blob: 25f3ecaaffecd68ed2d163272859cfcfa8bf9dac [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020042#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020043#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020044#include <openssl/x509.h>
45#include <openssl/x509v3.h>
46#include <openssl/x509.h>
47#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010048#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020049#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010050#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020051#include <openssl/ocsp.h>
52#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020053#ifndef OPENSSL_NO_DH
54#include <openssl/dh.h>
55#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020056#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000057#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020058#endif
Emeric Brun46591952012-05-18 15:47:34 +020059
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020060#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000061#include <openssl/async.h>
62#endif
63
Christopher Faulet31af49d2015-06-09 17:29:50 +020064#include <import/lru.h>
65#include <import/xxhash.h>
66
Emeric Brun46591952012-05-18 15:47:34 +020067#include <common/buffer.h>
68#include <common/compat.h>
69#include <common/config.h>
70#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020071#include <common/errors.h>
Emeric Brun46591952012-05-18 15:47:34 +020072#include <common/standard.h>
73#include <common/ticks.h>
74#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010075#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010076#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020077
Emeric Brunfc0421f2012-09-07 17:30:07 +020078#include <ebsttree.h>
79
William Lallemand32af2032016-10-29 18:09:35 +020080#include <types/applet.h>
81#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020082#include <types/global.h>
83#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020084#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020085
Willy Tarreau7875d092012-09-10 08:20:03 +020086#include <proto/acl.h>
87#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020088#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020089#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020090#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020091#include <proto/fd.h>
92#include <proto/freq_ctr.h>
93#include <proto/frontend.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020094#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020095#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010096#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020097#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020098#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020099#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +0200100#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200101#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200102#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200103#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200104#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200105#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200106#include <proto/task.h>
107
Willy Tarreau518cedd2014-02-17 15:43:01 +0100108/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200109#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100110#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100111#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200112#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
113
Emeric Brunf282a812012-09-21 15:27:54 +0200114/* bits 0xFFFF0000 are reserved to store verify errors */
115
116/* Verify errors macros */
117#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
118#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
119#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
120
121#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
122#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
123#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200124
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100125/* Supported hash function for TLS tickets */
126#ifdef OPENSSL_NO_SHA256
127#define HASH_FUNCT EVP_sha1
128#else
129#define HASH_FUNCT EVP_sha256
130#endif /* OPENSSL_NO_SHA256 */
131
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200132/* ssl_methods flags for ssl options */
133#define MC_SSL_O_ALL 0x0000
134#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
135#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
136#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
137#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200138#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200139
140/* ssl_methods versions */
141enum {
142 CONF_TLSV_NONE = 0,
143 CONF_TLSV_MIN = 1,
144 CONF_SSLV3 = 1,
145 CONF_TLSV10 = 2,
146 CONF_TLSV11 = 3,
147 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200148 CONF_TLSV13 = 5,
149 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200150};
151
Emeric Brun850efd52014-01-29 12:24:34 +0100152/* server and bind verify method, it uses a global value as default */
153enum {
154 SSL_SOCK_VERIFY_DEFAULT = 0,
155 SSL_SOCK_VERIFY_REQUIRED = 1,
156 SSL_SOCK_VERIFY_OPTIONAL = 2,
157 SSL_SOCK_VERIFY_NONE = 3,
158};
159
William Lallemand3f85c9a2017-10-09 16:30:50 +0200160
Willy Tarreau71b734c2014-01-28 15:19:44 +0100161int sslconns = 0;
162int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100163static struct xprt_ops ssl_sock;
Emeric Brune1f38db2012-09-03 20:36:47 +0200164
Willy Tarreauef934602016-12-22 23:12:01 +0100165static struct {
166 char *crt_base; /* base directory path for certificates */
167 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000168 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100169
170 char *listen_default_ciphers;
171 char *connect_default_ciphers;
172 int listen_default_ssloptions;
173 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200174 struct tls_version_filter listen_default_sslmethods;
175 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100176
177 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
178 unsigned int life_time; /* SSL session lifetime in seconds */
179 unsigned int max_record; /* SSL max record size */
180 unsigned int default_dh_param; /* SSL maximum DH parameter size */
181 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100182 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100183} global_ssl = {
184#ifdef LISTEN_DEFAULT_CIPHERS
185 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
186#endif
187#ifdef CONNECT_DEFAULT_CIPHERS
188 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
189#endif
190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Emeric Brun821bb9b2017-06-15 16:37:39 +0200208#ifdef USE_THREAD
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100209
Emeric Brun821bb9b2017-06-15 16:37:39 +0200210static HA_RWLOCK_T *ssl_rwlocks;
211
212
213unsigned long ssl_id_function(void)
214{
215 return (unsigned long)tid;
216}
217
218void ssl_locking_function(int mode, int n, const char * file, int line)
219{
220 if (mode & CRYPTO_LOCK) {
221 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100222 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200223 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100224 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200225 }
226 else {
227 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100228 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200229 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100230 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200231 }
232}
233
234static int ssl_locking_init(void)
235{
236 int i;
237
238 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
239 if (!ssl_rwlocks)
240 return -1;
241
242 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100243 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200244
245 CRYPTO_set_id_callback(ssl_id_function);
246 CRYPTO_set_locking_callback(ssl_locking_function);
247
248 return 0;
249}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100250
Emeric Brun821bb9b2017-06-15 16:37:39 +0200251#endif
252
253
254
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100255/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100256struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100257 unsigned long long int xxh64;
258 unsigned char ciphersuite_len;
259 char ciphersuite[0];
260};
261struct pool_head *pool2_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100262static int ssl_capture_ptr_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100263
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200264#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
265struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
266#endif
267
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200268#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000269static unsigned int openssl_engines_initialized;
270struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
271struct ssl_engine_list {
272 struct list list;
273 ENGINE *e;
274};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200275#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000276
Remi Gacogne8de54152014-07-15 11:36:40 +0200277#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200278static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200279static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200280static DH *local_dh_1024 = NULL;
281static DH *local_dh_2048 = NULL;
282static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100283static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200284#endif /* OPENSSL_NO_DH */
285
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100286#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200287/* X509V3 Extensions that will be added on generated certificates */
288#define X509V3_EXT_SIZE 5
289static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
290 "basicConstraints",
291 "nsComment",
292 "subjectKeyIdentifier",
293 "authorityKeyIdentifier",
294 "keyUsage",
295};
296static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
297 "CA:FALSE",
298 "\"OpenSSL Generated Certificate\"",
299 "hash",
300 "keyid,issuer:always",
301 "nonRepudiation,digitalSignature,keyEncipherment"
302};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200303/* LRU cache to store generated certificate */
304static struct lru64_head *ssl_ctx_lru_tree = NULL;
305static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200306static unsigned int ssl_ctx_serial;
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100307__decl_hathreads(static HA_RWLOCK_T ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200308
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200309#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
310
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100311static struct ssl_bind_kw ssl_bind_kws[];
312
yanbzhube2774d2015-12-10 15:07:30 -0500313#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
314/* The order here matters for picking a default context,
315 * keep the most common keytype at the bottom of the list
316 */
317const char *SSL_SOCK_KEYTYPE_NAMES[] = {
318 "dsa",
319 "ecdsa",
320 "rsa"
321};
322#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100323#else
324#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500325#endif
326
William Lallemand4f45bb92017-10-30 20:08:51 +0100327static struct shared_context *ssl_shctx; /* ssl shared session cache */
328static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
329
330#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
331
332#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
333 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
334
335#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
336 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200337
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100338/*
339 * This function gives the detail of the SSL error. It is used only
340 * if the debug mode and the verbose mode are activated. It dump all
341 * the SSL error until the stack was empty.
342 */
343static forceinline void ssl_sock_dump_errors(struct connection *conn)
344{
345 unsigned long ret;
346
347 if (unlikely(global.mode & MODE_DEBUG)) {
348 while(1) {
349 ret = ERR_get_error();
350 if (ret == 0)
351 return;
352 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200353 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100354 ERR_func_error_string(ret), ERR_reason_error_string(ret));
355 }
356 }
357}
358
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200359#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500360/*
361 * struct alignment works here such that the key.key is the same as key_data
362 * Do not change the placement of key_data
363 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200364struct certificate_ocsp {
365 struct ebmb_node key;
366 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
367 struct chunk response;
368 long expire;
369};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200370
yanbzhube2774d2015-12-10 15:07:30 -0500371struct ocsp_cbk_arg {
372 int is_single;
373 int single_kt;
374 union {
375 struct certificate_ocsp *s_ocsp;
376 /*
377 * m_ocsp will have multiple entries dependent on key type
378 * Entry 0 - DSA
379 * Entry 1 - ECDSA
380 * Entry 2 - RSA
381 */
382 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
383 };
384};
385
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200386#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000387static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
388{
389 int err_code = ERR_ABORT;
390 ENGINE *engine;
391 struct ssl_engine_list *el;
392
393 /* grab the structural reference to the engine */
394 engine = ENGINE_by_id(engine_id);
395 if (engine == NULL) {
396 Alert("ssl-engine %s: failed to get structural reference\n", engine_id);
397 goto fail_get;
398 }
399
400 if (!ENGINE_init(engine)) {
401 /* the engine couldn't initialise, release it */
402 Alert("ssl-engine %s: failed to initialize\n", engine_id);
403 goto fail_init;
404 }
405
406 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
407 Alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
408 goto fail_set_method;
409 }
410
411 el = calloc(1, sizeof(*el));
412 el->e = engine;
413 LIST_ADD(&openssl_engines, &el->list);
414 return 0;
415
416fail_set_method:
417 /* release the functional reference from ENGINE_init() */
418 ENGINE_finish(engine);
419
420fail_init:
421 /* release the structural reference from ENGINE_by_id() */
422 ENGINE_free(engine);
423
424fail_get:
425 return err_code;
426}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200427#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000428
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200429#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200430/*
431 * openssl async fd handler
432 */
433static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000434{
435 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000436
Emeric Brun3854e012017-05-17 20:42:48 +0200437 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000438 * to poll this fd until it is requested
439 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000440 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000441 fd_cant_recv(fd);
442
443 /* crypto engine is available, let's notify the associated
444 * connection that it can pursue its processing.
445 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000446 __conn_sock_want_recv(conn);
447 __conn_sock_want_send(conn);
448 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000449}
450
Emeric Brun3854e012017-05-17 20:42:48 +0200451/*
452 * openssl async delayed SSL_free handler
453 */
454static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000455{
456 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200457 OSSL_ASYNC_FD all_fd[32];
458 size_t num_all_fds = 0;
459 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000460
Emeric Brun3854e012017-05-17 20:42:48 +0200461 /* We suppose that the async job for a same SSL *
462 * are serialized. So if we are awake it is
463 * because the running job has just finished
464 * and we can remove all async fds safely
465 */
466 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
467 if (num_all_fds > 32) {
468 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
469 return;
470 }
471
472 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
473 for (i=0 ; i < num_all_fds ; i++)
474 fd_remove(all_fd[i]);
475
476 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000477 SSL_free(ssl);
478 sslconns--;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +0200479 HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000480}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000481/*
Emeric Brun3854e012017-05-17 20:42:48 +0200482 * function used to manage a returned SSL_ERROR_WANT_ASYNC
483 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000484 */
Emeric Brun3854e012017-05-17 20:42:48 +0200485static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000486{
Emeric Brun3854e012017-05-17 20:42:48 +0200487 OSSL_ASYNC_FD add_fd[32], afd;
488 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000489 size_t num_add_fds = 0;
490 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200491 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000492
493 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
494 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200495 if (num_add_fds > 32 || num_del_fds > 32) {
496 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000497 return;
498 }
499
Emeric Brun3854e012017-05-17 20:42:48 +0200500 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000501
Emeric Brun3854e012017-05-17 20:42:48 +0200502 /* We remove unused fds from the fdtab */
503 for (i=0 ; i < num_del_fds ; i++)
504 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000505
Emeric Brun3854e012017-05-17 20:42:48 +0200506 /* We add new fds to the fdtab */
507 for (i=0 ; i < num_add_fds ; i++) {
508 afd = add_fd[i];
509 fdtab[afd].owner = conn;
510 fdtab[afd].iocb = ssl_async_fd_handler;
Christopher Faulet36716a72017-05-30 11:07:16 +0200511 fd_insert(afd, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000512 }
513
Emeric Brun3854e012017-05-17 20:42:48 +0200514 num_add_fds = 0;
515 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
516 if (num_add_fds > 32) {
517 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
518 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000519 }
Emeric Brun3854e012017-05-17 20:42:48 +0200520
521 /* We activate the polling for all known async fds */
522 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000523 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200524 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000525 /* To ensure that the fd cache won't be used
526 * We'll prefer to catch a real RD event
527 * because handling an EAGAIN on this fd will
528 * result in a context switch and also
529 * some engines uses a fd in blocking mode.
530 */
531 fd_cant_recv(add_fd[i]);
532 }
Emeric Brun3854e012017-05-17 20:42:48 +0200533
534 /* We must also prevent the conn_handler
535 * to be called until a read event was
536 * polled on an async fd
537 */
538 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000539}
540#endif
541
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200542/*
543 * This function returns the number of seconds elapsed
544 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
545 * date presented un ASN1_GENERALIZEDTIME.
546 *
547 * In parsing error case, it returns -1.
548 */
549static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
550{
551 long epoch;
552 char *p, *end;
553 const unsigned short month_offset[12] = {
554 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
555 };
556 int year, month;
557
558 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
559
560 p = (char *)d->data;
561 end = p + d->length;
562
563 if (end - p < 4) return -1;
564 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
565 p += 4;
566 if (end - p < 2) return -1;
567 month = 10 * (p[0] - '0') + p[1] - '0';
568 if (month < 1 || month > 12) return -1;
569 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
570 We consider leap years and the current month (<marsh or not) */
571 epoch = ( ((year - 1970) * 365)
572 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
573 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
574 + month_offset[month-1]
575 ) * 24 * 60 * 60;
576 p += 2;
577 if (end - p < 2) return -1;
578 /* Add the number of seconds of completed days of current month */
579 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
580 p += 2;
581 if (end - p < 2) return -1;
582 /* Add the completed hours of the current day */
583 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
584 p += 2;
585 if (end - p < 2) return -1;
586 /* Add the completed minutes of the current hour */
587 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
588 p += 2;
589 if (p == end) return -1;
590 /* Test if there is available seconds */
591 if (p[0] < '0' || p[0] > '9')
592 goto nosec;
593 if (end - p < 2) return -1;
594 /* Add the seconds of the current minute */
595 epoch += 10 * (p[0] - '0') + p[1] - '0';
596 p += 2;
597 if (p == end) return -1;
598 /* Ignore seconds float part if present */
599 if (p[0] == '.') {
600 do {
601 if (++p == end) return -1;
602 } while (p[0] >= '0' && p[0] <= '9');
603 }
604
605nosec:
606 if (p[0] == 'Z') {
607 if (end - p != 1) return -1;
608 return epoch;
609 }
610 else if (p[0] == '+') {
611 if (end - p != 5) return -1;
612 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700613 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200614 }
615 else if (p[0] == '-') {
616 if (end - p != 5) return -1;
617 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700618 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200619 }
620
621 return -1;
622}
623
Emeric Brun1d3865b2014-06-20 15:37:32 +0200624static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200625
626/* This function starts to check if the OCSP response (in DER format) contained
627 * in chunk 'ocsp_response' is valid (else exits on error).
628 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
629 * contained in the OCSP Response and exits on error if no match.
630 * If it's a valid OCSP Response:
631 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
632 * pointed by 'ocsp'.
633 * If 'ocsp' is NULL, the function looks up into the OCSP response's
634 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
635 * from the response) and exits on error if not found. Finally, If an OCSP response is
636 * already present in the container, it will be overwritten.
637 *
638 * Note: OCSP response containing more than one OCSP Single response is not
639 * considered valid.
640 *
641 * Returns 0 on success, 1 in error case.
642 */
643static int ssl_sock_load_ocsp_response(struct chunk *ocsp_response, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
644{
645 OCSP_RESPONSE *resp;
646 OCSP_BASICRESP *bs = NULL;
647 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200648 OCSP_CERTID *id;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200649 unsigned char *p = (unsigned char *)ocsp_response->str;
650 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200651 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200652 int reason;
653 int ret = 1;
654
655 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p, ocsp_response->len);
656 if (!resp) {
657 memprintf(err, "Unable to parse OCSP response");
658 goto out;
659 }
660
661 rc = OCSP_response_status(resp);
662 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
663 memprintf(err, "OCSP response status not successful");
664 goto out;
665 }
666
667 bs = OCSP_response_get1_basic(resp);
668 if (!bs) {
669 memprintf(err, "Failed to get basic response from OCSP Response");
670 goto out;
671 }
672
673 count_sr = OCSP_resp_count(bs);
674 if (count_sr > 1) {
675 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
676 goto out;
677 }
678
679 sr = OCSP_resp_get0(bs, 0);
680 if (!sr) {
681 memprintf(err, "Failed to get OCSP single response");
682 goto out;
683 }
684
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200685 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
686
Emeric Brun4147b2e2014-06-16 18:36:30 +0200687 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200688 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200689 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200690 goto out;
691 }
692
Emeric Brun13a6b482014-06-20 15:44:34 +0200693 if (!nextupd) {
694 memprintf(err, "OCSP single response: missing nextupdate");
695 goto out;
696 }
697
Emeric Brunc8b27b62014-06-19 14:16:17 +0200698 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200699 if (!rc) {
700 memprintf(err, "OCSP single response: no longer valid.");
701 goto out;
702 }
703
704 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200705 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200706 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
707 goto out;
708 }
709 }
710
711 if (!ocsp) {
712 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
713 unsigned char *p;
714
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200715 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200716 if (!rc) {
717 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
718 goto out;
719 }
720
721 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
722 memprintf(err, "OCSP single response: Certificate ID too long");
723 goto out;
724 }
725
726 p = key;
727 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200728 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200729 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
730 if (!ocsp) {
731 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
732 goto out;
733 }
734 }
735
736 /* According to comments on "chunk_dup", the
737 previous chunk buffer will be freed */
738 if (!chunk_dup(&ocsp->response, ocsp_response)) {
739 memprintf(err, "OCSP response: Memory allocation error");
740 goto out;
741 }
742
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200743 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
744
Emeric Brun4147b2e2014-06-16 18:36:30 +0200745 ret = 0;
746out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100747 ERR_clear_error();
748
Emeric Brun4147b2e2014-06-16 18:36:30 +0200749 if (bs)
750 OCSP_BASICRESP_free(bs);
751
752 if (resp)
753 OCSP_RESPONSE_free(resp);
754
755 return ret;
756}
757/*
758 * External function use to update the OCSP response in the OCSP response's
759 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
760 * to update in DER format.
761 *
762 * Returns 0 on success, 1 in error case.
763 */
764int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err)
765{
766 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
767}
768
769/*
770 * This function load the OCSP Resonse in DER format contained in file at
771 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
772 *
773 * Returns 0 on success, 1 in error case.
774 */
775static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
776{
777 int fd = -1;
778 int r = 0;
779 int ret = 1;
780
781 fd = open(ocsp_path, O_RDONLY);
782 if (fd == -1) {
783 memprintf(err, "Error opening OCSP response file");
784 goto end;
785 }
786
787 trash.len = 0;
788 while (trash.len < trash.size) {
789 r = read(fd, trash.str + trash.len, trash.size - trash.len);
790 if (r < 0) {
791 if (errno == EINTR)
792 continue;
793
794 memprintf(err, "Error reading OCSP response from file");
795 goto end;
796 }
797 else if (r == 0) {
798 break;
799 }
800 trash.len += r;
801 }
802
803 close(fd);
804 fd = -1;
805
806 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
807end:
808 if (fd != -1)
809 close(fd);
810
811 return ret;
812}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100813#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200814
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100815#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
816static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
817{
818 struct tls_sess_key *keys;
819 struct connection *conn;
820 int head;
821 int i;
822
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200823 conn = SSL_get_app_data(s);
Nenad Merdanovic146defa2015-05-09 08:46:00 +0200824 keys = objt_listener(conn->target)->bind_conf->keys_ref->tlskeys;
825 head = objt_listener(conn->target)->bind_conf->keys_ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100826
827 if (enc) {
828 memcpy(key_name, keys[head].name, 16);
829
830 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
831 return -1;
832
833 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].aes_key, iv))
834 return -1;
835
836 HMAC_Init_ex(hctx, keys[head].hmac_key, 16, HASH_FUNCT(), NULL);
837
838 return 1;
839 } else {
840 for (i = 0; i < TLS_TICKETS_NO; i++) {
841 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
842 goto found;
843 }
844 return 0;
845
846 found:
847 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].hmac_key, 16, HASH_FUNCT(), NULL);
848 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].aes_key, iv))
849 return -1;
850 /* 2 for key renewal, 1 if current key is still valid */
851 return i ? 2 : 1;
852 }
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200853}
854
855struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
856{
857 struct tls_keys_ref *ref;
858
859 list_for_each_entry(ref, &tlskeys_reference, list)
860 if (ref->filename && strcmp(filename, ref->filename) == 0)
861 return ref;
862 return NULL;
863}
864
865struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
866{
867 struct tls_keys_ref *ref;
868
869 list_for_each_entry(ref, &tlskeys_reference, list)
870 if (ref->unique_id == unique_id)
871 return ref;
872 return NULL;
873}
874
875int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err) {
876 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
877
878 if(!ref) {
879 memprintf(err, "Unable to locate the referenced filename: %s", filename);
880 return 1;
881 }
882
Pradeep Jindalcc79b002015-08-20 18:25:17 +0530883 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)), tlskey->str, tlskey->len);
884 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200885
886 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100887}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200888
889/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100890 * automatic ids. It's called just after the basic checks. It returns
891 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200892 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100893static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200894{
895 int i = 0;
896 struct tls_keys_ref *ref, *ref2, *ref3;
897 struct list tkr = LIST_HEAD_INIT(tkr);
898
899 list_for_each_entry(ref, &tlskeys_reference, list) {
900 if (ref->unique_id == -1) {
901 /* Look for the first free id. */
902 while (1) {
903 list_for_each_entry(ref2, &tlskeys_reference, list) {
904 if (ref2->unique_id == i) {
905 i++;
906 break;
907 }
908 }
909 if (&ref2->list == &tlskeys_reference)
910 break;
911 }
912
913 /* Uses the unique id and increment it for the next entry. */
914 ref->unique_id = i;
915 i++;
916 }
917 }
918
919 /* This sort the reference list by id. */
920 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
921 LIST_DEL(&ref->list);
922 list_for_each_entry(ref3, &tkr, list) {
923 if (ref->unique_id < ref3->unique_id) {
924 LIST_ADDQ(&ref3->list, &ref->list);
925 break;
926 }
927 }
928 if (&ref3->list == &tkr)
929 LIST_ADDQ(&tkr, &ref->list);
930 }
931
932 /* swap root */
933 LIST_ADD(&tkr, &tlskeys_reference);
934 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +0100935 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200936}
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100937#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
938
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100939#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -0500940int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
941{
942 switch (evp_keytype) {
943 case EVP_PKEY_RSA:
944 return 2;
945 case EVP_PKEY_DSA:
946 return 0;
947 case EVP_PKEY_EC:
948 return 1;
949 }
950
951 return -1;
952}
953
Emeric Brun4147b2e2014-06-16 18:36:30 +0200954/*
955 * Callback used to set OCSP status extension content in server hello.
956 */
957int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
958{
yanbzhube2774d2015-12-10 15:07:30 -0500959 struct certificate_ocsp *ocsp;
960 struct ocsp_cbk_arg *ocsp_arg;
961 char *ssl_buf;
962 EVP_PKEY *ssl_pkey;
963 int key_type;
964 int index;
965
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200966 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -0500967
968 ssl_pkey = SSL_get_privatekey(ssl);
969 if (!ssl_pkey)
970 return SSL_TLSEXT_ERR_NOACK;
971
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200972 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -0500973
974 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
975 ocsp = ocsp_arg->s_ocsp;
976 else {
977 /* For multiple certs per context, we have to find the correct OCSP response based on
978 * the certificate type
979 */
980 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
981
982 if (index < 0)
983 return SSL_TLSEXT_ERR_NOACK;
984
985 ocsp = ocsp_arg->m_ocsp[index];
986
987 }
Emeric Brun4147b2e2014-06-16 18:36:30 +0200988
989 if (!ocsp ||
990 !ocsp->response.str ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200991 !ocsp->response.len ||
992 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +0200993 return SSL_TLSEXT_ERR_NOACK;
994
995 ssl_buf = OPENSSL_malloc(ocsp->response.len);
996 if (!ssl_buf)
997 return SSL_TLSEXT_ERR_NOACK;
998
999 memcpy(ssl_buf, ocsp->response.str, ocsp->response.len);
1000 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.len);
1001
1002 return SSL_TLSEXT_ERR_OK;
1003}
1004
1005/*
1006 * This function enables the handling of OCSP status extension on 'ctx' if a
1007 * file name 'cert_path' suffixed using ".ocsp" is present.
1008 * To enable OCSP status extension, the issuer's certificate is mandatory.
1009 * It should be present in the certificate's extra chain builded from file
1010 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1011 * named 'cert_path' suffixed using '.issuer'.
1012 *
1013 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1014 * response. If file is empty or content is not a valid OCSP response,
1015 * OCSP status extension is enabled but OCSP response is ignored (a warning
1016 * is displayed).
1017 *
1018 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
1019 * succesfully enabled, or -1 in other error case.
1020 */
1021static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1022{
1023
1024 BIO *in = NULL;
1025 X509 *x, *xi = NULL, *issuer = NULL;
1026 STACK_OF(X509) *chain = NULL;
1027 OCSP_CERTID *cid = NULL;
1028 SSL *ssl;
1029 char ocsp_path[MAXPATHLEN+1];
1030 int i, ret = -1;
1031 struct stat st;
1032 struct certificate_ocsp *ocsp = NULL, *iocsp;
1033 char *warn = NULL;
1034 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001035 pem_password_cb *passwd_cb;
1036 void *passwd_cb_userdata;
1037 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001038
1039 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1040
1041 if (stat(ocsp_path, &st))
1042 return 1;
1043
1044 ssl = SSL_new(ctx);
1045 if (!ssl)
1046 goto out;
1047
1048 x = SSL_get_certificate(ssl);
1049 if (!x)
1050 goto out;
1051
1052 /* Try to lookup for issuer in certificate extra chain */
1053#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1054 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1055#else
1056 chain = ctx->extra_certs;
1057#endif
1058 for (i = 0; i < sk_X509_num(chain); i++) {
1059 issuer = sk_X509_value(chain, i);
1060 if (X509_check_issued(issuer, x) == X509_V_OK)
1061 break;
1062 else
1063 issuer = NULL;
1064 }
1065
1066 /* If not found try to load issuer from a suffixed file */
1067 if (!issuer) {
1068 char issuer_path[MAXPATHLEN+1];
1069
1070 in = BIO_new(BIO_s_file());
1071 if (!in)
1072 goto out;
1073
1074 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1075 if (BIO_read_filename(in, issuer_path) <= 0)
1076 goto out;
1077
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001078 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1079 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1080
1081 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001082 if (!xi)
1083 goto out;
1084
1085 if (X509_check_issued(xi, x) != X509_V_OK)
1086 goto out;
1087
1088 issuer = xi;
1089 }
1090
1091 cid = OCSP_cert_to_id(0, x, issuer);
1092 if (!cid)
1093 goto out;
1094
1095 i = i2d_OCSP_CERTID(cid, NULL);
1096 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1097 goto out;
1098
Vincent Bernat02779b62016-04-03 13:48:43 +02001099 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001100 if (!ocsp)
1101 goto out;
1102
1103 p = ocsp->key_data;
1104 i2d_OCSP_CERTID(cid, &p);
1105
1106 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1107 if (iocsp == ocsp)
1108 ocsp = NULL;
1109
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001110#ifndef SSL_CTX_get_tlsext_status_cb
1111# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1112 *cb = (void (*) (void))ctx->tlsext_status_cb;
1113#endif
1114 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1115
1116 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001117 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001118 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001119
1120 cb_arg->is_single = 1;
1121 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001122
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001123 pkey = X509_get_pubkey(x);
1124 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1125 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001126
1127 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1128 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1129 } else {
1130 /*
1131 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1132 * Update that cb_arg with the new cert's staple
1133 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001134 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001135 struct certificate_ocsp *tmp_ocsp;
1136 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001137 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001138 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001139
1140#ifdef SSL_CTX_get_tlsext_status_arg
1141 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1142#else
1143 cb_arg = ctx->tlsext_status_arg;
1144#endif
yanbzhube2774d2015-12-10 15:07:30 -05001145
1146 /*
1147 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1148 * the order of operations below matter, take care when changing it
1149 */
1150 tmp_ocsp = cb_arg->s_ocsp;
1151 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1152 cb_arg->s_ocsp = NULL;
1153 cb_arg->m_ocsp[index] = tmp_ocsp;
1154 cb_arg->is_single = 0;
1155 cb_arg->single_kt = 0;
1156
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001157 pkey = X509_get_pubkey(x);
1158 key_type = EVP_PKEY_base_id(pkey);
1159 EVP_PKEY_free(pkey);
1160
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001161 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001162 if (index >= 0 && !cb_arg->m_ocsp[index])
1163 cb_arg->m_ocsp[index] = iocsp;
1164
1165 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001166
1167 ret = 0;
1168
1169 warn = NULL;
1170 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1171 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
1172 Warning("%s.\n", warn);
1173 }
1174
1175out:
1176 if (ssl)
1177 SSL_free(ssl);
1178
1179 if (in)
1180 BIO_free(in);
1181
1182 if (xi)
1183 X509_free(xi);
1184
1185 if (cid)
1186 OCSP_CERTID_free(cid);
1187
1188 if (ocsp)
1189 free(ocsp);
1190
1191 if (warn)
1192 free(warn);
1193
1194
1195 return ret;
1196}
1197
1198#endif
1199
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001200#ifdef OPENSSL_IS_BORINGSSL
1201static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1202{
1203 char ocsp_path[MAXPATHLEN+1];
1204 struct stat st;
1205 int fd = -1, r = 0;
1206
1207 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1208 if (stat(ocsp_path, &st))
1209 return 0;
1210
1211 fd = open(ocsp_path, O_RDONLY);
1212 if (fd == -1) {
1213 Warning("Error opening OCSP response file %s.\n", ocsp_path);
1214 return -1;
1215 }
1216
1217 trash.len = 0;
1218 while (trash.len < trash.size) {
1219 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1220 if (r < 0) {
1221 if (errno == EINTR)
1222 continue;
1223 Warning("Error reading OCSP response from file %s.\n", ocsp_path);
1224 close(fd);
1225 return -1;
1226 }
1227 else if (r == 0) {
1228 break;
1229 }
1230 trash.len += r;
1231 }
1232 close(fd);
1233 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)trash.str, trash.len);
1234}
1235#endif
1236
Daniel Jakots54ffb912015-11-06 20:02:41 +01001237#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001238
1239#define CT_EXTENSION_TYPE 18
1240
1241static int sctl_ex_index = -1;
1242
1243/*
1244 * Try to parse Signed Certificate Timestamp List structure. This function
1245 * makes only basic test if the data seems like SCTL. No signature validation
1246 * is performed.
1247 */
1248static int ssl_sock_parse_sctl(struct chunk *sctl)
1249{
1250 int ret = 1;
1251 int len, pos, sct_len;
1252 unsigned char *data;
1253
1254 if (sctl->len < 2)
1255 goto out;
1256
1257 data = (unsigned char *)sctl->str;
1258 len = (data[0] << 8) | data[1];
1259
1260 if (len + 2 != sctl->len)
1261 goto out;
1262
1263 data = data + 2;
1264 pos = 0;
1265 while (pos < len) {
1266 if (len - pos < 2)
1267 goto out;
1268
1269 sct_len = (data[pos] << 8) | data[pos + 1];
1270 if (pos + sct_len + 2 > len)
1271 goto out;
1272
1273 pos += sct_len + 2;
1274 }
1275
1276 ret = 0;
1277
1278out:
1279 return ret;
1280}
1281
1282static int ssl_sock_load_sctl_from_file(const char *sctl_path, struct chunk **sctl)
1283{
1284 int fd = -1;
1285 int r = 0;
1286 int ret = 1;
1287
1288 *sctl = NULL;
1289
1290 fd = open(sctl_path, O_RDONLY);
1291 if (fd == -1)
1292 goto end;
1293
1294 trash.len = 0;
1295 while (trash.len < trash.size) {
1296 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1297 if (r < 0) {
1298 if (errno == EINTR)
1299 continue;
1300
1301 goto end;
1302 }
1303 else if (r == 0) {
1304 break;
1305 }
1306 trash.len += r;
1307 }
1308
1309 ret = ssl_sock_parse_sctl(&trash);
1310 if (ret)
1311 goto end;
1312
Vincent Bernat02779b62016-04-03 13:48:43 +02001313 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001314 if (!chunk_dup(*sctl, &trash)) {
1315 free(*sctl);
1316 *sctl = NULL;
1317 goto end;
1318 }
1319
1320end:
1321 if (fd != -1)
1322 close(fd);
1323
1324 return ret;
1325}
1326
1327int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1328{
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001329 struct chunk *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001330
1331 *out = (unsigned char *)sctl->str;
1332 *outlen = sctl->len;
1333
1334 return 1;
1335}
1336
1337int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1338{
1339 return 1;
1340}
1341
1342static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1343{
1344 char sctl_path[MAXPATHLEN+1];
1345 int ret = -1;
1346 struct stat st;
1347 struct chunk *sctl = NULL;
1348
1349 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1350
1351 if (stat(sctl_path, &st))
1352 return 1;
1353
1354 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1355 goto out;
1356
1357 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1358 free(sctl);
1359 goto out;
1360 }
1361
1362 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1363
1364 ret = 0;
1365
1366out:
1367 return ret;
1368}
1369
1370#endif
1371
Emeric Brune1f38db2012-09-03 20:36:47 +02001372void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1373{
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001374 struct connection *conn = SSL_get_app_data(ssl);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001375 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001376 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001377
1378 if (where & SSL_CB_HANDSHAKE_START) {
1379 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchardc2aae742017-09-22 18:26:28 +02001380 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001381 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001382 conn->err_code = CO_ER_SSL_RENEG;
1383 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001384 }
Emeric Brund8b2bb52014-01-28 15:43:53 +01001385
1386 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1387 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1388 /* Long certificate chains optimz
1389 If write and read bios are differents, we
1390 consider that the buffering was activated,
1391 so we rise the output buffer size from 4k
1392 to 16k */
1393 write_bio = SSL_get_wbio(ssl);
1394 if (write_bio != SSL_get_rbio(ssl)) {
1395 BIO_set_write_buffer_size(write_bio, 16384);
1396 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1397 }
1398 }
1399 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001400}
1401
Emeric Brune64aef12012-09-21 13:15:06 +02001402/* Callback is called for each certificate of the chain during a verify
1403 ok is set to 1 if preverify detect no error on current certificate.
1404 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001405int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001406{
1407 SSL *ssl;
1408 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001409 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001410
1411 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001412 conn = SSL_get_app_data(ssl);
Emeric Brune64aef12012-09-21 13:15:06 +02001413
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001414 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001415
Emeric Brun81c00f02012-09-21 14:31:21 +02001416 if (ok) /* no errors */
1417 return ok;
1418
1419 depth = X509_STORE_CTX_get_error_depth(x_store);
1420 err = X509_STORE_CTX_get_error(x_store);
1421
1422 /* check if CA error needs to be ignored */
1423 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001424 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1425 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1426 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001427 }
1428
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001429 if (objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001430 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001431 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001432 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001433 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001434
Willy Tarreau20879a02012-12-03 16:32:10 +01001435 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001436 return 0;
1437 }
1438
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001439 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1440 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001441
Emeric Brun81c00f02012-09-21 14:31:21 +02001442 /* check if certificate error needs to be ignored */
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001443 if (objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001444 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001445 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001446 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001447 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001448
Willy Tarreau20879a02012-12-03 16:32:10 +01001449 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001450 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001451}
1452
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001453static inline
1454void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001455 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001456{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001457 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001458 unsigned char *msg;
1459 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001460 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001461
1462 /* This function is called for "from client" and "to server"
1463 * connections. The combination of write_p == 0 and content_type == 22
1464 * is only avalaible during "from client" connection.
1465 */
1466
1467 /* "write_p" is set to 0 is the bytes are received messages,
1468 * otherwise it is set to 1.
1469 */
1470 if (write_p != 0)
1471 return;
1472
1473 /* content_type contains the type of message received or sent
1474 * according with the SSL/TLS protocol spec. This message is
1475 * encoded with one byte. The value 256 (two bytes) is used
1476 * for designing the SSL/TLS record layer. According with the
1477 * rfc6101, the expected message (other than 256) are:
1478 * - change_cipher_spec(20)
1479 * - alert(21)
1480 * - handshake(22)
1481 * - application_data(23)
1482 * - (255)
1483 * We are interessed by the handshake and specially the client
1484 * hello.
1485 */
1486 if (content_type != 22)
1487 return;
1488
1489 /* The message length is at least 4 bytes, containing the
1490 * message type and the message length.
1491 */
1492 if (len < 4)
1493 return;
1494
1495 /* First byte of the handshake message id the type of
1496 * message. The konwn types are:
1497 * - hello_request(0)
1498 * - client_hello(1)
1499 * - server_hello(2)
1500 * - certificate(11)
1501 * - server_key_exchange (12)
1502 * - certificate_request(13)
1503 * - server_hello_done(14)
1504 * We are interested by the client hello.
1505 */
1506 msg = (unsigned char *)buf;
1507 if (msg[0] != 1)
1508 return;
1509
1510 /* Next three bytes are the length of the message. The total length
1511 * must be this decoded length + 4. If the length given as argument
1512 * is not the same, we abort the protocol dissector.
1513 */
1514 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1515 if (len < rec_len + 4)
1516 return;
1517 msg += 4;
1518 end = msg + rec_len;
1519 if (end < msg)
1520 return;
1521
1522 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1523 * for minor, the random, composed by 4 bytes for the unix time and
1524 * 28 bytes for unix payload, and them 1 byte for the session id. So
1525 * we jump 1 + 1 + 4 + 28 + 1 bytes.
1526 */
1527 msg += 1 + 1 + 4 + 28 + 1;
1528 if (msg > end)
1529 return;
1530
1531 /* Next two bytes are the ciphersuite length. */
1532 if (msg + 2 > end)
1533 return;
1534 rec_len = (msg[0] << 8) + msg[1];
1535 msg += 2;
1536 if (msg + rec_len > end || msg + rec_len < msg)
1537 return;
1538
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001539 capture = pool_alloc_dirty(pool2_ssl_capture);
1540 if (!capture)
1541 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001542 /* Compute the xxh64 of the ciphersuite. */
1543 capture->xxh64 = XXH64(msg, rec_len, 0);
1544
1545 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001546 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1547 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001548 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001549
1550 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001551}
1552
Emeric Brun29f037d2014-04-25 19:05:36 +02001553/* Callback is called for ssl protocol analyse */
1554void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1555{
Emeric Brun29f037d2014-04-25 19:05:36 +02001556#ifdef TLS1_RT_HEARTBEAT
1557 /* test heartbeat received (write_p is set to 0
1558 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001559 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001560 struct connection *conn = SSL_get_app_data(ssl);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001561 const unsigned char *p = buf;
1562 unsigned int payload;
1563
Emeric Brun29f037d2014-04-25 19:05:36 +02001564 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001565
1566 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1567 if (*p != TLS1_HB_REQUEST)
1568 return;
1569
Willy Tarreauaeed6722014-04-25 23:59:58 +02001570 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001571 goto kill_it;
1572
1573 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001574 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001575 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001576 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001577 /* We have a clear heartbleed attack (CVE-2014-0160), the
1578 * advertised payload is larger than the advertised packet
1579 * length, so we have garbage in the buffer between the
1580 * payload and the end of the buffer (p+len). We can't know
1581 * if the SSL stack is patched, and we don't know if we can
1582 * safely wipe out the area between p+3+len and payload.
1583 * So instead, we prevent the response from being sent by
1584 * setting the max_send_fragment to 0 and we report an SSL
1585 * error, which will kill this connection. It will be reported
1586 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001587 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1588 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001589 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001590 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1591 return;
1592 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001593#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001594 if (global_ssl.capture_cipherlist > 0)
1595 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001596}
1597
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001598#ifdef OPENSSL_NPN_NEGOTIATED
1599/* This callback is used so that the server advertises the list of
1600 * negociable protocols for NPN.
1601 */
1602static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1603 unsigned int *len, void *arg)
1604{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001605 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001606
1607 *data = (const unsigned char *)conf->npn_str;
1608 *len = conf->npn_len;
1609 return SSL_TLSEXT_ERR_OK;
1610}
1611#endif
1612
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001613#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001614/* This callback is used so that the server advertises the list of
1615 * negociable protocols for ALPN.
1616 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001617static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1618 unsigned char *outlen,
1619 const unsigned char *server,
1620 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001621{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001622 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001623
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001624 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1625 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1626 return SSL_TLSEXT_ERR_NOACK;
1627 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001628 return SSL_TLSEXT_ERR_OK;
1629}
1630#endif
1631
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001632#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001633#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001634
Christopher Faulet30548802015-06-11 13:39:32 +02001635/* Create a X509 certificate with the specified servername and serial. This
1636 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001637static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001638ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001639{
Christopher Faulet7969a332015-10-09 11:15:03 +02001640 X509 *cacert = bind_conf->ca_sign_cert;
1641 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001642 SSL_CTX *ssl_ctx = NULL;
1643 X509 *newcrt = NULL;
1644 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001645 SSL *tmp_ssl = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001646 X509_NAME *name;
1647 const EVP_MD *digest;
1648 X509V3_CTX ctx;
1649 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001650 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001651
Christopher Faulet48a83322017-07-28 16:56:09 +02001652 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001653#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1654 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1655#else
1656 tmp_ssl = SSL_new(bind_conf->default_ctx);
1657 if (tmp_ssl)
1658 pkey = SSL_get_privatekey(tmp_ssl);
1659#endif
1660 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001661 goto mkcert_error;
1662
1663 /* Create the certificate */
1664 if (!(newcrt = X509_new()))
1665 goto mkcert_error;
1666
1667 /* Set version number for the certificate (X509v3) and the serial
1668 * number */
1669 if (X509_set_version(newcrt, 2L) != 1)
1670 goto mkcert_error;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001671 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001672
1673 /* Set duration for the certificate */
1674 if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) ||
1675 !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
1676 goto mkcert_error;
1677
1678 /* set public key in the certificate */
1679 if (X509_set_pubkey(newcrt, pkey) != 1)
1680 goto mkcert_error;
1681
1682 /* Set issuer name from the CA */
1683 if (!(name = X509_get_subject_name(cacert)))
1684 goto mkcert_error;
1685 if (X509_set_issuer_name(newcrt, name) != 1)
1686 goto mkcert_error;
1687
1688 /* Set the subject name using the same, but the CN */
1689 name = X509_NAME_dup(name);
1690 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1691 (const unsigned char *)servername,
1692 -1, -1, 0) != 1) {
1693 X509_NAME_free(name);
1694 goto mkcert_error;
1695 }
1696 if (X509_set_subject_name(newcrt, name) != 1) {
1697 X509_NAME_free(name);
1698 goto mkcert_error;
1699 }
1700 X509_NAME_free(name);
1701
1702 /* Add x509v3 extensions as specified */
1703 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1704 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1705 X509_EXTENSION *ext;
1706
1707 if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
1708 goto mkcert_error;
1709 if (!X509_add_ext(newcrt, ext, -1)) {
1710 X509_EXTENSION_free(ext);
1711 goto mkcert_error;
1712 }
1713 X509_EXTENSION_free(ext);
1714 }
1715
1716 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001717
1718 key_type = EVP_PKEY_base_id(capkey);
1719
1720 if (key_type == EVP_PKEY_DSA)
1721 digest = EVP_sha1();
1722 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001723 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001724 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001725 digest = EVP_sha256();
1726 else {
Christopher Faulete7db2162015-10-19 13:59:24 +02001727#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001728 int nid;
1729
1730 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1731 goto mkcert_error;
1732 if (!(digest = EVP_get_digestbynid(nid)))
1733 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001734#else
1735 goto mkcert_error;
1736#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001737 }
1738
Christopher Faulet31af49d2015-06-09 17:29:50 +02001739 if (!(X509_sign(newcrt, capkey, digest)))
1740 goto mkcert_error;
1741
1742 /* Create and set the new SSL_CTX */
1743 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1744 goto mkcert_error;
1745 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1746 goto mkcert_error;
1747 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1748 goto mkcert_error;
1749 if (!SSL_CTX_check_private_key(ssl_ctx))
1750 goto mkcert_error;
1751
1752 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001753
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001754#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001755 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001756#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001757#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1758 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001759 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001760 EC_KEY *ecc;
1761 int nid;
1762
1763 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1764 goto end;
1765 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1766 goto end;
1767 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1768 EC_KEY_free(ecc);
1769 }
1770#endif
1771 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001772 return ssl_ctx;
1773
1774 mkcert_error:
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001775 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001776 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1777 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001778 return NULL;
1779}
1780
Christopher Faulet7969a332015-10-09 11:15:03 +02001781SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001782ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001783{
1784 struct bind_conf *bind_conf = objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001785
1786 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001787}
1788
Christopher Faulet30548802015-06-11 13:39:32 +02001789/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001790 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001791SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001792ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001793{
1794 struct lru64 *lru = NULL;
1795
1796 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001797 HA_RWLOCK_RDLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001798 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001799 if (lru && lru->domain) {
1800 if (ssl)
1801 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001802 HA_RWLOCK_RDUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001803 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001804 }
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001805 HA_RWLOCK_RDUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001806 }
1807 return NULL;
1808}
1809
Emeric Brun821bb9b2017-06-15 16:37:39 +02001810/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1811 * function is not thread-safe, it should only be used to check if a certificate
1812 * exists in the lru cache (with no warranty it will not be removed by another
1813 * thread). It is kept for backward compatibility. */
1814SSL_CTX *
1815ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1816{
1817 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1818}
1819
Christopher Fauletd2cab922015-07-28 16:03:47 +02001820/* Set a certificate int the LRU cache used to store generated
1821 * certificate. Return 0 on success, otherwise -1 */
1822int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001823ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001824{
1825 struct lru64 *lru = NULL;
1826
1827 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001828 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001829 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001830 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001831 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001832 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001833 }
Christopher Faulet30548802015-06-11 13:39:32 +02001834 if (lru->domain && lru->data)
1835 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001836 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001837 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001838 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001839 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001840 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001841}
1842
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001843/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001844unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001845ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001846{
1847 return XXH32(data, len, ssl_ctx_lru_seed);
1848}
1849
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001850/* Generate a cert and immediately assign it to the SSL session so that the cert's
1851 * refcount is maintained regardless of the cert's presence in the LRU cache.
1852 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001853static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001854ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001855{
1856 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001857 SSL_CTX *ssl_ctx = NULL;
1858 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001859 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001860
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001861 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001862 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001863 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001864 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001865 if (lru && lru->domain)
1866 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001867 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001868 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001869 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001870 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001871 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001872 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001873 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001874 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001875 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001876 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001877 SSL_set_SSL_CTX(ssl, ssl_ctx);
1878 /* No LRU cache, this CTX will be released as soon as the session dies */
1879 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001880 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001881 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001882 return 0;
1883}
1884static int
1885ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
1886{
1887 unsigned int key;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001888 struct connection *conn = SSL_get_app_data(ssl);
1889
1890 conn_get_to_addr(conn);
1891 if (conn->flags & CO_FL_ADDR_TO_SET) {
1892 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02001893 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001894 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001895 }
1896 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001897}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001898#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02001899
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001900
1901#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
1902#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
1903#endif
1904
1905#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
1906#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
1907#define SSL_renegotiate_pending(arg) 0
1908#endif
1909#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
1910#define SSL_OP_SINGLE_ECDH_USE 0
1911#endif
1912#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
1913#define SSL_OP_NO_TICKET 0
1914#endif
1915#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
1916#define SSL_OP_NO_COMPRESSION 0
1917#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001918#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
1919#undef SSL_OP_NO_SSLv3
1920#define SSL_OP_NO_SSLv3 0
1921#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001922#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
1923#define SSL_OP_NO_TLSv1_1 0
1924#endif
1925#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
1926#define SSL_OP_NO_TLSv1_2 0
1927#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02001928#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001929#define SSL_OP_NO_TLSv1_3 0
1930#endif
1931#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
1932#define SSL_OP_SINGLE_DH_USE 0
1933#endif
1934#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
1935#define SSL_OP_SINGLE_ECDH_USE 0
1936#endif
1937#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
1938#define SSL_MODE_RELEASE_BUFFERS 0
1939#endif
1940#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
1941#define SSL_MODE_SMALL_BUFFERS 0
1942#endif
1943
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02001944#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001945typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
1946
1947static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001948{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001949#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001950 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001951 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
1952#endif
1953}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001954static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
1955 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001956 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
1957}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001958static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001959#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001960 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001961 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
1962#endif
1963}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001964static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001965#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001966 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001967 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
1968#endif
1969}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001970/* TLS 1.2 is the last supported version in this context. */
1971static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
1972/* Unusable in this context. */
1973static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
1974static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
1975static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
1976static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
1977static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001978#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001979typedef enum { SET_MIN, SET_MAX } set_context_func;
1980
1981static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
1982 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001983 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
1984}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001985static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
1986 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
1987 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
1988}
1989static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
1990 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001991 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
1992}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001993static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
1994 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
1995 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
1996}
1997static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
1998 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001999 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2000}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002001static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2002 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2003 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2004}
2005static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2006 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002007 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2008}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002009static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2010 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2011 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2012}
2013static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002014#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002015 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002016 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2017#endif
2018}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002019static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2020#if SSL_OP_NO_TLSv1_3
2021 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2022 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002023#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002024}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002025#endif
2026static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2027static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002028
2029static struct {
2030 int option;
2031 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002032 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2033 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002034 const char *name;
2035} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002036 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2037 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2038 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2039 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2040 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2041 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002042};
2043
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002044static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2045{
2046 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2047 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2048 SSL_set_SSL_CTX(ssl, ctx);
2049}
2050
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002051#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002052
2053static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2054{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002055 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002056 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002057
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002058 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2059 return SSL_TLSEXT_ERR_OK;
2060 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002061}
2062
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002063#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002064static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2065{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002066 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002067#else
2068static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2069{
2070#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002071 struct connection *conn;
2072 struct bind_conf *s;
2073 const uint8_t *extension_data;
2074 size_t extension_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002075 int has_rsa = 0, has_ecdsa = 0, has_ecdsa_sig = 0;
2076
2077 char *wildp = NULL;
2078 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002079 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002080 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002081 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002082 int i;
2083
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002084 conn = SSL_get_app_data(ssl);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002085 s = objt_listener(conn->target)->bind_conf;
2086
Olivier Houchard9679ac92017-10-27 14:58:08 +02002087 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002088 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002089#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002090 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2091 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002092#else
2093 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2094#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002095 /*
2096 * The server_name extension was given too much extensibility when it
2097 * was written, so parsing the normal case is a bit complex.
2098 */
2099 size_t len;
2100 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002101 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002102 /* Extract the length of the supplied list of names. */
2103 len = (*extension_data++) << 8;
2104 len |= *extension_data++;
2105 if (len + 2 != extension_len)
2106 goto abort;
2107 /*
2108 * The list in practice only has a single element, so we only consider
2109 * the first one.
2110 */
2111 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2112 goto abort;
2113 extension_len = len - 1;
2114 /* Now we can finally pull out the byte array with the actual hostname. */
2115 if (extension_len <= 2)
2116 goto abort;
2117 len = (*extension_data++) << 8;
2118 len |= *extension_data++;
2119 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2120 || memchr(extension_data, 0, len) != NULL)
2121 goto abort;
2122 servername = extension_data;
2123 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002124 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002125#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2126 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002127 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002128 }
2129#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002130 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002131 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002132 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002133 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002134 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002135 goto abort;
2136 }
2137
2138 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002139#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002140 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002141#else
2142 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2143#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002144 uint8_t sign;
2145 size_t len;
2146 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002147 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002148 len = (*extension_data++) << 8;
2149 len |= *extension_data++;
2150 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002151 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002152 if (len % 2 != 0)
2153 goto abort;
2154 for (; len > 0; len -= 2) {
2155 extension_data++; /* hash */
2156 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002157 switch (sign) {
2158 case TLSEXT_signature_rsa:
2159 has_rsa = 1;
2160 break;
2161 case TLSEXT_signature_ecdsa:
2162 has_ecdsa_sig = 1;
2163 break;
2164 default:
2165 continue;
2166 }
2167 if (has_ecdsa_sig && has_rsa)
2168 break;
2169 }
2170 } else {
2171 /* without TLSEXT_TYPE_signature_algorithms extension (< TLS 1.2) */
2172 has_rsa = 1;
2173 }
2174 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002175 const SSL_CIPHER *cipher;
2176 size_t len;
2177 const uint8_t *cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002178#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002179 len = ctx->cipher_suites_len;
2180 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002181#else
2182 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2183#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002184 if (len % 2 != 0)
2185 goto abort;
2186 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002187#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002188 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002189 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002190#else
2191 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2192#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002193 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002194 has_ecdsa = 1;
2195 break;
2196 }
2197 }
2198 }
2199
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002200 for (i = 0; i < trash.size && i < servername_len; i++) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002201 trash.str[i] = tolower(servername[i]);
2202 if (!wildp && (trash.str[i] == '.'))
2203 wildp = &trash.str[i];
2204 }
2205 trash.str[i] = 0;
2206
2207 /* lookup in full qualified names */
2208 node = ebst_lookup(&s->sni_ctx, trash.str);
2209
2210 /* lookup a not neg filter */
2211 for (n = node; n; n = ebmb_next_dup(n)) {
2212 if (!container_of(n, struct sni_ctx, name)->neg) {
2213 switch(container_of(n, struct sni_ctx, name)->key_sig) {
2214 case TLSEXT_signature_ecdsa:
2215 if (has_ecdsa) {
2216 node_ecdsa = n;
2217 goto find_one;
2218 }
2219 break;
2220 case TLSEXT_signature_rsa:
2221 if (has_rsa && !node_rsa) {
2222 node_rsa = n;
2223 if (!has_ecdsa)
2224 goto find_one;
2225 }
2226 break;
2227 default: /* TLSEXT_signature_anonymous */
2228 if (!node_anonymous)
2229 node_anonymous = n;
2230 break;
2231 }
2232 }
2233 }
2234 if (wildp) {
2235 /* lookup in wildcards names */
2236 node = ebst_lookup(&s->sni_w_ctx, wildp);
2237 for (n = node; n; n = ebmb_next_dup(n)) {
2238 if (!container_of(n, struct sni_ctx, name)->neg) {
2239 switch(container_of(n, struct sni_ctx, name)->key_sig) {
2240 case TLSEXT_signature_ecdsa:
2241 if (has_ecdsa) {
2242 node_ecdsa = n;
2243 goto find_one;
2244 }
2245 break;
2246 case TLSEXT_signature_rsa:
2247 if (has_rsa && !node_rsa) {
2248 node_rsa = n;
2249 if (!has_ecdsa)
2250 goto find_one;
2251 }
2252 break;
2253 default: /* TLSEXT_signature_anonymous */
2254 if (!node_anonymous)
2255 node_anonymous = n;
2256 break;
2257 }
2258 }
2259 }
2260 }
2261 find_one:
2262 /* select by key_signature priority order */
2263 node = node_ecdsa ? node_ecdsa : (node_rsa ? node_rsa : node_anonymous);
2264
2265 if (node) {
2266 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002267 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002268 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002269 if (conf) {
2270 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2271 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2272 if (conf->early_data)
2273 allow_early = 1;
2274 }
2275 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002276 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002277#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2278 if (s->generate_certs && ssl_sock_generate_certificate(trash.str, s, ssl)) {
2279 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002280 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002281 }
2282#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002283 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002284 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002285 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002286 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002287allow_early:
2288#ifdef OPENSSL_IS_BORINGSSL
2289 if (allow_early)
2290 SSL_set_early_data_enabled(ssl, 1);
2291#else
2292 if (!allow_early)
2293 SSL_set_max_early_data(ssl, 0);
2294#endif
2295 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002296 abort:
2297 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2298 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002299#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002300 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002301#else
2302 *al = SSL_AD_UNRECOGNIZED_NAME;
2303 return 0;
2304#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002305}
2306
2307#else /* OPENSSL_IS_BORINGSSL */
2308
Emeric Brunfc0421f2012-09-07 17:30:07 +02002309/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2310 * warning when no match is found, which implies the default (first) cert
2311 * will keep being used.
2312 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002313static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002314{
2315 const char *servername;
2316 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002317 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002318 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002319 int i;
2320 (void)al; /* shut gcc stupid warning */
2321
2322 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002323 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002324#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002325 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2326 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002327#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002328 if (s->strict_sni)
2329 return SSL_TLSEXT_ERR_ALERT_FATAL;
2330 ssl_sock_switchctx_set(ssl, s->default_ctx);
2331 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002332 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002333
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002334 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002335 if (!servername[i])
2336 break;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002337 trash.str[i] = tolower(servername[i]);
2338 if (!wildp && (trash.str[i] == '.'))
2339 wildp = &trash.str[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002340 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002341 trash.str[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002342
2343 /* lookup in full qualified names */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002344 node = ebst_lookup(&s->sni_ctx, trash.str);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002345
2346 /* lookup a not neg filter */
2347 for (n = node; n; n = ebmb_next_dup(n)) {
2348 if (!container_of(n, struct sni_ctx, name)->neg) {
2349 node = n;
2350 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002351 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002352 }
2353 if (!node && wildp) {
2354 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002355 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002356 }
2357 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002358#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002359 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2360 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002361 return SSL_TLSEXT_ERR_OK;
2362 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002363#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002364 if (s->strict_sni)
2365 return SSL_TLSEXT_ERR_ALERT_FATAL;
2366 ssl_sock_switchctx_set(ssl, s->default_ctx);
2367 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002368 }
2369
2370 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002371 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002372 return SSL_TLSEXT_ERR_OK;
2373}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002374#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002375#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2376
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002377#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002378
2379static DH * ssl_get_dh_1024(void)
2380{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002381 static unsigned char dh1024_p[]={
2382 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2383 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2384 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2385 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2386 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2387 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2388 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2389 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2390 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2391 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2392 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2393 };
2394 static unsigned char dh1024_g[]={
2395 0x02,
2396 };
2397
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002398 BIGNUM *p;
2399 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002400 DH *dh = DH_new();
2401 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002402 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2403 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002404
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002405 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002406 DH_free(dh);
2407 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002408 } else {
2409 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002410 }
2411 }
2412 return dh;
2413}
2414
2415static DH *ssl_get_dh_2048(void)
2416{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002417 static unsigned char dh2048_p[]={
2418 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2419 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2420 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2421 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2422 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2423 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2424 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2425 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2426 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2427 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2428 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2429 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2430 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2431 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2432 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2433 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2434 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2435 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2436 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2437 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2438 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2439 0xB7,0x1F,0x77,0xF3,
2440 };
2441 static unsigned char dh2048_g[]={
2442 0x02,
2443 };
2444
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002445 BIGNUM *p;
2446 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002447 DH *dh = DH_new();
2448 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002449 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2450 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002451
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002452 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002453 DH_free(dh);
2454 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002455 } else {
2456 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002457 }
2458 }
2459 return dh;
2460}
2461
2462static DH *ssl_get_dh_4096(void)
2463{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002464 static unsigned char dh4096_p[]={
2465 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2466 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2467 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2468 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2469 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2470 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2471 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2472 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2473 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2474 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2475 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2476 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2477 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2478 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2479 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2480 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2481 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2482 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2483 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2484 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2485 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2486 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2487 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2488 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2489 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2490 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2491 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2492 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2493 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2494 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2495 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2496 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2497 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2498 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2499 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2500 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2501 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2502 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2503 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2504 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2505 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2506 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2507 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002508 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002509 static unsigned char dh4096_g[]={
2510 0x02,
2511 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002512
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002513 BIGNUM *p;
2514 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002515 DH *dh = DH_new();
2516 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002517 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2518 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002519
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002520 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002521 DH_free(dh);
2522 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002523 } else {
2524 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002525 }
2526 }
2527 return dh;
2528}
2529
2530/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002531 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002532static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2533{
2534 DH *dh = NULL;
2535 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002536 int type;
2537
2538 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002539
2540 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2541 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2542 */
2543 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2544 keylen = EVP_PKEY_bits(pkey);
2545 }
2546
Willy Tarreauef934602016-12-22 23:12:01 +01002547 if (keylen > global_ssl.default_dh_param) {
2548 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002549 }
2550
Remi Gacogned3a341a2015-05-29 16:26:17 +02002551 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002552 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002553 }
2554 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002555 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002556 }
2557 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002558 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002559 }
2560
2561 return dh;
2562}
2563
Remi Gacogne47783ef2015-05-29 15:53:22 +02002564static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002565{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002566 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002567 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002568
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002569 if (in == NULL)
2570 goto end;
2571
Remi Gacogne47783ef2015-05-29 15:53:22 +02002572 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002573 goto end;
2574
Remi Gacogne47783ef2015-05-29 15:53:22 +02002575 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2576
2577end:
2578 if (in)
2579 BIO_free(in);
2580
2581 return dh;
2582}
2583
2584int ssl_sock_load_global_dh_param_from_file(const char *filename)
2585{
2586 global_dh = ssl_sock_get_dh_from_file(filename);
2587
2588 if (global_dh) {
2589 return 0;
2590 }
2591
2592 return -1;
2593}
2594
2595/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
2596 if an error occured, and 0 if parameter not found. */
2597int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2598{
2599 int ret = -1;
2600 DH *dh = ssl_sock_get_dh_from_file(file);
2601
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002602 if (dh) {
2603 ret = 1;
2604 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002605
2606 if (ssl_dh_ptr_index >= 0) {
2607 /* store a pointer to the DH params to avoid complaining about
2608 ssl-default-dh-param not being set for this SSL_CTX */
2609 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2610 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002611 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002612 else if (global_dh) {
2613 SSL_CTX_set_tmp_dh(ctx, global_dh);
2614 ret = 0; /* DH params not found */
2615 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002616 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002617 /* Clear openssl global errors stack */
2618 ERR_clear_error();
2619
Willy Tarreauef934602016-12-22 23:12:01 +01002620 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002621 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002622 if (local_dh_1024 == NULL)
2623 local_dh_1024 = ssl_get_dh_1024();
2624
Remi Gacogne8de54152014-07-15 11:36:40 +02002625 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002626 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002627
Remi Gacogne8de54152014-07-15 11:36:40 +02002628 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002629 }
2630 else {
2631 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2632 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002633
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002634 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002635 }
Emeric Brun644cde02012-12-14 11:21:13 +01002636
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002637end:
2638 if (dh)
2639 DH_free(dh);
2640
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002641 return ret;
2642}
2643#endif
2644
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002645static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
2646 uint8_t key_sig, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002647{
2648 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002649 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002650 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002651
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002652 if (*name == '!') {
2653 neg = 1;
2654 name++;
2655 }
2656 if (*name == '*') {
2657 wild = 1;
2658 name++;
2659 }
2660 /* !* filter is a nop */
2661 if (neg && wild)
2662 return order;
2663 if (*name) {
2664 int j, len;
2665 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002666 for (j = 0; j < len && j < trash.size; j++)
2667 trash.str[j] = tolower(name[j]);
2668 if (j >= trash.size)
2669 return order;
2670 trash.str[j] = 0;
2671
2672 /* Check for duplicates. */
2673 if (wild)
2674 node = ebst_lookup(&s->sni_w_ctx, trash.str);
2675 else
2676 node = ebst_lookup(&s->sni_ctx, trash.str);
2677 for (; node; node = ebmb_next_dup(node)) {
2678 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002679 if (sc->ctx == ctx && sc->conf == conf &&
2680 sc->key_sig == key_sig && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002681 return order;
2682 }
2683
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002684 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002685 if (!sc)
2686 return order;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002687 memcpy(sc->name.key, trash.str, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002688 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002689 sc->conf = conf;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002690 sc->key_sig = key_sig;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002691 sc->order = order++;
2692 sc->neg = neg;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002693 if (wild)
2694 ebst_insert(&s->sni_w_ctx, &sc->name);
2695 else
2696 ebst_insert(&s->sni_ctx, &sc->name);
2697 }
2698 return order;
2699}
2700
yanbzhu488a4d22015-12-01 15:16:07 -05002701
2702/* The following code is used for loading multiple crt files into
2703 * SSL_CTX's based on CN/SAN
2704 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002705#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002706/* This is used to preload the certifcate, private key
2707 * and Cert Chain of a file passed in via the crt
2708 * argument
2709 *
2710 * This way, we do not have to read the file multiple times
2711 */
2712struct cert_key_and_chain {
2713 X509 *cert;
2714 EVP_PKEY *key;
2715 unsigned int num_chain_certs;
2716 /* This is an array of X509 pointers */
2717 X509 **chain_certs;
2718};
2719
yanbzhu08ce6ab2015-12-02 13:01:29 -05002720#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2721
2722struct key_combo_ctx {
2723 SSL_CTX *ctx;
2724 int order;
2725};
2726
2727/* Map used for processing multiple keypairs for a single purpose
2728 *
2729 * This maps CN/SNI name to certificate type
2730 */
2731struct sni_keytype {
2732 int keytypes; /* BITMASK for keytypes */
2733 struct ebmb_node name; /* node holding the servername value */
2734};
2735
2736
yanbzhu488a4d22015-12-01 15:16:07 -05002737/* Frees the contents of a cert_key_and_chain
2738 */
2739static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2740{
2741 int i;
2742
2743 if (!ckch)
2744 return;
2745
2746 /* Free the certificate and set pointer to NULL */
2747 if (ckch->cert)
2748 X509_free(ckch->cert);
2749 ckch->cert = NULL;
2750
2751 /* Free the key and set pointer to NULL */
2752 if (ckch->key)
2753 EVP_PKEY_free(ckch->key);
2754 ckch->key = NULL;
2755
2756 /* Free each certificate in the chain */
2757 for (i = 0; i < ckch->num_chain_certs; i++) {
2758 if (ckch->chain_certs[i])
2759 X509_free(ckch->chain_certs[i]);
2760 }
2761
2762 /* Free the chain obj itself and set to NULL */
2763 if (ckch->num_chain_certs > 0) {
2764 free(ckch->chain_certs);
2765 ckch->num_chain_certs = 0;
2766 ckch->chain_certs = NULL;
2767 }
2768
2769}
2770
2771/* checks if a key and cert exists in the ckch
2772 */
2773static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2774{
2775 return (ckch->cert != NULL && ckch->key != NULL);
2776}
2777
2778
2779/* Loads the contents of a crt file (path) into a cert_key_and_chain
2780 * This allows us to carry the contents of the file without having to
2781 * read the file multiple times.
2782 *
2783 * returns:
2784 * 0 on Success
2785 * 1 on SSL Failure
2786 * 2 on file not found
2787 */
2788static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2789{
2790
2791 BIO *in;
2792 X509 *ca = NULL;
2793 int ret = 1;
2794
2795 ssl_sock_free_cert_key_and_chain_contents(ckch);
2796
2797 in = BIO_new(BIO_s_file());
2798 if (in == NULL)
2799 goto end;
2800
2801 if (BIO_read_filename(in, path) <= 0)
2802 goto end;
2803
yanbzhu488a4d22015-12-01 15:16:07 -05002804 /* Read Private Key */
2805 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2806 if (ckch->key == NULL) {
2807 memprintf(err, "%sunable to load private key from file '%s'.\n",
2808 err && *err ? *err : "", path);
2809 goto end;
2810 }
2811
Willy Tarreaubb137a82016-04-06 19:02:38 +02002812 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002813 if (BIO_reset(in) == -1) {
2814 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2815 err && *err ? *err : "", path);
2816 goto end;
2817 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002818
2819 /* Read Certificate */
2820 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2821 if (ckch->cert == NULL) {
2822 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2823 err && *err ? *err : "", path);
2824 goto end;
2825 }
2826
yanbzhu488a4d22015-12-01 15:16:07 -05002827 /* Read Certificate Chain */
2828 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2829 /* Grow the chain certs */
2830 ckch->num_chain_certs++;
2831 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2832
2833 /* use - 1 here since we just incremented it above */
2834 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2835 }
2836 ret = ERR_get_error();
2837 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2838 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2839 err && *err ? *err : "", path);
2840 ret = 1;
2841 goto end;
2842 }
2843
2844 ret = 0;
2845
2846end:
2847
2848 ERR_clear_error();
2849 if (in)
2850 BIO_free(in);
2851
2852 /* Something went wrong in one of the reads */
2853 if (ret != 0)
2854 ssl_sock_free_cert_key_and_chain_contents(ckch);
2855
2856 return ret;
2857}
2858
2859/* Loads the info in ckch into ctx
2860 * Currently, this does not process any information about ocsp, dhparams or
2861 * sctl
2862 * Returns
2863 * 0 on success
2864 * 1 on failure
2865 */
2866static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2867{
2868 int i = 0;
2869
2870 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
2871 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
2872 err && *err ? *err : "", path);
2873 return 1;
2874 }
2875
2876 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
2877 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
2878 err && *err ? *err : "", path);
2879 return 1;
2880 }
2881
yanbzhu488a4d22015-12-01 15:16:07 -05002882 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
2883 for (i = 0; i < ckch->num_chain_certs; i++) {
2884 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05002885 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
2886 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05002887 return 1;
2888 }
2889 }
2890
2891 if (SSL_CTX_check_private_key(ctx) <= 0) {
2892 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
2893 err && *err ? *err : "", path);
2894 return 1;
2895 }
2896
2897 return 0;
2898}
2899
yanbzhu08ce6ab2015-12-02 13:01:29 -05002900
2901static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
2902{
2903 struct sni_keytype *s_kt = NULL;
2904 struct ebmb_node *node;
2905 int i;
2906
2907 for (i = 0; i < trash.size; i++) {
2908 if (!str[i])
2909 break;
2910 trash.str[i] = tolower(str[i]);
2911 }
2912 trash.str[i] = 0;
2913 node = ebst_lookup(sni_keytypes, trash.str);
2914 if (!node) {
2915 /* CN not found in tree */
2916 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
2917 /* Using memcpy here instead of strncpy.
2918 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
2919 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
2920 */
2921 memcpy(s_kt->name.key, trash.str, i+1);
2922 s_kt->keytypes = 0;
2923 ebst_insert(sni_keytypes, &s_kt->name);
2924 } else {
2925 /* CN found in tree */
2926 s_kt = container_of(node, struct sni_keytype, name);
2927 }
2928
2929 /* Mark that this CN has the keytype of key_index via keytypes mask */
2930 s_kt->keytypes |= 1<<key_index;
2931
2932}
2933
2934
2935/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
2936 * If any are found, group these files into a set of SSL_CTX*
2937 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
2938 *
2939 * This will allow the user to explictly group multiple cert/keys for a single purpose
2940 *
2941 * Returns
2942 * 0 on success
2943 * 1 on failure
2944 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002945static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
2946 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05002947{
2948 char fp[MAXPATHLEN+1] = {0};
2949 int n = 0;
2950 int i = 0;
2951 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
2952 struct eb_root sni_keytypes_map = { {0} };
2953 struct ebmb_node *node;
2954 struct ebmb_node *next;
2955 /* Array of SSL_CTX pointers corresponding to each possible combo
2956 * of keytypes
2957 */
2958 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
2959 int rv = 0;
2960 X509_NAME *xname = NULL;
2961 char *str = NULL;
2962#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2963 STACK_OF(GENERAL_NAME) *names = NULL;
2964#endif
2965
2966 /* Load all possible certs and keys */
2967 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
2968 struct stat buf;
2969
2970 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
2971 if (stat(fp, &buf) == 0) {
2972 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
2973 rv = 1;
2974 goto end;
2975 }
2976 }
2977 }
2978
2979 /* Process each ckch and update keytypes for each CN/SAN
2980 * for example, if CN/SAN www.a.com is associated with
2981 * certs with keytype 0 and 2, then at the end of the loop,
2982 * www.a.com will have:
2983 * keyindex = 0 | 1 | 4 = 5
2984 */
2985 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
2986
2987 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
2988 continue;
2989
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02002990 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02002991 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02002992 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
2993 } else {
2994 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
2995 * so the line that contains logic is marked via comments
2996 */
2997 xname = X509_get_subject_name(certs_and_keys[n].cert);
2998 i = -1;
2999 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3000 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003001 ASN1_STRING *value;
3002 value = X509_NAME_ENTRY_get_data(entry);
3003 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003004 /* Important line is here */
3005 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003006
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003007 OPENSSL_free(str);
3008 str = NULL;
3009 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003010 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003011
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003012 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003013#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003014 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3015 if (names) {
3016 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3017 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003018
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003019 if (name->type == GEN_DNS) {
3020 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3021 /* Important line is here */
3022 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003023
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003024 OPENSSL_free(str);
3025 str = NULL;
3026 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003027 }
3028 }
3029 }
3030 }
3031#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3032 }
3033
3034 /* If no files found, return error */
3035 if (eb_is_empty(&sni_keytypes_map)) {
3036 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3037 err && *err ? *err : "", path);
3038 rv = 1;
3039 goto end;
3040 }
3041
3042 /* We now have a map of CN/SAN to keytypes that are loaded in
3043 * Iterate through the map to create the SSL_CTX's (if needed)
3044 * and add each CTX to the SNI tree
3045 *
3046 * Some math here:
3047 * There are 2^n - 1 possibile combinations, each unique
3048 * combination is denoted by the key in the map. Each key
3049 * has a value between 1 and 2^n - 1. Conveniently, the array
3050 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3051 * entry in the array to correspond to the unique combo (key)
3052 * associated with i. This unique key combo (i) will be associated
3053 * with combos[i-1]
3054 */
3055
3056 node = ebmb_first(&sni_keytypes_map);
3057 while (node) {
3058 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003059 char cur_file[MAXPATHLEN+1];
yanbzhu08ce6ab2015-12-02 13:01:29 -05003060
3061 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3062 i = container_of(node, struct sni_keytype, name)->keytypes;
3063 cur_ctx = key_combos[i-1].ctx;
3064
3065 if (cur_ctx == NULL) {
3066 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003067 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003068 if (cur_ctx == NULL) {
3069 memprintf(err, "%sunable to allocate SSL context.\n",
3070 err && *err ? *err : "");
3071 rv = 1;
3072 goto end;
3073 }
3074
yanbzhube2774d2015-12-10 15:07:30 -05003075 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003076 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3077 if (i & (1<<n)) {
3078 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003079 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3080 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003081 SSL_CTX_free(cur_ctx);
3082 rv = 1;
3083 goto end;
3084 }
yanbzhube2774d2015-12-10 15:07:30 -05003085
3086#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3087 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003088 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003089 if (err)
3090 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003091 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003092 SSL_CTX_free(cur_ctx);
3093 rv = 1;
3094 goto end;
3095 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003096#elif (defined OPENSSL_IS_BORINGSSL)
3097 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003098#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003099 }
3100 }
3101
3102 /* Load DH params into the ctx to support DHE keys */
3103#ifndef OPENSSL_NO_DH
3104 if (ssl_dh_ptr_index >= 0)
3105 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3106
3107 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3108 if (rv < 0) {
3109 if (err)
3110 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3111 *err ? *err : "", path);
3112 rv = 1;
3113 goto end;
3114 }
3115#endif
3116
3117 /* Update key_combos */
3118 key_combos[i-1].ctx = cur_ctx;
3119 }
3120
3121 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003122 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
3123 TLSEXT_signature_anonymous, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003124 node = ebmb_next(node);
3125 }
3126
3127
3128 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3129 if (!bind_conf->default_ctx) {
3130 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3131 if (key_combos[i].ctx) {
3132 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003133 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003134 break;
3135 }
3136 }
3137 }
3138
3139end:
3140
3141 if (names)
3142 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3143
3144 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3145 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3146
3147 node = ebmb_first(&sni_keytypes_map);
3148 while (node) {
3149 next = ebmb_next(node);
3150 ebmb_delete(node);
3151 node = next;
3152 }
3153
3154 return rv;
3155}
3156#else
3157/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003158static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3159 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003160{
3161 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3162 err && *err ? *err : "", path, strerror(errno));
3163 return 1;
3164}
3165
yanbzhu488a4d22015-12-01 15:16:07 -05003166#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3167
Emeric Brunfc0421f2012-09-07 17:30:07 +02003168/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3169 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3170 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003171static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3172 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003173{
3174 BIO *in;
3175 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003176 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003177 int ret = -1;
3178 int order = 0;
3179 X509_NAME *xname;
3180 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003181 pem_password_cb *passwd_cb;
3182 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003183 EVP_PKEY *pkey;
3184 uint8_t key_sig = TLSEXT_signature_anonymous;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003185
Emeric Brunfc0421f2012-09-07 17:30:07 +02003186#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3187 STACK_OF(GENERAL_NAME) *names;
3188#endif
3189
3190 in = BIO_new(BIO_s_file());
3191 if (in == NULL)
3192 goto end;
3193
3194 if (BIO_read_filename(in, file) <= 0)
3195 goto end;
3196
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003197
3198 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3199 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3200
3201 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003202 if (x == NULL)
3203 goto end;
3204
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003205 pkey = X509_get_pubkey(x);
3206 if (pkey) {
3207 switch(EVP_PKEY_base_id(pkey)) {
3208 case EVP_PKEY_RSA:
3209 key_sig = TLSEXT_signature_rsa;
3210 break;
3211 case EVP_PKEY_EC:
3212 key_sig = TLSEXT_signature_ecdsa;
3213 break;
3214 }
3215 EVP_PKEY_free(pkey);
3216 }
3217
Emeric Brun50bcecc2013-04-22 13:05:23 +02003218 if (fcount) {
3219 while (fcount--)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003220 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, key_sig, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003221 }
3222 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003223#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003224 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3225 if (names) {
3226 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3227 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3228 if (name->type == GEN_DNS) {
3229 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003230 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, key_sig, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003231 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003232 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003233 }
3234 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003235 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003236 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003237#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003238 xname = X509_get_subject_name(x);
3239 i = -1;
3240 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3241 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003242 ASN1_STRING *value;
3243
3244 value = X509_NAME_ENTRY_get_data(entry);
3245 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003246 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, key_sig, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003247 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003248 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003249 }
3250 }
3251
3252 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3253 if (!SSL_CTX_use_certificate(ctx, x))
3254 goto end;
3255
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003256#ifdef SSL_CTX_clear_extra_chain_certs
3257 SSL_CTX_clear_extra_chain_certs(ctx);
3258#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003259 if (ctx->extra_certs != NULL) {
3260 sk_X509_pop_free(ctx->extra_certs, X509_free);
3261 ctx->extra_certs = NULL;
3262 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003263#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003264
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003265 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003266 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3267 X509_free(ca);
3268 goto end;
3269 }
3270 }
3271
3272 err = ERR_get_error();
3273 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3274 /* we successfully reached the last cert in the file */
3275 ret = 1;
3276 }
3277 ERR_clear_error();
3278
3279end:
3280 if (x)
3281 X509_free(x);
3282
3283 if (in)
3284 BIO_free(in);
3285
3286 return ret;
3287}
3288
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003289static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3290 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003291{
3292 int ret;
3293 SSL_CTX *ctx;
3294
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003295 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003296 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003297 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3298 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003299 return 1;
3300 }
3301
3302 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003303 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3304 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003305 SSL_CTX_free(ctx);
3306 return 1;
3307 }
3308
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003309 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003310 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003311 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3312 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003313 if (ret < 0) /* serious error, must do that ourselves */
3314 SSL_CTX_free(ctx);
3315 return 1;
3316 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003317
3318 if (SSL_CTX_check_private_key(ctx) <= 0) {
3319 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3320 err && *err ? *err : "", path);
3321 return 1;
3322 }
3323
Emeric Brunfc0421f2012-09-07 17:30:07 +02003324 /* we must not free the SSL_CTX anymore below, since it's already in
3325 * the tree, so it will be discovered and cleaned in time.
3326 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003327#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003328 /* store a NULL pointer to indicate we have not yet loaded
3329 a custom DH param file */
3330 if (ssl_dh_ptr_index >= 0) {
3331 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3332 }
3333
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003334 ret = ssl_sock_load_dh_params(ctx, path);
3335 if (ret < 0) {
3336 if (err)
3337 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3338 *err ? *err : "", path);
3339 return 1;
3340 }
3341#endif
3342
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003343#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003344 ret = ssl_sock_load_ocsp(ctx, path);
3345 if (ret < 0) {
3346 if (err)
3347 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3348 *err ? *err : "", path);
3349 return 1;
3350 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003351#elif (defined OPENSSL_IS_BORINGSSL)
3352 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003353#endif
3354
Daniel Jakots54ffb912015-11-06 20:02:41 +01003355#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003356 if (sctl_ex_index >= 0) {
3357 ret = ssl_sock_load_sctl(ctx, path);
3358 if (ret < 0) {
3359 if (err)
3360 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3361 *err ? *err : "", path);
3362 return 1;
3363 }
3364 }
3365#endif
3366
Emeric Brunfc0421f2012-09-07 17:30:07 +02003367#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003368 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003369 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3370 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003371 return 1;
3372 }
3373#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003374 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003375 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003376 bind_conf->default_ssl_conf = ssl_conf;
3377 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003378
3379 return 0;
3380}
3381
Willy Tarreau03209342016-12-22 17:08:28 +01003382int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003383{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003384 struct dirent **de_list;
3385 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003386 DIR *dir;
3387 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003388 char *end;
3389 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003390 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003391#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3392 int is_bundle;
3393 int j;
3394#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003395
yanbzhu08ce6ab2015-12-02 13:01:29 -05003396 if (stat(path, &buf) == 0) {
3397 dir = opendir(path);
3398 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003399 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003400
yanbzhu08ce6ab2015-12-02 13:01:29 -05003401 /* strip trailing slashes, including first one */
3402 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3403 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003404
yanbzhu08ce6ab2015-12-02 13:01:29 -05003405 n = scandir(path, &de_list, 0, alphasort);
3406 if (n < 0) {
3407 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3408 err && *err ? *err : "", path, strerror(errno));
3409 cfgerr++;
3410 }
3411 else {
3412 for (i = 0; i < n; i++) {
3413 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003414
yanbzhu08ce6ab2015-12-02 13:01:29 -05003415 end = strrchr(de->d_name, '.');
3416 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3417 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003418
yanbzhu08ce6ab2015-12-02 13:01:29 -05003419 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3420 if (stat(fp, &buf) != 0) {
3421 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3422 err && *err ? *err : "", fp, strerror(errno));
3423 cfgerr++;
3424 goto ignore_entry;
3425 }
3426 if (!S_ISREG(buf.st_mode))
3427 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003428
3429#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3430 is_bundle = 0;
3431 /* Check if current entry in directory is part of a multi-cert bundle */
3432
3433 if (end) {
3434 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3435 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3436 is_bundle = 1;
3437 break;
3438 }
3439 }
3440
3441 if (is_bundle) {
3442 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3443 int dp_len;
3444
3445 dp_len = end - de->d_name;
3446 snprintf(dp, dp_len + 1, "%s", de->d_name);
3447
3448 /* increment i and free de until we get to a non-bundle cert
3449 * Note here that we look at de_list[i + 1] before freeing de
3450 * this is important since ignore_entry will free de
3451 */
3452 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3453 free(de);
3454 i++;
3455 de = de_list[i];
3456 }
3457
3458 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003459 ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003460
3461 /* Successfully processed the bundle */
3462 goto ignore_entry;
3463 }
3464 }
3465
3466#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003467 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003468ignore_entry:
3469 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003470 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003471 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003472 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003473 closedir(dir);
3474 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003475 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003476
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003477 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003478
Emeric Brunfc0421f2012-09-07 17:30:07 +02003479 return cfgerr;
3480}
3481
Thierry Fournier383085f2013-01-24 14:15:43 +01003482/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3483 * done once. Zero is returned if the operation fails. No error is returned
3484 * if the random is said as not implemented, because we expect that openssl
3485 * will use another method once needed.
3486 */
3487static int ssl_initialize_random()
3488{
3489 unsigned char random;
3490 static int random_initialized = 0;
3491
3492 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3493 random_initialized = 1;
3494
3495 return random_initialized;
3496}
3497
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003498/* release ssl bind conf */
3499void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003500{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003501 if (conf) {
3502#ifdef OPENSSL_NPN_NEGOTIATED
3503 free(conf->npn_str);
3504 conf->npn_str = NULL;
3505#endif
3506#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3507 free(conf->alpn_str);
3508 conf->alpn_str = NULL;
3509#endif
3510 free(conf->ca_file);
3511 conf->ca_file = NULL;
3512 free(conf->crl_file);
3513 conf->crl_file = NULL;
3514 free(conf->ciphers);
3515 conf->ciphers = NULL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003516 free(conf->curves);
3517 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003518 free(conf->ecdhe);
3519 conf->ecdhe = NULL;
3520 }
3521}
3522
3523int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3524{
3525 char thisline[CRT_LINESIZE];
3526 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003527 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003528 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003529 int linenum = 0;
3530 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003531
Willy Tarreauad1731d2013-04-02 17:35:58 +02003532 if ((f = fopen(file, "r")) == NULL) {
3533 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003534 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003535 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003536
3537 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003538 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003539 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003540 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003541 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003542 char *crt_path;
3543 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003544
3545 linenum++;
3546 end = line + strlen(line);
3547 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3548 /* Check if we reached the limit and the last char is not \n.
3549 * Watch out for the last line without the terminating '\n'!
3550 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003551 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3552 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003553 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003554 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003555 }
3556
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003557 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003558 newarg = 1;
3559 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003560 if (*line == '#' || *line == '\n' || *line == '\r') {
3561 /* end of string, end of loop */
3562 *line = 0;
3563 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003564 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003565 newarg = 1;
3566 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003567 } else if (*line == '[') {
3568 if (ssl_b) {
3569 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3570 cfgerr = 1;
3571 break;
3572 }
3573 if (!arg) {
3574 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3575 cfgerr = 1;
3576 break;
3577 }
3578 ssl_b = arg;
3579 newarg = 1;
3580 *line = 0;
3581 } else if (*line == ']') {
3582 if (ssl_e) {
3583 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003584 cfgerr = 1;
3585 break;
3586 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003587 if (!ssl_b) {
3588 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3589 cfgerr = 1;
3590 break;
3591 }
3592 ssl_e = arg;
3593 newarg = 1;
3594 *line = 0;
3595 } else if (newarg) {
3596 if (arg == MAX_CRT_ARGS) {
3597 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3598 cfgerr = 1;
3599 break;
3600 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003601 newarg = 0;
3602 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003603 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003604 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003605 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003606 if (cfgerr)
3607 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003608 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003609
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003610 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003611 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003612 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003613
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003614 crt_path = args[0];
3615 if (*crt_path != '/' && global_ssl.crt_base) {
3616 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3617 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3618 crt_path, linenum, file);
3619 cfgerr = 1;
3620 break;
3621 }
3622 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3623 crt_path = path;
3624 }
3625
3626 ssl_conf = calloc(1, sizeof *ssl_conf);
3627 cur_arg = ssl_b ? ssl_b : 1;
3628 while (cur_arg < ssl_e) {
3629 newarg = 0;
3630 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3631 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3632 newarg = 1;
3633 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3634 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3635 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3636 args[cur_arg], linenum, file);
3637 cfgerr = 1;
3638 }
3639 cur_arg += 1 + ssl_bind_kws[i].skip;
3640 break;
3641 }
3642 }
3643 if (!cfgerr && !newarg) {
3644 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3645 args[cur_arg], linenum, file);
3646 cfgerr = 1;
3647 break;
3648 }
3649 }
3650 if (cfgerr) {
3651 ssl_sock_free_ssl_conf(ssl_conf);
3652 free(ssl_conf);
3653 ssl_conf = NULL;
3654 break;
3655 }
3656
3657 if (stat(crt_path, &buf) == 0) {
3658 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3659 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003660 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003661 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3662 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003663 }
3664
Willy Tarreauad1731d2013-04-02 17:35:58 +02003665 if (cfgerr) {
3666 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003667 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003668 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003669 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003670 fclose(f);
3671 return cfgerr;
3672}
3673
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003674/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003675static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003676ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003677{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003678 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003679 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003680 SSL_OP_ALL | /* all known workarounds for bugs */
3681 SSL_OP_NO_SSLv2 |
3682 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003683 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003684 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003685 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
3686 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003687 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003688 SSL_MODE_ENABLE_PARTIAL_WRITE |
3689 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003690 SSL_MODE_RELEASE_BUFFERS |
3691 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003692 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003693 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003694 int flags = MC_SSL_O_ALL;
3695 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003696
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003697 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003698 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003699
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003700 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
3701 Warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3702 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3703 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
3704 else
3705 flags = conf_ssl_methods->flags;
3706
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003707 min = conf_ssl_methods->min;
3708 max = conf_ssl_methods->max;
3709 /* start with TLSv10 to remove SSLv3 per default */
3710 if (!min && (!max || max >= CONF_TLSV10))
3711 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003712 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003713 if (min)
3714 flags |= (methodVersions[min].flag - 1);
3715 if (max)
3716 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003717 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003718 min = max = CONF_TLSV_NONE;
3719 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003720 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003721 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003722 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003723 if (min) {
3724 if (hole) {
3725 Warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02003726 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003727 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3728 methodVersions[hole].name);
3729 hole = 0;
3730 }
3731 max = i;
3732 }
3733 else {
3734 min = max = i;
3735 }
3736 }
3737 else {
3738 if (min)
3739 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003740 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003741 if (!min) {
3742 Alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003743 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003744 cfgerr += 1;
3745 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003746 /* save real min/max in bind_conf */
3747 conf_ssl_methods->min = min;
3748 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003749
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003750#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003751 /* Keep force-xxx implementation as it is in older haproxy. It's a
3752 precautionary measure to avoid any suprise with older openssl version. */
3753 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003754 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003755 else
3756 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3757 if (flags & methodVersions[i].flag)
3758 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003759#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003760 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003761 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3762 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003763#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003764
3765 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3766 options |= SSL_OP_NO_TICKET;
3767 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3768 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
3769 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003770
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003771#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003772 if (global_ssl.async)
3773 mode |= SSL_MODE_ASYNC;
3774#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003775 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003776 if (global_ssl.life_time)
3777 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003778
3779#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3780#ifdef OPENSSL_IS_BORINGSSL
3781 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3782 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003783#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
3784 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3785 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003786#else
3787 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003788#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003789 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003790#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003791 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003792}
3793
William Lallemand4f45bb92017-10-30 20:08:51 +01003794
3795static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3796{
3797 if (first == block) {
3798 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3799 if (first->len > 0)
3800 sh_ssl_sess_tree_delete(sh_ssl_sess);
3801 }
3802}
3803
3804/* return first block from sh_ssl_sess */
3805static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3806{
3807 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3808
3809}
3810
3811/* store a session into the cache
3812 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3813 * data: asn1 encoded session
3814 * data_len: asn1 encoded session length
3815 * Returns 1 id session was stored (else 0)
3816 */
3817static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3818{
3819 struct shared_block *first;
3820 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3821
3822 first = shctx_row_reserve_hot(ssl_shctx, data_len + sizeof(struct sh_ssl_sess_hdr));
3823 if (!first) {
3824 /* Could not retrieve enough free blocks to store that session */
3825 return 0;
3826 }
3827
3828 /* STORE the key in the first elem */
3829 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3830 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3831 first->len = sizeof(struct sh_ssl_sess_hdr);
3832
3833 /* it returns the already existing node
3834 or current node if none, never returns null */
3835 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3836 if (oldsh_ssl_sess != sh_ssl_sess) {
3837 /* NOTE: Row couldn't be in use because we lock read & write function */
3838 /* release the reserved row */
3839 shctx_row_dec_hot(ssl_shctx, first);
3840 /* replace the previous session already in the tree */
3841 sh_ssl_sess = oldsh_ssl_sess;
3842 /* ignore the previous session data, only use the header */
3843 first = sh_ssl_sess_first_block(sh_ssl_sess);
3844 shctx_row_inc_hot(ssl_shctx, first);
3845 first->len = sizeof(struct sh_ssl_sess_hdr);
3846 }
3847
3848 if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0)
3849 return 0;
3850
3851 return 1;
3852}
William Lallemanded0b5ad2017-10-30 19:36:36 +01003853
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003854/* SSL callback used when a new session is created while connecting to a server */
3855static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
3856{
3857 struct connection *conn = SSL_get_app_data(ssl);
3858
3859 /* check if session was reused, if not store current session on server for reuse */
3860 if (objt_server(conn->target)->ssl_ctx.reused_sess[tid]) {
3861 SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess[tid]);
3862 objt_server(conn->target)->ssl_ctx.reused_sess[tid] = NULL;
3863 }
3864
3865 if (!(objt_server(conn->target)->ssl_ctx.options & SRV_SSL_O_NO_REUSE))
3866 objt_server(conn->target)->ssl_ctx.reused_sess[tid] = SSL_get1_session(conn->xprt_ctx);
3867
3868 return 1;
3869}
3870
William Lallemanded0b5ad2017-10-30 19:36:36 +01003871/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01003872int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003873{
3874 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
3875 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
3876 unsigned char *p;
3877 int data_len;
3878 unsigned int sid_length, sid_ctx_length;
3879 const unsigned char *sid_data;
3880 const unsigned char *sid_ctx_data;
3881
3882 /* Session id is already stored in to key and session id is known
3883 * so we dont store it to keep size.
3884 */
3885
3886 sid_data = SSL_SESSION_get_id(sess, &sid_length);
3887 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
3888 SSL_SESSION_set1_id(sess, sid_data, 0);
3889 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
3890
3891 /* check if buffer is large enough for the ASN1 encoded session */
3892 data_len = i2d_SSL_SESSION(sess, NULL);
3893 if (data_len > SHSESS_MAX_DATA_LEN)
3894 goto err;
3895
3896 p = encsess;
3897
3898 /* process ASN1 session encoding before the lock */
3899 i2d_SSL_SESSION(sess, &p);
3900
3901 memcpy(encid, sid_data, sid_length);
3902 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
3903 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
3904
William Lallemanda3c77cf2017-10-30 23:44:40 +01003905 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003906 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003907 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01003908 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003909err:
3910 /* reset original length values */
3911 SSL_SESSION_set1_id(sess, sid_data, sid_length);
3912 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
3913
3914 return 0; /* do not increment session reference count */
3915}
3916
3917/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003918SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003919{
William Lallemand4f45bb92017-10-30 20:08:51 +01003920 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003921 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
3922 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01003923 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01003924 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003925
3926 global.shctx_lookups++;
3927
3928 /* allow the session to be freed automatically by openssl */
3929 *do_copy = 0;
3930
3931 /* tree key is zeros padded sessionid */
3932 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
3933 memcpy(tmpkey, key, key_len);
3934 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
3935 key = tmpkey;
3936 }
3937
3938 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003939 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003940
3941 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01003942 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
3943 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01003944 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003945 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003946 global.shctx_misses++;
3947 return NULL;
3948 }
3949
William Lallemand4f45bb92017-10-30 20:08:51 +01003950 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
3951 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003952
William Lallemand4f45bb92017-10-30 20:08:51 +01003953 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01003954
William Lallemanda3c77cf2017-10-30 23:44:40 +01003955 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003956
3957 /* decode ASN1 session */
3958 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01003959 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01003960 /* Reset session id and session id contenxt */
3961 if (sess) {
3962 SSL_SESSION_set1_id(sess, key, key_len);
3963 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
3964 }
3965
3966 return sess;
3967}
3968
William Lallemand4f45bb92017-10-30 20:08:51 +01003969
William Lallemanded0b5ad2017-10-30 19:36:36 +01003970/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003971void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003972{
William Lallemand4f45bb92017-10-30 20:08:51 +01003973 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003974 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
3975 unsigned int sid_length;
3976 const unsigned char *sid_data;
3977 (void)ctx;
3978
3979 sid_data = SSL_SESSION_get_id(sess, &sid_length);
3980 /* tree key is zeros padded sessionid */
3981 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
3982 memcpy(tmpkey, sid_data, sid_length);
3983 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
3984 sid_data = tmpkey;
3985 }
3986
William Lallemanda3c77cf2017-10-30 23:44:40 +01003987 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003988
3989 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01003990 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
3991 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01003992 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01003993 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003994 }
3995
3996 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003997 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003998}
3999
4000/* Set session cache mode to server and disable openssl internal cache.
4001 * Set shared cache callbacks on an ssl context.
4002 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004003void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004004{
4005 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4006
4007 if (!ssl_shctx) {
4008 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4009 return;
4010 }
4011
4012 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4013 SSL_SESS_CACHE_NO_INTERNAL |
4014 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4015
4016 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004017 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4018 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4019 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004020}
4021
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004022int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4023{
4024 struct proxy *curproxy = bind_conf->frontend;
4025 int cfgerr = 0;
4026 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004027 struct ssl_bind_conf *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004028 const char *conf_ciphers;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004029 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004030
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004031 if (ssl_conf) {
4032 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4033 int i, min, max;
4034 int flags = MC_SSL_O_ALL;
4035
4036 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004037 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4038 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004039 if (min)
4040 flags |= (methodVersions[min].flag - 1);
4041 if (max)
4042 flags |= ~((methodVersions[max].flag << 1) - 1);
4043 min = max = CONF_TLSV_NONE;
4044 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4045 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4046 if (min)
4047 max = i;
4048 else
4049 min = max = i;
4050 }
4051 /* save real min/max */
4052 conf_ssl_methods->min = min;
4053 conf_ssl_methods->max = max;
4054 if (!min) {
4055 Alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4056 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
4057 cfgerr += 1;
4058 }
4059 }
4060
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004061 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004062 case SSL_SOCK_VERIFY_NONE:
4063 verify = SSL_VERIFY_NONE;
4064 break;
4065 case SSL_SOCK_VERIFY_OPTIONAL:
4066 verify = SSL_VERIFY_PEER;
4067 break;
4068 case SSL_SOCK_VERIFY_REQUIRED:
4069 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4070 break;
4071 }
4072 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4073 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004074 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4075 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4076 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004077 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004078 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004079 Alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004080 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004081 cfgerr++;
4082 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004083 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4084 /* set CA names for client cert request, function returns void */
4085 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4086 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004087 }
Emeric Brun850efd52014-01-29 12:24:34 +01004088 else {
4089 Alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4090 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
4091 cfgerr++;
4092 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004093#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004094 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004095 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4096
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004097 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004098 Alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004099 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004100 cfgerr++;
4101 }
Emeric Brun561e5742012-10-02 15:20:55 +02004102 else {
4103 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4104 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004105 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004106#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004107 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004108 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004109#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004110 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004111 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
4112 Alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4113 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
4114 cfgerr++;
4115 }
4116 }
4117#endif
4118
William Lallemand4f45bb92017-10-30 20:08:51 +01004119 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004120 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4121 if (conf_ciphers &&
4122 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02004123 Alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004124 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004125 cfgerr++;
4126 }
4127
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004128#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004129 /* If tune.ssl.default-dh-param has not been set,
4130 neither has ssl-default-dh-file and no static DH
4131 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004132 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004133 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004134 (ssl_dh_ptr_index == -1 ||
4135 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004136 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4137 const SSL_CIPHER * cipher = NULL;
4138 char cipher_description[128];
4139 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4140 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4141 which is not ephemeral DH. */
4142 const char dhe_description[] = " Kx=DH ";
4143 const char dhe_export_description[] = " Kx=DH(";
4144 int idx = 0;
4145 int dhe_found = 0;
4146 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004147
Remi Gacogne23d5d372014-10-10 17:04:26 +02004148 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004149
Remi Gacogne23d5d372014-10-10 17:04:26 +02004150 if (ssl) {
4151 ciphers = SSL_get_ciphers(ssl);
4152
4153 if (ciphers) {
4154 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4155 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4156 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4157 if (strstr(cipher_description, dhe_description) != NULL ||
4158 strstr(cipher_description, dhe_export_description) != NULL) {
4159 dhe_found = 1;
4160 break;
4161 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004162 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004163 }
4164 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004165 SSL_free(ssl);
4166 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004167 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004168
Lukas Tribus90132722014-08-18 00:56:33 +02004169 if (dhe_found) {
4170 Warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004171 }
4172
Willy Tarreauef934602016-12-22 23:12:01 +01004173 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004174 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004175
Willy Tarreauef934602016-12-22 23:12:01 +01004176 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004177 if (local_dh_1024 == NULL) {
4178 local_dh_1024 = ssl_get_dh_1024();
4179 }
Willy Tarreauef934602016-12-22 23:12:01 +01004180 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004181 if (local_dh_2048 == NULL) {
4182 local_dh_2048 = ssl_get_dh_2048();
4183 }
Willy Tarreauef934602016-12-22 23:12:01 +01004184 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004185 if (local_dh_4096 == NULL) {
4186 local_dh_4096 = ssl_get_dh_4096();
4187 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004188 }
4189 }
4190 }
4191#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004192
Emeric Brunfc0421f2012-09-07 17:30:07 +02004193 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004194#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004195 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004196#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004197
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004198#ifdef OPENSSL_NPN_NEGOTIATED
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004199 ssl_conf_cur = NULL;
4200 if (ssl_conf && ssl_conf->npn_str)
4201 ssl_conf_cur = ssl_conf;
4202 else if (bind_conf->ssl_conf.npn_str)
4203 ssl_conf_cur = &bind_conf->ssl_conf;
4204 if (ssl_conf_cur)
4205 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004206#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004207#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004208 ssl_conf_cur = NULL;
4209 if (ssl_conf && ssl_conf->alpn_str)
4210 ssl_conf_cur = ssl_conf;
4211 else if (bind_conf->ssl_conf.alpn_str)
4212 ssl_conf_cur = &bind_conf->ssl_conf;
4213 if (ssl_conf_cur)
4214 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004215#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004216#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4217 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4218 if (conf_curves) {
4219 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
4220 Alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4221 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
4222 cfgerr++;
4223 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004224#if defined(SSL_CTX_set_ecdh_auto)
4225 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4226#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004227 }
4228#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004229#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004230 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004231 int i;
4232 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004233#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004234 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004235 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4236 NULL);
4237
4238 if (ecdhe == NULL) {
4239 SSL_CTX_set_dh_auto(ctx, 1);
4240 return cfgerr;
4241 }
4242#else
4243 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4244 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4245 ECDHE_DEFAULT_CURVE);
4246#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004247
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004248 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004249 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
4250 Alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004251 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004252 cfgerr++;
4253 }
4254 else {
4255 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4256 EC_KEY_free(ecdh);
4257 }
4258 }
4259#endif
4260
Emeric Brunfc0421f2012-09-07 17:30:07 +02004261 return cfgerr;
4262}
4263
Evan Broderbe554312013-06-27 00:05:25 -07004264static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4265{
4266 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4267 size_t prefixlen, suffixlen;
4268
4269 /* Trivial case */
4270 if (strcmp(pattern, hostname) == 0)
4271 return 1;
4272
Evan Broderbe554312013-06-27 00:05:25 -07004273 /* The rest of this logic is based on RFC 6125, section 6.4.3
4274 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4275
Emeric Bruna848dae2013-10-08 11:27:28 +02004276 pattern_wildcard = NULL;
4277 pattern_left_label_end = pattern;
4278 while (*pattern_left_label_end != '.') {
4279 switch (*pattern_left_label_end) {
4280 case 0:
4281 /* End of label not found */
4282 return 0;
4283 case '*':
4284 /* If there is more than one wildcards */
4285 if (pattern_wildcard)
4286 return 0;
4287 pattern_wildcard = pattern_left_label_end;
4288 break;
4289 }
4290 pattern_left_label_end++;
4291 }
4292
4293 /* If it's not trivial and there is no wildcard, it can't
4294 * match */
4295 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004296 return 0;
4297
4298 /* Make sure all labels match except the leftmost */
4299 hostname_left_label_end = strchr(hostname, '.');
4300 if (!hostname_left_label_end
4301 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4302 return 0;
4303
4304 /* Make sure the leftmost label of the hostname is long enough
4305 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004306 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004307 return 0;
4308
4309 /* Finally compare the string on either side of the
4310 * wildcard */
4311 prefixlen = pattern_wildcard - pattern;
4312 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004313 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4314 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004315 return 0;
4316
4317 return 1;
4318}
4319
4320static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4321{
4322 SSL *ssl;
4323 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004324 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004325 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004326
4327 int depth;
4328 X509 *cert;
4329 STACK_OF(GENERAL_NAME) *alt_names;
4330 int i;
4331 X509_NAME *cert_subject;
4332 char *str;
4333
4334 if (ok == 0)
4335 return ok;
4336
4337 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02004338 conn = SSL_get_app_data(ssl);
Evan Broderbe554312013-06-27 00:05:25 -07004339
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004340 /* We're checking if the provided hostnames match the desired one. The
4341 * desired hostname comes from the SNI we presented if any, or if not
4342 * provided then it may have been explicitly stated using a "verifyhost"
4343 * directive. If neither is set, we don't care about the name so the
4344 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004345 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004346 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004347 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004348 if (!servername) {
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004349 servername = objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004350 if (!servername)
4351 return ok;
4352 }
Evan Broderbe554312013-06-27 00:05:25 -07004353
4354 /* We only need to verify the CN on the actual server cert,
4355 * not the indirect CAs */
4356 depth = X509_STORE_CTX_get_error_depth(ctx);
4357 if (depth != 0)
4358 return ok;
4359
4360 /* At this point, the cert is *not* OK unless we can find a
4361 * hostname match */
4362 ok = 0;
4363
4364 cert = X509_STORE_CTX_get_current_cert(ctx);
4365 /* It seems like this might happen if verify peer isn't set */
4366 if (!cert)
4367 return ok;
4368
4369 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4370 if (alt_names) {
4371 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4372 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4373 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004374#if OPENSSL_VERSION_NUMBER < 0x00907000L
4375 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4376#else
Evan Broderbe554312013-06-27 00:05:25 -07004377 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004378#endif
Evan Broderbe554312013-06-27 00:05:25 -07004379 ok = ssl_sock_srv_hostcheck(str, servername);
4380 OPENSSL_free(str);
4381 }
4382 }
4383 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004384 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004385 }
4386
4387 cert_subject = X509_get_subject_name(cert);
4388 i = -1;
4389 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4390 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004391 ASN1_STRING *value;
4392 value = X509_NAME_ENTRY_get_data(entry);
4393 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004394 ok = ssl_sock_srv_hostcheck(str, servername);
4395 OPENSSL_free(str);
4396 }
4397 }
4398
Willy Tarreau71d058c2017-07-26 20:09:56 +02004399 /* report the mismatch and indicate if SNI was used or not */
4400 if (!ok && !conn->err_code)
4401 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004402 return ok;
4403}
4404
Emeric Brun94324a42012-10-11 14:00:19 +02004405/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004406int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004407{
Willy Tarreau03209342016-12-22 17:08:28 +01004408 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004409 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004410 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004411 SSL_OP_ALL | /* all known workarounds for bugs */
4412 SSL_OP_NO_SSLv2 |
4413 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004414 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004415 SSL_MODE_ENABLE_PARTIAL_WRITE |
4416 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004417 SSL_MODE_RELEASE_BUFFERS |
4418 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004419 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004420 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004421 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004422 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004423 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004424
Thierry Fournier383085f2013-01-24 14:15:43 +01004425 /* Make sure openssl opens /dev/urandom before the chroot */
4426 if (!ssl_initialize_random()) {
4427 Alert("OpenSSL random data generator initialization failed.\n");
4428 cfgerr++;
4429 }
4430
Willy Tarreaufce03112015-01-15 21:32:40 +01004431 /* Automatic memory computations need to know we use SSL there */
4432 global.ssl_used_backend = 1;
4433
4434 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004435 if (!srv->ssl_ctx.reused_sess) {
4436 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(SSL_SESSION*))) == NULL) {
4437 Alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4438 curproxy->id, srv->id,
4439 srv->conf.file, srv->conf.line);
4440 cfgerr++;
4441 return cfgerr;
4442 }
4443 }
Emeric Brun94324a42012-10-11 14:00:19 +02004444 if (srv->use_ssl)
4445 srv->xprt = &ssl_sock;
4446 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004447 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004448
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004449 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004450 if (!ctx) {
Emeric Brun94324a42012-10-11 14:00:19 +02004451 Alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4452 proxy_type_str(curproxy), curproxy->id,
4453 srv->id);
4454 cfgerr++;
4455 return cfgerr;
4456 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004457
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004458 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
4459 Warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4460 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4461 proxy_type_str(curproxy), curproxy->id, srv->id);
4462 else
4463 flags = conf_ssl_methods->flags;
4464
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004465 /* Real min and max should be determinate with configuration and openssl's capabilities */
4466 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004467 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004468 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004469 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004470
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004471 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004472 min = max = CONF_TLSV_NONE;
4473 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004474 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004475 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004476 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004477 if (min) {
4478 if (hole) {
4479 Warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02004480 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004481 proxy_type_str(curproxy), curproxy->id, srv->id,
4482 methodVersions[hole].name);
4483 hole = 0;
4484 }
4485 max = i;
4486 }
4487 else {
4488 min = max = i;
4489 }
4490 }
4491 else {
4492 if (min)
4493 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004494 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004495 if (!min) {
4496 Alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4497 proxy_type_str(curproxy), curproxy->id, srv->id);
4498 cfgerr += 1;
4499 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004500
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004501#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004502 /* Keep force-xxx implementation as it is in older haproxy. It's a
4503 precautionary measure to avoid any suprise with older openssl version. */
4504 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004505 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004506 else
4507 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4508 if (flags & methodVersions[i].flag)
4509 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004510#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004511 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004512 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4513 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004514#endif
4515
4516 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4517 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004518 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004519
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004520#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004521 if (global_ssl.async)
4522 mode |= SSL_MODE_ASYNC;
4523#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004524 SSL_CTX_set_mode(ctx, mode);
4525 srv->ssl_ctx.ctx = ctx;
4526
Emeric Bruna7aa3092012-10-26 12:58:00 +02004527 if (srv->ssl_ctx.client_crt) {
4528 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
4529 Alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4530 proxy_type_str(curproxy), curproxy->id,
4531 srv->id, srv->ssl_ctx.client_crt);
4532 cfgerr++;
4533 }
4534 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
4535 Alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4536 proxy_type_str(curproxy), curproxy->id,
4537 srv->id, srv->ssl_ctx.client_crt);
4538 cfgerr++;
4539 }
4540 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
4541 Alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4542 proxy_type_str(curproxy), curproxy->id,
4543 srv->id, srv->ssl_ctx.client_crt);
4544 cfgerr++;
4545 }
4546 }
Emeric Brun94324a42012-10-11 14:00:19 +02004547
Emeric Brun850efd52014-01-29 12:24:34 +01004548 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4549 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004550 switch (srv->ssl_ctx.verify) {
4551 case SSL_SOCK_VERIFY_NONE:
4552 verify = SSL_VERIFY_NONE;
4553 break;
4554 case SSL_SOCK_VERIFY_REQUIRED:
4555 verify = SSL_VERIFY_PEER;
4556 break;
4557 }
Evan Broderbe554312013-06-27 00:05:25 -07004558 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004559 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004560 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004561 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004562 if (srv->ssl_ctx.ca_file) {
4563 /* load CAfile to verify */
4564 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Willy Tarreau07ba08b2014-02-16 19:22:08 +01004565 Alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
Emeric Brunef42d922012-10-11 16:11:36 +02004566 curproxy->id, srv->id,
4567 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
4568 cfgerr++;
4569 }
4570 }
Emeric Brun850efd52014-01-29 12:24:34 +01004571 else {
4572 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Willy Tarreau07ba08b2014-02-16 19:22:08 +01004573 Alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
Emeric Brun850efd52014-01-29 12:24:34 +01004574 curproxy->id, srv->id,
4575 srv->conf.file, srv->conf.line);
4576 else
Willy Tarreau07ba08b2014-02-16 19:22:08 +01004577 Alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
Emeric Brun850efd52014-01-29 12:24:34 +01004578 curproxy->id, srv->id,
4579 srv->conf.file, srv->conf.line);
4580 cfgerr++;
4581 }
Emeric Brunef42d922012-10-11 16:11:36 +02004582#ifdef X509_V_FLAG_CRL_CHECK
4583 if (srv->ssl_ctx.crl_file) {
4584 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4585
4586 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Willy Tarreau07ba08b2014-02-16 19:22:08 +01004587 Alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
Emeric Brunef42d922012-10-11 16:11:36 +02004588 curproxy->id, srv->id,
4589 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
4590 cfgerr++;
4591 }
4592 else {
4593 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4594 }
4595 }
4596#endif
4597 }
4598
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004599 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4600 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4601 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004602 if (srv->ssl_ctx.ciphers &&
4603 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
4604 Alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4605 curproxy->id, srv->id,
4606 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
4607 cfgerr++;
4608 }
4609
4610 return cfgerr;
4611}
4612
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004613/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004614 * be NULL, in which case nothing is done. Returns the number of errors
4615 * encountered.
4616 */
Willy Tarreau03209342016-12-22 17:08:28 +01004617int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004618{
4619 struct ebmb_node *node;
4620 struct sni_ctx *sni;
4621 int err = 0;
4622
Willy Tarreaufce03112015-01-15 21:32:40 +01004623 /* Automatic memory computations need to know we use SSL there */
4624 global.ssl_used_frontend = 1;
4625
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004626 /* Make sure openssl opens /dev/urandom before the chroot */
4627 if (!ssl_initialize_random()) {
4628 Alert("OpenSSL random data generator initialization failed.\n");
4629 err++;
4630 }
4631 /* Create initial_ctx used to start the ssl connection before do switchctx */
4632 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004633 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004634 /* It should not be necessary to call this function, but it's
4635 necessary first to check and move all initialisation related
4636 to initial_ctx in ssl_sock_initial_ctx. */
4637 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4638 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004639 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004640 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004641
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004642 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004643 while (node) {
4644 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004645 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4646 /* only initialize the CTX on its first occurrence and
4647 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004648 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004649 node = ebmb_next(node);
4650 }
4651
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004652 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004653 while (node) {
4654 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004655 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4656 /* only initialize the CTX on its first occurrence and
4657 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004658 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004659 node = ebmb_next(node);
4660 }
4661 return err;
4662}
4663
Willy Tarreau55d37912016-12-21 23:38:39 +01004664/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4665 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4666 * alerts are directly emitted since the rest of the stack does it below.
4667 */
4668int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4669{
4670 struct proxy *px = bind_conf->frontend;
4671 int alloc_ctx;
4672 int err;
4673
4674 if (!bind_conf->is_ssl) {
4675 if (bind_conf->default_ctx) {
4676 Warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4677 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
4678 }
4679 return 0;
4680 }
4681 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004682 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
4683 Warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4684 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
4685 }
4686 else {
4687 Alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4688 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
4689 return -1;
4690 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004691 }
4692
Emeric Brun821bb9b2017-06-15 16:37:39 +02004693 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
4694 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE,
4695 sizeof(*sh_ssl_sess_tree),
4696 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
Willy Tarreau55d37912016-12-21 23:38:39 +01004697 if (alloc_ctx < 0) {
4698 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4699 Alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4700 else
4701 Alert("Unable to allocate SSL session cache.\n");
4702 return -1;
4703 }
William Lallemand4f45bb92017-10-30 20:08:51 +01004704 /* free block callback */
4705 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4706 /* init the root tree within the extra space */
4707 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4708 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004709
4710 err = 0;
4711 /* initialize all certificate contexts */
4712 err += ssl_sock_prepare_all_ctx(bind_conf);
4713
4714 /* initialize CA variables if the certificates generation is enabled */
4715 err += ssl_sock_load_ca(bind_conf);
4716
4717 return -err;
4718}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004719
4720/* release ssl context allocated for servers. */
4721void ssl_sock_free_srv_ctx(struct server *srv)
4722{
4723 if (srv->ssl_ctx.ctx)
4724 SSL_CTX_free(srv->ssl_ctx.ctx);
4725}
4726
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004727/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004728 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4729 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004730void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004731{
4732 struct ebmb_node *node, *back;
4733 struct sni_ctx *sni;
4734
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004735 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004736 while (node) {
4737 sni = ebmb_entry(node, struct sni_ctx, name);
4738 back = ebmb_next(node);
4739 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004740 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004741 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004742 ssl_sock_free_ssl_conf(sni->conf);
4743 free(sni->conf);
4744 sni->conf = NULL;
4745 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004746 free(sni);
4747 node = back;
4748 }
4749
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004750 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004751 while (node) {
4752 sni = ebmb_entry(node, struct sni_ctx, name);
4753 back = ebmb_next(node);
4754 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004755 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004756 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004757 ssl_sock_free_ssl_conf(sni->conf);
4758 free(sni->conf);
4759 sni->conf = NULL;
4760 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004761 free(sni);
4762 node = back;
4763 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004764 SSL_CTX_free(bind_conf->initial_ctx);
4765 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004766 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004767 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004768}
4769
Willy Tarreau795cdab2016-12-22 17:30:54 +01004770/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4771void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4772{
4773 ssl_sock_free_ca(bind_conf);
4774 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004775 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004776 free(bind_conf->ca_sign_file);
4777 free(bind_conf->ca_sign_pass);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004778 if (bind_conf->keys_ref) {
4779 free(bind_conf->keys_ref->filename);
4780 free(bind_conf->keys_ref->tlskeys);
4781 LIST_DEL(&bind_conf->keys_ref->list);
4782 free(bind_conf->keys_ref);
4783 }
4784 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004785 bind_conf->ca_sign_pass = NULL;
4786 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004787}
4788
Christopher Faulet31af49d2015-06-09 17:29:50 +02004789/* Load CA cert file and private key used to generate certificates */
4790int
Willy Tarreau03209342016-12-22 17:08:28 +01004791ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004792{
Willy Tarreau03209342016-12-22 17:08:28 +01004793 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004794 FILE *fp;
4795 X509 *cacert = NULL;
4796 EVP_PKEY *capkey = NULL;
4797 int err = 0;
4798
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02004799 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004800 return err;
4801
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01004802#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02004803 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01004804 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01004805 HA_RWLOCK_INIT(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004806 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02004807 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004808 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02004809#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02004810
Christopher Faulet31af49d2015-06-09 17:29:50 +02004811 if (!bind_conf->ca_sign_file) {
4812 Alert("Proxy '%s': cannot enable certificate generation, "
4813 "no CA certificate File configured at [%s:%d].\n",
4814 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004815 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004816 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004817
4818 /* read in the CA certificate */
4819 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
4820 Alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4821 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004822 goto load_error;
4823 }
4824 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
4825 Alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4826 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004827 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004828 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004829 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004830 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
4831 Alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
4832 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004833 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004834 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004835
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004836 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004837 bind_conf->ca_sign_cert = cacert;
4838 bind_conf->ca_sign_pkey = capkey;
4839 return err;
4840
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004841 read_error:
4842 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004843 if (capkey) EVP_PKEY_free(capkey);
4844 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004845 load_error:
4846 bind_conf->generate_certs = 0;
4847 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004848 return err;
4849}
4850
4851/* Release CA cert and private key used to generate certificated */
4852void
4853ssl_sock_free_ca(struct bind_conf *bind_conf)
4854{
Christopher Faulet31af49d2015-06-09 17:29:50 +02004855 if (bind_conf->ca_sign_pkey)
4856 EVP_PKEY_free(bind_conf->ca_sign_pkey);
4857 if (bind_conf->ca_sign_cert)
4858 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01004859 bind_conf->ca_sign_pkey = NULL;
4860 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004861}
4862
Emeric Brun46591952012-05-18 15:47:34 +02004863/*
4864 * This function is called if SSL * context is not yet allocated. The function
4865 * is designed to be called before any other data-layer operation and sets the
4866 * handshake flag on the connection. It is safe to call it multiple times.
4867 * It returns 0 on success and -1 in error case.
4868 */
4869static int ssl_sock_init(struct connection *conn)
4870{
4871 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02004872 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02004873 return 0;
4874
Willy Tarreau3c728722014-01-23 13:50:42 +01004875 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02004876 return 0;
4877
Willy Tarreau20879a02012-12-03 16:32:10 +01004878 if (global.maxsslconn && sslconns >= global.maxsslconn) {
4879 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02004880 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004881 }
Willy Tarreau403edff2012-09-06 11:58:37 +02004882
Emeric Brun46591952012-05-18 15:47:34 +02004883 /* If it is in client mode initiate SSL session
4884 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004885 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004886 int may_retry = 1;
4887
4888 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02004889 /* Alloc a new SSL session ctx */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004890 conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004891 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004892 if (may_retry--) {
Christopher Fauletb349e482017-08-29 09:52:38 +02004893 pool_gc2(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004894 goto retry_connect;
4895 }
Willy Tarreau20879a02012-12-03 16:32:10 +01004896 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02004897 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004898 }
Emeric Brun46591952012-05-18 15:47:34 +02004899
Emeric Brun46591952012-05-18 15:47:34 +02004900 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02004901 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01004902 SSL_free(conn->xprt_ctx);
4903 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004904 if (may_retry--) {
Christopher Fauletb349e482017-08-29 09:52:38 +02004905 pool_gc2(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004906 goto retry_connect;
4907 }
Emeric Brun55476152014-11-12 17:35:37 +01004908 conn->err_code = CO_ER_SSL_NO_MEM;
4909 return -1;
4910 }
Emeric Brun46591952012-05-18 15:47:34 +02004911
Evan Broderbe554312013-06-27 00:05:25 -07004912 /* set connection pointer */
Emeric Brun55476152014-11-12 17:35:37 +01004913 if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
4914 SSL_free(conn->xprt_ctx);
4915 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004916 if (may_retry--) {
Christopher Fauletb349e482017-08-29 09:52:38 +02004917 pool_gc2(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004918 goto retry_connect;
4919 }
Emeric Brun55476152014-11-12 17:35:37 +01004920 conn->err_code = CO_ER_SSL_NO_MEM;
4921 return -1;
4922 }
4923
4924 SSL_set_connect_state(conn->xprt_ctx);
4925 if (objt_server(conn->target)->ssl_ctx.reused_sess) {
Emeric Brun821bb9b2017-06-15 16:37:39 +02004926 if(!SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess[tid])) {
4927 SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess[tid]);
4928 objt_server(conn->target)->ssl_ctx.reused_sess[tid] = NULL;
Emeric Brun55476152014-11-12 17:35:37 +01004929 }
4930 }
Evan Broderbe554312013-06-27 00:05:25 -07004931
Emeric Brun46591952012-05-18 15:47:34 +02004932 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02004933 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02004934
4935 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01004936 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02004937 return 0;
4938 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004939 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004940 int may_retry = 1;
4941
4942 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02004943 /* Alloc a new SSL session ctx */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004944 conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004945 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004946 if (may_retry--) {
Christopher Fauletb349e482017-08-29 09:52:38 +02004947 pool_gc2(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004948 goto retry_accept;
4949 }
Willy Tarreau20879a02012-12-03 16:32:10 +01004950 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02004951 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004952 }
Emeric Brun46591952012-05-18 15:47:34 +02004953
Emeric Brun46591952012-05-18 15:47:34 +02004954 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02004955 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01004956 SSL_free(conn->xprt_ctx);
4957 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004958 if (may_retry--) {
Christopher Fauletb349e482017-08-29 09:52:38 +02004959 pool_gc2(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004960 goto retry_accept;
4961 }
Emeric Brun55476152014-11-12 17:35:37 +01004962 conn->err_code = CO_ER_SSL_NO_MEM;
4963 return -1;
4964 }
Emeric Brun46591952012-05-18 15:47:34 +02004965
Emeric Brune1f38db2012-09-03 20:36:47 +02004966 /* set connection pointer */
Emeric Brun55476152014-11-12 17:35:37 +01004967 if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
4968 SSL_free(conn->xprt_ctx);
4969 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004970 if (may_retry--) {
Christopher Fauletb349e482017-08-29 09:52:38 +02004971 pool_gc2(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004972 goto retry_accept;
4973 }
Emeric Brun55476152014-11-12 17:35:37 +01004974 conn->err_code = CO_ER_SSL_NO_MEM;
4975 return -1;
4976 }
4977
4978 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02004979
Emeric Brun46591952012-05-18 15:47:34 +02004980 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02004981 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardcfdef2e2017-11-03 13:50:53 +01004982#if OPENSSL_VERSION_NUMBER >= 0x10101000L
Olivier Houchardc2aae742017-09-22 18:26:28 +02004983 conn->flags |= CO_FL_EARLY_SSL_HS;
4984#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02004985
4986 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01004987 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02004988 return 0;
4989 }
4990 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01004991 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02004992 return -1;
4993}
4994
4995
4996/* This is the callback which is used when an SSL handshake is pending. It
4997 * updates the FD status if it wants some polling before being called again.
4998 * It returns 0 if it fails in a fatal way or needs to poll to go further,
4999 * otherwise it returns non-zero and removes itself from the connection's
5000 * flags (the bit is provided in <flag> by the caller).
5001 */
5002int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5003{
5004 int ret;
5005
Willy Tarreau3c728722014-01-23 13:50:42 +01005006 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005007 return 0;
5008
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005009 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005010 goto out_error;
5011
Olivier Houchardc2aae742017-09-22 18:26:28 +02005012#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5013 /*
5014 * Check if we have early data. If we do, we have to read them
5015 * before SSL_do_handshake() is called, And there's no way to
5016 * detect early data, except to try to read them
5017 */
5018 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5019 size_t read_data;
5020
5021 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5022 1, &read_data);
5023 if (ret == SSL_READ_EARLY_DATA_ERROR)
5024 goto check_error;
5025 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5026 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5027 return 1;
5028 } else
5029 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5030 }
5031#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005032 /* If we use SSL_do_handshake to process a reneg initiated by
5033 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5034 * Usually SSL_write and SSL_read are used and process implicitly
5035 * the reneg handshake.
5036 * Here we use SSL_peek as a workaround for reneg.
5037 */
5038 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5039 char c;
5040
5041 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5042 if (ret <= 0) {
5043 /* handshake may have not been completed, let's find why */
5044 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005045
Emeric Brun674b7432012-11-08 19:21:55 +01005046 if (ret == SSL_ERROR_WANT_WRITE) {
5047 /* SSL handshake needs to write, L4 connection may not be ready */
5048 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005049 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005050 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005051 return 0;
5052 }
5053 else if (ret == SSL_ERROR_WANT_READ) {
5054 /* handshake may have been completed but we have
5055 * no more data to read.
5056 */
5057 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5058 ret = 1;
5059 goto reneg_ok;
5060 }
5061 /* SSL handshake needs to read, L4 connection is ready */
5062 if (conn->flags & CO_FL_WAIT_L4_CONN)
5063 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5064 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005065 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005066 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005067 return 0;
5068 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005069#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005070 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005071 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005072 return 0;
5073 }
5074#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005075 else if (ret == SSL_ERROR_SYSCALL) {
5076 /* if errno is null, then connection was successfully established */
5077 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5078 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005079 if (!conn->err_code) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005080#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5081 conn->err_code = CO_ER_SSL_HANDSHAKE;
5082#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005083 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005084#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005085 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5086 empty_handshake = state == TLS_ST_BEFORE;
5087#else
5088 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5089#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005090 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005091 if (!errno) {
5092 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5093 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5094 else
5095 conn->err_code = CO_ER_SSL_EMPTY;
5096 }
5097 else {
5098 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5099 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5100 else
5101 conn->err_code = CO_ER_SSL_ABORT;
5102 }
5103 }
5104 else {
5105 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5106 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005107 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005108 conn->err_code = CO_ER_SSL_HANDSHAKE;
5109 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005110#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005111 }
Emeric Brun674b7432012-11-08 19:21:55 +01005112 goto out_error;
5113 }
5114 else {
5115 /* Fail on all other handshake errors */
5116 /* Note: OpenSSL may leave unread bytes in the socket's
5117 * buffer, causing an RST to be emitted upon close() on
5118 * TCP sockets. We first try to drain possibly pending
5119 * data to avoid this as much as possible.
5120 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005121 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005122 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005123 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5124 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005125 goto out_error;
5126 }
5127 }
5128 /* read some data: consider handshake completed */
5129 goto reneg_ok;
5130 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005131 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005132check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005133 if (ret != 1) {
5134 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005135 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005136
5137 if (ret == SSL_ERROR_WANT_WRITE) {
5138 /* SSL handshake needs to write, L4 connection may not be ready */
5139 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005140 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005141 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005142 return 0;
5143 }
5144 else if (ret == SSL_ERROR_WANT_READ) {
5145 /* SSL handshake needs to read, L4 connection is ready */
5146 if (conn->flags & CO_FL_WAIT_L4_CONN)
5147 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5148 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005149 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005150 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005151 return 0;
5152 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005153#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005154 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005155 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005156 return 0;
5157 }
5158#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005159 else if (ret == SSL_ERROR_SYSCALL) {
5160 /* if errno is null, then connection was successfully established */
5161 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5162 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005163 if (!conn->err_code) {
5164#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5165 conn->err_code = CO_ER_SSL_HANDSHAKE;
5166#else
5167 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005168#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005169 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5170 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005171#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005172 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005173#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005174 if (empty_handshake) {
5175 if (!errno) {
5176 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5177 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5178 else
5179 conn->err_code = CO_ER_SSL_EMPTY;
5180 }
5181 else {
5182 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5183 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5184 else
5185 conn->err_code = CO_ER_SSL_ABORT;
5186 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005187 }
5188 else {
5189 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5190 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5191 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005192 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005193 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005194#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005195 }
Willy Tarreau89230192012-09-28 20:22:13 +02005196 goto out_error;
5197 }
Emeric Brun46591952012-05-18 15:47:34 +02005198 else {
5199 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005200 /* Note: OpenSSL may leave unread bytes in the socket's
5201 * buffer, causing an RST to be emitted upon close() on
5202 * TCP sockets. We first try to drain possibly pending
5203 * data to avoid this as much as possible.
5204 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005205 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005206 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005207 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5208 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005209 goto out_error;
5210 }
5211 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005212#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5213 else {
5214 /*
5215 * If the server refused the early data, we have to send a
5216 * 425 to the client, as we no longer have the data to sent
5217 * them again.
5218 */
5219 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5220 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5221 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5222 goto out_error;
5223 }
5224 }
5225 }
5226#endif
5227
Emeric Brun46591952012-05-18 15:47:34 +02005228
Emeric Brun674b7432012-11-08 19:21:55 +01005229reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005230
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005231#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005232 /* ASYNC engine API doesn't support moving read/write
5233 * buffers. So we disable ASYNC mode right after
5234 * the handshake to avoid buffer oveflows.
5235 */
5236 if (global_ssl.async)
5237 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5238#endif
Emeric Brun46591952012-05-18 15:47:34 +02005239 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005240 if (!SSL_session_reused(conn->xprt_ctx)) {
5241 if (objt_server(conn->target)) {
5242 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5243 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5244 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005245 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005246 else {
5247 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5248 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5249 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5250 }
Emeric Brun46591952012-05-18 15:47:34 +02005251 }
5252
5253 /* The connection is now established at both layers, it's time to leave */
5254 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5255 return 1;
5256
5257 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005258 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005259 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005260 ERR_clear_error();
5261
Emeric Brun9fa89732012-10-04 17:09:56 +02005262 /* free resumed session if exists */
Emeric Brun821bb9b2017-06-15 16:37:39 +02005263 if (objt_server(conn->target) && objt_server(conn->target)->ssl_ctx.reused_sess[tid]) {
5264 SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess[tid]);
5265 objt_server(conn->target)->ssl_ctx.reused_sess[tid] = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005266 }
5267
Emeric Brun46591952012-05-18 15:47:34 +02005268 /* Fail on all other handshake errors */
5269 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005270 if (!conn->err_code)
5271 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005272 return 0;
5273}
5274
5275/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005276 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005277 * buffer wraps, in which case a second call may be performed. The connection's
5278 * flags are updated with whatever special event is detected (error, read0,
5279 * empty). The caller is responsible for taking care of those events and
5280 * avoiding the call if inappropriate. The function does not call the
5281 * connection's polling update function, so the caller is responsible for this.
5282 */
5283static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int count)
5284{
5285 int ret, done = 0;
Willy Tarreauabf08d92014-01-14 11:31:27 +01005286 int try;
Emeric Brun46591952012-05-18 15:47:34 +02005287
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005288 conn_refresh_polling_flags(conn);
5289
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005290 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005291 goto out_error;
5292
5293 if (conn->flags & CO_FL_HANDSHAKE)
5294 /* a handshake was requested */
5295 return 0;
5296
Willy Tarreauabf08d92014-01-14 11:31:27 +01005297 /* let's realign the buffer to optimize I/O */
Olivier Houchardc2aae742017-09-22 18:26:28 +02005298 if (buffer_empty(buf)) {
Emeric Brun46591952012-05-18 15:47:34 +02005299 buf->p = buf->data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005300#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5301 /*
5302 * If we're done reading the early data, and we're using
5303 * a new buffer, then we know for sure we're not tainted
5304 * with early data anymore
5305 */
5306 if ((conn->flags & (CO_FL_EARLY_SSL_HS |CO_FL_EARLY_DATA)) == CO_FL_EARLY_DATA)
5307 conn->flags &= ~CO_FL_EARLY_DATA;
5308#endif
5309 }
Emeric Brun46591952012-05-18 15:47:34 +02005310
5311 /* read the largest possible block. For this, we perform only one call
5312 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5313 * in which case we accept to do it once again. A new attempt is made on
5314 * EINTR too.
5315 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005316 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005317 int need_out = 0;
5318
Willy Tarreauabf08d92014-01-14 11:31:27 +01005319 /* first check if we have some room after p+i */
5320 try = buf->data + buf->size - (buf->p + buf->i);
5321 /* otherwise continue between data and p-o */
5322 if (try <= 0) {
5323 try = buf->p - (buf->data + buf->o);
5324 if (try <= 0)
5325 break;
5326 }
5327 if (try > count)
5328 try = count;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005329 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5330 conn->tmp_early_data != -1) {
5331 *bi_end(buf) = conn->tmp_early_data;
5332 done++;
5333 try--;
5334 count--;
5335 buf->i++;
5336 conn->tmp_early_data = -1;
5337 continue;
5338 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005339
Olivier Houchardc2aae742017-09-22 18:26:28 +02005340#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5341 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5342 size_t read_length;
5343
5344 ret = SSL_read_early_data(conn->xprt_ctx,
5345 bi_end(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005346 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5347 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005348 conn->flags |= CO_FL_EARLY_DATA;
5349 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5350 ret == SSL_READ_EARLY_DATA_FINISH) {
5351 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5352 /*
5353 * We're done reading the early data,
5354 * let's make the handshake
5355 */
5356 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5357 conn->flags |= CO_FL_SSL_WAIT_HS;
5358 need_out = 1;
5359 if (read_length == 0)
5360 break;
5361 }
5362 ret = read_length;
5363 }
5364 } else
5365#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005366 ret = SSL_read(conn->xprt_ctx, bi_end(buf), try);
Emeric Brune1f38db2012-09-03 20:36:47 +02005367 if (conn->flags & CO_FL_ERROR) {
5368 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005369 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005370 }
Emeric Brun46591952012-05-18 15:47:34 +02005371 if (ret > 0) {
5372 buf->i += ret;
5373 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005374 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005375 }
Emeric Brun46591952012-05-18 15:47:34 +02005376 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005377 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005378 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005379 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005380 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005381 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005382#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005383 /* Async mode can be re-enabled, because we're leaving data state.*/
5384 if (global_ssl.async)
5385 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5386#endif
Emeric Brun46591952012-05-18 15:47:34 +02005387 break;
5388 }
5389 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005390 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5391 /* handshake is running, and it may need to re-enable read */
5392 conn->flags |= CO_FL_SSL_WAIT_HS;
5393 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005394#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005395 /* Async mode can be re-enabled, because we're leaving data state.*/
5396 if (global_ssl.async)
5397 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5398#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005399 break;
5400 }
Emeric Brun46591952012-05-18 15:47:34 +02005401 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005402 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005403 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005404 } else if (ret == SSL_ERROR_ZERO_RETURN)
5405 goto read0;
Emeric Brun46591952012-05-18 15:47:34 +02005406 /* otherwise it's a real error */
5407 goto out_error;
5408 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005409 if (need_out)
5410 break;
Emeric Brun46591952012-05-18 15:47:34 +02005411 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005412 leave:
5413 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005414 return done;
5415
5416 read0:
5417 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005418 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005419 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005420 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005421 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005422 ERR_clear_error();
5423
Emeric Brun46591952012-05-18 15:47:34 +02005424 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005425 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005426}
5427
5428
5429/* Send all pending bytes from buffer <buf> to connection <conn>'s socket.
Willy Tarreau1049b1f2014-02-02 01:51:17 +01005430 * <flags> may contain some CO_SFL_* flags to hint the system about other
5431 * pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005432 * Only one call to send() is performed, unless the buffer wraps, in which case
5433 * a second call may be performed. The connection's flags are updated with
5434 * whatever special event is detected (error, empty). The caller is responsible
5435 * for taking care of those events and avoiding the call if inappropriate. The
5436 * function does not call the connection's polling update function, so the caller
5437 * is responsible for this.
5438 */
5439static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int flags)
5440{
5441 int ret, try, done;
5442
5443 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005444 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005445
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005446 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005447 goto out_error;
5448
5449 if (conn->flags & CO_FL_HANDSHAKE)
5450 /* a handshake was requested */
5451 return 0;
5452
5453 /* send the largest possible block. For this we perform only one call
5454 * to send() unless the buffer wraps and we exactly fill the first hunk,
5455 * in which case we accept to do it once again.
5456 */
5457 while (buf->o) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005458#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5459 size_t written_data;
5460#endif
5461
Kevin Hestercad82342013-05-30 15:12:41 -07005462 try = bo_contig_data(buf);
Willy Tarreaubfd59462013-02-21 07:46:09 +01005463
Willy Tarreau7bed9452014-02-02 02:00:24 +01005464 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005465 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005466 global_ssl.max_record && try > global_ssl.max_record) {
5467 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005468 }
5469 else {
5470 /* we need to keep the information about the fact that
5471 * we're not limiting the upcoming send(), because if it
5472 * fails, we'll have to retry with at least as many data.
5473 */
5474 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5475 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005476
Olivier Houchardc2aae742017-09-22 18:26:28 +02005477#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5478 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5479 unsigned int max_early;
5480
5481 if (conn->tmp_early_data == -1)
5482 conn->tmp_early_data = 0;
5483
Olivier Houchard522eea72017-11-03 16:27:47 +01005484 if (objt_listener(conn->target))
5485 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5486 else {
5487 if (SSL_get0_session(conn->xprt_ctx))
5488 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5489 else
5490 max_early = 0;
5491 }
5492
Olivier Houchardc2aae742017-09-22 18:26:28 +02005493 if (try + conn->tmp_early_data > max_early) {
5494 try -= (try + conn->tmp_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005495 if (try <= 0) {
5496 if (objt_server(conn->target)) {
5497 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5498 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
5499 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005500 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005501 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005502 }
5503 ret = SSL_write_early_data(conn->xprt_ctx, bo_ptr(buf), try, &written_data);
5504 if (ret == 1) {
5505 ret = written_data;
5506 conn->tmp_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005507 if (objt_server(conn->target)) {
5508 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5509 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5510 }
5511
Olivier Houchardc2aae742017-09-22 18:26:28 +02005512 }
5513
5514 } else
5515#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005516 ret = SSL_write(conn->xprt_ctx, bo_ptr(buf), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005517
Emeric Brune1f38db2012-09-03 20:36:47 +02005518 if (conn->flags & CO_FL_ERROR) {
5519 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005520 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005521 }
Emeric Brun46591952012-05-18 15:47:34 +02005522 if (ret > 0) {
Willy Tarreau518cedd2014-02-17 15:43:01 +01005523 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
5524
Emeric Brun46591952012-05-18 15:47:34 +02005525 buf->o -= ret;
5526 done += ret;
5527
Willy Tarreau5fb38032012-12-16 19:39:09 +01005528 if (likely(buffer_empty(buf)))
Emeric Brun46591952012-05-18 15:47:34 +02005529 /* optimize data alignment in the buffer */
5530 buf->p = buf->data;
Emeric Brun46591952012-05-18 15:47:34 +02005531 }
5532 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005533 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005534
Emeric Brun46591952012-05-18 15:47:34 +02005535 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005536 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5537 /* handshake is running, and it may need to re-enable write */
5538 conn->flags |= CO_FL_SSL_WAIT_HS;
5539 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005540#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005541 /* Async mode can be re-enabled, because we're leaving data state.*/
5542 if (global_ssl.async)
5543 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5544#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005545 break;
5546 }
Emeric Brun46591952012-05-18 15:47:34 +02005547 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005548 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005549 break;
5550 }
5551 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005552 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005553 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005554 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005555#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005556 /* Async mode can be re-enabled, because we're leaving data state.*/
5557 if (global_ssl.async)
5558 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5559#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005560 break;
5561 }
Emeric Brun46591952012-05-18 15:47:34 +02005562 goto out_error;
5563 }
5564 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005565 leave:
5566 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005567 return done;
5568
5569 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005570 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005571 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005572 ERR_clear_error();
5573
Emeric Brun46591952012-05-18 15:47:34 +02005574 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005575 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005576}
5577
Emeric Brun46591952012-05-18 15:47:34 +02005578static void ssl_sock_close(struct connection *conn) {
5579
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005580 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005581#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005582 if (global_ssl.async) {
5583 OSSL_ASYNC_FD all_fd[32], afd;
5584 size_t num_all_fds = 0;
5585 int i;
5586
5587 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5588 if (num_all_fds > 32) {
5589 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5590 return;
5591 }
5592
5593 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5594
5595 /* If an async job is pending, we must try to
5596 to catch the end using polling before calling
5597 SSL_free */
5598 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5599 for (i=0 ; i < num_all_fds ; i++) {
5600 /* switch on an handler designed to
5601 * handle the SSL_free
5602 */
5603 afd = all_fd[i];
5604 fdtab[afd].iocb = ssl_async_fd_free;
5605 fdtab[afd].owner = conn->xprt_ctx;
5606 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005607 /* To ensure that the fd cache won't be used
5608 * and we'll catch a real RD event.
5609 */
5610 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005611 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005612 conn->xprt_ctx = NULL;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +02005613 HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005614 return;
5615 }
Emeric Brun3854e012017-05-17 20:42:48 +02005616 /* Else we can remove the fds from the fdtab
5617 * and call SSL_free.
5618 * note: we do a fd_remove and not a delete
5619 * because the fd is owned by the engine.
5620 * the engine is responsible to close
5621 */
5622 for (i=0 ; i < num_all_fds ; i++)
5623 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005624 }
5625#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005626 SSL_free(conn->xprt_ctx);
5627 conn->xprt_ctx = NULL;
Willy Tarreau403edff2012-09-06 11:58:37 +02005628 sslconns--;
Emeric Brun46591952012-05-18 15:47:34 +02005629 }
Emeric Brun46591952012-05-18 15:47:34 +02005630}
5631
5632/* This function tries to perform a clean shutdown on an SSL connection, and in
5633 * any case, flags the connection as reusable if no handshake was in progress.
5634 */
5635static void ssl_sock_shutw(struct connection *conn, int clean)
5636{
Olivier Houchard522eea72017-11-03 16:27:47 +01005637 /* If we're done with the connection before we did the handshake
5638 * force the handshake anyway, so that the session is in a consistent
5639 * state
5640 */
5641 if (conn->flags & CO_FL_EARLY_SSL_HS)
5642 SSL_do_handshake(conn->xprt_ctx);
5643
Emeric Brun46591952012-05-18 15:47:34 +02005644 if (conn->flags & CO_FL_HANDSHAKE)
5645 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005646 if (!clean)
5647 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005648 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005649 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005650 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005651 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005652 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005653 ERR_clear_error();
5654 }
Emeric Brun46591952012-05-18 15:47:34 +02005655}
5656
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005657/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005658const char *ssl_sock_get_cipher_name(struct connection *conn)
5659{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005660 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005661 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005662
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005663 return SSL_get_cipher_name(conn->xprt_ctx);
5664}
5665
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005666/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005667const char *ssl_sock_get_proto_version(struct connection *conn)
5668{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005669 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005670 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005671
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005672 return SSL_get_version(conn->xprt_ctx);
5673}
5674
Willy Tarreau8d598402012-10-22 17:58:39 +02005675/* Extract a serial from a cert, and copy it to a chunk.
5676 * Returns 1 if serial is found and copied, 0 if no serial found and
5677 * -1 if output is not large enough.
5678 */
5679static int
5680ssl_sock_get_serial(X509 *crt, struct chunk *out)
5681{
5682 ASN1_INTEGER *serial;
5683
5684 serial = X509_get_serialNumber(crt);
5685 if (!serial)
5686 return 0;
5687
5688 if (out->size < serial->length)
5689 return -1;
5690
5691 memcpy(out->str, serial->data, serial->length);
5692 out->len = serial->length;
5693 return 1;
5694}
5695
Emeric Brun43e79582014-10-29 19:03:26 +01005696/* Extract a cert to der, and copy it to a chunk.
5697 * Returns 1 if cert is found and copied, 0 on der convertion failure and
5698 * -1 if output is not large enough.
5699 */
5700static int
5701ssl_sock_crt2der(X509 *crt, struct chunk *out)
5702{
5703 int len;
5704 unsigned char *p = (unsigned char *)out->str;;
5705
5706 len =i2d_X509(crt, NULL);
5707 if (len <= 0)
5708 return 1;
5709
5710 if (out->size < len)
5711 return -1;
5712
5713 i2d_X509(crt,&p);
5714 out->len = len;
5715 return 1;
5716}
5717
Emeric Brunce5ad802012-10-22 14:11:22 +02005718
5719/* Copy Date in ASN1_UTCTIME format in struct chunk out.
5720 * Returns 1 if serial is found and copied, 0 if no valid time found
5721 * and -1 if output is not large enough.
5722 */
5723static int
5724ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out)
5725{
5726 if (tm->type == V_ASN1_GENERALIZEDTIME) {
5727 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
5728
5729 if (gentm->length < 12)
5730 return 0;
5731 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
5732 return 0;
5733 if (out->size < gentm->length-2)
5734 return -1;
5735
5736 memcpy(out->str, gentm->data+2, gentm->length-2);
5737 out->len = gentm->length-2;
5738 return 1;
5739 }
5740 else if (tm->type == V_ASN1_UTCTIME) {
5741 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
5742
5743 if (utctm->length < 10)
5744 return 0;
5745 if (utctm->data[0] >= 0x35)
5746 return 0;
5747 if (out->size < utctm->length)
5748 return -1;
5749
5750 memcpy(out->str, utctm->data, utctm->length);
5751 out->len = utctm->length;
5752 return 1;
5753 }
5754
5755 return 0;
5756}
5757
Emeric Brun87855892012-10-17 17:39:35 +02005758/* Extract an entry from a X509_NAME and copy its value to an output chunk.
5759 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
5760 */
5761static int
5762ssl_sock_get_dn_entry(X509_NAME *a, const struct chunk *entry, int pos, struct chunk *out)
5763{
5764 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005765 ASN1_OBJECT *obj;
5766 ASN1_STRING *data;
5767 const unsigned char *data_ptr;
5768 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005769 int i, j, n;
5770 int cur = 0;
5771 const char *s;
5772 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005773 int name_count;
5774
5775 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005776
5777 out->len = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005778 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02005779 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005780 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02005781 else
5782 j = i;
5783
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005784 ne = X509_NAME_get_entry(a, j);
5785 obj = X509_NAME_ENTRY_get_object(ne);
5786 data = X509_NAME_ENTRY_get_data(ne);
5787 data_ptr = ASN1_STRING_get0_data(data);
5788 data_len = ASN1_STRING_length(data);
5789 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005790 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005791 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005792 s = tmp;
5793 }
5794
5795 if (chunk_strcasecmp(entry, s) != 0)
5796 continue;
5797
5798 if (pos < 0)
5799 cur--;
5800 else
5801 cur++;
5802
5803 if (cur != pos)
5804 continue;
5805
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005806 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02005807 return -1;
5808
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005809 memcpy(out->str, data_ptr, data_len);
5810 out->len = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005811 return 1;
5812 }
5813
5814 return 0;
5815
5816}
5817
5818/* Extract and format full DN from a X509_NAME and copy result into a chunk
5819 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
5820 */
5821static int
5822ssl_sock_get_dn_oneline(X509_NAME *a, struct chunk *out)
5823{
5824 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005825 ASN1_OBJECT *obj;
5826 ASN1_STRING *data;
5827 const unsigned char *data_ptr;
5828 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005829 int i, n, ln;
5830 int l = 0;
5831 const char *s;
5832 char *p;
5833 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005834 int name_count;
5835
5836
5837 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005838
5839 out->len = 0;
5840 p = out->str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005841 for (i = 0; i < name_count; i++) {
5842 ne = X509_NAME_get_entry(a, i);
5843 obj = X509_NAME_ENTRY_get_object(ne);
5844 data = X509_NAME_ENTRY_get_data(ne);
5845 data_ptr = ASN1_STRING_get0_data(data);
5846 data_len = ASN1_STRING_length(data);
5847 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005848 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005849 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005850 s = tmp;
5851 }
5852 ln = strlen(s);
5853
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005854 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005855 if (l > out->size)
5856 return -1;
5857 out->len = l;
5858
5859 *(p++)='/';
5860 memcpy(p, s, ln);
5861 p += ln;
5862 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005863 memcpy(p, data_ptr, data_len);
5864 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005865 }
5866
5867 if (!out->len)
5868 return 0;
5869
5870 return 1;
5871}
5872
Willy Tarreau119a4082016-12-22 21:58:38 +01005873/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
5874 * to disable SNI.
5875 */
Willy Tarreau63076412015-07-10 11:33:32 +02005876void ssl_sock_set_servername(struct connection *conn, const char *hostname)
5877{
5878#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01005879 char *prev_name;
5880
Willy Tarreau63076412015-07-10 11:33:32 +02005881 if (!ssl_sock_is_ssl(conn))
5882 return;
5883
Willy Tarreau119a4082016-12-22 21:58:38 +01005884 /* if the SNI changes, we must destroy the reusable context so that a
5885 * new connection will present a new SNI. As an optimization we could
5886 * later imagine having a small cache of ssl_ctx to hold a few SNI per
5887 * server.
5888 */
5889 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5890 if ((!prev_name && hostname) ||
5891 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
5892 SSL_set_session(conn->xprt_ctx, NULL);
5893
Willy Tarreau63076412015-07-10 11:33:32 +02005894 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
5895#endif
5896}
5897
Emeric Brun0abf8362014-06-24 18:26:41 +02005898/* Extract peer certificate's common name into the chunk dest
5899 * Returns
5900 * the len of the extracted common name
5901 * or 0 if no CN found in DN
5902 * or -1 on error case (i.e. no peer certificate)
5903 */
5904int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *dest)
David Safb76832014-05-08 23:42:08 -04005905{
5906 X509 *crt = NULL;
5907 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04005908 const char find_cn[] = "CN";
5909 const struct chunk find_cn_chunk = {
5910 .str = (char *)&find_cn,
5911 .len = sizeof(find_cn)-1
5912 };
Emeric Brun0abf8362014-06-24 18:26:41 +02005913 int result = -1;
David Safb76832014-05-08 23:42:08 -04005914
5915 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02005916 goto out;
David Safb76832014-05-08 23:42:08 -04005917
5918 /* SSL_get_peer_certificate, it increase X509 * ref count */
5919 crt = SSL_get_peer_certificate(conn->xprt_ctx);
5920 if (!crt)
5921 goto out;
5922
5923 name = X509_get_subject_name(crt);
5924 if (!name)
5925 goto out;
David Safb76832014-05-08 23:42:08 -04005926
Emeric Brun0abf8362014-06-24 18:26:41 +02005927 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
5928out:
David Safb76832014-05-08 23:42:08 -04005929 if (crt)
5930 X509_free(crt);
5931
5932 return result;
5933}
5934
Dave McCowan328fb582014-07-30 10:39:13 -04005935/* returns 1 if client passed a certificate for this session, 0 if not */
5936int ssl_sock_get_cert_used_sess(struct connection *conn)
5937{
5938 X509 *crt = NULL;
5939
5940 if (!ssl_sock_is_ssl(conn))
5941 return 0;
5942
5943 /* SSL_get_peer_certificate, it increase X509 * ref count */
5944 crt = SSL_get_peer_certificate(conn->xprt_ctx);
5945 if (!crt)
5946 return 0;
5947
5948 X509_free(crt);
5949 return 1;
5950}
5951
5952/* returns 1 if client passed a certificate for this connection, 0 if not */
5953int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04005954{
5955 if (!ssl_sock_is_ssl(conn))
5956 return 0;
5957
5958 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
5959}
5960
5961/* returns result from SSL verify */
5962unsigned int ssl_sock_get_verify_result(struct connection *conn)
5963{
5964 if (!ssl_sock_is_ssl(conn))
5965 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
5966
5967 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
5968}
5969
Willy Tarreau8743f7e2016-12-04 18:44:29 +01005970/* Returns the application layer protocol name in <str> and <len> when known.
5971 * Zero is returned if the protocol name was not found, otherwise non-zero is
5972 * returned. The string is allocated in the SSL context and doesn't have to be
5973 * freed by the caller. NPN is also checked if available since older versions
5974 * of openssl (1.0.1) which are more common in field only support this one.
5975 */
5976static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
5977{
5978 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
5979 return 0;
5980
5981 *str = NULL;
5982
5983#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
5984 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
5985 if (*str)
5986 return 1;
5987#endif
5988#ifdef OPENSSL_NPN_NEGOTIATED
5989 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
5990 if (*str)
5991 return 1;
5992#endif
5993 return 0;
5994}
5995
Willy Tarreau7875d092012-09-10 08:20:03 +02005996/***** Below are some sample fetching functions for ACL/patterns *****/
5997
Olivier Houchardccaa7de2017-10-02 11:51:03 +02005998static int
5999smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6000{
6001 struct connection *conn;
6002
6003 conn = objt_conn(smp->sess->origin);
6004 if (!conn || conn->xprt != &ssl_sock)
6005 return 0;
6006
6007 smp->flags = 0;
6008 smp->data.type = SMP_T_BOOL;
6009 smp->data.u.sint = (conn->flags & CO_FL_EARLY_DATA) ? 1 : 0;
6010
6011 return 1;
6012}
6013
Emeric Brune64aef12012-09-21 13:15:06 +02006014/* boolean, returns true if client cert was present */
6015static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006016smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006017{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006018 struct connection *conn;
6019
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006020 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006021 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006022 return 0;
6023
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006024 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006025 smp->flags |= SMP_F_MAY_CHANGE;
6026 return 0;
6027 }
6028
6029 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006030 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006031 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006032
6033 return 1;
6034}
6035
Emeric Brun43e79582014-10-29 19:03:26 +01006036/* binary, returns a certificate in a binary chunk (der/raw).
6037 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6038 * should be use.
6039 */
6040static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006041smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006042{
6043 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6044 X509 *crt = NULL;
6045 int ret = 0;
6046 struct chunk *smp_trash;
6047 struct connection *conn;
6048
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006049 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006050 if (!conn || conn->xprt != &ssl_sock)
6051 return 0;
6052
6053 if (!(conn->flags & CO_FL_CONNECTED)) {
6054 smp->flags |= SMP_F_MAY_CHANGE;
6055 return 0;
6056 }
6057
6058 if (cert_peer)
6059 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6060 else
6061 crt = SSL_get_certificate(conn->xprt_ctx);
6062
6063 if (!crt)
6064 goto out;
6065
6066 smp_trash = get_trash_chunk();
6067 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6068 goto out;
6069
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006070 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006071 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006072 ret = 1;
6073out:
6074 /* SSL_get_peer_certificate, it increase X509 * ref count */
6075 if (cert_peer && crt)
6076 X509_free(crt);
6077 return ret;
6078}
6079
Emeric Brunba841a12014-04-30 17:05:08 +02006080/* binary, returns serial of certificate in a binary chunk.
6081 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6082 * should be use.
6083 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006084static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006085smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006086{
Emeric Brunba841a12014-04-30 17:05:08 +02006087 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006088 X509 *crt = NULL;
6089 int ret = 0;
6090 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006091 struct connection *conn;
6092
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006093 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006094 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006095 return 0;
6096
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006097 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006098 smp->flags |= SMP_F_MAY_CHANGE;
6099 return 0;
6100 }
6101
Emeric Brunba841a12014-04-30 17:05:08 +02006102 if (cert_peer)
6103 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6104 else
6105 crt = SSL_get_certificate(conn->xprt_ctx);
6106
Willy Tarreau8d598402012-10-22 17:58:39 +02006107 if (!crt)
6108 goto out;
6109
Willy Tarreau47ca5452012-12-23 20:22:19 +01006110 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006111 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6112 goto out;
6113
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006114 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006115 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006116 ret = 1;
6117out:
Emeric Brunba841a12014-04-30 17:05:08 +02006118 /* SSL_get_peer_certificate, it increase X509 * ref count */
6119 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006120 X509_free(crt);
6121 return ret;
6122}
Emeric Brune64aef12012-09-21 13:15:06 +02006123
Emeric Brunba841a12014-04-30 17:05:08 +02006124/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6125 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6126 * should be use.
6127 */
James Votha051b4a2013-05-14 20:37:59 +02006128static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006129smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006130{
Emeric Brunba841a12014-04-30 17:05:08 +02006131 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006132 X509 *crt = NULL;
6133 const EVP_MD *digest;
6134 int ret = 0;
6135 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006136 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006137
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006138 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006139 if (!conn || conn->xprt != &ssl_sock)
6140 return 0;
6141
6142 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006143 smp->flags |= SMP_F_MAY_CHANGE;
6144 return 0;
6145 }
6146
Emeric Brunba841a12014-04-30 17:05:08 +02006147 if (cert_peer)
6148 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6149 else
6150 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006151 if (!crt)
6152 goto out;
6153
6154 smp_trash = get_trash_chunk();
6155 digest = EVP_sha1();
6156 X509_digest(crt, digest, (unsigned char *)smp_trash->str, (unsigned int *)&smp_trash->len);
6157
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006158 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006159 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006160 ret = 1;
6161out:
Emeric Brunba841a12014-04-30 17:05:08 +02006162 /* SSL_get_peer_certificate, it increase X509 * ref count */
6163 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006164 X509_free(crt);
6165 return ret;
6166}
6167
Emeric Brunba841a12014-04-30 17:05:08 +02006168/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6169 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6170 * should be use.
6171 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006172static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006173smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006174{
Emeric Brunba841a12014-04-30 17:05:08 +02006175 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006176 X509 *crt = NULL;
6177 int ret = 0;
6178 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006179 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006180
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006181 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006182 if (!conn || conn->xprt != &ssl_sock)
6183 return 0;
6184
6185 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006186 smp->flags |= SMP_F_MAY_CHANGE;
6187 return 0;
6188 }
6189
Emeric Brunba841a12014-04-30 17:05:08 +02006190 if (cert_peer)
6191 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6192 else
6193 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006194 if (!crt)
6195 goto out;
6196
Willy Tarreau47ca5452012-12-23 20:22:19 +01006197 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006198 if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
6199 goto out;
6200
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006201 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006202 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006203 ret = 1;
6204out:
Emeric Brunba841a12014-04-30 17:05:08 +02006205 /* SSL_get_peer_certificate, it increase X509 * ref count */
6206 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006207 X509_free(crt);
6208 return ret;
6209}
6210
Emeric Brunba841a12014-04-30 17:05:08 +02006211/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6212 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6213 * should be use.
6214 */
Emeric Brun87855892012-10-17 17:39:35 +02006215static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006216smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006217{
Emeric Brunba841a12014-04-30 17:05:08 +02006218 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006219 X509 *crt = NULL;
6220 X509_NAME *name;
6221 int ret = 0;
6222 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006223 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006224
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006225 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006226 if (!conn || conn->xprt != &ssl_sock)
6227 return 0;
6228
6229 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006230 smp->flags |= SMP_F_MAY_CHANGE;
6231 return 0;
6232 }
6233
Emeric Brunba841a12014-04-30 17:05:08 +02006234 if (cert_peer)
6235 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6236 else
6237 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006238 if (!crt)
6239 goto out;
6240
6241 name = X509_get_issuer_name(crt);
6242 if (!name)
6243 goto out;
6244
Willy Tarreau47ca5452012-12-23 20:22:19 +01006245 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006246 if (args && args[0].type == ARGT_STR) {
6247 int pos = 1;
6248
6249 if (args[1].type == ARGT_SINT)
6250 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006251
6252 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6253 goto out;
6254 }
6255 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6256 goto out;
6257
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006258 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006259 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006260 ret = 1;
6261out:
Emeric Brunba841a12014-04-30 17:05:08 +02006262 /* SSL_get_peer_certificate, it increase X509 * ref count */
6263 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006264 X509_free(crt);
6265 return ret;
6266}
6267
Emeric Brunba841a12014-04-30 17:05:08 +02006268/* string, returns notbefore date in ASN1_UTCTIME format.
6269 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6270 * should be use.
6271 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006272static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006273smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006274{
Emeric Brunba841a12014-04-30 17:05:08 +02006275 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006276 X509 *crt = NULL;
6277 int ret = 0;
6278 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006279 struct connection *conn;
6280
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006281 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006282 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006283 return 0;
6284
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006285 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006286 smp->flags |= SMP_F_MAY_CHANGE;
6287 return 0;
6288 }
6289
Emeric Brunba841a12014-04-30 17:05:08 +02006290 if (cert_peer)
6291 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6292 else
6293 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006294 if (!crt)
6295 goto out;
6296
Willy Tarreau47ca5452012-12-23 20:22:19 +01006297 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006298 if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
6299 goto out;
6300
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006301 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006302 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006303 ret = 1;
6304out:
Emeric Brunba841a12014-04-30 17:05:08 +02006305 /* SSL_get_peer_certificate, it increase X509 * ref count */
6306 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006307 X509_free(crt);
6308 return ret;
6309}
6310
Emeric Brunba841a12014-04-30 17:05:08 +02006311/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6312 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6313 * should be use.
6314 */
Emeric Brun87855892012-10-17 17:39:35 +02006315static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006316smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006317{
Emeric Brunba841a12014-04-30 17:05:08 +02006318 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006319 X509 *crt = NULL;
6320 X509_NAME *name;
6321 int ret = 0;
6322 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006323 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006324
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006325 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006326 if (!conn || conn->xprt != &ssl_sock)
6327 return 0;
6328
6329 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006330 smp->flags |= SMP_F_MAY_CHANGE;
6331 return 0;
6332 }
6333
Emeric Brunba841a12014-04-30 17:05:08 +02006334 if (cert_peer)
6335 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6336 else
6337 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006338 if (!crt)
6339 goto out;
6340
6341 name = X509_get_subject_name(crt);
6342 if (!name)
6343 goto out;
6344
Willy Tarreau47ca5452012-12-23 20:22:19 +01006345 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006346 if (args && args[0].type == ARGT_STR) {
6347 int pos = 1;
6348
6349 if (args[1].type == ARGT_SINT)
6350 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006351
6352 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6353 goto out;
6354 }
6355 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6356 goto out;
6357
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006358 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006359 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006360 ret = 1;
6361out:
Emeric Brunba841a12014-04-30 17:05:08 +02006362 /* SSL_get_peer_certificate, it increase X509 * ref count */
6363 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006364 X509_free(crt);
6365 return ret;
6366}
Emeric Brun9143d372012-12-20 15:44:16 +01006367
6368/* integer, returns true if current session use a client certificate */
6369static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006370smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006371{
6372 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006373 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006374
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006375 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006376 if (!conn || conn->xprt != &ssl_sock)
6377 return 0;
6378
6379 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006380 smp->flags |= SMP_F_MAY_CHANGE;
6381 return 0;
6382 }
6383
6384 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006385 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006386 if (crt) {
6387 X509_free(crt);
6388 }
6389
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006390 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006391 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006392 return 1;
6393}
6394
Emeric Brunba841a12014-04-30 17:05:08 +02006395/* integer, returns the certificate version
6396 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6397 * should be use.
6398 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006399static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006400smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006401{
Emeric Brunba841a12014-04-30 17:05:08 +02006402 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006403 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006404 struct connection *conn;
6405
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006406 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006407 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006408 return 0;
6409
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006410 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006411 smp->flags |= SMP_F_MAY_CHANGE;
6412 return 0;
6413 }
6414
Emeric Brunba841a12014-04-30 17:05:08 +02006415 if (cert_peer)
6416 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6417 else
6418 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006419 if (!crt)
6420 return 0;
6421
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006422 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006423 /* SSL_get_peer_certificate increase X509 * ref count */
6424 if (cert_peer)
6425 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006426 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006427
6428 return 1;
6429}
6430
Emeric Brunba841a12014-04-30 17:05:08 +02006431/* string, returns the certificate's signature algorithm.
6432 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6433 * should be use.
6434 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006435static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006436smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006437{
Emeric Brunba841a12014-04-30 17:05:08 +02006438 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006439 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006440 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006441 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006442 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006443
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006444 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006445 if (!conn || conn->xprt != &ssl_sock)
6446 return 0;
6447
6448 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006449 smp->flags |= SMP_F_MAY_CHANGE;
6450 return 0;
6451 }
6452
Emeric Brunba841a12014-04-30 17:05:08 +02006453 if (cert_peer)
6454 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6455 else
6456 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006457 if (!crt)
6458 return 0;
6459
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006460 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6461 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006462
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006463 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6464 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006465 /* SSL_get_peer_certificate increase X509 * ref count */
6466 if (cert_peer)
6467 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006468 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006469 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006470
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006471 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006472 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006473 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006474 /* SSL_get_peer_certificate increase X509 * ref count */
6475 if (cert_peer)
6476 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006477
6478 return 1;
6479}
6480
Emeric Brunba841a12014-04-30 17:05:08 +02006481/* string, returns the certificate's key algorithm.
6482 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6483 * should be use.
6484 */
Emeric Brun521a0112012-10-22 12:22:55 +02006485static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006486smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006487{
Emeric Brunba841a12014-04-30 17:05:08 +02006488 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006489 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006490 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006491 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006492 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006493
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006494 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006495 if (!conn || conn->xprt != &ssl_sock)
6496 return 0;
6497
6498 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006499 smp->flags |= SMP_F_MAY_CHANGE;
6500 return 0;
6501 }
6502
Emeric Brunba841a12014-04-30 17:05:08 +02006503 if (cert_peer)
6504 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6505 else
6506 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006507 if (!crt)
6508 return 0;
6509
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006510 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6511 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006512
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006513 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6514 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006515 /* SSL_get_peer_certificate increase X509 * ref count */
6516 if (cert_peer)
6517 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006518 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006519 }
Emeric Brun521a0112012-10-22 12:22:55 +02006520
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006521 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006522 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006523 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006524 if (cert_peer)
6525 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006526
6527 return 1;
6528}
6529
Emeric Brun645ae792014-04-30 14:21:06 +02006530/* boolean, returns true if front conn. transport layer is SSL.
6531 * This function is also usable on backend conn if the fetch keyword 5th
6532 * char is 'b'.
6533 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006534static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006535smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006536{
Willy Tarreaue237fe12016-03-10 17:05:28 +01006537 struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
6538 smp->strm ? smp->strm->si[1].end : NULL);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006539
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006540 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006541 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006542 return 1;
6543}
6544
Emeric Brun2525b6b2012-10-18 15:59:43 +02006545/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006546static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006547smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006548{
6549#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006550 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006551
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006552 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006553 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006554 conn->xprt_ctx &&
6555 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006556 return 1;
6557#else
6558 return 0;
6559#endif
6560}
6561
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006562/* boolean, returns true if client session has been resumed */
6563static int
6564smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6565{
6566 struct connection *conn = objt_conn(smp->sess->origin);
6567
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006568 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006569 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006570 conn->xprt_ctx &&
6571 SSL_session_reused(conn->xprt_ctx);
6572 return 1;
6573}
6574
Emeric Brun645ae792014-04-30 14:21:06 +02006575/* string, returns the used cipher if front conn. transport layer is SSL.
6576 * This function is also usable on backend conn if the fetch keyword 5th
6577 * char is 'b'.
6578 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006579static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006580smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006581{
Willy Tarreaue237fe12016-03-10 17:05:28 +01006582 struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
6583 smp->strm ? smp->strm->si[1].end : NULL);
Emeric Brun589fcad2012-10-16 14:13:26 +02006584
Willy Tarreaube508f12016-03-10 11:47:01 +01006585 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006586 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006587 return 0;
6588
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006589 smp->data.u.str.str = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6590 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006591 return 0;
6592
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006593 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006594 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006595 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006596
6597 return 1;
6598}
6599
Emeric Brun645ae792014-04-30 14:21:06 +02006600/* integer, returns the algoritm's keysize if front conn. transport layer
6601 * is SSL.
6602 * This function is also usable on backend conn if the fetch keyword 5th
6603 * char is 'b'.
6604 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006605static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006606smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006607{
Willy Tarreaue237fe12016-03-10 17:05:28 +01006608 struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
6609 smp->strm ? smp->strm->si[1].end : NULL);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006610
Willy Tarreaue237fe12016-03-10 17:05:28 +01006611 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006612
Emeric Brun589fcad2012-10-16 14:13:26 +02006613 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006614 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006615 return 0;
6616
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006617 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006618 return 0;
6619
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006620 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006621 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006622
6623 return 1;
6624}
6625
Emeric Brun645ae792014-04-30 14:21:06 +02006626/* integer, returns the used keysize if front conn. transport layer is SSL.
6627 * This function is also usable on backend conn if the fetch keyword 5th
6628 * char is 'b'.
6629 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006630static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006631smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006632{
Willy Tarreaue237fe12016-03-10 17:05:28 +01006633 struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
6634 smp->strm ? smp->strm->si[1].end : NULL);
Willy Tarreaube508f12016-03-10 11:47:01 +01006635
Emeric Brun589fcad2012-10-16 14:13:26 +02006636 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006637 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6638 return 0;
6639
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006640 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6641 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006642 return 0;
6643
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006644 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006645
6646 return 1;
6647}
6648
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006649#ifdef OPENSSL_NPN_NEGOTIATED
Willy Tarreau7875d092012-09-10 08:20:03 +02006650static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006651smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006652{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006653 struct connection *conn;
6654
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006655 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006656 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006657
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006658 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006659 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6660 return 0;
6661
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006662 smp->data.u.str.str = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006663 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006664 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006665
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006666 if (!smp->data.u.str.str)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006667 return 0;
6668
6669 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006670}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006671#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006672
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006673#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006674static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006675smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006676{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006677 struct connection *conn;
6678
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006679 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006680 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006681
Willy Tarreaue26bf052015-05-12 10:30:12 +02006682 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006683 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006684 return 0;
6685
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006686 smp->data.u.str.str = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006687 SSL_get0_alpn_selected(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006688 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreauab861d32013-04-02 02:30:41 +02006689
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006690 if (!smp->data.u.str.str)
Willy Tarreauab861d32013-04-02 02:30:41 +02006691 return 0;
6692
6693 return 1;
6694}
6695#endif
6696
Emeric Brun645ae792014-04-30 14:21:06 +02006697/* string, returns the used protocol if front conn. transport layer is SSL.
6698 * This function is also usable on backend conn if the fetch keyword 5th
6699 * char is 'b'.
6700 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02006701static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006702smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006703{
Willy Tarreaue237fe12016-03-10 17:05:28 +01006704 struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
6705 smp->strm ? smp->strm->si[1].end : NULL);
Willy Tarreaube508f12016-03-10 11:47:01 +01006706
Emeric Brun589fcad2012-10-16 14:13:26 +02006707 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006708 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6709 return 0;
6710
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006711 smp->data.u.str.str = (char *)SSL_get_version(conn->xprt_ctx);
6712 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006713 return 0;
6714
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006715 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006716 smp->flags = SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006717 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006718
6719 return 1;
6720}
6721
Willy Tarreau87b09662015-04-03 00:22:06 +02006722/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02006723 * This function is also usable on backend conn if the fetch keyword 5th
6724 * char is 'b'.
6725 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006726static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006727smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02006728{
6729#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Willy Tarreaue237fe12016-03-10 17:05:28 +01006730 struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
6731 smp->strm ? smp->strm->si[1].end : NULL);
Emeric Brunfe68f682012-10-16 14:59:28 +02006732
Willy Tarreaue237fe12016-03-10 17:05:28 +01006733 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01006734
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006735 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006736 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02006737
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006738 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6739 return 0;
6740
Willy Tarreau192252e2015-04-04 01:47:55 +02006741 ssl_sess = SSL_get_session(conn->xprt_ctx);
6742 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02006743 return 0;
6744
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006745 smp->data.u.str.str = (char *)SSL_SESSION_get_id(ssl_sess, (unsigned int *)&smp->data.u.str.len);
6746 if (!smp->data.u.str.str || !smp->data.u.str.len)
Emeric Brunfe68f682012-10-16 14:59:28 +02006747 return 0;
6748
6749 return 1;
6750#else
6751 return 0;
6752#endif
6753}
6754
6755static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006756smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006757{
6758#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006759 struct connection *conn;
6760
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006761 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006762 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02006763
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006764 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006765 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6766 return 0;
6767
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006768 smp->data.u.str.str = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6769 if (!smp->data.u.str.str)
Willy Tarreau3e394c92012-09-14 23:56:58 +02006770 return 0;
6771
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006772 smp->data.u.str.len = strlen(smp->data.u.str.str);
Willy Tarreau7875d092012-09-10 08:20:03 +02006773 return 1;
6774#else
6775 return 0;
6776#endif
6777}
6778
David Sc1ad52e2014-04-08 18:48:47 -04006779static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006780smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
6781{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006782 struct connection *conn;
6783 struct ssl_capture *capture;
6784
6785 conn = objt_conn(smp->sess->origin);
6786 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6787 return 0;
6788
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006789 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006790 if (!capture)
6791 return 0;
6792
6793 smp->flags = SMP_F_CONST;
6794 smp->data.type = SMP_T_BIN;
6795 smp->data.u.str.str = capture->ciphersuite;
6796 smp->data.u.str.len = capture->ciphersuite_len;
6797 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006798}
6799
6800static int
6801smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
6802{
6803 struct chunk *data;
6804
6805 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
6806 return 0;
6807
6808 data = get_trash_chunk();
6809 dump_binary(data, smp->data.u.str.str, smp->data.u.str.len);
6810 smp->data.type = SMP_T_BIN;
6811 smp->data.u.str = *data;
6812 return 1;
6813}
6814
6815static int
6816smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
6817{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006818 struct connection *conn;
6819 struct ssl_capture *capture;
6820
6821 conn = objt_conn(smp->sess->origin);
6822 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6823 return 0;
6824
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006825 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006826 if (!capture)
6827 return 0;
6828
6829 smp->data.type = SMP_T_SINT;
6830 smp->data.u.sint = capture->xxh64;
6831 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006832}
6833
6834static int
6835smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
6836{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02006837#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006838 struct chunk *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006839 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006840
6841 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
6842 return 0;
6843
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006844 data = get_trash_chunk();
6845 for (i = 0; i + 1 < smp->data.u.str.len; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02006846 const char *str;
6847 const SSL_CIPHER *cipher;
6848 const unsigned char *bin = (const unsigned char *)smp->data.u.str.str + i;
6849 uint16_t id = (bin[0] << 8) | bin[1];
6850#if defined(OPENSSL_IS_BORINGSSL)
6851 cipher = SSL_get_cipher_by_value(id);
6852#else
6853 struct connection *conn = objt_conn(smp->sess->origin);
6854 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
6855#endif
6856 str = SSL_CIPHER_get_name(cipher);
6857 if (!str || strcmp(str, "(NONE)") == 0)
6858 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006859 else
6860 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
6861 }
6862 smp->data.type = SMP_T_STR;
6863 smp->data.u.str = *data;
6864 return 1;
6865#else
6866 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
6867#endif
6868}
6869
6870static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006871smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04006872{
6873#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Willy Tarreaue237fe12016-03-10 17:05:28 +01006874 struct connection *conn = objt_conn((kw[4] != 'b') ? smp->sess->origin :
6875 smp->strm ? smp->strm->si[1].end : NULL);
6876
David Sc1ad52e2014-04-08 18:48:47 -04006877 int finished_len;
David Sc1ad52e2014-04-08 18:48:47 -04006878 struct chunk *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04006879
6880 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04006881 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6882 return 0;
6883
6884 if (!(conn->flags & CO_FL_CONNECTED)) {
6885 smp->flags |= SMP_F_MAY_CHANGE;
6886 return 0;
6887 }
6888
6889 finished_trash = get_trash_chunk();
6890 if (!SSL_session_reused(conn->xprt_ctx))
6891 finished_len = SSL_get_peer_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
6892 else
6893 finished_len = SSL_get_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
6894
6895 if (!finished_len)
6896 return 0;
6897
Emeric Brunb73a9b02014-04-30 18:49:19 +02006898 finished_trash->len = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006899 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006900 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04006901
6902 return 1;
6903#else
6904 return 0;
6905#endif
6906}
6907
Emeric Brun2525b6b2012-10-18 15:59:43 +02006908/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02006909static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006910smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02006911{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006912 struct connection *conn;
6913
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006914 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006915 if (!conn || conn->xprt != &ssl_sock)
6916 return 0;
6917
6918 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02006919 smp->flags = SMP_F_MAY_CHANGE;
6920 return 0;
6921 }
6922
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006923 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006924 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02006925 smp->flags = 0;
6926
6927 return 1;
6928}
6929
Emeric Brun2525b6b2012-10-18 15:59:43 +02006930/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02006931static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006932smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02006933{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006934 struct connection *conn;
6935
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006936 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006937 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02006938 return 0;
6939
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006940 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02006941 smp->flags = SMP_F_MAY_CHANGE;
6942 return 0;
6943 }
6944
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006945 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006946 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02006947 smp->flags = 0;
6948
6949 return 1;
6950}
6951
Emeric Brun2525b6b2012-10-18 15:59:43 +02006952/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02006953static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006954smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02006955{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006956 struct connection *conn;
6957
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006958 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006959 if (!conn || conn->xprt != &ssl_sock)
6960 return 0;
6961
6962 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02006963 smp->flags = SMP_F_MAY_CHANGE;
6964 return 0;
6965 }
6966
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006967 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006968 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02006969 smp->flags = 0;
6970
6971 return 1;
6972}
6973
Emeric Brun2525b6b2012-10-18 15:59:43 +02006974/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02006975static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006976smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02006977{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006978 struct connection *conn;
6979
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006980 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006981 if (!conn || conn->xprt != &ssl_sock)
6982 return 0;
6983
6984 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02006985 smp->flags = SMP_F_MAY_CHANGE;
6986 return 0;
6987 }
6988
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006989 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02006990 return 0;
6991
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006992 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006993 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02006994 smp->flags = 0;
6995
6996 return 1;
6997}
6998
Emeric Brunfb510ea2012-10-05 12:00:26 +02006999/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007000static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007001{
7002 if (!*args[cur_arg + 1]) {
7003 if (err)
7004 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7005 return ERR_ALERT | ERR_FATAL;
7006 }
7007
Willy Tarreauef934602016-12-22 23:12:01 +01007008 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7009 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007010 else
7011 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007012
Emeric Brund94b3fe2012-09-20 18:23:56 +02007013 return 0;
7014}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007015static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7016{
7017 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7018}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007019
Christopher Faulet31af49d2015-06-09 17:29:50 +02007020/* parse the "ca-sign-file" bind keyword */
7021static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7022{
7023 if (!*args[cur_arg + 1]) {
7024 if (err)
7025 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7026 return ERR_ALERT | ERR_FATAL;
7027 }
7028
Willy Tarreauef934602016-12-22 23:12:01 +01007029 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7030 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007031 else
7032 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7033
7034 return 0;
7035}
7036
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007037/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007038static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7039{
7040 if (!*args[cur_arg + 1]) {
7041 if (err)
7042 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7043 return ERR_ALERT | ERR_FATAL;
7044 }
7045 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7046 return 0;
7047}
7048
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007049/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007050static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007051{
7052 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007053 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007054 return ERR_ALERT | ERR_FATAL;
7055 }
7056
Emeric Brun76d88952012-10-05 15:47:31 +02007057 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007058 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007059 return 0;
7060}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007061static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7062{
7063 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7064}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007065/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007066static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007067{
Willy Tarreau38011032013-08-13 16:59:39 +02007068 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007069
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007070 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007071 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007072 return ERR_ALERT | ERR_FATAL;
7073 }
7074
Willy Tarreauef934602016-12-22 23:12:01 +01007075 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7076 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007077 memprintf(err, "'%s' : path too long", args[cur_arg]);
7078 return ERR_ALERT | ERR_FATAL;
7079 }
Willy Tarreauef934602016-12-22 23:12:01 +01007080 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007081 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007082 return ERR_ALERT | ERR_FATAL;
7083
7084 return 0;
7085 }
7086
Willy Tarreau03209342016-12-22 17:08:28 +01007087 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007088 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007089
7090 return 0;
7091}
7092
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007093/* parse the "crt-list" bind keyword */
7094static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7095{
7096 if (!*args[cur_arg + 1]) {
7097 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7098 return ERR_ALERT | ERR_FATAL;
7099 }
7100
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007101 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007102 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007103 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007104 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007105
7106 return 0;
7107}
7108
Emeric Brunfb510ea2012-10-05 12:00:26 +02007109/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007110static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007111{
Emeric Brun051cdab2012-10-02 19:25:50 +02007112#ifndef X509_V_FLAG_CRL_CHECK
7113 if (err)
7114 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7115 return ERR_ALERT | ERR_FATAL;
7116#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007117 if (!*args[cur_arg + 1]) {
7118 if (err)
7119 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7120 return ERR_ALERT | ERR_FATAL;
7121 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007122
Willy Tarreauef934602016-12-22 23:12:01 +01007123 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7124 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007125 else
7126 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007127
Emeric Brun2b58d042012-09-20 17:10:03 +02007128 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007129#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007130}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007131static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7132{
7133 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7134}
Emeric Brun2b58d042012-09-20 17:10:03 +02007135
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007136/* parse the "curves" bind keyword keyword */
7137static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7138{
7139#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7140 if (!*args[cur_arg + 1]) {
7141 if (err)
7142 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7143 return ERR_ALERT | ERR_FATAL;
7144 }
7145 conf->curves = strdup(args[cur_arg + 1]);
7146 return 0;
7147#else
7148 if (err)
7149 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7150 return ERR_ALERT | ERR_FATAL;
7151#endif
7152}
7153static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7154{
7155 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7156}
7157
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007158/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007159static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007160{
7161#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7162 if (err)
7163 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7164 return ERR_ALERT | ERR_FATAL;
7165#elif defined(OPENSSL_NO_ECDH)
7166 if (err)
7167 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7168 return ERR_ALERT | ERR_FATAL;
7169#else
7170 if (!*args[cur_arg + 1]) {
7171 if (err)
7172 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7173 return ERR_ALERT | ERR_FATAL;
7174 }
7175
7176 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007177
7178 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007179#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007180}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007181static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7182{
7183 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7184}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007185
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007186/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007187static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7188{
7189 int code;
7190 char *p = args[cur_arg + 1];
7191 unsigned long long *ignerr = &conf->crt_ignerr;
7192
7193 if (!*p) {
7194 if (err)
7195 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7196 return ERR_ALERT | ERR_FATAL;
7197 }
7198
7199 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7200 ignerr = &conf->ca_ignerr;
7201
7202 if (strcmp(p, "all") == 0) {
7203 *ignerr = ~0ULL;
7204 return 0;
7205 }
7206
7207 while (p) {
7208 code = atoi(p);
7209 if ((code <= 0) || (code > 63)) {
7210 if (err)
7211 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7212 args[cur_arg], code, args[cur_arg + 1]);
7213 return ERR_ALERT | ERR_FATAL;
7214 }
7215 *ignerr |= 1ULL << code;
7216 p = strchr(p, ',');
7217 if (p)
7218 p++;
7219 }
7220
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007221 return 0;
7222}
7223
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007224/* parse tls_method_options "no-xxx" and "force-xxx" */
7225static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007226{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007227 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007228 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007229 p = strchr(arg, '-');
7230 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007231 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007232 p++;
7233 if (!strcmp(p, "sslv3"))
7234 v = CONF_SSLV3;
7235 else if (!strcmp(p, "tlsv10"))
7236 v = CONF_TLSV10;
7237 else if (!strcmp(p, "tlsv11"))
7238 v = CONF_TLSV11;
7239 else if (!strcmp(p, "tlsv12"))
7240 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007241 else if (!strcmp(p, "tlsv13"))
7242 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007243 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007244 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007245 if (!strncmp(arg, "no-", 3))
7246 methods->flags |= methodVersions[v].flag;
7247 else if (!strncmp(arg, "force-", 6))
7248 methods->min = methods->max = v;
7249 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007250 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007251 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007252 fail:
7253 if (err)
7254 memprintf(err, "'%s' : option not implemented", arg);
7255 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007256}
7257
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007258static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007259{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007260 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007261}
7262
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007263static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007264{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007265 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7266}
7267
7268/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7269static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7270{
7271 uint16_t i, v = 0;
7272 char *argv = args[cur_arg + 1];
7273 if (!*argv) {
7274 if (err)
7275 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7276 return ERR_ALERT | ERR_FATAL;
7277 }
7278 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7279 if (!strcmp(argv, methodVersions[i].name))
7280 v = i;
7281 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007282 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007283 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007284 return ERR_ALERT | ERR_FATAL;
7285 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007286 if (!strcmp("ssl-min-ver", args[cur_arg]))
7287 methods->min = v;
7288 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7289 methods->max = v;
7290 else {
7291 if (err)
7292 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7293 return ERR_ALERT | ERR_FATAL;
7294 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007295 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007296}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007297
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007298static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7299{
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02007300#if (OPENSSL_VERSION_NUMBER < 0x10101000L) || !defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007301 Warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
7302#endif
7303 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7304}
7305
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007306static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7307{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007308 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007309}
7310
7311static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7312{
7313 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7314}
7315
Emeric Brun2d0c4822012-10-02 13:45:20 +02007316/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007317static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007318{
Emeric Brun89675492012-10-05 13:48:26 +02007319 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007320 return 0;
7321}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007322
Olivier Houchardc2aae742017-09-22 18:26:28 +02007323/* parse the "allow-0rtt" bind keyword */
7324static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7325{
7326 conf->early_data = 1;
7327 return 0;
7328}
7329
7330static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7331{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007332 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007333 return 0;
7334}
7335
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007336/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007337static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007338{
7339#ifdef OPENSSL_NPN_NEGOTIATED
7340 char *p1, *p2;
7341
7342 if (!*args[cur_arg + 1]) {
7343 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7344 return ERR_ALERT | ERR_FATAL;
7345 }
7346
7347 free(conf->npn_str);
7348
Willy Tarreau3724da12016-02-12 17:11:12 +01007349 /* the NPN string is built as a suite of (<len> <name>)*,
7350 * so we reuse each comma to store the next <len> and need
7351 * one more for the end of the string.
7352 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007353 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007354 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007355 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7356
7357 /* replace commas with the name length */
7358 p1 = conf->npn_str;
7359 p2 = p1 + 1;
7360 while (1) {
7361 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7362 if (!p2)
7363 p2 = p1 + 1 + strlen(p1 + 1);
7364
7365 if (p2 - (p1 + 1) > 255) {
7366 *p2 = '\0';
7367 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7368 return ERR_ALERT | ERR_FATAL;
7369 }
7370
7371 *p1 = p2 - (p1 + 1);
7372 p1 = p2;
7373
7374 if (!*p2)
7375 break;
7376
7377 *(p2++) = '\0';
7378 }
7379 return 0;
7380#else
7381 if (err)
7382 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7383 return ERR_ALERT | ERR_FATAL;
7384#endif
7385}
7386
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007387static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7388{
7389 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7390}
7391
Willy Tarreauab861d32013-04-02 02:30:41 +02007392/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007393static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007394{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007395#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007396 char *p1, *p2;
7397
7398 if (!*args[cur_arg + 1]) {
7399 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7400 return ERR_ALERT | ERR_FATAL;
7401 }
7402
7403 free(conf->alpn_str);
7404
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007405 /* the ALPN string is built as a suite of (<len> <name>)*,
7406 * so we reuse each comma to store the next <len> and need
7407 * one more for the end of the string.
7408 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007409 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007410 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007411 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7412
7413 /* replace commas with the name length */
7414 p1 = conf->alpn_str;
7415 p2 = p1 + 1;
7416 while (1) {
7417 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7418 if (!p2)
7419 p2 = p1 + 1 + strlen(p1 + 1);
7420
7421 if (p2 - (p1 + 1) > 255) {
7422 *p2 = '\0';
7423 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7424 return ERR_ALERT | ERR_FATAL;
7425 }
7426
7427 *p1 = p2 - (p1 + 1);
7428 p1 = p2;
7429
7430 if (!*p2)
7431 break;
7432
7433 *(p2++) = '\0';
7434 }
7435 return 0;
7436#else
7437 if (err)
7438 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7439 return ERR_ALERT | ERR_FATAL;
7440#endif
7441}
7442
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007443static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7444{
7445 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7446}
7447
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007448/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007449static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007450{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007451 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007452 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007453
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007454 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7455 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007456 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007457 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7458 if (!conf->ssl_conf.ssl_methods.min)
7459 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7460 if (!conf->ssl_conf.ssl_methods.max)
7461 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007462
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007463 return 0;
7464}
7465
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007466/* parse the "prefer-client-ciphers" bind keyword */
7467static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7468{
7469 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7470 return 0;
7471}
7472
Christopher Faulet31af49d2015-06-09 17:29:50 +02007473/* parse the "generate-certificates" bind keyword */
7474static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7475{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007476#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007477 conf->generate_certs = 1;
7478#else
7479 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7480 err && *err ? *err : "");
7481#endif
7482 return 0;
7483}
7484
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007485/* parse the "strict-sni" bind keyword */
7486static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7487{
7488 conf->strict_sni = 1;
7489 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007490}
7491
7492/* parse the "tls-ticket-keys" bind keyword */
7493static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7494{
7495#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7496 FILE *f;
7497 int i = 0;
7498 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007499 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007500
7501 if (!*args[cur_arg + 1]) {
7502 if (err)
7503 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7504 return ERR_ALERT | ERR_FATAL;
7505 }
7506
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007507 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
7508 if(keys_ref) {
7509 conf->keys_ref = keys_ref;
7510 return 0;
7511 }
7512
Vincent Bernat02779b62016-04-03 13:48:43 +02007513 keys_ref = malloc(sizeof(*keys_ref));
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007514 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(struct tls_sess_key));
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007515
7516 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
7517 if (err)
7518 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7519 return ERR_ALERT | ERR_FATAL;
7520 }
7521
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007522 keys_ref->filename = strdup(args[cur_arg + 1]);
7523
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007524 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7525 int len = strlen(thisline);
7526 /* Strip newline characters from the end */
7527 if(thisline[len - 1] == '\n')
7528 thisline[--len] = 0;
7529
7530 if(thisline[len - 1] == '\r')
7531 thisline[--len] = 0;
7532
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007533 if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007534 if (err)
7535 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007536 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007537 return ERR_ALERT | ERR_FATAL;
7538 }
7539 i++;
7540 }
7541
7542 if (i < TLS_TICKETS_NO) {
7543 if (err)
7544 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007545 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007546 return ERR_ALERT | ERR_FATAL;
7547 }
7548
7549 fclose(f);
7550
7551 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007552 i -= 2;
7553 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007554 keys_ref->unique_id = -1;
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007555 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007556
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007557 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7558
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007559 return 0;
7560#else
7561 if (err)
7562 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7563 return ERR_ALERT | ERR_FATAL;
7564#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007565}
7566
Emeric Brund94b3fe2012-09-20 18:23:56 +02007567/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007568static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007569{
7570 if (!*args[cur_arg + 1]) {
7571 if (err)
7572 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7573 return ERR_ALERT | ERR_FATAL;
7574 }
7575
7576 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007577 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007578 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007579 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007580 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007581 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007582 else {
7583 if (err)
7584 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
7585 args[cur_arg], args[cur_arg + 1]);
7586 return ERR_ALERT | ERR_FATAL;
7587 }
7588
7589 return 0;
7590}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007591static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7592{
7593 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
7594}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007595
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02007596/* parse the "no-ca-names" bind keyword */
7597static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7598{
7599 conf->no_ca_names = 1;
7600 return 0;
7601}
7602static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7603{
7604 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
7605}
7606
Willy Tarreau92faadf2012-10-10 23:04:25 +02007607/************** "server" keywords ****************/
7608
Emeric Brunef42d922012-10-11 16:11:36 +02007609/* parse the "ca-file" server keyword */
7610static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7611{
7612 if (!*args[*cur_arg + 1]) {
7613 if (err)
7614 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
7615 return ERR_ALERT | ERR_FATAL;
7616 }
7617
Willy Tarreauef934602016-12-22 23:12:01 +01007618 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7619 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007620 else
7621 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
7622
7623 return 0;
7624}
7625
Olivier Houchard9130a962017-10-17 17:33:43 +02007626/* parse the "check-sni" server keyword */
7627static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7628{
7629 if (!*args[*cur_arg + 1]) {
7630 if (err)
7631 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
7632 return ERR_ALERT | ERR_FATAL;
7633 }
7634
7635 newsrv->check.sni = strdup(args[*cur_arg + 1]);
7636 if (!newsrv->check.sni) {
7637 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
7638 return ERR_ALERT | ERR_FATAL;
7639 }
7640 return 0;
7641
7642}
7643
Willy Tarreau92faadf2012-10-10 23:04:25 +02007644/* parse the "check-ssl" server keyword */
7645static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7646{
7647 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007648 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7649 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
7650 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007651 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
7652 if (!newsrv->ssl_ctx.methods.min)
7653 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
7654 if (!newsrv->ssl_ctx.methods.max)
7655 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
7656
Willy Tarreau92faadf2012-10-10 23:04:25 +02007657 return 0;
7658}
7659
7660/* parse the "ciphers" server keyword */
7661static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7662{
7663 if (!*args[*cur_arg + 1]) {
7664 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
7665 return ERR_ALERT | ERR_FATAL;
7666 }
7667
7668 free(newsrv->ssl_ctx.ciphers);
7669 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
7670 return 0;
7671}
7672
Emeric Brunef42d922012-10-11 16:11:36 +02007673/* parse the "crl-file" server keyword */
7674static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7675{
7676#ifndef X509_V_FLAG_CRL_CHECK
7677 if (err)
7678 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
7679 return ERR_ALERT | ERR_FATAL;
7680#else
7681 if (!*args[*cur_arg + 1]) {
7682 if (err)
7683 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
7684 return ERR_ALERT | ERR_FATAL;
7685 }
7686
Willy Tarreauef934602016-12-22 23:12:01 +01007687 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7688 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007689 else
7690 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
7691
7692 return 0;
7693#endif
7694}
7695
Emeric Bruna7aa3092012-10-26 12:58:00 +02007696/* parse the "crt" server keyword */
7697static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7698{
7699 if (!*args[*cur_arg + 1]) {
7700 if (err)
7701 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
7702 return ERR_ALERT | ERR_FATAL;
7703 }
7704
Willy Tarreauef934602016-12-22 23:12:01 +01007705 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
7706 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02007707 else
7708 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
7709
7710 return 0;
7711}
Emeric Brunef42d922012-10-11 16:11:36 +02007712
Frédéric Lécaille340ae602017-03-13 10:38:04 +01007713/* parse the "no-check-ssl" server keyword */
7714static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7715{
7716 newsrv->check.use_ssl = 0;
7717 free(newsrv->ssl_ctx.ciphers);
7718 newsrv->ssl_ctx.ciphers = NULL;
7719 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
7720 return 0;
7721}
7722
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01007723/* parse the "no-send-proxy-v2-ssl" server keyword */
7724static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7725{
7726 newsrv->pp_opts &= ~SRV_PP_V2;
7727 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7728 return 0;
7729}
7730
7731/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
7732static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7733{
7734 newsrv->pp_opts &= ~SRV_PP_V2;
7735 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7736 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
7737 return 0;
7738}
7739
Frédéric Lécaillee381d762017-03-13 11:54:17 +01007740/* parse the "no-ssl" server keyword */
7741static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7742{
7743 newsrv->use_ssl = 0;
7744 free(newsrv->ssl_ctx.ciphers);
7745 newsrv->ssl_ctx.ciphers = NULL;
7746 return 0;
7747}
7748
Olivier Houchard522eea72017-11-03 16:27:47 +01007749/* parse the "allow-0rtt" server keyword */
7750static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7751{
7752 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
7753 return 0;
7754}
7755
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01007756/* parse the "no-ssl-reuse" server keyword */
7757static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7758{
7759 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
7760 return 0;
7761}
7762
Emeric Brunf9c5c472012-10-11 15:28:34 +02007763/* parse the "no-tls-tickets" server keyword */
7764static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7765{
7766 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
7767 return 0;
7768}
David Safb76832014-05-08 23:42:08 -04007769/* parse the "send-proxy-v2-ssl" server keyword */
7770static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7771{
7772 newsrv->pp_opts |= SRV_PP_V2;
7773 newsrv->pp_opts |= SRV_PP_V2_SSL;
7774 return 0;
7775}
7776
7777/* parse the "send-proxy-v2-ssl-cn" server keyword */
7778static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7779{
7780 newsrv->pp_opts |= SRV_PP_V2;
7781 newsrv->pp_opts |= SRV_PP_V2_SSL;
7782 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
7783 return 0;
7784}
Emeric Brunf9c5c472012-10-11 15:28:34 +02007785
Willy Tarreau732eac42015-07-09 11:40:25 +02007786/* parse the "sni" server keyword */
7787static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7788{
7789#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
7790 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
7791 return ERR_ALERT | ERR_FATAL;
7792#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007793 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02007794
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007795 arg = args[*cur_arg + 1];
7796 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02007797 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
7798 return ERR_ALERT | ERR_FATAL;
7799 }
7800
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007801 free(newsrv->sni_expr);
7802 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02007803
Willy Tarreau732eac42015-07-09 11:40:25 +02007804 return 0;
7805#endif
7806}
7807
Willy Tarreau92faadf2012-10-10 23:04:25 +02007808/* parse the "ssl" server keyword */
7809static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7810{
7811 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007812 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7813 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau92faadf2012-10-10 23:04:25 +02007814 return 0;
7815}
7816
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007817/* parse the "ssl-reuse" server keyword */
7818static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7819{
7820 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
7821 return 0;
7822}
7823
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007824/* parse the "tls-tickets" server keyword */
7825static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7826{
7827 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
7828 return 0;
7829}
7830
Emeric Brunef42d922012-10-11 16:11:36 +02007831/* parse the "verify" server keyword */
7832static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7833{
7834 if (!*args[*cur_arg + 1]) {
7835 if (err)
7836 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
7837 return ERR_ALERT | ERR_FATAL;
7838 }
7839
7840 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007841 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02007842 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007843 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02007844 else {
7845 if (err)
7846 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
7847 args[*cur_arg], args[*cur_arg + 1]);
7848 return ERR_ALERT | ERR_FATAL;
7849 }
7850
Evan Broderbe554312013-06-27 00:05:25 -07007851 return 0;
7852}
7853
7854/* parse the "verifyhost" server keyword */
7855static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7856{
7857 if (!*args[*cur_arg + 1]) {
7858 if (err)
7859 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
7860 return ERR_ALERT | ERR_FATAL;
7861 }
7862
Frédéric Lécaille273f3212017-03-13 15:52:01 +01007863 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07007864 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
7865
Emeric Brunef42d922012-10-11 16:11:36 +02007866 return 0;
7867}
7868
Emeric Brun2c86cbf2014-10-30 15:56:50 +01007869/* parse the "ssl-default-bind-options" keyword in global section */
7870static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
7871 struct proxy *defpx, const char *file, int line,
7872 char **err) {
7873 int i = 1;
7874
7875 if (*(args[i]) == 0) {
7876 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
7877 return -1;
7878 }
7879 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007880 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01007881 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007882 else if (!strcmp(args[i], "prefer-client-ciphers"))
7883 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007884 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
7885 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
7886 i++;
7887 else {
7888 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
7889 return -1;
7890 }
7891 }
7892 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01007893 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
7894 return -1;
7895 }
7896 i++;
7897 }
7898 return 0;
7899}
7900
7901/* parse the "ssl-default-server-options" keyword in global section */
7902static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
7903 struct proxy *defpx, const char *file, int line,
7904 char **err) {
7905 int i = 1;
7906
7907 if (*(args[i]) == 0) {
7908 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
7909 return -1;
7910 }
7911 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007912 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01007913 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007914 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
7915 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
7916 i++;
7917 else {
7918 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
7919 return -1;
7920 }
7921 }
7922 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01007923 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
7924 return -1;
7925 }
7926 i++;
7927 }
7928 return 0;
7929}
7930
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01007931/* parse the "ca-base" / "crt-base" keywords in global section.
7932 * Returns <0 on alert, >0 on warning, 0 on success.
7933 */
7934static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
7935 struct proxy *defpx, const char *file, int line,
7936 char **err)
7937{
7938 char **target;
7939
Willy Tarreauef934602016-12-22 23:12:01 +01007940 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01007941
7942 if (too_many_args(1, args, err, NULL))
7943 return -1;
7944
7945 if (*target) {
7946 memprintf(err, "'%s' already specified.", args[0]);
7947 return -1;
7948 }
7949
7950 if (*(args[1]) == 0) {
7951 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
7952 return -1;
7953 }
7954 *target = strdup(args[1]);
7955 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00007956}
7957
7958/* parse the "ssl-mode-async" keyword in global section.
7959 * Returns <0 on alert, >0 on warning, 0 on success.
7960 */
7961static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
7962 struct proxy *defpx, const char *file, int line,
7963 char **err)
7964{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02007965#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00007966 global_ssl.async = 1;
7967 return 0;
7968#else
7969 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
7970 return -1;
7971#endif
7972}
7973
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02007974#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00007975static int ssl_check_async_engine_count(void) {
7976 int err_code = 0;
7977
Emeric Brun3854e012017-05-17 20:42:48 +02007978 if (global_ssl.async && (openssl_engines_initialized > 32)) {
7979 Alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00007980 err_code = ERR_ABORT;
7981 }
7982 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01007983}
7984
Grant Zhang872f9c22017-01-21 01:10:18 +00007985/* parse the "ssl-engine" keyword in global section.
7986 * Returns <0 on alert, >0 on warning, 0 on success.
7987 */
7988static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
7989 struct proxy *defpx, const char *file, int line,
7990 char **err)
7991{
7992 char *algo;
7993 int ret = -1;
7994
7995 if (*(args[1]) == 0) {
7996 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
7997 return ret;
7998 }
7999
8000 if (*(args[2]) == 0) {
8001 /* if no list of algorithms is given, it defaults to ALL */
8002 algo = strdup("ALL");
8003 goto add_engine;
8004 }
8005
8006 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8007 if (strcmp(args[2], "algo") != 0) {
8008 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8009 return ret;
8010 }
8011
8012 if (*(args[3]) == 0) {
8013 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8014 return ret;
8015 }
8016 algo = strdup(args[3]);
8017
8018add_engine:
8019 if (ssl_init_single_engine(args[1], algo)==0) {
8020 openssl_engines_initialized++;
8021 ret = 0;
8022 }
8023 free(algo);
8024 return ret;
8025}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008026#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008027
Willy Tarreauf22e9682016-12-21 23:23:19 +01008028/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8029 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8030 */
8031static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8032 struct proxy *defpx, const char *file, int line,
8033 char **err)
8034{
8035 char **target;
8036
Willy Tarreauef934602016-12-22 23:12:01 +01008037 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008038
8039 if (too_many_args(1, args, err, NULL))
8040 return -1;
8041
8042 if (*(args[1]) == 0) {
8043 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8044 return -1;
8045 }
8046
8047 free(*target);
8048 *target = strdup(args[1]);
8049 return 0;
8050}
8051
Willy Tarreau9ceda382016-12-21 23:13:03 +01008052/* parse various global tune.ssl settings consisting in positive integers.
8053 * Returns <0 on alert, >0 on warning, 0 on success.
8054 */
8055static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8056 struct proxy *defpx, const char *file, int line,
8057 char **err)
8058{
8059 int *target;
8060
8061 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8062 target = &global.tune.sslcachesize;
8063 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008064 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008065 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008066 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008067 else if (strcmp(args[0], "maxsslconn") == 0)
8068 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008069 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8070 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008071 else {
8072 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8073 return -1;
8074 }
8075
8076 if (too_many_args(1, args, err, NULL))
8077 return -1;
8078
8079 if (*(args[1]) == 0) {
8080 memprintf(err, "'%s' expects an integer argument.", args[0]);
8081 return -1;
8082 }
8083
8084 *target = atoi(args[1]);
8085 if (*target < 0) {
8086 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8087 return -1;
8088 }
8089 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008090}
8091
8092static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8093 struct proxy *defpx, const char *file, int line,
8094 char **err)
8095{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008096 int ret;
8097
8098 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8099 if (ret != 0)
8100 return ret;
8101
8102 if (pool2_ssl_capture) {
8103 memprintf(err, "'%s' is already configured.", args[0]);
8104 return -1;
8105 }
8106
8107 pool2_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8108 if (!pool2_ssl_capture) {
8109 memprintf(err, "Out of memory error.");
8110 return -1;
8111 }
8112 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008113}
8114
8115/* parse "ssl.force-private-cache".
8116 * Returns <0 on alert, >0 on warning, 0 on success.
8117 */
8118static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8119 struct proxy *defpx, const char *file, int line,
8120 char **err)
8121{
8122 if (too_many_args(0, args, err, NULL))
8123 return -1;
8124
Willy Tarreauef934602016-12-22 23:12:01 +01008125 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008126 return 0;
8127}
8128
8129/* parse "ssl.lifetime".
8130 * Returns <0 on alert, >0 on warning, 0 on success.
8131 */
8132static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8133 struct proxy *defpx, const char *file, int line,
8134 char **err)
8135{
8136 const char *res;
8137
8138 if (too_many_args(1, args, err, NULL))
8139 return -1;
8140
8141 if (*(args[1]) == 0) {
8142 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8143 return -1;
8144 }
8145
Willy Tarreauef934602016-12-22 23:12:01 +01008146 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008147 if (res) {
8148 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8149 return -1;
8150 }
8151 return 0;
8152}
8153
8154#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008155/* parse "ssl-dh-param-file".
8156 * Returns <0 on alert, >0 on warning, 0 on success.
8157 */
8158static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8159 struct proxy *defpx, const char *file, int line,
8160 char **err)
8161{
8162 if (too_many_args(1, args, err, NULL))
8163 return -1;
8164
8165 if (*(args[1]) == 0) {
8166 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8167 return -1;
8168 }
8169
8170 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8171 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8172 return -1;
8173 }
8174 return 0;
8175}
8176
Willy Tarreau9ceda382016-12-21 23:13:03 +01008177/* parse "ssl.default-dh-param".
8178 * Returns <0 on alert, >0 on warning, 0 on success.
8179 */
8180static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8181 struct proxy *defpx, const char *file, int line,
8182 char **err)
8183{
8184 if (too_many_args(1, args, err, NULL))
8185 return -1;
8186
8187 if (*(args[1]) == 0) {
8188 memprintf(err, "'%s' expects an integer argument.", args[0]);
8189 return -1;
8190 }
8191
Willy Tarreauef934602016-12-22 23:12:01 +01008192 global_ssl.default_dh_param = atoi(args[1]);
8193 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008194 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8195 return -1;
8196 }
8197 return 0;
8198}
8199#endif
8200
8201
William Lallemand32af2032016-10-29 18:09:35 +02008202/* This function is used with TLS ticket keys management. It permits to browse
8203 * each reference. The variable <getnext> must contain the current node,
8204 * <end> point to the root node.
8205 */
8206#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8207static inline
8208struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8209{
8210 struct tls_keys_ref *ref = getnext;
8211
8212 while (1) {
8213
8214 /* Get next list entry. */
8215 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8216
8217 /* If the entry is the last of the list, return NULL. */
8218 if (&ref->list == end)
8219 return NULL;
8220
8221 return ref;
8222 }
8223}
8224
8225static inline
8226struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8227{
8228 int id;
8229 char *error;
8230
8231 /* If the reference starts by a '#', this is numeric id. */
8232 if (reference[0] == '#') {
8233 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8234 id = strtol(reference + 1, &error, 10);
8235 if (*error != '\0')
8236 return NULL;
8237
8238 /* Perform the unique id lookup. */
8239 return tlskeys_ref_lookupid(id);
8240 }
8241
8242 /* Perform the string lookup. */
8243 return tlskeys_ref_lookup(reference);
8244}
8245#endif
8246
8247
8248#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8249
8250static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8251
8252static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8253 return cli_io_handler_tlskeys_files(appctx);
8254}
8255
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008256/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8257 * (next index to be dumped), and cli.p0 (next key reference).
8258 */
William Lallemand32af2032016-10-29 18:09:35 +02008259static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8260
8261 struct stream_interface *si = appctx->owner;
8262
8263 switch (appctx->st2) {
8264 case STAT_ST_INIT:
8265 /* Display the column headers. If the message cannot be sent,
8266 * quit the fucntion with returning 0. The function is called
8267 * later and restart at the state "STAT_ST_INIT".
8268 */
8269 chunk_reset(&trash);
8270
8271 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8272 chunk_appendf(&trash, "# id secret\n");
8273 else
8274 chunk_appendf(&trash, "# id (file)\n");
8275
Willy Tarreau06d80a92017-10-19 14:32:15 +02008276 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008277 si_applet_cant_put(si);
8278 return 0;
8279 }
8280
William Lallemand32af2032016-10-29 18:09:35 +02008281 /* Now, we start the browsing of the references lists.
8282 * Note that the following call to LIST_ELEM return bad pointer. The only
8283 * available field of this pointer is <list>. It is used with the function
8284 * tlskeys_list_get_next() for retruning the first available entry
8285 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008286 if (appctx->ctx.cli.p0 == NULL) {
8287 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8288 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008289 }
8290
8291 appctx->st2 = STAT_ST_LIST;
8292 /* fall through */
8293
8294 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008295 while (appctx->ctx.cli.p0) {
8296 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
8297 int head = ref->tls_ticket_enc_index;
William Lallemand32af2032016-10-29 18:09:35 +02008298
8299 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008300 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008301 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008302
8303 if (appctx->ctx.cli.i1 == 0)
8304 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8305
William Lallemand32af2032016-10-29 18:09:35 +02008306 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008307 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
William Lallemand32af2032016-10-29 18:09:35 +02008308 struct chunk *t2 = get_trash_chunk();
8309
8310 chunk_reset(t2);
8311 /* should never fail here because we dump only a key in the t2 buffer */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008312 t2->len = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
William Lallemand32af2032016-10-29 18:09:35 +02008313 sizeof(struct tls_sess_key), t2->str, t2->size);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008314 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1, t2->str);
William Lallemand32af2032016-10-29 18:09:35 +02008315
Willy Tarreau06d80a92017-10-19 14:32:15 +02008316 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008317 /* let's try again later from this stream. We add ourselves into
8318 * this stream's users so that it can remove us upon termination.
8319 */
8320 si_applet_cant_put(si);
8321 return 0;
8322 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008323 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008324 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008325 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008326 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008327 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008328 /* let's try again later from this stream. We add ourselves into
8329 * this stream's users so that it can remove us upon termination.
8330 */
8331 si_applet_cant_put(si);
8332 return 0;
8333 }
8334
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008335 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008336 break;
8337
8338 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008339 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008340 }
8341
8342 appctx->st2 = STAT_ST_FIN;
8343 /* fall through */
8344
8345 default:
8346 appctx->st2 = STAT_ST_FIN;
8347 return 1;
8348 }
8349 return 0;
8350}
8351
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008352/* sets cli.i0 to non-zero if only file lists should be dumped */
William Lallemand32af2032016-10-29 18:09:35 +02008353static int cli_parse_show_tlskeys(char **args, struct appctx *appctx, void *private)
8354{
William Lallemand32af2032016-10-29 18:09:35 +02008355 /* no parameter, shows only file list */
8356 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008357 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008358 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008359 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008360 }
8361
8362 if (args[2][0] == '*') {
8363 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008364 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008365 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008366 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8367 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008368 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008369 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008370 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008371 return 1;
8372 }
8373 }
William Lallemand32af2032016-10-29 18:09:35 +02008374 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008375 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008376}
8377
William Lallemand32af2032016-10-29 18:09:35 +02008378static int cli_parse_set_tlskeys(char **args, struct appctx *appctx, void *private)
8379{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008380 struct tls_keys_ref *ref;
8381
William Lallemand32af2032016-10-29 18:09:35 +02008382 /* Expect two parameters: the filename and the new new TLS key in encoding */
8383 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008384 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008385 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008386 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008387 return 1;
8388 }
8389
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008390 ref = tlskeys_ref_lookup_ref(args[3]);
8391 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008392 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008393 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008394 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008395 return 1;
8396 }
8397
8398 trash.len = base64dec(args[4], strlen(args[4]), trash.str, trash.size);
8399 if (trash.len != sizeof(struct tls_sess_key)) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008400 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008401 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008402 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008403 return 1;
8404 }
8405
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008406 memcpy(ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO), trash.str, trash.len);
8407 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
William Lallemand32af2032016-10-29 18:09:35 +02008408
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008409 appctx->ctx.cli.severity = LOG_INFO;
William Lallemand32af2032016-10-29 18:09:35 +02008410 appctx->ctx.cli.msg = "TLS ticket key updated!";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008411 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008412 return 1;
8413
8414}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008415#endif
William Lallemand32af2032016-10-29 18:09:35 +02008416
8417static int cli_parse_set_ocspresponse(char **args, struct appctx *appctx, void *private)
8418{
8419#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
8420 char *err = NULL;
8421
8422 /* Expect one parameter: the new response in base64 encoding */
8423 if (!*args[3]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008424 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008425 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008426 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008427 return 1;
8428 }
8429
8430 trash.len = base64dec(args[3], strlen(args[3]), trash.str, trash.size);
8431 if (trash.len < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008432 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008433 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008434 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008435 return 1;
8436 }
8437
8438 if (ssl_sock_update_ocsp_response(&trash, &err)) {
8439 if (err) {
8440 memprintf(&err, "%s.\n", err);
8441 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008442 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02008443 }
8444 return 1;
8445 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008446 appctx->ctx.cli.severity = LOG_INFO;
William Lallemand32af2032016-10-29 18:09:35 +02008447 appctx->ctx.cli.msg = "OCSP Response updated!";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008448 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008449 return 1;
8450#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008451 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008452 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008453 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008454 return 1;
8455#endif
8456
8457}
8458
8459/* register cli keywords */
8460static struct cli_kw_list cli_kws = {{ },{
8461#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8462 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02008463 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008464#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008465 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008466 { { NULL }, NULL, NULL, NULL }
8467}};
8468
8469
Willy Tarreau7875d092012-09-10 08:20:03 +02008470/* Note: must not be declared <const> as its list will be overwritten.
8471 * Please take care of keeping this list alphabetically sorted.
8472 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008473static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02008474 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008475 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008476 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
8477 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02008478 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008479 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008480 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008481 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8482 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008483 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008484 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008485 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8486 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8487 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8488 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8489 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8490 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8491 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8492 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008493 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008494 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8495 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008496 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008497 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8498 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8499 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8500 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8501 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8502 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8503 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02008504 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008505 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008506 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008507 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008508 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008509 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008510 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008511 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02008512 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02008513#ifdef OPENSSL_NPN_NEGOTIATED
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008514 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02008515#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008516#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008517 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02008518#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008519 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Emeric Brunb73a9b02014-04-30 18:49:19 +02008520 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008521 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008522 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8523 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008524 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8525 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8526 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8527 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02008528 { NULL, NULL, 0, 0, 0 },
8529}};
8530
8531/* Note: must not be declared <const> as its list will be overwritten.
8532 * Please take care of keeping this list alphabetically sorted.
8533 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008534static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01008535 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
8536 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01008537 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02008538}};
8539
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008540/* Note: must not be declared <const> as its list will be overwritten.
8541 * Please take care of keeping this list alphabetically sorted, doing so helps
8542 * all code contributors.
8543 * Optional keywords are also declared with a NULL ->parse() function so that
8544 * the config parser can report an appropriate error when a known keyword was
8545 * not enabled.
8546 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008547static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008548 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008549 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8550 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8551 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8552 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008553 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008554 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008555 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008556 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008557 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
8558 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008559 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
8560 { NULL, NULL, 0 },
8561};
8562
Willy Tarreau51fb7652012-09-18 18:24:39 +02008563static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008564 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008565 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8566 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8567 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
8568 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
8569 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
8570 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8571 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
8572 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
8573 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
8574 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
8575 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
8576 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
8577 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
8578 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
8579 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
8580 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008581 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008582 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008583 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008584 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
8585 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
8586 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
8587 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008588 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008589 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
8590 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008591 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
8592 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008593 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
8594 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
8595 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
8596 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
8597 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008598 { NULL, NULL, 0 },
8599}};
Emeric Brun46591952012-05-18 15:47:34 +02008600
Willy Tarreau92faadf2012-10-10 23:04:25 +02008601/* Note: must not be declared <const> as its list will be overwritten.
8602 * Please take care of keeping this list alphabetically sorted, doing so helps
8603 * all code contributors.
8604 * Optional keywords are also declared with a NULL ->parse() function so that
8605 * the config parser can report an appropriate error when a known keyword was
8606 * not enabled.
8607 */
8608static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01008609 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008610 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard9130a962017-10-17 17:33:43 +02008611 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008612 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
8613 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
8614 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
8615 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
8616 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
8617 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
8618 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
8619 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
8620 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
8621 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
8622 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
8623 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
8624 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
8625 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
8626 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
8627 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
8628 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
8629 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
8630 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
8631 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
8632 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
8633 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
8634 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
8635 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
8636 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
8637 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
8638 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
8639 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
8640 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
8641 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02008642 { NULL, NULL, 0, 0 },
8643}};
8644
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008645static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008646 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
8647 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008648 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008649 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
8650 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01008651#ifndef OPENSSL_NO_DH
8652 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
8653#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008654 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008655#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008656 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008657#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01008658 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
8659#ifndef OPENSSL_NO_DH
8660 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
8661#endif
8662 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
8663 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
8664 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
8665 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008666 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01008667 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
8668 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008669 { 0, NULL, NULL },
8670}};
8671
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02008672/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01008673static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02008674 .snd_buf = ssl_sock_from_buf,
8675 .rcv_buf = ssl_sock_to_buf,
8676 .rcv_pipe = NULL,
8677 .snd_pipe = NULL,
8678 .shutr = NULL,
8679 .shutw = ssl_sock_shutw,
8680 .close = ssl_sock_close,
8681 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01008682 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01008683 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01008684 .prepare_srv = ssl_sock_prepare_srv_ctx,
8685 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01008686 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01008687 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02008688};
8689
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008690enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
8691 struct session *sess, struct stream *s, int flags)
8692{
8693 struct connection *conn;
8694
8695 conn = objt_conn(sess->origin);
8696
8697 if (conn) {
8698 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
8699 s->req.flags |= CF_READ_NULL;
8700 return ACT_RET_YIELD;
8701 }
8702 }
8703 return (ACT_RET_CONT);
8704}
8705
8706static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
8707{
8708 rule->action_ptr = ssl_action_wait_for_hs;
8709
8710 return ACT_RET_PRS_OK;
8711}
8712
8713static struct action_kw_list http_req_actions = {ILH, {
8714 { "wait-for-handshake", ssl_parse_wait_for_hs },
8715 { /* END */ }
8716}};
8717
Daniel Jakots54ffb912015-11-06 20:02:41 +01008718#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008719
8720static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8721{
8722 if (ptr) {
8723 chunk_destroy(ptr);
8724 free(ptr);
8725 }
8726}
8727
8728#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008729static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8730{
8731 pool_free2(pool2_ssl_capture, ptr);
8732}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008733
Emeric Brun46591952012-05-18 15:47:34 +02008734__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02008735static void __ssl_sock_init(void)
8736{
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008737 char *ptr;
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008738 int i;
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008739
Emeric Brun46591952012-05-18 15:47:34 +02008740 STACK_OF(SSL_COMP)* cm;
8741
Willy Tarreauef934602016-12-22 23:12:01 +01008742 if (global_ssl.listen_default_ciphers)
8743 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
8744 if (global_ssl.connect_default_ciphers)
8745 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau610f04b2014-02-13 11:36:41 +01008746
Willy Tarreau13e14102016-12-22 20:25:26 +01008747 xprt_register(XPRT_SSL, &ssl_sock);
Emeric Brun46591952012-05-18 15:47:34 +02008748 SSL_library_init();
8749 cm = SSL_COMP_get_compression_methods();
8750 sk_SSL_COMP_zero(cm);
Emeric Brun821bb9b2017-06-15 16:37:39 +02008751#ifdef USE_THREAD
8752 ssl_locking_init();
8753#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01008754#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008755 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
8756#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008757 ssl_capture_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Willy Tarreau7875d092012-09-10 08:20:03 +02008758 sample_register_fetches(&sample_fetch_keywords);
8759 acl_register_keywords(&acl_kws);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008760 bind_register_keywords(&bind_kws);
Willy Tarreau92faadf2012-10-10 23:04:25 +02008761 srv_register_keywords(&srv_kws);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008762 cfg_register_keywords(&cfg_kws);
William Lallemand32af2032016-10-29 18:09:35 +02008763 cli_register_kw(&cli_kws);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008764#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008765 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008766 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008767#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01008768#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8769 hap_register_post_check(tlskeys_finalize_config);
8770#endif
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01008771
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008772 ptr = NULL;
8773 memprintf(&ptr, "Built with OpenSSL version : "
8774#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01008775 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008776#else /* OPENSSL_IS_BORINGSSL */
8777 OPENSSL_VERSION_TEXT
8778 "\nRunning on OpenSSL version : %s%s",
8779 SSLeay_version(SSLEAY_VERSION),
8780 ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
8781#endif
8782 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
8783#if OPENSSL_VERSION_NUMBER < 0x00907000L
8784 "no (library version too old)"
8785#elif defined(OPENSSL_NO_TLSEXT)
8786 "no (disabled via OPENSSL_NO_TLSEXT)"
8787#else
8788 "yes"
8789#endif
8790 "", ptr);
8791
8792 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
8793#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
8794 "yes"
8795#else
8796#ifdef OPENSSL_NO_TLSEXT
8797 "no (because of OPENSSL_NO_TLSEXT)"
8798#else
8799 "no (version might be too old, 0.9.8f min needed)"
8800#endif
8801#endif
8802 "", ptr);
8803
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008804 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
8805 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
8806 if (methodVersions[i].option)
8807 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01008808
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008809 hap_register_build_opts(ptr, 1);
8810
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01008811 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
8812 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
Remi Gacogne4f902b82015-05-28 16:23:00 +02008813
8814#ifndef OPENSSL_NO_DH
8815 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Grant Zhang872f9c22017-01-21 01:10:18 +00008816 hap_register_post_deinit(ssl_free_dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02008817#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008818#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008819 hap_register_post_deinit(ssl_free_engines);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008820#endif
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02008821 /* Load SSL string for the verbose & debug mode. */
8822 ERR_load_SSL_strings();
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008823
8824 http_req_keywords_register(&http_req_actions);
Emeric Brun46591952012-05-18 15:47:34 +02008825}
8826
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008827#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008828void ssl_free_engines(void) {
8829 struct ssl_engine_list *wl, *wlb;
8830 /* free up engine list */
8831 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
8832 ENGINE_finish(wl->e);
8833 ENGINE_free(wl->e);
8834 LIST_DEL(&wl->list);
8835 free(wl);
8836 }
8837}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008838#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02008839
Remi Gacogned3a23c32015-05-28 16:39:47 +02008840#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00008841void ssl_free_dh(void) {
8842 if (local_dh_1024) {
8843 DH_free(local_dh_1024);
8844 local_dh_1024 = NULL;
8845 }
8846 if (local_dh_2048) {
8847 DH_free(local_dh_2048);
8848 local_dh_2048 = NULL;
8849 }
8850 if (local_dh_4096) {
8851 DH_free(local_dh_4096);
8852 local_dh_4096 = NULL;
8853 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02008854 if (global_dh) {
8855 DH_free(global_dh);
8856 global_dh = NULL;
8857 }
Grant Zhang872f9c22017-01-21 01:10:18 +00008858}
8859#endif
8860
8861__attribute__((destructor))
8862static void __ssl_sock_deinit(void)
8863{
8864#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02008865 if (ssl_ctx_lru_tree) {
8866 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01008867 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02008868 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02008869#endif
8870
8871 ERR_remove_state(0);
8872 ERR_free_strings();
8873
8874 EVP_cleanup();
8875
8876#if OPENSSL_VERSION_NUMBER >= 0x00907000L
8877 CRYPTO_cleanup_all_ex_data();
8878#endif
8879}
8880
8881
Emeric Brun46591952012-05-18 15:47:34 +02008882/*
8883 * Local variables:
8884 * c-indent-level: 8
8885 * c-basic-offset: 8
8886 * End:
8887 */