blob: a59f15e203ff3ea916a14b76ccdcb1bc0961f0c1 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
Willy Tarreau8d164dc2019-05-10 09:35:00 +020026/* Note: do NOT include openssl/xxx.h here, do it in openssl-compat.h */
Emeric Brun46591952012-05-18 15:47:34 +020027#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020028#include <ctype.h>
29#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020030#include <errno.h>
31#include <fcntl.h>
32#include <stdio.h>
33#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020034#include <string.h>
35#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020036
37#include <sys/socket.h>
38#include <sys/stat.h>
39#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020040#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020041#include <netinet/tcp.h>
42
Christopher Faulet31af49d2015-06-09 17:29:50 +020043#include <import/lru.h>
44#include <import/xxhash.h>
45
Emeric Brun46591952012-05-18 15:47:34 +020046#include <common/buffer.h>
Willy Tarreau843b7cb2018-07-13 10:54:26 +020047#include <common/chunk.h>
Emeric Brun46591952012-05-18 15:47:34 +020048#include <common/compat.h>
49#include <common/config.h>
50#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020051#include <common/errors.h>
Willy Tarreau0108d902018-11-25 19:14:37 +010052#include <common/initcall.h>
Willy Tarreau55994562019-05-09 14:52:44 +020053#include <common/openssl-compat.h>
Emeric Brun46591952012-05-18 15:47:34 +020054#include <common/standard.h>
55#include <common/ticks.h>
56#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010057#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010058#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020059
Emeric Brunfc0421f2012-09-07 17:30:07 +020060#include <ebsttree.h>
61
William Lallemand32af2032016-10-29 18:09:35 +020062#include <types/applet.h>
63#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020064#include <types/global.h>
65#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020066#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020067
Willy Tarreau7875d092012-09-10 08:20:03 +020068#include <proto/acl.h>
69#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020070#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020072#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020073#include <proto/fd.h>
74#include <proto/freq_ctr.h>
75#include <proto/frontend.h>
Willy Tarreau61c112a2018-10-02 16:43:32 +020076#include <proto/http_rules.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020077#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010078#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020079#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020080#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020081#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020082#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +020083#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020084#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020086#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +020087#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/task.h>
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010089#include <proto/vars.h>
Emeric Brun46591952012-05-18 15:47:34 +020090
Willy Tarreau9356dac2019-05-10 09:22:53 +020091/* ***** READ THIS before adding code here! *****
92 *
93 * Due to API incompatibilities between multiple OpenSSL versions and their
94 * derivatives, it's often tempting to add macros to (re-)define certain
95 * symbols. Please do not do this here, and do it in common/openssl-compat.h
96 * exclusively so that the whole code consistently uses the same macros.
97 *
98 * Whenever possible if a macro is missing in certain versions, it's better
99 * to conditionally define it in openssl-compat.h than using lots of ifdefs.
100 */
101
Willy Tarreau518cedd2014-02-17 15:43:01 +0100102/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200103#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100104#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100105#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200106#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
107
Emeric Brunf282a812012-09-21 15:27:54 +0200108/* bits 0xFFFF0000 are reserved to store verify errors */
109
110/* Verify errors macros */
111#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
112#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
113#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
114
115#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
116#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
117#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200118
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200119/* ssl_methods flags for ssl options */
120#define MC_SSL_O_ALL 0x0000
121#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
122#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
123#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
124#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200125#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200126
127/* ssl_methods versions */
128enum {
129 CONF_TLSV_NONE = 0,
130 CONF_TLSV_MIN = 1,
131 CONF_SSLV3 = 1,
132 CONF_TLSV10 = 2,
133 CONF_TLSV11 = 3,
134 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200135 CONF_TLSV13 = 5,
136 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200137};
138
Emeric Brun850efd52014-01-29 12:24:34 +0100139/* server and bind verify method, it uses a global value as default */
140enum {
141 SSL_SOCK_VERIFY_DEFAULT = 0,
142 SSL_SOCK_VERIFY_REQUIRED = 1,
143 SSL_SOCK_VERIFY_OPTIONAL = 2,
144 SSL_SOCK_VERIFY_NONE = 3,
145};
146
William Lallemand3f85c9a2017-10-09 16:30:50 +0200147
Willy Tarreau71b734c2014-01-28 15:19:44 +0100148int sslconns = 0;
149int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100150static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100151int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200152
Willy Tarreauef934602016-12-22 23:12:01 +0100153static struct {
154 char *crt_base; /* base directory path for certificates */
155 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000156 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100157
158 char *listen_default_ciphers;
159 char *connect_default_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200160#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200161 char *listen_default_ciphersuites;
162 char *connect_default_ciphersuites;
163#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100164 int listen_default_ssloptions;
165 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200166 struct tls_version_filter listen_default_sslmethods;
167 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100168
169 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
170 unsigned int life_time; /* SSL session lifetime in seconds */
171 unsigned int max_record; /* SSL max record size */
172 unsigned int default_dh_param; /* SSL maximum DH parameter size */
173 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100174 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100175} global_ssl = {
176#ifdef LISTEN_DEFAULT_CIPHERS
177 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
178#endif
179#ifdef CONNECT_DEFAULT_CIPHERS
180 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
181#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +0200182#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +0200183#ifdef LISTEN_DEFAULT_CIPHERSUITES
184 .listen_default_ciphersuites = LISTEN_DEFAULT_CIPHERSUITES,
185#endif
186#ifdef CONNECT_DEFAULT_CIPHERSUITES
187 .connect_default_ciphersuites = CONNECT_DEFAULT_CIPHERSUITES,
188#endif
189#endif
Willy Tarreauef934602016-12-22 23:12:01 +0100190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Olivier Houcharda8955d52019-04-07 22:00:38 +0200208static BIO_METHOD *ha_meth;
209
Olivier Houchard66ab4982019-02-26 18:37:15 +0100210struct ssl_sock_ctx {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200211 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100212 SSL *ssl;
Olivier Houcharda8955d52019-04-07 22:00:38 +0200213 BIO *bio;
Olivier Houchard5149b592019-05-23 17:47:36 +0200214 const struct xprt_ops *xprt;
Olivier Houchard66ab4982019-02-26 18:37:15 +0100215 void *xprt_ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +0200216 struct wait_event wait_event;
217 struct wait_event *recv_wait;
218 struct wait_event *send_wait;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100219 int xprt_st; /* transport layer state, initialized to zero */
Olivier Houchardf6715e72019-12-19 15:02:39 +0100220 struct buffer early_buf; /* buffer to store the early data received */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +0100221 int sent_early_data; /* Amount of early data we sent so far */
222
Olivier Houchard66ab4982019-02-26 18:37:15 +0100223};
224
225DECLARE_STATIC_POOL(ssl_sock_ctx_pool, "ssl_sock_ctx_pool", sizeof(struct ssl_sock_ctx));
226
Olivier Houchardea8dd942019-05-20 14:02:16 +0200227static struct task *ssl_sock_io_cb(struct task *, void *, unsigned short);
Olivier Houchard000694c2019-05-23 14:45:12 +0200228static int ssl_sock_handshake(struct connection *conn, unsigned int flag);
Olivier Houchardea8dd942019-05-20 14:02:16 +0200229
Olivier Houcharda8955d52019-04-07 22:00:38 +0200230/* Methods to implement OpenSSL BIO */
231static int ha_ssl_write(BIO *h, const char *buf, int num)
232{
233 struct buffer tmpbuf;
234 struct ssl_sock_ctx *ctx;
235 int ret;
236
237 ctx = BIO_get_data(h);
238 tmpbuf.size = num;
239 tmpbuf.area = (void *)(uintptr_t)buf;
240 tmpbuf.data = num;
241 tmpbuf.head = 0;
242 ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200243 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200244 BIO_set_retry_write(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200245 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200246 } else if (ret == 0)
247 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200248 return ret;
249}
250
251static int ha_ssl_gets(BIO *h, char *buf, int size)
252{
253
254 return 0;
255}
256
257static int ha_ssl_puts(BIO *h, const char *str)
258{
259
260 return ha_ssl_write(h, str, strlen(str));
261}
262
263static int ha_ssl_read(BIO *h, char *buf, int size)
264{
265 struct buffer tmpbuf;
266 struct ssl_sock_ctx *ctx;
267 int ret;
268
269 ctx = BIO_get_data(h);
270 tmpbuf.size = size;
271 tmpbuf.area = buf;
272 tmpbuf.data = 0;
273 tmpbuf.head = 0;
274 ret = ctx->xprt->rcv_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, size, 0);
Olivier Houchardb51937e2019-05-01 17:24:36 +0200275 if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH))) {
Olivier Houcharda8955d52019-04-07 22:00:38 +0200276 BIO_set_retry_read(h);
Olivier Houcharda28454e2019-04-24 12:04:36 +0200277 ret = -1;
Olivier Houchardb51937e2019-05-01 17:24:36 +0200278 } else if (ret == 0)
279 BIO_clear_retry_flags(h);
Olivier Houcharda8955d52019-04-07 22:00:38 +0200280
281 return ret;
282}
283
284static long ha_ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2)
285{
286 int ret = 0;
287 switch (cmd) {
288 case BIO_CTRL_DUP:
289 case BIO_CTRL_FLUSH:
290 ret = 1;
291 break;
292 }
293 return ret;
294}
295
296static int ha_ssl_new(BIO *h)
297{
298 BIO_set_init(h, 1);
299 BIO_set_data(h, NULL);
300 BIO_clear_flags(h, ~0);
301 return 1;
302}
303
304static int ha_ssl_free(BIO *data)
305{
306
307 return 1;
308}
309
310
Willy Tarreau5db847a2019-05-09 14:13:35 +0200311#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100312
Emeric Brun821bb9b2017-06-15 16:37:39 +0200313static HA_RWLOCK_T *ssl_rwlocks;
314
315
316unsigned long ssl_id_function(void)
317{
318 return (unsigned long)tid;
319}
320
321void ssl_locking_function(int mode, int n, const char * file, int line)
322{
323 if (mode & CRYPTO_LOCK) {
324 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100325 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200326 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100327 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200328 }
329 else {
330 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100331 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200332 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100333 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200334 }
335}
336
337static int ssl_locking_init(void)
338{
339 int i;
340
341 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
342 if (!ssl_rwlocks)
343 return -1;
344
345 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100346 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200347
348 CRYPTO_set_id_callback(ssl_id_function);
349 CRYPTO_set_locking_callback(ssl_locking_function);
350
351 return 0;
352}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100353
Emeric Brun821bb9b2017-06-15 16:37:39 +0200354#endif
355
356
357
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100358/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100359struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100360 unsigned long long int xxh64;
361 unsigned char ciphersuite_len;
362 char ciphersuite[0];
363};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100364struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100365static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200366static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100367
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100368static int ssl_pkey_info_index = -1;
369
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200370#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
371struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
372#endif
373
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200374#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000375static unsigned int openssl_engines_initialized;
376struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
377struct ssl_engine_list {
378 struct list list;
379 ENGINE *e;
380};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200381#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000382
Remi Gacogne8de54152014-07-15 11:36:40 +0200383#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200384static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200385static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200386static DH *local_dh_1024 = NULL;
387static DH *local_dh_2048 = NULL;
388static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100389static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200390#endif /* OPENSSL_NO_DH */
391
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100392#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200393/* X509V3 Extensions that will be added on generated certificates */
394#define X509V3_EXT_SIZE 5
395static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
396 "basicConstraints",
397 "nsComment",
398 "subjectKeyIdentifier",
399 "authorityKeyIdentifier",
400 "keyUsage",
401};
402static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
403 "CA:FALSE",
404 "\"OpenSSL Generated Certificate\"",
405 "hash",
406 "keyid,issuer:always",
407 "nonRepudiation,digitalSignature,keyEncipherment"
408};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200409/* LRU cache to store generated certificate */
410static struct lru64_head *ssl_ctx_lru_tree = NULL;
411static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200412static unsigned int ssl_ctx_serial;
Willy Tarreau86abe442018-11-25 20:12:18 +0100413__decl_rwlock(ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200414
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200415#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
416
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100417static struct ssl_bind_kw ssl_bind_kws[];
418
Willy Tarreau9a1ab082019-05-09 13:26:41 +0200419#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhube2774d2015-12-10 15:07:30 -0500420/* The order here matters for picking a default context,
421 * keep the most common keytype at the bottom of the list
422 */
423const char *SSL_SOCK_KEYTYPE_NAMES[] = {
424 "dsa",
425 "ecdsa",
426 "rsa"
427};
428#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100429#else
430#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500431#endif
432
William Lallemandc3cd35f2017-11-28 11:04:43 +0100433static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100434static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
435
436#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
437
438#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
439 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
440
441#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
442 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200443
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100444/*
445 * This function gives the detail of the SSL error. It is used only
446 * if the debug mode and the verbose mode are activated. It dump all
447 * the SSL error until the stack was empty.
448 */
449static forceinline void ssl_sock_dump_errors(struct connection *conn)
450{
451 unsigned long ret;
452
453 if (unlikely(global.mode & MODE_DEBUG)) {
454 while(1) {
455 ret = ERR_get_error();
456 if (ret == 0)
457 return;
458 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200459 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100460 ERR_func_error_string(ret), ERR_reason_error_string(ret));
461 }
462 }
463}
464
yanbzhube2774d2015-12-10 15:07:30 -0500465
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200466#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000467static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
468{
469 int err_code = ERR_ABORT;
470 ENGINE *engine;
471 struct ssl_engine_list *el;
472
473 /* grab the structural reference to the engine */
474 engine = ENGINE_by_id(engine_id);
475 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100476 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000477 goto fail_get;
478 }
479
480 if (!ENGINE_init(engine)) {
481 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100482 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000483 goto fail_init;
484 }
485
486 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100487 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000488 goto fail_set_method;
489 }
490
491 el = calloc(1, sizeof(*el));
492 el->e = engine;
493 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100494 nb_engines++;
495 if (global_ssl.async)
496 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000497 return 0;
498
499fail_set_method:
500 /* release the functional reference from ENGINE_init() */
501 ENGINE_finish(engine);
502
503fail_init:
504 /* release the structural reference from ENGINE_by_id() */
505 ENGINE_free(engine);
506
507fail_get:
508 return err_code;
509}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200510#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000511
Willy Tarreau5db847a2019-05-09 14:13:35 +0200512#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200513/*
514 * openssl async fd handler
515 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200516void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000517{
Olivier Houchardea8dd942019-05-20 14:02:16 +0200518 struct ssl_sock_ctx *ctx = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000519
Emeric Brun3854e012017-05-17 20:42:48 +0200520 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000521 * to poll this fd until it is requested
522 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000523 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000524 fd_cant_recv(fd);
525
526 /* crypto engine is available, let's notify the associated
527 * connection that it can pursue its processing.
528 */
Olivier Houchard03abf2d2019-05-28 10:12:02 +0200529 ssl_sock_io_cb(NULL, ctx, 0);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000530}
531
Emeric Brun3854e012017-05-17 20:42:48 +0200532/*
533 * openssl async delayed SSL_free handler
534 */
Emeric Brund0e095c2019-04-19 17:15:28 +0200535void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000536{
537 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200538 OSSL_ASYNC_FD all_fd[32];
539 size_t num_all_fds = 0;
540 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000541
Emeric Brun3854e012017-05-17 20:42:48 +0200542 /* We suppose that the async job for a same SSL *
543 * are serialized. So if we are awake it is
544 * because the running job has just finished
545 * and we can remove all async fds safely
546 */
547 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
548 if (num_all_fds > 32) {
549 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
550 return;
551 }
552
553 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
554 for (i=0 ; i < num_all_fds ; i++)
555 fd_remove(all_fd[i]);
556
557 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000558 SSL_free(ssl);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +0100559 _HA_ATOMIC_SUB(&sslconns, 1);
560 _HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000561}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000562/*
Emeric Brun3854e012017-05-17 20:42:48 +0200563 * function used to manage a returned SSL_ERROR_WANT_ASYNC
564 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000565 */
Olivier Houchardea8dd942019-05-20 14:02:16 +0200566static inline void ssl_async_process_fds(struct ssl_sock_ctx *ctx)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000567{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100568 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200569 OSSL_ASYNC_FD del_fd[32];
Olivier Houchardea8dd942019-05-20 14:02:16 +0200570 SSL *ssl = ctx->ssl;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000571 size_t num_add_fds = 0;
572 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200573 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000574
575 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
576 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200577 if (num_add_fds > 32 || num_del_fds > 32) {
578 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000579 return;
580 }
581
Emeric Brun3854e012017-05-17 20:42:48 +0200582 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000583
Emeric Brun3854e012017-05-17 20:42:48 +0200584 /* We remove unused fds from the fdtab */
585 for (i=0 ; i < num_del_fds ; i++)
586 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000587
Emeric Brun3854e012017-05-17 20:42:48 +0200588 /* We add new fds to the fdtab */
589 for (i=0 ; i < num_add_fds ; i++) {
Olivier Houchardea8dd942019-05-20 14:02:16 +0200590 fd_insert(add_fd[i], ctx, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000591 }
592
Emeric Brun3854e012017-05-17 20:42:48 +0200593 num_add_fds = 0;
594 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
595 if (num_add_fds > 32) {
596 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
597 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000598 }
Emeric Brun3854e012017-05-17 20:42:48 +0200599
600 /* We activate the polling for all known async fds */
601 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000602 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200603 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000604 /* To ensure that the fd cache won't be used
605 * We'll prefer to catch a real RD event
606 * because handling an EAGAIN on this fd will
607 * result in a context switch and also
608 * some engines uses a fd in blocking mode.
609 */
610 fd_cant_recv(add_fd[i]);
611 }
Emeric Brun3854e012017-05-17 20:42:48 +0200612
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000613}
614#endif
615
William Lallemandc33d83d2019-10-14 14:14:59 +0200616#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200617/*
618 * This function returns the number of seconds elapsed
619 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
620 * date presented un ASN1_GENERALIZEDTIME.
621 *
622 * In parsing error case, it returns -1.
623 */
624static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
625{
626 long epoch;
627 char *p, *end;
628 const unsigned short month_offset[12] = {
629 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
630 };
631 int year, month;
632
633 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
634
635 p = (char *)d->data;
636 end = p + d->length;
637
638 if (end - p < 4) return -1;
639 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
640 p += 4;
641 if (end - p < 2) return -1;
642 month = 10 * (p[0] - '0') + p[1] - '0';
643 if (month < 1 || month > 12) return -1;
644 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
645 We consider leap years and the current month (<marsh or not) */
646 epoch = ( ((year - 1970) * 365)
647 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
648 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
649 + month_offset[month-1]
650 ) * 24 * 60 * 60;
651 p += 2;
652 if (end - p < 2) return -1;
653 /* Add the number of seconds of completed days of current month */
654 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
655 p += 2;
656 if (end - p < 2) return -1;
657 /* Add the completed hours of the current day */
658 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
659 p += 2;
660 if (end - p < 2) return -1;
661 /* Add the completed minutes of the current hour */
662 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
663 p += 2;
664 if (p == end) return -1;
665 /* Test if there is available seconds */
666 if (p[0] < '0' || p[0] > '9')
667 goto nosec;
668 if (end - p < 2) return -1;
669 /* Add the seconds of the current minute */
670 epoch += 10 * (p[0] - '0') + p[1] - '0';
671 p += 2;
672 if (p == end) return -1;
673 /* Ignore seconds float part if present */
674 if (p[0] == '.') {
675 do {
676 if (++p == end) return -1;
677 } while (p[0] >= '0' && p[0] <= '9');
678 }
679
680nosec:
681 if (p[0] == 'Z') {
682 if (end - p != 1) return -1;
683 return epoch;
684 }
685 else if (p[0] == '+') {
686 if (end - p != 5) return -1;
687 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700688 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200689 }
690 else if (p[0] == '-') {
691 if (end - p != 5) return -1;
692 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700693 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200694 }
695
696 return -1;
697}
698
William Lallemandc33d83d2019-10-14 14:14:59 +0200699/*
700 * struct alignment works here such that the key.key is the same as key_data
701 * Do not change the placement of key_data
702 */
703struct certificate_ocsp {
704 struct ebmb_node key;
705 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
706 struct buffer response;
707 long expire;
708};
709
710struct ocsp_cbk_arg {
711 int is_single;
712 int single_kt;
713 union {
714 struct certificate_ocsp *s_ocsp;
715 /*
716 * m_ocsp will have multiple entries dependent on key type
717 * Entry 0 - DSA
718 * Entry 1 - ECDSA
719 * Entry 2 - RSA
720 */
721 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
722 };
723};
724
Emeric Brun1d3865b2014-06-20 15:37:32 +0200725static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200726
727/* This function starts to check if the OCSP response (in DER format) contained
728 * in chunk 'ocsp_response' is valid (else exits on error).
729 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
730 * contained in the OCSP Response and exits on error if no match.
731 * If it's a valid OCSP Response:
732 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
733 * pointed by 'ocsp'.
734 * If 'ocsp' is NULL, the function looks up into the OCSP response's
735 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
736 * from the response) and exits on error if not found. Finally, If an OCSP response is
737 * already present in the container, it will be overwritten.
738 *
739 * Note: OCSP response containing more than one OCSP Single response is not
740 * considered valid.
741 *
742 * Returns 0 on success, 1 in error case.
743 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200744static int ssl_sock_load_ocsp_response(struct buffer *ocsp_response,
745 struct certificate_ocsp *ocsp,
746 OCSP_CERTID *cid, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200747{
748 OCSP_RESPONSE *resp;
749 OCSP_BASICRESP *bs = NULL;
750 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200751 OCSP_CERTID *id;
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200752 unsigned char *p = (unsigned char *) ocsp_response->area;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200753 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200754 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200755 int reason;
756 int ret = 1;
757
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200758 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p,
759 ocsp_response->data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200760 if (!resp) {
761 memprintf(err, "Unable to parse OCSP response");
762 goto out;
763 }
764
765 rc = OCSP_response_status(resp);
766 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
767 memprintf(err, "OCSP response status not successful");
768 goto out;
769 }
770
771 bs = OCSP_response_get1_basic(resp);
772 if (!bs) {
773 memprintf(err, "Failed to get basic response from OCSP Response");
774 goto out;
775 }
776
777 count_sr = OCSP_resp_count(bs);
778 if (count_sr > 1) {
779 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
780 goto out;
781 }
782
783 sr = OCSP_resp_get0(bs, 0);
784 if (!sr) {
785 memprintf(err, "Failed to get OCSP single response");
786 goto out;
787 }
788
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200789 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
790
Emeric Brun4147b2e2014-06-16 18:36:30 +0200791 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200792 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200793 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200794 goto out;
795 }
796
Emeric Brun13a6b482014-06-20 15:44:34 +0200797 if (!nextupd) {
798 memprintf(err, "OCSP single response: missing nextupdate");
799 goto out;
800 }
801
Emeric Brunc8b27b62014-06-19 14:16:17 +0200802 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200803 if (!rc) {
804 memprintf(err, "OCSP single response: no longer valid.");
805 goto out;
806 }
807
808 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200809 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200810 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
811 goto out;
812 }
813 }
814
815 if (!ocsp) {
816 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
817 unsigned char *p;
818
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200819 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200820 if (!rc) {
821 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
822 goto out;
823 }
824
825 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
826 memprintf(err, "OCSP single response: Certificate ID too long");
827 goto out;
828 }
829
830 p = key;
831 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200832 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200833 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
834 if (!ocsp) {
835 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
836 goto out;
837 }
838 }
839
840 /* According to comments on "chunk_dup", the
841 previous chunk buffer will be freed */
842 if (!chunk_dup(&ocsp->response, ocsp_response)) {
843 memprintf(err, "OCSP response: Memory allocation error");
844 goto out;
845 }
846
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200847 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
848
Emeric Brun4147b2e2014-06-16 18:36:30 +0200849 ret = 0;
850out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100851 ERR_clear_error();
852
Emeric Brun4147b2e2014-06-16 18:36:30 +0200853 if (bs)
854 OCSP_BASICRESP_free(bs);
855
856 if (resp)
857 OCSP_RESPONSE_free(resp);
858
859 return ret;
860}
861/*
862 * External function use to update the OCSP response in the OCSP response's
863 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
864 * to update in DER format.
865 *
866 * Returns 0 on success, 1 in error case.
867 */
Willy Tarreau83061a82018-07-13 11:56:34 +0200868int ssl_sock_update_ocsp_response(struct buffer *ocsp_response, char **err)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200869{
870 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
871}
872
873/*
874 * This function load the OCSP Resonse in DER format contained in file at
875 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
876 *
877 * Returns 0 on success, 1 in error case.
878 */
879static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
880{
881 int fd = -1;
882 int r = 0;
883 int ret = 1;
884
885 fd = open(ocsp_path, O_RDONLY);
886 if (fd == -1) {
887 memprintf(err, "Error opening OCSP response file");
888 goto end;
889 }
890
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200891 trash.data = 0;
892 while (trash.data < trash.size) {
893 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200894 if (r < 0) {
895 if (errno == EINTR)
896 continue;
897
898 memprintf(err, "Error reading OCSP response from file");
899 goto end;
900 }
901 else if (r == 0) {
902 break;
903 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +0200904 trash.data += r;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200905 }
906
907 close(fd);
908 fd = -1;
909
910 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
911end:
912 if (fd != -1)
913 close(fd);
914
915 return ret;
916}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100917#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200918
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100919#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
920static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
921{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100922 struct tls_keys_ref *ref;
Emeric Brun9e754772019-01-10 17:51:55 +0100923 union tls_sess_key *keys;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100924 struct connection *conn;
925 int head;
926 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100927 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100928
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200929 conn = SSL_get_ex_data(s, ssl_app_data_index);
Willy Tarreau07d94e42018-09-20 10:57:52 +0200930 ref = __objt_listener(conn->target)->bind_conf->keys_ref;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100931 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
932
933 keys = ref->tlskeys;
934 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100935
936 if (enc) {
937 memcpy(key_name, keys[head].name, 16);
938
939 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100940 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100941
Emeric Brun9e754772019-01-10 17:51:55 +0100942 if (ref->key_size_bits == 128) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100943
Emeric Brun9e754772019-01-10 17:51:55 +0100944 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].key_128.aes_key, iv))
945 goto end;
946
Willy Tarreau9356dac2019-05-10 09:22:53 +0200947 HMAC_Init_ex(hctx, keys[head].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100948 ret = 1;
949 }
950 else if (ref->key_size_bits == 256 ) {
951
952 if(!EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[head].key_256.aes_key, iv))
953 goto end;
954
Willy Tarreau9356dac2019-05-10 09:22:53 +0200955 HMAC_Init_ex(hctx, keys[head].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100956 ret = 1;
957 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100958 } else {
959 for (i = 0; i < TLS_TICKETS_NO; i++) {
960 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
961 goto found;
962 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100963 ret = 0;
964 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100965
Christopher Faulet16f45c82018-02-16 11:23:49 +0100966 found:
Emeric Brun9e754772019-01-10 17:51:55 +0100967 if (ref->key_size_bits == 128) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200968 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_128.hmac_key, 16, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100969 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_128.aes_key, iv))
970 goto end;
971 /* 2 for key renewal, 1 if current key is still valid */
972 ret = i ? 2 : 1;
973 }
974 else if (ref->key_size_bits == 256) {
Willy Tarreau9356dac2019-05-10 09:22:53 +0200975 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].key_256.hmac_key, 32, TLS_TICKET_HASH_FUNCT(), NULL);
Emeric Brun9e754772019-01-10 17:51:55 +0100976 if(!EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].key_256.aes_key, iv))
977 goto end;
978 /* 2 for key renewal, 1 if current key is still valid */
979 ret = i ? 2 : 1;
980 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100981 }
Emeric Brun9e754772019-01-10 17:51:55 +0100982
Christopher Faulet16f45c82018-02-16 11:23:49 +0100983 end:
984 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
985 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200986}
987
988struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
989{
990 struct tls_keys_ref *ref;
991
992 list_for_each_entry(ref, &tlskeys_reference, list)
993 if (ref->filename && strcmp(filename, ref->filename) == 0)
994 return ref;
995 return NULL;
996}
997
998struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
999{
1000 struct tls_keys_ref *ref;
1001
1002 list_for_each_entry(ref, &tlskeys_reference, list)
1003 if (ref->unique_id == unique_id)
1004 return ref;
1005 return NULL;
1006}
1007
Emeric Brun9e754772019-01-10 17:51:55 +01001008/* Update the key into ref: if keysize doesnt
1009 * match existing ones, this function returns -1
1010 * else it returns 0 on success.
1011 */
1012int ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref,
Willy Tarreau83061a82018-07-13 11:56:34 +02001013 struct buffer *tlskey)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001014{
Emeric Brun9e754772019-01-10 17:51:55 +01001015 if (ref->key_size_bits == 128) {
1016 if (tlskey->data != sizeof(struct tls_sess_key_128))
1017 return -1;
1018 }
1019 else if (ref->key_size_bits == 256) {
1020 if (tlskey->data != sizeof(struct tls_sess_key_256))
1021 return -1;
1022 }
1023 else
1024 return -1;
1025
Christopher Faulet16f45c82018-02-16 11:23:49 +01001026 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001027 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)),
1028 tlskey->area, tlskey->data);
Christopher Faulet16f45c82018-02-16 11:23:49 +01001029 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
1030 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Emeric Brun9e754772019-01-10 17:51:55 +01001031
1032 return 0;
Christopher Faulet16f45c82018-02-16 11:23:49 +01001033}
1034
Willy Tarreau83061a82018-07-13 11:56:34 +02001035int ssl_sock_update_tlskey(char *filename, struct buffer *tlskey, char **err)
Christopher Faulet16f45c82018-02-16 11:23:49 +01001036{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001037 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
1038
1039 if(!ref) {
1040 memprintf(err, "Unable to locate the referenced filename: %s", filename);
1041 return 1;
1042 }
Emeric Brun9e754772019-01-10 17:51:55 +01001043 if (ssl_sock_update_tlskey_ref(ref, tlskey) < 0) {
1044 memprintf(err, "Invalid key size");
1045 return 1;
1046 }
1047
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001048 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001049}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001050
1051/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +01001052 * automatic ids. It's called just after the basic checks. It returns
1053 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001054 */
Willy Tarreaud1c57502016-12-22 22:46:15 +01001055static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001056{
1057 int i = 0;
1058 struct tls_keys_ref *ref, *ref2, *ref3;
1059 struct list tkr = LIST_HEAD_INIT(tkr);
1060
1061 list_for_each_entry(ref, &tlskeys_reference, list) {
1062 if (ref->unique_id == -1) {
1063 /* Look for the first free id. */
1064 while (1) {
1065 list_for_each_entry(ref2, &tlskeys_reference, list) {
1066 if (ref2->unique_id == i) {
1067 i++;
1068 break;
1069 }
1070 }
1071 if (&ref2->list == &tlskeys_reference)
1072 break;
1073 }
1074
1075 /* Uses the unique id and increment it for the next entry. */
1076 ref->unique_id = i;
1077 i++;
1078 }
1079 }
1080
1081 /* This sort the reference list by id. */
1082 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
1083 LIST_DEL(&ref->list);
1084 list_for_each_entry(ref3, &tkr, list) {
1085 if (ref->unique_id < ref3->unique_id) {
1086 LIST_ADDQ(&ref3->list, &ref->list);
1087 break;
1088 }
1089 }
1090 if (&ref3->list == &tkr)
1091 LIST_ADDQ(&tkr, &ref->list);
1092 }
1093
1094 /* swap root */
1095 LIST_ADD(&tkr, &tlskeys_reference);
1096 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +01001097 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02001098}
Nenad Merdanovic05552d42015-02-27 19:56:49 +01001099#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
1100
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001101#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -05001102int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
1103{
1104 switch (evp_keytype) {
1105 case EVP_PKEY_RSA:
1106 return 2;
1107 case EVP_PKEY_DSA:
1108 return 0;
1109 case EVP_PKEY_EC:
1110 return 1;
1111 }
1112
1113 return -1;
1114}
1115
Emeric Brun4147b2e2014-06-16 18:36:30 +02001116/*
1117 * Callback used to set OCSP status extension content in server hello.
1118 */
1119int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
1120{
yanbzhube2774d2015-12-10 15:07:30 -05001121 struct certificate_ocsp *ocsp;
1122 struct ocsp_cbk_arg *ocsp_arg;
1123 char *ssl_buf;
1124 EVP_PKEY *ssl_pkey;
1125 int key_type;
1126 int index;
1127
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001128 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -05001129
1130 ssl_pkey = SSL_get_privatekey(ssl);
1131 if (!ssl_pkey)
1132 return SSL_TLSEXT_ERR_NOACK;
1133
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001134 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001135
1136 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
1137 ocsp = ocsp_arg->s_ocsp;
1138 else {
1139 /* For multiple certs per context, we have to find the correct OCSP response based on
1140 * the certificate type
1141 */
1142 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
1143
1144 if (index < 0)
1145 return SSL_TLSEXT_ERR_NOACK;
1146
1147 ocsp = ocsp_arg->m_ocsp[index];
1148
1149 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001150
1151 if (!ocsp ||
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001152 !ocsp->response.area ||
1153 !ocsp->response.data ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001154 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001155 return SSL_TLSEXT_ERR_NOACK;
1156
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001157 ssl_buf = OPENSSL_malloc(ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001158 if (!ssl_buf)
1159 return SSL_TLSEXT_ERR_NOACK;
1160
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001161 memcpy(ssl_buf, ocsp->response.area, ocsp->response.data);
1162 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.data);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001163
1164 return SSL_TLSEXT_ERR_OK;
1165}
1166
1167/*
1168 * This function enables the handling of OCSP status extension on 'ctx' if a
1169 * file name 'cert_path' suffixed using ".ocsp" is present.
1170 * To enable OCSP status extension, the issuer's certificate is mandatory.
1171 * It should be present in the certificate's extra chain builded from file
1172 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1173 * named 'cert_path' suffixed using '.issuer'.
1174 *
1175 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1176 * response. If file is empty or content is not a valid OCSP response,
1177 * OCSP status extension is enabled but OCSP response is ignored (a warning
1178 * is displayed).
1179 *
1180 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
Joseph Herlant017b3da2018-11-15 09:07:59 -08001181 * successfully enabled, or -1 in other error case.
Emeric Brun4147b2e2014-06-16 18:36:30 +02001182 */
1183static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1184{
1185
1186 BIO *in = NULL;
1187 X509 *x, *xi = NULL, *issuer = NULL;
1188 STACK_OF(X509) *chain = NULL;
1189 OCSP_CERTID *cid = NULL;
1190 SSL *ssl;
1191 char ocsp_path[MAXPATHLEN+1];
1192 int i, ret = -1;
1193 struct stat st;
1194 struct certificate_ocsp *ocsp = NULL, *iocsp;
1195 char *warn = NULL;
1196 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001197 pem_password_cb *passwd_cb;
1198 void *passwd_cb_userdata;
1199 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001200
1201 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1202
1203 if (stat(ocsp_path, &st))
1204 return 1;
1205
1206 ssl = SSL_new(ctx);
1207 if (!ssl)
1208 goto out;
1209
1210 x = SSL_get_certificate(ssl);
1211 if (!x)
1212 goto out;
1213
1214 /* Try to lookup for issuer in certificate extra chain */
Emeric Brun4147b2e2014-06-16 18:36:30 +02001215 SSL_CTX_get_extra_chain_certs(ctx, &chain);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001216 for (i = 0; i < sk_X509_num(chain); i++) {
1217 issuer = sk_X509_value(chain, i);
1218 if (X509_check_issued(issuer, x) == X509_V_OK)
1219 break;
1220 else
1221 issuer = NULL;
1222 }
1223
1224 /* If not found try to load issuer from a suffixed file */
1225 if (!issuer) {
1226 char issuer_path[MAXPATHLEN+1];
1227
1228 in = BIO_new(BIO_s_file());
1229 if (!in)
1230 goto out;
1231
1232 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1233 if (BIO_read_filename(in, issuer_path) <= 0)
1234 goto out;
1235
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001236 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1237 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1238
1239 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001240 if (!xi)
1241 goto out;
1242
1243 if (X509_check_issued(xi, x) != X509_V_OK)
1244 goto out;
1245
1246 issuer = xi;
1247 }
1248
1249 cid = OCSP_cert_to_id(0, x, issuer);
1250 if (!cid)
1251 goto out;
1252
1253 i = i2d_OCSP_CERTID(cid, NULL);
1254 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1255 goto out;
1256
Vincent Bernat02779b62016-04-03 13:48:43 +02001257 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001258 if (!ocsp)
1259 goto out;
1260
1261 p = ocsp->key_data;
1262 i2d_OCSP_CERTID(cid, &p);
1263
1264 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1265 if (iocsp == ocsp)
1266 ocsp = NULL;
1267
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001268#ifndef SSL_CTX_get_tlsext_status_cb
1269# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1270 *cb = (void (*) (void))ctx->tlsext_status_cb;
1271#endif
1272 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1273
1274 if (!callback) {
William Lallemanda4864492020-07-31 11:43:20 +02001275 struct ocsp_cbk_arg *cb_arg;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001276 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001277
William Lallemanda4864492020-07-31 11:43:20 +02001278 cb_arg = calloc(1, sizeof(*cb_arg));
1279 if (!cb_arg)
1280 goto out;
1281
yanbzhube2774d2015-12-10 15:07:30 -05001282 cb_arg->is_single = 1;
1283 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001284
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001285 pkey = X509_get_pubkey(x);
1286 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1287 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001288
1289 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1290 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1291 } else {
1292 /*
1293 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1294 * Update that cb_arg with the new cert's staple
1295 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001296 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001297 struct certificate_ocsp *tmp_ocsp;
1298 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001299 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001300 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001301
1302#ifdef SSL_CTX_get_tlsext_status_arg
1303 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1304#else
1305 cb_arg = ctx->tlsext_status_arg;
1306#endif
yanbzhube2774d2015-12-10 15:07:30 -05001307
1308 /*
1309 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1310 * the order of operations below matter, take care when changing it
1311 */
1312 tmp_ocsp = cb_arg->s_ocsp;
1313 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1314 cb_arg->s_ocsp = NULL;
1315 cb_arg->m_ocsp[index] = tmp_ocsp;
1316 cb_arg->is_single = 0;
1317 cb_arg->single_kt = 0;
1318
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001319 pkey = X509_get_pubkey(x);
1320 key_type = EVP_PKEY_base_id(pkey);
1321 EVP_PKEY_free(pkey);
1322
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001323 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001324 if (index >= 0 && !cb_arg->m_ocsp[index])
1325 cb_arg->m_ocsp[index] = iocsp;
1326
1327 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001328
1329 ret = 0;
1330
1331 warn = NULL;
1332 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1333 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001334 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001335 }
1336
1337out:
1338 if (ssl)
1339 SSL_free(ssl);
1340
1341 if (in)
1342 BIO_free(in);
1343
1344 if (xi)
1345 X509_free(xi);
1346
1347 if (cid)
1348 OCSP_CERTID_free(cid);
1349
1350 if (ocsp)
1351 free(ocsp);
1352
1353 if (warn)
1354 free(warn);
1355
1356
1357 return ret;
1358}
1359
1360#endif
1361
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001362#ifdef OPENSSL_IS_BORINGSSL
1363static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1364{
1365 char ocsp_path[MAXPATHLEN+1];
1366 struct stat st;
1367 int fd = -1, r = 0;
1368
1369 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1370 if (stat(ocsp_path, &st))
1371 return 0;
1372
1373 fd = open(ocsp_path, O_RDONLY);
1374 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001375 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001376 return -1;
1377 }
1378
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001379 trash.data = 0;
1380 while (trash.data < trash.size) {
1381 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001382 if (r < 0) {
1383 if (errno == EINTR)
1384 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001385 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001386 close(fd);
1387 return -1;
1388 }
1389 else if (r == 0) {
1390 break;
1391 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001392 trash.data += r;
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001393 }
1394 close(fd);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001395 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *) trash.area,
1396 trash.data);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001397}
1398#endif
1399
Willy Tarreau5db847a2019-05-09 14:13:35 +02001400#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001401
1402#define CT_EXTENSION_TYPE 18
1403
1404static int sctl_ex_index = -1;
1405
1406/*
1407 * Try to parse Signed Certificate Timestamp List structure. This function
1408 * makes only basic test if the data seems like SCTL. No signature validation
1409 * is performed.
1410 */
Willy Tarreau83061a82018-07-13 11:56:34 +02001411static int ssl_sock_parse_sctl(struct buffer *sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001412{
1413 int ret = 1;
1414 int len, pos, sct_len;
1415 unsigned char *data;
1416
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001417 if (sctl->data < 2)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001418 goto out;
1419
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001420 data = (unsigned char *) sctl->area;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001421 len = (data[0] << 8) | data[1];
1422
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001423 if (len + 2 != sctl->data)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001424 goto out;
1425
1426 data = data + 2;
1427 pos = 0;
1428 while (pos < len) {
1429 if (len - pos < 2)
1430 goto out;
1431
1432 sct_len = (data[pos] << 8) | data[pos + 1];
1433 if (pos + sct_len + 2 > len)
1434 goto out;
1435
1436 pos += sct_len + 2;
1437 }
1438
1439 ret = 0;
1440
1441out:
1442 return ret;
1443}
1444
Willy Tarreau83061a82018-07-13 11:56:34 +02001445static int ssl_sock_load_sctl_from_file(const char *sctl_path,
1446 struct buffer **sctl)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001447{
1448 int fd = -1;
1449 int r = 0;
1450 int ret = 1;
1451
1452 *sctl = NULL;
1453
1454 fd = open(sctl_path, O_RDONLY);
1455 if (fd == -1)
1456 goto end;
1457
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001458 trash.data = 0;
1459 while (trash.data < trash.size) {
1460 r = read(fd, trash.area + trash.data, trash.size - trash.data);
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001461 if (r < 0) {
1462 if (errno == EINTR)
1463 continue;
1464
1465 goto end;
1466 }
1467 else if (r == 0) {
1468 break;
1469 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001470 trash.data += r;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001471 }
1472
1473 ret = ssl_sock_parse_sctl(&trash);
1474 if (ret)
1475 goto end;
1476
Vincent Bernat02779b62016-04-03 13:48:43 +02001477 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001478 if (!chunk_dup(*sctl, &trash)) {
1479 free(*sctl);
1480 *sctl = NULL;
1481 goto end;
1482 }
1483
1484end:
1485 if (fd != -1)
1486 close(fd);
1487
1488 return ret;
1489}
1490
1491int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1492{
Willy Tarreau83061a82018-07-13 11:56:34 +02001493 struct buffer *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001494
Willy Tarreau843b7cb2018-07-13 10:54:26 +02001495 *out = (unsigned char *) sctl->area;
1496 *outlen = sctl->data;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001497
1498 return 1;
1499}
1500
1501int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1502{
1503 return 1;
1504}
1505
1506static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1507{
1508 char sctl_path[MAXPATHLEN+1];
1509 int ret = -1;
1510 struct stat st;
Willy Tarreau83061a82018-07-13 11:56:34 +02001511 struct buffer *sctl = NULL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001512
1513 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1514
1515 if (stat(sctl_path, &st))
1516 return 1;
1517
1518 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1519 goto out;
1520
1521 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1522 free(sctl);
1523 goto out;
1524 }
1525
1526 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1527
1528 ret = 0;
1529
1530out:
1531 return ret;
1532}
1533
1534#endif
1535
Emeric Brune1f38db2012-09-03 20:36:47 +02001536void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1537{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001538 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001539 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001540 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001541 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001542
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001543#ifndef SSL_OP_NO_RENEGOTIATION
1544 /* Please note that BoringSSL defines this macro to zero so don't
1545 * change this to #if and do not assign a default value to this macro!
1546 */
Emeric Brune1f38db2012-09-03 20:36:47 +02001547 if (where & SSL_CB_HANDSHAKE_START) {
1548 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001549 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001550 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001551 conn->err_code = CO_ER_SSL_RENEG;
1552 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001553 }
Dirkjan Bussink526894f2019-01-21 09:35:03 -08001554#endif
Emeric Brund8b2bb52014-01-28 15:43:53 +01001555
1556 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001557 if (!(ctx->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
Emeric Brund8b2bb52014-01-28 15:43:53 +01001558 /* Long certificate chains optimz
1559 If write and read bios are differents, we
1560 consider that the buffering was activated,
1561 so we rise the output buffer size from 4k
1562 to 16k */
1563 write_bio = SSL_get_wbio(ssl);
1564 if (write_bio != SSL_get_rbio(ssl)) {
1565 BIO_set_write_buffer_size(write_bio, 16384);
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001566 ctx->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
Emeric Brund8b2bb52014-01-28 15:43:53 +01001567 }
1568 }
1569 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001570}
1571
Emeric Brune64aef12012-09-21 13:15:06 +02001572/* Callback is called for each certificate of the chain during a verify
1573 ok is set to 1 if preverify detect no error on current certificate.
1574 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001575int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001576{
1577 SSL *ssl;
1578 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001579 struct ssl_sock_ctx *ctx;
Emeric Brun81c00f02012-09-21 14:31:21 +02001580 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001581
1582 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001583 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001584
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001585 ctx = conn->xprt_ctx;
1586
1587 ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001588
Emeric Brun81c00f02012-09-21 14:31:21 +02001589 if (ok) /* no errors */
1590 return ok;
1591
1592 depth = X509_STORE_CTX_get_error_depth(x_store);
1593 err = X509_STORE_CTX_get_error(x_store);
1594
1595 /* check if CA error needs to be ignored */
1596 if (depth > 0) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001597 if (!SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st)) {
1598 ctx->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1599 ctx->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001600 }
1601
Willy Tarreaua9d299f2020-02-04 14:02:02 +01001602 if (err < 64 && __objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001603 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001604 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001605 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001606 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001607
Willy Tarreau20879a02012-12-03 16:32:10 +01001608 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001609 return 0;
1610 }
1611
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001612 if (!SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st))
1613 ctx->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001614
Emeric Brun81c00f02012-09-21 14:31:21 +02001615 /* check if certificate error needs to be ignored */
Willy Tarreaua9d299f2020-02-04 14:02:02 +01001616 if (err < 64 && __objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001617 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001618 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001619 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001620 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001621
Willy Tarreau20879a02012-12-03 16:32:10 +01001622 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001623 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001624}
1625
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001626static inline
1627void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001628 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001629{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001630 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001631 unsigned char *msg;
1632 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001633 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001634
1635 /* This function is called for "from client" and "to server"
1636 * connections. The combination of write_p == 0 and content_type == 22
Joseph Herlant017b3da2018-11-15 09:07:59 -08001637 * is only available during "from client" connection.
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001638 */
1639
1640 /* "write_p" is set to 0 is the bytes are received messages,
1641 * otherwise it is set to 1.
1642 */
1643 if (write_p != 0)
1644 return;
1645
1646 /* content_type contains the type of message received or sent
1647 * according with the SSL/TLS protocol spec. This message is
1648 * encoded with one byte. The value 256 (two bytes) is used
1649 * for designing the SSL/TLS record layer. According with the
1650 * rfc6101, the expected message (other than 256) are:
1651 * - change_cipher_spec(20)
1652 * - alert(21)
1653 * - handshake(22)
1654 * - application_data(23)
1655 * - (255)
1656 * We are interessed by the handshake and specially the client
1657 * hello.
1658 */
1659 if (content_type != 22)
1660 return;
1661
1662 /* The message length is at least 4 bytes, containing the
1663 * message type and the message length.
1664 */
1665 if (len < 4)
1666 return;
1667
1668 /* First byte of the handshake message id the type of
1669 * message. The konwn types are:
1670 * - hello_request(0)
1671 * - client_hello(1)
1672 * - server_hello(2)
1673 * - certificate(11)
1674 * - server_key_exchange (12)
1675 * - certificate_request(13)
1676 * - server_hello_done(14)
1677 * We are interested by the client hello.
1678 */
1679 msg = (unsigned char *)buf;
1680 if (msg[0] != 1)
1681 return;
1682
1683 /* Next three bytes are the length of the message. The total length
1684 * must be this decoded length + 4. If the length given as argument
1685 * is not the same, we abort the protocol dissector.
1686 */
1687 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1688 if (len < rec_len + 4)
1689 return;
1690 msg += 4;
1691 end = msg + rec_len;
1692 if (end < msg)
1693 return;
1694
1695 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1696 * for minor, the random, composed by 4 bytes for the unix time and
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001697 * 28 bytes for unix payload. So we jump 1 + 1 + 4 + 28.
1698 */
1699 msg += 1 + 1 + 4 + 28;
1700 if (msg > end)
1701 return;
1702
1703 /* Next, is session id:
1704 * if present, we have to jump by length + 1 for the size information
1705 * if not present, we have to jump by 1 only
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001706 */
Baptiste Assmann6be139f2018-11-28 15:20:25 +01001707 if (msg[0] > 0)
1708 msg += msg[0];
1709 msg += 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001710 if (msg > end)
1711 return;
1712
1713 /* Next two bytes are the ciphersuite length. */
1714 if (msg + 2 > end)
1715 return;
1716 rec_len = (msg[0] << 8) + msg[1];
1717 msg += 2;
1718 if (msg + rec_len > end || msg + rec_len < msg)
1719 return;
1720
Willy Tarreaubafbe012017-11-24 17:34:44 +01001721 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001722 if (!capture)
1723 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001724 /* Compute the xxh64 of the ciphersuite. */
1725 capture->xxh64 = XXH64(msg, rec_len, 0);
1726
1727 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001728 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1729 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001730 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001731
1732 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001733}
1734
Emeric Brun29f037d2014-04-25 19:05:36 +02001735/* Callback is called for ssl protocol analyse */
1736void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1737{
Emeric Brun29f037d2014-04-25 19:05:36 +02001738#ifdef TLS1_RT_HEARTBEAT
1739 /* test heartbeat received (write_p is set to 0
1740 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001741 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001742 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
William Lallemand7e1770b2019-05-13 14:31:34 +02001743 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001744 const unsigned char *p = buf;
1745 unsigned int payload;
1746
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01001747 ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001748
1749 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1750 if (*p != TLS1_HB_REQUEST)
1751 return;
1752
Willy Tarreauaeed6722014-04-25 23:59:58 +02001753 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001754 goto kill_it;
1755
1756 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001757 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001758 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001759 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001760 /* We have a clear heartbleed attack (CVE-2014-0160), the
1761 * advertised payload is larger than the advertised packet
1762 * length, so we have garbage in the buffer between the
1763 * payload and the end of the buffer (p+len). We can't know
1764 * if the SSL stack is patched, and we don't know if we can
1765 * safely wipe out the area between p+3+len and payload.
1766 * So instead, we prevent the response from being sent by
1767 * setting the max_send_fragment to 0 and we report an SSL
1768 * error, which will kill this connection. It will be reported
1769 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001770 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1771 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001772 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001773 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1774 return;
1775 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001776#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001777 if (global_ssl.capture_cipherlist > 0)
1778 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001779}
1780
Bernard Spil13c53f82018-02-15 13:34:58 +01001781#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchardc7566002018-11-20 23:33:50 +01001782static int ssl_sock_srv_select_protos(SSL *s, unsigned char **out, unsigned char *outlen,
1783 const unsigned char *in, unsigned int inlen,
1784 void *arg)
1785{
1786 struct server *srv = arg;
1787
1788 if (SSL_select_next_proto(out, outlen, in, inlen, (unsigned char *)srv->ssl_ctx.npn_str,
1789 srv->ssl_ctx.npn_len) == OPENSSL_NPN_NEGOTIATED)
1790 return SSL_TLSEXT_ERR_OK;
1791 return SSL_TLSEXT_ERR_NOACK;
1792}
1793#endif
1794
1795#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001796/* This callback is used so that the server advertises the list of
1797 * negociable protocols for NPN.
1798 */
1799static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1800 unsigned int *len, void *arg)
1801{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001802 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001803
1804 *data = (const unsigned char *)conf->npn_str;
1805 *len = conf->npn_len;
1806 return SSL_TLSEXT_ERR_OK;
1807}
1808#endif
1809
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001810#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001811/* This callback is used so that the server advertises the list of
1812 * negociable protocols for ALPN.
1813 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001814static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1815 unsigned char *outlen,
1816 const unsigned char *server,
1817 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001818{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001819 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001820
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001821 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1822 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1823 return SSL_TLSEXT_ERR_NOACK;
1824 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001825 return SSL_TLSEXT_ERR_OK;
1826}
1827#endif
1828
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001829#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001830#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001831
Christopher Faulet30548802015-06-11 13:39:32 +02001832/* Create a X509 certificate with the specified servername and serial. This
1833 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001834static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001835ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001836{
Christopher Faulet7969a332015-10-09 11:15:03 +02001837 X509 *cacert = bind_conf->ca_sign_cert;
1838 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001839 SSL_CTX *ssl_ctx = NULL;
1840 X509 *newcrt = NULL;
1841 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001842 SSL *tmp_ssl = NULL;
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001843 CONF *ctmp = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001844 X509_NAME *name;
1845 const EVP_MD *digest;
1846 X509V3_CTX ctx;
1847 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001848 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001849
Christopher Faulet48a83322017-07-28 16:56:09 +02001850 /* Get the private key of the default certificate and use it */
Willy Tarreau5db847a2019-05-09 14:13:35 +02001851#if (HA_OPENSSL_VERSION_NUMBER >= 0x10002000L)
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001852 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1853#else
1854 tmp_ssl = SSL_new(bind_conf->default_ctx);
1855 if (tmp_ssl)
1856 pkey = SSL_get_privatekey(tmp_ssl);
1857#endif
1858 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001859 goto mkcert_error;
1860
1861 /* Create the certificate */
1862 if (!(newcrt = X509_new()))
1863 goto mkcert_error;
1864
1865 /* Set version number for the certificate (X509v3) and the serial
1866 * number */
1867 if (X509_set_version(newcrt, 2L) != 1)
1868 goto mkcert_error;
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01001869 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), _HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001870
1871 /* Set duration for the certificate */
Rosen Penev68185952018-12-14 08:47:02 -08001872 if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
1873 !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001874 goto mkcert_error;
1875
1876 /* set public key in the certificate */
1877 if (X509_set_pubkey(newcrt, pkey) != 1)
1878 goto mkcert_error;
1879
1880 /* Set issuer name from the CA */
1881 if (!(name = X509_get_subject_name(cacert)))
1882 goto mkcert_error;
1883 if (X509_set_issuer_name(newcrt, name) != 1)
1884 goto mkcert_error;
1885
1886 /* Set the subject name using the same, but the CN */
1887 name = X509_NAME_dup(name);
1888 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1889 (const unsigned char *)servername,
1890 -1, -1, 0) != 1) {
1891 X509_NAME_free(name);
1892 goto mkcert_error;
1893 }
1894 if (X509_set_subject_name(newcrt, name) != 1) {
1895 X509_NAME_free(name);
1896 goto mkcert_error;
1897 }
1898 X509_NAME_free(name);
1899
1900 /* Add x509v3 extensions as specified */
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001901 ctmp = NCONF_new(NULL);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001902 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1903 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1904 X509_EXTENSION *ext;
1905
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001906 if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
Christopher Faulet31af49d2015-06-09 17:29:50 +02001907 goto mkcert_error;
1908 if (!X509_add_ext(newcrt, ext, -1)) {
1909 X509_EXTENSION_free(ext);
1910 goto mkcert_error;
1911 }
1912 X509_EXTENSION_free(ext);
1913 }
1914
1915 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001916
1917 key_type = EVP_PKEY_base_id(capkey);
1918
1919 if (key_type == EVP_PKEY_DSA)
1920 digest = EVP_sha1();
1921 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001922 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001923 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001924 digest = EVP_sha256();
1925 else {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02001926#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001927 int nid;
1928
1929 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1930 goto mkcert_error;
1931 if (!(digest = EVP_get_digestbynid(nid)))
1932 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001933#else
1934 goto mkcert_error;
1935#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001936 }
1937
Christopher Faulet31af49d2015-06-09 17:29:50 +02001938 if (!(X509_sign(newcrt, capkey, digest)))
1939 goto mkcert_error;
1940
1941 /* Create and set the new SSL_CTX */
1942 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1943 goto mkcert_error;
1944 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1945 goto mkcert_error;
1946 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1947 goto mkcert_error;
1948 if (!SSL_CTX_check_private_key(ssl_ctx))
1949 goto mkcert_error;
1950
1951 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001952
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001953#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001954 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001955#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001956#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1957 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001958 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001959 EC_KEY *ecc;
1960 int nid;
1961
1962 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1963 goto end;
1964 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1965 goto end;
1966 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1967 EC_KEY_free(ecc);
1968 }
1969#endif
1970 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001971 return ssl_ctx;
1972
1973 mkcert_error:
Emmanuel Hocdeta9b84022018-10-01 18:41:36 +02001974 if (ctmp) NCONF_free(ctmp);
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001975 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001976 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1977 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001978 return NULL;
1979}
1980
Christopher Faulet7969a332015-10-09 11:15:03 +02001981SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001982ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001983{
Willy Tarreau07d94e42018-09-20 10:57:52 +02001984 struct bind_conf *bind_conf = __objt_listener(conn->target)->bind_conf;
Olivier Houchard66ab4982019-02-26 18:37:15 +01001985 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001986
Olivier Houchard66ab4982019-02-26 18:37:15 +01001987 return ssl_sock_do_create_cert(servername, bind_conf, ctx->ssl);
Christopher Faulet7969a332015-10-09 11:15:03 +02001988}
1989
Christopher Faulet30548802015-06-11 13:39:32 +02001990/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001991 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001992SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001993ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001994{
1995 struct lru64 *lru = NULL;
1996
1997 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001998 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001999 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002000 if (lru && lru->domain) {
2001 if (ssl)
2002 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002003 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002004 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002005 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02002006 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02002007 }
2008 return NULL;
2009}
2010
Emeric Brun821bb9b2017-06-15 16:37:39 +02002011/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
2012 * function is not thread-safe, it should only be used to check if a certificate
2013 * exists in the lru cache (with no warranty it will not be removed by another
2014 * thread). It is kept for backward compatibility. */
2015SSL_CTX *
2016ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
2017{
2018 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
2019}
2020
Christopher Fauletd2cab922015-07-28 16:03:47 +02002021/* Set a certificate int the LRU cache used to store generated
2022 * certificate. Return 0 on success, otherwise -1 */
2023int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002024ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02002025{
2026 struct lru64 *lru = NULL;
2027
2028 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002029 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002030 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02002031 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002032 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002033 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02002034 }
Christopher Faulet30548802015-06-11 13:39:32 +02002035 if (lru->domain && lru->data)
2036 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02002037 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002038 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002039 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02002040 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02002041 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02002042}
2043
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002044/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02002045unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002046ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02002047{
2048 return XXH32(data, len, ssl_ctx_lru_seed);
2049}
2050
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002051/* Generate a cert and immediately assign it to the SSL session so that the cert's
2052 * refcount is maintained regardless of the cert's presence in the LRU cache.
2053 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002054static int
Christopher Faulet7969a332015-10-09 11:15:03 +02002055ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02002056{
2057 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002058 SSL_CTX *ssl_ctx = NULL;
2059 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002060 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002061
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002062 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02002063 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002064 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002065 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002066 if (lru && lru->domain)
2067 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02002068 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002069 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02002070 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02002071 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002072 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01002073 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002074 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002075 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002076 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01002077 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002078 SSL_set_SSL_CTX(ssl, ssl_ctx);
2079 /* No LRU cache, this CTX will be released as soon as the session dies */
2080 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002081 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02002082 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002083 return 0;
2084}
2085static int
2086ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
2087{
2088 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002089 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002090
2091 conn_get_to_addr(conn);
2092 if (conn->flags & CO_FL_ADDR_TO_SET) {
2093 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02002094 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002095 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002096 }
2097 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02002098}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002099#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002100
Willy Tarreau9a1ab082019-05-09 13:26:41 +02002101#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002102typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
2103
2104static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002105{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02002106#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002107 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002108 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
2109#endif
2110}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002111static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2112 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002113 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
2114}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002115static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002116#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002117 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002118 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
2119#endif
2120}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002121static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002122#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002123 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002124 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
2125#endif
2126}
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002127/* TLSv1.2 is the last supported version in this context. */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002128static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
2129/* Unusable in this context. */
2130static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
2131static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
2132static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
2133static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
2134static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002135#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002136typedef enum { SET_MIN, SET_MAX } set_context_func;
2137
2138static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2139 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002140 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2141}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002142static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2143 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2144 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2145}
2146static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2147 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002148 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2149}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002150static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2151 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2152 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2153}
2154static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2155 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002156 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2157}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002158static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2159 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2160 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2161}
2162static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2163 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002164 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2165}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002166static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2167 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2168 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2169}
2170static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002171#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002172 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002173 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2174#endif
2175}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002176static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2177#if SSL_OP_NO_TLSv1_3
2178 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2179 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002180#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002181}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002182#endif
2183static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2184static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002185
2186static struct {
2187 int option;
2188 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002189 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2190 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002191 const char *name;
2192} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002193 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2194 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2195 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2196 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2197 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2198 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002199};
2200
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002201static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2202{
2203 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2204 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2205 SSL_set_SSL_CTX(ssl, ctx);
2206}
2207
Willy Tarreau5db847a2019-05-09 14:13:35 +02002208#if ((HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL))
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002209
2210static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2211{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002212 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002213 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002214
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002215 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2216 return SSL_TLSEXT_ERR_OK;
2217 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002218}
2219
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002220#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002221static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2222{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002223 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002224#else
2225static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2226{
2227#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002228 struct connection *conn;
2229 struct bind_conf *s;
2230 const uint8_t *extension_data;
2231 size_t extension_len;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002232 int has_rsa_sig = 0, has_ecdsa_sig = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002233
2234 char *wildp = NULL;
2235 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002236 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002237 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002238 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002239 int i;
2240
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002241 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreaua8825522018-10-15 13:20:07 +02002242 s = __objt_listener(conn->target)->bind_conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002243
Olivier Houchard9679ac92017-10-27 14:58:08 +02002244 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002245 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002246#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002247 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2248 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002249#else
2250 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2251#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002252 /*
2253 * The server_name extension was given too much extensibility when it
2254 * was written, so parsing the normal case is a bit complex.
2255 */
2256 size_t len;
2257 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002258 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002259 /* Extract the length of the supplied list of names. */
2260 len = (*extension_data++) << 8;
2261 len |= *extension_data++;
2262 if (len + 2 != extension_len)
2263 goto abort;
2264 /*
2265 * The list in practice only has a single element, so we only consider
2266 * the first one.
2267 */
2268 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2269 goto abort;
2270 extension_len = len - 1;
2271 /* Now we can finally pull out the byte array with the actual hostname. */
2272 if (extension_len <= 2)
2273 goto abort;
2274 len = (*extension_data++) << 8;
2275 len |= *extension_data++;
2276 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2277 || memchr(extension_data, 0, len) != NULL)
2278 goto abort;
2279 servername = extension_data;
2280 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002281 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002282#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2283 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002284 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002285 }
2286#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002287 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002288 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002289 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002290 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002291 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002292 goto abort;
2293 }
2294
2295 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002296#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002297 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002298#else
2299 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2300#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002301 uint8_t sign;
2302 size_t len;
2303 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002304 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002305 len = (*extension_data++) << 8;
2306 len |= *extension_data++;
2307 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002308 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002309 if (len % 2 != 0)
2310 goto abort;
2311 for (; len > 0; len -= 2) {
2312 extension_data++; /* hash */
2313 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002314 switch (sign) {
2315 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002316 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002317 break;
2318 case TLSEXT_signature_ecdsa:
2319 has_ecdsa_sig = 1;
2320 break;
2321 default:
2322 continue;
2323 }
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002324 if (has_ecdsa_sig && has_rsa_sig)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002325 break;
2326 }
2327 } else {
Bertrand Jacquina25282b2018-08-14 00:56:13 +01002328 /* without TLSEXT_TYPE_signature_algorithms extension (< TLSv1.2) */
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002329 has_rsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002330 }
2331 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002332 const SSL_CIPHER *cipher;
2333 size_t len;
2334 const uint8_t *cipher_suites;
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002335 has_ecdsa_sig = 0;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002336#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002337 len = ctx->cipher_suites_len;
2338 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002339#else
2340 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2341#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002342 if (len % 2 != 0)
2343 goto abort;
2344 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002345#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002346 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002347 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002348#else
2349 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2350#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002351 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002352 has_ecdsa_sig = 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002353 break;
2354 }
2355 }
2356 }
2357
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002358 for (i = 0; i < trash.size && i < servername_len; i++) {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002359 trash.area[i] = tolower(servername[i]);
2360 if (!wildp && (trash.area[i] == '.'))
2361 wildp = &trash.area[i];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002362 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002363 trash.area[i] = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002364
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002365
William Lallemand6c98f492020-08-14 14:43:35 +02002366 /* Look for an ECDSA, RSA and DSA certificate, first in the single
2367 * name and if not found in the wildcard */
Emmanuel Hocdetcc957c32019-11-06 16:05:34 +01002368 for (i = 0; i < 2; i++) {
2369 if (i == 0) /* lookup in full qualified names */
2370 node = ebst_lookup(&s->sni_ctx, trash.area);
2371 else if (i == 1 && wildp) /* lookup in wildcards names */
2372 node = ebst_lookup(&s->sni_w_ctx, wildp);
2373 else
2374 break;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002375 for (n = node; n; n = ebmb_next_dup(n)) {
Emmanuel Hocdetcc957c32019-11-06 16:05:34 +01002376 /* lookup a not neg filter */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002377 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002378 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002379 case TLSEXT_signature_ecdsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002380 if (!node_ecdsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002381 node_ecdsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002382 break;
2383 case TLSEXT_signature_rsa:
Emmanuel Hocdet9f9b0c62018-09-03 16:29:16 +02002384 if (!node_rsa)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002385 node_rsa = n;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002386 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002387 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002388 if (!node_anonymous)
2389 node_anonymous = n;
2390 break;
2391 }
2392 }
2393 }
William Lallemand6c98f492020-08-14 14:43:35 +02002394 }
2395 /* Once the certificates are found, select them depending on what is
2396 * supported in the client and by key_signature priority order: EDSA >
2397 * RSA > DSA */
2398 node = (has_ecdsa_sig && node_ecdsa) ? node_ecdsa
2399 : ((has_rsa_sig && node_rsa) ? node_rsa
2400 : (node_anonymous ? node_anonymous
2401 : (node_ecdsa ? node_ecdsa /* no ecdsa signature case (< TLSv1.2) */
2402 : node_rsa /* no rsa signature case (far far away) */
2403 )));
2404 if (node) {
2405 /* switch ctx */
2406 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
2407 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
2408 if (conf) {
2409 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2410 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2411 if (conf->early_data)
2412 allow_early = 1;
Emmanuel Hocdetcc957c32019-11-06 16:05:34 +01002413 }
William Lallemand6c98f492020-08-14 14:43:35 +02002414 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002415 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002416#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002417 if (s->generate_certs && ssl_sock_generate_certificate(trash.area, s, ssl)) {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002418 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002419 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002420 }
2421#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002422 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002423 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002424 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002425 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002426allow_early:
2427#ifdef OPENSSL_IS_BORINGSSL
2428 if (allow_early)
2429 SSL_set_early_data_enabled(ssl, 1);
2430#else
2431 if (!allow_early)
2432 SSL_set_max_early_data(ssl, 0);
2433#endif
2434 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002435 abort:
2436 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2437 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002438#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002439 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002440#else
2441 *al = SSL_AD_UNRECOGNIZED_NAME;
2442 return 0;
2443#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002444}
2445
2446#else /* OPENSSL_IS_BORINGSSL */
2447
Emeric Brunfc0421f2012-09-07 17:30:07 +02002448/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2449 * warning when no match is found, which implies the default (first) cert
2450 * will keep being used.
2451 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002452static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002453{
2454 const char *servername;
2455 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002456 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002457 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002458 int i;
2459 (void)al; /* shut gcc stupid warning */
2460
2461 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002462 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002463#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002464 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2465 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002466#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002467 if (s->strict_sni)
2468 return SSL_TLSEXT_ERR_ALERT_FATAL;
2469 ssl_sock_switchctx_set(ssl, s->default_ctx);
2470 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002471 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002472
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002473 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002474 if (!servername[i])
2475 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002476 trash.area[i] = tolower(servername[i]);
2477 if (!wildp && (trash.area[i] == '.'))
2478 wildp = &trash.area[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002479 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002480 trash.area[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002481
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002482 node = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002483 /* lookup in full qualified names */
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002484 for (n = ebst_lookup(&s->sni_ctx, trash.area); n; n = ebmb_next_dup(n)) {
2485 /* lookup a not neg filter */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002486 if (!container_of(n, struct sni_ctx, name)->neg) {
2487 node = n;
2488 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002489 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002490 }
2491 if (!node && wildp) {
2492 /* lookup in wildcards names */
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002493 for (n = ebst_lookup(&s->sni_w_ctx, wildp); n; n = ebmb_next_dup(n)) {
2494 /* lookup a not neg filter */
2495 if (!container_of(n, struct sni_ctx, name)->neg) {
2496 node = n;
2497 break;
2498 }
2499 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002500 }
Emmanuel Hocdet26b7b802019-11-04 15:49:46 +01002501 if (!node) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002502#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002503 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2504 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002505 return SSL_TLSEXT_ERR_OK;
2506 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002507#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002508 if (s->strict_sni)
2509 return SSL_TLSEXT_ERR_ALERT_FATAL;
2510 ssl_sock_switchctx_set(ssl, s->default_ctx);
2511 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002512 }
2513
2514 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002515 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002516 return SSL_TLSEXT_ERR_OK;
2517}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002518#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002519#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2520
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002521#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002522
2523static DH * ssl_get_dh_1024(void)
2524{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002525 static unsigned char dh1024_p[]={
2526 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2527 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2528 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2529 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2530 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2531 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2532 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2533 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2534 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2535 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2536 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2537 };
2538 static unsigned char dh1024_g[]={
2539 0x02,
2540 };
2541
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002542 BIGNUM *p;
2543 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002544 DH *dh = DH_new();
2545 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002546 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2547 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002548
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002549 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002550 DH_free(dh);
2551 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002552 } else {
2553 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002554 }
2555 }
2556 return dh;
2557}
2558
2559static DH *ssl_get_dh_2048(void)
2560{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002561 static unsigned char dh2048_p[]={
2562 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2563 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2564 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2565 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2566 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2567 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2568 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2569 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2570 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2571 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2572 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2573 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2574 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2575 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2576 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2577 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2578 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2579 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2580 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2581 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2582 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2583 0xB7,0x1F,0x77,0xF3,
2584 };
2585 static unsigned char dh2048_g[]={
2586 0x02,
2587 };
2588
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002589 BIGNUM *p;
2590 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002591 DH *dh = DH_new();
2592 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002593 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2594 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002595
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002596 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002597 DH_free(dh);
2598 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002599 } else {
2600 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002601 }
2602 }
2603 return dh;
2604}
2605
2606static DH *ssl_get_dh_4096(void)
2607{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002608 static unsigned char dh4096_p[]={
2609 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2610 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2611 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2612 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2613 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2614 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2615 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2616 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2617 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2618 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2619 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2620 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2621 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2622 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2623 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2624 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2625 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2626 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2627 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2628 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2629 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2630 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2631 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2632 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2633 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2634 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2635 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2636 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2637 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2638 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2639 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2640 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2641 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2642 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2643 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2644 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2645 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2646 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2647 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2648 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2649 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2650 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2651 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002652 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002653 static unsigned char dh4096_g[]={
2654 0x02,
2655 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002656
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002657 BIGNUM *p;
2658 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002659 DH *dh = DH_new();
2660 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002661 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2662 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002663
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002664 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002665 DH_free(dh);
2666 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002667 } else {
2668 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002669 }
2670 }
2671 return dh;
2672}
2673
2674/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002675 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002676static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2677{
2678 DH *dh = NULL;
2679 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002680 int type;
2681
2682 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002683
2684 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2685 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2686 */
2687 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2688 keylen = EVP_PKEY_bits(pkey);
2689 }
2690
Willy Tarreauef934602016-12-22 23:12:01 +01002691 if (keylen > global_ssl.default_dh_param) {
2692 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002693 }
2694
Remi Gacogned3a341a2015-05-29 16:26:17 +02002695 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002696 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002697 }
2698 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002699 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002700 }
2701 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002702 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002703 }
2704
2705 return dh;
2706}
2707
Remi Gacogne47783ef2015-05-29 15:53:22 +02002708static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002709{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002710 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002711 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002712
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002713 if (in == NULL)
2714 goto end;
2715
Remi Gacogne47783ef2015-05-29 15:53:22 +02002716 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002717 goto end;
2718
Remi Gacogne47783ef2015-05-29 15:53:22 +02002719 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2720
2721end:
2722 if (in)
2723 BIO_free(in);
2724
Emeric Brune1b4ed42018-08-16 15:14:12 +02002725 ERR_clear_error();
2726
Remi Gacogne47783ef2015-05-29 15:53:22 +02002727 return dh;
2728}
2729
2730int ssl_sock_load_global_dh_param_from_file(const char *filename)
2731{
2732 global_dh = ssl_sock_get_dh_from_file(filename);
2733
2734 if (global_dh) {
2735 return 0;
2736 }
2737
2738 return -1;
2739}
2740
Emeric Bruncfc1afe2019-10-17 13:27:40 +02002741/* Loads Diffie-Hellman parameter from a ckchs to an SSL_CTX.
2742 * If there is no DH paramater availaible in the ckchs, the global
2743 * DH parameter is loaded into the SSL_CTX and if there is no
2744 * DH parameter available in ckchs nor in global, the default
2745 * DH parameters are applied on the SSL_CTX.
2746 * Returns a bitfield containing the flags:
2747 * ERR_FATAL in any fatal error case
2748 * ERR_ALERT if a reason of the error is availabine in err
2749 * ERR_WARN if a warning is available into err
2750 * The value 0 means there is no error nor warning and
2751 * the operation succeed.
2752 */
2753static int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file, char **err)
2754 {
2755 int ret = 0;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002756 DH *dh = ssl_sock_get_dh_from_file(file);
2757
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002758 if (dh) {
Emeric Brund6de1512019-10-17 14:53:03 +02002759 if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
2760 memprintf(err, "%sunable to load the DH parameter specified in '%s'",
2761 err && *err ? *err : "", file);
2762#if defined(SSL_CTX_set_dh_auto)
2763 SSL_CTX_set_dh_auto(ctx, 1);
2764 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2765 err && *err ? *err : "");
2766#else
2767 memprintf(err, "%s, DH ciphers won't be available.\n",
2768 err && *err ? *err : "");
2769#endif
2770 ret |= ERR_WARN;
2771 goto end;
2772 }
Remi Gacogne4f902b82015-05-28 16:23:00 +02002773
2774 if (ssl_dh_ptr_index >= 0) {
2775 /* store a pointer to the DH params to avoid complaining about
2776 ssl-default-dh-param not being set for this SSL_CTX */
2777 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2778 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002779 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002780 else if (global_dh) {
Emeric Brund6de1512019-10-17 14:53:03 +02002781 if (!SSL_CTX_set_tmp_dh(ctx, global_dh)) {
2782 memprintf(err, "%sunable to use the global DH parameter for certificate '%s'",
2783 err && *err ? *err : "", file);
2784#if defined(SSL_CTX_set_dh_auto)
2785 SSL_CTX_set_dh_auto(ctx, 1);
2786 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2787 err && *err ? *err : "");
2788#else
2789 memprintf(err, "%s, DH ciphers won't be available.\n",
2790 err && *err ? *err : "");
2791#endif
2792 ret |= ERR_WARN;
2793 goto end;
2794 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002795 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002796 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002797 /* Clear openssl global errors stack */
2798 ERR_clear_error();
2799
Willy Tarreauef934602016-12-22 23:12:01 +01002800 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002801 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002802 if (local_dh_1024 == NULL)
2803 local_dh_1024 = ssl_get_dh_1024();
2804
Emeric Bruncfc1afe2019-10-17 13:27:40 +02002805 if (local_dh_1024 == NULL) {
2806 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2807 err && *err ? *err : "", file);
2808 ret |= ERR_ALERT | ERR_FATAL;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002809 goto end;
Emeric Bruncfc1afe2019-10-17 13:27:40 +02002810 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002811
Emeric Brund6de1512019-10-17 14:53:03 +02002812 if (!SSL_CTX_set_tmp_dh(ctx, local_dh_1024)) {
2813 memprintf(err, "%sunable to load default 1024 bits DH parameter for certificate '%s'.\n",
2814 err && *err ? *err : "", file);
2815#if defined(SSL_CTX_set_dh_auto)
2816 SSL_CTX_set_dh_auto(ctx, 1);
2817 memprintf(err, "%s, SSL library will use an automatically generated DH parameter.\n",
2818 err && *err ? *err : "");
2819#else
2820 memprintf(err, "%s, DH ciphers won't be available.\n",
2821 err && *err ? *err : "");
2822#endif
2823 ret |= ERR_WARN;
2824 goto end;
2825 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002826 }
2827 else {
2828 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2829 }
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002830 }
Emeric Brun644cde02012-12-14 11:21:13 +01002831
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002832end:
2833 if (dh)
2834 DH_free(dh);
2835
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002836 return ret;
2837}
2838#endif
2839
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002840static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002841 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002842{
2843 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002844 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002845 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002846
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002847 if (*name == '!') {
2848 neg = 1;
2849 name++;
2850 }
2851 if (*name == '*') {
2852 wild = 1;
2853 name++;
2854 }
2855 /* !* filter is a nop */
2856 if (neg && wild)
2857 return order;
2858 if (*name) {
2859 int j, len;
2860 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002861 for (j = 0; j < len && j < trash.size; j++)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002862 trash.area[j] = tolower(name[j]);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002863 if (j >= trash.size)
William Lallemand24e292c2019-10-03 23:46:33 +02002864 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002865 trash.area[j] = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002866
2867 /* Check for duplicates. */
2868 if (wild)
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002869 node = ebst_lookup(&s->sni_w_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002870 else
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002871 node = ebst_lookup(&s->sni_ctx, trash.area);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002872 for (; node; node = ebmb_next_dup(node)) {
2873 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002874 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002875 return order;
2876 }
2877
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002878 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002879 if (!sc)
William Lallemand24e292c2019-10-03 23:46:33 +02002880 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02002881 memcpy(sc->name.key, trash.area, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002882 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002883 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002884 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002885 sc->order = order++;
2886 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002887 if (kinfo.sig != TLSEXT_signature_anonymous)
2888 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002889 if (wild)
2890 ebst_insert(&s->sni_w_ctx, &sc->name);
2891 else
2892 ebst_insert(&s->sni_ctx, &sc->name);
2893 }
2894 return order;
2895}
2896
yanbzhu488a4d22015-12-01 15:16:07 -05002897
2898/* The following code is used for loading multiple crt files into
2899 * SSL_CTX's based on CN/SAN
2900 */
Willy Tarreau5db847a2019-05-09 14:13:35 +02002901#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu488a4d22015-12-01 15:16:07 -05002902/* This is used to preload the certifcate, private key
2903 * and Cert Chain of a file passed in via the crt
2904 * argument
2905 *
2906 * This way, we do not have to read the file multiple times
2907 */
2908struct cert_key_and_chain {
2909 X509 *cert;
2910 EVP_PKEY *key;
2911 unsigned int num_chain_certs;
2912 /* This is an array of X509 pointers */
2913 X509 **chain_certs;
2914};
2915
yanbzhu08ce6ab2015-12-02 13:01:29 -05002916#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2917
2918struct key_combo_ctx {
2919 SSL_CTX *ctx;
2920 int order;
2921};
2922
2923/* Map used for processing multiple keypairs for a single purpose
2924 *
2925 * This maps CN/SNI name to certificate type
2926 */
2927struct sni_keytype {
2928 int keytypes; /* BITMASK for keytypes */
2929 struct ebmb_node name; /* node holding the servername value */
2930};
2931
2932
yanbzhu488a4d22015-12-01 15:16:07 -05002933/* Frees the contents of a cert_key_and_chain
2934 */
2935static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2936{
2937 int i;
2938
2939 if (!ckch)
2940 return;
2941
2942 /* Free the certificate and set pointer to NULL */
2943 if (ckch->cert)
2944 X509_free(ckch->cert);
2945 ckch->cert = NULL;
2946
2947 /* Free the key and set pointer to NULL */
2948 if (ckch->key)
2949 EVP_PKEY_free(ckch->key);
2950 ckch->key = NULL;
2951
2952 /* Free each certificate in the chain */
2953 for (i = 0; i < ckch->num_chain_certs; i++) {
2954 if (ckch->chain_certs[i])
2955 X509_free(ckch->chain_certs[i]);
2956 }
2957
2958 /* Free the chain obj itself and set to NULL */
2959 if (ckch->num_chain_certs > 0) {
2960 free(ckch->chain_certs);
2961 ckch->num_chain_certs = 0;
2962 ckch->chain_certs = NULL;
2963 }
2964
2965}
2966
2967/* checks if a key and cert exists in the ckch
2968 */
2969static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2970{
2971 return (ckch->cert != NULL && ckch->key != NULL);
2972}
2973
2974
2975/* Loads the contents of a crt file (path) into a cert_key_and_chain
2976 * This allows us to carry the contents of the file without having to
2977 * read the file multiple times.
2978 *
2979 * returns:
2980 * 0 on Success
2981 * 1 on SSL Failure
2982 * 2 on file not found
2983 */
2984static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2985{
2986
2987 BIO *in;
2988 X509 *ca = NULL;
2989 int ret = 1;
2990
2991 ssl_sock_free_cert_key_and_chain_contents(ckch);
2992
2993 in = BIO_new(BIO_s_file());
2994 if (in == NULL)
2995 goto end;
2996
2997 if (BIO_read_filename(in, path) <= 0)
2998 goto end;
2999
yanbzhu488a4d22015-12-01 15:16:07 -05003000 /* Read Private Key */
3001 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
3002 if (ckch->key == NULL) {
3003 memprintf(err, "%sunable to load private key from file '%s'.\n",
3004 err && *err ? *err : "", path);
3005 goto end;
3006 }
3007
Willy Tarreaubb137a82016-04-06 19:02:38 +02003008 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02003009 if (BIO_reset(in) == -1) {
3010 memprintf(err, "%san error occurred while reading the file '%s'.\n",
3011 err && *err ? *err : "", path);
3012 goto end;
3013 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02003014
3015 /* Read Certificate */
3016 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
3017 if (ckch->cert == NULL) {
3018 memprintf(err, "%sunable to load certificate from file '%s'.\n",
3019 err && *err ? *err : "", path);
3020 goto end;
3021 }
3022
yanbzhu488a4d22015-12-01 15:16:07 -05003023 /* Read Certificate Chain */
3024 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
3025 /* Grow the chain certs */
3026 ckch->num_chain_certs++;
3027 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
3028
3029 /* use - 1 here since we just incremented it above */
3030 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
3031 }
3032 ret = ERR_get_error();
3033 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
3034 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
3035 err && *err ? *err : "", path);
3036 ret = 1;
3037 goto end;
3038 }
3039
3040 ret = 0;
3041
3042end:
3043
3044 ERR_clear_error();
3045 if (in)
3046 BIO_free(in);
3047
3048 /* Something went wrong in one of the reads */
3049 if (ret != 0)
3050 ssl_sock_free_cert_key_and_chain_contents(ckch);
3051
3052 return ret;
3053}
3054
3055/* Loads the info in ckch into ctx
Emeric Brun394701d2019-10-17 13:25:14 +02003056 * Returns a bitfield containing the flags:
3057 * ERR_FATAL in any fatal error case
3058 * ERR_ALERT if the reason of the error is available in err
3059 * ERR_WARN if a warning is available into err
3060 * The value 0 means there is no error nor warning and
3061 * the operation succeed.
yanbzhu488a4d22015-12-01 15:16:07 -05003062 */
3063static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
3064{
3065 int i = 0;
Emeric Brun394701d2019-10-17 13:25:14 +02003066 int errcode = 0;
yanbzhu488a4d22015-12-01 15:16:07 -05003067
3068 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
3069 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
3070 err && *err ? *err : "", path);
Emeric Brun394701d2019-10-17 13:25:14 +02003071 errcode |= ERR_ALERT | ERR_FATAL;
3072 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003073 }
3074
3075 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
3076 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
3077 err && *err ? *err : "", path);
Emeric Brun394701d2019-10-17 13:25:14 +02003078 errcode |= ERR_ALERT | ERR_FATAL;
3079 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003080 }
3081
yanbzhu488a4d22015-12-01 15:16:07 -05003082 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
3083 for (i = 0; i < ckch->num_chain_certs; i++) {
3084 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003085 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
3086 err && *err ? *err : "", (i+1), path);
Emeric Brun394701d2019-10-17 13:25:14 +02003087 errcode |= ERR_ALERT | ERR_FATAL;
3088 goto end;
yanbzhu488a4d22015-12-01 15:16:07 -05003089 }
3090 }
3091
3092 if (SSL_CTX_check_private_key(ctx) <= 0) {
3093 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3094 err && *err ? *err : "", path);
Emeric Brun394701d2019-10-17 13:25:14 +02003095 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu488a4d22015-12-01 15:16:07 -05003096 }
3097
Emeric Brun394701d2019-10-17 13:25:14 +02003098 end:
3099 return errcode;
yanbzhu488a4d22015-12-01 15:16:07 -05003100}
3101
yanbzhu08ce6ab2015-12-02 13:01:29 -05003102
William Lallemand4801c702019-10-04 17:36:55 +02003103static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003104{
3105 struct sni_keytype *s_kt = NULL;
3106 struct ebmb_node *node;
3107 int i;
3108
3109 for (i = 0; i < trash.size; i++) {
3110 if (!str[i])
3111 break;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003112 trash.area[i] = tolower(str[i]);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003113 }
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003114 trash.area[i] = 0;
3115 node = ebst_lookup(sni_keytypes, trash.area);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003116 if (!node) {
3117 /* CN not found in tree */
3118 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
3119 /* Using memcpy here instead of strncpy.
3120 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
3121 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
3122 */
William Lallemand4801c702019-10-04 17:36:55 +02003123 if (!s_kt)
3124 return -1;
3125
Willy Tarreau843b7cb2018-07-13 10:54:26 +02003126 memcpy(s_kt->name.key, trash.area, i+1);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003127 s_kt->keytypes = 0;
3128 ebst_insert(sni_keytypes, &s_kt->name);
3129 } else {
3130 /* CN found in tree */
3131 s_kt = container_of(node, struct sni_keytype, name);
3132 }
3133
3134 /* Mark that this CN has the keytype of key_index via keytypes mask */
3135 s_kt->keytypes |= 1<<key_index;
3136
William Lallemand4801c702019-10-04 17:36:55 +02003137 return 0;
3138
yanbzhu08ce6ab2015-12-02 13:01:29 -05003139}
3140
3141
3142/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
3143 * If any are found, group these files into a set of SSL_CTX*
3144 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
3145 *
Joseph Herlant017b3da2018-11-15 09:07:59 -08003146 * This will allow the user to explicitly group multiple cert/keys for a single purpose
yanbzhu08ce6ab2015-12-02 13:01:29 -05003147 *
Willy Tarreaub131c872019-10-16 16:42:19 +02003148 * Returns a set of ERR_* flags possibly with an error in <err>.
3149 *
yanbzhu08ce6ab2015-12-02 13:01:29 -05003150 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003151static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3152 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003153{
3154 char fp[MAXPATHLEN+1] = {0};
3155 int n = 0;
3156 int i = 0;
3157 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
3158 struct eb_root sni_keytypes_map = { {0} };
3159 struct ebmb_node *node;
3160 struct ebmb_node *next;
3161 /* Array of SSL_CTX pointers corresponding to each possible combo
3162 * of keytypes
3163 */
3164 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
Willy Tarreaub131c872019-10-16 16:42:19 +02003165 int errcode = 0;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003166 X509_NAME *xname = NULL;
3167 char *str = NULL;
3168#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3169 STACK_OF(GENERAL_NAME) *names = NULL;
3170#endif
3171
3172 /* Load all possible certs and keys */
3173 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3174 struct stat buf;
3175
3176 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3177 if (stat(fp, &buf) == 0) {
3178 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
Willy Tarreaub131c872019-10-16 16:42:19 +02003179 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003180 goto end;
3181 }
3182 }
3183 }
3184
3185 /* Process each ckch and update keytypes for each CN/SAN
3186 * for example, if CN/SAN www.a.com is associated with
3187 * certs with keytype 0 and 2, then at the end of the loop,
3188 * www.a.com will have:
3189 * keyindex = 0 | 1 | 4 = 5
3190 */
3191 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
William Lallemand4801c702019-10-04 17:36:55 +02003192 int ret;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003193
3194 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3195 continue;
3196
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003197 if (fcount) {
William Lallemand4801c702019-10-04 17:36:55 +02003198 for (i = 0; i < fcount; i++) {
3199 ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3200 if (ret < 0) {
3201 memprintf(err, "%sunable to allocate SSL context.\n",
3202 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003203 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand4801c702019-10-04 17:36:55 +02003204 goto end;
3205 }
3206 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003207 } else {
3208 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3209 * so the line that contains logic is marked via comments
3210 */
3211 xname = X509_get_subject_name(certs_and_keys[n].cert);
3212 i = -1;
3213 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3214 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003215 ASN1_STRING *value;
3216 value = X509_NAME_ENTRY_get_data(entry);
3217 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003218 /* Important line is here */
William Lallemand4801c702019-10-04 17:36:55 +02003219 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003220
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003221 OPENSSL_free(str);
3222 str = NULL;
William Lallemand4801c702019-10-04 17:36:55 +02003223 if (ret < 0) {
3224 memprintf(err, "%sunable to allocate SSL context.\n",
3225 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003226 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand4801c702019-10-04 17:36:55 +02003227 goto end;
3228 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003229 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003230 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003231
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003232 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003233#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003234 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3235 if (names) {
3236 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3237 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003238
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003239 if (name->type == GEN_DNS) {
3240 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3241 /* Important line is here */
William Lallemand4801c702019-10-04 17:36:55 +02003242 ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003243
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003244 OPENSSL_free(str);
3245 str = NULL;
William Lallemand4801c702019-10-04 17:36:55 +02003246 if (ret < 0) {
3247 memprintf(err, "%sunable to allocate SSL context.\n",
3248 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003249 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand4801c702019-10-04 17:36:55 +02003250 goto end;
3251 }
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003252 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003253 }
3254 }
3255 }
3256 }
3257#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3258 }
3259
3260 /* If no files found, return error */
3261 if (eb_is_empty(&sni_keytypes_map)) {
3262 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3263 err && *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003264 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003265 goto end;
3266 }
3267
3268 /* We now have a map of CN/SAN to keytypes that are loaded in
3269 * Iterate through the map to create the SSL_CTX's (if needed)
3270 * and add each CTX to the SNI tree
3271 *
3272 * Some math here:
Joseph Herlant017b3da2018-11-15 09:07:59 -08003273 * There are 2^n - 1 possible combinations, each unique
yanbzhu08ce6ab2015-12-02 13:01:29 -05003274 * combination is denoted by the key in the map. Each key
3275 * has a value between 1 and 2^n - 1. Conveniently, the array
3276 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3277 * entry in the array to correspond to the unique combo (key)
3278 * associated with i. This unique key combo (i) will be associated
3279 * with combos[i-1]
3280 */
3281
3282 node = ebmb_first(&sni_keytypes_map);
3283 while (node) {
3284 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003285 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003286 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003287
3288 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3289 i = container_of(node, struct sni_keytype, name)->keytypes;
3290 cur_ctx = key_combos[i-1].ctx;
3291
3292 if (cur_ctx == NULL) {
3293 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003294 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003295 if (cur_ctx == NULL) {
3296 memprintf(err, "%sunable to allocate SSL context.\n",
3297 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003298 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003299 goto end;
3300 }
3301
yanbzhube2774d2015-12-10 15:07:30 -05003302 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003303 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3304 if (i & (1<<n)) {
3305 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003306 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
Emeric Brun394701d2019-10-17 13:25:14 +02003307 errcode |= ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err);
3308 if (errcode & ERR_CODE) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003309 SSL_CTX_free(cur_ctx);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003310 goto end;
3311 }
yanbzhube2774d2015-12-10 15:07:30 -05003312
3313#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3314 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003315 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003316 if (err)
3317 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003318 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003319 SSL_CTX_free(cur_ctx);
Willy Tarreaub131c872019-10-16 16:42:19 +02003320 errcode |= ERR_ALERT | ERR_FATAL;
yanbzhube2774d2015-12-10 15:07:30 -05003321 goto end;
3322 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003323#elif (defined OPENSSL_IS_BORINGSSL)
3324 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003325#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003326 }
3327 }
3328
3329 /* Load DH params into the ctx to support DHE keys */
3330#ifndef OPENSSL_NO_DH
3331 if (ssl_dh_ptr_index >= 0)
3332 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3333
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003334 errcode |= ssl_sock_load_dh_params(cur_ctx, NULL, err);
3335 if (errcode & ERR_CODE) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003336 if (err)
3337 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3338 *err ? *err : "", path);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003339 goto end;
3340 }
3341#endif
3342
3343 /* Update key_combos */
3344 key_combos[i-1].ctx = cur_ctx;
3345 }
3346
3347 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003348 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
William Lallemand24e292c2019-10-03 23:46:33 +02003349 kinfo, str, key_combos[i-1].order);
3350 if (key_combos[i-1].order < 0) {
3351 memprintf(err, "%sunable to create a sni context.\n", err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003352 errcode |= ERR_ALERT | ERR_FATAL;
William Lallemand24e292c2019-10-03 23:46:33 +02003353 goto end;
3354 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003355 node = ebmb_next(node);
3356 }
3357
3358
3359 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3360 if (!bind_conf->default_ctx) {
3361 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3362 if (key_combos[i].ctx) {
3363 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003364 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003365 break;
3366 }
3367 }
3368 }
3369
3370end:
3371
3372 if (names)
3373 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3374
3375 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3376 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3377
3378 node = ebmb_first(&sni_keytypes_map);
3379 while (node) {
3380 next = ebmb_next(node);
3381 ebmb_delete(node);
William Lallemande92c0302019-10-04 17:24:39 +02003382 free(ebmb_entry(node, struct sni_keytype, name));
yanbzhu08ce6ab2015-12-02 13:01:29 -05003383 node = next;
3384 }
3385
Willy Tarreaub131c872019-10-16 16:42:19 +02003386 return errcode;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003387}
3388#else
3389/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003390static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3391 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003392{
3393 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3394 err && *err ? *err : "", path, strerror(errno));
3395 return 1;
3396}
3397
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003398#endif /* #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
yanbzhu488a4d22015-12-01 15:16:07 -05003399
Emeric Brunfc0421f2012-09-07 17:30:07 +02003400/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3401 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3402 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003403static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3404 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003405{
3406 BIO *in;
3407 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003408 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003409 int ret = -1;
3410 int order = 0;
3411 X509_NAME *xname;
3412 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003413 pem_password_cb *passwd_cb;
3414 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003415 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003416 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003417
Emeric Brunfc0421f2012-09-07 17:30:07 +02003418#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3419 STACK_OF(GENERAL_NAME) *names;
3420#endif
3421
3422 in = BIO_new(BIO_s_file());
3423 if (in == NULL)
3424 goto end;
3425
3426 if (BIO_read_filename(in, file) <= 0)
3427 goto end;
3428
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003429
3430 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3431 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3432
3433 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003434 if (x == NULL)
3435 goto end;
3436
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003437 pkey = X509_get_pubkey(x);
3438 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003439 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003440 switch(EVP_PKEY_base_id(pkey)) {
3441 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003442 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003443 break;
3444 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003445 kinfo.sig = TLSEXT_signature_ecdsa;
3446 break;
3447 case EVP_PKEY_DSA:
3448 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003449 break;
3450 }
3451 EVP_PKEY_free(pkey);
3452 }
3453
Emeric Brun50bcecc2013-04-22 13:05:23 +02003454 if (fcount) {
William Lallemand24e292c2019-10-03 23:46:33 +02003455 while (fcount--) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003456 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
William Lallemand24e292c2019-10-03 23:46:33 +02003457 if (order < 0)
3458 goto end;
3459 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003460 }
3461 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003462#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003463 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3464 if (names) {
3465 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3466 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3467 if (name->type == GEN_DNS) {
3468 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003469 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003470 OPENSSL_free(str);
William Lallemand24e292c2019-10-03 23:46:33 +02003471 if (order < 0)
3472 goto end;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003473 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003474 }
3475 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003476 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003477 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003478#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003479 xname = X509_get_subject_name(x);
3480 i = -1;
3481 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3482 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003483 ASN1_STRING *value;
3484
3485 value = X509_NAME_ENTRY_get_data(entry);
3486 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003487 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003488 OPENSSL_free(str);
William Lallemand24e292c2019-10-03 23:46:33 +02003489 if (order < 0)
3490 goto end;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003491 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003492 }
3493 }
3494
3495 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3496 if (!SSL_CTX_use_certificate(ctx, x))
3497 goto end;
3498
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003499#ifdef SSL_CTX_clear_extra_chain_certs
3500 SSL_CTX_clear_extra_chain_certs(ctx);
3501#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003502 if (ctx->extra_certs != NULL) {
3503 sk_X509_pop_free(ctx->extra_certs, X509_free);
3504 ctx->extra_certs = NULL;
3505 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003506#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003507
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003508 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003509 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3510 X509_free(ca);
3511 goto end;
3512 }
3513 }
3514
3515 err = ERR_get_error();
3516 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3517 /* we successfully reached the last cert in the file */
3518 ret = 1;
3519 }
3520 ERR_clear_error();
3521
3522end:
3523 if (x)
3524 X509_free(x);
3525
3526 if (in)
3527 BIO_free(in);
3528
3529 return ret;
3530}
3531
Willy Tarreaub131c872019-10-16 16:42:19 +02003532/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003533static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3534 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003535{
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003536 int errcode = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003537 int ret;
3538 SSL_CTX *ctx;
3539
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003540 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003541 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003542 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3543 err && *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003544 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003545 }
3546
3547 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003548 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3549 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003550 SSL_CTX_free(ctx);
Willy Tarreaub131c872019-10-16 16:42:19 +02003551 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003552 }
3553
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003554 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003555 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003556 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3557 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003558 if (ret < 0) /* serious error, must do that ourselves */
3559 SSL_CTX_free(ctx);
Willy Tarreaub131c872019-10-16 16:42:19 +02003560 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003561 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003562
3563 if (SSL_CTX_check_private_key(ctx) <= 0) {
3564 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3565 err && *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003566 return ERR_ALERT | ERR_FATAL;
Emeric Brun61694ab2012-10-26 13:35:33 +02003567 }
3568
Emeric Brunfc0421f2012-09-07 17:30:07 +02003569 /* we must not free the SSL_CTX anymore below, since it's already in
3570 * the tree, so it will be discovered and cleaned in time.
3571 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003572#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003573 /* store a NULL pointer to indicate we have not yet loaded
3574 a custom DH param file */
3575 if (ssl_dh_ptr_index >= 0) {
3576 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3577 }
3578
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003579 errcode |= ssl_sock_load_dh_params(ctx, path, err);
3580 if (errcode & ERR_CODE) {
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003581 if (err)
3582 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3583 *err ? *err : "", path);
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003584 return errcode;
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003585 }
3586#endif
3587
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003588#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003589 ret = ssl_sock_load_ocsp(ctx, path);
3590 if (ret < 0) {
3591 if (err)
3592 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3593 *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003594 return ERR_ALERT | ERR_FATAL;
Emeric Brun4147b2e2014-06-16 18:36:30 +02003595 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003596#elif (defined OPENSSL_IS_BORINGSSL)
3597 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003598#endif
3599
Willy Tarreau5db847a2019-05-09 14:13:35 +02003600#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003601 if (sctl_ex_index >= 0) {
3602 ret = ssl_sock_load_sctl(ctx, path);
3603 if (ret < 0) {
3604 if (err)
3605 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3606 *err ? *err : "", path);
Willy Tarreaub131c872019-10-16 16:42:19 +02003607 return ERR_ALERT | ERR_FATAL;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003608 }
3609 }
3610#endif
3611
Emeric Brunfc0421f2012-09-07 17:30:07 +02003612#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003613 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003614 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3615 err && *err ? *err : "");
Willy Tarreaub131c872019-10-16 16:42:19 +02003616 return ERR_ALERT | ERR_FATAL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003617 }
3618#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003619 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003620 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003621 bind_conf->default_ssl_conf = ssl_conf;
3622 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003623
Emeric Bruncfc1afe2019-10-17 13:27:40 +02003624 return errcode;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003625}
3626
Willy Tarreaub131c872019-10-16 16:42:19 +02003627
3628/* Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau03209342016-12-22 17:08:28 +01003629int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003630{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003631 struct dirent **de_list;
3632 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003633 DIR *dir;
3634 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003635 char *end;
3636 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003637 int cfgerr = 0;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003638#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003639 int is_bundle;
3640 int j;
3641#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003642
yanbzhu08ce6ab2015-12-02 13:01:29 -05003643 if (stat(path, &buf) == 0) {
3644 dir = opendir(path);
3645 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003646 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003647
yanbzhu08ce6ab2015-12-02 13:01:29 -05003648 /* strip trailing slashes, including first one */
3649 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3650 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003651
yanbzhu08ce6ab2015-12-02 13:01:29 -05003652 n = scandir(path, &de_list, 0, alphasort);
3653 if (n < 0) {
3654 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3655 err && *err ? *err : "", path, strerror(errno));
Willy Tarreaub131c872019-10-16 16:42:19 +02003656 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003657 }
3658 else {
3659 for (i = 0; i < n; i++) {
3660 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003661
yanbzhu08ce6ab2015-12-02 13:01:29 -05003662 end = strrchr(de->d_name, '.');
3663 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3664 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003665
yanbzhu08ce6ab2015-12-02 13:01:29 -05003666 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3667 if (stat(fp, &buf) != 0) {
3668 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3669 err && *err ? *err : "", fp, strerror(errno));
Willy Tarreaub131c872019-10-16 16:42:19 +02003670 cfgerr |= ERR_ALERT | ERR_FATAL;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003671 goto ignore_entry;
3672 }
3673 if (!S_ISREG(buf.st_mode))
3674 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003675
Willy Tarreau9a1ab082019-05-09 13:26:41 +02003676#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
yanbzhu63ea8462015-12-09 13:35:14 -05003677 is_bundle = 0;
3678 /* Check if current entry in directory is part of a multi-cert bundle */
3679
3680 if (end) {
3681 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3682 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3683 is_bundle = 1;
3684 break;
3685 }
3686 }
3687
3688 if (is_bundle) {
yanbzhu63ea8462015-12-09 13:35:14 -05003689 int dp_len;
3690
3691 dp_len = end - de->d_name;
yanbzhu63ea8462015-12-09 13:35:14 -05003692
3693 /* increment i and free de until we get to a non-bundle cert
3694 * Note here that we look at de_list[i + 1] before freeing de
Willy Tarreau5b8a8652019-10-29 10:48:50 +01003695 * this is important since ignore_entry will free de. This also
3696 * guarantees that de->d_name continues to hold the same prefix.
yanbzhu63ea8462015-12-09 13:35:14 -05003697 */
Willy Tarreau5b8a8652019-10-29 10:48:50 +01003698 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, de->d_name, dp_len)) {
yanbzhu63ea8462015-12-09 13:35:14 -05003699 free(de);
3700 i++;
3701 de = de_list[i];
3702 }
3703
Willy Tarreau5b8a8652019-10-29 10:48:50 +01003704 snprintf(fp, sizeof(fp), "%s/%.*s", path, dp_len, de->d_name);
Willy Tarreaub131c872019-10-16 16:42:19 +02003705 cfgerr |= ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003706 /* Successfully processed the bundle */
3707 goto ignore_entry;
3708 }
3709 }
3710
3711#endif
Willy Tarreaub131c872019-10-16 16:42:19 +02003712 cfgerr |= ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003713ignore_entry:
3714 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003715 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003716 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003717 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003718 closedir(dir);
3719 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003720 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003721
Willy Tarreaub131c872019-10-16 16:42:19 +02003722 cfgerr |= ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003723
Emeric Brunfc0421f2012-09-07 17:30:07 +02003724 return cfgerr;
3725}
3726
Thierry Fournier383085f2013-01-24 14:15:43 +01003727/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3728 * done once. Zero is returned if the operation fails. No error is returned
3729 * if the random is said as not implemented, because we expect that openssl
3730 * will use another method once needed.
3731 */
3732static int ssl_initialize_random()
3733{
3734 unsigned char random;
3735 static int random_initialized = 0;
3736
3737 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3738 random_initialized = 1;
3739
3740 return random_initialized;
3741}
3742
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003743/* release ssl bind conf */
3744void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003745{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003746 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003747#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003748 free(conf->npn_str);
3749 conf->npn_str = NULL;
3750#endif
3751#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3752 free(conf->alpn_str);
3753 conf->alpn_str = NULL;
3754#endif
3755 free(conf->ca_file);
3756 conf->ca_file = NULL;
3757 free(conf->crl_file);
3758 conf->crl_file = NULL;
3759 free(conf->ciphers);
3760 conf->ciphers = NULL;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02003761#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02003762 free(conf->ciphersuites);
3763 conf->ciphersuites = NULL;
3764#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003765 free(conf->curves);
3766 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003767 free(conf->ecdhe);
3768 conf->ecdhe = NULL;
3769 }
3770}
3771
Willy Tarreaub131c872019-10-16 16:42:19 +02003772/* Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003773int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3774{
3775 char thisline[CRT_LINESIZE];
3776 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003777 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003778 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003779 int linenum = 0;
3780 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003781
Willy Tarreauad1731d2013-04-02 17:35:58 +02003782 if ((f = fopen(file, "r")) == NULL) {
3783 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Willy Tarreaub131c872019-10-16 16:42:19 +02003784 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003785 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003786
3787 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003788 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003789 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003790 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003791 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003792 char *crt_path;
3793 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003794
3795 linenum++;
3796 end = line + strlen(line);
3797 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3798 /* Check if we reached the limit and the last char is not \n.
3799 * Watch out for the last line without the terminating '\n'!
3800 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003801 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3802 linenum, file, (int)sizeof(thisline)-1);
Willy Tarreaub131c872019-10-16 16:42:19 +02003803 cfgerr |= ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003804 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003805 }
3806
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003807 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003808 newarg = 1;
3809 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003810 if (*line == '#' || *line == '\n' || *line == '\r') {
3811 /* end of string, end of loop */
3812 *line = 0;
3813 break;
Willy Tarreau26e4ab42020-02-25 07:51:59 +01003814 } else if (isspace((unsigned char)*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003815 newarg = 1;
3816 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003817 } else if (*line == '[') {
3818 if (ssl_b) {
3819 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003820 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003821 break;
3822 }
3823 if (!arg) {
3824 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003825 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003826 break;
3827 }
3828 ssl_b = arg;
3829 newarg = 1;
3830 *line = 0;
3831 } else if (*line == ']') {
3832 if (ssl_e) {
3833 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003834 cfgerr |= ERR_ALERT | ERR_FATAL;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003835 break;
3836 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003837 if (!ssl_b) {
3838 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003839 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003840 break;
3841 }
3842 ssl_e = arg;
3843 newarg = 1;
3844 *line = 0;
3845 } else if (newarg) {
3846 if (arg == MAX_CRT_ARGS) {
3847 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003848 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003849 break;
3850 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003851 newarg = 0;
3852 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003853 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003854 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003855 }
Willy Tarreaub131c872019-10-16 16:42:19 +02003856 if (cfgerr & ERR_CODE)
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003857 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003858 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003859
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003860 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003861 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003862 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003863
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003864 crt_path = args[0];
3865 if (*crt_path != '/' && global_ssl.crt_base) {
3866 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3867 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3868 crt_path, linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003869 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003870 break;
3871 }
3872 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3873 crt_path = path;
3874 }
3875
3876 ssl_conf = calloc(1, sizeof *ssl_conf);
3877 cur_arg = ssl_b ? ssl_b : 1;
3878 while (cur_arg < ssl_e) {
3879 newarg = 0;
3880 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3881 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3882 newarg = 1;
Willy Tarreaub131c872019-10-16 16:42:19 +02003883 cfgerr |= ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003884 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3885 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3886 args[cur_arg], linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003887 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003888 }
3889 cur_arg += 1 + ssl_bind_kws[i].skip;
3890 break;
3891 }
3892 }
3893 if (!cfgerr && !newarg) {
3894 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3895 args[cur_arg], linenum, file);
Willy Tarreaub131c872019-10-16 16:42:19 +02003896 cfgerr |= ERR_ALERT | ERR_FATAL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003897 break;
3898 }
3899 }
Willy Tarreaub131c872019-10-16 16:42:19 +02003900
3901 if (cfgerr & ERR_CODE) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003902 ssl_sock_free_ssl_conf(ssl_conf);
3903 free(ssl_conf);
3904 ssl_conf = NULL;
3905 break;
3906 }
3907
3908 if (stat(crt_path, &buf) == 0) {
Willy Tarreaub131c872019-10-16 16:42:19 +02003909 cfgerr |= ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003910 &args[cur_arg], arg - cur_arg - 1, err);
Willy Tarreaub131c872019-10-16 16:42:19 +02003911 } else {
3912 cfgerr |= ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3913 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003914 }
3915
Willy Tarreaub131c872019-10-16 16:42:19 +02003916 if (cfgerr & ERR_CODE) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02003917 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003918 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003919 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003920 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003921 fclose(f);
3922 return cfgerr;
3923}
3924
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003925/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003926static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003927ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003928{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003929 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003930 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003931 SSL_OP_ALL | /* all known workarounds for bugs */
3932 SSL_OP_NO_SSLv2 |
3933 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003934 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003935 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003936 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003937 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003938 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003939 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003940 SSL_MODE_ENABLE_PARTIAL_WRITE |
3941 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003942 SSL_MODE_RELEASE_BUFFERS |
3943 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003944 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003945 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003946 int flags = MC_SSL_O_ALL;
3947 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003948
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003949 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003950 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003951
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003952 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003953 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3954 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3955 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003956 else
3957 flags = conf_ssl_methods->flags;
3958
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003959 min = conf_ssl_methods->min;
3960 max = conf_ssl_methods->max;
3961 /* start with TLSv10 to remove SSLv3 per default */
3962 if (!min && (!max || max >= CONF_TLSV10))
3963 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003964 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003965 if (min)
3966 flags |= (methodVersions[min].flag - 1);
3967 if (max)
3968 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003969 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003970 min = max = CONF_TLSV_NONE;
3971 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003972 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003973 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003974 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003975 if (min) {
3976 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003977 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3978 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3979 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3980 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003981 hole = 0;
3982 }
3983 max = i;
3984 }
3985 else {
3986 min = max = i;
3987 }
3988 }
3989 else {
3990 if (min)
3991 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003992 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003993 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003994 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3995 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003996 cfgerr += 1;
3997 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003998 /* save real min/max in bind_conf */
3999 conf_ssl_methods->min = min;
4000 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004001
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004002#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004003 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004004 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004005 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004006 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004007 else
William Lallemand6dbb9a12020-06-11 17:34:00 +02004008 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++) {
4009 /* clear every version flags in case SSL_CTX_new()
4010 * returns an SSL_CTX with disabled versions */
4011 SSL_CTX_clear_options(ctx, methodVersions[i].option);
4012
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004013 if (flags & methodVersions[i].flag)
4014 options |= methodVersions[i].option;
William Lallemand6dbb9a12020-06-11 17:34:00 +02004015
4016 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004017#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004018 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004019 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4020 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02004021#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004022
4023 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
4024 options |= SSL_OP_NO_TICKET;
4025 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
4026 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
Dirkjan Bussink526894f2019-01-21 09:35:03 -08004027
4028#ifdef SSL_OP_NO_RENEGOTIATION
4029 options |= SSL_OP_NO_RENEGOTIATION;
4030#endif
4031
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004032 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004033
Willy Tarreau5db847a2019-05-09 14:13:35 +02004034#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004035 if (global_ssl.async)
4036 mode |= SSL_MODE_ASYNC;
4037#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004038 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004039 if (global_ssl.life_time)
4040 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004041
4042#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
4043#ifdef OPENSSL_IS_BORINGSSL
4044 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
4045 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Willy Tarreau5db847a2019-05-09 14:13:35 +02004046#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houcharde82c1d42019-12-17 15:39:54 +01004047 if (bind_conf->ssl_conf.early_data)
Olivier Houchard51088ce2019-01-02 18:46:41 +01004048 SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02004049 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
4050 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004051#else
4052 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004053#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02004054 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004055#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004056 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004057}
4058
William Lallemand4f45bb92017-10-30 20:08:51 +01004059
4060static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
4061{
4062 if (first == block) {
4063 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4064 if (first->len > 0)
4065 sh_ssl_sess_tree_delete(sh_ssl_sess);
4066 }
4067}
4068
4069/* return first block from sh_ssl_sess */
4070static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
4071{
4072 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
4073
4074}
4075
4076/* store a session into the cache
4077 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
4078 * data: asn1 encoded session
4079 * data_len: asn1 encoded session length
4080 * Returns 1 id session was stored (else 0)
4081 */
4082static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
4083{
4084 struct shared_block *first;
4085 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
4086
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004087 first = shctx_row_reserve_hot(ssl_shctx, NULL, data_len + sizeof(struct sh_ssl_sess_hdr));
William Lallemand4f45bb92017-10-30 20:08:51 +01004088 if (!first) {
4089 /* Could not retrieve enough free blocks to store that session */
4090 return 0;
4091 }
4092
4093 /* STORE the key in the first elem */
4094 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
4095 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
4096 first->len = sizeof(struct sh_ssl_sess_hdr);
4097
4098 /* it returns the already existing node
4099 or current node if none, never returns null */
4100 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
4101 if (oldsh_ssl_sess != sh_ssl_sess) {
4102 /* NOTE: Row couldn't be in use because we lock read & write function */
4103 /* release the reserved row */
4104 shctx_row_dec_hot(ssl_shctx, first);
4105 /* replace the previous session already in the tree */
4106 sh_ssl_sess = oldsh_ssl_sess;
4107 /* ignore the previous session data, only use the header */
4108 first = sh_ssl_sess_first_block(sh_ssl_sess);
4109 shctx_row_inc_hot(ssl_shctx, first);
4110 first->len = sizeof(struct sh_ssl_sess_hdr);
4111 }
4112
Frédéric Lécaille0bec8072018-10-22 17:55:57 +02004113 if (shctx_row_data_append(ssl_shctx, first, NULL, data, data_len) < 0) {
William Lallemand99b90af2018-01-03 19:15:51 +01004114 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004115 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01004116 }
4117
4118 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01004119
4120 return 1;
4121}
William Lallemanded0b5ad2017-10-30 19:36:36 +01004122
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004123/* SSL callback used when a new session is created while connecting to a server */
4124static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
4125{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004126 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004127 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004128
Willy Tarreau07d94e42018-09-20 10:57:52 +02004129 s = __objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004130
Olivier Houcharde6060c52017-11-16 17:42:52 +01004131 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
4132 int len;
4133 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004134
Olivier Houcharde6060c52017-11-16 17:42:52 +01004135 len = i2d_SSL_SESSION(sess, NULL);
4136 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
4137 ptr = s->ssl_ctx.reused_sess[tid].ptr;
4138 } else {
4139 free(s->ssl_ctx.reused_sess[tid].ptr);
4140 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
4141 s->ssl_ctx.reused_sess[tid].allocated_size = len;
4142 }
4143 if (s->ssl_ctx.reused_sess[tid].ptr) {
4144 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
4145 &ptr);
4146 }
4147 } else {
4148 free(s->ssl_ctx.reused_sess[tid].ptr);
4149 s->ssl_ctx.reused_sess[tid].ptr = NULL;
4150 }
4151
4152 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004153}
4154
Olivier Houcharde6060c52017-11-16 17:42:52 +01004155
William Lallemanded0b5ad2017-10-30 19:36:36 +01004156/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01004157int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004158{
4159 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
4160 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
4161 unsigned char *p;
4162 int data_len;
Emeric Brun7b34de32019-10-08 18:27:37 +02004163 unsigned int sid_length;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004164 const unsigned char *sid_data;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004165
4166 /* Session id is already stored in to key and session id is known
4167 * so we dont store it to keep size.
Emeric Brun7b34de32019-10-08 18:27:37 +02004168 * note: SSL_SESSION_set1_id is using
4169 * a memcpy so we need to use a different pointer
4170 * than sid_data or sid_ctx_data to avoid valgrind
4171 * complaining.
William Lallemanded0b5ad2017-10-30 19:36:36 +01004172 */
4173
4174 sid_data = SSL_SESSION_get_id(sess, &sid_length);
Emeric Brun7b34de32019-10-08 18:27:37 +02004175
4176 /* copy value in an other buffer */
4177 memcpy(encid, sid_data, sid_length);
4178
4179 /* pad with 0 */
4180 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
4181 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
4182
4183 /* force length to zero to avoid ASN1 encoding */
4184 SSL_SESSION_set1_id(sess, encid, 0);
4185
4186 /* force length to zero to avoid ASN1 encoding */
4187 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, 0);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004188
4189 /* check if buffer is large enough for the ASN1 encoded session */
4190 data_len = i2d_SSL_SESSION(sess, NULL);
4191 if (data_len > SHSESS_MAX_DATA_LEN)
4192 goto err;
4193
4194 p = encsess;
4195
4196 /* process ASN1 session encoding before the lock */
4197 i2d_SSL_SESSION(sess, &p);
4198
William Lallemanded0b5ad2017-10-30 19:36:36 +01004199
William Lallemanda3c77cf2017-10-30 23:44:40 +01004200 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004201 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004202 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01004203 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004204err:
4205 /* reset original length values */
Emeric Brun7b34de32019-10-08 18:27:37 +02004206 SSL_SESSION_set1_id(sess, encid, sid_length);
4207 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004208
4209 return 0; /* do not increment session reference count */
4210}
4211
4212/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004213SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004214{
William Lallemand4f45bb92017-10-30 20:08:51 +01004215 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004216 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
4217 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01004218 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01004219 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004220
4221 global.shctx_lookups++;
4222
4223 /* allow the session to be freed automatically by openssl */
4224 *do_copy = 0;
4225
4226 /* tree key is zeros padded sessionid */
4227 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4228 memcpy(tmpkey, key, key_len);
4229 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
4230 key = tmpkey;
4231 }
4232
4233 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004234 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004235
4236 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004237 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
4238 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004239 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004240 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004241 global.shctx_misses++;
4242 return NULL;
4243 }
4244
William Lallemand4f45bb92017-10-30 20:08:51 +01004245 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
4246 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004247
William Lallemand4f45bb92017-10-30 20:08:51 +01004248 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004249
William Lallemanda3c77cf2017-10-30 23:44:40 +01004250 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004251
4252 /* decode ASN1 session */
4253 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004254 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004255 /* Reset session id and session id contenxt */
4256 if (sess) {
4257 SSL_SESSION_set1_id(sess, key, key_len);
4258 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4259 }
4260
4261 return sess;
4262}
4263
William Lallemand4f45bb92017-10-30 20:08:51 +01004264
William Lallemanded0b5ad2017-10-30 19:36:36 +01004265/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004266void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004267{
William Lallemand4f45bb92017-10-30 20:08:51 +01004268 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004269 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4270 unsigned int sid_length;
4271 const unsigned char *sid_data;
4272 (void)ctx;
4273
4274 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4275 /* tree key is zeros padded sessionid */
4276 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4277 memcpy(tmpkey, sid_data, sid_length);
4278 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4279 sid_data = tmpkey;
4280 }
4281
William Lallemanda3c77cf2017-10-30 23:44:40 +01004282 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004283
4284 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004285 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4286 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004287 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004288 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004289 }
4290
4291 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004292 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004293}
4294
4295/* Set session cache mode to server and disable openssl internal cache.
4296 * Set shared cache callbacks on an ssl context.
4297 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004298void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004299{
4300 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4301
4302 if (!ssl_shctx) {
4303 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4304 return;
4305 }
4306
4307 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4308 SSL_SESS_CACHE_NO_INTERNAL |
4309 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4310
4311 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004312 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4313 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4314 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004315}
4316
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004317int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4318{
4319 struct proxy *curproxy = bind_conf->frontend;
4320 int cfgerr = 0;
4321 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004322 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004323 const char *conf_ciphers;
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004324#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004325 const char *conf_ciphersuites;
4326#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004327 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004328
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004329 if (ssl_conf) {
4330 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4331 int i, min, max;
4332 int flags = MC_SSL_O_ALL;
4333
4334 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004335 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4336 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004337 if (min)
4338 flags |= (methodVersions[min].flag - 1);
4339 if (max)
4340 flags |= ~((methodVersions[max].flag << 1) - 1);
4341 min = max = CONF_TLSV_NONE;
4342 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4343 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4344 if (min)
4345 max = i;
4346 else
4347 min = max = i;
4348 }
4349 /* save real min/max */
4350 conf_ssl_methods->min = min;
4351 conf_ssl_methods->max = max;
4352 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004353 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4354 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004355 cfgerr += 1;
4356 }
4357 }
4358
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004359 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004360 case SSL_SOCK_VERIFY_NONE:
4361 verify = SSL_VERIFY_NONE;
4362 break;
4363 case SSL_SOCK_VERIFY_OPTIONAL:
4364 verify = SSL_VERIFY_PEER;
4365 break;
4366 case SSL_SOCK_VERIFY_REQUIRED:
4367 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4368 break;
4369 }
4370 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4371 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004372 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4373 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4374 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004375 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004376 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004377 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4378 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004379 cfgerr++;
4380 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004381 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4382 /* set CA names for client cert request, function returns void */
4383 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4384 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004385 }
Emeric Brun850efd52014-01-29 12:24:34 +01004386 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004387 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4388 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004389 cfgerr++;
4390 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004391#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004392 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004393 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4394
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004395 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004396 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4397 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004398 cfgerr++;
4399 }
Emeric Brun561e5742012-10-02 15:20:55 +02004400 else {
4401 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4402 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004403 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004404#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004405 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004406 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004407#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004408 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004409 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004410 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4411 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004412 cfgerr++;
4413 }
4414 }
4415#endif
4416
William Lallemand4f45bb92017-10-30 20:08:51 +01004417 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004418 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4419 if (conf_ciphers &&
4420 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004421 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4422 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004423 cfgerr++;
4424 }
4425
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004426#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004427 conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
4428 if (conf_ciphersuites &&
4429 !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
4430 ha_alert("Proxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
4431 curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
4432 cfgerr++;
4433 }
4434#endif
4435
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004436#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004437 /* If tune.ssl.default-dh-param has not been set,
4438 neither has ssl-default-dh-file and no static DH
4439 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004440 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004441 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004442 (ssl_dh_ptr_index == -1 ||
4443 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004444 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4445 const SSL_CIPHER * cipher = NULL;
4446 char cipher_description[128];
4447 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4448 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4449 which is not ephemeral DH. */
4450 const char dhe_description[] = " Kx=DH ";
4451 const char dhe_export_description[] = " Kx=DH(";
4452 int idx = 0;
4453 int dhe_found = 0;
4454 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004455
Remi Gacogne23d5d372014-10-10 17:04:26 +02004456 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004457
Remi Gacogne23d5d372014-10-10 17:04:26 +02004458 if (ssl) {
4459 ciphers = SSL_get_ciphers(ssl);
4460
4461 if (ciphers) {
4462 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4463 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4464 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4465 if (strstr(cipher_description, dhe_description) != NULL ||
4466 strstr(cipher_description, dhe_export_description) != NULL) {
4467 dhe_found = 1;
4468 break;
4469 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004470 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004471 }
4472 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004473 SSL_free(ssl);
4474 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004475 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004476
Lukas Tribus90132722014-08-18 00:56:33 +02004477 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004478 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004479 }
4480
Willy Tarreauef934602016-12-22 23:12:01 +01004481 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004482 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004483
Willy Tarreauef934602016-12-22 23:12:01 +01004484 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004485 if (local_dh_1024 == NULL) {
4486 local_dh_1024 = ssl_get_dh_1024();
4487 }
Willy Tarreauef934602016-12-22 23:12:01 +01004488 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004489 if (local_dh_2048 == NULL) {
4490 local_dh_2048 = ssl_get_dh_2048();
4491 }
Willy Tarreauef934602016-12-22 23:12:01 +01004492 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004493 if (local_dh_4096 == NULL) {
4494 local_dh_4096 = ssl_get_dh_4096();
4495 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004496 }
4497 }
4498 }
4499#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004500
Emeric Brunfc0421f2012-09-07 17:30:07 +02004501 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004502#if HA_OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004503 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004504#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004505
Bernard Spil13c53f82018-02-15 13:34:58 +01004506#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004507 ssl_conf_cur = NULL;
4508 if (ssl_conf && ssl_conf->npn_str)
4509 ssl_conf_cur = ssl_conf;
4510 else if (bind_conf->ssl_conf.npn_str)
4511 ssl_conf_cur = &bind_conf->ssl_conf;
4512 if (ssl_conf_cur)
4513 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004514#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004515#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004516 ssl_conf_cur = NULL;
4517 if (ssl_conf && ssl_conf->alpn_str)
4518 ssl_conf_cur = ssl_conf;
4519 else if (bind_conf->ssl_conf.alpn_str)
4520 ssl_conf_cur = &bind_conf->ssl_conf;
4521 if (ssl_conf_cur)
4522 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004523#endif
Lukas Tribusd13e9252019-11-24 18:20:40 +01004524#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004525 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4526 if (conf_curves) {
4527 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004528 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4529 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004530 cfgerr++;
4531 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004532 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004533 }
4534#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004535#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004536 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004537 int i;
4538 EC_KEY *ecdh;
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004539#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004540 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004541 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4542 NULL);
4543
4544 if (ecdhe == NULL) {
Eric Salama27c21cd2019-11-20 11:33:40 +01004545 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02004546 return cfgerr;
4547 }
4548#else
4549 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4550 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4551 ECDHE_DEFAULT_CURVE);
4552#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004553
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004554 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004555 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004556 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4557 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004558 cfgerr++;
4559 }
4560 else {
4561 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4562 EC_KEY_free(ecdh);
4563 }
4564 }
4565#endif
4566
Emeric Brunfc0421f2012-09-07 17:30:07 +02004567 return cfgerr;
4568}
4569
Evan Broderbe554312013-06-27 00:05:25 -07004570static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4571{
4572 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4573 size_t prefixlen, suffixlen;
4574
4575 /* Trivial case */
William Lallemandb00a33b2020-09-14 15:20:10 +02004576 if (strcasecmp(pattern, hostname) == 0)
Evan Broderbe554312013-06-27 00:05:25 -07004577 return 1;
4578
Evan Broderbe554312013-06-27 00:05:25 -07004579 /* The rest of this logic is based on RFC 6125, section 6.4.3
4580 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4581
Emeric Bruna848dae2013-10-08 11:27:28 +02004582 pattern_wildcard = NULL;
4583 pattern_left_label_end = pattern;
4584 while (*pattern_left_label_end != '.') {
4585 switch (*pattern_left_label_end) {
4586 case 0:
4587 /* End of label not found */
4588 return 0;
4589 case '*':
4590 /* If there is more than one wildcards */
4591 if (pattern_wildcard)
4592 return 0;
4593 pattern_wildcard = pattern_left_label_end;
4594 break;
4595 }
4596 pattern_left_label_end++;
4597 }
4598
4599 /* If it's not trivial and there is no wildcard, it can't
4600 * match */
4601 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004602 return 0;
4603
4604 /* Make sure all labels match except the leftmost */
4605 hostname_left_label_end = strchr(hostname, '.');
4606 if (!hostname_left_label_end
William Lallemandb00a33b2020-09-14 15:20:10 +02004607 || strcasecmp(pattern_left_label_end, hostname_left_label_end) != 0)
Evan Broderbe554312013-06-27 00:05:25 -07004608 return 0;
4609
4610 /* Make sure the leftmost label of the hostname is long enough
4611 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004612 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004613 return 0;
4614
4615 /* Finally compare the string on either side of the
4616 * wildcard */
4617 prefixlen = pattern_wildcard - pattern;
4618 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
William Lallemandb00a33b2020-09-14 15:20:10 +02004619 if ((prefixlen && (strncasecmp(pattern, hostname, prefixlen) != 0))
4620 || (suffixlen && (strncasecmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004621 return 0;
4622
4623 return 1;
4624}
4625
4626static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4627{
4628 SSL *ssl;
4629 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01004630 struct ssl_sock_ctx *ssl_ctx;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004631 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004632 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004633
4634 int depth;
4635 X509 *cert;
4636 STACK_OF(GENERAL_NAME) *alt_names;
4637 int i;
4638 X509_NAME *cert_subject;
4639 char *str;
4640
4641 if (ok == 0)
4642 return ok;
4643
4644 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004645 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houchard66ab4982019-02-26 18:37:15 +01004646 ssl_ctx = conn->xprt_ctx;
Evan Broderbe554312013-06-27 00:05:25 -07004647
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004648 /* We're checking if the provided hostnames match the desired one. The
4649 * desired hostname comes from the SNI we presented if any, or if not
4650 * provided then it may have been explicitly stated using a "verifyhost"
4651 * directive. If neither is set, we don't care about the name so the
4652 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004653 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01004654 servername = SSL_get_servername(ssl_ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004655 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004656 if (!servername) {
Willy Tarreau07d94e42018-09-20 10:57:52 +02004657 servername = __objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004658 if (!servername)
4659 return ok;
4660 }
Evan Broderbe554312013-06-27 00:05:25 -07004661
4662 /* We only need to verify the CN on the actual server cert,
4663 * not the indirect CAs */
4664 depth = X509_STORE_CTX_get_error_depth(ctx);
4665 if (depth != 0)
4666 return ok;
4667
4668 /* At this point, the cert is *not* OK unless we can find a
4669 * hostname match */
4670 ok = 0;
4671
4672 cert = X509_STORE_CTX_get_current_cert(ctx);
4673 /* It seems like this might happen if verify peer isn't set */
4674 if (!cert)
4675 return ok;
4676
4677 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4678 if (alt_names) {
4679 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4680 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4681 if (name->type == GEN_DNS) {
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004682#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Emeric Bruna33410c2013-09-17 15:47:48 +02004683 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4684#else
Evan Broderbe554312013-06-27 00:05:25 -07004685 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004686#endif
Evan Broderbe554312013-06-27 00:05:25 -07004687 ok = ssl_sock_srv_hostcheck(str, servername);
4688 OPENSSL_free(str);
4689 }
4690 }
4691 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004692 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004693 }
4694
4695 cert_subject = X509_get_subject_name(cert);
4696 i = -1;
4697 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4698 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004699 ASN1_STRING *value;
4700 value = X509_NAME_ENTRY_get_data(entry);
4701 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004702 ok = ssl_sock_srv_hostcheck(str, servername);
4703 OPENSSL_free(str);
4704 }
4705 }
4706
Willy Tarreau71d058c2017-07-26 20:09:56 +02004707 /* report the mismatch and indicate if SNI was used or not */
4708 if (!ok && !conn->err_code)
4709 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004710 return ok;
4711}
4712
Emeric Brun94324a42012-10-11 14:00:19 +02004713/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004714int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004715{
Willy Tarreau03209342016-12-22 17:08:28 +01004716 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004717 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004718 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004719 SSL_OP_ALL | /* all known workarounds for bugs */
4720 SSL_OP_NO_SSLv2 |
4721 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004722 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004723 SSL_MODE_ENABLE_PARTIAL_WRITE |
4724 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004725 SSL_MODE_RELEASE_BUFFERS |
4726 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004727 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004728 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004729 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004730 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004731 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004732
Thierry Fournier383085f2013-01-24 14:15:43 +01004733 /* Make sure openssl opens /dev/urandom before the chroot */
4734 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004735 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004736 cfgerr++;
4737 }
4738
Willy Tarreaufce03112015-01-15 21:32:40 +01004739 /* Automatic memory computations need to know we use SSL there */
4740 global.ssl_used_backend = 1;
4741
4742 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004743 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004744 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004745 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4746 curproxy->id, srv->id,
4747 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004748 cfgerr++;
4749 return cfgerr;
4750 }
4751 }
Christopher Faulet68d35ae2020-03-27 18:55:49 +01004752 if (srv->use_ssl == 1)
Emeric Brun94324a42012-10-11 14:00:19 +02004753 srv->xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004754
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004755 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004756 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004757 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4758 proxy_type_str(curproxy), curproxy->id,
4759 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004760 cfgerr++;
4761 return cfgerr;
4762 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004763
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004764 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004765 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4766 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4767 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004768 else
4769 flags = conf_ssl_methods->flags;
4770
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004771 /* Real min and max should be determinate with configuration and openssl's capabilities */
4772 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004773 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004774 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004775 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004776
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004777 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004778 min = max = CONF_TLSV_NONE;
4779 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004780 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004781 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004782 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004783 if (min) {
4784 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004785 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4786 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4787 proxy_type_str(curproxy), curproxy->id, srv->id,
4788 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004789 hole = 0;
4790 }
4791 max = i;
4792 }
4793 else {
4794 min = max = i;
4795 }
4796 }
4797 else {
4798 if (min)
4799 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004800 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004801 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004802 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4803 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004804 cfgerr += 1;
4805 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004806
Willy Tarreau9a1ab082019-05-09 13:26:41 +02004807#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004808 /* Keep force-xxx implementation as it is in older haproxy. It's a
Joseph Herlant017b3da2018-11-15 09:07:59 -08004809 precautionary measure to avoid any surprise with older openssl version. */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004810 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004811 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004812 else
4813 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4814 if (flags & methodVersions[i].flag)
4815 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004816#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004817 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004818 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4819 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004820#endif
4821
4822 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4823 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004824 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004825
Willy Tarreau5db847a2019-05-09 14:13:35 +02004826#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004827 if (global_ssl.async)
4828 mode |= SSL_MODE_ASYNC;
4829#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004830 SSL_CTX_set_mode(ctx, mode);
4831 srv->ssl_ctx.ctx = ctx;
4832
Emeric Bruna7aa3092012-10-26 12:58:00 +02004833 if (srv->ssl_ctx.client_crt) {
4834 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004835 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4836 proxy_type_str(curproxy), curproxy->id,
4837 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004838 cfgerr++;
4839 }
4840 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004841 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4842 proxy_type_str(curproxy), curproxy->id,
4843 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004844 cfgerr++;
4845 }
4846 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004847 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4848 proxy_type_str(curproxy), curproxy->id,
4849 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004850 cfgerr++;
4851 }
4852 }
Emeric Brun94324a42012-10-11 14:00:19 +02004853
Emeric Brun850efd52014-01-29 12:24:34 +01004854 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4855 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004856 switch (srv->ssl_ctx.verify) {
4857 case SSL_SOCK_VERIFY_NONE:
4858 verify = SSL_VERIFY_NONE;
4859 break;
4860 case SSL_SOCK_VERIFY_REQUIRED:
4861 verify = SSL_VERIFY_PEER;
4862 break;
4863 }
Evan Broderbe554312013-06-27 00:05:25 -07004864 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004865 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004866 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004867 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004868 if (srv->ssl_ctx.ca_file) {
4869 /* load CAfile to verify */
4870 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004871 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4872 curproxy->id, srv->id,
4873 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004874 cfgerr++;
4875 }
4876 }
Emeric Brun850efd52014-01-29 12:24:34 +01004877 else {
4878 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004879 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4880 curproxy->id, srv->id,
4881 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004882 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004883 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4884 curproxy->id, srv->id,
4885 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004886 cfgerr++;
4887 }
Emeric Brunef42d922012-10-11 16:11:36 +02004888#ifdef X509_V_FLAG_CRL_CHECK
4889 if (srv->ssl_ctx.crl_file) {
4890 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4891
4892 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004893 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4894 curproxy->id, srv->id,
4895 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004896 cfgerr++;
4897 }
4898 else {
4899 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4900 }
4901 }
4902#endif
4903 }
4904
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004905 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4906 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4907 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004908 if (srv->ssl_ctx.ciphers &&
4909 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004910 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4911 curproxy->id, srv->id,
4912 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004913 cfgerr++;
4914 }
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004915
Emmanuel Hocdet839af572019-05-14 16:27:35 +02004916#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004917 if (srv->ssl_ctx.ciphersuites &&
Pierre Cheynierbc34cd12019-03-21 16:15:47 +00004918 !SSL_CTX_set_ciphersuites(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphersuites)) {
Dirkjan Bussink415150f2018-09-14 11:14:21 +02004919 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set TLS 1.3 cipher suites to '%s'.\n",
4920 curproxy->id, srv->id,
4921 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphersuites);
4922 cfgerr++;
4923 }
4924#endif
Olivier Houchardc7566002018-11-20 23:33:50 +01004925#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
4926 if (srv->ssl_ctx.npn_str)
4927 SSL_CTX_set_next_proto_select_cb(ctx, ssl_sock_srv_select_protos, srv);
4928#endif
4929#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
4930 if (srv->ssl_ctx.alpn_str)
4931 SSL_CTX_set_alpn_protos(ctx, (unsigned char *)srv->ssl_ctx.alpn_str, srv->ssl_ctx.alpn_len);
4932#endif
4933
Emeric Brun94324a42012-10-11 14:00:19 +02004934
4935 return cfgerr;
4936}
4937
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004938/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004939 * be NULL, in which case nothing is done. Returns the number of errors
4940 * encountered.
4941 */
Willy Tarreau03209342016-12-22 17:08:28 +01004942int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004943{
4944 struct ebmb_node *node;
4945 struct sni_ctx *sni;
4946 int err = 0;
4947
Willy Tarreaufce03112015-01-15 21:32:40 +01004948 /* Automatic memory computations need to know we use SSL there */
4949 global.ssl_used_frontend = 1;
4950
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004951 /* Make sure openssl opens /dev/urandom before the chroot */
4952 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004953 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004954 err++;
4955 }
4956 /* Create initial_ctx used to start the ssl connection before do switchctx */
4957 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004958 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004959 /* It should not be necessary to call this function, but it's
4960 necessary first to check and move all initialisation related
4961 to initial_ctx in ssl_sock_initial_ctx. */
4962 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4963 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004964 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004965 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004966
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004967 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004968 while (node) {
4969 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004970 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4971 /* only initialize the CTX on its first occurrence and
4972 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004973 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004974 node = ebmb_next(node);
4975 }
4976
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004977 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004978 while (node) {
4979 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004980 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4981 /* only initialize the CTX on its first occurrence and
4982 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004983 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004984 node = ebmb_next(node);
4985 }
4986 return err;
4987}
4988
Willy Tarreau55d37912016-12-21 23:38:39 +01004989/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4990 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4991 * alerts are directly emitted since the rest of the stack does it below.
4992 */
4993int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4994{
4995 struct proxy *px = bind_conf->frontend;
4996 int alloc_ctx;
4997 int err;
4998
4999 if (!bind_conf->is_ssl) {
5000 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005001 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
5002 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01005003 }
5004 return 0;
5005 }
5006 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005007 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005008 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
5009 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005010 }
5011 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005012 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
5013 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02005014 return -1;
5015 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005016 }
William Lallemandc61c0b32017-12-04 18:46:39 +01005017 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005018 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
Frédéric Lécailleb7838af2018-10-22 16:21:39 +02005019 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE, -1,
William Lallemandc3cd35f2017-11-28 11:04:43 +01005020 sizeof(*sh_ssl_sess_tree),
5021 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Frédéric Lécaille4c8aa112018-10-25 20:22:46 +02005022 if (alloc_ctx <= 0) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01005023 if (alloc_ctx == SHCTX_E_INIT_LOCK)
5024 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
5025 else
5026 ha_alert("Unable to allocate SSL session cache.\n");
5027 return -1;
5028 }
5029 /* free block callback */
5030 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
5031 /* init the root tree within the extra space */
5032 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
5033 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01005034 }
Willy Tarreau55d37912016-12-21 23:38:39 +01005035 err = 0;
5036 /* initialize all certificate contexts */
5037 err += ssl_sock_prepare_all_ctx(bind_conf);
5038
5039 /* initialize CA variables if the certificates generation is enabled */
5040 err += ssl_sock_load_ca(bind_conf);
5041
5042 return -err;
5043}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005044
5045/* release ssl context allocated for servers. */
5046void ssl_sock_free_srv_ctx(struct server *srv)
5047{
Olivier Houchardc7566002018-11-20 23:33:50 +01005048#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5049 if (srv->ssl_ctx.alpn_str)
5050 free(srv->ssl_ctx.alpn_str);
5051#endif
Lukas Tribusda95fd92018-11-25 13:21:27 +01005052#ifdef OPENSSL_NPN_NEGOTIATED
Olivier Houchardc7566002018-11-20 23:33:50 +01005053 if (srv->ssl_ctx.npn_str)
5054 free(srv->ssl_ctx.npn_str);
Lukas Tribus7706b852018-11-26 22:57:17 +01005055#endif
Christopher Faulet77fe80c2015-07-29 13:02:40 +02005056 if (srv->ssl_ctx.ctx)
5057 SSL_CTX_free(srv->ssl_ctx.ctx);
5058}
5059
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005060/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02005061 * be NULL, in which case nothing is done. The default_ctx is nullified too.
5062 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005063void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02005064{
5065 struct ebmb_node *node, *back;
5066 struct sni_ctx *sni;
5067
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005068 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005069 while (node) {
5070 sni = ebmb_entry(node, struct sni_ctx, name);
5071 back = ebmb_next(node);
5072 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005073 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005074 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005075 ssl_sock_free_ssl_conf(sni->conf);
5076 free(sni->conf);
5077 sni->conf = NULL;
5078 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005079 free(sni);
5080 node = back;
5081 }
5082
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005083 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02005084 while (node) {
5085 sni = ebmb_entry(node, struct sni_ctx, name);
5086 back = ebmb_next(node);
5087 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005088 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02005089 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005090 ssl_sock_free_ssl_conf(sni->conf);
5091 free(sni->conf);
5092 sni->conf = NULL;
5093 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02005094 free(sni);
5095 node = back;
5096 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01005097 SSL_CTX_free(bind_conf->initial_ctx);
5098 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02005099 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005100 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02005101}
5102
Willy Tarreau795cdab2016-12-22 17:30:54 +01005103/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
5104void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
5105{
5106 ssl_sock_free_ca(bind_conf);
5107 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01005108 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01005109 free(bind_conf->ca_sign_file);
5110 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02005111 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01005112 free(bind_conf->keys_ref->filename);
5113 free(bind_conf->keys_ref->tlskeys);
5114 LIST_DEL(&bind_conf->keys_ref->list);
5115 free(bind_conf->keys_ref);
5116 }
5117 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005118 bind_conf->ca_sign_pass = NULL;
5119 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01005120}
5121
Christopher Faulet31af49d2015-06-09 17:29:50 +02005122/* Load CA cert file and private key used to generate certificates */
5123int
Willy Tarreau03209342016-12-22 17:08:28 +01005124ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005125{
Willy Tarreau03209342016-12-22 17:08:28 +01005126 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005127 FILE *fp;
5128 X509 *cacert = NULL;
5129 EVP_PKEY *capkey = NULL;
5130 int err = 0;
5131
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02005132 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02005133 return err;
5134
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005135#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02005136 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01005137 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005138 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02005139 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02005140 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02005141#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02005142
Christopher Faulet31af49d2015-06-09 17:29:50 +02005143 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005144 ha_alert("Proxy '%s': cannot enable certificate generation, "
5145 "no CA certificate File configured at [%s:%d].\n",
5146 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005147 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005148 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005149
5150 /* read in the CA certificate */
5151 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005152 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5153 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005154 goto load_error;
5155 }
5156 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005157 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
5158 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005159 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005160 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005161 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005162 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01005163 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
5164 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005165 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005166 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02005167
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005168 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005169 bind_conf->ca_sign_cert = cacert;
5170 bind_conf->ca_sign_pkey = capkey;
5171 return err;
5172
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005173 read_error:
5174 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02005175 if (capkey) EVP_PKEY_free(capkey);
5176 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02005177 load_error:
5178 bind_conf->generate_certs = 0;
5179 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005180 return err;
5181}
5182
5183/* Release CA cert and private key used to generate certificated */
5184void
5185ssl_sock_free_ca(struct bind_conf *bind_conf)
5186{
Christopher Faulet31af49d2015-06-09 17:29:50 +02005187 if (bind_conf->ca_sign_pkey)
5188 EVP_PKEY_free(bind_conf->ca_sign_pkey);
5189 if (bind_conf->ca_sign_cert)
5190 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01005191 bind_conf->ca_sign_pkey = NULL;
5192 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02005193}
5194
Emeric Brun46591952012-05-18 15:47:34 +02005195/*
5196 * This function is called if SSL * context is not yet allocated. The function
5197 * is designed to be called before any other data-layer operation and sets the
5198 * handshake flag on the connection. It is safe to call it multiple times.
5199 * It returns 0 on success and -1 in error case.
5200 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005201static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005202{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005203 struct ssl_sock_ctx *ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005204 /* already initialized */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005205 if (*xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005206 return 0;
5207
Willy Tarreau3c728722014-01-23 13:50:42 +01005208 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005209 return 0;
5210
Olivier Houchard66ab4982019-02-26 18:37:15 +01005211 ctx = pool_alloc(ssl_sock_ctx_pool);
5212 if (!ctx) {
5213 conn->err_code = CO_ER_SSL_NO_MEM;
5214 return -1;
5215 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005216 ctx->wait_event.tasklet = tasklet_new();
5217 if (!ctx->wait_event.tasklet) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005218 conn->err_code = CO_ER_SSL_NO_MEM;
5219 pool_free(ssl_sock_ctx_pool, ctx);
5220 return -1;
5221 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005222 ctx->wait_event.tasklet->process = ssl_sock_io_cb;
5223 ctx->wait_event.tasklet->context = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005224 ctx->wait_event.events = 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005225 ctx->sent_early_data = 0;
Olivier Houchardf6715e72019-12-19 15:02:39 +01005226 ctx->early_buf = BUF_NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005227 ctx->conn = conn;
Olivier Houchard81284e62019-06-06 13:21:23 +02005228 ctx->send_wait = NULL;
5229 ctx->recv_wait = NULL;
Emeric Brun87cfd662019-09-06 15:36:02 +02005230 ctx->xprt_st = 0;
5231 ctx->xprt_ctx = NULL;
Olivier Houcharda8955d52019-04-07 22:00:38 +02005232
5233 /* Only work with sockets for now, this should be adapted when we'll
5234 * add QUIC support.
5235 */
5236 ctx->xprt = xprt_get(XPRT_RAW);
Olivier Houchard19afb272019-05-23 18:24:07 +02005237 if (ctx->xprt->init) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005238 if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0)
5239 goto err;
Olivier Houchard19afb272019-05-23 18:24:07 +02005240 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005241
Willy Tarreau20879a02012-12-03 16:32:10 +01005242 if (global.maxsslconn && sslconns >= global.maxsslconn) {
5243 conn->err_code = CO_ER_SSL_TOO_MANY;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005244 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005245 }
Willy Tarreau403edff2012-09-06 11:58:37 +02005246
Emeric Brun46591952012-05-18 15:47:34 +02005247 /* If it is in client mode initiate SSL session
5248 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005249 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005250 int may_retry = 1;
5251
5252 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02005253 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005254 ctx->ssl = SSL_new(__objt_server(conn->target)->ssl_ctx.ctx);
5255 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005256 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005257 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005258 goto retry_connect;
5259 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005260 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005261 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005262 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005263 ctx->bio = BIO_new(ha_meth);
5264 if (!ctx->bio) {
Olivier Houchardb451b972020-01-24 15:17:38 +01005265 SSL_free(ctx->ssl);
5266 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005267 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005268 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005269 goto retry_connect;
5270 }
Emeric Brun55476152014-11-12 17:35:37 +01005271 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005272 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005273 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005274 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005275 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005276
Evan Broderbe554312013-06-27 00:05:25 -07005277 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005278 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5279 SSL_free(ctx->ssl);
5280 ctx->ssl = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01005281 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005282 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005283 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005284 goto retry_connect;
5285 }
Emeric Brun55476152014-11-12 17:35:37 +01005286 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005287 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005288 }
5289
Olivier Houchard66ab4982019-02-26 18:37:15 +01005290 SSL_set_connect_state(ctx->ssl);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005291 if (__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5292 const unsigned char *ptr = __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
5293 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, __objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005294 if (sess && !SSL_set_session(ctx->ssl, sess)) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01005295 SSL_SESSION_free(sess);
Willy Tarreau07d94e42018-09-20 10:57:52 +02005296 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5297 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Olivier Houcharde6060c52017-11-16 17:42:52 +01005298 } else if (sess) {
5299 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01005300 }
5301 }
Evan Broderbe554312013-06-27 00:05:25 -07005302
Emeric Brun46591952012-05-18 15:47:34 +02005303 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005304 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02005305
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005306 _HA_ATOMIC_ADD(&sslconns, 1);
5307 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005308 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005309 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005310 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005311 if (conn->flags & CO_FL_ERROR)
5312 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005313 return 0;
5314 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01005315 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005316 int may_retry = 1;
5317
5318 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02005319 /* Alloc a new SSL session ctx */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005320 ctx->ssl = SSL_new(__objt_listener(conn->target)->bind_conf->initial_ctx);
5321 if (!ctx->ssl) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005322 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005323 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005324 goto retry_accept;
5325 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005326 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005327 goto err;
Willy Tarreau20879a02012-12-03 16:32:10 +01005328 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005329 ctx->bio = BIO_new(ha_meth);
5330 if (!ctx->bio) {
Olivier Houchardb451b972020-01-24 15:17:38 +01005331 SSL_free(ctx->ssl);
5332 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005333 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005334 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005335 goto retry_accept;
5336 }
Emeric Brun55476152014-11-12 17:35:37 +01005337 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005338 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005339 }
Olivier Houcharda8955d52019-04-07 22:00:38 +02005340 BIO_set_data(ctx->bio, ctx);
Olivier Houcharda8955d52019-04-07 22:00:38 +02005341 SSL_set_bio(ctx->ssl, ctx->bio, ctx->bio);
Emeric Brun46591952012-05-18 15:47:34 +02005342
Emeric Brune1f38db2012-09-03 20:36:47 +02005343 /* set connection pointer */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005344 if (!SSL_set_ex_data(ctx->ssl, ssl_app_data_index, conn)) {
5345 SSL_free(ctx->ssl);
5346 ctx->ssl = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005347 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005348 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005349 goto retry_accept;
5350 }
Emeric Brun55476152014-11-12 17:35:37 +01005351 conn->err_code = CO_ER_SSL_NO_MEM;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005352 goto err;
Emeric Brun55476152014-11-12 17:35:37 +01005353 }
5354
Frédéric Lécaille583362f2020-01-24 14:56:18 +01005355#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
5356 if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data) {
5357 b_alloc(&ctx->early_buf);
5358 SSL_set_max_early_data(ctx->ssl,
5359 /* Only allow early data if we managed to allocate
5360 * a buffer.
5361 */
5362 (!b_is_null(&ctx->early_buf)) ?
5363 global.tune.bufsize - global.tune.maxrewrite : 0);
5364 }
5365#endif
5366
Olivier Houchard66ab4982019-02-26 18:37:15 +01005367 SSL_set_accept_state(ctx->ssl);
Emeric Brune1f38db2012-09-03 20:36:47 +02005368
Emeric Brun46591952012-05-18 15:47:34 +02005369 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005370 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005371#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005372 conn->flags |= CO_FL_EARLY_SSL_HS;
5373#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005374
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01005375 _HA_ATOMIC_ADD(&sslconns, 1);
5376 _HA_ATOMIC_ADD(&totalsslconns, 1);
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005377 *xprt_ctx = ctx;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005378 /* Start the handshake */
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005379 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005380 if (conn->flags & CO_FL_ERROR)
5381 goto err;
Emeric Brun46591952012-05-18 15:47:34 +02005382 return 0;
5383 }
5384 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005385 conn->err_code = CO_ER_SSL_NO_TARGET;
Olivier Houchard66ab4982019-02-26 18:37:15 +01005386err:
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005387 if (ctx && ctx->wait_event.tasklet)
5388 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01005389 pool_free(ssl_sock_ctx_pool, ctx);
Emeric Brun46591952012-05-18 15:47:34 +02005390 return -1;
5391}
5392
5393
5394/* This is the callback which is used when an SSL handshake is pending. It
5395 * updates the FD status if it wants some polling before being called again.
5396 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5397 * otherwise it returns non-zero and removes itself from the connection's
5398 * flags (the bit is provided in <flag> by the caller).
5399 */
Olivier Houchard000694c2019-05-23 14:45:12 +02005400static int ssl_sock_handshake(struct connection *conn, unsigned int flag)
Emeric Brun46591952012-05-18 15:47:34 +02005401{
Olivier Houchard66ab4982019-02-26 18:37:15 +01005402 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
Emeric Brun46591952012-05-18 15:47:34 +02005403 int ret;
Willy Tarreau7a466f62021-02-02 15:42:25 +01005404 socklen_t lskerr;
5405 int skerr;
5406
Emeric Brun46591952012-05-18 15:47:34 +02005407
Willy Tarreau3c728722014-01-23 13:50:42 +01005408 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005409 return 0;
5410
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005411 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005412 goto out_error;
5413
Willy Tarreau7a466f62021-02-02 15:42:25 +01005414 /* don't start calculating a handshake on a dead connection */
5415 if (conn->flags & (CO_FL_ERROR | CO_FL_SOCK_RD_SH | CO_FL_SOCK_WR_SH))
5416 goto out_error;
5417
5418 /* FIXME/WT: for now we don't have a clear way to inspect the connection
5419 * status from the lower layers, so let's check the FD directly. Ideally
5420 * the xprt layers should provide some status indicating their knowledge
5421 * of shutdowns or error.
5422 */
5423 skerr = 0;
5424 lskerr = sizeof(skerr);
5425 if ((getsockopt(conn->handle.fd, SOL_SOCKET, SO_ERROR, &skerr, &lskerr) < 0) ||
5426 skerr != 0)
5427 goto out_error;
5428
Willy Tarreau5db847a2019-05-09 14:13:35 +02005429#if HA_OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02005430 /*
5431 * Check if we have early data. If we do, we have to read them
5432 * before SSL_do_handshake() is called, And there's no way to
5433 * detect early data, except to try to read them
5434 */
5435 if (conn->flags & CO_FL_EARLY_SSL_HS) {
Olivier Houchardf6715e72019-12-19 15:02:39 +01005436 size_t read_data = 0;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005437
Olivier Houchardf6715e72019-12-19 15:02:39 +01005438 while (1) {
5439 ret = SSL_read_early_data(ctx->ssl,
5440 b_tail(&ctx->early_buf), b_room(&ctx->early_buf),
5441 &read_data);
5442 if (ret == SSL_READ_EARLY_DATA_ERROR)
5443 goto check_error;
5444 if (read_data > 0) {
5445 conn->flags |= CO_FL_EARLY_DATA;
5446 b_add(&ctx->early_buf, read_data);
5447 }
5448 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5449 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5450 if (!b_data(&ctx->early_buf))
5451 b_free(&ctx->early_buf);
5452 break;
5453 }
5454 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005455 }
5456#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005457 /* If we use SSL_do_handshake to process a reneg initiated by
5458 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5459 * Usually SSL_write and SSL_read are used and process implicitly
5460 * the reneg handshake.
5461 * Here we use SSL_peek as a workaround for reneg.
5462 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005463 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005464 char c;
5465
Olivier Houchard66ab4982019-02-26 18:37:15 +01005466 ret = SSL_peek(ctx->ssl, &c, 1);
Emeric Brun674b7432012-11-08 19:21:55 +01005467 if (ret <= 0) {
5468 /* handshake may have not been completed, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005469 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005470
Emeric Brun674b7432012-11-08 19:21:55 +01005471 if (ret == SSL_ERROR_WANT_WRITE) {
5472 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005473 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005474 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005475 return 0;
5476 }
5477 else if (ret == SSL_ERROR_WANT_READ) {
5478 /* handshake may have been completed but we have
5479 * no more data to read.
5480 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005481 if (!SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun674b7432012-11-08 19:21:55 +01005482 ret = 1;
5483 goto reneg_ok;
5484 }
5485 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005486 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005487 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun674b7432012-11-08 19:21:55 +01005488 return 0;
5489 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005490#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005491 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005492 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005493 return 0;
5494 }
5495#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005496 else if (ret == SSL_ERROR_SYSCALL) {
5497 /* if errno is null, then connection was successfully established */
5498 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5499 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005500 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005501#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5502 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005503 conn->err_code = CO_ER_SSL_HANDSHAKE;
5504#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005505 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005506#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005507 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005508 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)ctx->ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005509 empty_handshake = state == TLS_ST_BEFORE;
5510#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005511 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5512 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005513#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005514 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005515 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005516 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005517 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5518 else
5519 conn->err_code = CO_ER_SSL_EMPTY;
5520 }
5521 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005522 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005523 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5524 else
5525 conn->err_code = CO_ER_SSL_ABORT;
5526 }
5527 }
5528 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005529 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005530 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005531 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005532 conn->err_code = CO_ER_SSL_HANDSHAKE;
5533 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005534#endif /* BoringSSL or LibreSSL */
Willy Tarreau20879a02012-12-03 16:32:10 +01005535 }
Emeric Brun674b7432012-11-08 19:21:55 +01005536 goto out_error;
5537 }
5538 else {
5539 /* Fail on all other handshake errors */
5540 /* Note: OpenSSL may leave unread bytes in the socket's
5541 * buffer, causing an RST to be emitted upon close() on
5542 * TCP sockets. We first try to drain possibly pending
5543 * data to avoid this as much as possible.
5544 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005545 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005546 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005547 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005548 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005549 goto out_error;
5550 }
5551 }
5552 /* read some data: consider handshake completed */
5553 goto reneg_ok;
5554 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01005555 ret = SSL_do_handshake(ctx->ssl);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005556check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005557 if (ret != 1) {
5558 /* handshake did not complete, let's find why */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005559 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005560
5561 if (ret == SSL_ERROR_WANT_WRITE) {
5562 /* SSL handshake needs to write, L4 connection may not be ready */
Olivier Houchard03abf2d2019-05-28 10:12:02 +02005563 if (!(ctx->wait_event.events & SUB_RETRY_SEND))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005564 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005565 return 0;
5566 }
5567 else if (ret == SSL_ERROR_WANT_READ) {
5568 /* SSL handshake needs to read, L4 connection is ready */
Olivier Houchardea8dd942019-05-20 14:02:16 +02005569 if (!(ctx->wait_event.events & SUB_RETRY_RECV))
Olivier Houchardea8dd942019-05-20 14:02:16 +02005570 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5571 SUB_RETRY_RECV, &ctx->wait_event);
Emeric Brun46591952012-05-18 15:47:34 +02005572 return 0;
5573 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005574#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005575 else if (ret == SSL_ERROR_WANT_ASYNC) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005576 ssl_async_process_fds(ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005577 return 0;
5578 }
5579#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005580 else if (ret == SSL_ERROR_SYSCALL) {
5581 /* if errno is null, then connection was successfully established */
5582 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5583 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005584 if (!conn->err_code) {
Lukas Tribus5db881f2019-07-08 14:29:15 +02005585#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
5586 /* do not handle empty handshakes in BoringSSL or LibreSSL */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005587 conn->err_code = CO_ER_SSL_HANDSHAKE;
5588#else
5589 int empty_handshake;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005590#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL)
Lukas Tribus5db881f2019-07-08 14:29:15 +02005591 /* use SSL_get_state() in OpenSSL >= 1.1.0; SSL_state() is broken */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005592 OSSL_HANDSHAKE_STATE state = SSL_get_state(ctx->ssl);
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005593 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005594#else
Lukas Tribus5db881f2019-07-08 14:29:15 +02005595 /* access packet_length directly in OpenSSL <= 1.0.2; SSL_state() is broken */
5596 empty_handshake = !ctx->ssl->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005597#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005598 if (empty_handshake) {
5599 if (!errno) {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005600 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005601 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5602 else
5603 conn->err_code = CO_ER_SSL_EMPTY;
5604 }
5605 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005606 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005607 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5608 else
5609 conn->err_code = CO_ER_SSL_ABORT;
5610 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005611 }
5612 else {
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005613 if (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
Emeric Brun29f037d2014-04-25 19:05:36 +02005614 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5615 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005616 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005617 }
Lukas Tribus5db881f2019-07-08 14:29:15 +02005618#endif /* BoringSSL or LibreSSL */
Emeric Brun29f037d2014-04-25 19:05:36 +02005619 }
Willy Tarreau89230192012-09-28 20:22:13 +02005620 goto out_error;
5621 }
Emeric Brun46591952012-05-18 15:47:34 +02005622 else {
5623 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005624 /* Note: OpenSSL may leave unread bytes in the socket's
5625 * buffer, causing an RST to be emitted upon close() on
5626 * TCP sockets. We first try to drain possibly pending
5627 * data to avoid this as much as possible.
5628 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005629 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005630 if (!conn->err_code)
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01005631 conn->err_code = (ctx->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
Willy Tarreauf51c6982014-04-25 20:02:39 +02005632 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005633 goto out_error;
5634 }
5635 }
Willy Tarreau5db847a2019-05-09 14:13:35 +02005636#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard522eea72017-11-03 16:27:47 +01005637 else {
5638 /*
5639 * If the server refused the early data, we have to send a
5640 * 425 to the client, as we no longer have the data to sent
5641 * them again.
5642 */
5643 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005644 if (SSL_get_early_data_status(ctx->ssl) == SSL_EARLY_DATA_REJECTED) {
Olivier Houchard522eea72017-11-03 16:27:47 +01005645 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5646 goto out_error;
5647 }
5648 }
5649 }
5650#endif
5651
Emeric Brun46591952012-05-18 15:47:34 +02005652
Emeric Brun674b7432012-11-08 19:21:55 +01005653reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005654
Willy Tarreau5db847a2019-05-09 14:13:35 +02005655#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005656 /* ASYNC engine API doesn't support moving read/write
5657 * buffers. So we disable ASYNC mode right after
5658 * the handshake to avoid buffer oveflows.
5659 */
5660 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005661 SSL_clear_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005662#endif
Emeric Brun46591952012-05-18 15:47:34 +02005663 /* Handshake succeeded */
Olivier Houchard66ab4982019-02-26 18:37:15 +01005664 if (!SSL_session_reused(ctx->ssl)) {
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005665 if (objt_server(conn->target)) {
5666 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5667 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5668 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005669 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005670 else {
5671 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5672 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5673 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5674 }
Emeric Brun46591952012-05-18 15:47:34 +02005675 }
5676
5677 /* The connection is now established at both layers, it's time to leave */
5678 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5679 return 1;
5680
5681 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005682 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005683 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005684 ERR_clear_error();
5685
Emeric Brun9fa89732012-10-04 17:09:56 +02005686 /* free resumed session if exists */
Willy Tarreau07d94e42018-09-20 10:57:52 +02005687 if (objt_server(conn->target) && __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5688 free(__objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5689 __objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005690 }
5691
Emeric Brun46591952012-05-18 15:47:34 +02005692 /* Fail on all other handshake errors */
5693 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005694 if (!conn->err_code)
5695 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005696 return 0;
5697}
5698
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005699static int ssl_subscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005700{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005701 struct wait_event *sw;
5702 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005703
Olivier Houcharda37eb6a2019-06-24 18:57:39 +02005704 if (!ctx)
5705 return -1;
5706
Olivier Houchardea8dd942019-05-20 14:02:16 +02005707 if (event_type & SUB_RETRY_RECV) {
5708 sw = param;
5709 BUG_ON(ctx->recv_wait != NULL || (sw->events & SUB_RETRY_RECV));
5710 sw->events |= SUB_RETRY_RECV;
5711 ctx->recv_wait = sw;
5712 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5713 !(ctx->wait_event.events & SUB_RETRY_RECV))
5714 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV, &ctx->wait_event);
5715 event_type &= ~SUB_RETRY_RECV;
5716 }
5717 if (event_type & SUB_RETRY_SEND) {
5718sw = param;
5719 BUG_ON(ctx->send_wait != NULL || (sw->events & SUB_RETRY_SEND));
5720 sw->events |= SUB_RETRY_SEND;
5721 ctx->send_wait = sw;
5722 if (!(conn->flags & CO_FL_SSL_WAIT_HS) &&
5723 !(ctx->wait_event.events & SUB_RETRY_SEND))
5724 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
5725 event_type &= ~SUB_RETRY_SEND;
5726
5727 }
5728 if (event_type != 0)
5729 return -1;
5730 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005731}
5732
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005733static int ssl_unsubscribe(struct connection *conn, void *xprt_ctx, int event_type, void *param)
Olivier Houcharddf357842019-03-21 16:30:07 +01005734{
Olivier Houchardea8dd942019-05-20 14:02:16 +02005735 struct wait_event *sw;
5736 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005737
Olivier Houchardea8dd942019-05-20 14:02:16 +02005738 if (event_type & SUB_RETRY_RECV) {
5739 sw = param;
5740 BUG_ON(ctx->recv_wait != sw);
5741 ctx->recv_wait = NULL;
5742 sw->events &= ~SUB_RETRY_RECV;
5743 /* If we subscribed, and we're not doing the handshake,
5744 * then we subscribed because the upper layer asked for it,
5745 * as the upper layer is no longer interested, we can
5746 * unsubscribe too.
5747 */
5748 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5749 (ctx->wait_event.events & SUB_RETRY_RECV))
5750 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_RECV,
5751 &ctx->wait_event);
5752 }
5753 if (event_type & SUB_RETRY_SEND) {
5754 sw = param;
5755 BUG_ON(ctx->send_wait != sw);
5756 ctx->send_wait = NULL;
5757 sw->events &= ~SUB_RETRY_SEND;
5758 if (!(ctx->conn->flags & CO_FL_SSL_WAIT_HS) &&
5759 (ctx->wait_event.events & SUB_RETRY_SEND))
5760 conn_unsubscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND,
5761 &ctx->wait_event);
5762
5763 }
5764
5765 return 0;
Olivier Houcharddf357842019-03-21 16:30:07 +01005766}
5767
Olivier Houchard2e055482019-05-27 19:50:12 +02005768/* Use the provided XPRT as an underlying XPRT, and provide the old one.
5769 * Returns 0 on success, and non-zero on failure.
5770 */
5771static int ssl_add_xprt(struct connection *conn, void *xprt_ctx, void *toadd_ctx, const struct xprt_ops *toadd_ops, void **oldxprt_ctx, const struct xprt_ops **oldxprt_ops)
5772{
5773 struct ssl_sock_ctx *ctx = xprt_ctx;
5774
5775 if (oldxprt_ops != NULL)
5776 *oldxprt_ops = ctx->xprt;
5777 if (oldxprt_ctx != NULL)
5778 *oldxprt_ctx = ctx->xprt_ctx;
5779 ctx->xprt = toadd_ops;
5780 ctx->xprt_ctx = toadd_ctx;
5781 return 0;
5782}
5783
Olivier Houchard5149b592019-05-23 17:47:36 +02005784/* Remove the specified xprt. If if it our underlying XPRT, remove it and
5785 * return 0, otherwise just call the remove_xprt method from the underlying
5786 * XPRT.
5787 */
5788static int ssl_remove_xprt(struct connection *conn, void *xprt_ctx, void *toremove_ctx, const struct xprt_ops *newops, void *newctx)
5789{
5790 struct ssl_sock_ctx *ctx = xprt_ctx;
5791
5792 if (ctx->xprt_ctx == toremove_ctx) {
5793 ctx->xprt_ctx = newctx;
5794 ctx->xprt = newops;
5795 return 0;
5796 }
5797 return (ctx->xprt->remove_xprt(conn, ctx->xprt_ctx, toremove_ctx, newops, newctx));
5798}
5799
Olivier Houchardea8dd942019-05-20 14:02:16 +02005800static struct task *ssl_sock_io_cb(struct task *t, void *context, unsigned short state)
5801{
5802 struct ssl_sock_ctx *ctx = context;
5803
5804 /* First if we're doing an handshake, try that */
5805 if (ctx->conn->flags & CO_FL_SSL_WAIT_HS)
5806 ssl_sock_handshake(ctx->conn, CO_FL_SSL_WAIT_HS);
5807 /* If we had an error, or the handshake is done and I/O is available,
5808 * let the upper layer know.
5809 * If no mux was set up yet, and nobody subscribed, then call
5810 * xprt_done_cb() ourself if it's set, or destroy the connection,
5811 * we can't be sure conn_fd_handler() will be called again.
5812 */
5813 if ((ctx->conn->flags & CO_FL_ERROR) ||
5814 !(ctx->conn->flags & CO_FL_SSL_WAIT_HS)) {
5815 int ret = 0;
5816 int woke = 0;
5817
5818 /* On error, wake any waiter */
5819 if (ctx->recv_wait) {
5820 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005821 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005822 ctx->recv_wait = NULL;
5823 woke = 1;
5824 }
5825 if (ctx->send_wait) {
5826 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02005827 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02005828 ctx->send_wait = NULL;
5829 woke = 1;
5830 }
5831 /* If we're the first xprt for the connection, let the
5832 * upper layers know. If xprt_done_cb() is set, call it,
5833 * otherwise, we should have a mux, so call its wake
5834 * method if we didn't woke a tasklet already.
5835 */
5836 if (ctx->conn->xprt_ctx == ctx) {
5837 if (ctx->conn->xprt_done_cb)
5838 ret = ctx->conn->xprt_done_cb(ctx->conn);
5839 if (ret >= 0 && !woke && ctx->conn->mux && ctx->conn->mux->wake)
5840 ctx->conn->mux->wake(ctx->conn);
5841 return NULL;
5842 }
5843 }
Olivier Houchardf6715e72019-12-19 15:02:39 +01005844#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
5845 /* If we have early data and somebody wants to receive, let them */
5846 else if (b_data(&ctx->early_buf) && ctx->recv_wait) {
5847 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
5848 tasklet_wakeup(ctx->recv_wait->tasklet);
5849 ctx->recv_wait = NULL;
5850
5851 }
5852#endif
Olivier Houchardea8dd942019-05-20 14:02:16 +02005853 return NULL;
5854}
5855
Emeric Brun46591952012-05-18 15:47:34 +02005856/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005857 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005858 * buffer wraps, in which case a second call may be performed. The connection's
5859 * flags are updated with whatever special event is detected (error, read0,
5860 * empty). The caller is responsible for taking care of those events and
5861 * avoiding the call if inappropriate. The function does not call the
5862 * connection's polling update function, so the caller is responsible for this.
5863 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005864static size_t ssl_sock_to_buf(struct connection *conn, void *xprt_ctx, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005865{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005866 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005867 ssize_t ret;
5868 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005869
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005870 conn_refresh_polling_flags(conn);
5871
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005872 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005873 goto out_error;
5874
Olivier Houchardf6715e72019-12-19 15:02:39 +01005875#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
5876 if (b_data(&ctx->early_buf)) {
5877 try = b_contig_space(buf);
5878 if (try > b_data(&ctx->early_buf))
5879 try = b_data(&ctx->early_buf);
5880 memcpy(b_tail(buf), b_head(&ctx->early_buf), try);
5881 b_add(buf, try);
5882 b_del(&ctx->early_buf, try);
5883 if (b_data(&ctx->early_buf) == 0)
5884 b_free(&ctx->early_buf);
5885 return try;
5886 }
5887#endif
5888
Emeric Brun46591952012-05-18 15:47:34 +02005889 if (conn->flags & CO_FL_HANDSHAKE)
5890 /* a handshake was requested */
5891 return 0;
5892
Emeric Brun46591952012-05-18 15:47:34 +02005893 /* read the largest possible block. For this, we perform only one call
5894 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5895 * in which case we accept to do it once again. A new attempt is made on
5896 * EINTR too.
5897 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005898 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005899
Willy Tarreau591d4452018-06-15 17:21:00 +02005900 try = b_contig_space(buf);
5901 if (!try)
5902 break;
5903
Willy Tarreauabf08d92014-01-14 11:31:27 +01005904 if (try > count)
5905 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005906
Olivier Houchard66ab4982019-02-26 18:37:15 +01005907 ret = SSL_read(ctx->ssl, b_tail(buf), try);
Emmanuel Hocdet510fce52019-08-05 18:04:16 +02005908
Emeric Brune1f38db2012-09-03 20:36:47 +02005909 if (conn->flags & CO_FL_ERROR) {
5910 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005911 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005912 }
Emeric Brun46591952012-05-18 15:47:34 +02005913 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005914 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005915 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005916 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005917 }
Emeric Brun46591952012-05-18 15:47:34 +02005918 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005919 ret = SSL_get_error(ctx->ssl, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005920 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005921 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005922 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02005923 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02005924#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005925 /* Async mode can be re-enabled, because we're leaving data state.*/
5926 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005927 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005928#endif
Emeric Brun46591952012-05-18 15:47:34 +02005929 break;
5930 }
5931 else if (ret == SSL_ERROR_WANT_READ) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01005932 if (SSL_renegotiate_pending(ctx->ssl)) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02005933 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
5934 SUB_RETRY_RECV,
5935 &ctx->wait_event);
Emeric Brun282a76a2012-11-08 18:02:56 +01005936 /* handshake is running, and it may need to re-enable read */
5937 conn->flags |= CO_FL_SSL_WAIT_HS;
Willy Tarreau5db847a2019-05-09 14:13:35 +02005938#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005939 /* Async mode can be re-enabled, because we're leaving data state.*/
5940 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01005941 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00005942#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005943 break;
5944 }
Emeric Brun46591952012-05-18 15:47:34 +02005945 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005946 } else if (ret == SSL_ERROR_ZERO_RETURN)
5947 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005948 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5949 * stack before shutting down the connection for
5950 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005951 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5952 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005953 /* otherwise it's a real error */
5954 goto out_error;
5955 }
5956 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005957 leave:
Emeric Brun46591952012-05-18 15:47:34 +02005958 return done;
5959
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005960 clear_ssl_error:
5961 /* Clear openssl global errors stack */
5962 ssl_sock_dump_errors(conn);
5963 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005964 read0:
5965 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005966 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005967
Emeric Brun46591952012-05-18 15:47:34 +02005968 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005969 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005970 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005971 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005972 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005973 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005974}
5975
5976
Willy Tarreau787db9a2018-06-14 18:31:46 +02005977/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5978 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5979 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005980 * Only one call to send() is performed, unless the buffer wraps, in which case
5981 * a second call may be performed. The connection's flags are updated with
5982 * whatever special event is detected (error, empty). The caller is responsible
5983 * for taking care of those events and avoiding the call if inappropriate. The
5984 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005985 * is responsible for this. The buffer's output is not adjusted, it's up to the
5986 * caller to take care of this. It's up to the caller to update the buffer's
5987 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005988 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005989static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005990{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005991 struct ssl_sock_ctx *ctx = xprt_ctx;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005992 ssize_t ret;
5993 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005994
5995 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005996 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005997
Olivier Houcharde179d0e2019-03-21 18:27:17 +01005998 if (!ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005999 goto out_error;
6000
Olivier Houchard010941f2019-05-03 20:56:19 +02006001 if (conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))
Emeric Brun46591952012-05-18 15:47:34 +02006002 /* a handshake was requested */
6003 return 0;
6004
6005 /* send the largest possible block. For this we perform only one call
6006 * to send() unless the buffer wraps and we exactly fill the first hunk,
6007 * in which case we accept to do it once again.
6008 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02006009 while (count) {
Willy Tarreau5db847a2019-05-09 14:13:35 +02006010#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchardc2aae742017-09-22 18:26:28 +02006011 size_t written_data;
6012#endif
6013
Willy Tarreau787db9a2018-06-14 18:31:46 +02006014 try = b_contig_data(buf, done);
6015 if (try > count)
6016 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01006017
Willy Tarreau7bed9452014-02-02 02:00:24 +01006018 if (!(flags & CO_SFL_STREAMER) &&
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006019 !(ctx->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01006020 global_ssl.max_record && try > global_ssl.max_record) {
6021 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006022 }
6023 else {
6024 /* we need to keep the information about the fact that
6025 * we're not limiting the upcoming send(), because if it
6026 * fails, we'll have to retry with at least as many data.
6027 */
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006028 ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau518cedd2014-02-17 15:43:01 +01006029 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01006030
Willy Tarreau5db847a2019-05-09 14:13:35 +02006031#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Olivier Houchard010941f2019-05-03 20:56:19 +02006032 if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02006033 unsigned int max_early;
6034
Olivier Houchard522eea72017-11-03 16:27:47 +01006035 if (objt_listener(conn->target))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006036 max_early = SSL_get_max_early_data(ctx->ssl);
Olivier Houchard522eea72017-11-03 16:27:47 +01006037 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006038 if (SSL_get0_session(ctx->ssl))
6039 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(ctx->ssl));
Olivier Houchard522eea72017-11-03 16:27:47 +01006040 else
6041 max_early = 0;
6042 }
6043
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006044 if (try + ctx->sent_early_data > max_early) {
6045 try -= (try + ctx->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01006046 if (try <= 0) {
Olivier Houchard010941f2019-05-03 20:56:19 +02006047 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006048 tasklet_wakeup(ctx->wait_event.tasklet);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006049 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01006050 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02006051 }
Olivier Houchard66ab4982019-02-26 18:37:15 +01006052 ret = SSL_write_early_data(ctx->ssl, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02006053 if (ret == 1) {
6054 ret = written_data;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006055 ctx->sent_early_data += ret;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006056 if (objt_server(conn->target)) {
Olivier Houchard522eea72017-11-03 16:27:47 +01006057 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
Olivier Houchard965e84e2019-06-15 20:59:30 +02006058 /* Initiate the handshake, now */
6059 tasklet_wakeup(ctx->wait_event.tasklet);
6060 }
Olivier Houchard522eea72017-11-03 16:27:47 +01006061
Olivier Houchardc2aae742017-09-22 18:26:28 +02006062 }
6063
6064 } else
6065#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006066 ret = SSL_write(ctx->ssl, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01006067
Emeric Brune1f38db2012-09-03 20:36:47 +02006068 if (conn->flags & CO_FL_ERROR) {
6069 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01006070 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02006071 }
Emeric Brun46591952012-05-18 15:47:34 +02006072 if (ret > 0) {
Olivier Houchardf24502b2019-01-17 19:09:11 +01006073 /* A send succeeded, so we can consier ourself connected */
6074 conn->flags |= CO_FL_CONNECTED;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006075 ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02006076 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02006077 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02006078 }
6079 else {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006080 ret = SSL_get_error(ctx->ssl, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006081
Emeric Brun46591952012-05-18 15:47:34 +02006082 if (ret == SSL_ERROR_WANT_WRITE) {
Olivier Houchard66ab4982019-02-26 18:37:15 +01006083 if (SSL_renegotiate_pending(ctx->ssl)) {
Emeric Brun282a76a2012-11-08 18:02:56 +01006084 /* handshake is running, and it may need to re-enable write */
6085 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006086 ctx->xprt->subscribe(conn, ctx->xprt_ctx, SUB_RETRY_SEND, &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006087#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006088 /* Async mode can be re-enabled, because we're leaving data state.*/
6089 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006090 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006091#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01006092 break;
6093 }
Olivier Houchardea8dd942019-05-20 14:02:16 +02006094
Emeric Brun46591952012-05-18 15:47:34 +02006095 break;
6096 }
6097 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01006098 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02006099 conn->flags |= CO_FL_SSL_WAIT_HS;
Olivier Houchardea8dd942019-05-20 14:02:16 +02006100 ctx->xprt->subscribe(conn, ctx->xprt_ctx,
6101 SUB_RETRY_RECV,
6102 &ctx->wait_event);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006103#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00006104 /* Async mode can be re-enabled, because we're leaving data state.*/
6105 if (global_ssl.async)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006106 SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
Emeric Brunb5e42a82017-06-06 12:35:14 +00006107#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006108 break;
6109 }
Emeric Brun46591952012-05-18 15:47:34 +02006110 goto out_error;
6111 }
6112 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006113 leave:
Emeric Brun46591952012-05-18 15:47:34 +02006114 return done;
6115
6116 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01006117 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006118 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006119 ERR_clear_error();
6120
Emeric Brun46591952012-05-18 15:47:34 +02006121 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02006122 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02006123}
6124
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006125static void ssl_sock_close(struct connection *conn, void *xprt_ctx) {
Emeric Brun46591952012-05-18 15:47:34 +02006126
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006127 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006128
Olivier Houchardea8dd942019-05-20 14:02:16 +02006129
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006130 if (ctx) {
Olivier Houchardea8dd942019-05-20 14:02:16 +02006131 if (ctx->wait_event.events != 0)
6132 ctx->xprt->unsubscribe(ctx->conn, ctx->xprt_ctx,
6133 ctx->wait_event.events,
6134 &ctx->wait_event);
6135 if (ctx->send_wait) {
6136 ctx->send_wait->events &= ~SUB_RETRY_SEND;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006137 tasklet_wakeup(ctx->send_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006138 }
6139 if (ctx->recv_wait) {
6140 ctx->recv_wait->events &= ~SUB_RETRY_RECV;
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006141 tasklet_wakeup(ctx->recv_wait->tasklet);
Olivier Houchardea8dd942019-05-20 14:02:16 +02006142 }
Olivier Houchard692c1d02019-05-23 18:41:47 +02006143 if (ctx->xprt->close)
6144 ctx->xprt->close(conn, ctx->xprt_ctx);
Willy Tarreau5db847a2019-05-09 14:13:35 +02006145#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02006146 if (global_ssl.async) {
6147 OSSL_ASYNC_FD all_fd[32], afd;
6148 size_t num_all_fds = 0;
6149 int i;
6150
Olivier Houchard66ab4982019-02-26 18:37:15 +01006151 SSL_get_all_async_fds(ctx->ssl, NULL, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006152 if (num_all_fds > 32) {
6153 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
6154 return;
6155 }
6156
Olivier Houchard66ab4982019-02-26 18:37:15 +01006157 SSL_get_all_async_fds(ctx->ssl, all_fd, &num_all_fds);
Emeric Brun3854e012017-05-17 20:42:48 +02006158
6159 /* If an async job is pending, we must try to
6160 to catch the end using polling before calling
6161 SSL_free */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006162 if (num_all_fds && SSL_waiting_for_async(ctx->ssl)) {
Emeric Brun3854e012017-05-17 20:42:48 +02006163 for (i=0 ; i < num_all_fds ; i++) {
6164 /* switch on an handler designed to
6165 * handle the SSL_free
6166 */
6167 afd = all_fd[i];
6168 fdtab[afd].iocb = ssl_async_fd_free;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006169 fdtab[afd].owner = ctx->ssl;
Emeric Brun3854e012017-05-17 20:42:48 +02006170 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00006171 /* To ensure that the fd cache won't be used
6172 * and we'll catch a real RD event.
6173 */
6174 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02006175 }
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006176 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006177 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006178 _HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006179 return;
6180 }
Emeric Brun3854e012017-05-17 20:42:48 +02006181 /* Else we can remove the fds from the fdtab
6182 * and call SSL_free.
6183 * note: we do a fd_remove and not a delete
6184 * because the fd is owned by the engine.
6185 * the engine is responsible to close
6186 */
6187 for (i=0 ; i < num_all_fds ; i++)
6188 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00006189 }
6190#endif
Olivier Houchard66ab4982019-02-26 18:37:15 +01006191 SSL_free(ctx->ssl);
Olivier Houchardf6715e72019-12-19 15:02:39 +01006192 b_free(&ctx->early_buf);
Willy Tarreau3c39a7d2019-06-14 14:42:29 +02006193 tasklet_free(ctx->wait_event.tasklet);
Olivier Houchard66ab4982019-02-26 18:37:15 +01006194 pool_free(ssl_sock_ctx_pool, ctx);
Olivier Houchard2be5a4c2019-03-08 18:54:43 +01006195 _HA_ATOMIC_SUB(&sslconns, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006196 }
Emeric Brun46591952012-05-18 15:47:34 +02006197}
6198
6199/* This function tries to perform a clean shutdown on an SSL connection, and in
6200 * any case, flags the connection as reusable if no handshake was in progress.
6201 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006202static void ssl_sock_shutw(struct connection *conn, void *xprt_ctx, int clean)
Emeric Brun46591952012-05-18 15:47:34 +02006203{
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006204 struct ssl_sock_ctx *ctx = xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006205
Emeric Brun46591952012-05-18 15:47:34 +02006206 if (conn->flags & CO_FL_HANDSHAKE)
6207 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01006208 if (!clean)
6209 /* don't sent notify on SSL_shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006210 SSL_set_quiet_shutdown(ctx->ssl, 1);
Emeric Brun46591952012-05-18 15:47:34 +02006211 /* no handshake was in progress, try a clean ssl shutdown */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006212 if (SSL_shutdown(ctx->ssl) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01006213 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02006214 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01006215 ERR_clear_error();
6216 }
Emeric Brun46591952012-05-18 15:47:34 +02006217}
6218
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006219/* used for ppv2 pkey alog (can be used for logging) */
Willy Tarreau83061a82018-07-13 11:56:34 +02006220int ssl_sock_get_pkey_algo(struct connection *conn, struct buffer *out)
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006221{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006222 struct ssl_sock_ctx *ctx;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006223 struct pkey_info *pkinfo;
6224 int bits = 0;
6225 int sig = TLSEXT_signature_anonymous;
6226 int len = -1;
6227
6228 if (!ssl_sock_is_ssl(conn))
6229 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006230 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006231 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ctx->ssl), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006232 if (pkinfo) {
6233 sig = pkinfo->sig;
6234 bits = pkinfo->bits;
6235 } else {
6236 /* multicert and generated cert have no pkey info */
6237 X509 *crt;
6238 EVP_PKEY *pkey;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006239 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01006240 if (!crt)
6241 return 0;
6242 pkey = X509_get_pubkey(crt);
6243 if (pkey) {
6244 bits = EVP_PKEY_bits(pkey);
6245 switch(EVP_PKEY_base_id(pkey)) {
6246 case EVP_PKEY_RSA:
6247 sig = TLSEXT_signature_rsa;
6248 break;
6249 case EVP_PKEY_EC:
6250 sig = TLSEXT_signature_ecdsa;
6251 break;
6252 case EVP_PKEY_DSA:
6253 sig = TLSEXT_signature_dsa;
6254 break;
6255 }
6256 EVP_PKEY_free(pkey);
6257 }
6258 }
6259
6260 switch(sig) {
6261 case TLSEXT_signature_rsa:
6262 len = chunk_printf(out, "RSA%d", bits);
6263 break;
6264 case TLSEXT_signature_ecdsa:
6265 len = chunk_printf(out, "EC%d", bits);
6266 break;
6267 case TLSEXT_signature_dsa:
6268 len = chunk_printf(out, "DSA%d", bits);
6269 break;
6270 default:
6271 return 0;
6272 }
6273 if (len < 0)
6274 return 0;
6275 return 1;
6276}
6277
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006278/* used for ppv2 cert signature (can be used for logging) */
6279const char *ssl_sock_get_cert_sig(struct connection *conn)
6280{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006281 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006282
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006283 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
6284 X509 *crt;
6285
6286 if (!ssl_sock_is_ssl(conn))
6287 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006288 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006289 crt = SSL_get_certificate(ctx->ssl);
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01006290 if (!crt)
6291 return NULL;
6292 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6293 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
6294}
6295
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006296/* used for ppv2 authority */
6297const char *ssl_sock_get_sni(struct connection *conn)
6298{
6299#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006300 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006301
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006302 if (!ssl_sock_is_ssl(conn))
6303 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006304 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006305 return SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006306#else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006307 return NULL;
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01006308#endif
6309}
6310
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006311/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006312const char *ssl_sock_get_cipher_name(struct connection *conn)
6313{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006314 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006315
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006316 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006317 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006318 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006319 return SSL_get_cipher_name(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006320}
6321
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006322/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006323const char *ssl_sock_get_proto_version(struct connection *conn)
6324{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006325 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006326
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02006327 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006328 return NULL;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006329 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006330 return SSL_get_version(ctx->ssl);
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02006331}
6332
Willy Tarreau8d598402012-10-22 17:58:39 +02006333/* Extract a serial from a cert, and copy it to a chunk.
6334 * Returns 1 if serial is found and copied, 0 if no serial found and
6335 * -1 if output is not large enough.
6336 */
6337static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006338ssl_sock_get_serial(X509 *crt, struct buffer *out)
Willy Tarreau8d598402012-10-22 17:58:39 +02006339{
6340 ASN1_INTEGER *serial;
6341
6342 serial = X509_get_serialNumber(crt);
6343 if (!serial)
6344 return 0;
6345
6346 if (out->size < serial->length)
6347 return -1;
6348
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006349 memcpy(out->area, serial->data, serial->length);
6350 out->data = serial->length;
Willy Tarreau8d598402012-10-22 17:58:39 +02006351 return 1;
6352}
6353
Emeric Brun43e79582014-10-29 19:03:26 +01006354/* Extract a cert to der, and copy it to a chunk.
Joseph Herlant017b3da2018-11-15 09:07:59 -08006355 * Returns 1 if the cert is found and copied, 0 on der conversion failure
6356 * and -1 if the output is not large enough.
Emeric Brun43e79582014-10-29 19:03:26 +01006357 */
6358static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006359ssl_sock_crt2der(X509 *crt, struct buffer *out)
Emeric Brun43e79582014-10-29 19:03:26 +01006360{
6361 int len;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006362 unsigned char *p = (unsigned char *) out->area;;
Emeric Brun43e79582014-10-29 19:03:26 +01006363
6364 len =i2d_X509(crt, NULL);
6365 if (len <= 0)
6366 return 1;
6367
6368 if (out->size < len)
6369 return -1;
6370
6371 i2d_X509(crt,&p);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006372 out->data = len;
Emeric Brun43e79582014-10-29 19:03:26 +01006373 return 1;
6374}
6375
Emeric Brunce5ad802012-10-22 14:11:22 +02006376
Willy Tarreau83061a82018-07-13 11:56:34 +02006377/* Copy Date in ASN1_UTCTIME format in struct buffer out.
Emeric Brunce5ad802012-10-22 14:11:22 +02006378 * Returns 1 if serial is found and copied, 0 if no valid time found
6379 * and -1 if output is not large enough.
6380 */
6381static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006382ssl_sock_get_time(ASN1_TIME *tm, struct buffer *out)
Emeric Brunce5ad802012-10-22 14:11:22 +02006383{
6384 if (tm->type == V_ASN1_GENERALIZEDTIME) {
6385 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
6386
6387 if (gentm->length < 12)
6388 return 0;
6389 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
6390 return 0;
6391 if (out->size < gentm->length-2)
6392 return -1;
6393
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006394 memcpy(out->area, gentm->data+2, gentm->length-2);
6395 out->data = gentm->length-2;
Emeric Brunce5ad802012-10-22 14:11:22 +02006396 return 1;
6397 }
6398 else if (tm->type == V_ASN1_UTCTIME) {
6399 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
6400
6401 if (utctm->length < 10)
6402 return 0;
6403 if (utctm->data[0] >= 0x35)
6404 return 0;
6405 if (out->size < utctm->length)
6406 return -1;
6407
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006408 memcpy(out->area, utctm->data, utctm->length);
6409 out->data = utctm->length;
Emeric Brunce5ad802012-10-22 14:11:22 +02006410 return 1;
6411 }
6412
6413 return 0;
6414}
6415
Emeric Brun87855892012-10-17 17:39:35 +02006416/* Extract an entry from a X509_NAME and copy its value to an output chunk.
6417 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
6418 */
6419static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006420ssl_sock_get_dn_entry(X509_NAME *a, const struct buffer *entry, int pos,
6421 struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006422{
6423 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006424 ASN1_OBJECT *obj;
6425 ASN1_STRING *data;
6426 const unsigned char *data_ptr;
6427 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006428 int i, j, n;
6429 int cur = 0;
6430 const char *s;
6431 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006432 int name_count;
6433
6434 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006435
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006436 out->data = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006437 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02006438 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006439 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02006440 else
6441 j = i;
6442
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006443 ne = X509_NAME_get_entry(a, j);
6444 obj = X509_NAME_ENTRY_get_object(ne);
6445 data = X509_NAME_ENTRY_get_data(ne);
6446 data_ptr = ASN1_STRING_get0_data(data);
6447 data_len = ASN1_STRING_length(data);
6448 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006449 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006450 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006451 s = tmp;
6452 }
6453
6454 if (chunk_strcasecmp(entry, s) != 0)
6455 continue;
6456
6457 if (pos < 0)
6458 cur--;
6459 else
6460 cur++;
6461
6462 if (cur != pos)
6463 continue;
6464
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006465 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02006466 return -1;
6467
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006468 memcpy(out->area, data_ptr, data_len);
6469 out->data = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006470 return 1;
6471 }
6472
6473 return 0;
6474
6475}
6476
6477/* Extract and format full DN from a X509_NAME and copy result into a chunk
6478 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
6479 */
6480static int
Willy Tarreau83061a82018-07-13 11:56:34 +02006481ssl_sock_get_dn_oneline(X509_NAME *a, struct buffer *out)
Emeric Brun87855892012-10-17 17:39:35 +02006482{
6483 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006484 ASN1_OBJECT *obj;
6485 ASN1_STRING *data;
6486 const unsigned char *data_ptr;
6487 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006488 int i, n, ln;
6489 int l = 0;
6490 const char *s;
6491 char *p;
6492 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006493 int name_count;
6494
6495
6496 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02006497
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006498 out->data = 0;
6499 p = out->area;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006500 for (i = 0; i < name_count; i++) {
6501 ne = X509_NAME_get_entry(a, i);
6502 obj = X509_NAME_ENTRY_get_object(ne);
6503 data = X509_NAME_ENTRY_get_data(ne);
6504 data_ptr = ASN1_STRING_get0_data(data);
6505 data_len = ASN1_STRING_length(data);
6506 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02006507 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006508 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02006509 s = tmp;
6510 }
6511 ln = strlen(s);
6512
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006513 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006514 if (l > out->size)
6515 return -1;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006516 out->data = l;
Emeric Brun87855892012-10-17 17:39:35 +02006517
6518 *(p++)='/';
6519 memcpy(p, s, ln);
6520 p += ln;
6521 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006522 memcpy(p, data_ptr, data_len);
6523 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02006524 }
6525
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006526 if (!out->data)
Emeric Brun87855892012-10-17 17:39:35 +02006527 return 0;
6528
6529 return 1;
6530}
6531
Olivier Houchardab28a322018-12-21 19:45:40 +01006532void ssl_sock_set_alpn(struct connection *conn, const unsigned char *alpn, int len)
6533{
6534#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006535 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006536
Olivier Houchardaa2ecea2019-06-28 14:10:33 +02006537 if (!ssl_sock_is_ssl(conn))
6538 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006539 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006540 SSL_set_alpn_protos(ctx->ssl, alpn, len);
Olivier Houchardab28a322018-12-21 19:45:40 +01006541#endif
6542}
6543
Willy Tarreau119a4082016-12-22 21:58:38 +01006544/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6545 * to disable SNI.
6546 */
Willy Tarreau63076412015-07-10 11:33:32 +02006547void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6548{
6549#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006550 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006551
Willy Tarreau119a4082016-12-22 21:58:38 +01006552 char *prev_name;
6553
Willy Tarreau63076412015-07-10 11:33:32 +02006554 if (!ssl_sock_is_ssl(conn))
6555 return;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006556 ctx = conn->xprt_ctx;
Willy Tarreau63076412015-07-10 11:33:32 +02006557
Willy Tarreau119a4082016-12-22 21:58:38 +01006558 /* if the SNI changes, we must destroy the reusable context so that a
6559 * new connection will present a new SNI. As an optimization we could
6560 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6561 * server.
6562 */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006563 prev_name = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau119a4082016-12-22 21:58:38 +01006564 if ((!prev_name && hostname) ||
6565 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
Olivier Houchard66ab4982019-02-26 18:37:15 +01006566 SSL_set_session(ctx->ssl, NULL);
Willy Tarreau119a4082016-12-22 21:58:38 +01006567
Olivier Houchard66ab4982019-02-26 18:37:15 +01006568 SSL_set_tlsext_host_name(ctx->ssl, hostname);
Willy Tarreau63076412015-07-10 11:33:32 +02006569#endif
6570}
6571
Emeric Brun0abf8362014-06-24 18:26:41 +02006572/* Extract peer certificate's common name into the chunk dest
6573 * Returns
6574 * the len of the extracted common name
6575 * or 0 if no CN found in DN
6576 * or -1 on error case (i.e. no peer certificate)
6577 */
Willy Tarreau83061a82018-07-13 11:56:34 +02006578int ssl_sock_get_remote_common_name(struct connection *conn,
6579 struct buffer *dest)
David Safb76832014-05-08 23:42:08 -04006580{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006581 struct ssl_sock_ctx *ctx;
David Safb76832014-05-08 23:42:08 -04006582 X509 *crt = NULL;
6583 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006584 const char find_cn[] = "CN";
Willy Tarreau83061a82018-07-13 11:56:34 +02006585 const struct buffer find_cn_chunk = {
Willy Tarreau843b7cb2018-07-13 10:54:26 +02006586 .area = (char *)&find_cn,
6587 .data = sizeof(find_cn)-1
David Safb76832014-05-08 23:42:08 -04006588 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006589 int result = -1;
David Safb76832014-05-08 23:42:08 -04006590
6591 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006592 goto out;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006593 ctx = conn->xprt_ctx;
David Safb76832014-05-08 23:42:08 -04006594
6595 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006596 crt = SSL_get_peer_certificate(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006597 if (!crt)
6598 goto out;
6599
6600 name = X509_get_subject_name(crt);
6601 if (!name)
6602 goto out;
David Safb76832014-05-08 23:42:08 -04006603
Emeric Brun0abf8362014-06-24 18:26:41 +02006604 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6605out:
David Safb76832014-05-08 23:42:08 -04006606 if (crt)
6607 X509_free(crt);
6608
6609 return result;
6610}
6611
Dave McCowan328fb582014-07-30 10:39:13 -04006612/* returns 1 if client passed a certificate for this session, 0 if not */
6613int ssl_sock_get_cert_used_sess(struct connection *conn)
6614{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006615 struct ssl_sock_ctx *ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006616 X509 *crt = NULL;
6617
6618 if (!ssl_sock_is_ssl(conn))
6619 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006620 ctx = conn->xprt_ctx;
Dave McCowan328fb582014-07-30 10:39:13 -04006621
6622 /* SSL_get_peer_certificate, it increase X509 * ref count */
Olivier Houchard66ab4982019-02-26 18:37:15 +01006623 crt = SSL_get_peer_certificate(ctx->ssl);
Dave McCowan328fb582014-07-30 10:39:13 -04006624 if (!crt)
6625 return 0;
6626
6627 X509_free(crt);
6628 return 1;
6629}
6630
6631/* returns 1 if client passed a certificate for this connection, 0 if not */
6632int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006633{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006634 struct ssl_sock_ctx *ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006635
David Safb76832014-05-08 23:42:08 -04006636 if (!ssl_sock_is_ssl(conn))
6637 return 0;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006638 ctx = conn->xprt_ctx;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006639 return SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
David Safb76832014-05-08 23:42:08 -04006640}
6641
6642/* returns result from SSL verify */
6643unsigned int ssl_sock_get_verify_result(struct connection *conn)
6644{
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006645 struct ssl_sock_ctx *ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006646
David Safb76832014-05-08 23:42:08 -04006647 if (!ssl_sock_is_ssl(conn))
6648 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
Christopher Faulet4517b0c2019-09-10 10:12:03 +02006649 ctx = conn->xprt_ctx;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006650 return (unsigned int)SSL_get_verify_result(ctx->ssl);
David Safb76832014-05-08 23:42:08 -04006651}
6652
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006653/* Returns the application layer protocol name in <str> and <len> when known.
6654 * Zero is returned if the protocol name was not found, otherwise non-zero is
6655 * returned. The string is allocated in the SSL context and doesn't have to be
6656 * freed by the caller. NPN is also checked if available since older versions
6657 * of openssl (1.0.1) which are more common in field only support this one.
6658 */
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006659static int ssl_sock_get_alpn(const struct connection *conn, void *xprt_ctx, const char **str, int *len)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006660{
Olivier Houchard66ab4982019-02-26 18:37:15 +01006661#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation) || \
6662 defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006663 struct ssl_sock_ctx *ctx = xprt_ctx;
6664 if (!ctx)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006665 return 0;
6666
6667 *str = NULL;
6668
6669#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Olivier Houchard66ab4982019-02-26 18:37:15 +01006670 SSL_get0_alpn_selected(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006671 if (*str)
6672 return 1;
6673#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006674#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006675 SSL_get0_next_proto_negotiated(ctx->ssl, (const unsigned char **)str, (unsigned *)len);
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006676 if (*str)
6677 return 1;
6678#endif
Olivier Houcharde179d0e2019-03-21 18:27:17 +01006679#endif
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006680 return 0;
6681}
6682
Willy Tarreau7875d092012-09-10 08:20:03 +02006683/***** Below are some sample fetching functions for ACL/patterns *****/
6684
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006685static int
6686smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6687{
6688 struct connection *conn;
6689
6690 conn = objt_conn(smp->sess->origin);
6691 if (!conn || conn->xprt != &ssl_sock)
6692 return 0;
6693
6694 smp->flags = 0;
6695 smp->data.type = SMP_T_BOOL;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006696#ifdef OPENSSL_IS_BORINGSSL
6697 {
6698 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
6699 smp->data.u.sint = (SSL_in_early_data(ctx->ssl) &&
6700 SSL_early_data_accepted(ctx->ssl));
6701 }
6702#else
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006703 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
Olivier Houchard629693f2020-01-23 14:57:36 +01006704 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS))) ? 1 : 0;
Emmanuel Hocdetbb8643c2019-08-07 14:44:49 +02006705#endif
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006706 return 1;
6707}
6708
Emeric Brune64aef12012-09-21 13:15:06 +02006709/* boolean, returns true if client cert was present */
6710static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006711smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006712{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006713 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006714 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006715
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006716 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006717 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006718 return 0;
6719
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006720 ctx = conn->xprt_ctx;
6721
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006722 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006723 smp->flags |= SMP_F_MAY_CHANGE;
6724 return 0;
6725 }
6726
6727 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006728 smp->data.type = SMP_T_BOOL;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01006729 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & ctx->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006730
6731 return 1;
6732}
6733
Emeric Brun43e79582014-10-29 19:03:26 +01006734/* binary, returns a certificate in a binary chunk (der/raw).
6735 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6736 * should be use.
6737 */
6738static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006739smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006740{
6741 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6742 X509 *crt = NULL;
6743 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006744 struct buffer *smp_trash;
Emeric Brun43e79582014-10-29 19:03:26 +01006745 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006746 struct ssl_sock_ctx *ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006747
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006748 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006749 if (!conn || conn->xprt != &ssl_sock)
6750 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006751 ctx = conn->xprt_ctx;
Emeric Brun43e79582014-10-29 19:03:26 +01006752
6753 if (!(conn->flags & CO_FL_CONNECTED)) {
6754 smp->flags |= SMP_F_MAY_CHANGE;
6755 return 0;
6756 }
6757
6758 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006759 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006760 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006761 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun43e79582014-10-29 19:03:26 +01006762
6763 if (!crt)
6764 goto out;
6765
6766 smp_trash = get_trash_chunk();
6767 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6768 goto out;
6769
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006770 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006771 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006772 ret = 1;
6773out:
6774 /* SSL_get_peer_certificate, it increase X509 * ref count */
6775 if (cert_peer && crt)
6776 X509_free(crt);
6777 return ret;
6778}
6779
Emeric Brunba841a12014-04-30 17:05:08 +02006780/* binary, returns serial of certificate in a binary chunk.
6781 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6782 * should be use.
6783 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006784static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006785smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006786{
Emeric Brunba841a12014-04-30 17:05:08 +02006787 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006788 X509 *crt = NULL;
6789 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006790 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006791 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006792 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006793
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006794 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006795 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006796 return 0;
6797
Olivier Houchard66ab4982019-02-26 18:37:15 +01006798 ctx = conn->xprt_ctx;
6799
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006800 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006801 smp->flags |= SMP_F_MAY_CHANGE;
6802 return 0;
6803 }
6804
Emeric Brunba841a12014-04-30 17:05:08 +02006805 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006806 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006807 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006808 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006809
Willy Tarreau8d598402012-10-22 17:58:39 +02006810 if (!crt)
6811 goto out;
6812
Willy Tarreau47ca5452012-12-23 20:22:19 +01006813 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006814 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6815 goto out;
6816
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006817 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006818 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006819 ret = 1;
6820out:
Emeric Brunba841a12014-04-30 17:05:08 +02006821 /* SSL_get_peer_certificate, it increase X509 * ref count */
6822 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006823 X509_free(crt);
6824 return ret;
6825}
Emeric Brune64aef12012-09-21 13:15:06 +02006826
Emeric Brunba841a12014-04-30 17:05:08 +02006827/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6828 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6829 * should be use.
6830 */
James Votha051b4a2013-05-14 20:37:59 +02006831static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006832smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006833{
Emeric Brunba841a12014-04-30 17:05:08 +02006834 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006835 X509 *crt = NULL;
6836 const EVP_MD *digest;
6837 int ret = 0;
Willy Tarreau767e8ad2020-02-25 08:59:23 +01006838 unsigned int len = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006839 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006840 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006841 struct ssl_sock_ctx *ctx;
James Votha051b4a2013-05-14 20:37:59 +02006842
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006843 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006844 if (!conn || conn->xprt != &ssl_sock)
6845 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006846 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006847
6848 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006849 smp->flags |= SMP_F_MAY_CHANGE;
6850 return 0;
6851 }
6852
Emeric Brunba841a12014-04-30 17:05:08 +02006853 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006854 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006855 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006856 crt = SSL_get_certificate(ctx->ssl);
James Votha051b4a2013-05-14 20:37:59 +02006857 if (!crt)
6858 goto out;
6859
6860 smp_trash = get_trash_chunk();
6861 digest = EVP_sha1();
Willy Tarreau767e8ad2020-02-25 08:59:23 +01006862 X509_digest(crt, digest, (unsigned char *) smp_trash->area, &len);
6863 smp_trash->data = len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006864 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006865 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006866 ret = 1;
6867out:
Emeric Brunba841a12014-04-30 17:05:08 +02006868 /* SSL_get_peer_certificate, it increase X509 * ref count */
6869 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006870 X509_free(crt);
6871 return ret;
6872}
6873
Emeric Brunba841a12014-04-30 17:05:08 +02006874/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6875 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6876 * should be use.
6877 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006878static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006879smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006880{
Emeric Brunba841a12014-04-30 17:05:08 +02006881 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006882 X509 *crt = NULL;
6883 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006884 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006885 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006886 struct ssl_sock_ctx *ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006887
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006888 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006889 if (!conn || conn->xprt != &ssl_sock)
6890 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006891 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006892
6893 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006894 smp->flags |= SMP_F_MAY_CHANGE;
6895 return 0;
6896 }
6897
Emeric Brunba841a12014-04-30 17:05:08 +02006898 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006899 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006900 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006901 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02006902 if (!crt)
6903 goto out;
6904
Willy Tarreau47ca5452012-12-23 20:22:19 +01006905 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08006906 if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02006907 goto out;
6908
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006909 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006910 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006911 ret = 1;
6912out:
Emeric Brunba841a12014-04-30 17:05:08 +02006913 /* SSL_get_peer_certificate, it increase X509 * ref count */
6914 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006915 X509_free(crt);
6916 return ret;
6917}
6918
Emeric Brunba841a12014-04-30 17:05:08 +02006919/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6920 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6921 * should be use.
6922 */
Emeric Brun87855892012-10-17 17:39:35 +02006923static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006924smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006925{
Emeric Brunba841a12014-04-30 17:05:08 +02006926 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006927 X509 *crt = NULL;
6928 X509_NAME *name;
6929 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006930 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006931 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006932 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02006933
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006934 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006935 if (!conn || conn->xprt != &ssl_sock)
6936 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006937 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006938
6939 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006940 smp->flags |= SMP_F_MAY_CHANGE;
6941 return 0;
6942 }
6943
Emeric Brunba841a12014-04-30 17:05:08 +02006944 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01006945 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02006946 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01006947 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02006948 if (!crt)
6949 goto out;
6950
6951 name = X509_get_issuer_name(crt);
6952 if (!name)
6953 goto out;
6954
Willy Tarreau47ca5452012-12-23 20:22:19 +01006955 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006956 if (args && args[0].type == ARGT_STR) {
6957 int pos = 1;
6958
6959 if (args[1].type == ARGT_SINT)
6960 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006961
6962 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6963 goto out;
6964 }
6965 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6966 goto out;
6967
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006968 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006969 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006970 ret = 1;
6971out:
Emeric Brunba841a12014-04-30 17:05:08 +02006972 /* SSL_get_peer_certificate, it increase X509 * ref count */
6973 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006974 X509_free(crt);
6975 return ret;
6976}
6977
Emeric Brunba841a12014-04-30 17:05:08 +02006978/* string, returns notbefore date in ASN1_UTCTIME format.
6979 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6980 * should be use.
6981 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006982static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006983smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006984{
Emeric Brunba841a12014-04-30 17:05:08 +02006985 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006986 X509 *crt = NULL;
6987 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02006988 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006989 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006990 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006991
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006992 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006993 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006994 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01006995 ctx = conn->xprt_ctx;
Emeric Brunce5ad802012-10-22 14:11:22 +02006996
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006997 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006998 smp->flags |= SMP_F_MAY_CHANGE;
6999 return 0;
7000 }
7001
Emeric Brunba841a12014-04-30 17:05:08 +02007002 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007003 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007004 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007005 crt = SSL_get_certificate(ctx->ssl);
Emeric Brunce5ad802012-10-22 14:11:22 +02007006 if (!crt)
7007 goto out;
7008
Willy Tarreau47ca5452012-12-23 20:22:19 +01007009 smp_trash = get_trash_chunk();
Rosen Penev68185952018-12-14 08:47:02 -08007010 if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
Emeric Brunce5ad802012-10-22 14:11:22 +02007011 goto out;
7012
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007013 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007014 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02007015 ret = 1;
7016out:
Emeric Brunba841a12014-04-30 17:05:08 +02007017 /* SSL_get_peer_certificate, it increase X509 * ref count */
7018 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02007019 X509_free(crt);
7020 return ret;
7021}
7022
Emeric Brunba841a12014-04-30 17:05:08 +02007023/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
7024 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7025 * should be use.
7026 */
Emeric Brun87855892012-10-17 17:39:35 +02007027static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007028smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02007029{
Emeric Brunba841a12014-04-30 17:05:08 +02007030 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02007031 X509 *crt = NULL;
7032 X509_NAME *name;
7033 int ret = 0;
Willy Tarreau83061a82018-07-13 11:56:34 +02007034 struct buffer *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007035 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007036 struct ssl_sock_ctx *ctx;
Emeric Brun87855892012-10-17 17:39:35 +02007037
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007038 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007039 if (!conn || conn->xprt != &ssl_sock)
7040 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007041 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007042
7043 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02007044 smp->flags |= SMP_F_MAY_CHANGE;
7045 return 0;
7046 }
7047
Emeric Brunba841a12014-04-30 17:05:08 +02007048 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007049 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007050 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007051 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun87855892012-10-17 17:39:35 +02007052 if (!crt)
7053 goto out;
7054
7055 name = X509_get_subject_name(crt);
7056 if (!name)
7057 goto out;
7058
Willy Tarreau47ca5452012-12-23 20:22:19 +01007059 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02007060 if (args && args[0].type == ARGT_STR) {
7061 int pos = 1;
7062
7063 if (args[1].type == ARGT_SINT)
7064 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02007065
7066 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
7067 goto out;
7068 }
7069 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
7070 goto out;
7071
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007072 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007073 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02007074 ret = 1;
7075out:
Emeric Brunba841a12014-04-30 17:05:08 +02007076 /* SSL_get_peer_certificate, it increase X509 * ref count */
7077 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02007078 X509_free(crt);
7079 return ret;
7080}
Emeric Brun9143d372012-12-20 15:44:16 +01007081
7082/* integer, returns true if current session use a client certificate */
7083static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007084smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01007085{
7086 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007087 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007088 struct ssl_sock_ctx *ctx;
Emeric Brun9143d372012-12-20 15:44:16 +01007089
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007090 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007091 if (!conn || conn->xprt != &ssl_sock)
7092 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007093 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007094
7095 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01007096 smp->flags |= SMP_F_MAY_CHANGE;
7097 return 0;
7098 }
7099
7100 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Olivier Houchard66ab4982019-02-26 18:37:15 +01007101 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brun9143d372012-12-20 15:44:16 +01007102 if (crt) {
7103 X509_free(crt);
7104 }
7105
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007106 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007107 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01007108 return 1;
7109}
7110
Emeric Brunba841a12014-04-30 17:05:08 +02007111/* integer, returns the certificate version
7112 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7113 * should be use.
7114 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02007115static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007116smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007117{
Emeric Brunba841a12014-04-30 17:05:08 +02007118 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007119 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007120 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007121 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007122
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007123 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007124 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02007125 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007126 ctx = conn->xprt_ctx;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007127
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007128 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02007129 smp->flags |= SMP_F_MAY_CHANGE;
7130 return 0;
7131 }
7132
Emeric Brunba841a12014-04-30 17:05:08 +02007133 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007134 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007135 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007136 crt = SSL_get_certificate(ctx->ssl);
Emeric Bruna7359fd2012-10-17 15:03:11 +02007137 if (!crt)
7138 return 0;
7139
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007140 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02007141 /* SSL_get_peer_certificate increase X509 * ref count */
7142 if (cert_peer)
7143 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007144 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02007145
7146 return 1;
7147}
7148
Emeric Brunba841a12014-04-30 17:05:08 +02007149/* string, returns the certificate's signature algorithm.
7150 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7151 * should be use.
7152 */
Emeric Brun7f56e742012-10-19 18:15:40 +02007153static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007154smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02007155{
Emeric Brunba841a12014-04-30 17:05:08 +02007156 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02007157 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007158 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02007159 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007160 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007161 struct ssl_sock_ctx *ctx;
Emeric Brun7f56e742012-10-19 18:15:40 +02007162
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007163 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007164 if (!conn || conn->xprt != &ssl_sock)
7165 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007166 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007167
7168 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02007169 smp->flags |= SMP_F_MAY_CHANGE;
7170 return 0;
7171 }
7172
Emeric Brunba841a12014-04-30 17:05:08 +02007173 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007174 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007175 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007176 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun7f56e742012-10-19 18:15:40 +02007177 if (!crt)
7178 return 0;
7179
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007180 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
7181 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02007182
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007183 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7184 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007185 /* SSL_get_peer_certificate increase X509 * ref count */
7186 if (cert_peer)
7187 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007188 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007189 }
Emeric Brun7f56e742012-10-19 18:15:40 +02007190
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007191 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007192 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007193 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007194 /* SSL_get_peer_certificate increase X509 * ref count */
7195 if (cert_peer)
7196 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02007197
7198 return 1;
7199}
7200
Emeric Brunba841a12014-04-30 17:05:08 +02007201/* string, returns the certificate's key algorithm.
7202 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
7203 * should be use.
7204 */
Emeric Brun521a0112012-10-22 12:22:55 +02007205static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007206smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02007207{
Emeric Brunba841a12014-04-30 17:05:08 +02007208 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02007209 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007210 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02007211 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007212 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007213 struct ssl_sock_ctx *ctx;
Emeric Brun521a0112012-10-22 12:22:55 +02007214
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007215 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007216 if (!conn || conn->xprt != &ssl_sock)
7217 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007218 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007219
7220 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02007221 smp->flags |= SMP_F_MAY_CHANGE;
7222 return 0;
7223 }
7224
Emeric Brunba841a12014-04-30 17:05:08 +02007225 if (cert_peer)
Olivier Houchard66ab4982019-02-26 18:37:15 +01007226 crt = SSL_get_peer_certificate(ctx->ssl);
Emeric Brunba841a12014-04-30 17:05:08 +02007227 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007228 crt = SSL_get_certificate(ctx->ssl);
Emeric Brun521a0112012-10-22 12:22:55 +02007229 if (!crt)
7230 return 0;
7231
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02007232 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
7233 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02007234
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007235 smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
7236 if (!smp->data.u.str.area) {
Emeric Brunba841a12014-04-30 17:05:08 +02007237 /* SSL_get_peer_certificate increase X509 * ref count */
7238 if (cert_peer)
7239 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007240 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02007241 }
Emeric Brun521a0112012-10-22 12:22:55 +02007242
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007243 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007244 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007245 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brunba841a12014-04-30 17:05:08 +02007246 if (cert_peer)
7247 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02007248
7249 return 1;
7250}
7251
Emeric Brun645ae792014-04-30 14:21:06 +02007252/* boolean, returns true if front conn. transport layer is SSL.
7253 * This function is also usable on backend conn if the fetch keyword 5th
7254 * char is 'b'.
7255 */
Willy Tarreau7875d092012-09-10 08:20:03 +02007256static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007257smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007258{
Emeric Bruneb8def92018-02-19 15:59:48 +01007259 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7260 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007261
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007262 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007263 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02007264 return 1;
7265}
7266
Emeric Brun2525b6b2012-10-18 15:59:43 +02007267/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02007268static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007269smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007270{
7271#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007272 struct connection *conn = objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007273 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007274
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007275 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007276 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007277 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007278 SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02007279 return 1;
7280#else
7281 return 0;
7282#endif
7283}
7284
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007285/* boolean, returns true if client session has been resumed.
7286 * This function is also usable on backend conn if the fetch keyword 5th
7287 * char is 'b'.
7288 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007289static int
7290smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
7291{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007292 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7293 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007294 struct ssl_sock_ctx *ctx = conn ? conn->xprt_ctx : NULL;
Emeric Brun74f7ffa2018-02-19 16:14:12 +01007295
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007296
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007297 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007298 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007299 conn->xprt_ctx &&
Olivier Houchard66ab4982019-02-26 18:37:15 +01007300 SSL_session_reused(ctx->ssl);
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02007301 return 1;
7302}
7303
Emeric Brun645ae792014-04-30 14:21:06 +02007304/* string, returns the used cipher if front conn. transport layer is SSL.
7305 * This function is also usable on backend conn if the fetch keyword 5th
7306 * char is 'b'.
7307 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007308static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007309smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007310{
Emeric Bruneb8def92018-02-19 15:59:48 +01007311 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7312 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007313 struct ssl_sock_ctx *ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007314
Willy Tarreaube508f12016-03-10 11:47:01 +01007315 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007316 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007317 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007318 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007319
Olivier Houchard66ab4982019-02-26 18:37:15 +01007320 smp->data.u.str.area = (char *)SSL_get_cipher_name(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007321 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007322 return 0;
7323
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007324 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007325 smp->flags |= SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007326 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007327
7328 return 1;
7329}
7330
Emeric Brun645ae792014-04-30 14:21:06 +02007331/* integer, returns the algoritm's keysize if front conn. transport layer
7332 * is SSL.
7333 * This function is also usable on backend conn if the fetch keyword 5th
7334 * char is 'b'.
7335 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007336static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007337smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007338{
Emeric Bruneb8def92018-02-19 15:59:48 +01007339 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7340 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007341 struct ssl_sock_ctx *ctx;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007342 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01007343
Emeric Brun589fcad2012-10-16 14:13:26 +02007344 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007345 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02007346 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007347 ctx = conn->xprt_ctx;
Emeric Brun589fcad2012-10-16 14:13:26 +02007348
Olivier Houchard66ab4982019-02-26 18:37:15 +01007349 if (!SSL_get_cipher_bits(ctx->ssl, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007350 return 0;
7351
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007352 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007353 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007354
7355 return 1;
7356}
7357
Emeric Brun645ae792014-04-30 14:21:06 +02007358/* integer, returns the used keysize if front conn. transport layer is SSL.
7359 * This function is also usable on backend conn if the fetch keyword 5th
7360 * char is 'b'.
7361 */
Emeric Brun589fcad2012-10-16 14:13:26 +02007362static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007363smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007364{
Emeric Bruneb8def92018-02-19 15:59:48 +01007365 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7366 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007367 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007368
Emeric Brun589fcad2012-10-16 14:13:26 +02007369 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007370 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7371 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007372 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007373
Olivier Houchard66ab4982019-02-26 18:37:15 +01007374 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(ctx->ssl, NULL);
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007375 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02007376 return 0;
7377
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007378 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02007379
7380 return 1;
7381}
7382
Bernard Spil13c53f82018-02-15 13:34:58 +01007383#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02007384static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007385smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007386{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007387 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007388 struct ssl_sock_ctx *ctx;
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007389 unsigned int len = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007390
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007391 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007392 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007393
Olivier Houchard6b77f492018-11-22 18:18:29 +01007394 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7395 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007396 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7397 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007398 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007399
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007400 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007401 SSL_get0_next_proto_negotiated(ctx->ssl,
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007402 (const unsigned char **)&smp->data.u.str.area,
7403 &len);
Willy Tarreaua33c6542012-10-15 13:19:06 +02007404
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007405 if (!smp->data.u.str.area)
Willy Tarreaua33c6542012-10-15 13:19:06 +02007406 return 0;
7407
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007408 smp->data.u.str.data = len;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007409 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02007410}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007411#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02007412
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007413#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007414static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007415smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02007416{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007417 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007418 struct ssl_sock_ctx *ctx;
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007419 unsigned int len = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007420
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007421 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007422 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02007423
Olivier Houchard6b77f492018-11-22 18:18:29 +01007424 conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
7425 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7426
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007427 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02007428 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007429 ctx = conn->xprt_ctx;
Willy Tarreauab861d32013-04-02 02:30:41 +02007430
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007431 smp->data.u.str.area = NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007432 SSL_get0_alpn_selected(ctx->ssl,
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007433 (const unsigned char **)&smp->data.u.str.area,
7434 &len);
Willy Tarreauab861d32013-04-02 02:30:41 +02007435
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007436 if (!smp->data.u.str.area)
Willy Tarreauab861d32013-04-02 02:30:41 +02007437 return 0;
7438
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007439 smp->data.u.str.data = len;
Willy Tarreauab861d32013-04-02 02:30:41 +02007440 return 1;
7441}
7442#endif
7443
Emeric Brun645ae792014-04-30 14:21:06 +02007444/* string, returns the used protocol if front conn. transport layer is SSL.
7445 * This function is also usable on backend conn if the fetch keyword 5th
7446 * char is 'b'.
7447 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02007448static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007449smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02007450{
Emeric Bruneb8def92018-02-19 15:59:48 +01007451 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7452 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007453 struct ssl_sock_ctx *ctx;
Willy Tarreaube508f12016-03-10 11:47:01 +01007454
Emeric Brun589fcad2012-10-16 14:13:26 +02007455 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007456 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7457 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007458 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007459
Olivier Houchard66ab4982019-02-26 18:37:15 +01007460 smp->data.u.str.area = (char *)SSL_get_version(ctx->ssl);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007461 if (!smp->data.u.str.area)
Emeric Brun589fcad2012-10-16 14:13:26 +02007462 return 0;
7463
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007464 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007465 smp->flags = SMP_F_CONST;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007466 smp->data.u.str.data = strlen(smp->data.u.str.area);
Emeric Brun589fcad2012-10-16 14:13:26 +02007467
7468 return 1;
7469}
7470
Willy Tarreau87b09662015-04-03 00:22:06 +02007471/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02007472 * This function is also usable on backend conn if the fetch keyword 5th
7473 * char is 'b'.
7474 */
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007475#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02007476static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007477smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02007478{
Emeric Bruneb8def92018-02-19 15:59:48 +01007479 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7480 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01007481 SSL_SESSION *ssl_sess;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007482 struct ssl_sock_ctx *ctx;
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007483 unsigned int len = 0;
Willy Tarreaube508f12016-03-10 11:47:01 +01007484
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007485 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007486 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02007487
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007488 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7489 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007490 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007491
Olivier Houchard66ab4982019-02-26 18:37:15 +01007492 ssl_sess = SSL_get_session(ctx->ssl);
Willy Tarreau192252e2015-04-04 01:47:55 +02007493 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02007494 return 0;
7495
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007496 smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess, &len);
Dragan Dosen9dc47c42020-05-04 09:07:28 +02007497 if (!smp->data.u.str.area || !len)
Emeric Brunfe68f682012-10-16 14:59:28 +02007498 return 0;
7499
Willy Tarreau767e8ad2020-02-25 08:59:23 +01007500 smp->data.u.str.data = len;
Emeric Brunfe68f682012-10-16 14:59:28 +02007501 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02007502}
Patrick Hemmer41966772018-04-28 19:15:48 -04007503#endif
7504
Emeric Brunfe68f682012-10-16 14:59:28 +02007505
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007506#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmere0275472018-04-28 19:15:51 -04007507static int
Patrick Hemmer65674662019-06-04 08:13:03 -04007508smp_fetch_ssl_fc_random(const struct arg *args, struct sample *smp, const char *kw, void *private)
7509{
7510 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7511 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7512 struct buffer *data;
7513 struct ssl_sock_ctx *ctx;
7514
7515 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7516 return 0;
7517 ctx = conn->xprt_ctx;
7518
7519 data = get_trash_chunk();
7520 if (kw[7] == 'c')
7521 data->data = SSL_get_client_random(ctx->ssl,
7522 (unsigned char *) data->area,
7523 data->size);
7524 else
7525 data->data = SSL_get_server_random(ctx->ssl,
7526 (unsigned char *) data->area,
7527 data->size);
7528 if (!data->data)
7529 return 0;
7530
7531 smp->flags = 0;
7532 smp->data.type = SMP_T_BIN;
7533 smp->data.u.str = *data;
7534
7535 return 1;
7536}
7537
7538static int
Patrick Hemmere0275472018-04-28 19:15:51 -04007539smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
7540{
7541 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7542 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
7543 SSL_SESSION *ssl_sess;
Willy Tarreau83061a82018-07-13 11:56:34 +02007544 struct buffer *data;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007545 struct ssl_sock_ctx *ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007546
7547 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7548 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007549 ctx = conn->xprt_ctx;
Patrick Hemmere0275472018-04-28 19:15:51 -04007550
Olivier Houchard66ab4982019-02-26 18:37:15 +01007551 ssl_sess = SSL_get_session(ctx->ssl);
Patrick Hemmere0275472018-04-28 19:15:51 -04007552 if (!ssl_sess)
7553 return 0;
7554
7555 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007556 data->data = SSL_SESSION_get_master_key(ssl_sess,
7557 (unsigned char *) data->area,
7558 data->size);
7559 if (!data->data)
Patrick Hemmere0275472018-04-28 19:15:51 -04007560 return 0;
7561
7562 smp->flags = 0;
7563 smp->data.type = SMP_T_BIN;
7564 smp->data.u.str = *data;
7565
7566 return 1;
7567}
7568#endif
7569
Patrick Hemmer41966772018-04-28 19:15:48 -04007570#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02007571static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007572smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02007573{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007574 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007575 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007576
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01007577 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007578 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02007579
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007580 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007581 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7582 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007583 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007584
Olivier Houchard66ab4982019-02-26 18:37:15 +01007585 smp->data.u.str.area = (char *)SSL_get_servername(ctx->ssl, TLSEXT_NAMETYPE_host_name);
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007586 if (!smp->data.u.str.area)
Willy Tarreau3e394c92012-09-14 23:56:58 +02007587 return 0;
7588
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007589 smp->data.u.str.data = strlen(smp->data.u.str.area);
Willy Tarreau7875d092012-09-10 08:20:03 +02007590 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02007591}
Patrick Hemmer41966772018-04-28 19:15:48 -04007592#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02007593
David Sc1ad52e2014-04-08 18:48:47 -04007594static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007595smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
7596{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007597 struct connection *conn;
7598 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007599 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007600
7601 conn = objt_conn(smp->sess->origin);
7602 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7603 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007604 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007605
Olivier Houchard66ab4982019-02-26 18:37:15 +01007606 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007607 if (!capture)
7608 return 0;
7609
7610 smp->flags = SMP_F_CONST;
7611 smp->data.type = SMP_T_BIN;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007612 smp->data.u.str.area = capture->ciphersuite;
7613 smp->data.u.str.data = capture->ciphersuite_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007614 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007615}
7616
7617static int
7618smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
7619{
Willy Tarreau83061a82018-07-13 11:56:34 +02007620 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007621
7622 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7623 return 0;
7624
7625 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007626 dump_binary(data, smp->data.u.str.area, smp->data.u.str.data);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007627 smp->data.type = SMP_T_BIN;
7628 smp->data.u.str = *data;
7629 return 1;
7630}
7631
7632static int
7633smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
7634{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007635 struct connection *conn;
7636 struct ssl_capture *capture;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007637 struct ssl_sock_ctx *ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007638
7639 conn = objt_conn(smp->sess->origin);
7640 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7641 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007642 ctx = conn->xprt_ctx;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007643
Olivier Houchard66ab4982019-02-26 18:37:15 +01007644 capture = SSL_get_ex_data(ctx->ssl, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007645 if (!capture)
7646 return 0;
7647
7648 smp->data.type = SMP_T_SINT;
7649 smp->data.u.sint = capture->xxh64;
7650 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007651}
7652
7653static int
7654smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7655{
Willy Tarreau5db847a2019-05-09 14:13:35 +02007656#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL)
Willy Tarreau83061a82018-07-13 11:56:34 +02007657 struct buffer *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007658 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007659
7660 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7661 return 0;
7662
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007663 data = get_trash_chunk();
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007664 for (i = 0; i + 1 < smp->data.u.str.data; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007665 const char *str;
7666 const SSL_CIPHER *cipher;
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007667 const unsigned char *bin = (const unsigned char *) smp->data.u.str.area + i;
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007668 uint16_t id = (bin[0] << 8) | bin[1];
7669#if defined(OPENSSL_IS_BORINGSSL)
7670 cipher = SSL_get_cipher_by_value(id);
7671#else
Willy Tarreaub7290772018-10-15 11:01:59 +02007672 struct connection *conn = __objt_conn(smp->sess->origin);
Olivier Houchard66ab4982019-02-26 18:37:15 +01007673 struct ssl_sock_ctx *ctx = conn->xprt_ctx;
7674 cipher = SSL_CIPHER_find(ctx->ssl, bin);
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007675#endif
7676 str = SSL_CIPHER_get_name(cipher);
7677 if (!str || strcmp(str, "(NONE)") == 0)
7678 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007679 else
7680 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7681 }
7682 smp->data.type = SMP_T_STR;
7683 smp->data.u.str = *data;
7684 return 1;
7685#else
7686 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7687#endif
7688}
7689
Willy Tarreau9a1ab082019-05-09 13:26:41 +02007690#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007691static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007692smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007693{
Emeric Bruneb8def92018-02-19 15:59:48 +01007694 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7695 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007696 int finished_len;
Willy Tarreau83061a82018-07-13 11:56:34 +02007697 struct buffer *finished_trash;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007698 struct ssl_sock_ctx *ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007699
7700 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007701 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7702 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007703 ctx = conn->xprt_ctx;
David Sc1ad52e2014-04-08 18:48:47 -04007704
7705 if (!(conn->flags & CO_FL_CONNECTED)) {
7706 smp->flags |= SMP_F_MAY_CHANGE;
7707 return 0;
7708 }
7709
7710 finished_trash = get_trash_chunk();
Olivier Houchard66ab4982019-02-26 18:37:15 +01007711 if (!SSL_session_reused(ctx->ssl))
7712 finished_len = SSL_get_peer_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007713 finished_trash->area,
7714 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007715 else
Olivier Houchard66ab4982019-02-26 18:37:15 +01007716 finished_len = SSL_get_finished(ctx->ssl,
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007717 finished_trash->area,
7718 finished_trash->size);
David Sc1ad52e2014-04-08 18:48:47 -04007719
7720 if (!finished_len)
7721 return 0;
7722
Willy Tarreau843b7cb2018-07-13 10:54:26 +02007723 finished_trash->data = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007724 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007725 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007726
7727 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007728}
Patrick Hemmer41966772018-04-28 19:15:48 -04007729#endif
David Sc1ad52e2014-04-08 18:48:47 -04007730
Emeric Brun2525b6b2012-10-18 15:59:43 +02007731/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007732static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007733smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007734{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007735 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007736 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007737
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007738 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007739 if (!conn || conn->xprt != &ssl_sock)
7740 return 0;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007741 ctx = conn->xprt_ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007742
7743 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007744 smp->flags = SMP_F_MAY_CHANGE;
7745 return 0;
7746 }
7747
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007748 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007749 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007750 smp->flags = 0;
7751
7752 return 1;
7753}
7754
Emeric Brun2525b6b2012-10-18 15:59:43 +02007755/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007756static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007757smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007758{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007759 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007760 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007761
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007762 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007763 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007764 return 0;
7765
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007766 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007767 smp->flags = SMP_F_MAY_CHANGE;
7768 return 0;
7769 }
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007770 ctx = conn->xprt_ctx;
Emeric Brunf282a812012-09-21 15:27:54 +02007771
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007772 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007773 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007774 smp->flags = 0;
7775
7776 return 1;
7777}
7778
Emeric Brun2525b6b2012-10-18 15:59:43 +02007779/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007780static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007781smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007782{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007783 struct connection *conn;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007784 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007785
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007786 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007787 if (!conn || conn->xprt != &ssl_sock)
7788 return 0;
7789
7790 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007791 smp->flags = SMP_F_MAY_CHANGE;
7792 return 0;
7793 }
7794
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007795 ctx = conn->xprt_ctx;
7796
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007797 smp->data.type = SMP_T_SINT;
Olivier Houchard7b5fd1e2019-02-28 18:10:45 +01007798 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(ctx->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007799 smp->flags = 0;
7800
7801 return 1;
7802}
7803
Emeric Brun2525b6b2012-10-18 15:59:43 +02007804/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007805static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007806smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007807{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007808 struct connection *conn;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007809 struct ssl_sock_ctx *ctx;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007810
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007811 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007812 if (!conn || conn->xprt != &ssl_sock)
7813 return 0;
7814
7815 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007816 smp->flags = SMP_F_MAY_CHANGE;
7817 return 0;
7818 }
7819
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007820 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007821 return 0;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007822 ctx = conn->xprt_ctx;
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007823
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007824 smp->data.type = SMP_T_SINT;
Olivier Houchard66ab4982019-02-26 18:37:15 +01007825 smp->data.u.sint = (long long int)SSL_get_verify_result(ctx->ssl);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007826 smp->flags = 0;
7827
7828 return 1;
7829}
7830
Emeric Brunfb510ea2012-10-05 12:00:26 +02007831/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007832static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007833{
7834 if (!*args[cur_arg + 1]) {
7835 if (err)
7836 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7837 return ERR_ALERT | ERR_FATAL;
7838 }
7839
Willy Tarreauef934602016-12-22 23:12:01 +01007840 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7841 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007842 else
7843 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007844
Emeric Brund94b3fe2012-09-20 18:23:56 +02007845 return 0;
7846}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007847static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7848{
7849 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7850}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007851
Christopher Faulet31af49d2015-06-09 17:29:50 +02007852/* parse the "ca-sign-file" bind keyword */
7853static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7854{
7855 if (!*args[cur_arg + 1]) {
7856 if (err)
7857 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7858 return ERR_ALERT | ERR_FATAL;
7859 }
7860
Willy Tarreauef934602016-12-22 23:12:01 +01007861 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7862 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007863 else
7864 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7865
7866 return 0;
7867}
7868
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007869/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007870static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7871{
7872 if (!*args[cur_arg + 1]) {
7873 if (err)
7874 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7875 return ERR_ALERT | ERR_FATAL;
7876 }
7877 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7878 return 0;
7879}
7880
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007881/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007882static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007883{
7884 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007885 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007886 return ERR_ALERT | ERR_FATAL;
7887 }
7888
Emeric Brun76d88952012-10-05 15:47:31 +02007889 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007890 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007891 return 0;
7892}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007893static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7894{
7895 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7896}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007897
Emmanuel Hocdet839af572019-05-14 16:27:35 +02007898#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02007899/* parse the "ciphersuites" bind keyword */
7900static int ssl_bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7901{
7902 if (!*args[cur_arg + 1]) {
7903 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
7904 return ERR_ALERT | ERR_FATAL;
7905 }
7906
7907 free(conf->ciphersuites);
7908 conf->ciphersuites = strdup(args[cur_arg + 1]);
7909 return 0;
7910}
7911static int bind_parse_ciphersuites(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7912{
7913 return ssl_bind_parse_ciphersuites(args, cur_arg, px, &conf->ssl_conf, err);
7914}
7915#endif
7916
Willy Tarreaub131c872019-10-16 16:42:19 +02007917/* parse the "crt" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007918static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007919{
Willy Tarreau38011032013-08-13 16:59:39 +02007920 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007921
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007922 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007923 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007924 return ERR_ALERT | ERR_FATAL;
7925 }
7926
Willy Tarreauef934602016-12-22 23:12:01 +01007927 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7928 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007929 memprintf(err, "'%s' : path too long", args[cur_arg]);
7930 return ERR_ALERT | ERR_FATAL;
7931 }
Willy Tarreauef934602016-12-22 23:12:01 +01007932 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreaub131c872019-10-16 16:42:19 +02007933 return ssl_sock_load_cert(path, conf, err);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007934 }
7935
Willy Tarreaub131c872019-10-16 16:42:19 +02007936 return ssl_sock_load_cert(args[cur_arg + 1], conf, err);
Emeric Brund94b3fe2012-09-20 18:23:56 +02007937}
7938
Willy Tarreaub131c872019-10-16 16:42:19 +02007939/* parse the "crt-list" bind keyword. Returns a set of ERR_* flags possibly with an error in <err>. */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007940static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7941{
Willy Tarreaub131c872019-10-16 16:42:19 +02007942 int err_code;
7943
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007944 if (!*args[cur_arg + 1]) {
7945 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7946 return ERR_ALERT | ERR_FATAL;
7947 }
7948
Willy Tarreaub131c872019-10-16 16:42:19 +02007949 err_code = ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err);
7950 if (err_code)
Willy Tarreauad1731d2013-04-02 17:35:58 +02007951 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007952
Willy Tarreaub131c872019-10-16 16:42:19 +02007953 return err_code;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007954}
7955
Emeric Brunfb510ea2012-10-05 12:00:26 +02007956/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007957static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007958{
Emeric Brun051cdab2012-10-02 19:25:50 +02007959#ifndef X509_V_FLAG_CRL_CHECK
7960 if (err)
7961 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7962 return ERR_ALERT | ERR_FATAL;
7963#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007964 if (!*args[cur_arg + 1]) {
7965 if (err)
7966 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7967 return ERR_ALERT | ERR_FATAL;
7968 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007969
Willy Tarreauef934602016-12-22 23:12:01 +01007970 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7971 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007972 else
7973 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007974
Emeric Brun2b58d042012-09-20 17:10:03 +02007975 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007976#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007977}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007978static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7979{
7980 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7981}
Emeric Brun2b58d042012-09-20 17:10:03 +02007982
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007983/* parse the "curves" bind keyword keyword */
7984static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7985{
Lukas Tribusd13e9252019-11-24 18:20:40 +01007986#if ((HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL) || defined(LIBRESSL_VERSION_NUMBER))
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007987 if (!*args[cur_arg + 1]) {
7988 if (err)
7989 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7990 return ERR_ALERT | ERR_FATAL;
7991 }
7992 conf->curves = strdup(args[cur_arg + 1]);
7993 return 0;
7994#else
7995 if (err)
7996 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7997 return ERR_ALERT | ERR_FATAL;
7998#endif
7999}
8000static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8001{
8002 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
8003}
8004
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008005/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008006static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02008007{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008008#if HA_OPENSSL_VERSION_NUMBER < 0x0090800fL
Emeric Brun2b58d042012-09-20 17:10:03 +02008009 if (err)
8010 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
8011 return ERR_ALERT | ERR_FATAL;
8012#elif defined(OPENSSL_NO_ECDH)
8013 if (err)
8014 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
8015 return ERR_ALERT | ERR_FATAL;
8016#else
8017 if (!*args[cur_arg + 1]) {
8018 if (err)
8019 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
8020 return ERR_ALERT | ERR_FATAL;
8021 }
8022
8023 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008024
8025 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02008026#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008027}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008028static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8029{
8030 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
8031}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008032
Bertrand Jacquinff13c062016-11-13 16:37:11 +00008033/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02008034static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8035{
8036 int code;
8037 char *p = args[cur_arg + 1];
8038 unsigned long long *ignerr = &conf->crt_ignerr;
8039
8040 if (!*p) {
8041 if (err)
8042 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
8043 return ERR_ALERT | ERR_FATAL;
8044 }
8045
8046 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
8047 ignerr = &conf->ca_ignerr;
8048
8049 if (strcmp(p, "all") == 0) {
8050 *ignerr = ~0ULL;
8051 return 0;
8052 }
8053
8054 while (p) {
8055 code = atoi(p);
8056 if ((code <= 0) || (code > 63)) {
8057 if (err)
8058 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
8059 args[cur_arg], code, args[cur_arg + 1]);
8060 return ERR_ALERT | ERR_FATAL;
8061 }
8062 *ignerr |= 1ULL << code;
8063 p = strchr(p, ',');
8064 if (p)
8065 p++;
8066 }
8067
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008068 return 0;
8069}
8070
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008071/* parse tls_method_options "no-xxx" and "force-xxx" */
8072static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008073{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008074 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008075 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008076 p = strchr(arg, '-');
8077 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008078 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008079 p++;
8080 if (!strcmp(p, "sslv3"))
8081 v = CONF_SSLV3;
8082 else if (!strcmp(p, "tlsv10"))
8083 v = CONF_TLSV10;
8084 else if (!strcmp(p, "tlsv11"))
8085 v = CONF_TLSV11;
8086 else if (!strcmp(p, "tlsv12"))
8087 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008088 else if (!strcmp(p, "tlsv13"))
8089 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008090 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008091 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008092 if (!strncmp(arg, "no-", 3))
8093 methods->flags |= methodVersions[v].flag;
8094 else if (!strncmp(arg, "force-", 6))
8095 methods->min = methods->max = v;
8096 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008097 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008098 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008099 fail:
8100 if (err)
8101 memprintf(err, "'%s' : option not implemented", arg);
8102 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02008103}
8104
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008105static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008106{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008107 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008108}
8109
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008110static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008111{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008112 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
8113}
8114
8115/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
8116static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
8117{
8118 uint16_t i, v = 0;
8119 char *argv = args[cur_arg + 1];
8120 if (!*argv) {
8121 if (err)
8122 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
8123 return ERR_ALERT | ERR_FATAL;
8124 }
8125 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8126 if (!strcmp(argv, methodVersions[i].name))
8127 v = i;
8128 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008129 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008130 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008131 return ERR_ALERT | ERR_FATAL;
8132 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008133 if (!strcmp("ssl-min-ver", args[cur_arg]))
8134 methods->min = v;
8135 else if (!strcmp("ssl-max-ver", args[cur_arg]))
8136 methods->max = v;
8137 else {
8138 if (err)
8139 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
8140 return ERR_ALERT | ERR_FATAL;
8141 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008142 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008143}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02008144
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008145static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8146{
Willy Tarreau9a1ab082019-05-09 13:26:41 +02008147#if (HA_OPENSSL_VERSION_NUMBER < 0x10101000L) && !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01008148 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008149#endif
8150 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
8151}
8152
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008153static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8154{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008155 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008156}
8157
8158static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8159{
8160 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
8161}
8162
Emeric Brun2d0c4822012-10-02 13:45:20 +02008163/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008164static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02008165{
Emeric Brun89675492012-10-05 13:48:26 +02008166 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02008167 return 0;
8168}
Emeric Brun2d0c4822012-10-02 13:45:20 +02008169
Olivier Houchardc2aae742017-09-22 18:26:28 +02008170/* parse the "allow-0rtt" bind keyword */
8171static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8172{
8173 conf->early_data = 1;
8174 return 0;
8175}
8176
8177static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8178{
Olivier Houchard9679ac92017-10-27 14:58:08 +02008179 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02008180 return 0;
8181}
8182
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008183/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008184static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008185{
Bernard Spil13c53f82018-02-15 13:34:58 +01008186#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008187 char *p1, *p2;
8188
8189 if (!*args[cur_arg + 1]) {
8190 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
8191 return ERR_ALERT | ERR_FATAL;
8192 }
8193
8194 free(conf->npn_str);
8195
Willy Tarreau3724da12016-02-12 17:11:12 +01008196 /* the NPN string is built as a suite of (<len> <name>)*,
8197 * so we reuse each comma to store the next <len> and need
8198 * one more for the end of the string.
8199 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008200 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01008201 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02008202 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
8203
8204 /* replace commas with the name length */
8205 p1 = conf->npn_str;
8206 p2 = p1 + 1;
8207 while (1) {
8208 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
8209 if (!p2)
8210 p2 = p1 + 1 + strlen(p1 + 1);
8211
8212 if (p2 - (p1 + 1) > 255) {
8213 *p2 = '\0';
8214 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8215 return ERR_ALERT | ERR_FATAL;
8216 }
8217
8218 *p1 = p2 - (p1 + 1);
8219 p1 = p2;
8220
8221 if (!*p2)
8222 break;
8223
8224 *(p2++) = '\0';
8225 }
8226 return 0;
8227#else
8228 if (err)
8229 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
8230 return ERR_ALERT | ERR_FATAL;
8231#endif
8232}
8233
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008234static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8235{
8236 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
8237}
8238
Willy Tarreauab861d32013-04-02 02:30:41 +02008239/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008240static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02008241{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008242#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02008243 char *p1, *p2;
8244
8245 if (!*args[cur_arg + 1]) {
8246 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
8247 return ERR_ALERT | ERR_FATAL;
8248 }
8249
8250 free(conf->alpn_str);
8251
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008252 /* the ALPN string is built as a suite of (<len> <name>)*,
8253 * so we reuse each comma to store the next <len> and need
8254 * one more for the end of the string.
8255 */
Willy Tarreauab861d32013-04-02 02:30:41 +02008256 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01008257 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02008258 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
8259
8260 /* replace commas with the name length */
8261 p1 = conf->alpn_str;
8262 p2 = p1 + 1;
8263 while (1) {
8264 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
8265 if (!p2)
8266 p2 = p1 + 1 + strlen(p1 + 1);
8267
8268 if (p2 - (p1 + 1) > 255) {
8269 *p2 = '\0';
8270 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
8271 return ERR_ALERT | ERR_FATAL;
8272 }
8273
8274 *p1 = p2 - (p1 + 1);
8275 p1 = p2;
8276
8277 if (!*p2)
8278 break;
8279
8280 *(p2++) = '\0';
8281 }
8282 return 0;
8283#else
8284 if (err)
8285 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
8286 return ERR_ALERT | ERR_FATAL;
8287#endif
8288}
8289
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008290static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8291{
8292 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
8293}
8294
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008295/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02008296static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008297{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01008298 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02008299 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02008300
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008301 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
8302 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008303#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008304 if (global_ssl.listen_default_ciphersuites && !conf->ssl_conf.ciphersuites)
8305 conf->ssl_conf.ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
8306#endif
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01008307 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02008308 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
8309 if (!conf->ssl_conf.ssl_methods.min)
8310 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
8311 if (!conf->ssl_conf.ssl_methods.max)
8312 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02008313
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008314 return 0;
8315}
8316
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008317/* parse the "prefer-client-ciphers" bind keyword */
8318static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8319{
8320 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
8321 return 0;
8322}
8323
Christopher Faulet31af49d2015-06-09 17:29:50 +02008324/* parse the "generate-certificates" bind keyword */
8325static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8326{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008327#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02008328 conf->generate_certs = 1;
8329#else
8330 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
8331 err && *err ? *err : "");
8332#endif
8333 return 0;
8334}
8335
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008336/* parse the "strict-sni" bind keyword */
8337static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8338{
8339 conf->strict_sni = 1;
8340 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008341}
8342
8343/* parse the "tls-ticket-keys" bind keyword */
8344static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8345{
8346#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008347 FILE *f = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008348 int i = 0;
8349 char thisline[LINESIZE];
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008350 struct tls_keys_ref *keys_ref = NULL;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008351
8352 if (!*args[cur_arg + 1]) {
8353 if (err)
8354 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008355 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008356 }
8357
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008358 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008359 if (keys_ref) {
8360 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008361 conf->keys_ref = keys_ref;
8362 return 0;
8363 }
8364
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008365 keys_ref = calloc(1, sizeof(*keys_ref));
Emeric Brun09852f72019-01-10 10:51:13 +01008366 if (!keys_ref) {
8367 if (err)
8368 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008369 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008370 }
8371
Emeric Brun9e754772019-01-10 17:51:55 +01008372 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
Emeric Brun09852f72019-01-10 10:51:13 +01008373 if (!keys_ref->tlskeys) {
Emeric Brun09852f72019-01-10 10:51:13 +01008374 if (err)
8375 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008376 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008377 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008378
8379 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
8380 if (err)
8381 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008382 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008383 }
8384
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008385 keys_ref->filename = strdup(args[cur_arg + 1]);
Emeric Brun09852f72019-01-10 10:51:13 +01008386 if (!keys_ref->filename) {
Emeric Brun09852f72019-01-10 10:51:13 +01008387 if (err)
8388 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008389 goto fail;
Emeric Brun09852f72019-01-10 10:51:13 +01008390 }
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008391
Emeric Brun9e754772019-01-10 17:51:55 +01008392 keys_ref->key_size_bits = 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008393 while (fgets(thisline, sizeof(thisline), f) != NULL) {
8394 int len = strlen(thisline);
Emeric Brun9e754772019-01-10 17:51:55 +01008395 int dec_size;
8396
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008397 /* Strip newline characters from the end */
8398 if(thisline[len - 1] == '\n')
8399 thisline[--len] = 0;
8400
8401 if(thisline[len - 1] == '\r')
8402 thisline[--len] = 0;
8403
Emeric Brun9e754772019-01-10 17:51:55 +01008404 dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
8405 if (dec_size < 0) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008406 if (err)
8407 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008408 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008409 }
Emeric Brun9e754772019-01-10 17:51:55 +01008410 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
8411 keys_ref->key_size_bits = 128;
8412 }
8413 else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_256))) {
8414 keys_ref->key_size_bits = 256;
8415 }
8416 else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
8417 || ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
8418 || ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
Emeric Brun9e754772019-01-10 17:51:55 +01008419 if (err)
8420 memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008421 goto fail;
Emeric Brun9e754772019-01-10 17:51:55 +01008422 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008423 i++;
8424 }
8425
8426 if (i < TLS_TICKETS_NO) {
8427 if (err)
8428 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008429 goto fail;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008430 }
8431
8432 fclose(f);
8433
8434 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01008435 i -= 2;
8436 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008437 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02008438 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01008439 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02008440 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008441
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02008442 LIST_ADD(&tlskeys_reference, &keys_ref->list);
8443
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008444 return 0;
Christopher Faulet2bbc80d2019-10-21 09:55:49 +02008445
8446 fail:
8447 if (f)
8448 fclose(f);
8449 if (keys_ref) {
8450 free(keys_ref->filename);
8451 free(keys_ref->tlskeys);
8452 free(keys_ref);
8453 }
8454 return ERR_ALERT | ERR_FATAL;
8455
Nenad Merdanovic05552d42015-02-27 19:56:49 +01008456#else
8457 if (err)
8458 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
8459 return ERR_ALERT | ERR_FATAL;
8460#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01008461}
8462
Emeric Brund94b3fe2012-09-20 18:23:56 +02008463/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008464static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02008465{
8466 if (!*args[cur_arg + 1]) {
8467 if (err)
8468 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
8469 return ERR_ALERT | ERR_FATAL;
8470 }
8471
8472 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008473 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008474 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008475 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008476 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008477 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02008478 else {
8479 if (err)
8480 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
8481 args[cur_arg], args[cur_arg + 1]);
8482 return ERR_ALERT | ERR_FATAL;
8483 }
8484
8485 return 0;
8486}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008487static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8488{
8489 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
8490}
Emeric Brund94b3fe2012-09-20 18:23:56 +02008491
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008492/* parse the "no-ca-names" bind keyword */
8493static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
8494{
8495 conf->no_ca_names = 1;
8496 return 0;
8497}
8498static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
8499{
8500 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
8501}
8502
Willy Tarreau92faadf2012-10-10 23:04:25 +02008503/************** "server" keywords ****************/
8504
Olivier Houchardc7566002018-11-20 23:33:50 +01008505/* parse the "npn" bind keyword */
8506static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8507{
8508#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
8509 char *p1, *p2;
8510
8511 if (!*args[*cur_arg + 1]) {
8512 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[*cur_arg]);
8513 return ERR_ALERT | ERR_FATAL;
8514 }
8515
8516 free(newsrv->ssl_ctx.npn_str);
8517
8518 /* the NPN string is built as a suite of (<len> <name>)*,
8519 * so we reuse each comma to store the next <len> and need
8520 * one more for the end of the string.
8521 */
8522 newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
8523 newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
8524 memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
8525 newsrv->ssl_ctx.npn_len);
8526
8527 /* replace commas with the name length */
8528 p1 = newsrv->ssl_ctx.npn_str;
8529 p2 = p1 + 1;
8530 while (1) {
8531 p2 = memchr(p1 + 1, ',', newsrv->ssl_ctx.npn_str +
8532 newsrv->ssl_ctx.npn_len - (p1 + 1));
8533 if (!p2)
8534 p2 = p1 + 1 + strlen(p1 + 1);
8535
8536 if (p2 - (p1 + 1) > 255) {
8537 *p2 = '\0';
8538 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8539 return ERR_ALERT | ERR_FATAL;
8540 }
8541
8542 *p1 = p2 - (p1 + 1);
8543 p1 = p2;
8544
8545 if (!*p2)
8546 break;
8547
8548 *(p2++) = '\0';
8549 }
8550 return 0;
8551#else
8552 if (err)
8553 memprintf(err, "'%s' : library does not support TLS NPN extension", args[*cur_arg]);
8554 return ERR_ALERT | ERR_FATAL;
8555#endif
8556}
8557
Olivier Houchard92150142018-12-21 19:47:01 +01008558/* parse the "alpn" or the "check-alpn" server keyword */
Olivier Houchardc7566002018-11-20 23:33:50 +01008559static int srv_parse_alpn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8560{
8561#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
8562 char *p1, *p2;
Olivier Houchard92150142018-12-21 19:47:01 +01008563 char **alpn_str;
8564 int *alpn_len;
Olivier Houchardc7566002018-11-20 23:33:50 +01008565
Olivier Houchard92150142018-12-21 19:47:01 +01008566 if (*args[*cur_arg] == 'c') {
8567 alpn_str = &newsrv->check.alpn_str;
8568 alpn_len = &newsrv->check.alpn_len;
8569 } else {
8570 alpn_str = &newsrv->ssl_ctx.alpn_str;
8571 alpn_len = &newsrv->ssl_ctx.alpn_len;
8572
8573 }
Olivier Houchardc7566002018-11-20 23:33:50 +01008574 if (!*args[*cur_arg + 1]) {
8575 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[*cur_arg]);
8576 return ERR_ALERT | ERR_FATAL;
8577 }
8578
Olivier Houchard92150142018-12-21 19:47:01 +01008579 free(*alpn_str);
Olivier Houchardc7566002018-11-20 23:33:50 +01008580
8581 /* the ALPN string is built as a suite of (<len> <name>)*,
8582 * so we reuse each comma to store the next <len> and need
8583 * one more for the end of the string.
8584 */
Olivier Houchard92150142018-12-21 19:47:01 +01008585 *alpn_len = strlen(args[*cur_arg + 1]) + 1;
8586 *alpn_str = calloc(1, *alpn_len + 1);
8587 memcpy(*alpn_str + 1, args[*cur_arg + 1], *alpn_len);
Olivier Houchardc7566002018-11-20 23:33:50 +01008588
8589 /* replace commas with the name length */
Olivier Houchard92150142018-12-21 19:47:01 +01008590 p1 = *alpn_str;
Olivier Houchardc7566002018-11-20 23:33:50 +01008591 p2 = p1 + 1;
8592 while (1) {
Olivier Houchard92150142018-12-21 19:47:01 +01008593 p2 = memchr(p1 + 1, ',', *alpn_str + *alpn_len - (p1 + 1));
Olivier Houchardc7566002018-11-20 23:33:50 +01008594 if (!p2)
8595 p2 = p1 + 1 + strlen(p1 + 1);
8596
8597 if (p2 - (p1 + 1) > 255) {
8598 *p2 = '\0';
8599 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[*cur_arg], p1 + 1);
8600 return ERR_ALERT | ERR_FATAL;
8601 }
8602
8603 *p1 = p2 - (p1 + 1);
8604 p1 = p2;
8605
8606 if (!*p2)
8607 break;
8608
8609 *(p2++) = '\0';
8610 }
8611 return 0;
8612#else
8613 if (err)
8614 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[*cur_arg]);
8615 return ERR_ALERT | ERR_FATAL;
8616#endif
8617}
8618
Emeric Brunef42d922012-10-11 16:11:36 +02008619/* parse the "ca-file" server keyword */
8620static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8621{
8622 if (!*args[*cur_arg + 1]) {
8623 if (err)
8624 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
8625 return ERR_ALERT | ERR_FATAL;
8626 }
8627
Willy Tarreauef934602016-12-22 23:12:01 +01008628 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8629 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008630 else
8631 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
8632
8633 return 0;
8634}
8635
Olivier Houchard9130a962017-10-17 17:33:43 +02008636/* parse the "check-sni" server keyword */
8637static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8638{
8639 if (!*args[*cur_arg + 1]) {
8640 if (err)
8641 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
8642 return ERR_ALERT | ERR_FATAL;
8643 }
8644
8645 newsrv->check.sni = strdup(args[*cur_arg + 1]);
8646 if (!newsrv->check.sni) {
8647 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
8648 return ERR_ALERT | ERR_FATAL;
8649 }
8650 return 0;
8651
8652}
8653
Willy Tarreau92faadf2012-10-10 23:04:25 +02008654/* parse the "check-ssl" server keyword */
8655static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8656{
8657 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008658 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8659 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008660#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008661 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8662 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8663#endif
Willy Tarreauef934602016-12-22 23:12:01 +01008664 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008665 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8666 if (!newsrv->ssl_ctx.methods.min)
8667 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8668 if (!newsrv->ssl_ctx.methods.max)
8669 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8670
Willy Tarreau92faadf2012-10-10 23:04:25 +02008671 return 0;
8672}
8673
8674/* parse the "ciphers" server keyword */
8675static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8676{
8677 if (!*args[*cur_arg + 1]) {
8678 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8679 return ERR_ALERT | ERR_FATAL;
8680 }
8681
8682 free(newsrv->ssl_ctx.ciphers);
8683 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
8684 return 0;
8685}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008686
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008687#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008688/* parse the "ciphersuites" server keyword */
8689static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8690{
8691 if (!*args[*cur_arg + 1]) {
8692 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
8693 return ERR_ALERT | ERR_FATAL;
8694 }
8695
8696 free(newsrv->ssl_ctx.ciphersuites);
8697 newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
8698 return 0;
8699}
8700#endif
Willy Tarreau92faadf2012-10-10 23:04:25 +02008701
Emeric Brunef42d922012-10-11 16:11:36 +02008702/* parse the "crl-file" server keyword */
8703static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8704{
8705#ifndef X509_V_FLAG_CRL_CHECK
8706 if (err)
8707 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
8708 return ERR_ALERT | ERR_FATAL;
8709#else
8710 if (!*args[*cur_arg + 1]) {
8711 if (err)
8712 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
8713 return ERR_ALERT | ERR_FATAL;
8714 }
8715
Willy Tarreauef934602016-12-22 23:12:01 +01008716 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
8717 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02008718 else
8719 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
8720
8721 return 0;
8722#endif
8723}
8724
Emeric Bruna7aa3092012-10-26 12:58:00 +02008725/* parse the "crt" server keyword */
8726static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8727{
8728 if (!*args[*cur_arg + 1]) {
8729 if (err)
8730 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
8731 return ERR_ALERT | ERR_FATAL;
8732 }
8733
Willy Tarreauef934602016-12-22 23:12:01 +01008734 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01008735 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02008736 else
8737 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
8738
8739 return 0;
8740}
Emeric Brunef42d922012-10-11 16:11:36 +02008741
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008742/* parse the "no-check-ssl" server keyword */
8743static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8744{
Christopher Faulet68d35ae2020-03-27 18:55:49 +01008745 newsrv->check.use_ssl = -1;
Frédéric Lécaille340ae602017-03-13 10:38:04 +01008746 free(newsrv->ssl_ctx.ciphers);
8747 newsrv->ssl_ctx.ciphers = NULL;
8748 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
8749 return 0;
8750}
8751
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01008752/* parse the "no-send-proxy-v2-ssl" server keyword */
8753static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8754{
8755 newsrv->pp_opts &= ~SRV_PP_V2;
8756 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8757 return 0;
8758}
8759
8760/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
8761static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8762{
8763 newsrv->pp_opts &= ~SRV_PP_V2;
8764 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
8765 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
8766 return 0;
8767}
8768
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008769/* parse the "no-ssl" server keyword */
8770static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8771{
Christopher Faulet68d35ae2020-03-27 18:55:49 +01008772 newsrv->use_ssl = -1;
Frédéric Lécaillee381d762017-03-13 11:54:17 +01008773 free(newsrv->ssl_ctx.ciphers);
8774 newsrv->ssl_ctx.ciphers = NULL;
8775 return 0;
8776}
8777
Olivier Houchard522eea72017-11-03 16:27:47 +01008778/* parse the "allow-0rtt" server keyword */
8779static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8780{
8781 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
8782 return 0;
8783}
8784
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01008785/* parse the "no-ssl-reuse" server keyword */
8786static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8787{
8788 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
8789 return 0;
8790}
8791
Emeric Brunf9c5c472012-10-11 15:28:34 +02008792/* parse the "no-tls-tickets" server keyword */
8793static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8794{
8795 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
8796 return 0;
8797}
David Safb76832014-05-08 23:42:08 -04008798/* parse the "send-proxy-v2-ssl" server keyword */
8799static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8800{
8801 newsrv->pp_opts |= SRV_PP_V2;
8802 newsrv->pp_opts |= SRV_PP_V2_SSL;
8803 return 0;
8804}
8805
8806/* parse the "send-proxy-v2-ssl-cn" server keyword */
8807static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8808{
8809 newsrv->pp_opts |= SRV_PP_V2;
8810 newsrv->pp_opts |= SRV_PP_V2_SSL;
8811 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
8812 return 0;
8813}
Emeric Brunf9c5c472012-10-11 15:28:34 +02008814
Willy Tarreau732eac42015-07-09 11:40:25 +02008815/* parse the "sni" server keyword */
8816static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8817{
8818#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
8819 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
8820 return ERR_ALERT | ERR_FATAL;
8821#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008822 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02008823
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008824 arg = args[*cur_arg + 1];
8825 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02008826 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
8827 return ERR_ALERT | ERR_FATAL;
8828 }
8829
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01008830 free(newsrv->sni_expr);
8831 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02008832
Willy Tarreau732eac42015-07-09 11:40:25 +02008833 return 0;
8834#endif
8835}
8836
Willy Tarreau92faadf2012-10-10 23:04:25 +02008837/* parse the "ssl" server keyword */
8838static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8839{
8840 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01008841 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
8842 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +02008843#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02008844 if (global_ssl.connect_default_ciphersuites && !newsrv->ssl_ctx.ciphersuites)
8845 newsrv->ssl_ctx.ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
8846#endif
Jerome Magnin770bc8a2020-04-22 11:40:18 +02008847 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
8848 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
8849
8850 if (!newsrv->ssl_ctx.methods.min)
8851 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
8852
8853 if (!newsrv->ssl_ctx.methods.max)
8854 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
8855
8856
Willy Tarreau92faadf2012-10-10 23:04:25 +02008857 return 0;
8858}
8859
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008860/* parse the "ssl-reuse" server keyword */
8861static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8862{
8863 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
8864 return 0;
8865}
8866
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01008867/* parse the "tls-tickets" server keyword */
8868static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8869{
8870 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
8871 return 0;
8872}
8873
Emeric Brunef42d922012-10-11 16:11:36 +02008874/* parse the "verify" server keyword */
8875static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8876{
8877 if (!*args[*cur_arg + 1]) {
8878 if (err)
8879 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8880 return ERR_ALERT | ERR_FATAL;
8881 }
8882
8883 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008884 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008885 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008886 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008887 else {
8888 if (err)
8889 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8890 args[*cur_arg], args[*cur_arg + 1]);
8891 return ERR_ALERT | ERR_FATAL;
8892 }
8893
Evan Broderbe554312013-06-27 00:05:25 -07008894 return 0;
8895}
8896
8897/* parse the "verifyhost" server keyword */
8898static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8899{
8900 if (!*args[*cur_arg + 1]) {
8901 if (err)
8902 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8903 return ERR_ALERT | ERR_FATAL;
8904 }
8905
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008906 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008907 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8908
Emeric Brunef42d922012-10-11 16:11:36 +02008909 return 0;
8910}
8911
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008912/* parse the "ssl-default-bind-options" keyword in global section */
8913static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8914 struct proxy *defpx, const char *file, int line,
8915 char **err) {
8916 int i = 1;
8917
8918 if (*(args[i]) == 0) {
8919 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8920 return -1;
8921 }
8922 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008923 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008924 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008925 else if (!strcmp(args[i], "prefer-client-ciphers"))
8926 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008927 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8928 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8929 i++;
8930 else {
8931 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8932 return -1;
8933 }
8934 }
8935 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008936 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8937 return -1;
8938 }
8939 i++;
8940 }
8941 return 0;
8942}
8943
8944/* parse the "ssl-default-server-options" keyword in global section */
8945static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8946 struct proxy *defpx, const char *file, int line,
8947 char **err) {
8948 int i = 1;
8949
8950 if (*(args[i]) == 0) {
8951 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8952 return -1;
8953 }
8954 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008955 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008956 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008957 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8958 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8959 i++;
8960 else {
8961 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8962 return -1;
8963 }
8964 }
8965 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008966 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8967 return -1;
8968 }
8969 i++;
8970 }
8971 return 0;
8972}
8973
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008974/* parse the "ca-base" / "crt-base" keywords in global section.
8975 * Returns <0 on alert, >0 on warning, 0 on success.
8976 */
8977static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8978 struct proxy *defpx, const char *file, int line,
8979 char **err)
8980{
8981 char **target;
8982
Willy Tarreauef934602016-12-22 23:12:01 +01008983 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008984
8985 if (too_many_args(1, args, err, NULL))
8986 return -1;
8987
8988 if (*target) {
8989 memprintf(err, "'%s' already specified.", args[0]);
8990 return -1;
8991 }
8992
8993 if (*(args[1]) == 0) {
8994 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8995 return -1;
8996 }
8997 *target = strdup(args[1]);
8998 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008999}
9000
9001/* parse the "ssl-mode-async" keyword in global section.
9002 * Returns <0 on alert, >0 on warning, 0 on success.
9003 */
9004static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
9005 struct proxy *defpx, const char *file, int line,
9006 char **err)
9007{
Willy Tarreau5db847a2019-05-09 14:13:35 +02009008#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009009 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01009010 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009011 return 0;
9012#else
9013 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
9014 return -1;
9015#endif
9016}
9017
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009018#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009019static int ssl_check_async_engine_count(void) {
9020 int err_code = 0;
9021
Emeric Brun3854e012017-05-17 20:42:48 +02009022 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01009023 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00009024 err_code = ERR_ABORT;
9025 }
9026 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01009027}
9028
Grant Zhang872f9c22017-01-21 01:10:18 +00009029/* parse the "ssl-engine" keyword in global section.
9030 * Returns <0 on alert, >0 on warning, 0 on success.
9031 */
9032static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
9033 struct proxy *defpx, const char *file, int line,
9034 char **err)
9035{
9036 char *algo;
9037 int ret = -1;
9038
9039 if (*(args[1]) == 0) {
9040 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
9041 return ret;
9042 }
9043
9044 if (*(args[2]) == 0) {
9045 /* if no list of algorithms is given, it defaults to ALL */
9046 algo = strdup("ALL");
9047 goto add_engine;
9048 }
9049
9050 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
9051 if (strcmp(args[2], "algo") != 0) {
9052 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
9053 return ret;
9054 }
9055
9056 if (*(args[3]) == 0) {
9057 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
9058 return ret;
9059 }
9060 algo = strdup(args[3]);
9061
9062add_engine:
9063 if (ssl_init_single_engine(args[1], algo)==0) {
9064 openssl_engines_initialized++;
9065 ret = 0;
9066 }
9067 free(algo);
9068 return ret;
9069}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009070#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00009071
Willy Tarreauf22e9682016-12-21 23:23:19 +01009072/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
9073 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9074 */
9075static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
9076 struct proxy *defpx, const char *file, int line,
9077 char **err)
9078{
9079 char **target;
9080
Willy Tarreauef934602016-12-22 23:12:01 +01009081 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01009082
9083 if (too_many_args(1, args, err, NULL))
9084 return -1;
9085
9086 if (*(args[1]) == 0) {
9087 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9088 return -1;
9089 }
9090
9091 free(*target);
9092 *target = strdup(args[1]);
9093 return 0;
9094}
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009095
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009096#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009097/* parse the "ssl-default-bind-ciphersuites" / "ssl-default-server-ciphersuites" keywords
9098 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
9099 */
9100static int ssl_parse_global_ciphersuites(char **args, int section_type, struct proxy *curpx,
9101 struct proxy *defpx, const char *file, int line,
9102 char **err)
9103{
9104 char **target;
9105
9106 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphersuites : &global_ssl.connect_default_ciphersuites;
9107
9108 if (too_many_args(1, args, err, NULL))
9109 return -1;
9110
9111 if (*(args[1]) == 0) {
9112 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
9113 return -1;
9114 }
9115
9116 free(*target);
9117 *target = strdup(args[1]);
9118 return 0;
9119}
9120#endif
Willy Tarreauf22e9682016-12-21 23:23:19 +01009121
Willy Tarreau9ceda382016-12-21 23:13:03 +01009122/* parse various global tune.ssl settings consisting in positive integers.
9123 * Returns <0 on alert, >0 on warning, 0 on success.
9124 */
9125static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
9126 struct proxy *defpx, const char *file, int line,
9127 char **err)
9128{
9129 int *target;
9130
9131 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
9132 target = &global.tune.sslcachesize;
9133 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009134 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009135 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01009136 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01009137 else if (strcmp(args[0], "maxsslconn") == 0)
9138 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009139 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
9140 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009141 else {
9142 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
9143 return -1;
9144 }
9145
9146 if (too_many_args(1, args, err, NULL))
9147 return -1;
9148
9149 if (*(args[1]) == 0) {
9150 memprintf(err, "'%s' expects an integer argument.", args[0]);
9151 return -1;
9152 }
9153
9154 *target = atoi(args[1]);
9155 if (*target < 0) {
9156 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
9157 return -1;
9158 }
9159 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009160}
9161
9162static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
9163 struct proxy *defpx, const char *file, int line,
9164 char **err)
9165{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009166 int ret;
9167
9168 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
9169 if (ret != 0)
9170 return ret;
9171
Willy Tarreaubafbe012017-11-24 17:34:44 +01009172 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009173 memprintf(err, "'%s' is already configured.", args[0]);
9174 return -1;
9175 }
9176
Willy Tarreaubafbe012017-11-24 17:34:44 +01009177 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
9178 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009179 memprintf(err, "Out of memory error.");
9180 return -1;
9181 }
9182 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009183}
9184
9185/* parse "ssl.force-private-cache".
9186 * Returns <0 on alert, >0 on warning, 0 on success.
9187 */
9188static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
9189 struct proxy *defpx, const char *file, int line,
9190 char **err)
9191{
9192 if (too_many_args(0, args, err, NULL))
9193 return -1;
9194
Willy Tarreauef934602016-12-22 23:12:01 +01009195 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01009196 return 0;
9197}
9198
9199/* parse "ssl.lifetime".
9200 * Returns <0 on alert, >0 on warning, 0 on success.
9201 */
9202static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
9203 struct proxy *defpx, const char *file, int line,
9204 char **err)
9205{
9206 const char *res;
9207
9208 if (too_many_args(1, args, err, NULL))
9209 return -1;
9210
9211 if (*(args[1]) == 0) {
9212 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
9213 return -1;
9214 }
9215
Willy Tarreauef934602016-12-22 23:12:01 +01009216 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9faebe32019-06-07 19:00:37 +02009217 if (res == PARSE_TIME_OVER) {
9218 memprintf(err, "timer overflow in argument '%s' to <%s> (maximum value is 2147483647 s or ~68 years).",
9219 args[1], args[0]);
9220 return -1;
9221 }
9222 else if (res == PARSE_TIME_UNDER) {
9223 memprintf(err, "timer underflow in argument '%s' to <%s> (minimum non-null value is 1 s).",
9224 args[1], args[0]);
9225 return -1;
9226 }
9227 else if (res) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009228 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
9229 return -1;
9230 }
9231 return 0;
9232}
9233
9234#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01009235/* parse "ssl-dh-param-file".
9236 * Returns <0 on alert, >0 on warning, 0 on success.
9237 */
9238static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
9239 struct proxy *defpx, const char *file, int line,
9240 char **err)
9241{
9242 if (too_many_args(1, args, err, NULL))
9243 return -1;
9244
9245 if (*(args[1]) == 0) {
9246 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
9247 return -1;
9248 }
9249
9250 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
9251 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
9252 return -1;
9253 }
9254 return 0;
9255}
9256
Willy Tarreau9ceda382016-12-21 23:13:03 +01009257/* parse "ssl.default-dh-param".
9258 * Returns <0 on alert, >0 on warning, 0 on success.
9259 */
9260static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
9261 struct proxy *defpx, const char *file, int line,
9262 char **err)
9263{
9264 if (too_many_args(1, args, err, NULL))
9265 return -1;
9266
9267 if (*(args[1]) == 0) {
9268 memprintf(err, "'%s' expects an integer argument.", args[0]);
9269 return -1;
9270 }
9271
Willy Tarreauef934602016-12-22 23:12:01 +01009272 global_ssl.default_dh_param = atoi(args[1]);
9273 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01009274 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
9275 return -1;
9276 }
9277 return 0;
9278}
9279#endif
9280
9281
William Lallemand32af2032016-10-29 18:09:35 +02009282/* This function is used with TLS ticket keys management. It permits to browse
9283 * each reference. The variable <getnext> must contain the current node,
9284 * <end> point to the root node.
9285 */
9286#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9287static inline
9288struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
9289{
9290 struct tls_keys_ref *ref = getnext;
9291
9292 while (1) {
9293
9294 /* Get next list entry. */
9295 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
9296
9297 /* If the entry is the last of the list, return NULL. */
9298 if (&ref->list == end)
9299 return NULL;
9300
9301 return ref;
9302 }
9303}
9304
9305static inline
9306struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
9307{
9308 int id;
9309 char *error;
9310
9311 /* If the reference starts by a '#', this is numeric id. */
9312 if (reference[0] == '#') {
9313 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
9314 id = strtol(reference + 1, &error, 10);
9315 if (*error != '\0')
9316 return NULL;
9317
9318 /* Perform the unique id lookup. */
9319 return tlskeys_ref_lookupid(id);
9320 }
9321
9322 /* Perform the string lookup. */
9323 return tlskeys_ref_lookup(reference);
9324}
9325#endif
9326
9327
9328#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9329
9330static int cli_io_handler_tlskeys_files(struct appctx *appctx);
9331
9332static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
9333 return cli_io_handler_tlskeys_files(appctx);
9334}
9335
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009336/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
9337 * (next index to be dumped), and cli.p0 (next key reference).
9338 */
William Lallemand32af2032016-10-29 18:09:35 +02009339static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
9340
9341 struct stream_interface *si = appctx->owner;
9342
9343 switch (appctx->st2) {
9344 case STAT_ST_INIT:
9345 /* Display the column headers. If the message cannot be sent,
Joseph Herlant017b3da2018-11-15 09:07:59 -08009346 * quit the function with returning 0. The function is called
William Lallemand32af2032016-10-29 18:09:35 +02009347 * later and restart at the state "STAT_ST_INIT".
9348 */
9349 chunk_reset(&trash);
9350
9351 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
9352 chunk_appendf(&trash, "# id secret\n");
9353 else
9354 chunk_appendf(&trash, "# id (file)\n");
9355
Willy Tarreau06d80a92017-10-19 14:32:15 +02009356 if (ci_putchk(si_ic(si), &trash) == -1) {
Willy Tarreaudb398432018-11-15 11:08:52 +01009357 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009358 return 0;
9359 }
9360
William Lallemand32af2032016-10-29 18:09:35 +02009361 /* Now, we start the browsing of the references lists.
9362 * Note that the following call to LIST_ELEM return bad pointer. The only
9363 * available field of this pointer is <list>. It is used with the function
9364 * tlskeys_list_get_next() for retruning the first available entry
9365 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009366 if (appctx->ctx.cli.p0 == NULL) {
9367 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
9368 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009369 }
9370
9371 appctx->st2 = STAT_ST_LIST;
9372 /* fall through */
9373
9374 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009375 while (appctx->ctx.cli.p0) {
9376 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02009377
9378 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009379 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02009380 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009381
9382 if (appctx->ctx.cli.i1 == 0)
9383 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
9384
William Lallemand32af2032016-10-29 18:09:35 +02009385 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01009386 int head;
9387
9388 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
9389 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009390 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
Willy Tarreau83061a82018-07-13 11:56:34 +02009391 struct buffer *t2 = get_trash_chunk();
William Lallemand32af2032016-10-29 18:09:35 +02009392
9393 chunk_reset(t2);
9394 /* should never fail here because we dump only a key in the t2 buffer */
Emeric Brun9e754772019-01-10 17:51:55 +01009395 if (ref->key_size_bits == 128) {
9396 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9397 sizeof(struct tls_sess_key_128),
9398 t2->area, t2->size);
9399 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9400 t2->area);
9401 }
9402 else if (ref->key_size_bits == 256) {
9403 t2->data = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
9404 sizeof(struct tls_sess_key_256),
9405 t2->area, t2->size);
9406 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1,
9407 t2->area);
9408 }
9409 else {
9410 /* This case should never happen */
9411 chunk_appendf(&trash, "%d.%d <unknown>\n", ref->unique_id, appctx->ctx.cli.i1);
9412 }
William Lallemand32af2032016-10-29 18:09:35 +02009413
Willy Tarreau06d80a92017-10-19 14:32:15 +02009414 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009415 /* let's try again later from this stream. We add ourselves into
9416 * this stream's users so that it can remove us upon termination.
9417 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01009418 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreaudb398432018-11-15 11:08:52 +01009419 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009420 return 0;
9421 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009422 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02009423 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01009424 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009425 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009426 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02009427 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02009428 /* let's try again later from this stream. We add ourselves into
9429 * this stream's users so that it can remove us upon termination.
9430 */
Willy Tarreaudb398432018-11-15 11:08:52 +01009431 si_rx_room_blk(si);
William Lallemand32af2032016-10-29 18:09:35 +02009432 return 0;
9433 }
9434
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009435 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02009436 break;
9437
9438 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009439 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02009440 }
9441
9442 appctx->st2 = STAT_ST_FIN;
9443 /* fall through */
9444
9445 default:
9446 appctx->st2 = STAT_ST_FIN;
9447 return 1;
9448 }
9449 return 0;
9450}
9451
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009452/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009453static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009454{
William Lallemand32af2032016-10-29 18:09:35 +02009455 /* no parameter, shows only file list */
9456 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009457 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009458 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009459 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009460 }
9461
9462 if (args[2][0] == '*') {
9463 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009464 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02009465 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009466 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
9467 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009468 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009469 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009470 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009471 return 1;
9472 }
9473 }
William Lallemand32af2032016-10-29 18:09:35 +02009474 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01009475 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009476}
9477
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009478static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009479{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009480 struct tls_keys_ref *ref;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009481 int ret;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009482
William Lallemand32af2032016-10-29 18:09:35 +02009483 /* Expect two parameters: the filename and the new new TLS key in encoding */
9484 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009485 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009486 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009487 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009488 return 1;
9489 }
9490
Willy Tarreauf5f26e82016-12-16 18:47:27 +01009491 ref = tlskeys_ref_lookup_ref(args[3]);
9492 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009493 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009494 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009495 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009496 return 1;
9497 }
9498
Willy Tarreau1c913e42018-08-22 05:26:57 +02009499 ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
Emeric Brun9e754772019-01-10 17:51:55 +01009500 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009501 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009502 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009503 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009504 return 1;
9505 }
Emeric Brun9e754772019-01-10 17:51:55 +01009506
Willy Tarreau1c913e42018-08-22 05:26:57 +02009507 trash.data = ret;
Emeric Brun9e754772019-01-10 17:51:55 +01009508 if (ssl_sock_update_tlskey_ref(ref, &trash) < 0) {
9509 appctx->ctx.cli.severity = LOG_ERR;
9510 appctx->ctx.cli.msg = "'set ssl tls-key' received a key of wrong size.\n";
9511 appctx->st0 = CLI_ST_PRINT;
9512 return 1;
9513 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009514 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009515 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009516 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009517 return 1;
9518
9519}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009520#endif
William Lallemand32af2032016-10-29 18:09:35 +02009521
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02009522static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02009523{
9524#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
9525 char *err = NULL;
Willy Tarreau1c913e42018-08-22 05:26:57 +02009526 int i, j, ret;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009527
9528 if (!payload)
9529 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02009530
9531 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009532 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009533 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009534 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009535 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009536 return 1;
9537 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02009538
9539 /* remove \r and \n from the payload */
9540 for (i = 0, j = 0; payload[i]; i++) {
9541 if (payload[i] == '\r' || payload[i] == '\n')
9542 continue;
9543 payload[j++] = payload[i];
9544 }
9545 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02009546
Willy Tarreau1c913e42018-08-22 05:26:57 +02009547 ret = base64dec(payload, j, trash.area, trash.size);
9548 if (ret < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009549 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009550 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009551 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009552 return 1;
9553 }
9554
Willy Tarreau1c913e42018-08-22 05:26:57 +02009555 trash.data = ret;
William Lallemand32af2032016-10-29 18:09:35 +02009556 if (ssl_sock_update_ocsp_response(&trash, &err)) {
9557 if (err) {
9558 memprintf(&err, "%s.\n", err);
9559 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009560 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02009561 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02009562 else {
9563 appctx->ctx.cli.severity = LOG_ERR;
9564 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
9565 appctx->st0 = CLI_ST_PRINT;
9566 }
William Lallemand32af2032016-10-29 18:09:35 +02009567 return 1;
9568 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009569 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01009570 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009571 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009572 return 1;
9573#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02009574 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02009575 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01009576 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02009577 return 1;
9578#endif
9579
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009580}
9581
Willy Tarreau86a394e2019-05-09 14:15:32 +02009582#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Dragan Dosene06e0642021-02-22 10:03:53 +01009583/* This function returns a sample struct filled with an <arg> content.
9584 * If the <arg> contains a string, it is returned in the sample flagged as
9585 * SMP_F_CONST. If the <arg> contains a variable descriptor, the sample is
9586 * filled with the content of the variable by using vars_get_by_desc().
9587 *
9588 * Keep in mind that the sample content may be written to a pre-allocated
9589 * trash chunk as returned by get_trash_chunk().
9590 *
9591 * This function returns 0 if an error occurs, otherwise it returns 1.
9592 */
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009593static inline int sample_conv_var2smp_str(const struct arg *arg, struct sample *smp)
9594{
9595 switch (arg->type) {
9596 case ARGT_STR:
9597 smp->data.type = SMP_T_STR;
9598 smp->data.u.str = arg->data.str;
Dragan Dosene06e0642021-02-22 10:03:53 +01009599 smp->flags = SMP_F_CONST;
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009600 return 1;
9601 case ARGT_VAR:
9602 if (!vars_get_by_desc(&arg->data.var, smp))
9603 return 0;
9604 if (!sample_casts[smp->data.type][SMP_T_STR])
9605 return 0;
9606 if (!sample_casts[smp->data.type][SMP_T_STR](smp))
9607 return 0;
9608 return 1;
9609 default:
9610 return 0;
9611 }
9612}
9613
Dragan Dosene06e0642021-02-22 10:03:53 +01009614/* This function checks an <arg> and fills it with a variable type if the
9615 * <arg> string contains a valid variable name. If failed, the function
9616 * tries to perform a base64 decode operation on the same string, and
9617 * fills the <arg> with the decoded content.
9618 *
9619 * Validation is skipped if the <arg> string is empty.
9620 *
9621 * This function returns 0 if the variable lookup fails and the specified
9622 * <arg> string is not a valid base64 encoded string, as well if
9623 * unexpected argument type is specified or memory allocation error
9624 * occurs. Otherwise it returns 1.
9625 */
9626static inline int sample_check_arg_base64(struct arg *arg, char **err)
9627{
9628 char *dec = NULL;
9629 int dec_size;
9630
9631 if (arg->type != ARGT_STR) {
9632 memprintf(err, "unexpected argument type");
9633 return 0;
9634 }
9635
9636 if (arg->data.str.data == 0) /* empty */
9637 return 1;
9638
9639 if (vars_check_arg(arg, NULL))
9640 return 1;
9641
9642 if (arg->data.str.data % 4) {
9643 memprintf(err, "argument needs to be base64 encoded, and "
9644 "can either be a string or a variable");
9645 return 0;
9646 }
9647
9648 dec_size = (arg->data.str.data / 4 * 3)
9649 - (arg->data.str.area[arg->data.str.data-1] == '=' ? 1 : 0)
9650 - (arg->data.str.area[arg->data.str.data-2] == '=' ? 1 : 0);
9651
9652 if ((dec = malloc(dec_size)) == NULL) {
9653 memprintf(err, "memory allocation error");
9654 return 0;
9655 }
9656
9657 dec_size = base64dec(arg->data.str.area, arg->data.str.data, dec, dec_size);
9658 if (dec_size < 0) {
9659 memprintf(err, "argument needs to be base64 encoded, and "
9660 "can either be a string or a variable");
9661 free(dec);
9662 return 0;
9663 }
9664
9665 /* base64 decoded */
9666 chunk_destroy(&arg->data.str);
9667 arg->data.str.area = dec;
9668 arg->data.str.data = dec_size;
9669 return 1;
9670}
9671
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009672static int check_aes_gcm(struct arg *args, struct sample_conv *conv,
9673 const char *file, int line, char **err)
9674{
9675 switch(args[0].data.sint) {
9676 case 128:
9677 case 192:
9678 case 256:
9679 break;
9680 default:
9681 memprintf(err, "key size must be 128, 192 or 256 (bits).");
9682 return 0;
9683 }
Dragan Dosene06e0642021-02-22 10:03:53 +01009684
9685 /* Try to decode variables. */
9686 if (!sample_check_arg_base64(&args[1], err)) {
9687 memprintf(err, "failed to parse nonce : %s", *err);
9688 return 0;
9689 }
9690 if (!sample_check_arg_base64(&args[2], err)) {
9691 memprintf(err, "failed to parse key : %s", *err);
9692 return 0;
9693 }
9694 if (!sample_check_arg_base64(&args[3], err)) {
9695 memprintf(err, "failed to parse aead_tag : %s", *err);
9696 return 0;
9697 }
9698
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009699 return 1;
9700}
9701
9702/* Arguements: AES size in bits, nonce, key, tag. The last three arguments are base64 encoded */
9703static int sample_conv_aes_gcm_dec(const struct arg *arg_p, struct sample *smp, void *private)
9704{
9705 struct sample nonce, key, aead_tag;
Dragan Dosene06e0642021-02-22 10:03:53 +01009706 struct buffer *smp_trash = NULL, *smp_trash_alloc = NULL;
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009707 EVP_CIPHER_CTX *ctx;
9708 int dec_size, ret;
9709
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009710 smp_trash_alloc = alloc_trash_chunk();
9711 if (!smp_trash_alloc)
9712 return 0;
9713
Dragan Dosene06e0642021-02-22 10:03:53 +01009714 /* smp copy */
9715 smp_trash_alloc->data = smp->data.u.str.data;
9716 if (unlikely(smp_trash_alloc->data > smp_trash_alloc->size))
9717 smp_trash_alloc->data = smp_trash_alloc->size;
9718 memcpy(smp_trash_alloc->area, smp->data.u.str.area, smp_trash_alloc->data);
9719
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009720 ctx = EVP_CIPHER_CTX_new();
9721
9722 if (!ctx)
9723 goto err;
9724
Dragan Dosene06e0642021-02-22 10:03:53 +01009725 smp_trash = alloc_trash_chunk();
9726 if (!smp_trash)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009727 goto err;
Dragan Dosene06e0642021-02-22 10:03:53 +01009728
9729 smp_set_owner(&nonce, smp->px, smp->sess, smp->strm, smp->opt);
9730 if (!sample_conv_var2smp_str(&arg_p[1], &nonce))
9731 goto err;
9732
9733 if (arg_p[1].type == ARGT_VAR) {
9734 dec_size = base64dec(nonce.data.u.str.area, nonce.data.u.str.data, smp_trash->area, smp_trash->size);
9735 if (dec_size < 0)
9736 goto err;
9737 smp_trash->data = dec_size;
9738 nonce.data.u.str = *smp_trash;
9739 }
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009740
9741 /* Set cipher type and mode */
9742 switch(arg_p[0].data.sint) {
9743 case 128:
9744 EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL);
9745 break;
9746 case 192:
9747 EVP_DecryptInit_ex(ctx, EVP_aes_192_gcm(), NULL, NULL, NULL);
9748 break;
9749 case 256:
9750 EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL);
9751 break;
9752 }
9753
Dragan Dosene06e0642021-02-22 10:03:53 +01009754 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, nonce.data.u.str.data, NULL);
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009755
9756 /* Initialise IV */
Dragan Dosene06e0642021-02-22 10:03:53 +01009757 if(!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, (unsigned char *) nonce.data.u.str.area))
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009758 goto err;
9759
Dragan Dosene06e0642021-02-22 10:03:53 +01009760 smp_set_owner(&key, smp->px, smp->sess, smp->strm, smp->opt);
9761 if (!sample_conv_var2smp_str(&arg_p[2], &key))
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009762 goto err;
Dragan Dosene06e0642021-02-22 10:03:53 +01009763
9764 if (arg_p[2].type == ARGT_VAR) {
9765 dec_size = base64dec(key.data.u.str.area, key.data.u.str.data, smp_trash->area, smp_trash->size);
9766 if (dec_size < 0)
9767 goto err;
9768 smp_trash->data = dec_size;
9769 key.data.u.str = *smp_trash;
9770 }
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009771
9772 /* Initialise key */
Dragan Dosene06e0642021-02-22 10:03:53 +01009773 if (!EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *) key.data.u.str.area, NULL))
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009774 goto err;
9775
9776 if (!EVP_DecryptUpdate(ctx, (unsigned char *) smp_trash->area, (int *) &smp_trash->data,
Dragan Dosene06e0642021-02-22 10:03:53 +01009777 (unsigned char *) smp_trash_alloc->area, (int) smp_trash_alloc->data))
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009778 goto err;
9779
Dragan Dosene06e0642021-02-22 10:03:53 +01009780 smp_set_owner(&aead_tag, smp->px, smp->sess, smp->strm, smp->opt);
9781 if (!sample_conv_var2smp_str(&arg_p[3], &aead_tag))
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009782 goto err;
Dragan Dosene06e0642021-02-22 10:03:53 +01009783
9784 if (arg_p[3].type == ARGT_VAR) {
9785 dec_size = base64dec(aead_tag.data.u.str.area, aead_tag.data.u.str.data, smp_trash_alloc->area, smp_trash_alloc->size);
9786 if (dec_size < 0)
9787 goto err;
9788 smp_trash_alloc->data = dec_size;
9789 aead_tag.data.u.str = *smp_trash_alloc;
9790 }
9791
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009792 dec_size = smp_trash->data;
9793
Dragan Dosene06e0642021-02-22 10:03:53 +01009794 EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, aead_tag.data.u.str.data, (void *) aead_tag.data.u.str.area);
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009795 ret = EVP_DecryptFinal_ex(ctx, (unsigned char *) smp_trash->area + smp_trash->data, (int *) &smp_trash->data);
9796
9797 if (ret <= 0)
9798 goto err;
9799
9800 smp->data.u.str.data = dec_size + smp_trash->data;
9801 smp->data.u.str.area = smp_trash->area;
9802 smp->data.type = SMP_T_BIN;
Dragan Dosene06e0642021-02-22 10:03:53 +01009803 smp_dup(smp);
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009804 free_trash_chunk(smp_trash_alloc);
Dragan Dosene06e0642021-02-22 10:03:53 +01009805 free_trash_chunk(smp_trash);
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009806 return 1;
9807
9808err:
9809 free_trash_chunk(smp_trash_alloc);
Dragan Dosene06e0642021-02-22 10:03:53 +01009810 free_trash_chunk(smp_trash);
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009811 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02009812}
Nenad Merdanovicc31499d2019-03-23 11:00:32 +01009813# endif
William Lallemand32af2032016-10-29 18:09:35 +02009814
9815/* register cli keywords */
9816static struct cli_kw_list cli_kws = {{ },{
9817#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
9818 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02009819 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009820#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01009821 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02009822 { { NULL }, NULL, NULL, NULL }
9823}};
9824
Willy Tarreau0108d902018-11-25 19:14:37 +01009825INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);
William Lallemand32af2032016-10-29 18:09:35 +02009826
Willy Tarreau7875d092012-09-10 08:20:03 +02009827/* Note: must not be declared <const> as its list will be overwritten.
9828 * Please take care of keeping this list alphabetically sorted.
9829 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009830static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02009831 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009832 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009833#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Jérôme Magnine064a802018-12-03 22:21:04 +01009834 { "ssl_bc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009835#endif
Emeric Brun645ae792014-04-30 14:21:06 +02009836 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Olivier Houchard6b77f492018-11-22 18:18:29 +01009837#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
9838 { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
9839#endif
Emeric Brun74f7ffa2018-02-19 16:14:12 +01009840 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02009841 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02009842 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009843 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009844#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02009845 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04009846#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009847#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009848 { "ssl_bc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9849 { "ssl_bc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmere0275472018-04-28 19:15:51 -04009850 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
9851#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009852 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9853 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009854 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009855 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009856 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9857 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9858 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9859 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9860 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9861 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9862 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9863 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009864 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009865 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
9866 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01009867 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02009868 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9869 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9870 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9871 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9872 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9873 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
9874 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02009875 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009876 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009877 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009878 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009879 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009880 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009881 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01009882 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02009883 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01009884#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009885 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02009886#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01009887#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009888 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02009889#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009890 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009891#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02009892 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009893#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02009894 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau9a1ab082019-05-09 13:26:41 +02009895#if HA_OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009896 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009897#endif
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009898#if HA_OPENSSL_VERSION_NUMBER >= 0x10100000L
Patrick Hemmer65674662019-06-04 08:13:03 -04009899 { "ssl_fc_client_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9900 { "ssl_fc_server_random", smp_fetch_ssl_fc_random, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmere0275472018-04-28 19:15:51 -04009901 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9902#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04009903#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01009904 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04009905#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01009906 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9907 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
9908 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
9909 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02009910 { NULL, NULL, 0, 0, 0 },
9911}};
9912
Willy Tarreau0108d902018-11-25 19:14:37 +01009913INITCALL1(STG_REGISTER, sample_register_fetches, &sample_fetch_keywords);
9914
Willy Tarreau7875d092012-09-10 08:20:03 +02009915/* Note: must not be declared <const> as its list will be overwritten.
9916 * Please take care of keeping this list alphabetically sorted.
9917 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02009918static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01009919 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
9920 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01009921 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02009922}};
9923
Willy Tarreau0108d902018-11-25 19:14:37 +01009924INITCALL1(STG_REGISTER, acl_register_keywords, &acl_kws);
9925
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009926/* Note: must not be declared <const> as its list will be overwritten.
9927 * Please take care of keeping this list alphabetically sorted, doing so helps
9928 * all code contributors.
9929 * Optional keywords are also declared with a NULL ->parse() function so that
9930 * the config parser can report an appropriate error when a known keyword was
9931 * not enabled.
9932 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009933static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009934 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009935 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9936 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9937 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009938#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009939 { "ciphersuites", ssl_bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9940#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009941 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01009942 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009943 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009944 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009945 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02009946 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
9947 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01009948 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
9949 { NULL, NULL, 0 },
9950};
9951
Willy Tarreau0108d902018-11-25 19:14:37 +01009952/* no initcall for ssl_bind_kws, these ones are parsed in the parser loop */
9953
Willy Tarreau51fb7652012-09-18 18:24:39 +02009954static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02009955 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009956 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
9957 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
9958 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
9959 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
9960 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
9961 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +02009962#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +02009963 { "ciphersuites", bind_parse_ciphersuites, 1 }, /* set TLS 1.3 cipher suite */
9964#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009965 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
9966 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
9967 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
9968 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
9969 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
9970 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
9971 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
9972 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
9973 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
9974 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009975 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009976 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02009977 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009978 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
9979 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
9980 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
9981 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02009982 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009983 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
9984 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02009985 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
9986 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02009987 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
9988 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
9989 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
9990 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
9991 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02009992 { NULL, NULL, 0 },
9993}};
Emeric Brun46591952012-05-18 15:47:34 +02009994
Willy Tarreau0108d902018-11-25 19:14:37 +01009995INITCALL1(STG_REGISTER, bind_register_keywords, &bind_kws);
9996
Willy Tarreau92faadf2012-10-10 23:04:25 +02009997/* Note: must not be declared <const> as its list will be overwritten.
9998 * Please take care of keeping this list alphabetically sorted, doing so helps
9999 * all code contributors.
10000 * Optional keywords are also declared with a NULL ->parse() function so that
10001 * the config parser can report an appropriate error when a known keyword was
10002 * not enabled.
10003 */
10004static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +010010005 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Olivier Houchardc7566002018-11-20 23:33:50 +010010006 { "alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010007 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard92150142018-12-21 19:47:01 +010010008 { "check-alpn", srv_parse_alpn, 1, 1 }, /* Set ALPN used for checks */
Olivier Houchard9130a962017-10-17 17:33:43 +020010009 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010010 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
10011 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010012#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010013 { "ciphersuites", srv_parse_ciphersuites, 1, 1 }, /* select the cipher suite */
10014#endif
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010015 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
10016 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
10017 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
10018 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
10019 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
10020 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
10021 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
10022 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
10023 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
10024 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
10025 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
10026 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
10027 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
10028 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
10029 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
10030 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
10031 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
10032 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
Olivier Houchardc7566002018-11-20 23:33:50 +010010033 { "npn", srv_parse_npn, 1, 1 }, /* Set NPN supported protocols */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +020010034 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
10035 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
10036 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
10037 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
10038 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
10039 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
10040 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
10041 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
10042 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
10043 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +020010044 { NULL, NULL, 0, 0 },
10045}};
10046
Willy Tarreau0108d902018-11-25 19:14:37 +010010047INITCALL1(STG_REGISTER, srv_register_keywords, &srv_kws);
10048
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010049static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +010010050 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
10051 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +010010052 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010053 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
10054 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +010010055#ifndef OPENSSL_NO_DH
10056 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
10057#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010058 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010059#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010060 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010061#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +010010062 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
10063#ifndef OPENSSL_NO_DH
10064 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
10065#endif
10066 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
10067 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
10068 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
10069 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +010010070 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +010010071 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
10072 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010073#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010074 { CFG_GLOBAL, "ssl-default-bind-ciphersuites", ssl_parse_global_ciphersuites },
10075 { CFG_GLOBAL, "ssl-default-server-ciphersuites", ssl_parse_global_ciphersuites },
10076#endif
Emeric Brun2c86cbf2014-10-30 15:56:50 +010010077 { 0, NULL, NULL },
10078}};
10079
Willy Tarreau0108d902018-11-25 19:14:37 +010010080INITCALL1(STG_REGISTER, cfg_register_keywords, &cfg_kws);
10081
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010082/* Note: must not be declared <const> as its list will be overwritten */
10083static struct sample_conv_kw_list conv_kws = {ILH, {
Willy Tarreau86a394e2019-05-09 14:15:32 +020010084#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000100fL)
Nenad Merdanovicc31499d2019-03-23 11:00:32 +010010085 { "aes_gcm_dec", sample_conv_aes_gcm_dec, ARG4(4,SINT,STR,STR,STR), check_aes_gcm, SMP_T_BIN, SMP_T_BIN },
10086#endif
10087 { NULL, NULL, 0, 0, 0 },
10088}};
10089
10090INITCALL1(STG_REGISTER, sample_register_convs, &conv_kws);
10091
Willy Tarreauf7bc57c2012-10-03 00:19:48 +020010092/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +010010093static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +020010094 .snd_buf = ssl_sock_from_buf,
10095 .rcv_buf = ssl_sock_to_buf,
Olivier Houcharddf357842019-03-21 16:30:07 +010010096 .subscribe = ssl_subscribe,
10097 .unsubscribe = ssl_unsubscribe,
Olivier Houchard5149b592019-05-23 17:47:36 +020010098 .remove_xprt = ssl_remove_xprt,
Olivier Houchard2e055482019-05-27 19:50:12 +020010099 .add_xprt = ssl_add_xprt,
Emeric Brun46591952012-05-18 15:47:34 +020010100 .rcv_pipe = NULL,
10101 .snd_pipe = NULL,
10102 .shutr = NULL,
10103 .shutw = ssl_sock_shutw,
10104 .close = ssl_sock_close,
10105 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +010010106 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +010010107 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +010010108 .prepare_srv = ssl_sock_prepare_srv_ctx,
10109 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +010010110 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +010010111 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +020010112};
10113
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010114enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
10115 struct session *sess, struct stream *s, int flags)
10116{
10117 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010118 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010119
10120 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010121 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010122
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010123 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010124 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +010010125 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +020010126 s->req.flags |= CF_READ_NULL;
10127 return ACT_RET_YIELD;
10128 }
10129 }
10130 return (ACT_RET_CONT);
10131}
10132
10133static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
10134{
10135 rule->action_ptr = ssl_action_wait_for_hs;
10136
10137 return ACT_RET_PRS_OK;
10138}
10139
10140static struct action_kw_list http_req_actions = {ILH, {
10141 { "wait-for-handshake", ssl_parse_wait_for_hs },
10142 { /* END */ }
10143}};
10144
Willy Tarreau0108d902018-11-25 19:14:37 +010010145INITCALL1(STG_REGISTER, http_req_keywords_register, &http_req_actions);
10146
Willy Tarreau5db847a2019-05-09 14:13:35 +020010147#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010148
10149static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10150{
10151 if (ptr) {
10152 chunk_destroy(ptr);
10153 free(ptr);
10154 }
10155}
10156
10157#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010158static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
10159{
Willy Tarreaubafbe012017-11-24 17:34:44 +010010160 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +010010161}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010162
Emeric Brun46591952012-05-18 15:47:34 +020010163__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +020010164static void __ssl_sock_init(void)
10165{
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010166#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010167 STACK_OF(SSL_COMP)* cm;
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010168 int n;
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010169#endif
Emeric Brun46591952012-05-18 15:47:34 +020010170
Willy Tarreauef934602016-12-22 23:12:01 +010010171 if (global_ssl.listen_default_ciphers)
10172 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
10173 if (global_ssl.connect_default_ciphers)
10174 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Emmanuel Hocdet839af572019-05-14 16:27:35 +020010175#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
Dirkjan Bussink415150f2018-09-14 11:14:21 +020010176 if (global_ssl.listen_default_ciphersuites)
10177 global_ssl.listen_default_ciphersuites = strdup(global_ssl.listen_default_ciphersuites);
10178 if (global_ssl.connect_default_ciphersuites)
10179 global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites);
10180#endif
Willy Tarreau610f04b2014-02-13 11:36:41 +010010181
Willy Tarreau13e14102016-12-22 20:25:26 +010010182 xprt_register(XPRT_SSL, &ssl_sock);
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010183#if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
Emeric Brun46591952012-05-18 15:47:34 +020010184 SSL_library_init();
Rosen Penev68185952018-12-14 08:47:02 -080010185#endif
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010186#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
Emeric Brun46591952012-05-18 15:47:34 +020010187 cm = SSL_COMP_get_compression_methods();
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010188 n = sk_SSL_COMP_num(cm);
10189 while (n--) {
10190 (void) sk_SSL_COMP_pop(cm);
10191 }
Ilya Shipitsin0590f442019-05-25 19:30:50 +050010192#endif
Ilya Shipitsine242f3d2019-05-25 03:38:14 +050010193
Willy Tarreau5db847a2019-05-09 14:13:35 +020010194#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010195 ssl_locking_init();
10196#endif
Willy Tarreau5db847a2019-05-09 14:13:35 +020010197#if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +010010198 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
10199#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +020010200 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +020010201 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +010010202 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010203#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010204 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000010205 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010206#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +010010207#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
10208 hap_register_post_check(tlskeys_finalize_config);
10209#endif
Willy Tarreau80713382018-11-26 10:19:54 +010010210
10211 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
10212 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
10213
10214#ifndef OPENSSL_NO_DH
10215 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
10216 hap_register_post_deinit(ssl_free_dh);
10217#endif
10218#ifndef OPENSSL_NO_ENGINE
10219 hap_register_post_deinit(ssl_free_engines);
10220#endif
10221 /* Load SSL string for the verbose & debug mode. */
10222 ERR_load_SSL_strings();
Olivier Houcharda8955d52019-04-07 22:00:38 +020010223 ha_meth = BIO_meth_new(0x666, "ha methods");
10224 BIO_meth_set_write(ha_meth, ha_ssl_write);
10225 BIO_meth_set_read(ha_meth, ha_ssl_read);
10226 BIO_meth_set_ctrl(ha_meth, ha_ssl_ctrl);
10227 BIO_meth_set_create(ha_meth, ha_ssl_new);
10228 BIO_meth_set_destroy(ha_meth, ha_ssl_free);
10229 BIO_meth_set_puts(ha_meth, ha_ssl_puts);
10230 BIO_meth_set_gets(ha_meth, ha_ssl_gets);
Willy Tarreau80713382018-11-26 10:19:54 +010010231}
Willy Tarreaud92aa5c2015-01-15 21:34:39 +010010232
Willy Tarreau80713382018-11-26 10:19:54 +010010233/* Compute and register the version string */
10234static void ssl_register_build_options()
10235{
10236 char *ptr = NULL;
10237 int i;
10238
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010239 memprintf(&ptr, "Built with OpenSSL version : "
10240#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010241 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010242#else /* OPENSSL_IS_BORINGSSL */
10243 OPENSSL_VERSION_TEXT
10244 "\nRunning on OpenSSL version : %s%s",
Rosen Penev68185952018-12-14 08:47:02 -080010245 OpenSSL_version(OPENSSL_VERSION),
Willy Tarreau1d158ab2019-05-09 13:41:45 +020010246 ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010247#endif
10248 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
Willy Tarreau9a1ab082019-05-09 13:26:41 +020010249#if HA_OPENSSL_VERSION_NUMBER < 0x00907000L
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010250 "no (library version too old)"
10251#elif defined(OPENSSL_NO_TLSEXT)
10252 "no (disabled via OPENSSL_NO_TLSEXT)"
10253#else
10254 "yes"
10255#endif
10256 "", ptr);
10257
10258 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
10259#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
10260 "yes"
10261#else
10262#ifdef OPENSSL_NO_TLSEXT
10263 "no (because of OPENSSL_NO_TLSEXT)"
10264#else
10265 "no (version might be too old, 0.9.8f min needed)"
10266#endif
10267#endif
10268 "", ptr);
10269
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +020010270 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
10271 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
10272 if (methodVersions[i].option)
10273 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +010010274
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010275 hap_register_build_opts(ptr, 1);
Willy Tarreau80713382018-11-26 10:19:54 +010010276}
Willy Tarreauc2c0b612016-12-21 19:23:20 +010010277
Willy Tarreau80713382018-11-26 10:19:54 +010010278INITCALL0(STG_REGISTER, ssl_register_build_options);
Remi Gacogne4f902b82015-05-28 16:23:00 +020010279
Emeric Brun46591952012-05-18 15:47:34 +020010280
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010281#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000010282void ssl_free_engines(void) {
10283 struct ssl_engine_list *wl, *wlb;
10284 /* free up engine list */
10285 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
10286 ENGINE_finish(wl->e);
10287 ENGINE_free(wl->e);
10288 LIST_DEL(&wl->list);
10289 free(wl);
10290 }
10291}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020010292#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +020010293
Remi Gacogned3a23c32015-05-28 16:39:47 +020010294#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +000010295void ssl_free_dh(void) {
10296 if (local_dh_1024) {
10297 DH_free(local_dh_1024);
10298 local_dh_1024 = NULL;
10299 }
10300 if (local_dh_2048) {
10301 DH_free(local_dh_2048);
10302 local_dh_2048 = NULL;
10303 }
10304 if (local_dh_4096) {
10305 DH_free(local_dh_4096);
10306 local_dh_4096 = NULL;
10307 }
Remi Gacogne47783ef2015-05-29 15:53:22 +020010308 if (global_dh) {
10309 DH_free(global_dh);
10310 global_dh = NULL;
10311 }
Grant Zhang872f9c22017-01-21 01:10:18 +000010312}
10313#endif
10314
10315__attribute__((destructor))
10316static void __ssl_sock_deinit(void)
10317{
10318#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +020010319 if (ssl_ctx_lru_tree) {
10320 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +010010321 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +020010322 }
Remi Gacogned3a23c32015-05-28 16:39:47 +020010323#endif
10324
Willy Tarreau5db847a2019-05-09 14:13:35 +020010325#if (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010326 ERR_remove_state(0);
10327 ERR_free_strings();
10328
10329 EVP_cleanup();
Rosen Penev68185952018-12-14 08:47:02 -080010330#endif
Remi Gacogned3a23c32015-05-28 16:39:47 +020010331
Willy Tarreau5db847a2019-05-09 14:13:35 +020010332#if (HA_OPENSSL_VERSION_NUMBER >= 0x00907000L) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
Remi Gacogned3a23c32015-05-28 16:39:47 +020010333 CRYPTO_cleanup_all_ex_data();
10334#endif
Olivier Houcharda8955d52019-04-07 22:00:38 +020010335 BIO_meth_free(ha_meth);
Remi Gacogned3a23c32015-05-28 16:39:47 +020010336}
10337
10338
Emeric Brun46591952012-05-18 15:47:34 +020010339/*
10340 * Local variables:
10341 * c-indent-level: 8
10342 * c-basic-offset: 8
10343 * End:
10344 */