;
7567 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007568}
7569
7570static int
7571smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7572{
Willy Tarreau5db847a2019-05-09 14:13:35 +02007573#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02007574 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007575 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007576
7577 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7578 return 0;
7579
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007580 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007581 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007582 const char *str;
7583 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007584 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007585 uint16_t id = (bin[0] << 8) | bin[1];
7586#if defined(OPENSSL_IS_BORINGSSL)
7587 cipher = SSL_get_cipher_by_value(id);
7588#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007589 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007590 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7591 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007592#endif
7593 str = SSL_CIPHER_get_name(cipher);
7594 if (!str || strcmp(str, "(NONE)") == 0)
7595 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007596 else
7597 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7598 }
7599 smp->data.type = SMP_T_STR;
7600 smp->data.u.str = *data;
7601 return 1;
7602#else
7603 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7604#endif
7605}
7606
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007607#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007608static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007609smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007610{
Emeric Bruneb8def92018-02-19 15:59:48 +01007611 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7612 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007613 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007614 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007615 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007616
7617 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007618 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7619 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007620 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007621
7622 if (!(conn->flags & CO_FL_CONNECTED)) {
7623 smp->flags |= SMP_F_MAY_CHANGE;
7624 return 0;
7625 }
7626
7627 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007628 if (!SSL_session_reused(ctx->ssl))
7629 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007630 finished_trash->area,
7631 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007632 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007633 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007634 finished_trash->area,
7635 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007636
7637 if (!finished_len)
7638 return 0;
7639
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007640 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007641 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007642 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007643
7644 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007645}
Patrick Hemmer41966772018-04-28 19:15:48 -04007646#endif
David Sc1ad52e2014-04-08 18:48:47 -04007647
Emeric Brun2525b6b2012-10-18 15:59:43 +02007648/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007649static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007650smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007651{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007652 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007653 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007654
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007655 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007656 if (!conn || conn->xprt != &ssl_sock)
7657 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007658 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007659
7660 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007661 smp->flags = SMP_F_MAY_CHANGE;
7662 return 0;
7663 }
7664
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007665 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007666 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007667 smp->flags = 0;
7668
7669 return 1;
7670}
7671
Emeric Brun2525b6b2012-10-18 15:59:43 +02007672/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007673static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007674smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007675{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007676 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007677 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007678
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007679 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007680 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007681 return 0;
7682
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007683 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007684 smp->flags = SMP_F_MAY_CHANGE;
7685 return 0;
7686 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007687 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007688
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007689 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007690 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007691 smp->flags = 0;
7692
7693 return 1;
7694}
7695
Emeric Brun2525b6b2012-10-18 15:59:43 +02007696/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007697static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007698smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007699{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007700 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007701 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007702
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007703 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007704 if (!conn || conn->xprt != &ssl_sock)
7705 return 0;
7706
7707 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007708 smp->flags = SMP_F_MAY_CHANGE;
7709 return 0;
7710 }
7711
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007712 ctx = conn->xprt_ctx;
7713
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007714 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007715 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007716 smp->flags = 0;
7717
7718 return 1;
7719}
7720
Emeric Brun2525b6b2012-10-18 15:59:43 +02007721/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007722static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007723smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007724{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007725 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007726 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007727
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007728 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007729 if (!conn || conn->xprt != &ssl_sock)
7730 return 0;
7731
7732 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007733 smp->flags = SMP_F_MAY_CHANGE;
7734 return 0;
7735 }
7736
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007737 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007738 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007739 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007740
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007741 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007742 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007743 smp->flags = 0;
7744
7745 return 1;
7746}
7747
Emeric Brunfb510ea2012-10-05 12:00:26 +02007748/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007749static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007750{
7751 if (!*args[cur_arg + 1]) {
7752 if (err)
7753 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7754 return ERR_ALERT | ERR_FATAL;
7755 }
7756
Willy Tarreauef934602016-12-22 23:12:01 +01007757 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7758 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007759 else
7760 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007761
Emeric Brund94b3fe2012-09-20 18:23:56 +02007762 return 0;
7763}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007764static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7765{
7766 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7767}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007768
Christopher Faulet31af49d2015-06-09 17:29:50 +02007769/* parse the "ca-sign-file" bind keyword */
7770static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7771{
7772 if (!*args[cur_arg + 1]) {
7773 if (err)
7774 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7775 return ERR_ALERT | ERR_FATAL;
7776 }
7777
Willy Tarreauef934602016-12-22 23:12:01 +01007778 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7779 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007780 else
7781 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7782
7783 return 0;
7784}
7785
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007786/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007787static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7788{
7789 if (!*args[cur_arg + 1]) {
7790 if (err)
7791 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7792 return ERR_ALERT | ERR_FATAL;
7793 }
7794 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7795 return 0;
7796}
7797
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007798/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007799static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007800{
7801 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007802 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007803 return ERR_ALERT | ERR_FATAL;
7804 }
7805
Emeric Brun76d88952012-10-05 15:47:31 +02007806 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007807 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007808 return 0;
7809}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007810static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7811{
7812 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7813}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007814
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007815#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007816/* parse the "ciphersuites" bind keyword */
7817static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7818{
7819 if (!*args[cur_arg + 1]) {
7820 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7821 return ERR_ALERT | ERR_FATAL;
7822 }
7823
7824 free(conf->ciphersuites);
7825 conf->ciphersuites = strdup(args[cur_arg + 1]);
7826 return 0;
7827}
7828static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7829{
7830 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7831}
7832#endif
7833
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007834/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007835static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007836{
Willy Tarreau38011032013-08-13 16:59:39 +02007837 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007838
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007839 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007840 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007841 return ERR_ALERT | ERR_FATAL;
7842 }
7843
Willy Tarreauef934602016-12-22 23:12:01 +01007844 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7845 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007846 memprintf(err, "'%s' : path too long", args[cur_arg]);
7847 return ERR_ALERT | ERR_FATAL;
7848 }
Willy Tarreauef934602016-12-22 23:12:01 +01007849 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007850 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007851 return ERR_ALERT | ERR_FATAL;
7852
7853 return 0;
7854 }
7855
Willy Tarreau03209342016-12-22 17:08:28 +01007856 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007857 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007858
7859 return 0;
7860}
7861
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007862/* parse the "crt-list" bind keyword */
7863static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7864{
7865 if (!*args[cur_arg + 1]) {
7866 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7867 return ERR_ALERT | ERR_FATAL;
7868 }
7869
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007870 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007871 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007872 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007873 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007874
7875 return 0;
7876}
7877
Emeric Brunfb510ea2012-10-05 12:00:26 +02007878/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007879static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007880{
Emeric Brun051cdab2012-10-02 19:25:50 +02007881#ifndef X509_V_FLAG_CRL_CHECK
7882 if (err)
7883 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7884 return ERR_ALERT | ERR_FATAL;
7885#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007886 if (!*args[cur_arg + 1]) {
7887 if (err)
7888 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7889 return ERR_ALERT | ERR_FATAL;
7890 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007891
Willy Tarreauef934602016-12-22 23:12:01 +01007892 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7893 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007894 else
7895 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007896
Emeric Brun2b58d042012-09-20 17:10:03 +02007897 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007898#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007899}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007900static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7901{
7902 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7903}
Emeric Brun2b58d042012-09-20 17:10:03 +02007904
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007905/* parse the "curves" bind keyword keyword */
7906static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7907{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007908#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007909 if (!*args[cur_arg + 1]) {
7910 if (err)
7911 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7912 return ERR_ALERT | ERR_FATAL;
7913 }
7914 conf->curves = strdup(args[cur_arg + 1]);
7915 return 0;
7916#else
7917 if (err)
7918 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7919 return ERR_ALERT | ERR_FATAL;
7920#endif
7921}
7922static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7923{
7924 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7925}
7926
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007927/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007928static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007929{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007930#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02007931 if (err)
7932 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7933 return ERR_ALERT | ERR_FATAL;
7934#elif defined(OPENSSL_NO_ECDH)
7935 if (err)
7936 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7937 return ERR_ALERT | ERR_FATAL;
7938#else
7939 if (!*args[cur_arg + 1]) {
7940 if (err)
7941 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7942 return ERR_ALERT | ERR_FATAL;
7943 }
7944
7945 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007946
7947 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007948#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007949}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007950static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7951{
7952 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7953}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007954
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007955/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007956static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7957{
7958 int code;
7959 char *p = args[cur_arg + 1];
7960 unsigned long long *ignerr = &conf->crt_ignerr;
7961
7962 if (!*p) {
7963 if (err)
7964 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7965 return ERR_ALERT | ERR_FATAL;
7966 }
7967
7968 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7969 ignerr = &conf->ca_ignerr;
7970
7971 if (strcmp(p, "all") == 0) {
7972 *ignerr = ~0ULL;
7973 return 0;
7974 }
7975
7976 while (p) {
7977 code = atoi(p);
7978 if ((code <= 0) || (code > 63)) {
7979 if (err)
7980 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7981 args[cur_arg], code, args[cur_arg + 1]);
7982 return ERR_ALERT | ERR_FATAL;
7983 }
7984 *ignerr |= 1ULL << code;
7985 p = strchr(p, ',');
7986 if (p)
7987 p++;
7988 }
7989
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007990 return 0;
7991}
7992
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007993/* parse tls_method_options "no-xxx" and "force-xxx" */
7994static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007995{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007996 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007997 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007998 p = strchr(arg, '-');
7999 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008000 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008001 p++;
8002 if (!strcmp(p, "sslv3"))
8003 v = CONF_SSLV3;
8004 else if (!strcmp(p, "tlsv10"))
8005 v = CONF_TLSV10;
8006 else if (!strcmp(p, "tlsv11"))
8007 v = CONF_TLSV11;
8008 else if (!strcmp(p, "tlsv12"))
8009 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008010 else if (!strcmp(p, "tlsv13"))
8011 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008012 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008013 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008014 if (!strncmp(arg, "no-", 3))
8015 methods->flags |= methodVersions[v].flag;
8016 else if (!strncmp(arg, "force-", 6))
8017 methods->min = methods->max = v;
8018 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008019 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008020 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008021 fail:
8022 if (err)
8023 memprintf(err, "'%s' : option not implemented", arg);
8024 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008025}
8026
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008027static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008028{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008029 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008030}
8031
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008032static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008033{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008034 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8035}
8036
8037/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8038static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8039{
8040 uint16_t i, v = 0;
8041 char *argv = args[cur_arg + 1];
8042 if (!*argv) {
8043 if (err)
8044 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
8045 return ERR_ALERT | ERR_FATAL;
8046 }
8047 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8048 if (!strcmp(argv, methodVersions[i].name))
8049 v = i;
8050 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008051 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008052 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008053 return ERR_ALERT | ERR_FATAL;
8054 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008055 if (!strcmp("ssl-min-ver", args[cur_arg]))
8056 methods->min = v;
8057 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8058 methods->max = v;
8059 else {
8060 if (err)
8061 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8062 return ERR_ALERT | ERR_FATAL;
8063 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008064 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008065}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008066
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008067static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8068{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008069#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008070 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008071#endif
8072 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8073}
8074
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008075static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8076{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008077 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008078}
8079
8080static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8081{
8082 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8083}
8084
Emeric Brun2d0c4822012-10-02 13:45:20 +02008085/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008086static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008087{
Emeric Brun89675492012-10-05 13:48:26 +02008088 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008089 return 0;
8090}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008091
Olivier Houchardc2aae742017-09-22 18:26:28 +02008092/* parse the "allow-0rtt" bind keyword */
8093static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8094{
8095 conf->early_data = 1;
8096 return 0;
8097}
8098
8099static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8100{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008101 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008102 return 0;
8103}
8104
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008105/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008106static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008107{
Bernard Spil13c53f82018-02-15 13:34:58 +01008108#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008109 char *p1, *p2;
8110
8111 if (!*args[cur_arg + 1]) {
8112 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8113 return ERR_ALERT | ERR_FATAL;
8114 }
8115
8116 free(conf->npn_str);
8117
Willy Tarreau3724da12016-02-12 17:11:12 +01008118 /* the NPN string is built as a suite of (<len> <name>)*,
8119 * so we reuse each comma to store the next <len> and need
8120 * one more for the end of the string.
8121 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008122 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008123 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008124 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8125
8126 /* replace commas with the name length */
8127 p1 = conf->npn_str;
8128 p2 = p1 + 1;
8129 while (1) {
8130 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8131 if (!p2)
8132 p2 = p1 + 1 + strlen(p1 + 1);
8133
8134 if (p2 - (p1 + 1) > 255) {
8135 *p2 = '\0';
8136 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8137 return ERR_ALERT | ERR_FATAL;
8138 }
8139
8140 *p1 = p2 - (p1 + 1);
8141 p1 = p2;
8142
8143 if (!*p2)
8144 break;
8145
8146 *(p2++) = '\0';
8147 }
8148 return 0;
8149#else
8150 if (err)
8151 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8152 return ERR_ALERT | ERR_FATAL;
8153#endif
8154}
8155
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008156static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8157{
8158 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8159}
8160
Willy Tarreauab861d32013-04-02 02:30:41 +02008161/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008162static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008163{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008164#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008165 char *p1, *p2;
8166
8167 if (!*args[cur_arg + 1]) {
8168 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8169 return ERR_ALERT | ERR_FATAL;
8170 }
8171
8172 free(conf->alpn_str);
8173
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008174 /* the ALPN string is built as a suite of (<len> <name>)*,
8175 * so we reuse each comma to store the next <len> and need
8176 * one more for the end of the string.
8177 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008178 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008179 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008180 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8181
8182 /* replace commas with the name length */
8183 p1 = conf->alpn_str;
8184 p2 = p1 + 1;
8185 while (1) {
8186 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8187 if (!p2)
8188 p2 = p1 + 1 + strlen(p1 + 1);
8189
8190 if (p2 - (p1 + 1) > 255) {
8191 *p2 = '\0';
8192 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8193 return ERR_ALERT | ERR_FATAL;
8194 }
8195
8196 *p1 = p2 - (p1 + 1);
8197 p1 = p2;
8198
8199 if (!*p2)
8200 break;
8201
8202 *(p2++) = '\0';
8203 }
8204 return 0;
8205#else
8206 if (err)
8207 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8208 return ERR_ALERT | ERR_FATAL;
8209#endif
8210}
8211
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008212static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8213{
8214 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8215}
8216
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008217/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008218static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008219{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008220 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008221 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008222
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008223 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8224 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008225#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008226 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8227 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8228#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008229 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008230 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8231 if (!conf->ssl_conf.ssl_methods.min)
8232 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8233 if (!conf->ssl_conf.ssl_methods.max)
8234 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008235
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008236 return 0;
8237}
8238
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008239/* parse the "prefer-client-ciphers" bind keyword */
8240static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8241{
8242 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8243 return 0;
8244}
8245
Christopher Faulet31af49d2015-06-09 17:29:50 +02008246/* parse the "generate-certificates" bind keyword */
8247static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8248{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008249#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008250 conf->generate_certs = 1;
8251#else
8252 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8253 err && *err ? *err : "");
8254#endif
8255 return 0;
8256}
8257
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008258/* parse the "strict-sni" bind keyword */
8259static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8260{
8261 conf->strict_sni = 1;
8262 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008263}
8264
8265/* parse the "tls-ticket-keys" bind keyword */
8266static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8267{
8268#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8269 FILE *f;
8270 int i = 0;
8271 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008272 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008273
8274 if (!*args[cur_arg + 1]) {
8275 if (err)
8276 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
8277 return ERR_ALERT | ERR_FATAL;
8278 }
8279
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008280 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008281 if (keys_ref) {
8282 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008283 conf->keys_ref = keys_ref;
8284 return 0;
8285 }
8286
Vincent Bernat02779b62016-04-03 13:48:43 +02008287 keys_ref = malloc(sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008288 if (!keys_ref) {
8289 if (err)
8290 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8291 return ERR_ALERT | ERR_FATAL;
8292 }
8293
Emeric Brun9e754772019-01-10 17:51:55 +01008294 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008295 if (!keys_ref->tlskeys) {
8296 free(keys_ref);
8297 if (err)
8298 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8299 return ERR_ALERT | ERR_FATAL;
8300 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008301
8302 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
Emeric Brun09852f72019-01-10 10:51:13 +01008303 free(keys_ref->tlskeys);
8304 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008305 if (err)
8306 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
8307 return ERR_ALERT | ERR_FATAL;
8308 }
8309
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008310 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008311 if (!keys_ref->filename) {
8312 free(keys_ref->tlskeys);
8313 free(keys_ref);
8314 if (err)
8315 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
8316 return ERR_ALERT | ERR_FATAL;
8317 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008318
Emeric Brun9e754772019-01-10 17:51:55 +01008319 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008320 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8321 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008322 int dec_size;
8323
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008324 /* Strip newline characters from the end */
8325 if(thisline[len - 1] == '\n')
8326 thisline[--len] = 0;
8327
8328 if(thisline[len - 1] == '\r')
8329 thisline[--len] = 0;
8330
Emeric Brun9e754772019-01-10 17:51:55 +01008331 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8332 if (dec_size < 0) {
Emeric Brun09852f72019-01-10 10:51:13 +01008333 free(keys_ref->filename);
8334 free(keys_ref->tlskeys);
8335 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008336 if (err)
8337 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02008338 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008339 return ERR_ALERT | ERR_FATAL;
8340 }
Emeric Brun9e754772019-01-10 17:51:55 +01008341 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8342 keys_ref->key_size_bits = 128;
8343 }
8344 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8345 keys_ref->key_size_bits = 256;
8346 }
8347 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8348 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8349 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
8350 free(keys_ref->filename);
8351 free(keys_ref->tlskeys);
8352 free(keys_ref);
8353 if (err)
8354 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
8355 fclose(f);
8356 return ERR_ALERT | ERR_FATAL;
8357 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008358 i++;
8359 }
8360
8361 if (i < TLS_TICKETS_NO) {
Emeric Brun09852f72019-01-10 10:51:13 +01008362 free(keys_ref->filename);
8363 free(keys_ref->tlskeys);
8364 free(keys_ref);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008365 if (err)
8366 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02008367 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008368 return ERR_ALERT | ERR_FATAL;
8369 }
8370
8371 fclose(f);
8372
8373 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008374 i -= 2;
8375 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008376 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008377 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008378 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008379 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008380
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008381 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8382
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008383 return 0;
8384#else
8385 if (err)
8386 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8387 return ERR_ALERT | ERR_FATAL;
8388#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008389}
8390
Emeric Brund94b3fe2012-09-20 18:23:56 +02008391/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008392static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008393{
8394 if (!*args[cur_arg + 1]) {
8395 if (err)
8396 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8397 return ERR_ALERT | ERR_FATAL;
8398 }
8399
8400 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008401 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008402 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008403 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008404 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008405 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008406 else {
8407 if (err)
8408 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8409 args[cur_arg], args[cur_arg + 1]);
8410 return ERR_ALERT | ERR_FATAL;
8411 }
8412
8413 return 0;
8414}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008415static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8416{
8417 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8418}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008419
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008420/* parse the "no-ca-names" bind keyword */
8421static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8422{
8423 conf->no_ca_names = 1;
8424 return 0;
8425}
8426static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8427{
8428 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8429}
8430
Willy Tarreau92faadf2012-10-10 23:04:25 +02008431/************** "server" keywords ****************/
8432
Olivier Houchardc7566002018-11-20 23:33:50 +01008433/* parse the "npn" bind keyword */
8434static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8435{
8436#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8437 char *p1, *p2;
8438
8439 if (!*args[*cur_arg + 1]) {
8440 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8441 return ERR_ALERT | ERR_FATAL;
8442 }
8443
8444 free(newsrv->ssl_ctx.npn_str);
8445
8446 /* the NPN string is built as a suite of (<len> <name>)*,
8447 * so we reuse each comma to store the next <len> and need
8448 * one more for the end of the string.
8449 */
8450 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8451 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8452 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8453 newsrv->ssl_ctx.npn_len);
8454
8455 /* replace commas with the name length */
8456 p1 = newsrv->ssl_ctx.npn_str;
8457 p2 = p1 + 1;
8458 while (1) {
8459 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8460 newsrv->ssl_ctx.npn_len - (p1 + 1));
8461 if (!p2)
8462 p2 = p1 + 1 + strlen(p1 + 1);
8463
8464 if (p2 - (p1 + 1) > 255) {
8465 *p2 = '\0';
8466 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8467 return ERR_ALERT | ERR_FATAL;
8468 }
8469
8470 *p1 = p2 - (p1 + 1);
8471 p1 = p2;
8472
8473 if (!*p2)
8474 break;
8475
8476 *(p2++) = '\0';
8477 }
8478 return 0;
8479#else
8480 if (err)
8481 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8482 return ERR_ALERT | ERR_FATAL;
8483#endif
8484}
8485
Olivier Houchard92150142018-12-21 19:47:01 +01008486/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008487static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8488{
8489#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8490 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008491 char **alpn_str;
8492 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008493
Olivier Houchard92150142018-12-21 19:47:01 +01008494 if (*args[*cur_arg] == 'c') {
8495 alpn_str = &newsrv->check.alpn_str;
8496 alpn_len = &newsrv->check.alpn_len;
8497 } else {
8498 alpn_str = &newsrv->ssl_ctx.alpn_str;
8499 alpn_len = &newsrv->ssl_ctx.alpn_len;
8500
8501 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008502 if (!*args[*cur_arg + 1]) {
8503 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8504 return ERR_ALERT | ERR_FATAL;
8505 }
8506
Olivier Houchard92150142018-12-21 19:47:01 +01008507 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008508
8509 /* the ALPN string is built as a suite of (<len> <name>)*,
8510 * so we reuse each comma to store the next <len> and need
8511 * one more for the end of the string.
8512 */
Olivier Houchard92150142018-12-21 19:47:01 +01008513 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8514 *alpn_str = calloc(1, *alpn_len + 1);
8515 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008516
8517 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008518 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008519 p2 = p1 + 1;
8520 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008521 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008522 if (!p2)
8523 p2 = p1 + 1 + strlen(p1 + 1);
8524
8525 if (p2 - (p1 + 1) > 255) {
8526 *p2 = '\0';
8527 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8528 return ERR_ALERT | ERR_FATAL;
8529 }
8530
8531 *p1 = p2 - (p1 + 1);
8532 p1 = p2;
8533
8534 if (!*p2)
8535 break;
8536
8537 *(p2++) = '\0';
8538 }
8539 return 0;
8540#else
8541 if (err)
8542 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8543 return ERR_ALERT | ERR_FATAL;
8544#endif
8545}
8546
Emeric Brunef42d922012-10-11 16:11:36 +02008547/* parse the "ca-file" server keyword */
8548static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8549{
8550 if (!*args[*cur_arg + 1]) {
8551 if (err)
8552 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8553 return ERR_ALERT | ERR_FATAL;
8554 }
8555
Willy Tarreauef934602016-12-22 23:12:01 +01008556 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8557 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008558 else
8559 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8560
8561 return 0;
8562}
8563
Olivier Houchard9130a962017-10-17 17:33:43 +02008564/* parse the "check-sni" server keyword */
8565static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8566{
8567 if (!*args[*cur_arg + 1]) {
8568 if (err)
8569 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8570 return ERR_ALERT | ERR_FATAL;
8571 }
8572
8573 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8574 if (!newsrv->check.sni) {
8575 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8576 return ERR_ALERT | ERR_FATAL;
8577 }
8578 return 0;
8579
8580}
8581
Willy Tarreau92faadf2012-10-10 23:04:25 +02008582/* parse the "check-ssl" server keyword */
8583static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8584{
8585 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008586 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8587 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008588#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008589 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8590 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8591#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008592 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008593 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8594 if (!newsrv->ssl_ctx.methods.min)
8595 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8596 if (!newsrv->ssl_ctx.methods.max)
8597 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8598
Willy Tarreau92faadf2012-10-10 23:04:25 +02008599 return 0;
8600}
8601
8602/* parse the "ciphers" server keyword */
8603static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8604{
8605 if (!*args[*cur_arg + 1]) {
8606 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8607 return ERR_ALERT | ERR_FATAL;
8608 }
8609
8610 free(newsrv->ssl_ctx.ciphers);
8611 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8612 return 0;
8613}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008614
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008615#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008616/* parse the "ciphersuites" server keyword */
8617static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8618{
8619 if (!*args[*cur_arg + 1]) {
8620 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8621 return ERR_ALERT | ERR_FATAL;
8622 }
8623
8624 free(newsrv->ssl_ctx.ciphersuites);
8625 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8626 return 0;
8627}
8628#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008629
Emeric Brunef42d922012-10-11 16:11:36 +02008630/* parse the "crl-file" server keyword */
8631static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8632{
8633#ifndef X509_V_FLAG_CRL_CHECK
8634 if (err)
8635 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8636 return ERR_ALERT | ERR_FATAL;
8637#else
8638 if (!*args[*cur_arg + 1]) {
8639 if (err)
8640 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8641 return ERR_ALERT | ERR_FATAL;
8642 }
8643
Willy Tarreauef934602016-12-22 23:12:01 +01008644 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8645 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008646 else
8647 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8648
8649 return 0;
8650#endif
8651}
8652
Emeric Bruna7aa3092012-10-26 12:58:00 +02008653/* parse the "crt" server keyword */
8654static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8655{
8656 if (!*args[*cur_arg + 1]) {
8657 if (err)
8658 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8659 return ERR_ALERT | ERR_FATAL;
8660 }
8661
Willy Tarreauef934602016-12-22 23:12:01 +01008662 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008663 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008664 else
8665 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8666
8667 return 0;
8668}
Emeric Brunef42d922012-10-11 16:11:36 +02008669
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008670/* parse the "no-check-ssl" server keyword */
8671static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8672{
8673 newsrv->check.use_ssl = 0;
8674 free(newsrv->ssl_ctx.ciphers);
8675 newsrv->ssl_ctx.ciphers = NULL;
8676 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8677 return 0;
8678}
8679
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008680/* parse the "no-send-proxy-v2-ssl" server keyword */
8681static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8682{
8683 newsrv->pp_opts &= ~SRV_PP_V2;
8684 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8685 return 0;
8686}
8687
8688/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8689static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8690{
8691 newsrv->pp_opts &= ~SRV_PP_V2;
8692 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8693 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8694 return 0;
8695}
8696
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008697/* parse the "no-ssl" server keyword */
8698static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8699{
8700 newsrv->use_ssl = 0;
8701 free(newsrv->ssl_ctx.ciphers);
8702 newsrv->ssl_ctx.ciphers = NULL;
8703 return 0;
8704}
8705
Olivier Houchard522eea72017-11-03 16:27:47 +01008706/* parse the "allow-0rtt" server keyword */
8707static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8708{
8709 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8710 return 0;
8711}
8712
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008713/* parse the "no-ssl-reuse" server keyword */
8714static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8715{
8716 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8717 return 0;
8718}
8719
Emeric Brunf9c5c472012-10-11 15:28:34 +02008720/* parse the "no-tls-tickets" server keyword */
8721static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8722{
8723 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8724 return 0;
8725}
David Safb76832014-05-08 23:42:08 -04008726/* parse the "send-proxy-v2-ssl" server keyword */
8727static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8728{
8729 newsrv->pp_opts |= SRV_PP_V2;
8730 newsrv->pp_opts |= SRV_PP_V2_SSL;
8731 return 0;
8732}
8733
8734/* parse the "send-proxy-v2-ssl-cn" server keyword */
8735static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8736{
8737 newsrv->pp_opts |= SRV_PP_V2;
8738 newsrv->pp_opts |= SRV_PP_V2_SSL;
8739 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8740 return 0;
8741}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008742
Willy Tarreau732eac42015-07-09 11:40:25 +02008743/* parse the "sni" server keyword */
8744static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8745{
8746#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8747 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8748 return ERR_ALERT | ERR_FATAL;
8749#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008750 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008751
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008752 arg = args[*cur_arg + 1];
8753 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008754 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8755 return ERR_ALERT | ERR_FATAL;
8756 }
8757
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008758 free(newsrv->sni_expr);
8759 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008760
Willy Tarreau732eac42015-07-09 11:40:25 +02008761 return 0;
8762#endif
8763}
8764
Willy Tarreau92faadf2012-10-10 23:04:25 +02008765/* parse the "ssl" server keyword */
8766static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8767{
8768 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008769 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8770 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008771#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008772 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8773 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8774#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008775 return 0;
8776}
8777
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008778/* parse the "ssl-reuse" server keyword */
8779static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8780{
8781 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8782 return 0;
8783}
8784
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008785/* parse the "tls-tickets" server keyword */
8786static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8787{
8788 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8789 return 0;
8790}
8791
Emeric Brunef42d922012-10-11 16:11:36 +02008792/* parse the "verify" server keyword */
8793static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8794{
8795 if (!*args[*cur_arg + 1]) {
8796 if (err)
8797 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8798 return ERR_ALERT | ERR_FATAL;
8799 }
8800
8801 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008802 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008803 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008804 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008805 else {
8806 if (err)
8807 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8808 args[*cur_arg], args[*cur_arg + 1]);
8809 return ERR_ALERT | ERR_FATAL;
8810 }
8811
Evan Broderbe554312013-06-27 00:05:25 -07008812 return 0;
8813}
8814
8815/* parse the "verifyhost" server keyword */
8816static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8817{
8818 if (!*args[*cur_arg + 1]) {
8819 if (err)
8820 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8821 return ERR_ALERT | ERR_FATAL;
8822 }
8823
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008824 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008825 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8826
Emeric Brunef42d922012-10-11 16:11:36 +02008827 return 0;
8828}
8829
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008830/* parse the "ssl-default-bind-options" keyword in global section */
8831static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8832 struct proxy *defpx, const char *file, int line,
8833 char **err) {
8834 int i = 1;
8835
8836 if (*(args[i]) == 0) {
8837 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8838 return -1;
8839 }
8840 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008841 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008842 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008843 else if (!strcmp(args[i], "prefer-client-ciphers"))
8844 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008845 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8846 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8847 i++;
8848 else {
8849 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8850 return -1;
8851 }
8852 }
8853 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008854 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8855 return -1;
8856 }
8857 i++;
8858 }
8859 return 0;
8860}
8861
8862/* parse the "ssl-default-server-options" keyword in global section */
8863static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8864 struct proxy *defpx, const char *file, int line,
8865 char **err) {
8866 int i = 1;
8867
8868 if (*(args[i]) == 0) {
8869 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8870 return -1;
8871 }
8872 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008873 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008874 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008875 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8876 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8877 i++;
8878 else {
8879 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8880 return -1;
8881 }
8882 }
8883 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008884 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8885 return -1;
8886 }
8887 i++;
8888 }
8889 return 0;
8890}
8891
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008892/* parse the "ca-base" / "crt-base" keywords in global section.
8893 * Returns <0 on alert, >0 on warning, 0 on success.
8894 */
8895static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8896 struct proxy *defpx, const char *file, int line,
8897 char **err)
8898{
8899 char **target;
8900
Willy Tarreauef934602016-12-22 23:12:01 +01008901 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008902
8903 if (too_many_args(1, args, err, NULL))
8904 return -1;
8905
8906 if (*target) {
8907 memprintf(err, "'%s' already specified.", args[0]);
8908 return -1;
8909 }
8910
8911 if (*(args[1]) == 0) {
8912 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8913 return -1;
8914 }
8915 *target = strdup(args[1]);
8916 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008917}
8918
8919/* parse the "ssl-mode-async" keyword in global section.
8920 * Returns <0 on alert, >0 on warning, 0 on success.
8921 */
8922static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8923 struct proxy *defpx, const char *file, int line,
8924 char **err)
8925{
Willy Tarreau5db847a2019-05-09 14:13:35 +02008926#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008927 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008928 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008929 return 0;
8930#else
8931 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8932 return -1;
8933#endif
8934}
8935
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008936#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008937static int ssl_check_async_engine_count(void) {
8938 int err_code = 0;
8939
Emeric Brun3854e012017-05-17 20:42:48 +02008940 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008941 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008942 err_code = ERR_ABORT;
8943 }
8944 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008945}
8946
Grant Zhang872f9c22017-01-21 01:10:18 +00008947/* parse the "ssl-engine" keyword in global section.
8948 * Returns <0 on alert, >0 on warning, 0 on success.
8949 */
8950static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8951 struct proxy *defpx, const char *file, int line,
8952 char **err)
8953{
8954 char *algo;
8955 int ret = -1;
8956
8957 if (*(args[1]) == 0) {
8958 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8959 return ret;
8960 }
8961
8962 if (*(args[2]) == 0) {
8963 /* if no list of algorithms is given, it defaults to ALL */
8964 algo = strdup("ALL");
8965 goto add_engine;
8966 }
8967
8968 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8969 if (strcmp(args[2], "algo") != 0) {
8970 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8971 return ret;
8972 }
8973
8974 if (*(args[3]) == 0) {
8975 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8976 return ret;
8977 }
8978 algo = strdup(args[3]);
8979
8980add_engine:
8981 if (ssl_init_single_engine(args[1], algo)==0) {
8982 openssl_engines_initialized++;
8983 ret = 0;
8984 }
8985 free(algo);
8986 return ret;
8987}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008988#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008989
Willy Tarreauf22e9682016-12-21 23:23:19 +01008990/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8991 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8992 */
8993static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8994 struct proxy *defpx, const char *file, int line,
8995 char **err)
8996{
8997 char **target;
8998
Willy Tarreauef934602016-12-22 23:12:01 +01008999 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009000
9001 if (too_many_args(1, args, err, NULL))
9002 return -1;
9003
9004 if (*(args[1]) == 0) {
9005 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9006 return -1;
9007 }
9008
9009 free(*target);
9010 *target = strdup(args[1]);
9011 return 0;
9012}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009013
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009014#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009015/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9016 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9017 */
9018static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9019 struct proxy *defpx, const char *file, int line,
9020 char **err)
9021{
9022 char **target;
9023
9024 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9025
9026 if (too_many_args(1, args, err, NULL))
9027 return -1;
9028
9029 if (*(args[1]) == 0) {
9030 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9031 return -1;
9032 }
9033
9034 free(*target);
9035 *target = strdup(args[1]);
9036 return 0;
9037}
9038#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009039
Willy Tarreau9ceda382016-12-21 23:13:03 +01009040/* parse various global tune.ssl settings consisting in positive integers.
9041 * Returns <0 on alert, >0 on warning, 0 on success.
9042 */
9043static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9044 struct proxy *defpx, const char *file, int line,
9045 char **err)
9046{
9047 int *target;
9048
9049 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9050 target = &global.tune.sslcachesize;
9051 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009052 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009053 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009054 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009055 else if (strcmp(args[0], "maxsslconn") == 0)
9056 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009057 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9058 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009059 else {
9060 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9061 return -1;
9062 }
9063
9064 if (too_many_args(1, args, err, NULL))
9065 return -1;
9066
9067 if (*(args[1]) == 0) {
9068 memprintf(err, "'%s' expects an integer argument.", args[0]);
9069 return -1;
9070 }
9071
9072 *target = atoi(args[1]);
9073 if (*target < 0) {
9074 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9075 return -1;
9076 }
9077 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009078}
9079
9080static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9081 struct proxy *defpx, const char *file, int line,
9082 char **err)
9083{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009084 int ret;
9085
9086 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9087 if (ret != 0)
9088 return ret;
9089
Willy Tarreaubafbe012017-11-24 17:34:44 +01009090 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009091 memprintf(err, "'%s' is already configured.", args[0]);
9092 return -1;
9093 }
9094
Willy Tarreaubafbe012017-11-24 17:34:44 +01009095 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9096 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009097 memprintf(err, "Out of memory error.");
9098 return -1;
9099 }
9100 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009101}
9102
9103/* parse "ssl.force-private-cache".
9104 * Returns <0 on alert, >0 on warning, 0 on success.
9105 */
9106static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9107 struct proxy *defpx, const char *file, int line,
9108 char **err)
9109{
9110 if (too_many_args(0, args, err, NULL))
9111 return -1;
9112
Willy Tarreauef934602016-12-22 23:12:01 +01009113 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009114 return 0;
9115}
9116
9117/* parse "ssl.lifetime".
9118 * Returns <0 on alert, >0 on warning, 0 on success.
9119 */
9120static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9121 struct proxy *defpx, const char *file, int line,
9122 char **err)
9123{
9124 const char *res;
9125
9126 if (too_many_args(1, args, err, NULL))
9127 return -1;
9128
9129 if (*(args[1]) == 0) {
9130 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9131 return -1;
9132 }
9133
Willy Tarreauef934602016-12-22 23:12:01 +01009134 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009135 if (res == PARSE_TIME_OVER) {
9136 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9137 args[1], args[0]);
9138 return -1;
9139 }
9140 else if (res == PARSE_TIME_UNDER) {
9141 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9142 args[1], args[0]);
9143 return -1;
9144 }
9145 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009146 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9147 return -1;
9148 }
9149 return 0;
9150}
9151
9152#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009153/* parse "ssl-dh-param-file".
9154 * Returns <0 on alert, >0 on warning, 0 on success.
9155 */
9156static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9157 struct proxy *defpx, const char *file, int line,
9158 char **err)
9159{
9160 if (too_many_args(1, args, err, NULL))
9161 return -1;
9162
9163 if (*(args[1]) == 0) {
9164 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9165 return -1;
9166 }
9167
9168 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9169 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9170 return -1;
9171 }
9172 return 0;
9173}
9174
Willy Tarreau9ceda382016-12-21 23:13:03 +01009175/* parse "ssl.default-dh-param".
9176 * Returns <0 on alert, >0 on warning, 0 on success.
9177 */
9178static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9179 struct proxy *defpx, const char *file, int line,
9180 char **err)
9181{
9182 if (too_many_args(1, args, err, NULL))
9183 return -1;
9184
9185 if (*(args[1]) == 0) {
9186 memprintf(err, "'%s' expects an integer argument.", args[0]);
9187 return -1;
9188 }
9189
Willy Tarreauef934602016-12-22 23:12:01 +01009190 global_ssl.default_dh_param = atoi(args[1]);
9191 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009192 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9193 return -1;
9194 }
9195 return 0;
9196}
9197#endif
9198
9199
William Lallemand32af2032016-10-29 18:09:35 +02009200/* This function is used with TLS ticket keys management. It permits to browse
9201 * each reference. The variable <getnext> must contain the current node,
9202 * <end> point to the root node.
9203 */
9204#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9205static inline
9206struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9207{
9208 struct tls_keys_ref *ref = getnext;
9209
9210 while (1) {
9211
9212 /* Get next list entry. */
9213 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9214
9215 /* If the entry is the last of the list, return NULL. */
9216 if (&ref->list == end)
9217 return NULL;
9218
9219 return ref;
9220 }
9221}
9222
9223static inline
9224struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9225{
9226 int id;
9227 char *error;
9228
9229 /* If the reference starts by a '#', this is numeric id. */
9230 if (reference[0] == '#') {
9231 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9232 id = strtol(reference + 1, &error, 10);
9233 if (*error != '\0')
9234 return NULL;
9235
9236 /* Perform the unique id lookup. */
9237 return tlskeys_ref_lookupid(id);
9238 }
9239
9240 /* Perform the string lookup. */
9241 return tlskeys_ref_lookup(reference);
9242}
9243#endif
9244
9245
9246#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9247
9248static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9249
9250static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9251 return cli_io_handler_tlskeys_files(appctx);
9252}
9253
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009254/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9255 * (next index to be dumped), and cli.p0 (next key reference).
9256 */
William Lallemand32af2032016-10-29 18:09:35 +02009257static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9258
9259 struct stream_interface *si = appctx->owner;
9260
9261 switch (appctx->st2) {
9262 case STAT_ST_INIT:
9263 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009264 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009265 * later and restart at the state "STAT_ST_INIT".
9266 */
9267 chunk_reset(&trash);
9268
9269 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9270 chunk_appendf(&trash, "# id secret\n");
9271 else
9272 chunk_appendf(&trash, "# id (file)\n");
9273
Willy Tarreau06d80a92017-10-19 14:32:15 +02009274 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009275 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009276 return 0;
9277 }
9278
William Lallemand32af2032016-10-29 18:09:35 +02009279 /* Now, we start the browsing of the references lists.
9280 * Note that the following call to LIST_ELEM return bad pointer. The only
9281 * available field of this pointer is <list>. It is used with the function
9282 * tlskeys_list_get_next() for retruning the first available entry
9283 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009284 if (appctx->ctx.cli.p0 == NULL) {
9285 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9286 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009287 }
9288
9289 appctx->st2 = STAT_ST_LIST;
9290 /* fall through */
9291
9292 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009293 while (appctx->ctx.cli.p0) {
9294 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009295
9296 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009297 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009298 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009299
9300 if (appctx->ctx.cli.i1 == 0)
9301 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9302
William Lallemand32af2032016-10-29 18:09:35 +02009303 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009304 int head;
9305
9306 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9307 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009308 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009309 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009310
9311 chunk_reset(t2);
9312 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009313 if (ref->key_size_bits == 128) {
9314 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9315 sizeof(struct tls_sess_key_128),
9316 t2->area, t2->size);
9317 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9318 t2->area);
9319 }
9320 else if (ref->key_size_bits == 256) {
9321 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9322 sizeof(struct tls_sess_key_256),
9323 t2->area, t2->size);
9324 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9325 t2->area);
9326 }
9327 else {
9328 /* This case should never happen */
9329 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9330 }
William Lallemand32af2032016-10-29 18:09:35 +02009331
Willy Tarreau06d80a92017-10-19 14:32:15 +02009332 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009333 /* let's try again later from this stream. We add ourselves into
9334 * this stream's users so that it can remove us upon termination.
9335 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009336 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009337 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009338 return 0;
9339 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009340 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009341 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009342 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009343 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009344 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009345 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009346 /* let's try again later from this stream. We add ourselves into
9347 * this stream's users so that it can remove us upon termination.
9348 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009349 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009350 return 0;
9351 }
9352
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009353 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009354 break;
9355
9356 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009357 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009358 }
9359
9360 appctx->st2 = STAT_ST_FIN;
9361 /* fall through */
9362
9363 default:
9364 appctx->st2 = STAT_ST_FIN;
9365 return 1;
9366 }
9367 return 0;
9368}
9369
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009370/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009371static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009372{
William Lallemand32af2032016-10-29 18:09:35 +02009373 /* no parameter, shows only file list */
9374 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009375 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009376 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009377 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009378 }
9379
9380 if (args[2][0] == '*') {
9381 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009382 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009383 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009384 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
9385 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009386 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009387 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009388 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009389 return 1;
9390 }
9391 }
William Lallemand32af2032016-10-29 18:09:35 +02009392 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009393 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009394}
9395
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009396static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009397{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009398 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009399 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009400
William Lallemand32af2032016-10-29 18:09:35 +02009401 /* Expect two parameters: the filename and the new new TLS key in encoding */
9402 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009403 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009404 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009405 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009406 return 1;
9407 }
9408
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009409 ref = tlskeys_ref_lookup_ref(args[3]);
9410 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009411 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009412 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009413 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009414 return 1;
9415 }
9416
Willy Tarreau1c913e42018-08-22 05:26:57 +02009417 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009418 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009419 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009420 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009421 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009422 return 1;
9423 }
Emeric Brun9e754772019-01-10 17:51:55 +01009424
Willy Tarreau1c913e42018-08-22 05:26:57 +02009425 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009426 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9427 appctx->ctx.cli.severity = LOG_ERR;
9428 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9429 appctx->st0 = CLI_ST_PRINT;
9430 return 1;
9431 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009432 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009433 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009434 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009435 return 1;
9436
9437}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009438#endif
William Lallemand32af2032016-10-29 18:09:35 +02009439
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009440static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009441{
9442#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9443 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009444 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009445
9446 if (!payload)
9447 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009448
9449 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009450 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009451 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009452 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009453 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009454 return 1;
9455 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009456
9457 /* remove \r and \n from the payload */
9458 for (i = 0, j = 0; payload[i]; i++) {
9459 if (payload[i] == '\r' || payload[i] == '\n')
9460 continue;
9461 payload[j++] = payload[i];
9462 }
9463 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009464
Willy Tarreau1c913e42018-08-22 05:26:57 +02009465 ret = base64dec(payload, j, trash.area, trash.size);
9466 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009467 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009468 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009469 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009470 return 1;
9471 }
9472
Willy Tarreau1c913e42018-08-22 05:26:57 +02009473 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009474 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9475 if (err) {
9476 memprintf(&err, "%s.\n", err);
9477 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009478 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009479 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009480 else {
9481 appctx->ctx.cli.severity = LOG_ERR;
9482 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9483 appctx->st0 = CLI_ST_PRINT;
9484 }
William Lallemand32af2032016-10-29 18:09:35 +02009485 return 1;
9486 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009487 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009488 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009489 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009490 return 1;
9491#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009492 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009493 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009494 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009495 return 1;
9496#endif
9497
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009498}
9499
Willy Tarreau86a394e2019-05-09 14:15:32 +02009500#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009501static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9502{
9503 switch (arg->type) {
9504 case ARGT_STR:
9505 smp->data.type = SMP_T_STR;
9506 smp->data.u.str = arg->data.str;
9507 return 1;
9508 case ARGT_VAR:
9509 if (!vars_get_by_desc(&arg->data.var, smp))
9510 return 0;
9511 if (!sample_casts[smp->data.type][SMP_T_STR])
9512 return 0;
9513 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9514 return 0;
9515 return 1;
9516 default:
9517 return 0;
9518 }
9519}
9520
9521static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9522 const char *file, int line, char **err)
9523{
9524 switch(args[0].data.sint) {
9525 case 128:
9526 case 192:
9527 case 256:
9528 break;
9529 default:
9530 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9531 return 0;
9532 }
9533 /* Try to decode a variable. */
9534 vars_check_arg(&args[1], NULL);
9535 vars_check_arg(&args[2], NULL);
9536 vars_check_arg(&args[3], NULL);
9537 return 1;
9538}
9539
9540/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9541static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9542{
9543 struct sample nonce, key, aead_tag;
9544 struct buffer *smp_trash, *smp_trash_alloc;
9545 EVP_CIPHER_CTX *ctx;
9546 int dec_size, ret;
9547
9548 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9549 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9550 return 0;
9551
9552 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9553 if (!sample_conv_var2smp_str(&arg_p[2], &key))
9554 return 0;
9555
9556 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9557 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
9558 return 0;
9559
9560 smp_trash = get_trash_chunk();
9561 smp_trash_alloc = alloc_trash_chunk();
9562 if (!smp_trash_alloc)
9563 return 0;
9564
9565 ctx = EVP_CIPHER_CTX_new();
9566
9567 if (!ctx)
9568 goto err;
9569
9570 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9571 if (dec_size < 0)
9572 goto err;
9573 smp_trash->data = dec_size;
9574
9575 /* Set cipher type and mode */
9576 switch(arg_p[0].data.sint) {
9577 case 128:
9578 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9579 break;
9580 case 192:
9581 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9582 break;
9583 case 256:
9584 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9585 break;
9586 }
9587
9588 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, smp_trash->data, NULL);
9589
9590 /* Initialise IV */
9591 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) smp_trash->area))
9592 goto err;
9593
9594 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9595 if (dec_size < 0)
9596 goto err;
9597 smp_trash->data = dec_size;
9598
9599 /* Initialise key */
9600 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) smp_trash->area, NULL))
9601 goto err;
9602
9603 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
9604 (unsigned char *) smp->data.u.str.area, (int) smp->data.u.str.data))
9605 goto err;
9606
9607 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9608 if (dec_size < 0)
9609 goto err;
9610 smp_trash_alloc->data = dec_size;
9611 dec_size = smp_trash->data;
9612
9613 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, smp_trash_alloc->data, (void *) smp_trash_alloc->area);
9614 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9615
9616 if (ret <= 0)
9617 goto err;
9618
9619 smp->data.u.str.data = dec_size + smp_trash->data;
9620 smp->data.u.str.area = smp_trash->area;
9621 smp->data.type = SMP_T_BIN;
9622 smp->flags &= ~SMP_F_CONST;
9623 free_trash_chunk(smp_trash_alloc);
9624 return 1;
9625
9626err:
9627 free_trash_chunk(smp_trash_alloc);
9628 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009629}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009630# endif
William Lallemand32af2032016-10-29 18:09:35 +02009631
9632/* register cli keywords */
9633static struct cli_kw_list cli_kws = {{ },{
9634#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9635 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009636 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009637#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009638 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009639 { { NULL }, NULL, NULL, NULL }
9640}};
9641
Willy Tarreau0108d902018-11-25 19:14:37 +01009642INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009643
Willy Tarreau7875d092012-09-10 08:20:03 +02009644/* Note: must not be declared <const> as its list will be overwritten.
9645 * Please take care of keeping this list alphabetically sorted.
9646 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009647static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009648 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009649 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009650#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009651 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009652#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009653 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009654#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9655 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9656#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009657 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009658 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009659 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009660 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009661#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009662 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009663#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009664#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009665 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9666 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -04009667 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9668#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009669 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9670 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009671 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009672 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009673 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9674 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9675 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9676 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9677 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9678 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9679 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9680 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009681 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009682 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9683 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009684 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009685 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9686 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9687 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9688 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9689 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9690 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9691 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009692 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009693 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009694 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009695 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009696 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009697 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009698 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009699 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009700 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009701#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009702 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009703#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009704#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009705 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009706#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009707 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009708#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009709 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009710#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009711 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009712#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009713 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009714#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009715#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009716 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9717 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -04009718 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9719#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009720#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009721 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009722#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009723 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9724 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9725 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9726 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009727 { NULL, NULL, 0, 0, 0 },
9728}};
9729
Willy Tarreau0108d902018-11-25 19:14:37 +01009730INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9731
Willy Tarreau7875d092012-09-10 08:20:03 +02009732/* Note: must not be declared <const> as its list will be overwritten.
9733 * Please take care of keeping this list alphabetically sorted.
9734 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009735static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009736 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9737 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009738 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009739}};
9740
Willy Tarreau0108d902018-11-25 19:14:37 +01009741INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9742
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009743/* Note: must not be declared <const> as its list will be overwritten.
9744 * Please take care of keeping this list alphabetically sorted, doing so helps
9745 * all code contributors.
9746 * Optional keywords are also declared with a NULL ->parse() function so that
9747 * the config parser can report an appropriate error when a known keyword was
9748 * not enabled.
9749 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009750static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009751 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009752 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9753 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9754 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009755#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009756 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9757#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009758 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009759 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009760 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009761 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009762 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009763 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9764 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009765 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9766 { NULL, NULL, 0 },
9767};
9768
Willy Tarreau0108d902018-11-25 19:14:37 +01009769/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9770
Willy Tarreau51fb7652012-09-18 18:24:39 +02009771static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009772 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009773 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9774 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9775 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9776 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9777 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9778 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009779#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009780 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9781#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009782 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9783 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9784 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9785 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9786 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9787 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9788 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9789 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9790 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9791 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009792 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009793 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009794 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009795 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9796 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9797 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9798 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009799 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009800 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9801 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009802 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9803 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009804 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9805 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9806 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9807 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9808 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009809 { NULL, NULL, 0 },
9810}};
Emeric Brun46591952012-05-18 15:47:34 +02009811
Willy Tarreau0108d902018-11-25 19:14:37 +01009812INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9813
Willy Tarreau92faadf2012-10-10 23:04:25 +02009814/* Note: must not be declared <const> as its list will be overwritten.
9815 * Please take care of keeping this list alphabetically sorted, doing so helps
9816 * all code contributors.
9817 * Optional keywords are also declared with a NULL ->parse() function so that
9818 * the config parser can report an appropriate error when a known keyword was
9819 * not enabled.
9820 */
9821static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01009822 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +01009823 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009824 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +01009825 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +02009826 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009827 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
9828 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009829#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009830 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
9831#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009832 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
9833 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
9834 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
9835 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
9836 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
9837 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
9838 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
9839 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
9840 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
9841 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
9842 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
9843 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
9844 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
9845 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
9846 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
9847 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
9848 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
9849 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +01009850 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009851 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
9852 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
9853 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
9854 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
9855 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
9856 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
9857 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
9858 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
9859 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
9860 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02009861 { NULL, NULL, 0, 0 },
9862}};
9863
Willy Tarreau0108d902018-11-25 19:14:37 +01009864INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
9865
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009866static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009867 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
9868 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009869 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009870 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
9871 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01009872#ifndef OPENSSL_NO_DH
9873 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
9874#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009875 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009876#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009877 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009878#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01009879 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
9880#ifndef OPENSSL_NO_DH
9881 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
9882#endif
9883 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
9884 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
9885 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
9886 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009887 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01009888 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
9889 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009890#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009891 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
9892 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
9893#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +01009894 { 0, NULL, NULL },
9895}};
9896
Willy Tarreau0108d902018-11-25 19:14:37 +01009897INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
9898
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009899/* Note: must not be declared <const> as its list will be overwritten */
9900static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +02009901#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009902 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
9903#endif
9904 { NULL, NULL, 0, 0, 0 },
9905}};
9906
9907INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
9908
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02009909/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01009910static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02009911 .snd_buf = ssl_sock_from_buf,
9912 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +01009913 .subscribe = ssl_subscribe,
9914 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +02009915 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +02009916 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +02009917 .rcv_pipe = NULL,
9918 .snd_pipe = NULL,
9919 .shutr = NULL,
9920 .shutw = ssl_sock_shutw,
9921 .close = ssl_sock_close,
9922 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01009923 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01009924 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01009925 .prepare_srv = ssl_sock_prepare_srv_ctx,
9926 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01009927 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01009928 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02009929};
9930
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009931enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
9932 struct session *sess, struct stream *s, int flags)
9933{
9934 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009935 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009936
9937 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009938 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009939
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009940 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009941 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01009942 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009943 s->req.flags |= CF_READ_NULL;
9944 return ACT_RET_YIELD;
9945 }
9946 }
9947 return (ACT_RET_CONT);
9948}
9949
9950static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
9951{
9952 rule->action_ptr = ssl_action_wait_for_hs;
9953
9954 return ACT_RET_PRS_OK;
9955}
9956
9957static struct action_kw_list http_req_actions = {ILH, {
9958 { "wait-for-handshake", ssl_parse_wait_for_hs },
9959 { /* END */ }
9960}};
9961
Willy Tarreau0108d902018-11-25 19:14:37 +01009962INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
9963
Willy Tarreau5db847a2019-05-09 14:13:35 +02009964#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009965
9966static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9967{
9968 if (ptr) {
9969 chunk_destroy(ptr);
9970 free(ptr);
9971 }
9972}
9973
9974#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009975static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
9976{
Willy Tarreaubafbe012017-11-24 17:34:44 +01009977 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01009978}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01009979
Emeric Brun46591952012-05-18 15:47:34 +02009980__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02009981static void __ssl_sock_init(void)
9982{
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009983#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +02009984 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +05009985 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +05009986#endif
Emeric Brun46591952012-05-18 15:47:34 +02009987
Willy Tarreauef934602016-12-22 23:12:01 +01009988 if (global_ssl.listen_default_ciphers)
9989 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
9990 if (global_ssl.connect_default_ciphers)
9991 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009992#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009993 if (global_ssl.listen_default_ciphersuites)
9994 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
9995 if (global_ssl.connect_default_ciphersuites)
9996 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
9997#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +01009998
Willy Tarreau13e14102016-12-22 20:25:26 +01009999 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010000#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020010001 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080010002#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010003#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010004 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010005 n = sk_SSL_COMP_num(cm);
10006 while (n--) {
10007 (void) sk_SSL_COMP_pop(cm);
10008 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010009#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010010
Willy Tarreau5db847a2019-05-09 14:13:35 +020010011#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010012 ssl_locking_init();
10013#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020010014#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010015 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
10016#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020010017 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020010018 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +010010019 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010020#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010021 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010022 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010023#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010010024#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10025 hap_register_post_check(tlskeys_finalize_config);
10026#endif
Willy Tarreau80713382018-11-26 10:19:54 +010010027
10028 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
10029 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
10030
10031#ifndef OPENSSL_NO_DH
10032 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
10033 hap_register_post_deinit(ssl_free_dh);
10034#endif
10035#ifndef OPENSSL_NO_ENGINE
10036 hap_register_post_deinit(ssl_free_engines);
10037#endif
10038 /* Load SSL string for the verbose & debug mode. */
10039 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020010040 ha_meth = BIO_meth_new(0x666, "ha methods");
10041 BIO_meth_set_write(ha_meth, ha_ssl_write);
10042 BIO_meth_set_read(ha_meth, ha_ssl_read);
10043 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
10044 BIO_meth_set_create(ha_meth, ha_ssl_new);
10045 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
10046 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
10047 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
Willy Tarreau80713382018-11-26 10:19:54 +010010048}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010010049
Willy Tarreau80713382018-11-26 10:19:54 +010010050/* Compute and register the version string */
10051static void ssl_register_build_options()
10052{
10053 char *ptr = NULL;
10054 int i;
10055
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010056 memprintf(&ptr, "Built with OpenSSL version : "
10057#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010058 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010059#else /* OPENSSL_IS_BORINGSSL */
10060 OPENSSL_VERSION_TEXT
10061 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080010062 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020010063 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010064#endif
10065 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010066#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010067 "no (library version too old)"
10068#elif defined(OPENSSL_NO_TLSEXT)
10069 "no (disabled via OPENSSL_NO_TLSEXT)"
10070#else
10071 "yes"
10072#endif
10073 "", ptr);
10074
10075 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
10076#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10077 "yes"
10078#else
10079#ifdef OPENSSL_NO_TLSEXT
10080 "no (because of OPENSSL_NO_TLSEXT)"
10081#else
10082 "no (version might be too old, 0.9.8f min needed)"
10083#endif
10084#endif
10085 "", ptr);
10086
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020010087 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
10088 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
10089 if (methodVersions[i].option)
10090 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010091
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010092 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010010093}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010094
Willy Tarreau80713382018-11-26 10:19:54 +010010095INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020010096
Emeric Brun46591952012-05-18 15:47:34 +020010097
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010098#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010099void ssl_free_engines(void) {
10100 struct ssl_engine_list *wl, *wlb;
10101 /* free up engine list */
10102 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
10103 ENGINE_finish(wl->e);
10104 ENGINE_free(wl->e);
10105 LIST_DEL(&wl->list);
10106 free(wl);
10107 }
10108}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010109#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020010110
Remi Gacogned3a23c32015-05-28 16:39:47 +020010111#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000010112void ssl_free_dh(void) {
10113 if (local_dh_1024) {
10114 DH_free(local_dh_1024);
10115 local_dh_1024 = NULL;
10116 }
10117 if (local_dh_2048) {
10118 DH_free(local_dh_2048);
10119 local_dh_2048 = NULL;
10120 }
10121 if (local_dh_4096) {
10122 DH_free(local_dh_4096);
10123 local_dh_4096 = NULL;
10124 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020010125 if (global_dh) {
10126 DH_free(global_dh);
10127 global_dh = NULL;
10128 }
Grant Zhang872f9c22017-01-21 01:10:18 +000010129}
10130#endif
10131
10132__attribute__((destructor))
10133static void __ssl_sock_deinit(void)
10134{
10135#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010136 if (ssl_ctx_lru_tree) {
10137 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010010138 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020010139 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020010140#endif
10141
Willy Tarreau5db847a2019-05-09 14:13:35 +020010142#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010143 ERR_remove_state(0);
10144 ERR_free_strings();
10145
10146 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080010147#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020010148
Willy Tarreau5db847a2019-05-09 14:13:35 +020010149#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010150 CRYPTO_cleanup_all_ex_data();
10151#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020010152 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020010153}
10154
10155
Emeric Brun46591952012-05-18 15:47:34 +020010156/*
10157 * Local variables:
10158 * c-indent-level: 8
10159 * c-basic-offset: 8
10160 * End:
10161 */