blob: 9e3341a31b6b881cdc29d4cd1c82e97835dce435 [file] [log] [blame]
yanbzhu08ce6ab2015-12-02 13:01:29 -05001
Emeric Brun46591952012-05-18 15:47:34 +02002/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02003 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02004 *
5 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
Willy Tarreau69845df2012-09-10 09:43:09 +020012 * Acknowledgement:
13 * We'd like to specially thank the Stud project authors for a very clean
14 * and well documented code which helped us understand how the OpenSSL API
15 * ought to be used in non-blocking mode. This is one difficult part which
16 * is not easy to get from the OpenSSL doc, and reading the Stud code made
17 * it much more obvious than the examples in the OpenSSL package. Keep up
18 * the good works, guys !
19 *
20 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
21 * particularly well with haproxy. For more info about this project, visit :
22 * https://github.com/bumptech/stud
23 *
Emeric Brun46591952012-05-18 15:47:34 +020024 */
25
26#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020027#include <ctype.h>
28#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020029#include <errno.h>
30#include <fcntl.h>
31#include <stdio.h>
32#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020033#include <string.h>
34#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020035
36#include <sys/socket.h>
37#include <sys/stat.h>
38#include <sys/types.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020039#include <netdb.h>
Emeric Brun46591952012-05-18 15:47:34 +020040#include <netinet/tcp.h>
41
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020042#include <openssl/crypto.h>
Emeric Brun46591952012-05-18 15:47:34 +020043#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020044#include <openssl/x509.h>
45#include <openssl/x509v3.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020046#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010047#include <openssl/rand.h>
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +020048#include <openssl/hmac.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010049#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020050#include <openssl/ocsp.h>
51#endif
Remi Gacogne4f902b82015-05-28 16:23:00 +020052#ifndef OPENSSL_NO_DH
53#include <openssl/dh.h>
54#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020055#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +000056#include <openssl/engine.h>
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +020057#endif
Emeric Brun46591952012-05-18 15:47:34 +020058
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +020059#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +000060#include <openssl/async.h>
61#endif
62
Christopher Faulet31af49d2015-06-09 17:29:50 +020063#include <import/lru.h>
64#include <import/xxhash.h>
65
Emeric Brun46591952012-05-18 15:47:34 +020066#include <common/buffer.h>
67#include <common/compat.h>
68#include <common/config.h>
69#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020070#include <common/errors.h>
Emeric Brun46591952012-05-18 15:47:34 +020071#include <common/standard.h>
72#include <common/ticks.h>
73#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010074#include <common/cfgparse.h>
Nenad Merdanovic05552d42015-02-27 19:56:49 +010075#include <common/base64.h>
Emeric Brun46591952012-05-18 15:47:34 +020076
Emeric Brunfc0421f2012-09-07 17:30:07 +020077#include <ebsttree.h>
78
William Lallemand32af2032016-10-29 18:09:35 +020079#include <types/applet.h>
80#include <types/cli.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020081#include <types/global.h>
82#include <types/ssl_sock.h>
William Lallemand32af2032016-10-29 18:09:35 +020083#include <types/stats.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020084
Willy Tarreau7875d092012-09-10 08:20:03 +020085#include <proto/acl.h>
86#include <proto/arg.h>
William Lallemand32af2032016-10-29 18:09:35 +020087#include <proto/channel.h>
Emeric Brun46591952012-05-18 15:47:34 +020088#include <proto/connection.h>
William Lallemand32af2032016-10-29 18:09:35 +020089#include <proto/cli.h>
Emeric Brun46591952012-05-18 15:47:34 +020090#include <proto/fd.h>
91#include <proto/freq_ctr.h>
92#include <proto/frontend.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020093#include <proto/listener.h>
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +020094#include <proto/openssl-compat.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010095#include <proto/pattern.h>
Christopher Faulet31af49d2015-06-09 17:29:50 +020096#include <proto/proto_tcp.h>
Olivier Houchardccaa7de2017-10-02 11:51:03 +020097#include <proto/proto_http.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020098#include <proto/server.h>
William Lallemand32af2032016-10-29 18:09:35 +020099#include <proto/stream_interface.h>
Emeric Brun46591952012-05-18 15:47:34 +0200100#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +0200101#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +0200102#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +0200103#include <proto/ssl_sock.h>
Willy Tarreau9ad7bd42015-04-03 19:19:59 +0200104#include <proto/stream.h>
Emeric Brun46591952012-05-18 15:47:34 +0200105#include <proto/task.h>
106
Willy Tarreau518cedd2014-02-17 15:43:01 +0100107/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +0200108#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +0100109#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +0100110#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +0200111#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
112
Emeric Brunf282a812012-09-21 15:27:54 +0200113/* bits 0xFFFF0000 are reserved to store verify errors */
114
115/* Verify errors macros */
116#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
117#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
118#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
119
120#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
121#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
122#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +0200123
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100124/* Supported hash function for TLS tickets */
125#ifdef OPENSSL_NO_SHA256
126#define HASH_FUNCT EVP_sha1
127#else
128#define HASH_FUNCT EVP_sha256
129#endif /* OPENSSL_NO_SHA256 */
130
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200131/* ssl_methods flags for ssl options */
132#define MC_SSL_O_ALL 0x0000
133#define MC_SSL_O_NO_SSLV3 0x0001 /* disable SSLv3 */
134#define MC_SSL_O_NO_TLSV10 0x0002 /* disable TLSv10 */
135#define MC_SSL_O_NO_TLSV11 0x0004 /* disable TLSv11 */
136#define MC_SSL_O_NO_TLSV12 0x0008 /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200137#define MC_SSL_O_NO_TLSV13 0x0010 /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200138
139/* ssl_methods versions */
140enum {
141 CONF_TLSV_NONE = 0,
142 CONF_TLSV_MIN = 1,
143 CONF_SSLV3 = 1,
144 CONF_TLSV10 = 2,
145 CONF_TLSV11 = 3,
146 CONF_TLSV12 = 4,
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +0200147 CONF_TLSV13 = 5,
148 CONF_TLSV_MAX = 5,
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200149};
150
Emeric Brun850efd52014-01-29 12:24:34 +0100151/* server and bind verify method, it uses a global value as default */
152enum {
153 SSL_SOCK_VERIFY_DEFAULT = 0,
154 SSL_SOCK_VERIFY_REQUIRED = 1,
155 SSL_SOCK_VERIFY_OPTIONAL = 2,
156 SSL_SOCK_VERIFY_NONE = 3,
157};
158
William Lallemand3f85c9a2017-10-09 16:30:50 +0200159
Willy Tarreau71b734c2014-01-28 15:19:44 +0100160int sslconns = 0;
161int totalsslconns = 0;
Willy Tarreaud9f5cca2016-12-22 21:08:52 +0100162static struct xprt_ops ssl_sock;
Emeric Brunece0c332017-12-06 13:51:49 +0100163int nb_engines = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200164
Willy Tarreauef934602016-12-22 23:12:01 +0100165static struct {
166 char *crt_base; /* base directory path for certificates */
167 char *ca_base; /* base directory path for CAs and CRLs */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000168 int async; /* whether we use ssl async mode */
Willy Tarreauef934602016-12-22 23:12:01 +0100169
170 char *listen_default_ciphers;
171 char *connect_default_ciphers;
172 int listen_default_ssloptions;
173 int connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200174 struct tls_version_filter listen_default_sslmethods;
175 struct tls_version_filter connect_default_sslmethods;
Willy Tarreauef934602016-12-22 23:12:01 +0100176
177 int private_cache; /* Force to use a private session cache even if nbproc > 1 */
178 unsigned int life_time; /* SSL session lifetime in seconds */
179 unsigned int max_record; /* SSL max record size */
180 unsigned int default_dh_param; /* SSL maximum DH parameter size */
181 int ctx_cache; /* max number of entries in the ssl_ctx cache. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100182 int capture_cipherlist; /* Size of the cipherlist buffer. */
Willy Tarreauef934602016-12-22 23:12:01 +0100183} global_ssl = {
184#ifdef LISTEN_DEFAULT_CIPHERS
185 .listen_default_ciphers = LISTEN_DEFAULT_CIPHERS,
186#endif
187#ifdef CONNECT_DEFAULT_CIPHERS
188 .connect_default_ciphers = CONNECT_DEFAULT_CIPHERS,
189#endif
190 .listen_default_ssloptions = BC_SSL_O_NONE,
191 .connect_default_ssloptions = SRV_SSL_O_NONE,
192
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +0200193 .listen_default_sslmethods.flags = MC_SSL_O_ALL,
194 .listen_default_sslmethods.min = CONF_TLSV_NONE,
195 .listen_default_sslmethods.max = CONF_TLSV_NONE,
196 .connect_default_sslmethods.flags = MC_SSL_O_ALL,
197 .connect_default_sslmethods.min = CONF_TLSV_NONE,
198 .connect_default_sslmethods.max = CONF_TLSV_NONE,
199
Willy Tarreauef934602016-12-22 23:12:01 +0100200#ifdef DEFAULT_SSL_MAX_RECORD
201 .max_record = DEFAULT_SSL_MAX_RECORD,
202#endif
203 .default_dh_param = SSL_DEFAULT_DH_PARAM,
204 .ctx_cache = DEFAULT_SSL_CTX_CACHE,
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100205 .capture_cipherlist = 0,
Willy Tarreauef934602016-12-22 23:12:01 +0100206};
207
Emeric Brun821bb9b2017-06-15 16:37:39 +0200208#ifdef USE_THREAD
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100209
Emeric Brun821bb9b2017-06-15 16:37:39 +0200210static HA_RWLOCK_T *ssl_rwlocks;
211
212
213unsigned long ssl_id_function(void)
214{
215 return (unsigned long)tid;
216}
217
218void ssl_locking_function(int mode, int n, const char * file, int line)
219{
220 if (mode & CRYPTO_LOCK) {
221 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100222 HA_RWLOCK_RDLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200223 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100224 HA_RWLOCK_WRLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200225 }
226 else {
227 if (mode & CRYPTO_READ)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100228 HA_RWLOCK_RDUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200229 else
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100230 HA_RWLOCK_WRUNLOCK(SSL_LOCK, &ssl_rwlocks[n]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200231 }
232}
233
234static int ssl_locking_init(void)
235{
236 int i;
237
238 ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
239 if (!ssl_rwlocks)
240 return -1;
241
242 for (i = 0 ; i < CRYPTO_num_locks() ; i++)
Christopher Faulet2a944ee2017-11-07 10:42:54 +0100243 HA_RWLOCK_INIT(&ssl_rwlocks[i]);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200244
245 CRYPTO_set_id_callback(ssl_id_function);
246 CRYPTO_set_locking_callback(ssl_locking_function);
247
248 return 0;
249}
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100250
Emeric Brun821bb9b2017-06-15 16:37:39 +0200251#endif
252
253
254
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100255/* This memory pool is used for capturing clienthello parameters. */
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100256struct ssl_capture {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +0100257 unsigned long long int xxh64;
258 unsigned char ciphersuite_len;
259 char ciphersuite[0];
260};
Willy Tarreaubafbe012017-11-24 17:34:44 +0100261struct pool_head *pool_head_ssl_capture = NULL;
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +0100262static int ssl_capture_ptr_index = -1;
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200263static int ssl_app_data_index = -1;
Willy Tarreauef934602016-12-22 23:12:01 +0100264
Emmanuel Hocdet96b78342017-10-31 15:46:07 +0100265static int ssl_pkey_info_index = -1;
266
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200267#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
268struct list tlskeys_reference = LIST_HEAD_INIT(tlskeys_reference);
269#endif
270
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200271#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000272static unsigned int openssl_engines_initialized;
273struct list openssl_engines = LIST_HEAD_INIT(openssl_engines);
274struct ssl_engine_list {
275 struct list list;
276 ENGINE *e;
277};
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200278#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000279
Remi Gacogne8de54152014-07-15 11:36:40 +0200280#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +0200281static int ssl_dh_ptr_index = -1;
Remi Gacogne47783ef2015-05-29 15:53:22 +0200282static DH *global_dh = NULL;
Remi Gacogne8de54152014-07-15 11:36:40 +0200283static DH *local_dh_1024 = NULL;
284static DH *local_dh_2048 = NULL;
285static DH *local_dh_4096 = NULL;
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +0100286static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen);
Remi Gacogne8de54152014-07-15 11:36:40 +0200287#endif /* OPENSSL_NO_DH */
288
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100289#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +0200290/* X509V3 Extensions that will be added on generated certificates */
291#define X509V3_EXT_SIZE 5
292static char *x509v3_ext_names[X509V3_EXT_SIZE] = {
293 "basicConstraints",
294 "nsComment",
295 "subjectKeyIdentifier",
296 "authorityKeyIdentifier",
297 "keyUsage",
298};
299static char *x509v3_ext_values[X509V3_EXT_SIZE] = {
300 "CA:FALSE",
301 "\"OpenSSL Generated Certificate\"",
302 "hash",
303 "keyid,issuer:always",
304 "nonRepudiation,digitalSignature,keyEncipherment"
305};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200306/* LRU cache to store generated certificate */
307static struct lru64_head *ssl_ctx_lru_tree = NULL;
308static unsigned int ssl_ctx_lru_seed = 0;
Emeric Brun821bb9b2017-06-15 16:37:39 +0200309static unsigned int ssl_ctx_serial;
Christopher Faulet9dcf9b62017-11-13 10:34:01 +0100310__decl_hathreads(static HA_RWLOCK_T ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +0200311
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200312#endif // SSL_CTRL_SET_TLSEXT_HOSTNAME
313
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100314static struct ssl_bind_kw ssl_bind_kws[];
315
yanbzhube2774d2015-12-10 15:07:30 -0500316#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
317/* The order here matters for picking a default context,
318 * keep the most common keytype at the bottom of the list
319 */
320const char *SSL_SOCK_KEYTYPE_NAMES[] = {
321 "dsa",
322 "ecdsa",
323 "rsa"
324};
325#define SSL_SOCK_NUM_KEYTYPES 3
Willy Tarreau30da7ad2015-12-14 11:28:33 +0100326#else
327#define SSL_SOCK_NUM_KEYTYPES 1
yanbzhube2774d2015-12-10 15:07:30 -0500328#endif
329
William Lallemandc3cd35f2017-11-28 11:04:43 +0100330static struct shared_context *ssl_shctx = NULL; /* ssl shared session cache */
William Lallemand4f45bb92017-10-30 20:08:51 +0100331static struct eb_root *sh_ssl_sess_tree; /* ssl shared session tree */
332
333#define sh_ssl_sess_tree_delete(s) ebmb_delete(&(s)->key);
334
335#define sh_ssl_sess_tree_insert(s) (struct sh_ssl_sess_hdr *)ebmb_insert(sh_ssl_sess_tree, \
336 &(s)->key, SSL_MAX_SSL_SESSION_ID_LENGTH);
337
338#define sh_ssl_sess_tree_lookup(k) (struct sh_ssl_sess_hdr *)ebmb_lookup(sh_ssl_sess_tree, \
339 (k), SSL_MAX_SSL_SESSION_ID_LENGTH);
William Lallemand3f85c9a2017-10-09 16:30:50 +0200340
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100341/*
342 * This function gives the detail of the SSL error. It is used only
343 * if the debug mode and the verbose mode are activated. It dump all
344 * the SSL error until the stack was empty.
345 */
346static forceinline void ssl_sock_dump_errors(struct connection *conn)
347{
348 unsigned long ret;
349
350 if (unlikely(global.mode & MODE_DEBUG)) {
351 while(1) {
352 ret = ERR_get_error();
353 if (ret == 0)
354 return;
355 fprintf(stderr, "fd[%04x] OpenSSL error[0x%lx] %s: %s\n",
Willy Tarreau585744b2017-08-24 14:31:19 +0200356 (unsigned short)conn->handle.fd, ret,
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100357 ERR_func_error_string(ret), ERR_reason_error_string(ret));
358 }
359 }
360}
361
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200362#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
yanbzhube2774d2015-12-10 15:07:30 -0500363/*
364 * struct alignment works here such that the key.key is the same as key_data
365 * Do not change the placement of key_data
366 */
Willy Tarreauc8ad3be2015-06-17 15:48:26 +0200367struct certificate_ocsp {
368 struct ebmb_node key;
369 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
370 struct chunk response;
371 long expire;
372};
Christopher Faulet31af49d2015-06-09 17:29:50 +0200373
yanbzhube2774d2015-12-10 15:07:30 -0500374struct ocsp_cbk_arg {
375 int is_single;
376 int single_kt;
377 union {
378 struct certificate_ocsp *s_ocsp;
379 /*
380 * m_ocsp will have multiple entries dependent on key type
381 * Entry 0 - DSA
382 * Entry 1 - ECDSA
383 * Entry 2 - RSA
384 */
385 struct certificate_ocsp *m_ocsp[SSL_SOCK_NUM_KEYTYPES];
386 };
387};
388
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200389#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +0000390static int ssl_init_single_engine(const char *engine_id, const char *def_algorithms)
391{
392 int err_code = ERR_ABORT;
393 ENGINE *engine;
394 struct ssl_engine_list *el;
395
396 /* grab the structural reference to the engine */
397 engine = ENGINE_by_id(engine_id);
398 if (engine == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100399 ha_alert("ssl-engine %s: failed to get structural reference\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000400 goto fail_get;
401 }
402
403 if (!ENGINE_init(engine)) {
404 /* the engine couldn't initialise, release it */
Christopher Faulet767a84b2017-11-24 16:50:31 +0100405 ha_alert("ssl-engine %s: failed to initialize\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000406 goto fail_init;
407 }
408
409 if (ENGINE_set_default_string(engine, def_algorithms) == 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +0100410 ha_alert("ssl-engine %s: failed on ENGINE_set_default_string\n", engine_id);
Grant Zhang872f9c22017-01-21 01:10:18 +0000411 goto fail_set_method;
412 }
413
414 el = calloc(1, sizeof(*el));
415 el->e = engine;
416 LIST_ADD(&openssl_engines, &el->list);
Emeric Brunece0c332017-12-06 13:51:49 +0100417 nb_engines++;
418 if (global_ssl.async)
419 global.ssl_used_async_engines = nb_engines;
Grant Zhang872f9c22017-01-21 01:10:18 +0000420 return 0;
421
422fail_set_method:
423 /* release the functional reference from ENGINE_init() */
424 ENGINE_finish(engine);
425
426fail_init:
427 /* release the structural reference from ENGINE_by_id() */
428 ENGINE_free(engine);
429
430fail_get:
431 return err_code;
432}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +0200433#endif
Grant Zhang872f9c22017-01-21 01:10:18 +0000434
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +0200435#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +0200436/*
437 * openssl async fd handler
438 */
439static void ssl_async_fd_handler(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000440{
441 struct connection *conn = fdtab[fd].owner;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000442
Emeric Brun3854e012017-05-17 20:42:48 +0200443 /* fd is an async enfine fd, we must stop
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000444 * to poll this fd until it is requested
445 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000446 fd_stop_recv(fd);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000447 fd_cant_recv(fd);
448
449 /* crypto engine is available, let's notify the associated
450 * connection that it can pursue its processing.
451 */
Emeric Brunbbc16542017-06-02 15:54:06 +0000452 __conn_sock_want_recv(conn);
453 __conn_sock_want_send(conn);
454 conn_update_sock_polling(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000455}
456
Emeric Brun3854e012017-05-17 20:42:48 +0200457/*
458 * openssl async delayed SSL_free handler
459 */
460static void ssl_async_fd_free(int fd)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000461{
462 SSL *ssl = fdtab[fd].owner;
Emeric Brun3854e012017-05-17 20:42:48 +0200463 OSSL_ASYNC_FD all_fd[32];
464 size_t num_all_fds = 0;
465 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000466
Emeric Brun3854e012017-05-17 20:42:48 +0200467 /* We suppose that the async job for a same SSL *
468 * are serialized. So if we are awake it is
469 * because the running job has just finished
470 * and we can remove all async fds safely
471 */
472 SSL_get_all_async_fds(ssl, NULL, &num_all_fds);
473 if (num_all_fds > 32) {
474 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
475 return;
476 }
477
478 SSL_get_all_async_fds(ssl, all_fd, &num_all_fds);
479 for (i=0 ; i < num_all_fds ; i++)
480 fd_remove(all_fd[i]);
481
482 /* Now we can safely call SSL_free, no more pending job in engines */
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000483 SSL_free(ssl);
484 sslconns--;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +0200485 HA_ATOMIC_SUB(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000486}
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000487/*
Emeric Brun3854e012017-05-17 20:42:48 +0200488 * function used to manage a returned SSL_ERROR_WANT_ASYNC
489 * and enable/disable polling for async fds
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000490 */
Emeric Brun3854e012017-05-17 20:42:48 +0200491static void inline ssl_async_process_fds(struct connection *conn, SSL *ssl)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000492{
Willy Tarreaua9786b62018-01-25 07:22:13 +0100493 OSSL_ASYNC_FD add_fd[32];
Emeric Brun3854e012017-05-17 20:42:48 +0200494 OSSL_ASYNC_FD del_fd[32];
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000495 size_t num_add_fds = 0;
496 size_t num_del_fds = 0;
Emeric Brun3854e012017-05-17 20:42:48 +0200497 int i;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000498
499 SSL_get_changed_async_fds(ssl, NULL, &num_add_fds, NULL,
500 &num_del_fds);
Emeric Brun3854e012017-05-17 20:42:48 +0200501 if (num_add_fds > 32 || num_del_fds > 32) {
502 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000503 return;
504 }
505
Emeric Brun3854e012017-05-17 20:42:48 +0200506 SSL_get_changed_async_fds(ssl, add_fd, &num_add_fds, del_fd, &num_del_fds);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000507
Emeric Brun3854e012017-05-17 20:42:48 +0200508 /* We remove unused fds from the fdtab */
509 for (i=0 ; i < num_del_fds ; i++)
510 fd_remove(del_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000511
Emeric Brun3854e012017-05-17 20:42:48 +0200512 /* We add new fds to the fdtab */
513 for (i=0 ; i < num_add_fds ; i++) {
Willy Tarreaua9786b62018-01-25 07:22:13 +0100514 fd_insert(add_fd[i], conn, ssl_async_fd_handler, tid_bit);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000515 }
516
Emeric Brun3854e012017-05-17 20:42:48 +0200517 num_add_fds = 0;
518 SSL_get_all_async_fds(ssl, NULL, &num_add_fds);
519 if (num_add_fds > 32) {
520 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
521 return;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000522 }
Emeric Brun3854e012017-05-17 20:42:48 +0200523
524 /* We activate the polling for all known async fds */
525 SSL_get_all_async_fds(ssl, add_fd, &num_add_fds);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000526 for (i=0 ; i < num_add_fds ; i++) {
Emeric Brun3854e012017-05-17 20:42:48 +0200527 fd_want_recv(add_fd[i]);
Emeric Brunce9e01c2017-05-31 10:02:53 +0000528 /* To ensure that the fd cache won't be used
529 * We'll prefer to catch a real RD event
530 * because handling an EAGAIN on this fd will
531 * result in a context switch and also
532 * some engines uses a fd in blocking mode.
533 */
534 fd_cant_recv(add_fd[i]);
535 }
Emeric Brun3854e012017-05-17 20:42:48 +0200536
537 /* We must also prevent the conn_handler
538 * to be called until a read event was
539 * polled on an async fd
540 */
541 __conn_sock_stop_both(conn);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +0000542}
543#endif
544
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200545/*
546 * This function returns the number of seconds elapsed
547 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
548 * date presented un ASN1_GENERALIZEDTIME.
549 *
550 * In parsing error case, it returns -1.
551 */
552static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
553{
554 long epoch;
555 char *p, *end;
556 const unsigned short month_offset[12] = {
557 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
558 };
559 int year, month;
560
561 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
562
563 p = (char *)d->data;
564 end = p + d->length;
565
566 if (end - p < 4) return -1;
567 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
568 p += 4;
569 if (end - p < 2) return -1;
570 month = 10 * (p[0] - '0') + p[1] - '0';
571 if (month < 1 || month > 12) return -1;
572 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
573 We consider leap years and the current month (<marsh or not) */
574 epoch = ( ((year - 1970) * 365)
575 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
576 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
577 + month_offset[month-1]
578 ) * 24 * 60 * 60;
579 p += 2;
580 if (end - p < 2) return -1;
581 /* Add the number of seconds of completed days of current month */
582 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
583 p += 2;
584 if (end - p < 2) return -1;
585 /* Add the completed hours of the current day */
586 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
587 p += 2;
588 if (end - p < 2) return -1;
589 /* Add the completed minutes of the current hour */
590 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
591 p += 2;
592 if (p == end) return -1;
593 /* Test if there is available seconds */
594 if (p[0] < '0' || p[0] > '9')
595 goto nosec;
596 if (end - p < 2) return -1;
597 /* Add the seconds of the current minute */
598 epoch += 10 * (p[0] - '0') + p[1] - '0';
599 p += 2;
600 if (p == end) return -1;
601 /* Ignore seconds float part if present */
602 if (p[0] == '.') {
603 do {
604 if (++p == end) return -1;
605 } while (p[0] >= '0' && p[0] <= '9');
606 }
607
608nosec:
609 if (p[0] == 'Z') {
610 if (end - p != 1) return -1;
611 return epoch;
612 }
613 else if (p[0] == '+') {
614 if (end - p != 5) return -1;
615 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700616 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200617 }
618 else if (p[0] == '-') {
619 if (end - p != 5) return -1;
620 /* Apply timezone offset */
Frederik Deweerdt953917a2017-10-16 07:37:31 -0700621 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200622 }
623
624 return -1;
625}
626
Emeric Brun1d3865b2014-06-20 15:37:32 +0200627static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200628
629/* This function starts to check if the OCSP response (in DER format) contained
630 * in chunk 'ocsp_response' is valid (else exits on error).
631 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
632 * contained in the OCSP Response and exits on error if no match.
633 * If it's a valid OCSP Response:
634 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
635 * pointed by 'ocsp'.
636 * If 'ocsp' is NULL, the function looks up into the OCSP response's
637 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
638 * from the response) and exits on error if not found. Finally, If an OCSP response is
639 * already present in the container, it will be overwritten.
640 *
641 * Note: OCSP response containing more than one OCSP Single response is not
642 * considered valid.
643 *
644 * Returns 0 on success, 1 in error case.
645 */
646static int ssl_sock_load_ocsp_response(struct chunk *ocsp_response, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
647{
648 OCSP_RESPONSE *resp;
649 OCSP_BASICRESP *bs = NULL;
650 OCSP_SINGLERESP *sr;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200651 OCSP_CERTID *id;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200652 unsigned char *p = (unsigned char *)ocsp_response->str;
653 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200654 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200655 int reason;
656 int ret = 1;
657
658 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p, ocsp_response->len);
659 if (!resp) {
660 memprintf(err, "Unable to parse OCSP response");
661 goto out;
662 }
663
664 rc = OCSP_response_status(resp);
665 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
666 memprintf(err, "OCSP response status not successful");
667 goto out;
668 }
669
670 bs = OCSP_response_get1_basic(resp);
671 if (!bs) {
672 memprintf(err, "Failed to get basic response from OCSP Response");
673 goto out;
674 }
675
676 count_sr = OCSP_resp_count(bs);
677 if (count_sr > 1) {
678 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
679 goto out;
680 }
681
682 sr = OCSP_resp_get0(bs, 0);
683 if (!sr) {
684 memprintf(err, "Failed to get OCSP single response");
685 goto out;
686 }
687
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200688 id = (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(sr);
689
Emeric Brun4147b2e2014-06-16 18:36:30 +0200690 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
Emmanuel Hocdetef607052017-10-24 14:57:16 +0200691 if (rc != V_OCSP_CERTSTATUS_GOOD && rc != V_OCSP_CERTSTATUS_REVOKED) {
Emmanuel Hocdet872085c2017-10-10 15:18:52 +0200692 memprintf(err, "OCSP single response: certificate status is unknown");
Emeric Brun4147b2e2014-06-16 18:36:30 +0200693 goto out;
694 }
695
Emeric Brun13a6b482014-06-20 15:44:34 +0200696 if (!nextupd) {
697 memprintf(err, "OCSP single response: missing nextupdate");
698 goto out;
699 }
700
Emeric Brunc8b27b62014-06-19 14:16:17 +0200701 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200702 if (!rc) {
703 memprintf(err, "OCSP single response: no longer valid.");
704 goto out;
705 }
706
707 if (cid) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200708 if (OCSP_id_cmp(id, cid)) {
Emeric Brun4147b2e2014-06-16 18:36:30 +0200709 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
710 goto out;
711 }
712 }
713
714 if (!ocsp) {
715 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
716 unsigned char *p;
717
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200718 rc = i2d_OCSP_CERTID(id, NULL);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200719 if (!rc) {
720 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
721 goto out;
722 }
723
724 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
725 memprintf(err, "OCSP single response: Certificate ID too long");
726 goto out;
727 }
728
729 p = key;
730 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200731 i2d_OCSP_CERTID(id, &p);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200732 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
733 if (!ocsp) {
734 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
735 goto out;
736 }
737 }
738
739 /* According to comments on "chunk_dup", the
740 previous chunk buffer will be freed */
741 if (!chunk_dup(&ocsp->response, ocsp_response)) {
742 memprintf(err, "OCSP response: Memory allocation error");
743 goto out;
744 }
745
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200746 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
747
Emeric Brun4147b2e2014-06-16 18:36:30 +0200748 ret = 0;
749out:
Janusz Dziemidowicz8d710492017-03-08 16:59:41 +0100750 ERR_clear_error();
751
Emeric Brun4147b2e2014-06-16 18:36:30 +0200752 if (bs)
753 OCSP_BASICRESP_free(bs);
754
755 if (resp)
756 OCSP_RESPONSE_free(resp);
757
758 return ret;
759}
760/*
761 * External function use to update the OCSP response in the OCSP response's
762 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
763 * to update in DER format.
764 *
765 * Returns 0 on success, 1 in error case.
766 */
767int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err)
768{
769 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
770}
771
772/*
773 * This function load the OCSP Resonse in DER format contained in file at
774 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
775 *
776 * Returns 0 on success, 1 in error case.
777 */
778static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
779{
780 int fd = -1;
781 int r = 0;
782 int ret = 1;
783
784 fd = open(ocsp_path, O_RDONLY);
785 if (fd == -1) {
786 memprintf(err, "Error opening OCSP response file");
787 goto end;
788 }
789
790 trash.len = 0;
791 while (trash.len < trash.size) {
792 r = read(fd, trash.str + trash.len, trash.size - trash.len);
793 if (r < 0) {
794 if (errno == EINTR)
795 continue;
796
797 memprintf(err, "Error reading OCSP response from file");
798 goto end;
799 }
800 else if (r == 0) {
801 break;
802 }
803 trash.len += r;
804 }
805
806 close(fd);
807 fd = -1;
808
809 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
810end:
811 if (fd != -1)
812 close(fd);
813
814 return ret;
815}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100816#endif
Emeric Brun4147b2e2014-06-16 18:36:30 +0200817
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100818#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
819static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
820{
Christopher Faulet16f45c82018-02-16 11:23:49 +0100821 struct tls_keys_ref *ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100822 struct tls_sess_key *keys;
823 struct connection *conn;
824 int head;
825 int i;
Christopher Faulet16f45c82018-02-16 11:23:49 +0100826 int ret = -1; /* error by default */
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100827
Thierry FOURNIER28962c92018-06-17 21:37:05 +0200828 conn = SSL_get_ex_data(s, ssl_app_data_index);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100829 ref = objt_listener(conn->target)->bind_conf->keys_ref;
830 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
831
832 keys = ref->tlskeys;
833 head = ref->tls_ticket_enc_index;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100834
835 if (enc) {
836 memcpy(key_name, keys[head].name, 16);
837
838 if(!RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100839 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100840
841 if(!EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[head].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100842 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100843
844 HMAC_Init_ex(hctx, keys[head].hmac_key, 16, HASH_FUNCT(), NULL);
Christopher Faulet16f45c82018-02-16 11:23:49 +0100845 ret = 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100846 } else {
847 for (i = 0; i < TLS_TICKETS_NO; i++) {
848 if (!memcmp(key_name, keys[(head + i) % TLS_TICKETS_NO].name, 16))
849 goto found;
850 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100851 ret = 0;
852 goto end;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100853
Christopher Faulet16f45c82018-02-16 11:23:49 +0100854 found:
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100855 HMAC_Init_ex(hctx, keys[(head + i) % TLS_TICKETS_NO].hmac_key, 16, HASH_FUNCT(), NULL);
856 if(!EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, keys[(head + i) % TLS_TICKETS_NO].aes_key, iv))
Christopher Faulet16f45c82018-02-16 11:23:49 +0100857 goto end;
858
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100859 /* 2 for key renewal, 1 if current key is still valid */
Christopher Faulet16f45c82018-02-16 11:23:49 +0100860 ret = i ? 2 : 1;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100861 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100862 end:
863 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
864 return ret;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200865}
866
867struct tls_keys_ref *tlskeys_ref_lookup(const char *filename)
868{
869 struct tls_keys_ref *ref;
870
871 list_for_each_entry(ref, &tlskeys_reference, list)
872 if (ref->filename && strcmp(filename, ref->filename) == 0)
873 return ref;
874 return NULL;
875}
876
877struct tls_keys_ref *tlskeys_ref_lookupid(int unique_id)
878{
879 struct tls_keys_ref *ref;
880
881 list_for_each_entry(ref, &tlskeys_reference, list)
882 if (ref->unique_id == unique_id)
883 return ref;
884 return NULL;
885}
886
Christopher Faulet16f45c82018-02-16 11:23:49 +0100887void ssl_sock_update_tlskey_ref(struct tls_keys_ref *ref, struct chunk *tlskey)
888{
889 HA_RWLOCK_WRLOCK(TLSKEYS_REF_LOCK, &ref->lock);
890 memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)), tlskey->str, tlskey->len);
891 ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
892 HA_RWLOCK_WRUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
893}
894
895int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err)
896{
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200897 struct tls_keys_ref *ref = tlskeys_ref_lookup(filename);
898
899 if(!ref) {
900 memprintf(err, "Unable to locate the referenced filename: %s", filename);
901 return 1;
902 }
Christopher Faulet16f45c82018-02-16 11:23:49 +0100903 ssl_sock_update_tlskey_ref(ref, tlskey);
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200904 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100905}
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200906
907/* This function finalize the configuration parsing. Its set all the
Willy Tarreaud1c57502016-12-22 22:46:15 +0100908 * automatic ids. It's called just after the basic checks. It returns
909 * 0 on success otherwise ERR_*.
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200910 */
Willy Tarreaud1c57502016-12-22 22:46:15 +0100911static int tlskeys_finalize_config(void)
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200912{
913 int i = 0;
914 struct tls_keys_ref *ref, *ref2, *ref3;
915 struct list tkr = LIST_HEAD_INIT(tkr);
916
917 list_for_each_entry(ref, &tlskeys_reference, list) {
918 if (ref->unique_id == -1) {
919 /* Look for the first free id. */
920 while (1) {
921 list_for_each_entry(ref2, &tlskeys_reference, list) {
922 if (ref2->unique_id == i) {
923 i++;
924 break;
925 }
926 }
927 if (&ref2->list == &tlskeys_reference)
928 break;
929 }
930
931 /* Uses the unique id and increment it for the next entry. */
932 ref->unique_id = i;
933 i++;
934 }
935 }
936
937 /* This sort the reference list by id. */
938 list_for_each_entry_safe(ref, ref2, &tlskeys_reference, list) {
939 LIST_DEL(&ref->list);
940 list_for_each_entry(ref3, &tkr, list) {
941 if (ref->unique_id < ref3->unique_id) {
942 LIST_ADDQ(&ref3->list, &ref->list);
943 break;
944 }
945 }
946 if (&ref3->list == &tkr)
947 LIST_ADDQ(&tkr, &ref->list);
948 }
949
950 /* swap root */
951 LIST_ADD(&tkr, &tlskeys_reference);
952 LIST_DEL(&tkr);
Willy Tarreaud1c57502016-12-22 22:46:15 +0100953 return 0;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +0200954}
Nenad Merdanovic05552d42015-02-27 19:56:49 +0100955#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
956
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +0100957#ifndef OPENSSL_NO_OCSP
yanbzhube2774d2015-12-10 15:07:30 -0500958int ssl_sock_get_ocsp_arg_kt_index(int evp_keytype)
959{
960 switch (evp_keytype) {
961 case EVP_PKEY_RSA:
962 return 2;
963 case EVP_PKEY_DSA:
964 return 0;
965 case EVP_PKEY_EC:
966 return 1;
967 }
968
969 return -1;
970}
971
Emeric Brun4147b2e2014-06-16 18:36:30 +0200972/*
973 * Callback used to set OCSP status extension content in server hello.
974 */
975int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
976{
yanbzhube2774d2015-12-10 15:07:30 -0500977 struct certificate_ocsp *ocsp;
978 struct ocsp_cbk_arg *ocsp_arg;
979 char *ssl_buf;
980 EVP_PKEY *ssl_pkey;
981 int key_type;
982 int index;
983
Vincent Bernat3c2f2f22016-04-03 13:48:42 +0200984 ocsp_arg = arg;
yanbzhube2774d2015-12-10 15:07:30 -0500985
986 ssl_pkey = SSL_get_privatekey(ssl);
987 if (!ssl_pkey)
988 return SSL_TLSEXT_ERR_NOACK;
989
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +0200990 key_type = EVP_PKEY_base_id(ssl_pkey);
yanbzhube2774d2015-12-10 15:07:30 -0500991
992 if (ocsp_arg->is_single && ocsp_arg->single_kt == key_type)
993 ocsp = ocsp_arg->s_ocsp;
994 else {
995 /* For multiple certs per context, we have to find the correct OCSP response based on
996 * the certificate type
997 */
998 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
999
1000 if (index < 0)
1001 return SSL_TLSEXT_ERR_NOACK;
1002
1003 ocsp = ocsp_arg->m_ocsp[index];
1004
1005 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001006
1007 if (!ocsp ||
1008 !ocsp->response.str ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +02001009 !ocsp->response.len ||
1010 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +02001011 return SSL_TLSEXT_ERR_NOACK;
1012
1013 ssl_buf = OPENSSL_malloc(ocsp->response.len);
1014 if (!ssl_buf)
1015 return SSL_TLSEXT_ERR_NOACK;
1016
1017 memcpy(ssl_buf, ocsp->response.str, ocsp->response.len);
1018 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.len);
1019
1020 return SSL_TLSEXT_ERR_OK;
1021}
1022
1023/*
1024 * This function enables the handling of OCSP status extension on 'ctx' if a
1025 * file name 'cert_path' suffixed using ".ocsp" is present.
1026 * To enable OCSP status extension, the issuer's certificate is mandatory.
1027 * It should be present in the certificate's extra chain builded from file
1028 * 'cert_path'. If not found, the issuer certificate is loaded from a file
1029 * named 'cert_path' suffixed using '.issuer'.
1030 *
1031 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
1032 * response. If file is empty or content is not a valid OCSP response,
1033 * OCSP status extension is enabled but OCSP response is ignored (a warning
1034 * is displayed).
1035 *
1036 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
1037 * succesfully enabled, or -1 in other error case.
1038 */
1039static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
1040{
1041
1042 BIO *in = NULL;
1043 X509 *x, *xi = NULL, *issuer = NULL;
1044 STACK_OF(X509) *chain = NULL;
1045 OCSP_CERTID *cid = NULL;
1046 SSL *ssl;
1047 char ocsp_path[MAXPATHLEN+1];
1048 int i, ret = -1;
1049 struct stat st;
1050 struct certificate_ocsp *ocsp = NULL, *iocsp;
1051 char *warn = NULL;
1052 unsigned char *p;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001053 pem_password_cb *passwd_cb;
1054 void *passwd_cb_userdata;
1055 void (*callback) (void);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001056
1057 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1058
1059 if (stat(ocsp_path, &st))
1060 return 1;
1061
1062 ssl = SSL_new(ctx);
1063 if (!ssl)
1064 goto out;
1065
1066 x = SSL_get_certificate(ssl);
1067 if (!x)
1068 goto out;
1069
1070 /* Try to lookup for issuer in certificate extra chain */
1071#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
1072 SSL_CTX_get_extra_chain_certs(ctx, &chain);
1073#else
1074 chain = ctx->extra_certs;
1075#endif
1076 for (i = 0; i < sk_X509_num(chain); i++) {
1077 issuer = sk_X509_value(chain, i);
1078 if (X509_check_issued(issuer, x) == X509_V_OK)
1079 break;
1080 else
1081 issuer = NULL;
1082 }
1083
1084 /* If not found try to load issuer from a suffixed file */
1085 if (!issuer) {
1086 char issuer_path[MAXPATHLEN+1];
1087
1088 in = BIO_new(BIO_s_file());
1089 if (!in)
1090 goto out;
1091
1092 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
1093 if (BIO_read_filename(in, issuer_path) <= 0)
1094 goto out;
1095
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001096 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
1097 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
1098
1099 xi = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001100 if (!xi)
1101 goto out;
1102
1103 if (X509_check_issued(xi, x) != X509_V_OK)
1104 goto out;
1105
1106 issuer = xi;
1107 }
1108
1109 cid = OCSP_cert_to_id(0, x, issuer);
1110 if (!cid)
1111 goto out;
1112
1113 i = i2d_OCSP_CERTID(cid, NULL);
1114 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
1115 goto out;
1116
Vincent Bernat02779b62016-04-03 13:48:43 +02001117 ocsp = calloc(1, sizeof(*ocsp));
Emeric Brun4147b2e2014-06-16 18:36:30 +02001118 if (!ocsp)
1119 goto out;
1120
1121 p = ocsp->key_data;
1122 i2d_OCSP_CERTID(cid, &p);
1123
1124 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
1125 if (iocsp == ocsp)
1126 ocsp = NULL;
1127
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001128#ifndef SSL_CTX_get_tlsext_status_cb
1129# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
1130 *cb = (void (*) (void))ctx->tlsext_status_cb;
1131#endif
1132 SSL_CTX_get_tlsext_status_cb(ctx, &callback);
1133
1134 if (!callback) {
Vincent Bernat02779b62016-04-03 13:48:43 +02001135 struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001136 EVP_PKEY *pkey;
yanbzhube2774d2015-12-10 15:07:30 -05001137
1138 cb_arg->is_single = 1;
1139 cb_arg->s_ocsp = iocsp;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001140
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001141 pkey = X509_get_pubkey(x);
1142 cb_arg->single_kt = EVP_PKEY_base_id(pkey);
1143 EVP_PKEY_free(pkey);
yanbzhube2774d2015-12-10 15:07:30 -05001144
1145 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
1146 SSL_CTX_set_tlsext_status_arg(ctx, cb_arg);
1147 } else {
1148 /*
1149 * If the ctx has a status CB, then we have previously set an OCSP staple for this ctx
1150 * Update that cb_arg with the new cert's staple
1151 */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001152 struct ocsp_cbk_arg *cb_arg;
yanbzhube2774d2015-12-10 15:07:30 -05001153 struct certificate_ocsp *tmp_ocsp;
1154 int index;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001155 int key_type;
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001156 EVP_PKEY *pkey;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001157
1158#ifdef SSL_CTX_get_tlsext_status_arg
1159 SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
1160#else
1161 cb_arg = ctx->tlsext_status_arg;
1162#endif
yanbzhube2774d2015-12-10 15:07:30 -05001163
1164 /*
1165 * The following few lines will convert cb_arg from a single ocsp to multi ocsp
1166 * the order of operations below matter, take care when changing it
1167 */
1168 tmp_ocsp = cb_arg->s_ocsp;
1169 index = ssl_sock_get_ocsp_arg_kt_index(cb_arg->single_kt);
1170 cb_arg->s_ocsp = NULL;
1171 cb_arg->m_ocsp[index] = tmp_ocsp;
1172 cb_arg->is_single = 0;
1173 cb_arg->single_kt = 0;
1174
Emmanuel Hocdetb7a4c342017-01-06 12:57:46 +01001175 pkey = X509_get_pubkey(x);
1176 key_type = EVP_PKEY_base_id(pkey);
1177 EVP_PKEY_free(pkey);
1178
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001179 index = ssl_sock_get_ocsp_arg_kt_index(key_type);
yanbzhube2774d2015-12-10 15:07:30 -05001180 if (index >= 0 && !cb_arg->m_ocsp[index])
1181 cb_arg->m_ocsp[index] = iocsp;
1182
1183 }
Emeric Brun4147b2e2014-06-16 18:36:30 +02001184
1185 ret = 0;
1186
1187 warn = NULL;
1188 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
1189 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
Christopher Faulet767a84b2017-11-24 16:50:31 +01001190 ha_warning("%s.\n", warn);
Emeric Brun4147b2e2014-06-16 18:36:30 +02001191 }
1192
1193out:
1194 if (ssl)
1195 SSL_free(ssl);
1196
1197 if (in)
1198 BIO_free(in);
1199
1200 if (xi)
1201 X509_free(xi);
1202
1203 if (cid)
1204 OCSP_CERTID_free(cid);
1205
1206 if (ocsp)
1207 free(ocsp);
1208
1209 if (warn)
1210 free(warn);
1211
1212
1213 return ret;
1214}
1215
1216#endif
1217
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001218#ifdef OPENSSL_IS_BORINGSSL
1219static int ssl_sock_set_ocsp_response_from_file(SSL_CTX *ctx, const char *cert_path)
1220{
1221 char ocsp_path[MAXPATHLEN+1];
1222 struct stat st;
1223 int fd = -1, r = 0;
1224
1225 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
1226 if (stat(ocsp_path, &st))
1227 return 0;
1228
1229 fd = open(ocsp_path, O_RDONLY);
1230 if (fd == -1) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01001231 ha_warning("Error opening OCSP response file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001232 return -1;
1233 }
1234
1235 trash.len = 0;
1236 while (trash.len < trash.size) {
1237 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1238 if (r < 0) {
1239 if (errno == EINTR)
1240 continue;
Christopher Faulet767a84b2017-11-24 16:50:31 +01001241 ha_warning("Error reading OCSP response from file %s.\n", ocsp_path);
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02001242 close(fd);
1243 return -1;
1244 }
1245 else if (r == 0) {
1246 break;
1247 }
1248 trash.len += r;
1249 }
1250 close(fd);
1251 return SSL_CTX_set_ocsp_response(ctx, (const uint8_t *)trash.str, trash.len);
1252}
1253#endif
1254
Daniel Jakots54ffb912015-11-06 20:02:41 +01001255#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001256
1257#define CT_EXTENSION_TYPE 18
1258
1259static int sctl_ex_index = -1;
1260
1261/*
1262 * Try to parse Signed Certificate Timestamp List structure. This function
1263 * makes only basic test if the data seems like SCTL. No signature validation
1264 * is performed.
1265 */
1266static int ssl_sock_parse_sctl(struct chunk *sctl)
1267{
1268 int ret = 1;
1269 int len, pos, sct_len;
1270 unsigned char *data;
1271
1272 if (sctl->len < 2)
1273 goto out;
1274
1275 data = (unsigned char *)sctl->str;
1276 len = (data[0] << 8) | data[1];
1277
1278 if (len + 2 != sctl->len)
1279 goto out;
1280
1281 data = data + 2;
1282 pos = 0;
1283 while (pos < len) {
1284 if (len - pos < 2)
1285 goto out;
1286
1287 sct_len = (data[pos] << 8) | data[pos + 1];
1288 if (pos + sct_len + 2 > len)
1289 goto out;
1290
1291 pos += sct_len + 2;
1292 }
1293
1294 ret = 0;
1295
1296out:
1297 return ret;
1298}
1299
1300static int ssl_sock_load_sctl_from_file(const char *sctl_path, struct chunk **sctl)
1301{
1302 int fd = -1;
1303 int r = 0;
1304 int ret = 1;
1305
1306 *sctl = NULL;
1307
1308 fd = open(sctl_path, O_RDONLY);
1309 if (fd == -1)
1310 goto end;
1311
1312 trash.len = 0;
1313 while (trash.len < trash.size) {
1314 r = read(fd, trash.str + trash.len, trash.size - trash.len);
1315 if (r < 0) {
1316 if (errno == EINTR)
1317 continue;
1318
1319 goto end;
1320 }
1321 else if (r == 0) {
1322 break;
1323 }
1324 trash.len += r;
1325 }
1326
1327 ret = ssl_sock_parse_sctl(&trash);
1328 if (ret)
1329 goto end;
1330
Vincent Bernat02779b62016-04-03 13:48:43 +02001331 *sctl = calloc(1, sizeof(**sctl));
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001332 if (!chunk_dup(*sctl, &trash)) {
1333 free(*sctl);
1334 *sctl = NULL;
1335 goto end;
1336 }
1337
1338end:
1339 if (fd != -1)
1340 close(fd);
1341
1342 return ret;
1343}
1344
1345int ssl_sock_sctl_add_cbk(SSL *ssl, unsigned ext_type, const unsigned char **out, size_t *outlen, int *al, void *add_arg)
1346{
Vincent Bernat3c2f2f22016-04-03 13:48:42 +02001347 struct chunk *sctl = add_arg;
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01001348
1349 *out = (unsigned char *)sctl->str;
1350 *outlen = sctl->len;
1351
1352 return 1;
1353}
1354
1355int ssl_sock_sctl_parse_cbk(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg)
1356{
1357 return 1;
1358}
1359
1360static int ssl_sock_load_sctl(SSL_CTX *ctx, const char *cert_path)
1361{
1362 char sctl_path[MAXPATHLEN+1];
1363 int ret = -1;
1364 struct stat st;
1365 struct chunk *sctl = NULL;
1366
1367 snprintf(sctl_path, MAXPATHLEN+1, "%s.sctl", cert_path);
1368
1369 if (stat(sctl_path, &st))
1370 return 1;
1371
1372 if (ssl_sock_load_sctl_from_file(sctl_path, &sctl))
1373 goto out;
1374
1375 if (!SSL_CTX_add_server_custom_ext(ctx, CT_EXTENSION_TYPE, ssl_sock_sctl_add_cbk, NULL, sctl, ssl_sock_sctl_parse_cbk, NULL)) {
1376 free(sctl);
1377 goto out;
1378 }
1379
1380 SSL_CTX_set_ex_data(ctx, sctl_ex_index, sctl);
1381
1382 ret = 0;
1383
1384out:
1385 return ret;
1386}
1387
1388#endif
1389
Emeric Brune1f38db2012-09-03 20:36:47 +02001390void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
1391{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001392 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brund8b2bb52014-01-28 15:43:53 +01001393 BIO *write_bio;
Willy Tarreau622317d2015-02-27 16:36:16 +01001394 (void)ret; /* shut gcc stupid warning */
Emeric Brune1f38db2012-09-03 20:36:47 +02001395
1396 if (where & SSL_CB_HANDSHAKE_START) {
1397 /* Disable renegotiation (CVE-2009-3555) */
Olivier Houchard90084a12017-11-23 18:21:29 +01001398 if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +02001399 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01001400 conn->err_code = CO_ER_SSL_RENEG;
1401 }
Emeric Brune1f38db2012-09-03 20:36:47 +02001402 }
Emeric Brund8b2bb52014-01-28 15:43:53 +01001403
1404 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
1405 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
1406 /* Long certificate chains optimz
1407 If write and read bios are differents, we
1408 consider that the buffering was activated,
1409 so we rise the output buffer size from 4k
1410 to 16k */
1411 write_bio = SSL_get_wbio(ssl);
1412 if (write_bio != SSL_get_rbio(ssl)) {
1413 BIO_set_write_buffer_size(write_bio, 16384);
1414 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
1415 }
1416 }
1417 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001418}
1419
Emeric Brune64aef12012-09-21 13:15:06 +02001420/* Callback is called for each certificate of the chain during a verify
1421 ok is set to 1 if preverify detect no error on current certificate.
1422 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -07001423int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +02001424{
1425 SSL *ssl;
1426 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +02001427 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +02001428
1429 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001430 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emeric Brune64aef12012-09-21 13:15:06 +02001431
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001432 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +02001433
Emeric Brun81c00f02012-09-21 14:31:21 +02001434 if (ok) /* no errors */
1435 return ok;
1436
1437 depth = X509_STORE_CTX_get_error_depth(x_store);
1438 err = X509_STORE_CTX_get_error(x_store);
1439
1440 /* check if CA error needs to be ignored */
1441 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001442 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
1443 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
1444 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +02001445 }
1446
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001447 if (objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001448 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001449 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001450 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001451 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001452
Willy Tarreau20879a02012-12-03 16:32:10 +01001453 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001454 return 0;
1455 }
1456
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02001457 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
1458 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +02001459
Emeric Brun81c00f02012-09-21 14:31:21 +02001460 /* check if certificate error needs to be ignored */
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001461 if (objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02001462 ssl_sock_dump_errors(conn);
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001463 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +02001464 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +01001465 }
Emeric Brun81c00f02012-09-21 14:31:21 +02001466
Willy Tarreau20879a02012-12-03 16:32:10 +01001467 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +02001468 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +02001469}
1470
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001471static inline
1472void ssl_sock_parse_clienthello(int write_p, int version, int content_type,
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001473 const void *buf, size_t len, SSL *ssl)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001474{
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001475 struct ssl_capture *capture;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001476 unsigned char *msg;
1477 unsigned char *end;
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001478 size_t rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001479
1480 /* This function is called for "from client" and "to server"
1481 * connections. The combination of write_p == 0 and content_type == 22
1482 * is only avalaible during "from client" connection.
1483 */
1484
1485 /* "write_p" is set to 0 is the bytes are received messages,
1486 * otherwise it is set to 1.
1487 */
1488 if (write_p != 0)
1489 return;
1490
1491 /* content_type contains the type of message received or sent
1492 * according with the SSL/TLS protocol spec. This message is
1493 * encoded with one byte. The value 256 (two bytes) is used
1494 * for designing the SSL/TLS record layer. According with the
1495 * rfc6101, the expected message (other than 256) are:
1496 * - change_cipher_spec(20)
1497 * - alert(21)
1498 * - handshake(22)
1499 * - application_data(23)
1500 * - (255)
1501 * We are interessed by the handshake and specially the client
1502 * hello.
1503 */
1504 if (content_type != 22)
1505 return;
1506
1507 /* The message length is at least 4 bytes, containing the
1508 * message type and the message length.
1509 */
1510 if (len < 4)
1511 return;
1512
1513 /* First byte of the handshake message id the type of
1514 * message. The konwn types are:
1515 * - hello_request(0)
1516 * - client_hello(1)
1517 * - server_hello(2)
1518 * - certificate(11)
1519 * - server_key_exchange (12)
1520 * - certificate_request(13)
1521 * - server_hello_done(14)
1522 * We are interested by the client hello.
1523 */
1524 msg = (unsigned char *)buf;
1525 if (msg[0] != 1)
1526 return;
1527
1528 /* Next three bytes are the length of the message. The total length
1529 * must be this decoded length + 4. If the length given as argument
1530 * is not the same, we abort the protocol dissector.
1531 */
1532 rec_len = (msg[1] << 16) + (msg[2] << 8) + msg[3];
1533 if (len < rec_len + 4)
1534 return;
1535 msg += 4;
1536 end = msg + rec_len;
1537 if (end < msg)
1538 return;
1539
1540 /* Expect 2 bytes for protocol version (1 byte for major and 1 byte
1541 * for minor, the random, composed by 4 bytes for the unix time and
1542 * 28 bytes for unix payload, and them 1 byte for the session id. So
1543 * we jump 1 + 1 + 4 + 28 + 1 bytes.
1544 */
1545 msg += 1 + 1 + 4 + 28 + 1;
1546 if (msg > end)
1547 return;
1548
1549 /* Next two bytes are the ciphersuite length. */
1550 if (msg + 2 > end)
1551 return;
1552 rec_len = (msg[0] << 8) + msg[1];
1553 msg += 2;
1554 if (msg + rec_len > end || msg + rec_len < msg)
1555 return;
1556
Willy Tarreaubafbe012017-11-24 17:34:44 +01001557 capture = pool_alloc_dirty(pool_head_ssl_capture);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001558 if (!capture)
1559 return;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001560 /* Compute the xxh64 of the ciphersuite. */
1561 capture->xxh64 = XXH64(msg, rec_len, 0);
1562
1563 /* Capture the ciphersuite. */
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001564 capture->ciphersuite_len = (global_ssl.capture_cipherlist < rec_len) ?
1565 global_ssl.capture_cipherlist : rec_len;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001566 memcpy(capture->ciphersuite, msg, capture->ciphersuite_len);
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001567
1568 SSL_set_ex_data(ssl, ssl_capture_ptr_index, capture);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01001569}
1570
Emeric Brun29f037d2014-04-25 19:05:36 +02001571/* Callback is called for ssl protocol analyse */
1572void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
1573{
Emeric Brun29f037d2014-04-25 19:05:36 +02001574#ifdef TLS1_RT_HEARTBEAT
1575 /* test heartbeat received (write_p is set to 0
1576 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001577 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001578 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Willy Tarreauf51c6982014-04-25 20:02:39 +02001579 const unsigned char *p = buf;
1580 unsigned int payload;
1581
Emeric Brun29f037d2014-04-25 19:05:36 +02001582 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001583
1584 /* Check if this is a CVE-2014-0160 exploitation attempt. */
1585 if (*p != TLS1_HB_REQUEST)
1586 return;
1587
Willy Tarreauaeed6722014-04-25 23:59:58 +02001588 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +02001589 goto kill_it;
1590
1591 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001592 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +02001593 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +02001594 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001595 /* We have a clear heartbleed attack (CVE-2014-0160), the
1596 * advertised payload is larger than the advertised packet
1597 * length, so we have garbage in the buffer between the
1598 * payload and the end of the buffer (p+len). We can't know
1599 * if the SSL stack is patched, and we don't know if we can
1600 * safely wipe out the area between p+3+len and payload.
1601 * So instead, we prevent the response from being sent by
1602 * setting the max_send_fragment to 0 and we report an SSL
1603 * error, which will kill this connection. It will be reported
1604 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +02001605 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
1606 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +02001607 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +02001608 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
1609 return;
1610 }
Emeric Brun29f037d2014-04-25 19:05:36 +02001611#endif
Emmanuel Hocdete3804742017-03-08 11:07:10 +01001612 if (global_ssl.capture_cipherlist > 0)
1613 ssl_sock_parse_clienthello(write_p, version, content_type, buf, len, ssl);
Emeric Brun29f037d2014-04-25 19:05:36 +02001614}
1615
Bernard Spil13c53f82018-02-15 13:34:58 +01001616#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001617/* This callback is used so that the server advertises the list of
1618 * negociable protocols for NPN.
1619 */
1620static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
1621 unsigned int *len, void *arg)
1622{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001623 struct ssl_bind_conf *conf = arg;
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001624
1625 *data = (const unsigned char *)conf->npn_str;
1626 *len = conf->npn_len;
1627 return SSL_TLSEXT_ERR_OK;
1628}
1629#endif
1630
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001631#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001632/* This callback is used so that the server advertises the list of
1633 * negociable protocols for ALPN.
1634 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001635static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
1636 unsigned char *outlen,
1637 const unsigned char *server,
1638 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +02001639{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001640 struct ssl_bind_conf *conf = arg;
Willy Tarreauab861d32013-04-02 02:30:41 +02001641
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001642 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
1643 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
1644 return SSL_TLSEXT_ERR_NOACK;
1645 }
Willy Tarreauab861d32013-04-02 02:30:41 +02001646 return SSL_TLSEXT_ERR_OK;
1647}
1648#endif
1649
Willy Tarreauc8ad3be2015-06-17 15:48:26 +02001650#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001651#ifndef SSL_NO_GENERATE_CERTIFICATES
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001652
Christopher Faulet30548802015-06-11 13:39:32 +02001653/* Create a X509 certificate with the specified servername and serial. This
1654 * function returns a SSL_CTX object or NULL if an error occurs. */
Christopher Faulet7969a332015-10-09 11:15:03 +02001655static SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001656ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001657{
Christopher Faulet7969a332015-10-09 11:15:03 +02001658 X509 *cacert = bind_conf->ca_sign_cert;
1659 EVP_PKEY *capkey = bind_conf->ca_sign_pkey;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001660 SSL_CTX *ssl_ctx = NULL;
1661 X509 *newcrt = NULL;
1662 EVP_PKEY *pkey = NULL;
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001663 SSL *tmp_ssl = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001664 X509_NAME *name;
1665 const EVP_MD *digest;
1666 X509V3_CTX ctx;
1667 unsigned int i;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001668 int key_type;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001669
Christopher Faulet48a83322017-07-28 16:56:09 +02001670 /* Get the private key of the default certificate and use it */
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001671#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined LIBRESSL_VERSION_NUMBER)
1672 pkey = SSL_CTX_get0_privatekey(bind_conf->default_ctx);
1673#else
1674 tmp_ssl = SSL_new(bind_conf->default_ctx);
1675 if (tmp_ssl)
1676 pkey = SSL_get_privatekey(tmp_ssl);
1677#endif
1678 if (!pkey)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001679 goto mkcert_error;
1680
1681 /* Create the certificate */
1682 if (!(newcrt = X509_new()))
1683 goto mkcert_error;
1684
1685 /* Set version number for the certificate (X509v3) and the serial
1686 * number */
1687 if (X509_set_version(newcrt, 2L) != 1)
1688 goto mkcert_error;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001689 ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001690
1691 /* Set duration for the certificate */
1692 if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) ||
1693 !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
1694 goto mkcert_error;
1695
1696 /* set public key in the certificate */
1697 if (X509_set_pubkey(newcrt, pkey) != 1)
1698 goto mkcert_error;
1699
1700 /* Set issuer name from the CA */
1701 if (!(name = X509_get_subject_name(cacert)))
1702 goto mkcert_error;
1703 if (X509_set_issuer_name(newcrt, name) != 1)
1704 goto mkcert_error;
1705
1706 /* Set the subject name using the same, but the CN */
1707 name = X509_NAME_dup(name);
1708 if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
1709 (const unsigned char *)servername,
1710 -1, -1, 0) != 1) {
1711 X509_NAME_free(name);
1712 goto mkcert_error;
1713 }
1714 if (X509_set_subject_name(newcrt, name) != 1) {
1715 X509_NAME_free(name);
1716 goto mkcert_error;
1717 }
1718 X509_NAME_free(name);
1719
1720 /* Add x509v3 extensions as specified */
1721 X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
1722 for (i = 0; i < X509V3_EXT_SIZE; i++) {
1723 X509_EXTENSION *ext;
1724
1725 if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
1726 goto mkcert_error;
1727 if (!X509_add_ext(newcrt, ext, -1)) {
1728 X509_EXTENSION_free(ext);
1729 goto mkcert_error;
1730 }
1731 X509_EXTENSION_free(ext);
1732 }
1733
1734 /* Sign the certificate with the CA private key */
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001735
1736 key_type = EVP_PKEY_base_id(capkey);
1737
1738 if (key_type == EVP_PKEY_DSA)
1739 digest = EVP_sha1();
1740 else if (key_type == EVP_PKEY_RSA)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001741 digest = EVP_sha256();
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02001742 else if (key_type == EVP_PKEY_EC)
Christopher Faulet7969a332015-10-09 11:15:03 +02001743 digest = EVP_sha256();
1744 else {
Christopher Faulete7db2162015-10-19 13:59:24 +02001745#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
Christopher Faulet7969a332015-10-09 11:15:03 +02001746 int nid;
1747
1748 if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
1749 goto mkcert_error;
1750 if (!(digest = EVP_get_digestbynid(nid)))
1751 goto mkcert_error;
Christopher Faulete7db2162015-10-19 13:59:24 +02001752#else
1753 goto mkcert_error;
1754#endif
Christopher Faulet7969a332015-10-09 11:15:03 +02001755 }
1756
Christopher Faulet31af49d2015-06-09 17:29:50 +02001757 if (!(X509_sign(newcrt, capkey, digest)))
1758 goto mkcert_error;
1759
1760 /* Create and set the new SSL_CTX */
1761 if (!(ssl_ctx = SSL_CTX_new(SSLv23_server_method())))
1762 goto mkcert_error;
1763 if (!SSL_CTX_use_PrivateKey(ssl_ctx, pkey))
1764 goto mkcert_error;
1765 if (!SSL_CTX_use_certificate(ssl_ctx, newcrt))
1766 goto mkcert_error;
1767 if (!SSL_CTX_check_private_key(ssl_ctx))
1768 goto mkcert_error;
1769
1770 if (newcrt) X509_free(newcrt);
Christopher Faulet7969a332015-10-09 11:15:03 +02001771
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001772#ifndef OPENSSL_NO_DH
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001773 SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_get_tmp_dh);
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01001774#endif
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001775#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
1776 {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01001777 const char *ecdhe = (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe : ECDHE_DEFAULT_CURVE);
Christopher Faulet85b5a1a2015-10-09 11:46:32 +02001778 EC_KEY *ecc;
1779 int nid;
1780
1781 if ((nid = OBJ_sn2nid(ecdhe)) == NID_undef)
1782 goto end;
1783 if (!(ecc = EC_KEY_new_by_curve_name(nid)))
1784 goto end;
1785 SSL_CTX_set_tmp_ecdh(ssl_ctx, ecc);
1786 EC_KEY_free(ecc);
1787 }
1788#endif
1789 end:
Christopher Faulet31af49d2015-06-09 17:29:50 +02001790 return ssl_ctx;
1791
1792 mkcert_error:
Emmanuel Hocdet15969292017-08-11 10:56:00 +02001793 if (tmp_ssl) SSL_free(tmp_ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001794 if (ssl_ctx) SSL_CTX_free(ssl_ctx);
1795 if (newcrt) X509_free(newcrt);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001796 return NULL;
1797}
1798
Christopher Faulet7969a332015-10-09 11:15:03 +02001799SSL_CTX *
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001800ssl_sock_create_cert(struct connection *conn, const char *servername, unsigned int key)
Christopher Faulet7969a332015-10-09 11:15:03 +02001801{
1802 struct bind_conf *bind_conf = objt_listener(conn->target)->bind_conf;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001803
1804 return ssl_sock_do_create_cert(servername, bind_conf, conn->xprt_ctx);
Christopher Faulet7969a332015-10-09 11:15:03 +02001805}
1806
Christopher Faulet30548802015-06-11 13:39:32 +02001807/* Do a lookup for a certificate in the LRU cache used to store generated
Emeric Brun821bb9b2017-06-15 16:37:39 +02001808 * certificates and immediately assign it to the SSL session if not null. */
Christopher Faulet30548802015-06-11 13:39:32 +02001809SSL_CTX *
Emeric Brun821bb9b2017-06-15 16:37:39 +02001810ssl_sock_assign_generated_cert(unsigned int key, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet30548802015-06-11 13:39:32 +02001811{
1812 struct lru64 *lru = NULL;
1813
1814 if (ssl_ctx_lru_tree) {
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001815 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001816 lru = lru64_lookup(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001817 if (lru && lru->domain) {
1818 if (ssl)
1819 SSL_set_SSL_CTX(ssl, (SSL_CTX *)lru->data);
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001820 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001821 return (SSL_CTX *)lru->data;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001822 }
Willy Tarreau03f4ec42018-05-17 10:56:47 +02001823 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet30548802015-06-11 13:39:32 +02001824 }
1825 return NULL;
1826}
1827
Emeric Brun821bb9b2017-06-15 16:37:39 +02001828/* Same as <ssl_sock_assign_generated_cert> but without SSL session. This
1829 * function is not thread-safe, it should only be used to check if a certificate
1830 * exists in the lru cache (with no warranty it will not be removed by another
1831 * thread). It is kept for backward compatibility. */
1832SSL_CTX *
1833ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_conf)
1834{
1835 return ssl_sock_assign_generated_cert(key, bind_conf, NULL);
1836}
1837
Christopher Fauletd2cab922015-07-28 16:03:47 +02001838/* Set a certificate int the LRU cache used to store generated
1839 * certificate. Return 0 on success, otherwise -1 */
1840int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001841ssl_sock_set_generated_cert(SSL_CTX *ssl_ctx, unsigned int key, struct bind_conf *bind_conf)
Christopher Faulet30548802015-06-11 13:39:32 +02001842{
1843 struct lru64 *lru = NULL;
1844
1845 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001846 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001847 lru = lru64_get(key, ssl_ctx_lru_tree, bind_conf->ca_sign_cert, 0);
Emeric Brun821bb9b2017-06-15 16:37:39 +02001848 if (!lru) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001849 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001850 return -1;
Emeric Brun821bb9b2017-06-15 16:37:39 +02001851 }
Christopher Faulet30548802015-06-11 13:39:32 +02001852 if (lru->domain && lru->data)
1853 lru->free((SSL_CTX *)lru->data);
Christopher Faulet7969a332015-10-09 11:15:03 +02001854 lru64_commit(lru, ssl_ctx, bind_conf->ca_sign_cert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001855 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001856 return 0;
Christopher Faulet30548802015-06-11 13:39:32 +02001857 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02001858 return -1;
Christopher Faulet30548802015-06-11 13:39:32 +02001859}
1860
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001861/* Compute the key of the certificate. */
Christopher Faulet30548802015-06-11 13:39:32 +02001862unsigned int
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001863ssl_sock_generated_cert_key(const void *data, size_t len)
Christopher Faulet30548802015-06-11 13:39:32 +02001864{
1865 return XXH32(data, len, ssl_ctx_lru_seed);
1866}
1867
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001868/* Generate a cert and immediately assign it to the SSL session so that the cert's
1869 * refcount is maintained regardless of the cert's presence in the LRU cache.
1870 */
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001871static int
Christopher Faulet7969a332015-10-09 11:15:03 +02001872ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind_conf, SSL *ssl)
Christopher Faulet31af49d2015-06-09 17:29:50 +02001873{
1874 X509 *cacert = bind_conf->ca_sign_cert;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001875 SSL_CTX *ssl_ctx = NULL;
1876 struct lru64 *lru = NULL;
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001877 unsigned int key;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001878
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001879 key = ssl_sock_generated_cert_key(servername, strlen(servername));
Christopher Faulet31af49d2015-06-09 17:29:50 +02001880 if (ssl_ctx_lru_tree) {
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001881 HA_RWLOCK_WRLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001882 lru = lru64_get(key, ssl_ctx_lru_tree, cacert, 0);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001883 if (lru && lru->domain)
1884 ssl_ctx = (SSL_CTX *)lru->data;
Christopher Fauletd2cab922015-07-28 16:03:47 +02001885 if (!ssl_ctx && lru) {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001886 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Christopher Faulet31af49d2015-06-09 17:29:50 +02001887 lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
Christopher Fauletd2cab922015-07-28 16:03:47 +02001888 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001889 SSL_set_SSL_CTX(ssl, ssl_ctx);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01001890 HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001891 return 1;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001892 }
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001893 else {
Christopher Faulet635c0ad2015-11-12 11:35:51 +01001894 ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001895 SSL_set_SSL_CTX(ssl, ssl_ctx);
1896 /* No LRU cache, this CTX will be released as soon as the session dies */
1897 SSL_CTX_free(ssl_ctx);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001898 return 1;
Willy Tarreau2f63ef42015-10-20 15:16:01 +02001899 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001900 return 0;
1901}
1902static int
1903ssl_sock_generate_certificate_from_conn(struct bind_conf *bind_conf, SSL *ssl)
1904{
1905 unsigned int key;
Thierry FOURNIER28962c92018-06-17 21:37:05 +02001906 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001907
1908 conn_get_to_addr(conn);
1909 if (conn->flags & CO_FL_ADDR_TO_SET) {
1910 key = ssl_sock_generated_cert_key(&conn->addr.to, get_addr_len(&conn->addr.to));
Emeric Brun821bb9b2017-06-15 16:37:39 +02001911 if (ssl_sock_assign_generated_cert(key, bind_conf, ssl))
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001912 return 1;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02001913 }
1914 return 0;
Christopher Faulet31af49d2015-06-09 17:29:50 +02001915}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01001916#endif /* !defined SSL_NO_GENERATE_CERTIFICATES */
Christopher Faulet31af49d2015-06-09 17:29:50 +02001917
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001918
1919#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
1920#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
1921#endif
1922
1923#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
1924#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
1925#define SSL_renegotiate_pending(arg) 0
1926#endif
1927#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
1928#define SSL_OP_SINGLE_ECDH_USE 0
1929#endif
1930#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
1931#define SSL_OP_NO_TICKET 0
1932#endif
1933#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
1934#define SSL_OP_NO_COMPRESSION 0
1935#endif
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001936#ifdef OPENSSL_NO_SSL3 /* SSLv3 support removed */
1937#undef SSL_OP_NO_SSLv3
1938#define SSL_OP_NO_SSLv3 0
1939#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001940#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
1941#define SSL_OP_NO_TLSv1_1 0
1942#endif
1943#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
1944#define SSL_OP_NO_TLSv1_2 0
1945#endif
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02001946#ifndef SSL_OP_NO_TLSv1_3 /* needs OpenSSL >= 1.1.1 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001947#define SSL_OP_NO_TLSv1_3 0
1948#endif
1949#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
1950#define SSL_OP_SINGLE_DH_USE 0
1951#endif
1952#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
1953#define SSL_OP_SINGLE_ECDH_USE 0
1954#endif
1955#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
1956#define SSL_MODE_RELEASE_BUFFERS 0
1957#endif
1958#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
1959#define SSL_MODE_SMALL_BUFFERS 0
1960#endif
Lukas Tribus926594f2018-05-18 17:55:57 +02001961#ifndef SSL_OP_PRIORITIZE_CHACHA /* needs OpenSSL >= 1.1.1 */
1962#define SSL_OP_PRIORITIZE_CHACHA 0
1963#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001964
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02001965#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001966typedef enum { SET_CLIENT, SET_SERVER } set_context_func;
1967
1968static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001969{
Emmanuel Hocdet23877ab2017-07-12 12:53:02 +02001970#if SSL_OP_NO_SSLv3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001971 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, SSLv3_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001972 : SSL_CTX_set_ssl_version(ctx, SSLv3_client_method());
1973#endif
1974}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001975static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
1976 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001977 : SSL_CTX_set_ssl_version(ctx, TLSv1_client_method());
1978}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001979static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001980#if SSL_OP_NO_TLSv1_1
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001981 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001982 : SSL_CTX_set_ssl_version(ctx, TLSv1_1_client_method());
1983#endif
1984}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001985static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001986#if SSL_OP_NO_TLSv1_2
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001987 c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method())
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001988 : SSL_CTX_set_ssl_version(ctx, TLSv1_2_client_method());
1989#endif
1990}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02001991/* TLS 1.2 is the last supported version in this context. */
1992static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {}
1993/* Unusable in this context. */
1994static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {}
1995static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {}
1996static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {}
1997static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {}
1998static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {}
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02001999#else /* openssl >= 1.1.0 */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002000typedef enum { SET_MIN, SET_MAX } set_context_func;
2001
2002static void ctx_set_SSLv3_func(SSL_CTX *ctx, set_context_func c) {
2003 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002004 : SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
2005}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002006static void ssl_set_SSLv3_func(SSL *ssl, set_context_func c) {
2007 c == SET_MAX ? SSL_set_max_proto_version(ssl, SSL3_VERSION)
2008 : SSL_set_min_proto_version(ssl, SSL3_VERSION);
2009}
2010static void ctx_set_TLSv10_func(SSL_CTX *ctx, set_context_func c) {
2011 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002012 : SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
2013}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002014static void ssl_set_TLSv10_func(SSL *ssl, set_context_func c) {
2015 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_VERSION)
2016 : SSL_set_min_proto_version(ssl, TLS1_VERSION);
2017}
2018static void ctx_set_TLSv11_func(SSL_CTX *ctx, set_context_func c) {
2019 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002020 : SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
2021}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002022static void ssl_set_TLSv11_func(SSL *ssl, set_context_func c) {
2023 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_1_VERSION)
2024 : SSL_set_min_proto_version(ssl, TLS1_1_VERSION);
2025}
2026static void ctx_set_TLSv12_func(SSL_CTX *ctx, set_context_func c) {
2027 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002028 : SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
2029}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002030static void ssl_set_TLSv12_func(SSL *ssl, set_context_func c) {
2031 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_2_VERSION)
2032 : SSL_set_min_proto_version(ssl, TLS1_2_VERSION);
2033}
2034static void ctx_set_TLSv13_func(SSL_CTX *ctx, set_context_func c) {
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002035#if SSL_OP_NO_TLSv1_3
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002036 c == SET_MAX ? SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION)
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002037 : SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
2038#endif
2039}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002040static void ssl_set_TLSv13_func(SSL *ssl, set_context_func c) {
2041#if SSL_OP_NO_TLSv1_3
2042 c == SET_MAX ? SSL_set_max_proto_version(ssl, TLS1_3_VERSION)
2043 : SSL_set_min_proto_version(ssl, TLS1_3_VERSION);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002044#endif
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002045}
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002046#endif
2047static void ctx_set_None_func(SSL_CTX *ctx, set_context_func c) { }
2048static void ssl_set_None_func(SSL *ssl, set_context_func c) { }
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002049
2050static struct {
2051 int option;
2052 uint16_t flag;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002053 void (*ctx_set_version)(SSL_CTX *, set_context_func);
2054 void (*ssl_set_version)(SSL *, set_context_func);
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002055 const char *name;
2056} methodVersions[] = {
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02002057 {0, 0, ctx_set_None_func, ssl_set_None_func, "NONE"}, /* CONF_TLSV_NONE */
2058 {SSL_OP_NO_SSLv3, MC_SSL_O_NO_SSLV3, ctx_set_SSLv3_func, ssl_set_SSLv3_func, "SSLv3"}, /* CONF_SSLV3 */
2059 {SSL_OP_NO_TLSv1, MC_SSL_O_NO_TLSV10, ctx_set_TLSv10_func, ssl_set_TLSv10_func, "TLSv1.0"}, /* CONF_TLSV10 */
2060 {SSL_OP_NO_TLSv1_1, MC_SSL_O_NO_TLSV11, ctx_set_TLSv11_func, ssl_set_TLSv11_func, "TLSv1.1"}, /* CONF_TLSV11 */
2061 {SSL_OP_NO_TLSv1_2, MC_SSL_O_NO_TLSV12, ctx_set_TLSv12_func, ssl_set_TLSv12_func, "TLSv1.2"}, /* CONF_TLSV12 */
2062 {SSL_OP_NO_TLSv1_3, MC_SSL_O_NO_TLSV13, ctx_set_TLSv13_func, ssl_set_TLSv13_func, "TLSv1.3"}, /* CONF_TLSV13 */
Emmanuel Hocdetecb0e232017-05-18 11:56:58 +02002063};
2064
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002065static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
2066{
2067 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
2068 SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
2069 SSL_set_SSL_CTX(ssl, ctx);
2070}
2071
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002072#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002073
2074static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
2075{
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002076 struct bind_conf *s = priv;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002077 (void)al; /* shut gcc stupid warning */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002078
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002079 if (SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name) || s->generate_certs)
2080 return SSL_TLSEXT_ERR_OK;
2081 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002082}
2083
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002084#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002085static int ssl_sock_switchctx_cbk(const struct ssl_early_callback_ctx *ctx)
2086{
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002087 SSL *ssl = ctx->ssl;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002088#else
2089static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
2090{
2091#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002092 struct connection *conn;
2093 struct bind_conf *s;
2094 const uint8_t *extension_data;
2095 size_t extension_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002096 int has_rsa = 0, has_ecdsa = 0, has_ecdsa_sig = 0;
2097
2098 char *wildp = NULL;
2099 const uint8_t *servername;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002100 size_t servername_len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002101 struct ebmb_node *node, *n, *node_ecdsa = NULL, *node_rsa = NULL, *node_anonymous = NULL;
Olivier Houchardc2aae742017-09-22 18:26:28 +02002102 int allow_early = 0;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002103 int i;
2104
Thierry FOURNIER28962c92018-06-17 21:37:05 +02002105 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002106 s = objt_listener(conn->target)->bind_conf;
2107
Olivier Houchard9679ac92017-10-27 14:58:08 +02002108 if (s->ssl_conf.early_data)
Olivier Houchardc2aae742017-09-22 18:26:28 +02002109 allow_early = 1;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002110#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002111 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
2112 &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002113#else
2114 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &extension_data, &extension_len)) {
2115#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002116 /*
2117 * The server_name extension was given too much extensibility when it
2118 * was written, so parsing the normal case is a bit complex.
2119 */
2120 size_t len;
2121 if (extension_len <= 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002122 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002123 /* Extract the length of the supplied list of names. */
2124 len = (*extension_data++) << 8;
2125 len |= *extension_data++;
2126 if (len + 2 != extension_len)
2127 goto abort;
2128 /*
2129 * The list in practice only has a single element, so we only consider
2130 * the first one.
2131 */
2132 if (len == 0 || *extension_data++ != TLSEXT_NAMETYPE_host_name)
2133 goto abort;
2134 extension_len = len - 1;
2135 /* Now we can finally pull out the byte array with the actual hostname. */
2136 if (extension_len <= 2)
2137 goto abort;
2138 len = (*extension_data++) << 8;
2139 len |= *extension_data++;
2140 if (len == 0 || len + 2 > extension_len || len > TLSEXT_MAXLEN_host_name
2141 || memchr(extension_data, 0, len) != NULL)
2142 goto abort;
2143 servername = extension_data;
2144 servername_len = len;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002145 } else {
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002146#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2147 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl)) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02002148 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002149 }
2150#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002151 /* without SNI extension, is the default_ctx (need SSL_TLSEXT_ERR_NOACK) */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002152 if (!s->strict_sni) {
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002153 ssl_sock_switchctx_set(ssl, s->default_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02002154 goto allow_early;
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002155 }
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002156 goto abort;
2157 }
2158
2159 /* extract/check clientHello informations */
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002160#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002161 if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002162#else
2163 if (SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_signature_algorithms, &extension_data, &extension_len)) {
2164#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002165 uint8_t sign;
2166 size_t len;
2167 if (extension_len < 2)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002168 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002169 len = (*extension_data++) << 8;
2170 len |= *extension_data++;
2171 if (len + 2 != extension_len)
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002172 goto abort;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002173 if (len % 2 != 0)
2174 goto abort;
2175 for (; len > 0; len -= 2) {
2176 extension_data++; /* hash */
2177 sign = *extension_data++;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002178 switch (sign) {
2179 case TLSEXT_signature_rsa:
2180 has_rsa = 1;
2181 break;
2182 case TLSEXT_signature_ecdsa:
2183 has_ecdsa_sig = 1;
2184 break;
2185 default:
2186 continue;
2187 }
2188 if (has_ecdsa_sig && has_rsa)
2189 break;
2190 }
2191 } else {
2192 /* without TLSEXT_TYPE_signature_algorithms extension (< TLS 1.2) */
2193 has_rsa = 1;
2194 }
2195 if (has_ecdsa_sig) { /* in very rare case: has ecdsa sign but not a ECDSA cipher */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002196 const SSL_CIPHER *cipher;
2197 size_t len;
2198 const uint8_t *cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002199#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002200 len = ctx->cipher_suites_len;
2201 cipher_suites = ctx->cipher_suites;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002202#else
2203 len = SSL_client_hello_get0_ciphers(ssl, &cipher_suites);
2204#endif
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002205 if (len % 2 != 0)
2206 goto abort;
2207 for (; len != 0; len -= 2, cipher_suites += 2) {
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002208#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002209 uint16_t cipher_suite = (cipher_suites[0] << 8) | cipher_suites[1];
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002210 cipher = SSL_get_cipher_by_value(cipher_suite);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002211#else
2212 cipher = SSL_CIPHER_find(ssl, cipher_suites);
2213#endif
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02002214 if (cipher && SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002215 has_ecdsa = 1;
2216 break;
2217 }
2218 }
2219 }
2220
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002221 for (i = 0; i < trash.size && i < servername_len; i++) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002222 trash.str[i] = tolower(servername[i]);
2223 if (!wildp && (trash.str[i] == '.'))
2224 wildp = &trash.str[i];
2225 }
2226 trash.str[i] = 0;
2227
2228 /* lookup in full qualified names */
2229 node = ebst_lookup(&s->sni_ctx, trash.str);
2230
2231 /* lookup a not neg filter */
2232 for (n = node; n; n = ebmb_next_dup(n)) {
2233 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002234 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002235 case TLSEXT_signature_ecdsa:
2236 if (has_ecdsa) {
2237 node_ecdsa = n;
2238 goto find_one;
2239 }
2240 break;
2241 case TLSEXT_signature_rsa:
2242 if (has_rsa && !node_rsa) {
2243 node_rsa = n;
2244 if (!has_ecdsa)
2245 goto find_one;
2246 }
2247 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002248 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002249 if (!node_anonymous)
2250 node_anonymous = n;
2251 break;
2252 }
2253 }
2254 }
2255 if (wildp) {
2256 /* lookup in wildcards names */
2257 node = ebst_lookup(&s->sni_w_ctx, wildp);
2258 for (n = node; n; n = ebmb_next_dup(n)) {
2259 if (!container_of(n, struct sni_ctx, name)->neg) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002260 switch(container_of(n, struct sni_ctx, name)->kinfo.sig) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002261 case TLSEXT_signature_ecdsa:
2262 if (has_ecdsa) {
2263 node_ecdsa = n;
2264 goto find_one;
2265 }
2266 break;
2267 case TLSEXT_signature_rsa:
2268 if (has_rsa && !node_rsa) {
2269 node_rsa = n;
2270 if (!has_ecdsa)
2271 goto find_one;
2272 }
2273 break;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002274 default: /* TLSEXT_signature_anonymous|dsa */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002275 if (!node_anonymous)
2276 node_anonymous = n;
2277 break;
2278 }
2279 }
2280 }
2281 }
2282 find_one:
2283 /* select by key_signature priority order */
2284 node = node_ecdsa ? node_ecdsa : (node_rsa ? node_rsa : node_anonymous);
2285
2286 if (node) {
2287 /* switch ctx */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02002288 struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002289 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Olivier Houchard35a63cc2017-11-02 19:04:38 +01002290 if (conf) {
2291 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
2292 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
2293 if (conf->early_data)
2294 allow_early = 1;
2295 }
2296 goto allow_early;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002297 }
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002298#if (!defined SSL_NO_GENERATE_CERTIFICATES)
2299 if (s->generate_certs && ssl_sock_generate_certificate(trash.str, s, ssl)) {
2300 /* switch ctx done in ssl_sock_generate_certificate */
Olivier Houchardc2aae742017-09-22 18:26:28 +02002301 goto allow_early;
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002302 }
2303#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002304 if (!s->strict_sni) {
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002305 /* no certificate match, is the default_ctx */
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002306 ssl_sock_switchctx_set(ssl, s->default_ctx);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002307 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02002308allow_early:
2309#ifdef OPENSSL_IS_BORINGSSL
2310 if (allow_early)
2311 SSL_set_early_data_enabled(ssl, 1);
2312#else
2313 if (!allow_early)
2314 SSL_set_max_early_data(ssl, 0);
2315#endif
2316 return 1;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002317 abort:
2318 /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
2319 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002320#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet48e87552017-08-16 11:28:44 +02002321 return ssl_select_cert_error;
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02002322#else
2323 *al = SSL_AD_UNRECOGNIZED_NAME;
2324 return 0;
2325#endif
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002326}
2327
2328#else /* OPENSSL_IS_BORINGSSL */
2329
Emeric Brunfc0421f2012-09-07 17:30:07 +02002330/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
2331 * warning when no match is found, which implies the default (first) cert
2332 * will keep being used.
2333 */
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002334static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *priv)
Emeric Brunfc0421f2012-09-07 17:30:07 +02002335{
2336 const char *servername;
2337 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002338 struct ebmb_node *node, *n;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002339 struct bind_conf *s = priv;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002340 int i;
2341 (void)al; /* shut gcc stupid warning */
2342
2343 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002344 if (!servername) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002345#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002346 if (s->generate_certs && ssl_sock_generate_certificate_from_conn(s, ssl))
2347 return SSL_TLSEXT_ERR_OK;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002348#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002349 if (s->strict_sni)
2350 return SSL_TLSEXT_ERR_ALERT_FATAL;
2351 ssl_sock_switchctx_set(ssl, s->default_ctx);
2352 return SSL_TLSEXT_ERR_NOACK;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002353 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02002354
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002355 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02002356 if (!servername[i])
2357 break;
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002358 trash.str[i] = tolower(servername[i]);
2359 if (!wildp && (trash.str[i] == '.'))
2360 wildp = &trash.str[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +02002361 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002362 trash.str[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002363
2364 /* lookup in full qualified names */
Willy Tarreau19d14ef2012-10-29 16:51:55 +01002365 node = ebst_lookup(&s->sni_ctx, trash.str);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002366
2367 /* lookup a not neg filter */
2368 for (n = node; n; n = ebmb_next_dup(n)) {
2369 if (!container_of(n, struct sni_ctx, name)->neg) {
2370 node = n;
2371 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +01002372 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002373 }
2374 if (!node && wildp) {
2375 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002376 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002377 }
2378 if (!node || container_of(node, struct sni_ctx, name)->neg) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002379#if (!defined SSL_NO_GENERATE_CERTIFICATES)
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02002380 if (s->generate_certs && ssl_sock_generate_certificate(servername, s, ssl)) {
2381 /* switch ctx done in ssl_sock_generate_certificate */
Christopher Faulet31af49d2015-06-09 17:29:50 +02002382 return SSL_TLSEXT_ERR_OK;
2383 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01002384#endif
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01002385 if (s->strict_sni)
2386 return SSL_TLSEXT_ERR_ALERT_FATAL;
2387 ssl_sock_switchctx_set(ssl, s->default_ctx);
2388 return SSL_TLSEXT_ERR_OK;
Emeric Brunfc0421f2012-09-07 17:30:07 +02002389 }
2390
2391 /* switch ctx */
Emmanuel Hocdet530141f2017-03-01 18:54:56 +01002392 ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002393 return SSL_TLSEXT_ERR_OK;
2394}
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002395#endif /* (!) OPENSSL_IS_BORINGSSL */
Emeric Brunfc0421f2012-09-07 17:30:07 +02002396#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
2397
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002398#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002399
2400static DH * ssl_get_dh_1024(void)
2401{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002402 static unsigned char dh1024_p[]={
2403 0xFA,0xF9,0x2A,0x22,0x2A,0xA7,0x7F,0xE1,0x67,0x4E,0x53,0xF7,
2404 0x56,0x13,0xC3,0xB1,0xE3,0x29,0x6B,0x66,0x31,0x6A,0x7F,0xB3,
2405 0xC2,0x68,0x6B,0xCB,0x1D,0x57,0x39,0x1D,0x1F,0xFF,0x1C,0xC9,
2406 0xA6,0xA4,0x98,0x82,0x31,0x5D,0x25,0xFF,0x8A,0xE0,0x73,0x96,
2407 0x81,0xC8,0x83,0x79,0xC1,0x5A,0x04,0xF8,0x37,0x0D,0xA8,0x3D,
2408 0xAE,0x74,0xBC,0xDB,0xB6,0xA4,0x75,0xD9,0x71,0x8A,0xA0,0x17,
2409 0x9E,0x2D,0xC8,0xA8,0xDF,0x2C,0x5F,0x82,0x95,0xF8,0x92,0x9B,
2410 0xA7,0x33,0x5F,0x89,0x71,0xC8,0x2D,0x6B,0x18,0x86,0xC4,0x94,
2411 0x22,0xA5,0x52,0x8D,0xF6,0xF6,0xD2,0x37,0x92,0x0F,0xA5,0xCC,
2412 0xDB,0x7B,0x1D,0x3D,0xA1,0x31,0xB7,0x80,0x8F,0x0B,0x67,0x5E,
2413 0x36,0xA5,0x60,0x0C,0xF1,0x95,0x33,0x8B,
2414 };
2415 static unsigned char dh1024_g[]={
2416 0x02,
2417 };
2418
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002419 BIGNUM *p;
2420 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002421 DH *dh = DH_new();
2422 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002423 p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
2424 g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002425
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002426 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002427 DH_free(dh);
2428 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002429 } else {
2430 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002431 }
2432 }
2433 return dh;
2434}
2435
2436static DH *ssl_get_dh_2048(void)
2437{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002438 static unsigned char dh2048_p[]={
2439 0xEC,0x86,0xF8,0x70,0xA0,0x33,0x16,0xEC,0x05,0x1A,0x73,0x59,
2440 0xCD,0x1F,0x8B,0xF8,0x29,0xE4,0xD2,0xCF,0x52,0xDD,0xC2,0x24,
2441 0x8D,0xB5,0x38,0x9A,0xFB,0x5C,0xA4,0xE4,0xB2,0xDA,0xCE,0x66,
2442 0x50,0x74,0xA6,0x85,0x4D,0x4B,0x1D,0x30,0xB8,0x2B,0xF3,0x10,
2443 0xE9,0xA7,0x2D,0x05,0x71,0xE7,0x81,0xDF,0x8B,0x59,0x52,0x3B,
2444 0x5F,0x43,0x0B,0x68,0xF1,0xDB,0x07,0xBE,0x08,0x6B,0x1B,0x23,
2445 0xEE,0x4D,0xCC,0x9E,0x0E,0x43,0xA0,0x1E,0xDF,0x43,0x8C,0xEC,
2446 0xBE,0xBE,0x90,0xB4,0x51,0x54,0xB9,0x2F,0x7B,0x64,0x76,0x4E,
2447 0x5D,0xD4,0x2E,0xAE,0xC2,0x9E,0xAE,0x51,0x43,0x59,0xC7,0x77,
2448 0x9C,0x50,0x3C,0x0E,0xED,0x73,0x04,0x5F,0xF1,0x4C,0x76,0x2A,
2449 0xD8,0xF8,0xCF,0xFC,0x34,0x40,0xD1,0xB4,0x42,0x61,0x84,0x66,
2450 0x42,0x39,0x04,0xF8,0x68,0xB2,0x62,0xD7,0x55,0xED,0x1B,0x74,
2451 0x75,0x91,0xE0,0xC5,0x69,0xC1,0x31,0x5C,0xDB,0x7B,0x44,0x2E,
2452 0xCE,0x84,0x58,0x0D,0x1E,0x66,0x0C,0xC8,0x44,0x9E,0xFD,0x40,
2453 0x08,0x67,0x5D,0xFB,0xA7,0x76,0x8F,0x00,0x11,0x87,0xE9,0x93,
2454 0xF9,0x7D,0xC4,0xBC,0x74,0x55,0x20,0xD4,0x4A,0x41,0x2F,0x43,
2455 0x42,0x1A,0xC1,0xF2,0x97,0x17,0x49,0x27,0x37,0x6B,0x2F,0x88,
2456 0x7E,0x1C,0xA0,0xA1,0x89,0x92,0x27,0xD9,0x56,0x5A,0x71,0xC1,
2457 0x56,0x37,0x7E,0x3A,0x9D,0x05,0xE7,0xEE,0x5D,0x8F,0x82,0x17,
2458 0xBC,0xE9,0xC2,0x93,0x30,0x82,0xF9,0xF4,0xC9,0xAE,0x49,0xDB,
2459 0xD0,0x54,0xB4,0xD9,0x75,0x4D,0xFA,0x06,0xB8,0xD6,0x38,0x41,
2460 0xB7,0x1F,0x77,0xF3,
2461 };
2462 static unsigned char dh2048_g[]={
2463 0x02,
2464 };
2465
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002466 BIGNUM *p;
2467 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002468 DH *dh = DH_new();
2469 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002470 p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
2471 g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002472
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002473 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002474 DH_free(dh);
2475 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002476 } else {
2477 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002478 }
2479 }
2480 return dh;
2481}
2482
2483static DH *ssl_get_dh_4096(void)
2484{
Remi Gacogned3a341a2015-05-29 16:26:17 +02002485 static unsigned char dh4096_p[]={
2486 0xDE,0x16,0x94,0xCD,0x99,0x58,0x07,0xF1,0xF7,0x32,0x96,0x11,
2487 0x04,0x82,0xD4,0x84,0x72,0x80,0x99,0x06,0xCA,0xF0,0xA3,0x68,
2488 0x07,0xCE,0x64,0x50,0xE7,0x74,0x45,0x20,0x80,0x5E,0x4D,0xAD,
2489 0xA5,0xB6,0xED,0xFA,0x80,0x6C,0x3B,0x35,0xC4,0x9A,0x14,0x6B,
2490 0x32,0xBB,0xFD,0x1F,0x17,0x8E,0xB7,0x1F,0xD6,0xFA,0x3F,0x7B,
2491 0xEE,0x16,0xA5,0x62,0x33,0x0D,0xED,0xBC,0x4E,0x58,0xE5,0x47,
2492 0x4D,0xE9,0xAB,0x8E,0x38,0xD3,0x6E,0x90,0x57,0xE3,0x22,0x15,
2493 0x33,0xBD,0xF6,0x43,0x45,0xB5,0x10,0x0A,0xBE,0x2C,0xB4,0x35,
2494 0xB8,0x53,0x8D,0xAD,0xFB,0xA7,0x1F,0x85,0x58,0x41,0x7A,0x79,
2495 0x20,0x68,0xB3,0xE1,0x3D,0x08,0x76,0xBF,0x86,0x0D,0x49,0xE3,
2496 0x82,0x71,0x8C,0xB4,0x8D,0x81,0x84,0xD4,0xE7,0xBE,0x91,0xDC,
2497 0x26,0x39,0x48,0x0F,0x35,0xC4,0xCA,0x65,0xE3,0x40,0x93,0x52,
2498 0x76,0x58,0x7D,0xDD,0x51,0x75,0xDC,0x69,0x61,0xBF,0x47,0x2C,
2499 0x16,0x68,0x2D,0xC9,0x29,0xD3,0xE6,0xC0,0x99,0x48,0xA0,0x9A,
2500 0xC8,0x78,0xC0,0x6D,0x81,0x67,0x12,0x61,0x3F,0x71,0xBA,0x41,
2501 0x1F,0x6C,0x89,0x44,0x03,0xBA,0x3B,0x39,0x60,0xAA,0x28,0x55,
2502 0x59,0xAE,0xB8,0xFA,0xCB,0x6F,0xA5,0x1A,0xF7,0x2B,0xDD,0x52,
2503 0x8A,0x8B,0xE2,0x71,0xA6,0x5E,0x7E,0xD8,0x2E,0x18,0xE0,0x66,
2504 0xDF,0xDD,0x22,0x21,0x99,0x52,0x73,0xA6,0x33,0x20,0x65,0x0E,
2505 0x53,0xE7,0x6B,0x9B,0xC5,0xA3,0x2F,0x97,0x65,0x76,0xD3,0x47,
2506 0x23,0x77,0x12,0xB6,0x11,0x7B,0x24,0xED,0xF1,0xEF,0xC0,0xE2,
2507 0xA3,0x7E,0x67,0x05,0x3E,0x96,0x4D,0x45,0xC2,0x18,0xD1,0x73,
2508 0x9E,0x07,0xF3,0x81,0x6E,0x52,0x63,0xF6,0x20,0x76,0xB9,0x13,
2509 0xD2,0x65,0x30,0x18,0x16,0x09,0x16,0x9E,0x8F,0xF1,0xD2,0x10,
2510 0x5A,0xD3,0xD4,0xAF,0x16,0x61,0xDA,0x55,0x2E,0x18,0x5E,0x14,
2511 0x08,0x54,0x2E,0x2A,0x25,0xA2,0x1A,0x9B,0x8B,0x32,0xA9,0xFD,
2512 0xC2,0x48,0x96,0xE1,0x80,0xCA,0xE9,0x22,0x17,0xBB,0xCE,0x3E,
2513 0x9E,0xED,0xC7,0xF1,0x1F,0xEC,0x17,0x21,0xDC,0x7B,0x82,0x48,
2514 0x8E,0xBB,0x4B,0x9D,0x5B,0x04,0x04,0xDA,0xDB,0x39,0xDF,0x01,
2515 0x40,0xC3,0xAA,0x26,0x23,0x89,0x75,0xC6,0x0B,0xD0,0xA2,0x60,
2516 0x6A,0xF1,0xCC,0x65,0x18,0x98,0x1B,0x52,0xD2,0x74,0x61,0xCC,
2517 0xBD,0x60,0xAE,0xA3,0xA0,0x66,0x6A,0x16,0x34,0x92,0x3F,0x41,
2518 0x40,0x31,0x29,0xC0,0x2C,0x63,0xB2,0x07,0x8D,0xEB,0x94,0xB8,
2519 0xE8,0x47,0x92,0x52,0x93,0x6A,0x1B,0x7E,0x1A,0x61,0xB3,0x1B,
2520 0xF0,0xD6,0x72,0x9B,0xF1,0xB0,0xAF,0xBF,0x3E,0x65,0xEF,0x23,
2521 0x1D,0x6F,0xFF,0x70,0xCD,0x8A,0x4C,0x8A,0xA0,0x72,0x9D,0xBE,
2522 0xD4,0xBB,0x24,0x47,0x4A,0x68,0xB5,0xF5,0xC6,0xD5,0x7A,0xCD,
2523 0xCA,0x06,0x41,0x07,0xAD,0xC2,0x1E,0xE6,0x54,0xA7,0xAD,0x03,
2524 0xD9,0x12,0xC1,0x9C,0x13,0xB1,0xC9,0x0A,0x43,0x8E,0x1E,0x08,
2525 0xCE,0x50,0x82,0x73,0x5F,0xA7,0x55,0x1D,0xD9,0x59,0xAC,0xB5,
2526 0xEA,0x02,0x7F,0x6C,0x5B,0x74,0x96,0x98,0x67,0x24,0xA3,0x0F,
2527 0x15,0xFC,0xA9,0x7D,0x3E,0x67,0xD1,0x70,0xF8,0x97,0xF3,0x67,
2528 0xC5,0x8C,0x88,0x44,0x08,0x02,0xC7,0x2B,
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002529 };
Remi Gacogned3a341a2015-05-29 16:26:17 +02002530 static unsigned char dh4096_g[]={
2531 0x02,
2532 };
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002533
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002534 BIGNUM *p;
2535 BIGNUM *g;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002536 DH *dh = DH_new();
2537 if (dh) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002538 p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
2539 g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
Remi Gacogned3a341a2015-05-29 16:26:17 +02002540
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002541 if (!p || !g) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002542 DH_free(dh);
2543 dh = NULL;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002544 } else {
2545 DH_set0_pqg(dh, p, NULL, g);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002546 }
2547 }
2548 return dh;
2549}
2550
2551/* Returns Diffie-Hellman parameters matching the private key length
Willy Tarreauef934602016-12-22 23:12:01 +01002552 but not exceeding global_ssl.default_dh_param */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002553static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
2554{
2555 DH *dh = NULL;
2556 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02002557 int type;
2558
2559 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002560
2561 /* The keylen supplied by OpenSSL can only be 512 or 1024.
2562 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
2563 */
2564 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
2565 keylen = EVP_PKEY_bits(pkey);
2566 }
2567
Willy Tarreauef934602016-12-22 23:12:01 +01002568 if (keylen > global_ssl.default_dh_param) {
2569 keylen = global_ssl.default_dh_param;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002570 }
2571
Remi Gacogned3a341a2015-05-29 16:26:17 +02002572 if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002573 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002574 }
2575 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02002576 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002577 }
2578 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02002579 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002580 }
2581
2582 return dh;
2583}
2584
Remi Gacogne47783ef2015-05-29 15:53:22 +02002585static DH * ssl_sock_get_dh_from_file(const char *filename)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002586{
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002587 DH *dh = NULL;
Remi Gacogne47783ef2015-05-29 15:53:22 +02002588 BIO *in = BIO_new(BIO_s_file());
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002589
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002590 if (in == NULL)
2591 goto end;
2592
Remi Gacogne47783ef2015-05-29 15:53:22 +02002593 if (BIO_read_filename(in, filename) <= 0)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002594 goto end;
2595
Remi Gacogne47783ef2015-05-29 15:53:22 +02002596 dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
2597
2598end:
2599 if (in)
2600 BIO_free(in);
2601
2602 return dh;
2603}
2604
2605int ssl_sock_load_global_dh_param_from_file(const char *filename)
2606{
2607 global_dh = ssl_sock_get_dh_from_file(filename);
2608
2609 if (global_dh) {
2610 return 0;
2611 }
2612
2613 return -1;
2614}
2615
2616/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
2617 if an error occured, and 0 if parameter not found. */
2618int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
2619{
2620 int ret = -1;
2621 DH *dh = ssl_sock_get_dh_from_file(file);
2622
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002623 if (dh) {
2624 ret = 1;
2625 SSL_CTX_set_tmp_dh(ctx, dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02002626
2627 if (ssl_dh_ptr_index >= 0) {
2628 /* store a pointer to the DH params to avoid complaining about
2629 ssl-default-dh-param not being set for this SSL_CTX */
2630 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, dh);
2631 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002632 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02002633 else if (global_dh) {
2634 SSL_CTX_set_tmp_dh(ctx, global_dh);
2635 ret = 0; /* DH params not found */
2636 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002637 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002638 /* Clear openssl global errors stack */
2639 ERR_clear_error();
2640
Willy Tarreauef934602016-12-22 23:12:01 +01002641 if (global_ssl.default_dh_param <= 1024) {
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002642 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacognec7e12632016-07-02 16:26:10 +02002643 if (local_dh_1024 == NULL)
2644 local_dh_1024 = ssl_get_dh_1024();
2645
Remi Gacogne8de54152014-07-15 11:36:40 +02002646 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002647 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02002648
Remi Gacogne8de54152014-07-15 11:36:40 +02002649 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02002650 }
2651 else {
2652 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
2653 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02002654
Emeric Brun41fdb3c2013-04-26 11:05:44 +02002655 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002656 }
Emeric Brun644cde02012-12-14 11:21:13 +01002657
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002658end:
2659 if (dh)
2660 DH_free(dh);
2661
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02002662 return ret;
2663}
2664#endif
2665
Emmanuel Hocdet05942112017-02-20 16:11:50 +01002666static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, struct ssl_bind_conf *conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002667 struct pkey_info kinfo, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002668{
2669 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002670 int wild = 0, neg = 0;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002671 struct ebmb_node *node;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002672
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002673 if (*name == '!') {
2674 neg = 1;
2675 name++;
2676 }
2677 if (*name == '*') {
2678 wild = 1;
2679 name++;
2680 }
2681 /* !* filter is a nop */
2682 if (neg && wild)
2683 return order;
2684 if (*name) {
2685 int j, len;
2686 len = strlen(name);
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002687 for (j = 0; j < len && j < trash.size; j++)
2688 trash.str[j] = tolower(name[j]);
2689 if (j >= trash.size)
2690 return order;
2691 trash.str[j] = 0;
2692
2693 /* Check for duplicates. */
2694 if (wild)
2695 node = ebst_lookup(&s->sni_w_ctx, trash.str);
2696 else
2697 node = ebst_lookup(&s->sni_ctx, trash.str);
2698 for (; node; node = ebmb_next_dup(node)) {
2699 sc = ebmb_entry(node, struct sni_ctx, name);
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002700 if (sc->ctx == ctx && sc->conf == conf && sc->neg == neg)
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002701 return order;
2702 }
2703
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002704 sc = malloc(sizeof(struct sni_ctx) + len + 1);
Thierry FOURNIER / OZON.IO7a3bd3b2016-10-06 10:35:29 +02002705 if (!sc)
2706 return order;
Thierry FOURNIER / OZON.IO07c3d782016-10-06 10:56:48 +02002707 memcpy(sc->name.key, trash.str, len + 1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002708 sc->ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002709 sc->conf = conf;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02002710 sc->kinfo = kinfo;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02002711 sc->order = order++;
2712 sc->neg = neg;
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01002713 if (kinfo.sig != TLSEXT_signature_anonymous)
2714 SSL_CTX_set_ex_data(ctx, ssl_pkey_info_index, &sc->kinfo);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01002715 if (wild)
2716 ebst_insert(&s->sni_w_ctx, &sc->name);
2717 else
2718 ebst_insert(&s->sni_ctx, &sc->name);
2719 }
2720 return order;
2721}
2722
yanbzhu488a4d22015-12-01 15:16:07 -05002723
2724/* The following code is used for loading multiple crt files into
2725 * SSL_CTX's based on CN/SAN
2726 */
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01002727#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
yanbzhu488a4d22015-12-01 15:16:07 -05002728/* This is used to preload the certifcate, private key
2729 * and Cert Chain of a file passed in via the crt
2730 * argument
2731 *
2732 * This way, we do not have to read the file multiple times
2733 */
2734struct cert_key_and_chain {
2735 X509 *cert;
2736 EVP_PKEY *key;
2737 unsigned int num_chain_certs;
2738 /* This is an array of X509 pointers */
2739 X509 **chain_certs;
2740};
2741
yanbzhu08ce6ab2015-12-02 13:01:29 -05002742#define SSL_SOCK_POSSIBLE_KT_COMBOS (1<<(SSL_SOCK_NUM_KEYTYPES))
2743
2744struct key_combo_ctx {
2745 SSL_CTX *ctx;
2746 int order;
2747};
2748
2749/* Map used for processing multiple keypairs for a single purpose
2750 *
2751 * This maps CN/SNI name to certificate type
2752 */
2753struct sni_keytype {
2754 int keytypes; /* BITMASK for keytypes */
2755 struct ebmb_node name; /* node holding the servername value */
2756};
2757
2758
yanbzhu488a4d22015-12-01 15:16:07 -05002759/* Frees the contents of a cert_key_and_chain
2760 */
2761static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
2762{
2763 int i;
2764
2765 if (!ckch)
2766 return;
2767
2768 /* Free the certificate and set pointer to NULL */
2769 if (ckch->cert)
2770 X509_free(ckch->cert);
2771 ckch->cert = NULL;
2772
2773 /* Free the key and set pointer to NULL */
2774 if (ckch->key)
2775 EVP_PKEY_free(ckch->key);
2776 ckch->key = NULL;
2777
2778 /* Free each certificate in the chain */
2779 for (i = 0; i < ckch->num_chain_certs; i++) {
2780 if (ckch->chain_certs[i])
2781 X509_free(ckch->chain_certs[i]);
2782 }
2783
2784 /* Free the chain obj itself and set to NULL */
2785 if (ckch->num_chain_certs > 0) {
2786 free(ckch->chain_certs);
2787 ckch->num_chain_certs = 0;
2788 ckch->chain_certs = NULL;
2789 }
2790
2791}
2792
2793/* checks if a key and cert exists in the ckch
2794 */
2795static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
2796{
2797 return (ckch->cert != NULL && ckch->key != NULL);
2798}
2799
2800
2801/* Loads the contents of a crt file (path) into a cert_key_and_chain
2802 * This allows us to carry the contents of the file without having to
2803 * read the file multiple times.
2804 *
2805 * returns:
2806 * 0 on Success
2807 * 1 on SSL Failure
2808 * 2 on file not found
2809 */
2810static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
2811{
2812
2813 BIO *in;
2814 X509 *ca = NULL;
2815 int ret = 1;
2816
2817 ssl_sock_free_cert_key_and_chain_contents(ckch);
2818
2819 in = BIO_new(BIO_s_file());
2820 if (in == NULL)
2821 goto end;
2822
2823 if (BIO_read_filename(in, path) <= 0)
2824 goto end;
2825
yanbzhu488a4d22015-12-01 15:16:07 -05002826 /* Read Private Key */
2827 ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
2828 if (ckch->key == NULL) {
2829 memprintf(err, "%sunable to load private key from file '%s'.\n",
2830 err && *err ? *err : "", path);
2831 goto end;
2832 }
2833
Willy Tarreaubb137a82016-04-06 19:02:38 +02002834 /* Seek back to beginning of file */
Thierry FOURNIER / OZON.IOd44ea3f2016-10-14 00:49:21 +02002835 if (BIO_reset(in) == -1) {
2836 memprintf(err, "%san error occurred while reading the file '%s'.\n",
2837 err && *err ? *err : "", path);
2838 goto end;
2839 }
Willy Tarreaubb137a82016-04-06 19:02:38 +02002840
2841 /* Read Certificate */
2842 ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
2843 if (ckch->cert == NULL) {
2844 memprintf(err, "%sunable to load certificate from file '%s'.\n",
2845 err && *err ? *err : "", path);
2846 goto end;
2847 }
2848
yanbzhu488a4d22015-12-01 15:16:07 -05002849 /* Read Certificate Chain */
2850 while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
2851 /* Grow the chain certs */
2852 ckch->num_chain_certs++;
2853 ckch->chain_certs = realloc(ckch->chain_certs, (ckch->num_chain_certs * sizeof(X509 *)));
2854
2855 /* use - 1 here since we just incremented it above */
2856 ckch->chain_certs[ckch->num_chain_certs - 1] = ca;
2857 }
2858 ret = ERR_get_error();
2859 if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
2860 memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
2861 err && *err ? *err : "", path);
2862 ret = 1;
2863 goto end;
2864 }
2865
2866 ret = 0;
2867
2868end:
2869
2870 ERR_clear_error();
2871 if (in)
2872 BIO_free(in);
2873
2874 /* Something went wrong in one of the reads */
2875 if (ret != 0)
2876 ssl_sock_free_cert_key_and_chain_contents(ckch);
2877
2878 return ret;
2879}
2880
2881/* Loads the info in ckch into ctx
2882 * Currently, this does not process any information about ocsp, dhparams or
2883 * sctl
2884 * Returns
2885 * 0 on success
2886 * 1 on failure
2887 */
2888static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_and_chain *ckch, SSL_CTX *ctx, char **err)
2889{
2890 int i = 0;
2891
2892 if (SSL_CTX_use_PrivateKey(ctx, ckch->key) <= 0) {
2893 memprintf(err, "%sunable to load SSL private key into SSL Context '%s'.\n",
2894 err && *err ? *err : "", path);
2895 return 1;
2896 }
2897
2898 if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
2899 memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
2900 err && *err ? *err : "", path);
2901 return 1;
2902 }
2903
yanbzhu488a4d22015-12-01 15:16:07 -05002904 /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
2905 for (i = 0; i < ckch->num_chain_certs; i++) {
2906 if (!SSL_CTX_add1_chain_cert(ctx, ckch->chain_certs[i])) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05002907 memprintf(err, "%sunable to load chain certificate #%d into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
2908 err && *err ? *err : "", (i+1), path);
yanbzhu488a4d22015-12-01 15:16:07 -05002909 return 1;
2910 }
2911 }
2912
2913 if (SSL_CTX_check_private_key(ctx) <= 0) {
2914 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
2915 err && *err ? *err : "", path);
2916 return 1;
2917 }
2918
2919 return 0;
2920}
2921
yanbzhu08ce6ab2015-12-02 13:01:29 -05002922
2923static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
2924{
2925 struct sni_keytype *s_kt = NULL;
2926 struct ebmb_node *node;
2927 int i;
2928
2929 for (i = 0; i < trash.size; i++) {
2930 if (!str[i])
2931 break;
2932 trash.str[i] = tolower(str[i]);
2933 }
2934 trash.str[i] = 0;
2935 node = ebst_lookup(sni_keytypes, trash.str);
2936 if (!node) {
2937 /* CN not found in tree */
2938 s_kt = malloc(sizeof(struct sni_keytype) + i + 1);
2939 /* Using memcpy here instead of strncpy.
2940 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
2941 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
2942 */
2943 memcpy(s_kt->name.key, trash.str, i+1);
2944 s_kt->keytypes = 0;
2945 ebst_insert(sni_keytypes, &s_kt->name);
2946 } else {
2947 /* CN found in tree */
2948 s_kt = container_of(node, struct sni_keytype, name);
2949 }
2950
2951 /* Mark that this CN has the keytype of key_index via keytypes mask */
2952 s_kt->keytypes |= 1<<key_index;
2953
2954}
2955
2956
2957/* Given a path that does not exist, try to check for path.rsa, path.dsa and path.ecdsa files.
2958 * If any are found, group these files into a set of SSL_CTX*
2959 * based on shared and unique CN and SAN entries. Add these SSL_CTX* to the SNI tree.
2960 *
2961 * This will allow the user to explictly group multiple cert/keys for a single purpose
2962 *
2963 * Returns
2964 * 0 on success
2965 * 1 on failure
2966 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01002967static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
2968 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05002969{
2970 char fp[MAXPATHLEN+1] = {0};
2971 int n = 0;
2972 int i = 0;
2973 struct cert_key_and_chain certs_and_keys[SSL_SOCK_NUM_KEYTYPES] = { {0} };
2974 struct eb_root sni_keytypes_map = { {0} };
2975 struct ebmb_node *node;
2976 struct ebmb_node *next;
2977 /* Array of SSL_CTX pointers corresponding to each possible combo
2978 * of keytypes
2979 */
2980 struct key_combo_ctx key_combos[SSL_SOCK_POSSIBLE_KT_COMBOS] = { {0} };
2981 int rv = 0;
2982 X509_NAME *xname = NULL;
2983 char *str = NULL;
2984#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
2985 STACK_OF(GENERAL_NAME) *names = NULL;
2986#endif
2987
2988 /* Load all possible certs and keys */
2989 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
2990 struct stat buf;
2991
2992 snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
2993 if (stat(fp, &buf) == 0) {
2994 if (ssl_sock_load_crt_file_into_ckch(fp, &certs_and_keys[n], err) == 1) {
2995 rv = 1;
2996 goto end;
2997 }
2998 }
2999 }
3000
3001 /* Process each ckch and update keytypes for each CN/SAN
3002 * for example, if CN/SAN www.a.com is associated with
3003 * certs with keytype 0 and 2, then at the end of the loop,
3004 * www.a.com will have:
3005 * keyindex = 0 | 1 | 4 = 5
3006 */
3007 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3008
3009 if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
3010 continue;
3011
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003012 if (fcount) {
Willy Tarreau24b892f2016-06-20 23:01:57 +02003013 for (i = 0; i < fcount; i++)
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003014 ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
3015 } else {
3016 /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
3017 * so the line that contains logic is marked via comments
3018 */
3019 xname = X509_get_subject_name(certs_and_keys[n].cert);
3020 i = -1;
3021 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3022 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003023 ASN1_STRING *value;
3024 value = X509_NAME_ENTRY_get_data(entry);
3025 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003026 /* Important line is here */
3027 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003028
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003029 OPENSSL_free(str);
3030 str = NULL;
3031 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003032 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003033
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003034 /* Do the above logic for each SAN */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003035#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003036 names = X509_get_ext_d2i(certs_and_keys[n].cert, NID_subject_alt_name, NULL, NULL);
3037 if (names) {
3038 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3039 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003040
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003041 if (name->type == GEN_DNS) {
3042 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
3043 /* Important line is here */
3044 ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003045
Emmanuel Hocdetd294aea2016-05-13 11:14:06 +02003046 OPENSSL_free(str);
3047 str = NULL;
3048 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003049 }
3050 }
3051 }
3052 }
3053#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
3054 }
3055
3056 /* If no files found, return error */
3057 if (eb_is_empty(&sni_keytypes_map)) {
3058 memprintf(err, "%sunable to load SSL certificate file '%s' file does not exist.\n",
3059 err && *err ? *err : "", path);
3060 rv = 1;
3061 goto end;
3062 }
3063
3064 /* We now have a map of CN/SAN to keytypes that are loaded in
3065 * Iterate through the map to create the SSL_CTX's (if needed)
3066 * and add each CTX to the SNI tree
3067 *
3068 * Some math here:
3069 * There are 2^n - 1 possibile combinations, each unique
3070 * combination is denoted by the key in the map. Each key
3071 * has a value between 1 and 2^n - 1. Conveniently, the array
3072 * of SSL_CTX* is sized 2^n. So, we can simply use the i'th
3073 * entry in the array to correspond to the unique combo (key)
3074 * associated with i. This unique key combo (i) will be associated
3075 * with combos[i-1]
3076 */
3077
3078 node = ebmb_first(&sni_keytypes_map);
3079 while (node) {
3080 SSL_CTX *cur_ctx;
Bertrand Jacquin33423092016-11-13 16:37:13 +00003081 char cur_file[MAXPATHLEN+1];
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003082 const struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
yanbzhu08ce6ab2015-12-02 13:01:29 -05003083
3084 str = (char *)container_of(node, struct sni_keytype, name)->name.key;
3085 i = container_of(node, struct sni_keytype, name)->keytypes;
3086 cur_ctx = key_combos[i-1].ctx;
3087
3088 if (cur_ctx == NULL) {
3089 /* need to create SSL_CTX */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003090 cur_ctx = SSL_CTX_new(SSLv23_server_method());
yanbzhu08ce6ab2015-12-02 13:01:29 -05003091 if (cur_ctx == NULL) {
3092 memprintf(err, "%sunable to allocate SSL context.\n",
3093 err && *err ? *err : "");
3094 rv = 1;
3095 goto end;
3096 }
3097
yanbzhube2774d2015-12-10 15:07:30 -05003098 /* Load all required certs/keys/chains/OCSPs info into SSL_CTX */
yanbzhu08ce6ab2015-12-02 13:01:29 -05003099 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
3100 if (i & (1<<n)) {
3101 /* Key combo contains ckch[n] */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003102 snprintf(cur_file, MAXPATHLEN+1, "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
3103 if (ssl_sock_put_ckch_into_ctx(cur_file, &certs_and_keys[n], cur_ctx, err) != 0) {
yanbzhu08ce6ab2015-12-02 13:01:29 -05003104 SSL_CTX_free(cur_ctx);
3105 rv = 1;
3106 goto end;
3107 }
yanbzhube2774d2015-12-10 15:07:30 -05003108
3109#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
3110 /* Load OCSP Info into context */
Bertrand Jacquin33423092016-11-13 16:37:13 +00003111 if (ssl_sock_load_ocsp(cur_ctx, cur_file) < 0) {
yanbzhube2774d2015-12-10 15:07:30 -05003112 if (err)
3113 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
Bertrand Jacquin5424ee02016-11-13 16:37:14 +00003114 *err ? *err : "", cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003115 SSL_CTX_free(cur_ctx);
3116 rv = 1;
3117 goto end;
3118 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003119#elif (defined OPENSSL_IS_BORINGSSL)
3120 ssl_sock_set_ocsp_response_from_file(cur_ctx, cur_file);
yanbzhube2774d2015-12-10 15:07:30 -05003121#endif
yanbzhu08ce6ab2015-12-02 13:01:29 -05003122 }
3123 }
3124
3125 /* Load DH params into the ctx to support DHE keys */
3126#ifndef OPENSSL_NO_DH
3127 if (ssl_dh_ptr_index >= 0)
3128 SSL_CTX_set_ex_data(cur_ctx, ssl_dh_ptr_index, NULL);
3129
3130 rv = ssl_sock_load_dh_params(cur_ctx, NULL);
3131 if (rv < 0) {
3132 if (err)
3133 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3134 *err ? *err : "", path);
3135 rv = 1;
3136 goto end;
3137 }
3138#endif
3139
3140 /* Update key_combos */
3141 key_combos[i-1].ctx = cur_ctx;
3142 }
3143
3144 /* Update SNI Tree */
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003145 key_combos[i-1].order = ssl_sock_add_cert_sni(cur_ctx, bind_conf, ssl_conf,
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003146 kinfo, str, key_combos[i-1].order);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003147 node = ebmb_next(node);
3148 }
3149
3150
3151 /* Mark a default context if none exists, using the ctx that has the most shared keys */
3152 if (!bind_conf->default_ctx) {
3153 for (i = SSL_SOCK_POSSIBLE_KT_COMBOS - 1; i >= 0; i--) {
3154 if (key_combos[i].ctx) {
3155 bind_conf->default_ctx = key_combos[i].ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003156 bind_conf->default_ssl_conf = ssl_conf;
yanbzhu08ce6ab2015-12-02 13:01:29 -05003157 break;
3158 }
3159 }
3160 }
3161
3162end:
3163
3164 if (names)
3165 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
3166
3167 for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
3168 ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
3169
3170 node = ebmb_first(&sni_keytypes_map);
3171 while (node) {
3172 next = ebmb_next(node);
3173 ebmb_delete(node);
3174 node = next;
3175 }
3176
3177 return rv;
3178}
3179#else
3180/* This is a dummy, that just logs an error and returns error */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003181static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3182 char **sni_filter, int fcount, char **err)
yanbzhu08ce6ab2015-12-02 13:01:29 -05003183{
3184 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3185 err && *err ? *err : "", path, strerror(errno));
3186 return 1;
3187}
3188
yanbzhu488a4d22015-12-01 15:16:07 -05003189#endif /* #if OPENSSL_VERSION_NUMBER >= 0x1000200fL: Support for loading multiple certs into a single SSL_CTX */
3190
Emeric Brunfc0421f2012-09-07 17:30:07 +02003191/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
3192 * an early error happens and the caller must call SSL_CTX_free() by itelf.
3193 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003194static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s,
3195 struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003196{
3197 BIO *in;
3198 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003199 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003200 int ret = -1;
3201 int order = 0;
3202 X509_NAME *xname;
3203 char *str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003204 pem_password_cb *passwd_cb;
3205 void *passwd_cb_userdata;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003206 EVP_PKEY *pkey;
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003207 struct pkey_info kinfo = { .sig = TLSEXT_signature_anonymous, .bits = 0 };
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003208
Emeric Brunfc0421f2012-09-07 17:30:07 +02003209#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3210 STACK_OF(GENERAL_NAME) *names;
3211#endif
3212
3213 in = BIO_new(BIO_s_file());
3214 if (in == NULL)
3215 goto end;
3216
3217 if (BIO_read_filename(in, file) <= 0)
3218 goto end;
3219
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003220
3221 passwd_cb = SSL_CTX_get_default_passwd_cb(ctx);
3222 passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx);
3223
3224 x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_cb_userdata);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003225 if (x == NULL)
3226 goto end;
3227
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003228 pkey = X509_get_pubkey(x);
3229 if (pkey) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003230 kinfo.bits = EVP_PKEY_bits(pkey);
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003231 switch(EVP_PKEY_base_id(pkey)) {
3232 case EVP_PKEY_RSA:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003233 kinfo.sig = TLSEXT_signature_rsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003234 break;
3235 case EVP_PKEY_EC:
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003236 kinfo.sig = TLSEXT_signature_ecdsa;
3237 break;
3238 case EVP_PKEY_DSA:
3239 kinfo.sig = TLSEXT_signature_dsa;
Emmanuel Hocdet05942112017-02-20 16:11:50 +01003240 break;
3241 }
3242 EVP_PKEY_free(pkey);
3243 }
3244
Emeric Brun50bcecc2013-04-22 13:05:23 +02003245 if (fcount) {
3246 while (fcount--)
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003247 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003248 }
3249 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003250#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003251 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
3252 if (names) {
3253 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
3254 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
3255 if (name->type == GEN_DNS) {
3256 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003257 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003258 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003259 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003260 }
3261 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003262 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003263 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003264#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003265 xname = X509_get_subject_name(x);
3266 i = -1;
3267 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
3268 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003269 ASN1_STRING *value;
3270
3271 value = X509_NAME_ENTRY_get_data(entry);
3272 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Emmanuel Hocdetddc090b2017-10-27 18:43:29 +02003273 order = ssl_sock_add_cert_sni(ctx, s, ssl_conf, kinfo, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003274 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003275 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003276 }
3277 }
3278
3279 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
3280 if (!SSL_CTX_use_certificate(ctx, x))
3281 goto end;
3282
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003283#ifdef SSL_CTX_clear_extra_chain_certs
3284 SSL_CTX_clear_extra_chain_certs(ctx);
3285#else
Emeric Brunfc0421f2012-09-07 17:30:07 +02003286 if (ctx->extra_certs != NULL) {
3287 sk_X509_pop_free(ctx->extra_certs, X509_free);
3288 ctx->extra_certs = NULL;
3289 }
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003290#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003291
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02003292 while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_cb_userdata))) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02003293 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
3294 X509_free(ca);
3295 goto end;
3296 }
3297 }
3298
3299 err = ERR_get_error();
3300 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
3301 /* we successfully reached the last cert in the file */
3302 ret = 1;
3303 }
3304 ERR_clear_error();
3305
3306end:
3307 if (x)
3308 X509_free(x);
3309
3310 if (in)
3311 BIO_free(in);
3312
3313 return ret;
3314}
3315
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003316static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf,
3317 char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003318{
3319 int ret;
3320 SSL_CTX *ctx;
3321
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003322 ctx = SSL_CTX_new(SSLv23_server_method());
Emeric Brunfc0421f2012-09-07 17:30:07 +02003323 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003324 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
3325 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003326 return 1;
3327 }
3328
3329 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003330 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
3331 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003332 SSL_CTX_free(ctx);
3333 return 1;
3334 }
3335
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003336 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, ssl_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003337 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003338 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
3339 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003340 if (ret < 0) /* serious error, must do that ourselves */
3341 SSL_CTX_free(ctx);
3342 return 1;
3343 }
Emeric Brun61694ab2012-10-26 13:35:33 +02003344
3345 if (SSL_CTX_check_private_key(ctx) <= 0) {
3346 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
3347 err && *err ? *err : "", path);
3348 return 1;
3349 }
3350
Emeric Brunfc0421f2012-09-07 17:30:07 +02003351 /* we must not free the SSL_CTX anymore below, since it's already in
3352 * the tree, so it will be discovered and cleaned in time.
3353 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003354#ifndef OPENSSL_NO_DH
Remi Gacogne4f902b82015-05-28 16:23:00 +02003355 /* store a NULL pointer to indicate we have not yet loaded
3356 a custom DH param file */
3357 if (ssl_dh_ptr_index >= 0) {
3358 SSL_CTX_set_ex_data(ctx, ssl_dh_ptr_index, NULL);
3359 }
3360
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003361 ret = ssl_sock_load_dh_params(ctx, path);
3362 if (ret < 0) {
3363 if (err)
3364 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
3365 *err ? *err : "", path);
3366 return 1;
3367 }
3368#endif
3369
Lukas Tribuse4e30f72014-12-09 16:32:51 +01003370#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02003371 ret = ssl_sock_load_ocsp(ctx, path);
3372 if (ret < 0) {
3373 if (err)
3374 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
3375 *err ? *err : "", path);
3376 return 1;
3377 }
Emmanuel Hocdet2c32d8f2017-05-22 14:58:00 +02003378#elif (defined OPENSSL_IS_BORINGSSL)
3379 ssl_sock_set_ocsp_response_from_file(ctx, path);
Emeric Brun4147b2e2014-06-16 18:36:30 +02003380#endif
3381
Daniel Jakots54ffb912015-11-06 20:02:41 +01003382#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01003383 if (sctl_ex_index >= 0) {
3384 ret = ssl_sock_load_sctl(ctx, path);
3385 if (ret < 0) {
3386 if (err)
3387 memprintf(err, "%s '%s.sctl' is present but cannot be read or parsed'.\n",
3388 *err ? *err : "", path);
3389 return 1;
3390 }
3391 }
3392#endif
3393
Emeric Brunfc0421f2012-09-07 17:30:07 +02003394#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003395 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003396 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
3397 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02003398 return 1;
3399 }
3400#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003401 if (!bind_conf->default_ctx) {
Willy Tarreau2a65ff02012-09-13 17:54:29 +02003402 bind_conf->default_ctx = ctx;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003403 bind_conf->default_ssl_conf = ssl_conf;
3404 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02003405
3406 return 0;
3407}
3408
Willy Tarreau03209342016-12-22 17:08:28 +01003409int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003410{
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003411 struct dirent **de_list;
3412 int i, n;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003413 DIR *dir;
3414 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01003415 char *end;
3416 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02003417 int cfgerr = 0;
yanbzhu63ea8462015-12-09 13:35:14 -05003418#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3419 int is_bundle;
3420 int j;
3421#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02003422
yanbzhu08ce6ab2015-12-02 13:01:29 -05003423 if (stat(path, &buf) == 0) {
3424 dir = opendir(path);
3425 if (!dir)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003426 return ssl_sock_load_cert_file(path, bind_conf, NULL, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003427
yanbzhu08ce6ab2015-12-02 13:01:29 -05003428 /* strip trailing slashes, including first one */
3429 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
3430 *end = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003431
yanbzhu08ce6ab2015-12-02 13:01:29 -05003432 n = scandir(path, &de_list, 0, alphasort);
3433 if (n < 0) {
3434 memprintf(err, "%sunable to scan directory '%s' : %s.\n",
3435 err && *err ? *err : "", path, strerror(errno));
3436 cfgerr++;
3437 }
3438 else {
3439 for (i = 0; i < n; i++) {
3440 struct dirent *de = de_list[i];
Emeric Brun2aab7222014-06-18 18:15:09 +02003441
yanbzhu08ce6ab2015-12-02 13:01:29 -05003442 end = strrchr(de->d_name, '.');
3443 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl")))
3444 goto ignore_entry;
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003445
yanbzhu08ce6ab2015-12-02 13:01:29 -05003446 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
3447 if (stat(fp, &buf) != 0) {
3448 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
3449 err && *err ? *err : "", fp, strerror(errno));
3450 cfgerr++;
3451 goto ignore_entry;
3452 }
3453 if (!S_ISREG(buf.st_mode))
3454 goto ignore_entry;
yanbzhu63ea8462015-12-09 13:35:14 -05003455
3456#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
3457 is_bundle = 0;
3458 /* Check if current entry in directory is part of a multi-cert bundle */
3459
3460 if (end) {
3461 for (j = 0; j < SSL_SOCK_NUM_KEYTYPES; j++) {
3462 if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
3463 is_bundle = 1;
3464 break;
3465 }
3466 }
3467
3468 if (is_bundle) {
3469 char dp[MAXPATHLEN+1] = {0}; /* this will be the filename w/o the keytype */
3470 int dp_len;
3471
3472 dp_len = end - de->d_name;
3473 snprintf(dp, dp_len + 1, "%s", de->d_name);
3474
3475 /* increment i and free de until we get to a non-bundle cert
3476 * Note here that we look at de_list[i + 1] before freeing de
3477 * this is important since ignore_entry will free de
3478 */
3479 while (i + 1 < n && !strncmp(de_list[i + 1]->d_name, dp, dp_len)) {
3480 free(de);
3481 i++;
3482 de = de_list[i];
3483 }
3484
3485 snprintf(fp, sizeof(fp), "%s/%s", path, dp);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003486 ssl_sock_load_multi_cert(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu63ea8462015-12-09 13:35:14 -05003487
3488 /* Successfully processed the bundle */
3489 goto ignore_entry;
3490 }
3491 }
3492
3493#endif
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003494 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003495ignore_entry:
3496 free(de);
Cyril Bonté3180f7b2015-01-25 00:16:08 +01003497 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003498 free(de_list);
Emeric Brunfc0421f2012-09-07 17:30:07 +02003499 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003500 closedir(dir);
3501 return cfgerr;
Emeric Brunfc0421f2012-09-07 17:30:07 +02003502 }
yanbzhu08ce6ab2015-12-02 13:01:29 -05003503
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003504 cfgerr = ssl_sock_load_multi_cert(path, bind_conf, NULL, NULL, 0, err);
yanbzhu08ce6ab2015-12-02 13:01:29 -05003505
Emeric Brunfc0421f2012-09-07 17:30:07 +02003506 return cfgerr;
3507}
3508
Thierry Fournier383085f2013-01-24 14:15:43 +01003509/* Make sure openssl opens /dev/urandom before the chroot. The work is only
3510 * done once. Zero is returned if the operation fails. No error is returned
3511 * if the random is said as not implemented, because we expect that openssl
3512 * will use another method once needed.
3513 */
3514static int ssl_initialize_random()
3515{
3516 unsigned char random;
3517 static int random_initialized = 0;
3518
3519 if (!random_initialized && RAND_bytes(&random, 1) != 0)
3520 random_initialized = 1;
3521
3522 return random_initialized;
3523}
3524
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003525/* release ssl bind conf */
3526void ssl_sock_free_ssl_conf(struct ssl_bind_conf *conf)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003527{
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003528 if (conf) {
Bernard Spil13c53f82018-02-15 13:34:58 +01003529#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003530 free(conf->npn_str);
3531 conf->npn_str = NULL;
3532#endif
3533#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
3534 free(conf->alpn_str);
3535 conf->alpn_str = NULL;
3536#endif
3537 free(conf->ca_file);
3538 conf->ca_file = NULL;
3539 free(conf->crl_file);
3540 conf->crl_file = NULL;
3541 free(conf->ciphers);
3542 conf->ciphers = NULL;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01003543 free(conf->curves);
3544 conf->curves = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003545 free(conf->ecdhe);
3546 conf->ecdhe = NULL;
3547 }
3548}
3549
3550int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
3551{
3552 char thisline[CRT_LINESIZE];
3553 char path[MAXPATHLEN+1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003554 FILE *f;
yanbzhu1b04e5b2015-12-02 13:54:14 -05003555 struct stat buf;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003556 int linenum = 0;
3557 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003558
Willy Tarreauad1731d2013-04-02 17:35:58 +02003559 if ((f = fopen(file, "r")) == NULL) {
3560 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003561 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003562 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003563
3564 while (fgets(thisline, sizeof(thisline), f) != NULL) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003565 int arg, newarg, cur_arg, i, ssl_b = 0, ssl_e = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003566 char *end;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003567 char *args[MAX_CRT_ARGS + 1];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003568 char *line = thisline;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003569 char *crt_path;
3570 struct ssl_bind_conf *ssl_conf = NULL;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003571
3572 linenum++;
3573 end = line + strlen(line);
3574 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
3575 /* Check if we reached the limit and the last char is not \n.
3576 * Watch out for the last line without the terminating '\n'!
3577 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02003578 memprintf(err, "line %d too long in file '%s', limit is %d characters",
3579 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003580 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003581 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003582 }
3583
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003584 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02003585 newarg = 1;
3586 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003587 if (*line == '#' || *line == '\n' || *line == '\r') {
3588 /* end of string, end of loop */
3589 *line = 0;
3590 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003591 } else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02003592 newarg = 1;
3593 *line = 0;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003594 } else if (*line == '[') {
3595 if (ssl_b) {
3596 memprintf(err, "too many '[' on line %d in file '%s'.", linenum, file);
3597 cfgerr = 1;
3598 break;
3599 }
3600 if (!arg) {
3601 memprintf(err, "file must start with a cert on line %d in file '%s'", linenum, file);
3602 cfgerr = 1;
3603 break;
3604 }
3605 ssl_b = arg;
3606 newarg = 1;
3607 *line = 0;
3608 } else if (*line == ']') {
3609 if (ssl_e) {
3610 memprintf(err, "too many ']' on line %d in file '%s'.", linenum, file);
Emeric Brun50bcecc2013-04-22 13:05:23 +02003611 cfgerr = 1;
3612 break;
3613 }
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003614 if (!ssl_b) {
3615 memprintf(err, "missing '[' in line %d in file '%s'.", linenum, file);
3616 cfgerr = 1;
3617 break;
3618 }
3619 ssl_e = arg;
3620 newarg = 1;
3621 *line = 0;
3622 } else if (newarg) {
3623 if (arg == MAX_CRT_ARGS) {
3624 memprintf(err, "too many args on line %d in file '%s'.", linenum, file);
3625 cfgerr = 1;
3626 break;
3627 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003628 newarg = 0;
3629 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003630 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02003631 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003632 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02003633 if (cfgerr)
3634 break;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003635 args[arg++] = line;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003636
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003637 /* empty line */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003638 if (!*args[0])
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003639 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003640
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003641 crt_path = args[0];
3642 if (*crt_path != '/' && global_ssl.crt_base) {
3643 if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > MAXPATHLEN) {
3644 memprintf(err, "'%s' : path too long on line %d in file '%s'",
3645 crt_path, linenum, file);
3646 cfgerr = 1;
3647 break;
3648 }
3649 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, crt_path);
3650 crt_path = path;
3651 }
3652
3653 ssl_conf = calloc(1, sizeof *ssl_conf);
3654 cur_arg = ssl_b ? ssl_b : 1;
3655 while (cur_arg < ssl_e) {
3656 newarg = 0;
3657 for (i = 0; ssl_bind_kws[i].kw != NULL; i++) {
3658 if (strcmp(ssl_bind_kws[i].kw, args[cur_arg]) == 0) {
3659 newarg = 1;
3660 cfgerr = ssl_bind_kws[i].parse(args, cur_arg, curproxy, ssl_conf, err);
3661 if (cur_arg + 1 + ssl_bind_kws[i].skip > ssl_e) {
3662 memprintf(err, "ssl args out of '[]' for %s on line %d in file '%s'",
3663 args[cur_arg], linenum, file);
3664 cfgerr = 1;
3665 }
3666 cur_arg += 1 + ssl_bind_kws[i].skip;
3667 break;
3668 }
3669 }
3670 if (!cfgerr && !newarg) {
3671 memprintf(err, "unknown ssl keyword %s on line %d in file '%s'.",
3672 args[cur_arg], linenum, file);
3673 cfgerr = 1;
3674 break;
3675 }
3676 }
3677 if (cfgerr) {
3678 ssl_sock_free_ssl_conf(ssl_conf);
3679 free(ssl_conf);
3680 ssl_conf = NULL;
3681 break;
3682 }
3683
3684 if (stat(crt_path, &buf) == 0) {
3685 cfgerr = ssl_sock_load_cert_file(crt_path, bind_conf, ssl_conf,
3686 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003687 } else {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01003688 cfgerr = ssl_sock_load_multi_cert(crt_path, bind_conf, ssl_conf,
3689 &args[cur_arg], arg - cur_arg - 1, err);
yanbzhu1b04e5b2015-12-02 13:54:14 -05003690 }
3691
Willy Tarreauad1731d2013-04-02 17:35:58 +02003692 if (cfgerr) {
3693 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003694 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003695 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003696 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003697 fclose(f);
3698 return cfgerr;
3699}
3700
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003701/* Create an initial CTX used to start the SSL connection before switchctx */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003702static int
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003703ssl_sock_initial_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02003704{
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003705 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003706 long options =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003707 SSL_OP_ALL | /* all known workarounds for bugs */
3708 SSL_OP_NO_SSLv2 |
3709 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02003710 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02003711 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003712 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
Lukas Tribus926594f2018-05-18 17:55:57 +02003713 SSL_OP_PRIORITIZE_CHACHA |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02003714 SSL_OP_CIPHER_SERVER_PREFERENCE;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003715 long mode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02003716 SSL_MODE_ENABLE_PARTIAL_WRITE |
3717 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01003718 SSL_MODE_RELEASE_BUFFERS |
3719 SSL_MODE_SMALL_BUFFERS;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02003720 struct tls_version_filter *conf_ssl_methods = &bind_conf->ssl_conf.ssl_methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003721 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003722 int flags = MC_SSL_O_ALL;
3723 int cfgerr = 0;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003724
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003725 ctx = SSL_CTX_new(SSLv23_server_method());
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003726 bind_conf->initial_ctx = ctx;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003727
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003728 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01003729 ha_warning("Proxy '%s': no-sslv3/no-tlsv1x are ignored for bind '%s' at [%s:%d]. "
3730 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3731 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003732 else
3733 flags = conf_ssl_methods->flags;
3734
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003735 min = conf_ssl_methods->min;
3736 max = conf_ssl_methods->max;
3737 /* start with TLSv10 to remove SSLv3 per default */
3738 if (!min && (!max || max >= CONF_TLSV10))
3739 min = CONF_TLSV10;
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003740 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdetbd695fe2017-05-15 15:53:41 +02003741 if (min)
3742 flags |= (methodVersions[min].flag - 1);
3743 if (max)
3744 flags |= ~((methodVersions[max].flag << 1) - 1);
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003745 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003746 min = max = CONF_TLSV_NONE;
3747 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003748 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003749 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003750 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003751 if (min) {
3752 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003753 ha_warning("Proxy '%s': SSL/TLS versions range not contiguous for bind '%s' at [%s:%d]. "
3754 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
3755 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line,
3756 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003757 hole = 0;
3758 }
3759 max = i;
3760 }
3761 else {
3762 min = max = i;
3763 }
3764 }
3765 else {
3766 if (min)
3767 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003768 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003769 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01003770 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
3771 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003772 cfgerr += 1;
3773 }
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02003774 /* save real min/max in bind_conf */
3775 conf_ssl_methods->min = min;
3776 conf_ssl_methods->max = max;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003777
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02003778#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003779 /* Keep force-xxx implementation as it is in older haproxy. It's a
3780 precautionary measure to avoid any suprise with older openssl version. */
3781 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003782 methodVersions[min].ctx_set_version(ctx, SET_SERVER);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003783 else
3784 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
3785 if (flags & methodVersions[i].flag)
3786 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003787#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02003788 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02003789 methodVersions[min].ctx_set_version(ctx, SET_MIN);
3790 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emeric Brunfa5c5c82017-04-28 16:19:51 +02003791#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003792
3793 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
3794 options |= SSL_OP_NO_TICKET;
3795 if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
3796 options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
3797 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003798
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02003799#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00003800 if (global_ssl.async)
3801 mode |= SSL_MODE_ASYNC;
3802#endif
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02003803 SSL_CTX_set_mode(ctx, mode);
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003804 if (global_ssl.life_time)
3805 SSL_CTX_set_timeout(ctx, global_ssl.life_time);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003806
3807#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
3808#ifdef OPENSSL_IS_BORINGSSL
3809 SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
3810 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02003811#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
3812 SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
3813 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003814#else
3815 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003816#endif
Emmanuel Hocdet253c62b2017-08-14 11:01:25 +02003817 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01003818#endif
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02003819 return cfgerr;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01003820}
3821
William Lallemand4f45bb92017-10-30 20:08:51 +01003822
3823static inline void sh_ssl_sess_free_blocks(struct shared_block *first, struct shared_block *block)
3824{
3825 if (first == block) {
3826 struct sh_ssl_sess_hdr *sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3827 if (first->len > 0)
3828 sh_ssl_sess_tree_delete(sh_ssl_sess);
3829 }
3830}
3831
3832/* return first block from sh_ssl_sess */
3833static inline struct shared_block *sh_ssl_sess_first_block(struct sh_ssl_sess_hdr *sh_ssl_sess)
3834{
3835 return (struct shared_block *)((unsigned char *)sh_ssl_sess - ((struct shared_block *)NULL)->data);
3836
3837}
3838
3839/* store a session into the cache
3840 * s_id : session id padded with zero to SSL_MAX_SSL_SESSION_ID_LENGTH
3841 * data: asn1 encoded session
3842 * data_len: asn1 encoded session length
3843 * Returns 1 id session was stored (else 0)
3844 */
3845static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_len)
3846{
3847 struct shared_block *first;
3848 struct sh_ssl_sess_hdr *sh_ssl_sess, *oldsh_ssl_sess;
3849
3850 first = shctx_row_reserve_hot(ssl_shctx, data_len + sizeof(struct sh_ssl_sess_hdr));
3851 if (!first) {
3852 /* Could not retrieve enough free blocks to store that session */
3853 return 0;
3854 }
3855
3856 /* STORE the key in the first elem */
3857 sh_ssl_sess = (struct sh_ssl_sess_hdr *)first->data;
3858 memcpy(sh_ssl_sess->key_data, s_id, SSL_MAX_SSL_SESSION_ID_LENGTH);
3859 first->len = sizeof(struct sh_ssl_sess_hdr);
3860
3861 /* it returns the already existing node
3862 or current node if none, never returns null */
3863 oldsh_ssl_sess = sh_ssl_sess_tree_insert(sh_ssl_sess);
3864 if (oldsh_ssl_sess != sh_ssl_sess) {
3865 /* NOTE: Row couldn't be in use because we lock read & write function */
3866 /* release the reserved row */
3867 shctx_row_dec_hot(ssl_shctx, first);
3868 /* replace the previous session already in the tree */
3869 sh_ssl_sess = oldsh_ssl_sess;
3870 /* ignore the previous session data, only use the header */
3871 first = sh_ssl_sess_first_block(sh_ssl_sess);
3872 shctx_row_inc_hot(ssl_shctx, first);
3873 first->len = sizeof(struct sh_ssl_sess_hdr);
3874 }
3875
William Lallemand99b90af2018-01-03 19:15:51 +01003876 if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) {
3877 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003878 return 0;
William Lallemand99b90af2018-01-03 19:15:51 +01003879 }
3880
3881 shctx_row_dec_hot(ssl_shctx, first);
William Lallemand4f45bb92017-10-30 20:08:51 +01003882
3883 return 1;
3884}
William Lallemanded0b5ad2017-10-30 19:36:36 +01003885
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003886/* SSL callback used when a new session is created while connecting to a server */
3887static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
3888{
Thierry FOURNIER28962c92018-06-17 21:37:05 +02003889 struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Olivier Houcharde6060c52017-11-16 17:42:52 +01003890 struct server *s;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003891
Olivier Houcharde6060c52017-11-16 17:42:52 +01003892 s = objt_server(conn->target);
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003893
Olivier Houcharde6060c52017-11-16 17:42:52 +01003894 if (!(s->ssl_ctx.options & SRV_SSL_O_NO_REUSE)) {
3895 int len;
3896 unsigned char *ptr;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003897
Olivier Houcharde6060c52017-11-16 17:42:52 +01003898 len = i2d_SSL_SESSION(sess, NULL);
3899 if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
3900 ptr = s->ssl_ctx.reused_sess[tid].ptr;
3901 } else {
3902 free(s->ssl_ctx.reused_sess[tid].ptr);
3903 ptr = s->ssl_ctx.reused_sess[tid].ptr = malloc(len);
3904 s->ssl_ctx.reused_sess[tid].allocated_size = len;
3905 }
3906 if (s->ssl_ctx.reused_sess[tid].ptr) {
3907 s->ssl_ctx.reused_sess[tid].size = i2d_SSL_SESSION(sess,
3908 &ptr);
3909 }
3910 } else {
3911 free(s->ssl_ctx.reused_sess[tid].ptr);
3912 s->ssl_ctx.reused_sess[tid].ptr = NULL;
3913 }
3914
3915 return 0;
Olivier Houchardbd84ac82017-11-03 13:43:35 +01003916}
3917
Olivier Houcharde6060c52017-11-16 17:42:52 +01003918
William Lallemanded0b5ad2017-10-30 19:36:36 +01003919/* SSL callback used on new session creation */
William Lallemand4f45bb92017-10-30 20:08:51 +01003920int sh_ssl_sess_new_cb(SSL *ssl, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003921{
3922 unsigned char encsess[SHSESS_MAX_DATA_LEN]; /* encoded session */
3923 unsigned char encid[SSL_MAX_SSL_SESSION_ID_LENGTH]; /* encoded id */
3924 unsigned char *p;
3925 int data_len;
3926 unsigned int sid_length, sid_ctx_length;
3927 const unsigned char *sid_data;
3928 const unsigned char *sid_ctx_data;
3929
3930 /* Session id is already stored in to key and session id is known
3931 * so we dont store it to keep size.
3932 */
3933
3934 sid_data = SSL_SESSION_get_id(sess, &sid_length);
3935 sid_ctx_data = SSL_SESSION_get0_id_context(sess, &sid_ctx_length);
3936 SSL_SESSION_set1_id(sess, sid_data, 0);
3937 SSL_SESSION_set1_id_context(sess, sid_ctx_data, 0);
3938
3939 /* check if buffer is large enough for the ASN1 encoded session */
3940 data_len = i2d_SSL_SESSION(sess, NULL);
3941 if (data_len > SHSESS_MAX_DATA_LEN)
3942 goto err;
3943
3944 p = encsess;
3945
3946 /* process ASN1 session encoding before the lock */
3947 i2d_SSL_SESSION(sess, &p);
3948
3949 memcpy(encid, sid_data, sid_length);
3950 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH)
3951 memset(encid + sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH-sid_length);
3952
William Lallemanda3c77cf2017-10-30 23:44:40 +01003953 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003954 /* store to cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003955 sh_ssl_sess_store(encid, encsess, data_len);
William Lallemanda3c77cf2017-10-30 23:44:40 +01003956 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003957err:
3958 /* reset original length values */
3959 SSL_SESSION_set1_id(sess, sid_data, sid_length);
3960 SSL_SESSION_set1_id_context(sess, sid_ctx_data, sid_ctx_length);
3961
3962 return 0; /* do not increment session reference count */
3963}
3964
3965/* SSL callback used on lookup an existing session cause none found in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01003966SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *key, int key_len, int *do_copy)
William Lallemanded0b5ad2017-10-30 19:36:36 +01003967{
William Lallemand4f45bb92017-10-30 20:08:51 +01003968 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003969 unsigned char data[SHSESS_MAX_DATA_LEN], *p;
3970 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
William Lallemanded0b5ad2017-10-30 19:36:36 +01003971 SSL_SESSION *sess;
William Lallemand4f45bb92017-10-30 20:08:51 +01003972 struct shared_block *first;
William Lallemanded0b5ad2017-10-30 19:36:36 +01003973
3974 global.shctx_lookups++;
3975
3976 /* allow the session to be freed automatically by openssl */
3977 *do_copy = 0;
3978
3979 /* tree key is zeros padded sessionid */
3980 if (key_len < SSL_MAX_SSL_SESSION_ID_LENGTH) {
3981 memcpy(tmpkey, key, key_len);
3982 memset(tmpkey + key_len, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - key_len);
3983 key = tmpkey;
3984 }
3985
3986 /* lock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003987 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003988
3989 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01003990 sh_ssl_sess = sh_ssl_sess_tree_lookup(key);
3991 if (!sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01003992 /* no session found: unlock cache and exit */
William Lallemanda3c77cf2017-10-30 23:44:40 +01003993 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01003994 global.shctx_misses++;
3995 return NULL;
3996 }
3997
William Lallemand4f45bb92017-10-30 20:08:51 +01003998 /* sh_ssl_sess (shared_block->data) is at the end of shared_block */
3999 first = sh_ssl_sess_first_block(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004000
William Lallemand4f45bb92017-10-30 20:08:51 +01004001 shctx_row_data_get(ssl_shctx, first, data, sizeof(struct sh_ssl_sess_hdr), first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004002
William Lallemanda3c77cf2017-10-30 23:44:40 +01004003 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004004
4005 /* decode ASN1 session */
4006 p = data;
William Lallemand4f45bb92017-10-30 20:08:51 +01004007 sess = d2i_SSL_SESSION(NULL, (const unsigned char **)&p, first->len-sizeof(struct sh_ssl_sess_hdr));
William Lallemanded0b5ad2017-10-30 19:36:36 +01004008 /* Reset session id and session id contenxt */
4009 if (sess) {
4010 SSL_SESSION_set1_id(sess, key, key_len);
4011 SSL_SESSION_set1_id_context(sess, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4012 }
4013
4014 return sess;
4015}
4016
William Lallemand4f45bb92017-10-30 20:08:51 +01004017
William Lallemanded0b5ad2017-10-30 19:36:36 +01004018/* SSL callback used to signal session is no more used in internal cache */
William Lallemand4f45bb92017-10-30 20:08:51 +01004019void sh_ssl_sess_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004020{
William Lallemand4f45bb92017-10-30 20:08:51 +01004021 struct sh_ssl_sess_hdr *sh_ssl_sess;
William Lallemanded0b5ad2017-10-30 19:36:36 +01004022 unsigned char tmpkey[SSL_MAX_SSL_SESSION_ID_LENGTH];
4023 unsigned int sid_length;
4024 const unsigned char *sid_data;
4025 (void)ctx;
4026
4027 sid_data = SSL_SESSION_get_id(sess, &sid_length);
4028 /* tree key is zeros padded sessionid */
4029 if (sid_length < SSL_MAX_SSL_SESSION_ID_LENGTH) {
4030 memcpy(tmpkey, sid_data, sid_length);
4031 memset(tmpkey+sid_length, 0, SSL_MAX_SSL_SESSION_ID_LENGTH - sid_length);
4032 sid_data = tmpkey;
4033 }
4034
William Lallemanda3c77cf2017-10-30 23:44:40 +01004035 shctx_lock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004036
4037 /* lookup for session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004038 sh_ssl_sess = sh_ssl_sess_tree_lookup(sid_data);
4039 if (sh_ssl_sess) {
William Lallemanded0b5ad2017-10-30 19:36:36 +01004040 /* free session */
William Lallemand4f45bb92017-10-30 20:08:51 +01004041 sh_ssl_sess_tree_delete(sh_ssl_sess);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004042 }
4043
4044 /* unlock cache */
William Lallemanda3c77cf2017-10-30 23:44:40 +01004045 shctx_unlock(ssl_shctx);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004046}
4047
4048/* Set session cache mode to server and disable openssl internal cache.
4049 * Set shared cache callbacks on an ssl context.
4050 * Shared context MUST be firstly initialized */
William Lallemand4f45bb92017-10-30 20:08:51 +01004051void ssl_set_shctx(SSL_CTX *ctx)
William Lallemanded0b5ad2017-10-30 19:36:36 +01004052{
4053 SSL_CTX_set_session_id_context(ctx, (const unsigned char *)SHCTX_APPNAME, strlen(SHCTX_APPNAME));
4054
4055 if (!ssl_shctx) {
4056 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
4057 return;
4058 }
4059
4060 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER |
4061 SSL_SESS_CACHE_NO_INTERNAL |
4062 SSL_SESS_CACHE_NO_AUTO_CLEAR);
4063
4064 /* Set callbacks */
William Lallemand4f45bb92017-10-30 20:08:51 +01004065 SSL_CTX_sess_set_new_cb(ctx, sh_ssl_sess_new_cb);
4066 SSL_CTX_sess_set_get_cb(ctx, sh_ssl_sess_get_cb);
4067 SSL_CTX_sess_set_remove_cb(ctx, sh_ssl_sess_remove_cb);
William Lallemanded0b5ad2017-10-30 19:36:36 +01004068}
4069
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004070int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_conf, SSL_CTX *ctx)
4071{
4072 struct proxy *curproxy = bind_conf->frontend;
4073 int cfgerr = 0;
4074 int verify = SSL_VERIFY_NONE;
Willy Tarreau5d4cafb2018-01-04 18:55:19 +01004075 struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004076 const char *conf_ciphers;
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004077 const char *conf_curves = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02004078
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004079 if (ssl_conf) {
4080 struct tls_version_filter *conf_ssl_methods = &ssl_conf->ssl_methods;
4081 int i, min, max;
4082 int flags = MC_SSL_O_ALL;
4083
4084 /* Real min and max should be determinate with configuration and openssl's capabilities */
Emmanuel Hocdet43664762017-08-09 18:26:20 +02004085 min = conf_ssl_methods->min ? conf_ssl_methods->min : bind_conf->ssl_conf.ssl_methods.min;
4086 max = conf_ssl_methods->max ? conf_ssl_methods->max : bind_conf->ssl_conf.ssl_methods.max;
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004087 if (min)
4088 flags |= (methodVersions[min].flag - 1);
4089 if (max)
4090 flags |= ~((methodVersions[max].flag << 1) - 1);
4091 min = max = CONF_TLSV_NONE;
4092 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4093 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
4094 if (min)
4095 max = i;
4096 else
4097 min = max = i;
4098 }
4099 /* save real min/max */
4100 conf_ssl_methods->min = min;
4101 conf_ssl_methods->max = max;
4102 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004103 ha_alert("Proxy '%s': all SSL/TLS versions are disabled for bind '%s' at [%s:%d].\n",
4104 bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02004105 cfgerr += 1;
4106 }
4107 }
4108
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004109 switch ((ssl_conf && ssl_conf->verify) ? ssl_conf->verify : bind_conf->ssl_conf.verify) {
Emeric Brun850efd52014-01-29 12:24:34 +01004110 case SSL_SOCK_VERIFY_NONE:
4111 verify = SSL_VERIFY_NONE;
4112 break;
4113 case SSL_SOCK_VERIFY_OPTIONAL:
4114 verify = SSL_VERIFY_PEER;
4115 break;
4116 case SSL_SOCK_VERIFY_REQUIRED:
4117 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
4118 break;
4119 }
4120 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
4121 if (verify & SSL_VERIFY_PEER) {
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004122 char *ca_file = (ssl_conf && ssl_conf->ca_file) ? ssl_conf->ca_file : bind_conf->ssl_conf.ca_file;
4123 char *crl_file = (ssl_conf && ssl_conf->crl_file) ? ssl_conf->crl_file : bind_conf->ssl_conf.crl_file;
4124 if (ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004125 /* load CAfile to verify */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004126 if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004127 ha_alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
4128 curproxy->id, ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004129 cfgerr++;
4130 }
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02004131 if (!((ssl_conf && ssl_conf->no_ca_names) || bind_conf->ssl_conf.no_ca_names)) {
4132 /* set CA names for client cert request, function returns void */
4133 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(ca_file));
4134 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004135 }
Emeric Brun850efd52014-01-29 12:24:34 +01004136 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004137 ha_alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
4138 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun850efd52014-01-29 12:24:34 +01004139 cfgerr++;
4140 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004141#ifdef X509_V_FLAG_CRL_CHECK
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004142 if (crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02004143 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
4144
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004145 if (!store || !X509_STORE_load_locations(store, crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004146 ha_alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
4147 curproxy->id, crl_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02004148 cfgerr++;
4149 }
Emeric Brun561e5742012-10-02 15:20:55 +02004150 else {
4151 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4152 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02004153 }
Emeric Brun051cdab2012-10-02 19:25:50 +02004154#endif
Emeric Brun644cde02012-12-14 11:21:13 +01004155 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02004156 }
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004157#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
Nenad Merdanovic146defa2015-05-09 08:46:00 +02004158 if(bind_conf->keys_ref) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004159 if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004160 ha_alert("Proxy '%s': unable to set callback for TLS ticket validation for bind '%s' at [%s:%d].\n",
4161 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01004162 cfgerr++;
4163 }
4164 }
4165#endif
4166
William Lallemand4f45bb92017-10-30 20:08:51 +01004167 ssl_set_shctx(ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004168 conf_ciphers = (ssl_conf && ssl_conf->ciphers) ? ssl_conf->ciphers : bind_conf->ssl_conf.ciphers;
4169 if (conf_ciphers &&
4170 !SSL_CTX_set_cipher_list(ctx, conf_ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004171 ha_alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
4172 curproxy->id, conf_ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004173 cfgerr++;
4174 }
4175
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004176#ifndef OPENSSL_NO_DH
Remi Gacogne47783ef2015-05-29 15:53:22 +02004177 /* If tune.ssl.default-dh-param has not been set,
4178 neither has ssl-default-dh-file and no static DH
4179 params were in the certificate file. */
Willy Tarreauef934602016-12-22 23:12:01 +01004180 if (global_ssl.default_dh_param == 0 &&
Remi Gacogne47783ef2015-05-29 15:53:22 +02004181 global_dh == NULL &&
Remi Gacogne4f902b82015-05-28 16:23:00 +02004182 (ssl_dh_ptr_index == -1 ||
4183 SSL_CTX_get_ex_data(ctx, ssl_dh_ptr_index) == NULL)) {
Emmanuel Hocdetcc6c2a22017-03-03 17:04:14 +01004184 STACK_OF(SSL_CIPHER) * ciphers = NULL;
4185 const SSL_CIPHER * cipher = NULL;
4186 char cipher_description[128];
4187 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
4188 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
4189 which is not ephemeral DH. */
4190 const char dhe_description[] = " Kx=DH ";
4191 const char dhe_export_description[] = " Kx=DH(";
4192 int idx = 0;
4193 int dhe_found = 0;
4194 SSL *ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004195
Remi Gacogne23d5d372014-10-10 17:04:26 +02004196 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004197
Remi Gacogne23d5d372014-10-10 17:04:26 +02004198 if (ssl) {
4199 ciphers = SSL_get_ciphers(ssl);
4200
4201 if (ciphers) {
4202 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
4203 cipher = sk_SSL_CIPHER_value(ciphers, idx);
4204 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
4205 if (strstr(cipher_description, dhe_description) != NULL ||
4206 strstr(cipher_description, dhe_export_description) != NULL) {
4207 dhe_found = 1;
4208 break;
4209 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02004210 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004211 }
4212 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02004213 SSL_free(ssl);
4214 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02004215 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004216
Lukas Tribus90132722014-08-18 00:56:33 +02004217 if (dhe_found) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004218 ha_warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004219 }
4220
Willy Tarreauef934602016-12-22 23:12:01 +01004221 global_ssl.default_dh_param = 1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004222 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004223
Willy Tarreauef934602016-12-22 23:12:01 +01004224 if (global_ssl.default_dh_param >= 1024) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004225 if (local_dh_1024 == NULL) {
4226 local_dh_1024 = ssl_get_dh_1024();
4227 }
Willy Tarreauef934602016-12-22 23:12:01 +01004228 if (global_ssl.default_dh_param >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004229 if (local_dh_2048 == NULL) {
4230 local_dh_2048 = ssl_get_dh_2048();
4231 }
Willy Tarreauef934602016-12-22 23:12:01 +01004232 if (global_ssl.default_dh_param >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02004233 if (local_dh_4096 == NULL) {
4234 local_dh_4096 = ssl_get_dh_4096();
4235 }
Remi Gacogne8de54152014-07-15 11:36:40 +02004236 }
4237 }
4238 }
4239#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02004240
Emeric Brunfc0421f2012-09-07 17:30:07 +02004241 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004242#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02004243 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02004244#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02004245
Bernard Spil13c53f82018-02-15 13:34:58 +01004246#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004247 ssl_conf_cur = NULL;
4248 if (ssl_conf && ssl_conf->npn_str)
4249 ssl_conf_cur = ssl_conf;
4250 else if (bind_conf->ssl_conf.npn_str)
4251 ssl_conf_cur = &bind_conf->ssl_conf;
4252 if (ssl_conf_cur)
4253 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, ssl_conf_cur);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004254#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004255#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004256 ssl_conf_cur = NULL;
4257 if (ssl_conf && ssl_conf->alpn_str)
4258 ssl_conf_cur = ssl_conf;
4259 else if (bind_conf->ssl_conf.alpn_str)
4260 ssl_conf_cur = &bind_conf->ssl_conf;
4261 if (ssl_conf_cur)
4262 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, ssl_conf_cur);
Willy Tarreauab861d32013-04-02 02:30:41 +02004263#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004264#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
4265 conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
4266 if (conf_curves) {
4267 if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004268 ha_alert("Proxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
4269 curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004270 cfgerr++;
4271 }
Emmanuel Hocdeta52bb152017-03-20 11:11:49 +01004272#if defined(SSL_CTX_set_ecdh_auto)
4273 (void)SSL_CTX_set_ecdh_auto(ctx, 1);
4274#endif
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004275 }
4276#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004277#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01004278 if (!conf_curves) {
Emeric Brun2b58d042012-09-20 17:10:03 +02004279 int i;
4280 EC_KEY *ecdh;
Olivier Houchardc2aae742017-09-22 18:26:28 +02004281#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004282 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
Olivier Houchardc2aae742017-09-22 18:26:28 +02004283 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4284 NULL);
4285
4286 if (ecdhe == NULL) {
4287 SSL_CTX_set_dh_auto(ctx, 1);
4288 return cfgerr;
4289 }
4290#else
4291 const char *ecdhe = (ssl_conf && ssl_conf->ecdhe) ? ssl_conf->ecdhe :
4292 (bind_conf->ssl_conf.ecdhe ? bind_conf->ssl_conf.ecdhe :
4293 ECDHE_DEFAULT_CURVE);
4294#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02004295
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004296 i = OBJ_sn2nid(ecdhe);
Emeric Brun2b58d042012-09-20 17:10:03 +02004297 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004298 ha_alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
4299 curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02004300 cfgerr++;
4301 }
4302 else {
4303 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
4304 EC_KEY_free(ecdh);
4305 }
4306 }
4307#endif
4308
Emeric Brunfc0421f2012-09-07 17:30:07 +02004309 return cfgerr;
4310}
4311
Evan Broderbe554312013-06-27 00:05:25 -07004312static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
4313{
4314 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
4315 size_t prefixlen, suffixlen;
4316
4317 /* Trivial case */
4318 if (strcmp(pattern, hostname) == 0)
4319 return 1;
4320
Evan Broderbe554312013-06-27 00:05:25 -07004321 /* The rest of this logic is based on RFC 6125, section 6.4.3
4322 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
4323
Emeric Bruna848dae2013-10-08 11:27:28 +02004324 pattern_wildcard = NULL;
4325 pattern_left_label_end = pattern;
4326 while (*pattern_left_label_end != '.') {
4327 switch (*pattern_left_label_end) {
4328 case 0:
4329 /* End of label not found */
4330 return 0;
4331 case '*':
4332 /* If there is more than one wildcards */
4333 if (pattern_wildcard)
4334 return 0;
4335 pattern_wildcard = pattern_left_label_end;
4336 break;
4337 }
4338 pattern_left_label_end++;
4339 }
4340
4341 /* If it's not trivial and there is no wildcard, it can't
4342 * match */
4343 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07004344 return 0;
4345
4346 /* Make sure all labels match except the leftmost */
4347 hostname_left_label_end = strchr(hostname, '.');
4348 if (!hostname_left_label_end
4349 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
4350 return 0;
4351
4352 /* Make sure the leftmost label of the hostname is long enough
4353 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02004354 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07004355 return 0;
4356
4357 /* Finally compare the string on either side of the
4358 * wildcard */
4359 prefixlen = pattern_wildcard - pattern;
4360 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02004361 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
4362 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07004363 return 0;
4364
4365 return 1;
4366}
4367
4368static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
4369{
4370 SSL *ssl;
4371 struct connection *conn;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004372 const char *servername;
Willy Tarreau71d058c2017-07-26 20:09:56 +02004373 const char *sni;
Evan Broderbe554312013-06-27 00:05:25 -07004374
4375 int depth;
4376 X509 *cert;
4377 STACK_OF(GENERAL_NAME) *alt_names;
4378 int i;
4379 X509_NAME *cert_subject;
4380 char *str;
4381
4382 if (ok == 0)
4383 return ok;
4384
4385 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004386 conn = SSL_get_ex_data(ssl, ssl_app_data_index);
Evan Broderbe554312013-06-27 00:05:25 -07004387
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004388 /* We're checking if the provided hostnames match the desired one. The
4389 * desired hostname comes from the SNI we presented if any, or if not
4390 * provided then it may have been explicitly stated using a "verifyhost"
4391 * directive. If neither is set, we don't care about the name so the
4392 * verification is OK.
Willy Tarreau2ab88672017-07-05 18:23:03 +02004393 */
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004394 servername = SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau71d058c2017-07-26 20:09:56 +02004395 sni = servername;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004396 if (!servername) {
Willy Tarreauad92a9a2017-07-28 11:38:41 +02004397 servername = objt_server(conn->target)->ssl_ctx.verify_host;
Willy Tarreau2ab88672017-07-05 18:23:03 +02004398 if (!servername)
4399 return ok;
4400 }
Evan Broderbe554312013-06-27 00:05:25 -07004401
4402 /* We only need to verify the CN on the actual server cert,
4403 * not the indirect CAs */
4404 depth = X509_STORE_CTX_get_error_depth(ctx);
4405 if (depth != 0)
4406 return ok;
4407
4408 /* At this point, the cert is *not* OK unless we can find a
4409 * hostname match */
4410 ok = 0;
4411
4412 cert = X509_STORE_CTX_get_current_cert(ctx);
4413 /* It seems like this might happen if verify peer isn't set */
4414 if (!cert)
4415 return ok;
4416
4417 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
4418 if (alt_names) {
4419 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
4420 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
4421 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004422#if OPENSSL_VERSION_NUMBER < 0x00907000L
4423 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
4424#else
Evan Broderbe554312013-06-27 00:05:25 -07004425 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02004426#endif
Evan Broderbe554312013-06-27 00:05:25 -07004427 ok = ssl_sock_srv_hostcheck(str, servername);
4428 OPENSSL_free(str);
4429 }
4430 }
4431 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02004432 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07004433 }
4434
4435 cert_subject = X509_get_subject_name(cert);
4436 i = -1;
4437 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
4438 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02004439 ASN1_STRING *value;
4440 value = X509_NAME_ENTRY_get_data(entry);
4441 if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
Evan Broderbe554312013-06-27 00:05:25 -07004442 ok = ssl_sock_srv_hostcheck(str, servername);
4443 OPENSSL_free(str);
4444 }
4445 }
4446
Willy Tarreau71d058c2017-07-26 20:09:56 +02004447 /* report the mismatch and indicate if SNI was used or not */
4448 if (!ok && !conn->err_code)
4449 conn->err_code = sni ? CO_ER_SSL_MISMATCH_SNI : CO_ER_SSL_MISMATCH;
Evan Broderbe554312013-06-27 00:05:25 -07004450 return ok;
4451}
4452
Emeric Brun94324a42012-10-11 14:00:19 +02004453/* prepare ssl context from servers options. Returns an error count */
Willy Tarreau03209342016-12-22 17:08:28 +01004454int ssl_sock_prepare_srv_ctx(struct server *srv)
Emeric Brun94324a42012-10-11 14:00:19 +02004455{
Willy Tarreau03209342016-12-22 17:08:28 +01004456 struct proxy *curproxy = srv->proxy;
Emeric Brun94324a42012-10-11 14:00:19 +02004457 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004458 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02004459 SSL_OP_ALL | /* all known workarounds for bugs */
4460 SSL_OP_NO_SSLv2 |
4461 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02004462 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02004463 SSL_MODE_ENABLE_PARTIAL_WRITE |
4464 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01004465 SSL_MODE_RELEASE_BUFFERS |
4466 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01004467 int verify = SSL_VERIFY_NONE;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004468 SSL_CTX *ctx = NULL;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004469 struct tls_version_filter *conf_ssl_methods = &srv->ssl_ctx.methods;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004470 int i, min, max, hole;
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004471 int flags = MC_SSL_O_ALL;
Emeric Brun94324a42012-10-11 14:00:19 +02004472
Thierry Fournier383085f2013-01-24 14:15:43 +01004473 /* Make sure openssl opens /dev/urandom before the chroot */
4474 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004475 ha_alert("OpenSSL random data generator initialization failed.\n");
Thierry Fournier383085f2013-01-24 14:15:43 +01004476 cfgerr++;
4477 }
4478
Willy Tarreaufce03112015-01-15 21:32:40 +01004479 /* Automatic memory computations need to know we use SSL there */
4480 global.ssl_used_backend = 1;
4481
4482 /* Initiate SSL context for current server */
Emeric Brun821bb9b2017-06-15 16:37:39 +02004483 if (!srv->ssl_ctx.reused_sess) {
Olivier Houcharde6060c52017-11-16 17:42:52 +01004484 if ((srv->ssl_ctx.reused_sess = calloc(1, global.nbthread*sizeof(*srv->ssl_ctx.reused_sess))) == NULL) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004485 ha_alert("Proxy '%s', server '%s' [%s:%d] out of memory.\n",
4486 curproxy->id, srv->id,
4487 srv->conf.file, srv->conf.line);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004488 cfgerr++;
4489 return cfgerr;
4490 }
4491 }
Emeric Brun94324a42012-10-11 14:00:19 +02004492 if (srv->use_ssl)
4493 srv->xprt = &ssl_sock;
4494 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01004495 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02004496
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004497 ctx = SSL_CTX_new(SSLv23_client_method());
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004498 if (!ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004499 ha_alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
4500 proxy_type_str(curproxy), curproxy->id,
4501 srv->id);
Emeric Brun94324a42012-10-11 14:00:19 +02004502 cfgerr++;
4503 return cfgerr;
4504 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004505
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004506 if (conf_ssl_methods->flags && (conf_ssl_methods->min || conf_ssl_methods->max))
Christopher Faulet767a84b2017-11-24 16:50:31 +01004507 ha_warning("config : %s '%s': no-sslv3/no-tlsv1x are ignored for server '%s'. "
4508 "Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4509 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004510 else
4511 flags = conf_ssl_methods->flags;
4512
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004513 /* Real min and max should be determinate with configuration and openssl's capabilities */
4514 if (conf_ssl_methods->min)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004515 flags |= (methodVersions[conf_ssl_methods->min].flag - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004516 if (conf_ssl_methods->max)
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004517 flags |= ~((methodVersions[conf_ssl_methods->max].flag << 1) - 1);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004518
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004519 /* find min, max and holes */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004520 min = max = CONF_TLSV_NONE;
4521 hole = 0;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004522 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004523 /* version is in openssl && version not disable in configuration */
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004524 if (methodVersions[i].option && !(flags & methodVersions[i].flag)) {
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004525 if (min) {
4526 if (hole) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004527 ha_warning("config : %s '%s': SSL/TLS versions range not contiguous for server '%s'. "
4528 "Hole find for %s. Use only 'ssl-min-ver' and 'ssl-max-ver' to fix.\n",
4529 proxy_type_str(curproxy), curproxy->id, srv->id,
4530 methodVersions[hole].name);
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004531 hole = 0;
4532 }
4533 max = i;
4534 }
4535 else {
4536 min = max = i;
4537 }
4538 }
4539 else {
4540 if (min)
4541 hole = i;
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004542 }
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004543 if (!min) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004544 ha_alert("config : %s '%s': all SSL/TLS versions are disabled for server '%s'.\n",
4545 proxy_type_str(curproxy), curproxy->id, srv->id);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004546 cfgerr += 1;
4547 }
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004548
Emmanuel Hocdet019f9b12017-10-02 17:12:06 +02004549#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004550 /* Keep force-xxx implementation as it is in older haproxy. It's a
4551 precautionary measure to avoid any suprise with older openssl version. */
4552 if (min == max)
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004553 methodVersions[min].ctx_set_version(ctx, SET_CLIENT);
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004554 else
4555 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
4556 if (flags & methodVersions[i].flag)
4557 options |= methodVersions[i].option;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004558#else /* openssl >= 1.1.0 */
Emmanuel Hocdetb4e9ba42017-03-30 19:25:07 +02004559 /* set the max_version is required to cap TLS version or activate new TLS (v1.3) */
Emmanuel Hocdet4aa615f2017-05-18 12:33:19 +02004560 methodVersions[min].ctx_set_version(ctx, SET_MIN);
4561 methodVersions[max].ctx_set_version(ctx, SET_MAX);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02004562#endif
4563
4564 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
4565 options |= SSL_OP_NO_TICKET;
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004566 SSL_CTX_set_options(ctx, options);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004567
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02004568#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00004569 if (global_ssl.async)
4570 mode |= SSL_MODE_ASYNC;
4571#endif
Emmanuel Hocdet4de1ff12017-03-03 12:21:32 +01004572 SSL_CTX_set_mode(ctx, mode);
4573 srv->ssl_ctx.ctx = ctx;
4574
Emeric Bruna7aa3092012-10-26 12:58:00 +02004575 if (srv->ssl_ctx.client_crt) {
4576 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004577 ha_alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
4578 proxy_type_str(curproxy), curproxy->id,
4579 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004580 cfgerr++;
4581 }
4582 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004583 ha_alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
4584 proxy_type_str(curproxy), curproxy->id,
4585 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004586 cfgerr++;
4587 }
4588 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004589 ha_alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
4590 proxy_type_str(curproxy), curproxy->id,
4591 srv->id, srv->ssl_ctx.client_crt);
Emeric Bruna7aa3092012-10-26 12:58:00 +02004592 cfgerr++;
4593 }
4594 }
Emeric Brun94324a42012-10-11 14:00:19 +02004595
Emeric Brun850efd52014-01-29 12:24:34 +01004596 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
4597 verify = SSL_VERIFY_PEER;
Emeric Brun850efd52014-01-29 12:24:34 +01004598 switch (srv->ssl_ctx.verify) {
4599 case SSL_SOCK_VERIFY_NONE:
4600 verify = SSL_VERIFY_NONE;
4601 break;
4602 case SSL_SOCK_VERIFY_REQUIRED:
4603 verify = SSL_VERIFY_PEER;
4604 break;
4605 }
Evan Broderbe554312013-06-27 00:05:25 -07004606 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01004607 verify,
Willy Tarreau2ab88672017-07-05 18:23:03 +02004608 (srv->ssl_ctx.verify_host || (verify & SSL_VERIFY_PEER)) ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01004609 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02004610 if (srv->ssl_ctx.ca_file) {
4611 /* load CAfile to verify */
4612 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004613 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
4614 curproxy->id, srv->id,
4615 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004616 cfgerr++;
4617 }
4618 }
Emeric Brun850efd52014-01-29 12:24:34 +01004619 else {
4620 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Christopher Faulet767a84b2017-11-24 16:50:31 +01004621 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
4622 curproxy->id, srv->id,
4623 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004624 else
Christopher Faulet767a84b2017-11-24 16:50:31 +01004625 ha_alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
4626 curproxy->id, srv->id,
4627 srv->conf.file, srv->conf.line);
Emeric Brun850efd52014-01-29 12:24:34 +01004628 cfgerr++;
4629 }
Emeric Brunef42d922012-10-11 16:11:36 +02004630#ifdef X509_V_FLAG_CRL_CHECK
4631 if (srv->ssl_ctx.crl_file) {
4632 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
4633
4634 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004635 ha_alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
4636 curproxy->id, srv->id,
4637 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
Emeric Brunef42d922012-10-11 16:11:36 +02004638 cfgerr++;
4639 }
4640 else {
4641 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
4642 }
4643 }
4644#endif
4645 }
4646
Olivier Houchardbd84ac82017-11-03 13:43:35 +01004647 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_CLIENT |
4648 SSL_SESS_CACHE_NO_INTERNAL_STORE);
4649 SSL_CTX_sess_set_new_cb(srv->ssl_ctx.ctx, ssl_sess_new_srv_cb);
Emeric Brun94324a42012-10-11 14:00:19 +02004650 if (srv->ssl_ctx.ciphers &&
4651 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004652 ha_alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
4653 curproxy->id, srv->id,
4654 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
Emeric Brun94324a42012-10-11 14:00:19 +02004655 cfgerr++;
4656 }
4657
4658 return cfgerr;
4659}
4660
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004661/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004662 * be NULL, in which case nothing is done. Returns the number of errors
4663 * encountered.
4664 */
Willy Tarreau03209342016-12-22 17:08:28 +01004665int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004666{
4667 struct ebmb_node *node;
4668 struct sni_ctx *sni;
4669 int err = 0;
4670
Willy Tarreaufce03112015-01-15 21:32:40 +01004671 /* Automatic memory computations need to know we use SSL there */
4672 global.ssl_used_frontend = 1;
4673
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004674 /* Make sure openssl opens /dev/urandom before the chroot */
4675 if (!ssl_initialize_random()) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004676 ha_alert("OpenSSL random data generator initialization failed.\n");
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004677 err++;
4678 }
4679 /* Create initial_ctx used to start the ssl connection before do switchctx */
4680 if (!bind_conf->initial_ctx) {
Emmanuel Hocdetabd32332017-05-05 18:06:12 +02004681 err += ssl_sock_initial_ctx(bind_conf);
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004682 /* It should not be necessary to call this function, but it's
4683 necessary first to check and move all initialisation related
4684 to initial_ctx in ssl_sock_initial_ctx. */
4685 err += ssl_sock_prepare_ctx(bind_conf, NULL, bind_conf->initial_ctx);
4686 }
Emeric Brun0bed9942014-10-30 19:25:24 +01004687 if (bind_conf->default_ctx)
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004688 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ssl_conf, bind_conf->default_ctx);
Emeric Brun0bed9942014-10-30 19:25:24 +01004689
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004690 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004691 while (node) {
4692 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004693 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4694 /* only initialize the CTX on its first occurrence and
4695 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004696 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004697 node = ebmb_next(node);
4698 }
4699
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004700 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004701 while (node) {
4702 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01004703 if (!sni->order && sni->ctx != bind_conf->default_ctx)
4704 /* only initialize the CTX on its first occurrence and
4705 if it is not the default_ctx */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004706 err += ssl_sock_prepare_ctx(bind_conf, sni->conf, sni->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004707 node = ebmb_next(node);
4708 }
4709 return err;
4710}
4711
Willy Tarreau55d37912016-12-21 23:38:39 +01004712/* Prepares all the contexts for a bind_conf and allocates the shared SSL
4713 * context if needed. Returns < 0 on error, 0 on success. The warnings and
4714 * alerts are directly emitted since the rest of the stack does it below.
4715 */
4716int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
4717{
4718 struct proxy *px = bind_conf->frontend;
4719 int alloc_ctx;
4720 int err;
4721
4722 if (!bind_conf->is_ssl) {
4723 if (bind_conf->default_ctx) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004724 ha_warning("Proxy '%s': A certificate was specified but SSL was not enabled on bind '%s' at [%s:%d] (use 'ssl').\n",
4725 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Willy Tarreau55d37912016-12-21 23:38:39 +01004726 }
4727 return 0;
4728 }
4729 if (!bind_conf->default_ctx) {
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004730 if (bind_conf->strict_sni && !bind_conf->generate_certs) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004731 ha_warning("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d], ssl connections will fail (use 'crt').\n",
4732 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004733 }
4734 else {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004735 ha_alert("Proxy '%s': no SSL certificate specified for bind '%s' at [%s:%d] (use 'crt').\n",
4736 px->id, bind_conf->arg, bind_conf->file, bind_conf->line);
Emmanuel Hocdetaa0d6372017-08-09 11:24:25 +02004737 return -1;
4738 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004739 }
William Lallemandc61c0b32017-12-04 18:46:39 +01004740 if (!ssl_shctx && global.tune.sslcachesize) {
William Lallemandc3cd35f2017-11-28 11:04:43 +01004741 alloc_ctx = shctx_init(&ssl_shctx, global.tune.sslcachesize,
4742 sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE,
4743 sizeof(*sh_ssl_sess_tree),
4744 ((global.nbthread > 1) || (!global_ssl.private_cache && (global.nbproc > 1))) ? 1 : 0);
4745 if (alloc_ctx < 0) {
4746 if (alloc_ctx == SHCTX_E_INIT_LOCK)
4747 ha_alert("Unable to initialize the lock for the shared SSL session cache. You can retry using the global statement 'tune.ssl.force-private-cache' but it could increase CPU usage due to renegotiations if nbproc > 1.\n");
4748 else
4749 ha_alert("Unable to allocate SSL session cache.\n");
4750 return -1;
4751 }
4752 /* free block callback */
4753 ssl_shctx->free_block = sh_ssl_sess_free_blocks;
4754 /* init the root tree within the extra space */
4755 sh_ssl_sess_tree = (void *)ssl_shctx + sizeof(struct shared_context);
4756 *sh_ssl_sess_tree = EB_ROOT_UNIQUE;
Willy Tarreau55d37912016-12-21 23:38:39 +01004757 }
Willy Tarreau55d37912016-12-21 23:38:39 +01004758 err = 0;
4759 /* initialize all certificate contexts */
4760 err += ssl_sock_prepare_all_ctx(bind_conf);
4761
4762 /* initialize CA variables if the certificates generation is enabled */
4763 err += ssl_sock_load_ca(bind_conf);
4764
4765 return -err;
4766}
Christopher Faulet77fe80c2015-07-29 13:02:40 +02004767
4768/* release ssl context allocated for servers. */
4769void ssl_sock_free_srv_ctx(struct server *srv)
4770{
4771 if (srv->ssl_ctx.ctx)
4772 SSL_CTX_free(srv->ssl_ctx.ctx);
4773}
4774
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004775/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02004776 * be NULL, in which case nothing is done. The default_ctx is nullified too.
4777 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004778void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02004779{
4780 struct ebmb_node *node, *back;
4781 struct sni_ctx *sni;
4782
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004783 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004784 while (node) {
4785 sni = ebmb_entry(node, struct sni_ctx, name);
4786 back = ebmb_next(node);
4787 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004788 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004789 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004790 ssl_sock_free_ssl_conf(sni->conf);
4791 free(sni->conf);
4792 sni->conf = NULL;
4793 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004794 free(sni);
4795 node = back;
4796 }
4797
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004798 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02004799 while (node) {
4800 sni = ebmb_entry(node, struct sni_ctx, name);
4801 back = ebmb_next(node);
4802 ebmb_delete(node);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004803 if (!sni->order) { /* only free the CTX on its first occurrence */
Emeric Brunfc0421f2012-09-07 17:30:07 +02004804 SSL_CTX_free(sni->ctx);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004805 ssl_sock_free_ssl_conf(sni->conf);
4806 free(sni->conf);
4807 sni->conf = NULL;
4808 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02004809 free(sni);
4810 node = back;
4811 }
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004812 SSL_CTX_free(bind_conf->initial_ctx);
4813 bind_conf->initial_ctx = NULL;
Willy Tarreau2a65ff02012-09-13 17:54:29 +02004814 bind_conf->default_ctx = NULL;
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004815 bind_conf->default_ssl_conf = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02004816}
4817
Willy Tarreau795cdab2016-12-22 17:30:54 +01004818/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
4819void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
4820{
4821 ssl_sock_free_ca(bind_conf);
4822 ssl_sock_free_all_ctx(bind_conf);
Emmanuel Hocdet98263292016-12-29 18:26:15 +01004823 ssl_sock_free_ssl_conf(&bind_conf->ssl_conf);
Willy Tarreau795cdab2016-12-22 17:30:54 +01004824 free(bind_conf->ca_sign_file);
4825 free(bind_conf->ca_sign_pass);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02004826 if (bind_conf->keys_ref && !--bind_conf->keys_ref->refcount) {
Willy Tarreau795cdab2016-12-22 17:30:54 +01004827 free(bind_conf->keys_ref->filename);
4828 free(bind_conf->keys_ref->tlskeys);
4829 LIST_DEL(&bind_conf->keys_ref->list);
4830 free(bind_conf->keys_ref);
4831 }
4832 bind_conf->keys_ref = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004833 bind_conf->ca_sign_pass = NULL;
4834 bind_conf->ca_sign_file = NULL;
Willy Tarreau795cdab2016-12-22 17:30:54 +01004835}
4836
Christopher Faulet31af49d2015-06-09 17:29:50 +02004837/* Load CA cert file and private key used to generate certificates */
4838int
Willy Tarreau03209342016-12-22 17:08:28 +01004839ssl_sock_load_ca(struct bind_conf *bind_conf)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004840{
Willy Tarreau03209342016-12-22 17:08:28 +01004841 struct proxy *px = bind_conf->frontend;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004842 FILE *fp;
4843 X509 *cacert = NULL;
4844 EVP_PKEY *capkey = NULL;
4845 int err = 0;
4846
Christopher Fauletf8bb0ce2017-09-15 09:52:49 +02004847 if (!bind_conf->generate_certs)
Christopher Faulet31af49d2015-06-09 17:29:50 +02004848 return err;
4849
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01004850#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02004851 if (global_ssl.ctx_cache) {
Willy Tarreauef934602016-12-22 23:12:01 +01004852 ssl_ctx_lru_tree = lru64_new(global_ssl.ctx_cache);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01004853 HA_RWLOCK_INIT(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004854 }
Christopher Fauletd2cab922015-07-28 16:03:47 +02004855 ssl_ctx_lru_seed = (unsigned int)time(NULL);
Emeric Brun821bb9b2017-06-15 16:37:39 +02004856 ssl_ctx_serial = now_ms;
Willy Tarreaua84c2672015-10-09 12:10:13 +02004857#endif
Christopher Fauletd2cab922015-07-28 16:03:47 +02004858
Christopher Faulet31af49d2015-06-09 17:29:50 +02004859 if (!bind_conf->ca_sign_file) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004860 ha_alert("Proxy '%s': cannot enable certificate generation, "
4861 "no CA certificate File configured at [%s:%d].\n",
4862 px->id, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004863 goto load_error;
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004864 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004865
4866 /* read in the CA certificate */
4867 if (!(fp = fopen(bind_conf->ca_sign_file, "r"))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004868 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4869 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004870 goto load_error;
4871 }
4872 if (!(cacert = PEM_read_X509(fp, NULL, NULL, NULL))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004873 ha_alert("Proxy '%s': Failed to read CA certificate file '%s' at [%s:%d].\n",
4874 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004875 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004876 }
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004877 rewind(fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004878 if (!(capkey = PEM_read_PrivateKey(fp, NULL, NULL, bind_conf->ca_sign_pass))) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01004879 ha_alert("Proxy '%s': Failed to read CA private key file '%s' at [%s:%d].\n",
4880 px->id, bind_conf->ca_sign_file, bind_conf->file, bind_conf->line);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004881 goto read_error;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004882 }
Christopher Faulet31af49d2015-06-09 17:29:50 +02004883
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004884 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004885 bind_conf->ca_sign_cert = cacert;
4886 bind_conf->ca_sign_pkey = capkey;
4887 return err;
4888
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004889 read_error:
4890 fclose (fp);
Christopher Faulet31af49d2015-06-09 17:29:50 +02004891 if (capkey) EVP_PKEY_free(capkey);
4892 if (cacert) X509_free(cacert);
Christopher Fauletc6f02fb2015-10-09 10:53:31 +02004893 load_error:
4894 bind_conf->generate_certs = 0;
4895 err++;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004896 return err;
4897}
4898
4899/* Release CA cert and private key used to generate certificated */
4900void
4901ssl_sock_free_ca(struct bind_conf *bind_conf)
4902{
Christopher Faulet31af49d2015-06-09 17:29:50 +02004903 if (bind_conf->ca_sign_pkey)
4904 EVP_PKEY_free(bind_conf->ca_sign_pkey);
4905 if (bind_conf->ca_sign_cert)
4906 X509_free(bind_conf->ca_sign_cert);
Willy Tarreau94ff03a2016-12-22 17:57:46 +01004907 bind_conf->ca_sign_pkey = NULL;
4908 bind_conf->ca_sign_cert = NULL;
Christopher Faulet31af49d2015-06-09 17:29:50 +02004909}
4910
Emeric Brun46591952012-05-18 15:47:34 +02004911/*
4912 * This function is called if SSL * context is not yet allocated. The function
4913 * is designed to be called before any other data-layer operation and sets the
4914 * handshake flag on the connection. It is safe to call it multiple times.
4915 * It returns 0 on success and -1 in error case.
4916 */
4917static int ssl_sock_init(struct connection *conn)
4918{
4919 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02004920 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02004921 return 0;
4922
Willy Tarreau3c728722014-01-23 13:50:42 +01004923 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02004924 return 0;
4925
Willy Tarreau20879a02012-12-03 16:32:10 +01004926 if (global.maxsslconn && sslconns >= global.maxsslconn) {
4927 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02004928 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004929 }
Willy Tarreau403edff2012-09-06 11:58:37 +02004930
Emeric Brun46591952012-05-18 15:47:34 +02004931 /* If it is in client mode initiate SSL session
4932 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004933 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004934 int may_retry = 1;
4935
4936 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02004937 /* Alloc a new SSL session ctx */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004938 conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004939 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004940 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004941 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004942 goto retry_connect;
4943 }
Willy Tarreau20879a02012-12-03 16:32:10 +01004944 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02004945 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01004946 }
Emeric Brun46591952012-05-18 15:47:34 +02004947
Emeric Brun46591952012-05-18 15:47:34 +02004948 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02004949 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01004950 SSL_free(conn->xprt_ctx);
4951 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004952 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004953 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004954 goto retry_connect;
4955 }
Emeric Brun55476152014-11-12 17:35:37 +01004956 conn->err_code = CO_ER_SSL_NO_MEM;
4957 return -1;
4958 }
Emeric Brun46591952012-05-18 15:47:34 +02004959
Evan Broderbe554312013-06-27 00:05:25 -07004960 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02004961 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01004962 SSL_free(conn->xprt_ctx);
4963 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004964 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01004965 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004966 goto retry_connect;
4967 }
Emeric Brun55476152014-11-12 17:35:37 +01004968 conn->err_code = CO_ER_SSL_NO_MEM;
4969 return -1;
4970 }
4971
4972 SSL_set_connect_state(conn->xprt_ctx);
Olivier Houcharde6060c52017-11-16 17:42:52 +01004973 if (objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
4974 const unsigned char *ptr = objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr;
4975 SSL_SESSION *sess = d2i_SSL_SESSION(NULL, &ptr, objt_server(conn->target)->ssl_ctx.reused_sess[tid].size);
4976 if(sess && !SSL_set_session(conn->xprt_ctx, sess)) {
4977 SSL_SESSION_free(sess);
4978 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
4979 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
4980 } else if (sess) {
4981 SSL_SESSION_free(sess);
Emeric Brun55476152014-11-12 17:35:37 +01004982 }
4983 }
Evan Broderbe554312013-06-27 00:05:25 -07004984
Emeric Brun46591952012-05-18 15:47:34 +02004985 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02004986 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02004987
4988 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01004989 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02004990 return 0;
4991 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01004992 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004993 int may_retry = 1;
4994
4995 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02004996 /* Alloc a new SSL session ctx */
Emmanuel Hocdetf6b37c62017-03-06 15:34:44 +01004997 conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->initial_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01004998 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01004999 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005000 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005001 goto retry_accept;
5002 }
Willy Tarreau20879a02012-12-03 16:32:10 +01005003 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02005004 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01005005 }
Emeric Brun46591952012-05-18 15:47:34 +02005006
Emeric Brun46591952012-05-18 15:47:34 +02005007 /* set fd on SSL session context */
Willy Tarreau585744b2017-08-24 14:31:19 +02005008 if (!SSL_set_fd(conn->xprt_ctx, conn->handle.fd)) {
Emeric Brun55476152014-11-12 17:35:37 +01005009 SSL_free(conn->xprt_ctx);
5010 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005011 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005012 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005013 goto retry_accept;
5014 }
Emeric Brun55476152014-11-12 17:35:37 +01005015 conn->err_code = CO_ER_SSL_NO_MEM;
5016 return -1;
5017 }
Emeric Brun46591952012-05-18 15:47:34 +02005018
Emeric Brune1f38db2012-09-03 20:36:47 +02005019 /* set connection pointer */
Thierry FOURNIER28962c92018-06-17 21:37:05 +02005020 if (!SSL_set_ex_data(conn->xprt_ctx, ssl_app_data_index, conn)) {
Emeric Brun55476152014-11-12 17:35:37 +01005021 SSL_free(conn->xprt_ctx);
5022 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005023 if (may_retry--) {
Willy Tarreaubafbe012017-11-24 17:34:44 +01005024 pool_gc(NULL);
Willy Tarreaufba03cd2014-11-13 13:48:58 +01005025 goto retry_accept;
5026 }
Emeric Brun55476152014-11-12 17:35:37 +01005027 conn->err_code = CO_ER_SSL_NO_MEM;
5028 return -1;
5029 }
5030
5031 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02005032
Emeric Brun46591952012-05-18 15:47:34 +02005033 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02005034 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005035#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005036 conn->flags |= CO_FL_EARLY_SSL_HS;
5037#endif
Willy Tarreau403edff2012-09-06 11:58:37 +02005038
5039 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01005040 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02005041 return 0;
5042 }
5043 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01005044 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02005045 return -1;
5046}
5047
5048
5049/* This is the callback which is used when an SSL handshake is pending. It
5050 * updates the FD status if it wants some polling before being called again.
5051 * It returns 0 if it fails in a fatal way or needs to poll to go further,
5052 * otherwise it returns non-zero and removes itself from the connection's
5053 * flags (the bit is provided in <flag> by the caller).
5054 */
5055int ssl_sock_handshake(struct connection *conn, unsigned int flag)
5056{
5057 int ret;
5058
Willy Tarreau3c728722014-01-23 13:50:42 +01005059 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02005060 return 0;
5061
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005062 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005063 goto out_error;
5064
Olivier Houchardc2aae742017-09-22 18:26:28 +02005065#if OPENSSL_VERSION_NUMBER >= 0x10101000L
5066 /*
5067 * Check if we have early data. If we do, we have to read them
5068 * before SSL_do_handshake() is called, And there's no way to
5069 * detect early data, except to try to read them
5070 */
5071 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5072 size_t read_data;
5073
5074 ret = SSL_read_early_data(conn->xprt_ctx, &conn->tmp_early_data,
5075 1, &read_data);
5076 if (ret == SSL_READ_EARLY_DATA_ERROR)
5077 goto check_error;
5078 if (ret == SSL_READ_EARLY_DATA_SUCCESS) {
5079 conn->flags &= ~(CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN);
5080 return 1;
5081 } else
5082 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5083 }
5084#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005085 /* If we use SSL_do_handshake to process a reneg initiated by
5086 * the remote peer, it sometimes returns SSL_ERROR_SSL.
5087 * Usually SSL_write and SSL_read are used and process implicitly
5088 * the reneg handshake.
5089 * Here we use SSL_peek as a workaround for reneg.
5090 */
5091 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
5092 char c;
5093
5094 ret = SSL_peek(conn->xprt_ctx, &c, 1);
5095 if (ret <= 0) {
5096 /* handshake may have not been completed, let's find why */
5097 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005098
Emeric Brun674b7432012-11-08 19:21:55 +01005099 if (ret == SSL_ERROR_WANT_WRITE) {
5100 /* SSL handshake needs to write, L4 connection may not be ready */
5101 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005102 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005103 fd_cant_send(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005104 return 0;
5105 }
5106 else if (ret == SSL_ERROR_WANT_READ) {
5107 /* handshake may have been completed but we have
5108 * no more data to read.
5109 */
5110 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
5111 ret = 1;
5112 goto reneg_ok;
5113 }
5114 /* SSL handshake needs to read, L4 connection is ready */
5115 if (conn->flags & CO_FL_WAIT_L4_CONN)
5116 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5117 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005118 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005119 fd_cant_recv(conn->handle.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01005120 return 0;
5121 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005122#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005123 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005124 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005125 return 0;
5126 }
5127#endif
Emeric Brun674b7432012-11-08 19:21:55 +01005128 else if (ret == SSL_ERROR_SYSCALL) {
5129 /* if errno is null, then connection was successfully established */
5130 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5131 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01005132 if (!conn->err_code) {
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005133#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5134 conn->err_code = CO_ER_SSL_HANDSHAKE;
5135#else
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005136 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005137#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005138 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5139 empty_handshake = state == TLS_ST_BEFORE;
5140#else
5141 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
5142#endif
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005143 if (empty_handshake) {
Emeric Brun29f037d2014-04-25 19:05:36 +02005144 if (!errno) {
5145 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5146 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5147 else
5148 conn->err_code = CO_ER_SSL_EMPTY;
5149 }
5150 else {
5151 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5152 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5153 else
5154 conn->err_code = CO_ER_SSL_ABORT;
5155 }
5156 }
5157 else {
5158 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5159 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01005160 else
Emeric Brun29f037d2014-04-25 19:05:36 +02005161 conn->err_code = CO_ER_SSL_HANDSHAKE;
5162 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005163#endif
Willy Tarreau20879a02012-12-03 16:32:10 +01005164 }
Emeric Brun674b7432012-11-08 19:21:55 +01005165 goto out_error;
5166 }
5167 else {
5168 /* Fail on all other handshake errors */
5169 /* Note: OpenSSL may leave unread bytes in the socket's
5170 * buffer, causing an RST to be emitted upon close() on
5171 * TCP sockets. We first try to drain possibly pending
5172 * data to avoid this as much as possible.
5173 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005174 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005175 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005176 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5177 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01005178 goto out_error;
5179 }
5180 }
5181 /* read some data: consider handshake completed */
5182 goto reneg_ok;
5183 }
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005184 ret = SSL_do_handshake(conn->xprt_ctx);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005185check_error:
Emeric Brun46591952012-05-18 15:47:34 +02005186 if (ret != 1) {
5187 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005188 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005189
5190 if (ret == SSL_ERROR_WANT_WRITE) {
5191 /* SSL handshake needs to write, L4 connection may not be ready */
5192 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005193 __conn_sock_want_send(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005194 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005195 return 0;
5196 }
5197 else if (ret == SSL_ERROR_WANT_READ) {
5198 /* SSL handshake needs to read, L4 connection is ready */
5199 if (conn->flags & CO_FL_WAIT_L4_CONN)
5200 conn->flags &= ~CO_FL_WAIT_L4_CONN;
5201 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01005202 __conn_sock_want_recv(conn);
Willy Tarreau585744b2017-08-24 14:31:19 +02005203 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005204 return 0;
5205 }
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005206#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005207 else if (ret == SSL_ERROR_WANT_ASYNC) {
Emeric Brun3854e012017-05-17 20:42:48 +02005208 ssl_async_process_fds(conn, conn->xprt_ctx);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005209 return 0;
5210 }
5211#endif
Willy Tarreau89230192012-09-28 20:22:13 +02005212 else if (ret == SSL_ERROR_SYSCALL) {
5213 /* if errno is null, then connection was successfully established */
5214 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
5215 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005216 if (!conn->err_code) {
5217#ifdef OPENSSL_NO_HEARTBEATS /* BoringSSL */
5218 conn->err_code = CO_ER_SSL_HANDSHAKE;
5219#else
5220 int empty_handshake;
Luca Pizzamiglio578b1692016-12-12 10:56:56 +01005221#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(LIBRESSL_VERSION_NUMBER)
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005222 OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
5223 empty_handshake = state == TLS_ST_BEFORE;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005224#else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005225 empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005226#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005227 if (empty_handshake) {
5228 if (!errno) {
5229 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5230 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5231 else
5232 conn->err_code = CO_ER_SSL_EMPTY;
5233 }
5234 else {
5235 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5236 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5237 else
5238 conn->err_code = CO_ER_SSL_ABORT;
5239 }
Emeric Brun29f037d2014-04-25 19:05:36 +02005240 }
5241 else {
5242 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
5243 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
5244 else
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005245 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun29f037d2014-04-25 19:05:36 +02005246 }
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01005247#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02005248 }
Willy Tarreau89230192012-09-28 20:22:13 +02005249 goto out_error;
5250 }
Emeric Brun46591952012-05-18 15:47:34 +02005251 else {
5252 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02005253 /* Note: OpenSSL may leave unread bytes in the socket's
5254 * buffer, causing an RST to be emitted upon close() on
5255 * TCP sockets. We first try to drain possibly pending
5256 * data to avoid this as much as possible.
5257 */
Willy Tarreaud85c4852015-03-13 00:40:28 +01005258 conn_sock_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01005259 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02005260 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
5261 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005262 goto out_error;
5263 }
5264 }
Olivier Houchard522eea72017-11-03 16:27:47 +01005265#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5266 else {
5267 /*
5268 * If the server refused the early data, we have to send a
5269 * 425 to the client, as we no longer have the data to sent
5270 * them again.
5271 */
5272 if ((conn->flags & CO_FL_EARLY_DATA) && (objt_server(conn->target))) {
5273 if (SSL_get_early_data_status(conn->xprt_ctx) == SSL_EARLY_DATA_REJECTED) {
5274 conn->err_code = CO_ER_SSL_EARLY_FAILED;
5275 goto out_error;
5276 }
5277 }
5278 }
5279#endif
5280
Emeric Brun46591952012-05-18 15:47:34 +02005281
Emeric Brun674b7432012-11-08 19:21:55 +01005282reneg_ok:
Emeric Brunb5e42a82017-06-06 12:35:14 +00005283
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005284#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005285 /* ASYNC engine API doesn't support moving read/write
5286 * buffers. So we disable ASYNC mode right after
5287 * the handshake to avoid buffer oveflows.
5288 */
5289 if (global_ssl.async)
5290 SSL_clear_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5291#endif
Emeric Brun46591952012-05-18 15:47:34 +02005292 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005293 if (!SSL_session_reused(conn->xprt_ctx)) {
5294 if (objt_server(conn->target)) {
5295 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
5296 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
5297 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
Emeric Brun46591952012-05-18 15:47:34 +02005298 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02005299 else {
5300 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
5301 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
5302 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
5303 }
Emeric Brun46591952012-05-18 15:47:34 +02005304 }
5305
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005306#ifdef OPENSSL_IS_BORINGSSL
5307 if ((conn->flags & CO_FL_EARLY_SSL_HS) && !SSL_in_early_data(conn->xprt_ctx))
5308 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5309#endif
Emeric Brun46591952012-05-18 15:47:34 +02005310 /* The connection is now established at both layers, it's time to leave */
5311 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
5312 return 1;
5313
5314 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005315 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005316 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005317 ERR_clear_error();
5318
Emeric Brun9fa89732012-10-04 17:09:56 +02005319 /* free resumed session if exists */
Olivier Houcharde6060c52017-11-16 17:42:52 +01005320 if (objt_server(conn->target) && objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr) {
5321 free(objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr);
5322 objt_server(conn->target)->ssl_ctx.reused_sess[tid].ptr = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02005323 }
5324
Emeric Brun46591952012-05-18 15:47:34 +02005325 /* Fail on all other handshake errors */
5326 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01005327 if (!conn->err_code)
5328 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02005329 return 0;
5330}
5331
5332/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01005333 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02005334 * buffer wraps, in which case a second call may be performed. The connection's
5335 * flags are updated with whatever special event is detected (error, read0,
5336 * empty). The caller is responsible for taking care of those events and
5337 * avoiding the call if inappropriate. The function does not call the
5338 * connection's polling update function, so the caller is responsible for this.
5339 */
Willy Tarreau7f3225f2018-06-19 06:15:17 +02005340static size_t ssl_sock_to_buf(struct connection *conn, struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005341{
Willy Tarreaubfc4d772018-07-18 11:22:03 +02005342 ssize_t ret;
5343 size_t try, done = 0;
Emeric Brun46591952012-05-18 15:47:34 +02005344
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005345 conn_refresh_polling_flags(conn);
5346
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005347 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005348 goto out_error;
5349
5350 if (conn->flags & CO_FL_HANDSHAKE)
5351 /* a handshake was requested */
5352 return 0;
5353
Willy Tarreau0c7ed5d2018-07-10 09:53:31 +02005354 b_realign_if_empty(buf);
Emeric Brun46591952012-05-18 15:47:34 +02005355
5356 /* read the largest possible block. For this, we perform only one call
5357 * to recv() unless the buffer wraps and we exactly fill the first hunk,
5358 * in which case we accept to do it once again. A new attempt is made on
5359 * EINTR too.
5360 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01005361 while (count > 0) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005362 int need_out = 0;
5363
Willy Tarreau591d4452018-06-15 17:21:00 +02005364 try = b_contig_space(buf);
5365 if (!try)
5366 break;
5367
Willy Tarreauabf08d92014-01-14 11:31:27 +01005368 if (try > count)
5369 try = count;
Willy Tarreau591d4452018-06-15 17:21:00 +02005370
Olivier Houchardc2aae742017-09-22 18:26:28 +02005371 if (((conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_EARLY_SSL_HS) &&
5372 conn->tmp_early_data != -1) {
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005373 *b_tail(buf) = conn->tmp_early_data;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005374 done++;
5375 try--;
5376 count--;
Olivier Houchardacd14032018-06-28 18:17:23 +02005377 b_add(buf, 1);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005378 conn->tmp_early_data = -1;
5379 continue;
5380 }
Willy Tarreauabf08d92014-01-14 11:31:27 +01005381
Olivier Houchardc2aae742017-09-22 18:26:28 +02005382#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5383 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5384 size_t read_length;
5385
5386 ret = SSL_read_early_data(conn->xprt_ctx,
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005387 b_tail(buf), try, &read_length);
Olivier Houchard522eea72017-11-03 16:27:47 +01005388 if (ret == SSL_READ_EARLY_DATA_SUCCESS &&
5389 read_length > 0)
Olivier Houchardc2aae742017-09-22 18:26:28 +02005390 conn->flags |= CO_FL_EARLY_DATA;
5391 if (ret == SSL_READ_EARLY_DATA_SUCCESS ||
5392 ret == SSL_READ_EARLY_DATA_FINISH) {
5393 if (ret == SSL_READ_EARLY_DATA_FINISH) {
5394 /*
5395 * We're done reading the early data,
5396 * let's make the handshake
5397 */
5398 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5399 conn->flags |= CO_FL_SSL_WAIT_HS;
5400 need_out = 1;
5401 if (read_length == 0)
5402 break;
5403 }
5404 ret = read_length;
5405 }
5406 } else
5407#endif
Willy Tarreau8f9c72d2018-06-07 18:46:28 +02005408 ret = SSL_read(conn->xprt_ctx, b_tail(buf), try);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005409#ifdef OPENSSL_IS_BORINGSSL
5410 if (conn->flags & CO_FL_EARLY_SSL_HS) {
5411 if (SSL_in_early_data(conn->xprt_ctx)) {
5412 if (ret > 0)
5413 conn->flags |= CO_FL_EARLY_DATA;
5414 } else {
Emmanuel Hocdetcebd7962017-11-27 16:14:40 +01005415 conn->flags &= ~(CO_FL_EARLY_SSL_HS);
Emmanuel Hocdetca6a9572017-11-23 12:40:07 +01005416 }
5417 }
5418#endif
Emeric Brune1f38db2012-09-03 20:36:47 +02005419 if (conn->flags & CO_FL_ERROR) {
5420 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005421 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005422 }
Emeric Brun46591952012-05-18 15:47:34 +02005423 if (ret > 0) {
Olivier Houchardacd14032018-06-28 18:17:23 +02005424 b_add(buf, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005425 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005426 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005427 }
Emeric Brun46591952012-05-18 15:47:34 +02005428 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005429 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02005430 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005431 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02005432 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005433 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005434#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005435 /* Async mode can be re-enabled, because we're leaving data state.*/
5436 if (global_ssl.async)
5437 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5438#endif
Emeric Brun46591952012-05-18 15:47:34 +02005439 break;
5440 }
5441 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005442 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5443 /* handshake is running, and it may need to re-enable read */
5444 conn->flags |= CO_FL_SSL_WAIT_HS;
5445 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005446#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005447 /* Async mode can be re-enabled, because we're leaving data state.*/
5448 if (global_ssl.async)
5449 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5450#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005451 break;
5452 }
Emeric Brun46591952012-05-18 15:47:34 +02005453 /* we need to poll for retry a read later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005454 fd_cant_recv(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005455 break;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005456 } else if (ret == SSL_ERROR_ZERO_RETURN)
5457 goto read0;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005458 /* For SSL_ERROR_SYSCALL, make sure to clear the error
5459 * stack before shutting down the connection for
5460 * reading. */
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005461 if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
5462 goto clear_ssl_error;
Emeric Brun46591952012-05-18 15:47:34 +02005463 /* otherwise it's a real error */
5464 goto out_error;
5465 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005466 if (need_out)
5467 break;
Emeric Brun46591952012-05-18 15:47:34 +02005468 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005469 leave:
5470 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005471 return done;
5472
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005473 clear_ssl_error:
5474 /* Clear openssl global errors stack */
5475 ssl_sock_dump_errors(conn);
5476 ERR_clear_error();
Emeric Brun46591952012-05-18 15:47:34 +02005477 read0:
5478 conn_sock_read0(conn);
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005479 goto leave;
Christopher Faulet4ac77a92018-02-19 14:25:15 +01005480
Emeric Brun46591952012-05-18 15:47:34 +02005481 out_error:
Olivier Houchard7e2e5052018-02-13 15:17:23 +01005482 conn->flags |= CO_FL_ERROR;
Emeric Brun644cde02012-12-14 11:21:13 +01005483 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005484 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005485 ERR_clear_error();
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005486 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005487}
5488
5489
Willy Tarreau787db9a2018-06-14 18:31:46 +02005490/* Send up to <count> pending bytes from buffer <buf> to connection <conn>'s
5491 * socket. <flags> may contain some CO_SFL_* flags to hint the system about
5492 * other pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02005493 * Only one call to send() is performed, unless the buffer wraps, in which case
5494 * a second call may be performed. The connection's flags are updated with
5495 * whatever special event is detected (error, empty). The caller is responsible
5496 * for taking care of those events and avoiding the call if inappropriate. The
5497 * function does not call the connection's polling update function, so the caller
Willy Tarreau787db9a2018-06-14 18:31:46 +02005498 * is responsible for this. The buffer's output is not adjusted, it's up to the
5499 * caller to take care of this. It's up to the caller to update the buffer's
5500 * contents based on the return value.
Emeric Brun46591952012-05-18 15:47:34 +02005501 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005502static size_t ssl_sock_from_buf(struct connection *conn, const struct buffer *buf, size_t count, int flags)
Emeric Brun46591952012-05-18 15:47:34 +02005503{
Willy Tarreau787db9a2018-06-14 18:31:46 +02005504 ssize_t ret;
5505 size_t try, done;
Emeric Brun46591952012-05-18 15:47:34 +02005506
5507 done = 0;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005508 conn_refresh_polling_flags(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005509
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005510 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02005511 goto out_error;
5512
5513 if (conn->flags & CO_FL_HANDSHAKE)
5514 /* a handshake was requested */
5515 return 0;
5516
5517 /* send the largest possible block. For this we perform only one call
5518 * to send() unless the buffer wraps and we exactly fill the first hunk,
5519 * in which case we accept to do it once again.
5520 */
Willy Tarreau787db9a2018-06-14 18:31:46 +02005521 while (count) {
Olivier Houchardc2aae742017-09-22 18:26:28 +02005522#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5523 size_t written_data;
5524#endif
5525
Willy Tarreau787db9a2018-06-14 18:31:46 +02005526 try = b_contig_data(buf, done);
5527 if (try > count)
5528 try = count;
Willy Tarreaubfd59462013-02-21 07:46:09 +01005529
Willy Tarreau7bed9452014-02-02 02:00:24 +01005530 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01005531 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
Willy Tarreauef934602016-12-22 23:12:01 +01005532 global_ssl.max_record && try > global_ssl.max_record) {
5533 try = global_ssl.max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01005534 }
5535 else {
5536 /* we need to keep the information about the fact that
5537 * we're not limiting the upcoming send(), because if it
5538 * fails, we'll have to retry with at least as many data.
5539 */
5540 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
5541 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01005542
Olivier Houchardc2aae742017-09-22 18:26:28 +02005543#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
5544 if (!SSL_is_init_finished(conn->xprt_ctx)) {
5545 unsigned int max_early;
5546
Olivier Houchard522eea72017-11-03 16:27:47 +01005547 if (objt_listener(conn->target))
5548 max_early = SSL_get_max_early_data(conn->xprt_ctx);
5549 else {
5550 if (SSL_get0_session(conn->xprt_ctx))
5551 max_early = SSL_SESSION_get_max_early_data(SSL_get0_session(conn->xprt_ctx));
5552 else
5553 max_early = 0;
5554 }
5555
Olivier Houchard90084a12017-11-23 18:21:29 +01005556 if (try + conn->sent_early_data > max_early) {
5557 try -= (try + conn->sent_early_data) - max_early;
Olivier Houchard522eea72017-11-03 16:27:47 +01005558 if (try <= 0) {
Olivier Houchard90084a12017-11-23 18:21:29 +01005559 if (!(conn->flags & CO_FL_EARLY_SSL_HS))
5560 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Olivier Houchardc2aae742017-09-22 18:26:28 +02005561 break;
Olivier Houchard522eea72017-11-03 16:27:47 +01005562 }
Olivier Houchardc2aae742017-09-22 18:26:28 +02005563 }
Willy Tarreau787db9a2018-06-14 18:31:46 +02005564 ret = SSL_write_early_data(conn->xprt_ctx, b_peek(buf, done), try, &written_data);
Olivier Houchardc2aae742017-09-22 18:26:28 +02005565 if (ret == 1) {
5566 ret = written_data;
Olivier Houchard90084a12017-11-23 18:21:29 +01005567 conn->sent_early_data += ret;
Olivier Houchard522eea72017-11-03 16:27:47 +01005568 if (objt_server(conn->target)) {
5569 conn->flags &= ~CO_FL_EARLY_SSL_HS;
5570 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN | CO_FL_EARLY_DATA;
5571 }
5572
Olivier Houchardc2aae742017-09-22 18:26:28 +02005573 }
5574
5575 } else
5576#endif
Willy Tarreau787db9a2018-06-14 18:31:46 +02005577 ret = SSL_write(conn->xprt_ctx, b_peek(buf, done), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01005578
Emeric Brune1f38db2012-09-03 20:36:47 +02005579 if (conn->flags & CO_FL_ERROR) {
5580 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01005581 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02005582 }
Emeric Brun46591952012-05-18 15:47:34 +02005583 if (ret > 0) {
Willy Tarreau518cedd2014-02-17 15:43:01 +01005584 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
Willy Tarreau787db9a2018-06-14 18:31:46 +02005585 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02005586 done += ret;
Emeric Brun46591952012-05-18 15:47:34 +02005587 }
5588 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005589 ret = SSL_get_error(conn->xprt_ctx, ret);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005590
Emeric Brun46591952012-05-18 15:47:34 +02005591 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01005592 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
5593 /* handshake is running, and it may need to re-enable write */
5594 conn->flags |= CO_FL_SSL_WAIT_HS;
5595 __conn_sock_want_send(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005596#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005597 /* Async mode can be re-enabled, because we're leaving data state.*/
5598 if (global_ssl.async)
5599 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5600#endif
Emeric Brun282a76a2012-11-08 18:02:56 +01005601 break;
5602 }
Emeric Brun46591952012-05-18 15:47:34 +02005603 /* we need to poll to retry a write later */
Willy Tarreau585744b2017-08-24 14:31:19 +02005604 fd_cant_send(conn->handle.fd);
Emeric Brun46591952012-05-18 15:47:34 +02005605 break;
5606 }
5607 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01005608 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02005609 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01005610 __conn_sock_want_recv(conn);
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005611#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brunb5e42a82017-06-06 12:35:14 +00005612 /* Async mode can be re-enabled, because we're leaving data state.*/
5613 if (global_ssl.async)
5614 SSL_set_mode(conn->xprt_ctx, SSL_MODE_ASYNC);
5615#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005616 break;
5617 }
Emeric Brun46591952012-05-18 15:47:34 +02005618 goto out_error;
5619 }
5620 }
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005621 leave:
5622 conn_cond_update_sock_polling(conn);
Emeric Brun46591952012-05-18 15:47:34 +02005623 return done;
5624
5625 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01005626 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005627 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005628 ERR_clear_error();
5629
Emeric Brun46591952012-05-18 15:47:34 +02005630 conn->flags |= CO_FL_ERROR;
Willy Tarreau31d4dbe2017-10-25 09:32:15 +02005631 goto leave;
Emeric Brun46591952012-05-18 15:47:34 +02005632}
5633
Emeric Brun46591952012-05-18 15:47:34 +02005634static void ssl_sock_close(struct connection *conn) {
5635
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005636 if (conn->xprt_ctx) {
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02005637#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Emeric Brun3854e012017-05-17 20:42:48 +02005638 if (global_ssl.async) {
5639 OSSL_ASYNC_FD all_fd[32], afd;
5640 size_t num_all_fds = 0;
5641 int i;
5642
5643 SSL_get_all_async_fds(conn->xprt_ctx, NULL, &num_all_fds);
5644 if (num_all_fds > 32) {
5645 send_log(NULL, LOG_EMERG, "haproxy: openssl returns too many async fds. It seems a bug. Process may crash\n");
5646 return;
5647 }
5648
5649 SSL_get_all_async_fds(conn->xprt_ctx, all_fd, &num_all_fds);
5650
5651 /* If an async job is pending, we must try to
5652 to catch the end using polling before calling
5653 SSL_free */
5654 if (num_all_fds && SSL_waiting_for_async(conn->xprt_ctx)) {
5655 for (i=0 ; i < num_all_fds ; i++) {
5656 /* switch on an handler designed to
5657 * handle the SSL_free
5658 */
5659 afd = all_fd[i];
5660 fdtab[afd].iocb = ssl_async_fd_free;
5661 fdtab[afd].owner = conn->xprt_ctx;
5662 fd_want_recv(afd);
Emeric Brunce9e01c2017-05-31 10:02:53 +00005663 /* To ensure that the fd cache won't be used
5664 * and we'll catch a real RD event.
5665 */
5666 fd_cant_recv(afd);
Emeric Brun3854e012017-05-17 20:42:48 +02005667 }
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005668 conn->xprt_ctx = NULL;
Christopher Faulet8d8aa0d2017-05-30 15:36:50 +02005669 HA_ATOMIC_ADD(&jobs, 1);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005670 return;
5671 }
Emeric Brun3854e012017-05-17 20:42:48 +02005672 /* Else we can remove the fds from the fdtab
5673 * and call SSL_free.
5674 * note: we do a fd_remove and not a delete
5675 * because the fd is owned by the engine.
5676 * the engine is responsible to close
5677 */
5678 for (i=0 ; i < num_all_fds ; i++)
5679 fd_remove(all_fd[i]);
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00005680 }
5681#endif
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02005682 SSL_free(conn->xprt_ctx);
5683 conn->xprt_ctx = NULL;
Willy Tarreau403edff2012-09-06 11:58:37 +02005684 sslconns--;
Emeric Brun46591952012-05-18 15:47:34 +02005685 }
Emeric Brun46591952012-05-18 15:47:34 +02005686}
5687
5688/* This function tries to perform a clean shutdown on an SSL connection, and in
5689 * any case, flags the connection as reusable if no handshake was in progress.
5690 */
5691static void ssl_sock_shutw(struct connection *conn, int clean)
5692{
5693 if (conn->flags & CO_FL_HANDSHAKE)
5694 return;
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005695 if (!clean)
5696 /* don't sent notify on SSL_shutdown */
Willy Tarreaue3cc3a32017-02-13 11:12:29 +01005697 SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
Emeric Brun46591952012-05-18 15:47:34 +02005698 /* no handshake was in progress, try a clean ssl shutdown */
Emmanuel Hocdet405ff312017-01-08 14:07:39 +01005699 if (SSL_shutdown(conn->xprt_ctx) <= 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01005700 /* Clear openssl global errors stack */
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02005701 ssl_sock_dump_errors(conn);
Emeric Brun644cde02012-12-14 11:21:13 +01005702 ERR_clear_error();
5703 }
Emeric Brun46591952012-05-18 15:47:34 +02005704}
5705
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005706/* used for ppv2 pkey alog (can be used for logging) */
5707int ssl_sock_get_pkey_algo(struct connection *conn, struct chunk *out)
5708{
5709 struct pkey_info *pkinfo;
5710 int bits = 0;
5711 int sig = TLSEXT_signature_anonymous;
5712 int len = -1;
5713
5714 if (!ssl_sock_is_ssl(conn))
5715 return 0;
5716
Emmanuel Hocdet3448c492018-06-18 12:44:19 +02005717 pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01005718 if (pkinfo) {
5719 sig = pkinfo->sig;
5720 bits = pkinfo->bits;
5721 } else {
5722 /* multicert and generated cert have no pkey info */
5723 X509 *crt;
5724 EVP_PKEY *pkey;
5725 crt = SSL_get_certificate(conn->xprt_ctx);
5726 if (!crt)
5727 return 0;
5728 pkey = X509_get_pubkey(crt);
5729 if (pkey) {
5730 bits = EVP_PKEY_bits(pkey);
5731 switch(EVP_PKEY_base_id(pkey)) {
5732 case EVP_PKEY_RSA:
5733 sig = TLSEXT_signature_rsa;
5734 break;
5735 case EVP_PKEY_EC:
5736 sig = TLSEXT_signature_ecdsa;
5737 break;
5738 case EVP_PKEY_DSA:
5739 sig = TLSEXT_signature_dsa;
5740 break;
5741 }
5742 EVP_PKEY_free(pkey);
5743 }
5744 }
5745
5746 switch(sig) {
5747 case TLSEXT_signature_rsa:
5748 len = chunk_printf(out, "RSA%d", bits);
5749 break;
5750 case TLSEXT_signature_ecdsa:
5751 len = chunk_printf(out, "EC%d", bits);
5752 break;
5753 case TLSEXT_signature_dsa:
5754 len = chunk_printf(out, "DSA%d", bits);
5755 break;
5756 default:
5757 return 0;
5758 }
5759 if (len < 0)
5760 return 0;
5761 return 1;
5762}
5763
Emmanuel Hocdet283e0042017-11-02 14:05:23 +01005764/* used for ppv2 cert signature (can be used for logging) */
5765const char *ssl_sock_get_cert_sig(struct connection *conn)
5766{
5767 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
5768 X509 *crt;
5769
5770 if (!ssl_sock_is_ssl(conn))
5771 return NULL;
5772 crt = SSL_get_certificate(conn->xprt_ctx);
5773 if (!crt)
5774 return NULL;
5775 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
5776 return OBJ_nid2sn(OBJ_obj2nid(algorithm));
5777}
5778
Emmanuel Hocdet253c3b72018-02-01 18:29:59 +01005779/* used for ppv2 authority */
5780const char *ssl_sock_get_sni(struct connection *conn)
5781{
5782#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
5783 if (!ssl_sock_is_ssl(conn))
5784 return NULL;
5785 return SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
5786#else
5787 return 0;
5788#endif
5789}
5790
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005791/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005792const char *ssl_sock_get_cipher_name(struct connection *conn)
5793{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005794 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005795 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005796
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005797 return SSL_get_cipher_name(conn->xprt_ctx);
5798}
5799
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005800/* used for logging/ppv2, may be changed for a sample fetch later */
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005801const char *ssl_sock_get_proto_version(struct connection *conn)
5802{
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005803 if (!ssl_sock_is_ssl(conn))
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005804 return NULL;
Emmanuel Hocdet01da5712017-10-13 16:59:49 +02005805
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02005806 return SSL_get_version(conn->xprt_ctx);
5807}
5808
Willy Tarreau8d598402012-10-22 17:58:39 +02005809/* Extract a serial from a cert, and copy it to a chunk.
5810 * Returns 1 if serial is found and copied, 0 if no serial found and
5811 * -1 if output is not large enough.
5812 */
5813static int
5814ssl_sock_get_serial(X509 *crt, struct chunk *out)
5815{
5816 ASN1_INTEGER *serial;
5817
5818 serial = X509_get_serialNumber(crt);
5819 if (!serial)
5820 return 0;
5821
5822 if (out->size < serial->length)
5823 return -1;
5824
5825 memcpy(out->str, serial->data, serial->length);
5826 out->len = serial->length;
5827 return 1;
5828}
5829
Emeric Brun43e79582014-10-29 19:03:26 +01005830/* Extract a cert to der, and copy it to a chunk.
5831 * Returns 1 if cert is found and copied, 0 on der convertion failure and
5832 * -1 if output is not large enough.
5833 */
5834static int
5835ssl_sock_crt2der(X509 *crt, struct chunk *out)
5836{
5837 int len;
5838 unsigned char *p = (unsigned char *)out->str;;
5839
5840 len =i2d_X509(crt, NULL);
5841 if (len <= 0)
5842 return 1;
5843
5844 if (out->size < len)
5845 return -1;
5846
5847 i2d_X509(crt,&p);
5848 out->len = len;
5849 return 1;
5850}
5851
Emeric Brunce5ad802012-10-22 14:11:22 +02005852
5853/* Copy Date in ASN1_UTCTIME format in struct chunk out.
5854 * Returns 1 if serial is found and copied, 0 if no valid time found
5855 * and -1 if output is not large enough.
5856 */
5857static int
5858ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out)
5859{
5860 if (tm->type == V_ASN1_GENERALIZEDTIME) {
5861 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
5862
5863 if (gentm->length < 12)
5864 return 0;
5865 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
5866 return 0;
5867 if (out->size < gentm->length-2)
5868 return -1;
5869
5870 memcpy(out->str, gentm->data+2, gentm->length-2);
5871 out->len = gentm->length-2;
5872 return 1;
5873 }
5874 else if (tm->type == V_ASN1_UTCTIME) {
5875 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
5876
5877 if (utctm->length < 10)
5878 return 0;
5879 if (utctm->data[0] >= 0x35)
5880 return 0;
5881 if (out->size < utctm->length)
5882 return -1;
5883
5884 memcpy(out->str, utctm->data, utctm->length);
5885 out->len = utctm->length;
5886 return 1;
5887 }
5888
5889 return 0;
5890}
5891
Emeric Brun87855892012-10-17 17:39:35 +02005892/* Extract an entry from a X509_NAME and copy its value to an output chunk.
5893 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
5894 */
5895static int
5896ssl_sock_get_dn_entry(X509_NAME *a, const struct chunk *entry, int pos, struct chunk *out)
5897{
5898 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005899 ASN1_OBJECT *obj;
5900 ASN1_STRING *data;
5901 const unsigned char *data_ptr;
5902 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005903 int i, j, n;
5904 int cur = 0;
5905 const char *s;
5906 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005907 int name_count;
5908
5909 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005910
5911 out->len = 0;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005912 for (i = 0; i < name_count; i++) {
Emeric Brun87855892012-10-17 17:39:35 +02005913 if (pos < 0)
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005914 j = (name_count-1) - i;
Emeric Brun87855892012-10-17 17:39:35 +02005915 else
5916 j = i;
5917
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005918 ne = X509_NAME_get_entry(a, j);
5919 obj = X509_NAME_ENTRY_get_object(ne);
5920 data = X509_NAME_ENTRY_get_data(ne);
5921 data_ptr = ASN1_STRING_get0_data(data);
5922 data_len = ASN1_STRING_length(data);
5923 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005924 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005925 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005926 s = tmp;
5927 }
5928
5929 if (chunk_strcasecmp(entry, s) != 0)
5930 continue;
5931
5932 if (pos < 0)
5933 cur--;
5934 else
5935 cur++;
5936
5937 if (cur != pos)
5938 continue;
5939
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005940 if (data_len > out->size)
Emeric Brun87855892012-10-17 17:39:35 +02005941 return -1;
5942
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005943 memcpy(out->str, data_ptr, data_len);
5944 out->len = data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005945 return 1;
5946 }
5947
5948 return 0;
5949
5950}
5951
5952/* Extract and format full DN from a X509_NAME and copy result into a chunk
5953 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
5954 */
5955static int
5956ssl_sock_get_dn_oneline(X509_NAME *a, struct chunk *out)
5957{
5958 X509_NAME_ENTRY *ne;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005959 ASN1_OBJECT *obj;
5960 ASN1_STRING *data;
5961 const unsigned char *data_ptr;
5962 int data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005963 int i, n, ln;
5964 int l = 0;
5965 const char *s;
5966 char *p;
5967 char tmp[128];
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005968 int name_count;
5969
5970
5971 name_count = X509_NAME_entry_count(a);
Emeric Brun87855892012-10-17 17:39:35 +02005972
5973 out->len = 0;
5974 p = out->str;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005975 for (i = 0; i < name_count; i++) {
5976 ne = X509_NAME_get_entry(a, i);
5977 obj = X509_NAME_ENTRY_get_object(ne);
5978 data = X509_NAME_ENTRY_get_data(ne);
5979 data_ptr = ASN1_STRING_get0_data(data);
5980 data_len = ASN1_STRING_length(data);
5981 n = OBJ_obj2nid(obj);
Emeric Brun87855892012-10-17 17:39:35 +02005982 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005983 i2t_ASN1_OBJECT(tmp, sizeof(tmp), obj);
Emeric Brun87855892012-10-17 17:39:35 +02005984 s = tmp;
5985 }
5986 ln = strlen(s);
5987
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005988 l += 1 + ln + 1 + data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005989 if (l > out->size)
5990 return -1;
5991 out->len = l;
5992
5993 *(p++)='/';
5994 memcpy(p, s, ln);
5995 p += ln;
5996 *(p++)='=';
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02005997 memcpy(p, data_ptr, data_len);
5998 p += data_len;
Emeric Brun87855892012-10-17 17:39:35 +02005999 }
6000
6001 if (!out->len)
6002 return 0;
6003
6004 return 1;
6005}
6006
Willy Tarreau119a4082016-12-22 21:58:38 +01006007/* Sets advertised SNI for outgoing connections. Please set <hostname> to NULL
6008 * to disable SNI.
6009 */
Willy Tarreau63076412015-07-10 11:33:32 +02006010void ssl_sock_set_servername(struct connection *conn, const char *hostname)
6011{
6012#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau119a4082016-12-22 21:58:38 +01006013 char *prev_name;
6014
Willy Tarreau63076412015-07-10 11:33:32 +02006015 if (!ssl_sock_is_ssl(conn))
6016 return;
6017
Willy Tarreau119a4082016-12-22 21:58:38 +01006018 /* if the SNI changes, we must destroy the reusable context so that a
6019 * new connection will present a new SNI. As an optimization we could
6020 * later imagine having a small cache of ssl_ctx to hold a few SNI per
6021 * server.
6022 */
6023 prev_name = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6024 if ((!prev_name && hostname) ||
6025 (prev_name && (!hostname || strcmp(hostname, prev_name) != 0)))
6026 SSL_set_session(conn->xprt_ctx, NULL);
6027
Willy Tarreau63076412015-07-10 11:33:32 +02006028 SSL_set_tlsext_host_name(conn->xprt_ctx, hostname);
6029#endif
6030}
6031
Emeric Brun0abf8362014-06-24 18:26:41 +02006032/* Extract peer certificate's common name into the chunk dest
6033 * Returns
6034 * the len of the extracted common name
6035 * or 0 if no CN found in DN
6036 * or -1 on error case (i.e. no peer certificate)
6037 */
6038int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *dest)
David Safb76832014-05-08 23:42:08 -04006039{
6040 X509 *crt = NULL;
6041 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04006042 const char find_cn[] = "CN";
6043 const struct chunk find_cn_chunk = {
6044 .str = (char *)&find_cn,
6045 .len = sizeof(find_cn)-1
6046 };
Emeric Brun0abf8362014-06-24 18:26:41 +02006047 int result = -1;
David Safb76832014-05-08 23:42:08 -04006048
6049 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02006050 goto out;
David Safb76832014-05-08 23:42:08 -04006051
6052 /* SSL_get_peer_certificate, it increase X509 * ref count */
6053 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6054 if (!crt)
6055 goto out;
6056
6057 name = X509_get_subject_name(crt);
6058 if (!name)
6059 goto out;
David Safb76832014-05-08 23:42:08 -04006060
Emeric Brun0abf8362014-06-24 18:26:41 +02006061 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
6062out:
David Safb76832014-05-08 23:42:08 -04006063 if (crt)
6064 X509_free(crt);
6065
6066 return result;
6067}
6068
Dave McCowan328fb582014-07-30 10:39:13 -04006069/* returns 1 if client passed a certificate for this session, 0 if not */
6070int ssl_sock_get_cert_used_sess(struct connection *conn)
6071{
6072 X509 *crt = NULL;
6073
6074 if (!ssl_sock_is_ssl(conn))
6075 return 0;
6076
6077 /* SSL_get_peer_certificate, it increase X509 * ref count */
6078 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6079 if (!crt)
6080 return 0;
6081
6082 X509_free(crt);
6083 return 1;
6084}
6085
6086/* returns 1 if client passed a certificate for this connection, 0 if not */
6087int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04006088{
6089 if (!ssl_sock_is_ssl(conn))
6090 return 0;
6091
6092 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
6093}
6094
6095/* returns result from SSL verify */
6096unsigned int ssl_sock_get_verify_result(struct connection *conn)
6097{
6098 if (!ssl_sock_is_ssl(conn))
6099 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
6100
6101 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
6102}
6103
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006104/* Returns the application layer protocol name in <str> and <len> when known.
6105 * Zero is returned if the protocol name was not found, otherwise non-zero is
6106 * returned. The string is allocated in the SSL context and doesn't have to be
6107 * freed by the caller. NPN is also checked if available since older versions
6108 * of openssl (1.0.1) which are more common in field only support this one.
6109 */
6110static int ssl_sock_get_alpn(const struct connection *conn, const char **str, int *len)
6111{
6112 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6113 return 0;
6114
6115 *str = NULL;
6116
6117#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
6118 SSL_get0_alpn_selected(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6119 if (*str)
6120 return 1;
6121#endif
Bernard Spil13c53f82018-02-15 13:34:58 +01006122#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau8743f7e2016-12-04 18:44:29 +01006123 SSL_get0_next_proto_negotiated(conn->xprt_ctx, (const unsigned char **)str, (unsigned *)len);
6124 if (*str)
6125 return 1;
6126#endif
6127 return 0;
6128}
6129
Willy Tarreau7875d092012-09-10 08:20:03 +02006130/***** Below are some sample fetching functions for ACL/patterns *****/
6131
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006132static int
6133smp_fetch_ssl_fc_has_early(const struct arg *args, struct sample *smp, const char *kw, void *private)
6134{
6135 struct connection *conn;
6136
6137 conn = objt_conn(smp->sess->origin);
6138 if (!conn || conn->xprt != &ssl_sock)
6139 return 0;
6140
6141 smp->flags = 0;
6142 smp->data.type = SMP_T_BOOL;
Olivier Houchard25ae45a2017-11-29 19:51:19 +01006143 smp->data.u.sint = ((conn->flags & CO_FL_EARLY_DATA) &&
6144 (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_HANDSHAKE))) ? 1 : 0;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02006145
6146 return 1;
6147}
6148
Emeric Brune64aef12012-09-21 13:15:06 +02006149/* boolean, returns true if client cert was present */
6150static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006151smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brune64aef12012-09-21 13:15:06 +02006152{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006153 struct connection *conn;
6154
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006155 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006156 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02006157 return 0;
6158
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006159 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02006160 smp->flags |= SMP_F_MAY_CHANGE;
6161 return 0;
6162 }
6163
6164 smp->flags = 0;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006165 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006166 smp->data.u.sint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02006167
6168 return 1;
6169}
6170
Emeric Brun43e79582014-10-29 19:03:26 +01006171/* binary, returns a certificate in a binary chunk (der/raw).
6172 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6173 * should be use.
6174 */
6175static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006176smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun43e79582014-10-29 19:03:26 +01006177{
6178 int cert_peer = (kw[4] == 'c') ? 1 : 0;
6179 X509 *crt = NULL;
6180 int ret = 0;
6181 struct chunk *smp_trash;
6182 struct connection *conn;
6183
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006184 conn = objt_conn(smp->sess->origin);
Emeric Brun43e79582014-10-29 19:03:26 +01006185 if (!conn || conn->xprt != &ssl_sock)
6186 return 0;
6187
6188 if (!(conn->flags & CO_FL_CONNECTED)) {
6189 smp->flags |= SMP_F_MAY_CHANGE;
6190 return 0;
6191 }
6192
6193 if (cert_peer)
6194 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6195 else
6196 crt = SSL_get_certificate(conn->xprt_ctx);
6197
6198 if (!crt)
6199 goto out;
6200
6201 smp_trash = get_trash_chunk();
6202 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
6203 goto out;
6204
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006205 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006206 smp->data.type = SMP_T_BIN;
Emeric Brun43e79582014-10-29 19:03:26 +01006207 ret = 1;
6208out:
6209 /* SSL_get_peer_certificate, it increase X509 * ref count */
6210 if (cert_peer && crt)
6211 X509_free(crt);
6212 return ret;
6213}
6214
Emeric Brunba841a12014-04-30 17:05:08 +02006215/* binary, returns serial of certificate in a binary chunk.
6216 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6217 * should be use.
6218 */
Willy Tarreau8d598402012-10-22 17:58:39 +02006219static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006220smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau8d598402012-10-22 17:58:39 +02006221{
Emeric Brunba841a12014-04-30 17:05:08 +02006222 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02006223 X509 *crt = NULL;
6224 int ret = 0;
6225 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006226 struct connection *conn;
6227
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006228 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006229 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02006230 return 0;
6231
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006232 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02006233 smp->flags |= SMP_F_MAY_CHANGE;
6234 return 0;
6235 }
6236
Emeric Brunba841a12014-04-30 17:05:08 +02006237 if (cert_peer)
6238 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6239 else
6240 crt = SSL_get_certificate(conn->xprt_ctx);
6241
Willy Tarreau8d598402012-10-22 17:58:39 +02006242 if (!crt)
6243 goto out;
6244
Willy Tarreau47ca5452012-12-23 20:22:19 +01006245 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02006246 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
6247 goto out;
6248
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006249 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006250 smp->data.type = SMP_T_BIN;
Willy Tarreau8d598402012-10-22 17:58:39 +02006251 ret = 1;
6252out:
Emeric Brunba841a12014-04-30 17:05:08 +02006253 /* SSL_get_peer_certificate, it increase X509 * ref count */
6254 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02006255 X509_free(crt);
6256 return ret;
6257}
Emeric Brune64aef12012-09-21 13:15:06 +02006258
Emeric Brunba841a12014-04-30 17:05:08 +02006259/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
6260 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6261 * should be use.
6262 */
James Votha051b4a2013-05-14 20:37:59 +02006263static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006264smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, void *private)
James Votha051b4a2013-05-14 20:37:59 +02006265{
Emeric Brunba841a12014-04-30 17:05:08 +02006266 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02006267 X509 *crt = NULL;
6268 const EVP_MD *digest;
6269 int ret = 0;
6270 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006271 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02006272
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006273 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006274 if (!conn || conn->xprt != &ssl_sock)
6275 return 0;
6276
6277 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02006278 smp->flags |= SMP_F_MAY_CHANGE;
6279 return 0;
6280 }
6281
Emeric Brunba841a12014-04-30 17:05:08 +02006282 if (cert_peer)
6283 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6284 else
6285 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02006286 if (!crt)
6287 goto out;
6288
6289 smp_trash = get_trash_chunk();
6290 digest = EVP_sha1();
6291 X509_digest(crt, digest, (unsigned char *)smp_trash->str, (unsigned int *)&smp_trash->len);
6292
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006293 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006294 smp->data.type = SMP_T_BIN;
James Votha051b4a2013-05-14 20:37:59 +02006295 ret = 1;
6296out:
Emeric Brunba841a12014-04-30 17:05:08 +02006297 /* SSL_get_peer_certificate, it increase X509 * ref count */
6298 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02006299 X509_free(crt);
6300 return ret;
6301}
6302
Emeric Brunba841a12014-04-30 17:05:08 +02006303/* string, returns certificate's notafter date in ASN1_UTCTIME format.
6304 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6305 * should be use.
6306 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006307static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006308smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006309{
Emeric Brunba841a12014-04-30 17:05:08 +02006310 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006311 X509 *crt = NULL;
6312 int ret = 0;
6313 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006314 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02006315
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006316 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006317 if (!conn || conn->xprt != &ssl_sock)
6318 return 0;
6319
6320 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006321 smp->flags |= SMP_F_MAY_CHANGE;
6322 return 0;
6323 }
6324
Emeric Brunba841a12014-04-30 17:05:08 +02006325 if (cert_peer)
6326 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6327 else
6328 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006329 if (!crt)
6330 goto out;
6331
Willy Tarreau47ca5452012-12-23 20:22:19 +01006332 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006333 if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
6334 goto out;
6335
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006336 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006337 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006338 ret = 1;
6339out:
Emeric Brunba841a12014-04-30 17:05:08 +02006340 /* SSL_get_peer_certificate, it increase X509 * ref count */
6341 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006342 X509_free(crt);
6343 return ret;
6344}
6345
Emeric Brunba841a12014-04-30 17:05:08 +02006346/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
6347 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6348 * should be use.
6349 */
Emeric Brun87855892012-10-17 17:39:35 +02006350static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006351smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006352{
Emeric Brunba841a12014-04-30 17:05:08 +02006353 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006354 X509 *crt = NULL;
6355 X509_NAME *name;
6356 int ret = 0;
6357 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006358 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006359
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006360 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006361 if (!conn || conn->xprt != &ssl_sock)
6362 return 0;
6363
6364 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006365 smp->flags |= SMP_F_MAY_CHANGE;
6366 return 0;
6367 }
6368
Emeric Brunba841a12014-04-30 17:05:08 +02006369 if (cert_peer)
6370 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6371 else
6372 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006373 if (!crt)
6374 goto out;
6375
6376 name = X509_get_issuer_name(crt);
6377 if (!name)
6378 goto out;
6379
Willy Tarreau47ca5452012-12-23 20:22:19 +01006380 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006381 if (args && args[0].type == ARGT_STR) {
6382 int pos = 1;
6383
6384 if (args[1].type == ARGT_SINT)
6385 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006386
6387 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6388 goto out;
6389 }
6390 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6391 goto out;
6392
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006393 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006394 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006395 ret = 1;
6396out:
Emeric Brunba841a12014-04-30 17:05:08 +02006397 /* SSL_get_peer_certificate, it increase X509 * ref count */
6398 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006399 X509_free(crt);
6400 return ret;
6401}
6402
Emeric Brunba841a12014-04-30 17:05:08 +02006403/* string, returns notbefore date in ASN1_UTCTIME format.
6404 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6405 * should be use.
6406 */
Emeric Brunce5ad802012-10-22 14:11:22 +02006407static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006408smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunce5ad802012-10-22 14:11:22 +02006409{
Emeric Brunba841a12014-04-30 17:05:08 +02006410 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02006411 X509 *crt = NULL;
6412 int ret = 0;
6413 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006414 struct connection *conn;
6415
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006416 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006417 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02006418 return 0;
6419
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006420 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02006421 smp->flags |= SMP_F_MAY_CHANGE;
6422 return 0;
6423 }
6424
Emeric Brunba841a12014-04-30 17:05:08 +02006425 if (cert_peer)
6426 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6427 else
6428 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02006429 if (!crt)
6430 goto out;
6431
Willy Tarreau47ca5452012-12-23 20:22:19 +01006432 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02006433 if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
6434 goto out;
6435
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006436 smp->data.u.str = *smp_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006437 smp->data.type = SMP_T_STR;
Emeric Brunce5ad802012-10-22 14:11:22 +02006438 ret = 1;
6439out:
Emeric Brunba841a12014-04-30 17:05:08 +02006440 /* SSL_get_peer_certificate, it increase X509 * ref count */
6441 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02006442 X509_free(crt);
6443 return ret;
6444}
6445
Emeric Brunba841a12014-04-30 17:05:08 +02006446/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
6447 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6448 * should be use.
6449 */
Emeric Brun87855892012-10-17 17:39:35 +02006450static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006451smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun87855892012-10-17 17:39:35 +02006452{
Emeric Brunba841a12014-04-30 17:05:08 +02006453 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02006454 X509 *crt = NULL;
6455 X509_NAME *name;
6456 int ret = 0;
6457 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006458 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02006459
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006460 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006461 if (!conn || conn->xprt != &ssl_sock)
6462 return 0;
6463
6464 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02006465 smp->flags |= SMP_F_MAY_CHANGE;
6466 return 0;
6467 }
6468
Emeric Brunba841a12014-04-30 17:05:08 +02006469 if (cert_peer)
6470 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6471 else
6472 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02006473 if (!crt)
6474 goto out;
6475
6476 name = X509_get_subject_name(crt);
6477 if (!name)
6478 goto out;
6479
Willy Tarreau47ca5452012-12-23 20:22:19 +01006480 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02006481 if (args && args[0].type == ARGT_STR) {
6482 int pos = 1;
6483
6484 if (args[1].type == ARGT_SINT)
6485 pos = args[1].data.sint;
Emeric Brun87855892012-10-17 17:39:35 +02006486
6487 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
6488 goto out;
6489 }
6490 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
6491 goto out;
6492
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006493 smp->data.type = SMP_T_STR;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006494 smp->data.u.str = *smp_trash;
Emeric Brun87855892012-10-17 17:39:35 +02006495 ret = 1;
6496out:
Emeric Brunba841a12014-04-30 17:05:08 +02006497 /* SSL_get_peer_certificate, it increase X509 * ref count */
6498 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02006499 X509_free(crt);
6500 return ret;
6501}
Emeric Brun9143d372012-12-20 15:44:16 +01006502
6503/* integer, returns true if current session use a client certificate */
6504static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006505smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun9143d372012-12-20 15:44:16 +01006506{
6507 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006508 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01006509
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006510 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006511 if (!conn || conn->xprt != &ssl_sock)
6512 return 0;
6513
6514 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01006515 smp->flags |= SMP_F_MAY_CHANGE;
6516 return 0;
6517 }
6518
6519 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006520 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01006521 if (crt) {
6522 X509_free(crt);
6523 }
6524
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006525 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006526 smp->data.u.sint = (crt != NULL);
Emeric Brun9143d372012-12-20 15:44:16 +01006527 return 1;
6528}
6529
Emeric Brunba841a12014-04-30 17:05:08 +02006530/* integer, returns the certificate version
6531 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6532 * should be use.
6533 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02006534static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006535smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006536{
Emeric Brunba841a12014-04-30 17:05:08 +02006537 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006538 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006539 struct connection *conn;
6540
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006541 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006542 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02006543 return 0;
6544
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006545 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02006546 smp->flags |= SMP_F_MAY_CHANGE;
6547 return 0;
6548 }
6549
Emeric Brunba841a12014-04-30 17:05:08 +02006550 if (cert_peer)
6551 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6552 else
6553 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02006554 if (!crt)
6555 return 0;
6556
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006557 smp->data.u.sint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02006558 /* SSL_get_peer_certificate increase X509 * ref count */
6559 if (cert_peer)
6560 X509_free(crt);
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006561 smp->data.type = SMP_T_SINT;
Emeric Bruna7359fd2012-10-17 15:03:11 +02006562
6563 return 1;
6564}
6565
Emeric Brunba841a12014-04-30 17:05:08 +02006566/* string, returns the certificate's signature algorithm.
6567 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6568 * should be use.
6569 */
Emeric Brun7f56e742012-10-19 18:15:40 +02006570static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006571smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun7f56e742012-10-19 18:15:40 +02006572{
Emeric Brunba841a12014-04-30 17:05:08 +02006573 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02006574 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006575 __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
Emeric Brun7f56e742012-10-19 18:15:40 +02006576 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006577 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02006578
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006579 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006580 if (!conn || conn->xprt != &ssl_sock)
6581 return 0;
6582
6583 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02006584 smp->flags |= SMP_F_MAY_CHANGE;
6585 return 0;
6586 }
6587
Emeric Brunba841a12014-04-30 17:05:08 +02006588 if (cert_peer)
6589 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6590 else
6591 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02006592 if (!crt)
6593 return 0;
6594
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006595 X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
6596 nid = OBJ_obj2nid(algorithm);
Emeric Brun7f56e742012-10-19 18:15:40 +02006597
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006598 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6599 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006600 /* SSL_get_peer_certificate increase X509 * ref count */
6601 if (cert_peer)
6602 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006603 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006604 }
Emeric Brun7f56e742012-10-19 18:15:40 +02006605
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006606 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006607 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006608 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006609 /* SSL_get_peer_certificate increase X509 * ref count */
6610 if (cert_peer)
6611 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02006612
6613 return 1;
6614}
6615
Emeric Brunba841a12014-04-30 17:05:08 +02006616/* string, returns the certificate's key algorithm.
6617 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
6618 * should be use.
6619 */
Emeric Brun521a0112012-10-22 12:22:55 +02006620static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006621smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun521a0112012-10-22 12:22:55 +02006622{
Emeric Brunba841a12014-04-30 17:05:08 +02006623 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02006624 X509 *crt;
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006625 ASN1_OBJECT *algorithm;
Emeric Brun521a0112012-10-22 12:22:55 +02006626 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006627 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02006628
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006629 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006630 if (!conn || conn->xprt != &ssl_sock)
6631 return 0;
6632
6633 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02006634 smp->flags |= SMP_F_MAY_CHANGE;
6635 return 0;
6636 }
6637
Emeric Brunba841a12014-04-30 17:05:08 +02006638 if (cert_peer)
6639 crt = SSL_get_peer_certificate(conn->xprt_ctx);
6640 else
6641 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02006642 if (!crt)
6643 return 0;
6644
Dirkjan Bussink1866d6d2016-08-29 13:26:37 +02006645 X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(crt));
6646 nid = OBJ_obj2nid(algorithm);
Emeric Brun521a0112012-10-22 12:22:55 +02006647
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006648 smp->data.u.str.str = (char *)OBJ_nid2sn(nid);
6649 if (!smp->data.u.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02006650 /* SSL_get_peer_certificate increase X509 * ref count */
6651 if (cert_peer)
6652 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006653 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02006654 }
Emeric Brun521a0112012-10-22 12:22:55 +02006655
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006656 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006657 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006658 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02006659 if (cert_peer)
6660 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02006661
6662 return 1;
6663}
6664
Emeric Brun645ae792014-04-30 14:21:06 +02006665/* boolean, returns true if front conn. transport layer is SSL.
6666 * This function is also usable on backend conn if the fetch keyword 5th
6667 * char is 'b'.
6668 */
Willy Tarreau7875d092012-09-10 08:20:03 +02006669static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006670smp_fetch_ssl_fc(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006671{
Emeric Bruneb8def92018-02-19 15:59:48 +01006672 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6673 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006674
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006675 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006676 smp->data.u.sint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02006677 return 1;
6678}
6679
Emeric Brun2525b6b2012-10-18 15:59:43 +02006680/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02006681static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006682smp_fetch_ssl_fc_has_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006683{
6684#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006685 struct connection *conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006686
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006687 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006688 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006689 conn->xprt_ctx &&
6690 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02006691 return 1;
6692#else
6693 return 0;
6694#endif
6695}
6696
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006697/* boolean, returns true if client session has been resumed.
6698 * This function is also usable on backend conn if the fetch keyword 5th
6699 * char is 'b'.
6700 */
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006701static int
6702smp_fetch_ssl_fc_is_resumed(const struct arg *args, struct sample *smp, const char *kw, void *private)
6703{
Emeric Brun74f7ffa2018-02-19 16:14:12 +01006704 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6705 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6706
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006707
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006708 smp->data.type = SMP_T_BOOL;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006709 smp->data.u.sint = (conn && conn->xprt == &ssl_sock) &&
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02006710 conn->xprt_ctx &&
6711 SSL_session_reused(conn->xprt_ctx);
6712 return 1;
6713}
6714
Emeric Brun645ae792014-04-30 14:21:06 +02006715/* string, returns the used cipher if front conn. transport layer is SSL.
6716 * This function is also usable on backend conn if the fetch keyword 5th
6717 * char is 'b'.
6718 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006719static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006720smp_fetch_ssl_fc_cipher(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006721{
Emeric Bruneb8def92018-02-19 15:59:48 +01006722 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6723 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Emeric Brun589fcad2012-10-16 14:13:26 +02006724
Willy Tarreaube508f12016-03-10 11:47:01 +01006725 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006726 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006727 return 0;
6728
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006729 smp->data.u.str.str = (char *)SSL_get_cipher_name(conn->xprt_ctx);
6730 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006731 return 0;
6732
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006733 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006734 smp->flags |= SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006735 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006736
6737 return 1;
6738}
6739
Emeric Brun645ae792014-04-30 14:21:06 +02006740/* integer, returns the algoritm's keysize if front conn. transport layer
6741 * is SSL.
6742 * This function is also usable on backend conn if the fetch keyword 5th
6743 * char is 'b'.
6744 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006745static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006746smp_fetch_ssl_fc_alg_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006747{
Emeric Bruneb8def92018-02-19 15:59:48 +01006748 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6749 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006750 int sint;
Willy Tarreaube508f12016-03-10 11:47:01 +01006751
Emeric Brun589fcad2012-10-16 14:13:26 +02006752 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006753 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02006754 return 0;
6755
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02006756 if (!SSL_get_cipher_bits(conn->xprt_ctx, &sint))
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006757 return 0;
6758
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006759 smp->data.u.sint = sint;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006760 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006761
6762 return 1;
6763}
6764
Emeric Brun645ae792014-04-30 14:21:06 +02006765/* integer, returns the used keysize if front conn. transport layer is SSL.
6766 * This function is also usable on backend conn if the fetch keyword 5th
6767 * char is 'b'.
6768 */
Emeric Brun589fcad2012-10-16 14:13:26 +02006769static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006770smp_fetch_ssl_fc_use_keysize(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006771{
Emeric Bruneb8def92018-02-19 15:59:48 +01006772 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6773 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006774
Emeric Brun589fcad2012-10-16 14:13:26 +02006775 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006776 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6777 return 0;
6778
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006779 smp->data.u.sint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
6780 if (!smp->data.u.sint)
Emeric Brun589fcad2012-10-16 14:13:26 +02006781 return 0;
6782
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006783 smp->data.type = SMP_T_SINT;
Emeric Brun589fcad2012-10-16 14:13:26 +02006784
6785 return 1;
6786}
6787
Bernard Spil13c53f82018-02-15 13:34:58 +01006788#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau7875d092012-09-10 08:20:03 +02006789static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006790smp_fetch_ssl_fc_npn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006791{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006792 struct connection *conn;
6793
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006794 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006795 smp->data.type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006796
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006797 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006798 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6799 return 0;
6800
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006801 smp->data.u.str.str = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006802 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006803 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreaua33c6542012-10-15 13:19:06 +02006804
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006805 if (!smp->data.u.str.str)
Willy Tarreaua33c6542012-10-15 13:19:06 +02006806 return 0;
6807
6808 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02006809}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02006810#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02006811
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006812#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02006813static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006814smp_fetch_ssl_fc_alpn(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreauab861d32013-04-02 02:30:41 +02006815{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006816 struct connection *conn;
6817
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006818 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006819 smp->data.type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02006820
Willy Tarreaue26bf052015-05-12 10:30:12 +02006821 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006822 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02006823 return 0;
6824
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006825 smp->data.u.str.str = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01006826 SSL_get0_alpn_selected(conn->xprt_ctx,
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006827 (const unsigned char **)&smp->data.u.str.str, (unsigned *)&smp->data.u.str.len);
Willy Tarreauab861d32013-04-02 02:30:41 +02006828
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006829 if (!smp->data.u.str.str)
Willy Tarreauab861d32013-04-02 02:30:41 +02006830 return 0;
6831
6832 return 1;
6833}
6834#endif
6835
Emeric Brun645ae792014-04-30 14:21:06 +02006836/* string, returns the used protocol if front conn. transport layer is SSL.
6837 * This function is also usable on backend conn if the fetch keyword 5th
6838 * char is 'b'.
6839 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02006840static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006841smp_fetch_ssl_fc_protocol(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brun589fcad2012-10-16 14:13:26 +02006842{
Emeric Bruneb8def92018-02-19 15:59:48 +01006843 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6844 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaube508f12016-03-10 11:47:01 +01006845
Emeric Brun589fcad2012-10-16 14:13:26 +02006846 smp->flags = 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006847 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6848 return 0;
6849
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006850 smp->data.u.str.str = (char *)SSL_get_version(conn->xprt_ctx);
6851 if (!smp->data.u.str.str)
Emeric Brun589fcad2012-10-16 14:13:26 +02006852 return 0;
6853
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006854 smp->data.type = SMP_T_STR;
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006855 smp->flags = SMP_F_CONST;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006856 smp->data.u.str.len = strlen(smp->data.u.str.str);
Emeric Brun589fcad2012-10-16 14:13:26 +02006857
6858 return 1;
6859}
6860
Willy Tarreau87b09662015-04-03 00:22:06 +02006861/* binary, returns the SSL stream id if front conn. transport layer is SSL.
Emeric Brun645ae792014-04-30 14:21:06 +02006862 * This function is also usable on backend conn if the fetch keyword 5th
6863 * char is 'b'.
6864 */
Patrick Hemmer41966772018-04-28 19:15:48 -04006865#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun589fcad2012-10-16 14:13:26 +02006866static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006867smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunfe68f682012-10-16 14:59:28 +02006868{
Emeric Bruneb8def92018-02-19 15:59:48 +01006869 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6870 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
Willy Tarreaue237fe12016-03-10 17:05:28 +01006871 SSL_SESSION *ssl_sess;
Willy Tarreaube508f12016-03-10 11:47:01 +01006872
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006873 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006874 smp->data.type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02006875
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006876 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6877 return 0;
6878
Willy Tarreau192252e2015-04-04 01:47:55 +02006879 ssl_sess = SSL_get_session(conn->xprt_ctx);
6880 if (!ssl_sess)
Emeric Brunfe68f682012-10-16 14:59:28 +02006881 return 0;
6882
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006883 smp->data.u.str.str = (char *)SSL_SESSION_get_id(ssl_sess, (unsigned int *)&smp->data.u.str.len);
6884 if (!smp->data.u.str.str || !smp->data.u.str.len)
Emeric Brunfe68f682012-10-16 14:59:28 +02006885 return 0;
6886
6887 return 1;
Emeric Brunfe68f682012-10-16 14:59:28 +02006888}
Patrick Hemmer41966772018-04-28 19:15:48 -04006889#endif
6890
Emeric Brunfe68f682012-10-16 14:59:28 +02006891
Patrick Hemmere0275472018-04-28 19:15:51 -04006892#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
6893static int
6894smp_fetch_ssl_fc_session_key(const struct arg *args, struct sample *smp, const char *kw, void *private)
6895{
6896 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
6897 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
6898 SSL_SESSION *ssl_sess;
6899 struct chunk *data;
6900
6901 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6902 return 0;
6903
6904 ssl_sess = SSL_get_session(conn->xprt_ctx);
6905 if (!ssl_sess)
6906 return 0;
6907
6908 data = get_trash_chunk();
6909 data->len = SSL_SESSION_get_master_key(ssl_sess, (unsigned char *)data->str, data->size);
6910 if (!data->len)
6911 return 0;
6912
6913 smp->flags = 0;
6914 smp->data.type = SMP_T_BIN;
6915 smp->data.u.str = *data;
6916
6917 return 1;
6918}
6919#endif
6920
Patrick Hemmer41966772018-04-28 19:15:48 -04006921#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emeric Brunfe68f682012-10-16 14:59:28 +02006922static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02006923smp_fetch_ssl_fc_sni(const struct arg *args, struct sample *smp, const char *kw, void *private)
Willy Tarreau7875d092012-09-10 08:20:03 +02006924{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006925 struct connection *conn;
6926
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01006927 smp->flags = SMP_F_CONST;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02006928 smp->data.type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02006929
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02006930 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02006931 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6932 return 0;
6933
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006934 smp->data.u.str.str = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
6935 if (!smp->data.u.str.str)
Willy Tarreau3e394c92012-09-14 23:56:58 +02006936 return 0;
6937
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02006938 smp->data.u.str.len = strlen(smp->data.u.str.str);
Willy Tarreau7875d092012-09-10 08:20:03 +02006939 return 1;
Willy Tarreau7875d092012-09-10 08:20:03 +02006940}
Patrick Hemmer41966772018-04-28 19:15:48 -04006941#endif
Willy Tarreau7875d092012-09-10 08:20:03 +02006942
David Sc1ad52e2014-04-08 18:48:47 -04006943static int
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006944smp_fetch_ssl_fc_cl_bin(const struct arg *args, struct sample *smp, const char *kw, void *private)
6945{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006946 struct connection *conn;
6947 struct ssl_capture *capture;
6948
6949 conn = objt_conn(smp->sess->origin);
6950 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6951 return 0;
6952
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006953 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006954 if (!capture)
6955 return 0;
6956
6957 smp->flags = SMP_F_CONST;
6958 smp->data.type = SMP_T_BIN;
6959 smp->data.u.str.str = capture->ciphersuite;
6960 smp->data.u.str.len = capture->ciphersuite_len;
6961 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006962}
6963
6964static int
6965smp_fetch_ssl_fc_cl_hex(const struct arg *args, struct sample *smp, const char *kw, void *private)
6966{
6967 struct chunk *data;
6968
6969 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
6970 return 0;
6971
6972 data = get_trash_chunk();
6973 dump_binary(data, smp->data.u.str.str, smp->data.u.str.len);
6974 smp->data.type = SMP_T_BIN;
6975 smp->data.u.str = *data;
6976 return 1;
6977}
6978
6979static int
6980smp_fetch_ssl_fc_cl_xxh64(const struct arg *args, struct sample *smp, const char *kw, void *private)
6981{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006982 struct connection *conn;
6983 struct ssl_capture *capture;
6984
6985 conn = objt_conn(smp->sess->origin);
6986 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
6987 return 0;
6988
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01006989 capture = SSL_get_ex_data(conn->xprt_ctx, ssl_capture_ptr_index);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006990 if (!capture)
6991 return 0;
6992
6993 smp->data.type = SMP_T_SINT;
6994 smp->data.u.sint = capture->xxh64;
6995 return 1;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01006996}
6997
6998static int
6999smp_fetch_ssl_fc_cl_str(const struct arg *args, struct sample *smp, const char *kw, void *private)
7000{
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007001#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && !defined(LIBRESSL_VERSION_NUMBER)
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007002 struct chunk *data;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007003 int i;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007004
7005 if (!smp_fetch_ssl_fc_cl_bin(args, smp, kw, private))
7006 return 0;
7007
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007008 data = get_trash_chunk();
7009 for (i = 0; i + 1 < smp->data.u.str.len; i += 2) {
Emmanuel Hocdetddcde192017-09-01 17:32:08 +02007010 const char *str;
7011 const SSL_CIPHER *cipher;
7012 const unsigned char *bin = (const unsigned char *)smp->data.u.str.str + i;
7013 uint16_t id = (bin[0] << 8) | bin[1];
7014#if defined(OPENSSL_IS_BORINGSSL)
7015 cipher = SSL_get_cipher_by_value(id);
7016#else
7017 struct connection *conn = objt_conn(smp->sess->origin);
7018 cipher = SSL_CIPHER_find(conn->xprt_ctx, bin);
7019#endif
7020 str = SSL_CIPHER_get_name(cipher);
7021 if (!str || strcmp(str, "(NONE)") == 0)
7022 chunk_appendf(data, "%sUNKNOWN(%04x)", i == 0 ? "" : ",", id);
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007023 else
7024 chunk_appendf(data, "%s%s", i == 0 ? "" : ",", str);
7025 }
7026 smp->data.type = SMP_T_STR;
7027 smp->data.u.str = *data;
7028 return 1;
7029#else
7030 return smp_fetch_ssl_fc_cl_xxh64(args, smp, kw, private);
7031#endif
7032}
7033
Patrick Hemmer41966772018-04-28 19:15:48 -04007034#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01007035static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007036smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const char *kw, void *private)
David Sc1ad52e2014-04-08 18:48:47 -04007037{
Emeric Bruneb8def92018-02-19 15:59:48 +01007038 struct connection *conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
7039 smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
David Sc1ad52e2014-04-08 18:48:47 -04007040 int finished_len;
David Sc1ad52e2014-04-08 18:48:47 -04007041 struct chunk *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04007042
7043 smp->flags = 0;
David Sc1ad52e2014-04-08 18:48:47 -04007044 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
7045 return 0;
7046
7047 if (!(conn->flags & CO_FL_CONNECTED)) {
7048 smp->flags |= SMP_F_MAY_CHANGE;
7049 return 0;
7050 }
7051
7052 finished_trash = get_trash_chunk();
7053 if (!SSL_session_reused(conn->xprt_ctx))
7054 finished_len = SSL_get_peer_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
7055 else
7056 finished_len = SSL_get_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
7057
7058 if (!finished_len)
7059 return 0;
7060
Emeric Brunb73a9b02014-04-30 18:49:19 +02007061 finished_trash->len = finished_len;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007062 smp->data.u.str = *finished_trash;
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007063 smp->data.type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04007064
7065 return 1;
David Sc1ad52e2014-04-08 18:48:47 -04007066}
Patrick Hemmer41966772018-04-28 19:15:48 -04007067#endif
David Sc1ad52e2014-04-08 18:48:47 -04007068
Emeric Brun2525b6b2012-10-18 15:59:43 +02007069/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007070static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007071smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007072{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007073 struct connection *conn;
7074
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007075 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007076 if (!conn || conn->xprt != &ssl_sock)
7077 return 0;
7078
7079 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007080 smp->flags = SMP_F_MAY_CHANGE;
7081 return 0;
7082 }
7083
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007084 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007085 smp->data.u.sint = (unsigned long long int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007086 smp->flags = 0;
7087
7088 return 1;
7089}
7090
Emeric Brun2525b6b2012-10-18 15:59:43 +02007091/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02007092static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007093smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007094{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007095 struct connection *conn;
7096
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007097 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007098 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02007099 return 0;
7100
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007101 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007102 smp->flags = SMP_F_MAY_CHANGE;
7103 return 0;
7104 }
7105
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007106 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007107 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007108 smp->flags = 0;
7109
7110 return 1;
7111}
7112
Emeric Brun2525b6b2012-10-18 15:59:43 +02007113/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02007114static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007115smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunf282a812012-09-21 15:27:54 +02007116{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007117 struct connection *conn;
7118
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007119 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007120 if (!conn || conn->xprt != &ssl_sock)
7121 return 0;
7122
7123 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02007124 smp->flags = SMP_F_MAY_CHANGE;
7125 return 0;
7126 }
7127
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007128 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007129 smp->data.u.sint = (long long int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02007130 smp->flags = 0;
7131
7132 return 1;
7133}
7134
Emeric Brun2525b6b2012-10-18 15:59:43 +02007135/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007136static int
Thierry FOURNIER0786d052015-05-11 15:42:45 +02007137smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *kw, void *private)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007138{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007139 struct connection *conn;
7140
Thierry FOURNIER0a9a2b82015-05-11 15:20:49 +02007141 conn = objt_conn(smp->sess->origin);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007142 if (!conn || conn->xprt != &ssl_sock)
7143 return 0;
7144
7145 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007146 smp->flags = SMP_F_MAY_CHANGE;
7147 return 0;
7148 }
7149
Willy Tarreaub363a1f2013-10-01 10:45:07 +02007150 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007151 return 0;
7152
Thierry FOURNIER8c542ca2015-08-19 09:00:18 +02007153 smp->data.type = SMP_T_SINT;
Thierry FOURNIER136f9d32015-08-19 09:07:19 +02007154 smp->data.u.sint = (long long int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02007155 smp->flags = 0;
7156
7157 return 1;
7158}
7159
Emeric Brunfb510ea2012-10-05 12:00:26 +02007160/* parse the "ca-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007161static int ssl_bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007162{
7163 if (!*args[cur_arg + 1]) {
7164 if (err)
7165 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7166 return ERR_ALERT | ERR_FATAL;
7167 }
7168
Willy Tarreauef934602016-12-22 23:12:01 +01007169 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7170 memprintf(&conf->ca_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007171 else
7172 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007173
Emeric Brund94b3fe2012-09-20 18:23:56 +02007174 return 0;
7175}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007176static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7177{
7178 return ssl_bind_parse_ca_file(args, cur_arg, px, &conf->ssl_conf, err);
7179}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007180
Christopher Faulet31af49d2015-06-09 17:29:50 +02007181/* parse the "ca-sign-file" bind keyword */
7182static int bind_parse_ca_sign_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7183{
7184 if (!*args[cur_arg + 1]) {
7185 if (err)
7186 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
7187 return ERR_ALERT | ERR_FATAL;
7188 }
7189
Willy Tarreauef934602016-12-22 23:12:01 +01007190 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7191 memprintf(&conf->ca_sign_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Christopher Faulet31af49d2015-06-09 17:29:50 +02007192 else
7193 memprintf(&conf->ca_sign_file, "%s", args[cur_arg + 1]);
7194
7195 return 0;
7196}
7197
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007198/* parse the "ca-sign-pass" bind keyword */
Christopher Faulet31af49d2015-06-09 17:29:50 +02007199static int bind_parse_ca_sign_pass(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7200{
7201 if (!*args[cur_arg + 1]) {
7202 if (err)
7203 memprintf(err, "'%s' : missing CAkey password", args[cur_arg]);
7204 return ERR_ALERT | ERR_FATAL;
7205 }
7206 memprintf(&conf->ca_sign_pass, "%s", args[cur_arg + 1]);
7207 return 0;
7208}
7209
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007210/* parse the "ciphers" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007211static int ssl_bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007212{
7213 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007214 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007215 return ERR_ALERT | ERR_FATAL;
7216 }
7217
Emeric Brun76d88952012-10-05 15:47:31 +02007218 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02007219 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007220 return 0;
7221}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007222static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7223{
7224 return ssl_bind_parse_ciphers(args, cur_arg, px, &conf->ssl_conf, err);
7225}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007226/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007227static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007228{
Willy Tarreau38011032013-08-13 16:59:39 +02007229 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02007230
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007231 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02007232 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007233 return ERR_ALERT | ERR_FATAL;
7234 }
7235
Willy Tarreauef934602016-12-22 23:12:01 +01007236 if ((*args[cur_arg + 1] != '/' ) && global_ssl.crt_base) {
7237 if ((strlen(global_ssl.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02007238 memprintf(err, "'%s' : path too long", args[cur_arg]);
7239 return ERR_ALERT | ERR_FATAL;
7240 }
Willy Tarreauef934602016-12-22 23:12:01 +01007241 snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, args[cur_arg + 1]);
Willy Tarreau03209342016-12-22 17:08:28 +01007242 if (ssl_sock_load_cert(path, conf, err) > 0)
Emeric Brunc8e8d122012-10-02 18:42:10 +02007243 return ERR_ALERT | ERR_FATAL;
7244
7245 return 0;
7246 }
7247
Willy Tarreau03209342016-12-22 17:08:28 +01007248 if (ssl_sock_load_cert(args[cur_arg + 1], conf, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007249 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007250
7251 return 0;
7252}
7253
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007254/* parse the "crt-list" bind keyword */
7255static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7256{
7257 if (!*args[cur_arg + 1]) {
7258 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
7259 return ERR_ALERT | ERR_FATAL;
7260 }
7261
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007262 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
Willy Tarreauad1731d2013-04-02 17:35:58 +02007263 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007264 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02007265 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01007266
7267 return 0;
7268}
7269
Emeric Brunfb510ea2012-10-05 12:00:26 +02007270/* parse the "crl-file" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007271static int ssl_bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007272{
Emeric Brun051cdab2012-10-02 19:25:50 +02007273#ifndef X509_V_FLAG_CRL_CHECK
7274 if (err)
7275 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
7276 return ERR_ALERT | ERR_FATAL;
7277#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02007278 if (!*args[cur_arg + 1]) {
7279 if (err)
7280 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
7281 return ERR_ALERT | ERR_FATAL;
7282 }
Emeric Brun2b58d042012-09-20 17:10:03 +02007283
Willy Tarreauef934602016-12-22 23:12:01 +01007284 if ((*args[cur_arg + 1] != '/') && global_ssl.ca_base)
7285 memprintf(&conf->crl_file, "%s/%s", global_ssl.ca_base, args[cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007286 else
7287 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02007288
Emeric Brun2b58d042012-09-20 17:10:03 +02007289 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02007290#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02007291}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007292static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7293{
7294 return ssl_bind_parse_crl_file(args, cur_arg, px, &conf->ssl_conf, err);
7295}
Emeric Brun2b58d042012-09-20 17:10:03 +02007296
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01007297/* parse the "curves" bind keyword keyword */
7298static int ssl_bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7299{
7300#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
7301 if (!*args[cur_arg + 1]) {
7302 if (err)
7303 memprintf(err, "'%s' : missing curve suite", args[cur_arg]);
7304 return ERR_ALERT | ERR_FATAL;
7305 }
7306 conf->curves = strdup(args[cur_arg + 1]);
7307 return 0;
7308#else
7309 if (err)
7310 memprintf(err, "'%s' : library does not support curve suite", args[cur_arg]);
7311 return ERR_ALERT | ERR_FATAL;
7312#endif
7313}
7314static int bind_parse_curves(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7315{
7316 return ssl_bind_parse_curves(args, cur_arg, px, &conf->ssl_conf, err);
7317}
7318
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007319/* parse the "ecdhe" bind keyword keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007320static int ssl_bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brun2b58d042012-09-20 17:10:03 +02007321{
7322#if OPENSSL_VERSION_NUMBER < 0x0090800fL
7323 if (err)
7324 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
7325 return ERR_ALERT | ERR_FATAL;
7326#elif defined(OPENSSL_NO_ECDH)
7327 if (err)
7328 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
7329 return ERR_ALERT | ERR_FATAL;
7330#else
7331 if (!*args[cur_arg + 1]) {
7332 if (err)
7333 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
7334 return ERR_ALERT | ERR_FATAL;
7335 }
7336
7337 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007338
7339 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02007340#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007341}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007342static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7343{
7344 return ssl_bind_parse_ecdhe(args, cur_arg, px, &conf->ssl_conf, err);
7345}
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007346
Bertrand Jacquinff13c062016-11-13 16:37:11 +00007347/* parse the "crt-ignore-err" and "ca-ignore-err" bind keywords */
Emeric Brun81c00f02012-09-21 14:31:21 +02007348static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7349{
7350 int code;
7351 char *p = args[cur_arg + 1];
7352 unsigned long long *ignerr = &conf->crt_ignerr;
7353
7354 if (!*p) {
7355 if (err)
7356 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
7357 return ERR_ALERT | ERR_FATAL;
7358 }
7359
7360 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
7361 ignerr = &conf->ca_ignerr;
7362
7363 if (strcmp(p, "all") == 0) {
7364 *ignerr = ~0ULL;
7365 return 0;
7366 }
7367
7368 while (p) {
7369 code = atoi(p);
7370 if ((code <= 0) || (code > 63)) {
7371 if (err)
7372 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
7373 args[cur_arg], code, args[cur_arg + 1]);
7374 return ERR_ALERT | ERR_FATAL;
7375 }
7376 *ignerr |= 1ULL << code;
7377 p = strchr(p, ',');
7378 if (p)
7379 p++;
7380 }
7381
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007382 return 0;
7383}
7384
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007385/* parse tls_method_options "no-xxx" and "force-xxx" */
7386static int parse_tls_method_options(char *arg, struct tls_version_filter *methods, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007387{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007388 uint16_t v;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007389 char *p;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007390 p = strchr(arg, '-');
7391 if (!p)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007392 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007393 p++;
7394 if (!strcmp(p, "sslv3"))
7395 v = CONF_SSLV3;
7396 else if (!strcmp(p, "tlsv10"))
7397 v = CONF_TLSV10;
7398 else if (!strcmp(p, "tlsv11"))
7399 v = CONF_TLSV11;
7400 else if (!strcmp(p, "tlsv12"))
7401 v = CONF_TLSV12;
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02007402 else if (!strcmp(p, "tlsv13"))
7403 v = CONF_TLSV13;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007404 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007405 goto fail;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007406 if (!strncmp(arg, "no-", 3))
7407 methods->flags |= methodVersions[v].flag;
7408 else if (!strncmp(arg, "force-", 6))
7409 methods->min = methods->max = v;
7410 else
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007411 goto fail;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007412 return 0;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007413 fail:
7414 if (err)
7415 memprintf(err, "'%s' : option not implemented", arg);
7416 return ERR_ALERT | ERR_FATAL;
Emeric Brun2d0c4822012-10-02 13:45:20 +02007417}
7418
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007419static int bind_parse_tls_method_options(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007420{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007421 return parse_tls_method_options(args[cur_arg], &conf->ssl_conf.ssl_methods, err);
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007422}
7423
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007424static int srv_parse_tls_method_options(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007425{
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007426 return parse_tls_method_options(args[*cur_arg], &newsrv->ssl_ctx.methods, err);
7427}
7428
7429/* parse tls_method min/max: "ssl-min-ver" and "ssl-max-ver" */
7430static int parse_tls_method_minmax(char **args, int cur_arg, struct tls_version_filter *methods, char **err)
7431{
7432 uint16_t i, v = 0;
7433 char *argv = args[cur_arg + 1];
7434 if (!*argv) {
7435 if (err)
7436 memprintf(err, "'%s' : missing the ssl/tls version", args[cur_arg]);
7437 return ERR_ALERT | ERR_FATAL;
7438 }
7439 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
7440 if (!strcmp(argv, methodVersions[i].name))
7441 v = i;
7442 if (!v) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007443 if (err)
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007444 memprintf(err, "'%s' : unknown ssl/tls version", args[cur_arg + 1]);
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007445 return ERR_ALERT | ERR_FATAL;
7446 }
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007447 if (!strcmp("ssl-min-ver", args[cur_arg]))
7448 methods->min = v;
7449 else if (!strcmp("ssl-max-ver", args[cur_arg]))
7450 methods->max = v;
7451 else {
7452 if (err)
7453 memprintf(err, "'%s' : option not implemented", args[cur_arg]);
7454 return ERR_ALERT | ERR_FATAL;
7455 }
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007456 return 0;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007457}
Emeric Brun2cb7ae52012-10-05 14:14:21 +02007458
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007459static int ssl_bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7460{
Emmanuel Hocdet84e417d2017-08-16 11:33:17 +02007461#if (OPENSSL_VERSION_NUMBER < 0x10101000L) || !defined(OPENSSL_IS_BORINGSSL)
Christopher Faulet767a84b2017-11-24 16:50:31 +01007462 ha_warning("crt-list: ssl-min-ver and ssl-max-ver are not supported with this Openssl version (skipped).\n");
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02007463#endif
7464 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_methods, err);
7465}
7466
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007467static int bind_parse_tls_method_minmax(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7468{
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007469 return parse_tls_method_minmax(args, cur_arg, &conf->ssl_conf.ssl_methods, err);
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02007470}
7471
7472static int srv_parse_tls_method_minmax(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7473{
7474 return parse_tls_method_minmax(args, *cur_arg, &newsrv->ssl_ctx.methods, err);
7475}
7476
Emeric Brun2d0c4822012-10-02 13:45:20 +02007477/* parse the "no-tls-tickets" bind keyword */
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007478static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brun2d0c4822012-10-02 13:45:20 +02007479{
Emeric Brun89675492012-10-05 13:48:26 +02007480 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02007481 return 0;
7482}
Emeric Brun2d0c4822012-10-02 13:45:20 +02007483
Olivier Houchardc2aae742017-09-22 18:26:28 +02007484/* parse the "allow-0rtt" bind keyword */
7485static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7486{
7487 conf->early_data = 1;
7488 return 0;
7489}
7490
7491static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7492{
Olivier Houchard9679ac92017-10-27 14:58:08 +02007493 conf->ssl_conf.early_data = 1;
Olivier Houchardc2aae742017-09-22 18:26:28 +02007494 return 0;
7495}
7496
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007497/* parse the "npn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007498static int ssl_bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007499{
Bernard Spil13c53f82018-02-15 13:34:58 +01007500#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007501 char *p1, *p2;
7502
7503 if (!*args[cur_arg + 1]) {
7504 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
7505 return ERR_ALERT | ERR_FATAL;
7506 }
7507
7508 free(conf->npn_str);
7509
Willy Tarreau3724da12016-02-12 17:11:12 +01007510 /* the NPN string is built as a suite of (<len> <name>)*,
7511 * so we reuse each comma to store the next <len> and need
7512 * one more for the end of the string.
7513 */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007514 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
Willy Tarreau3724da12016-02-12 17:11:12 +01007515 conf->npn_str = calloc(1, conf->npn_len + 1);
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02007516 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
7517
7518 /* replace commas with the name length */
7519 p1 = conf->npn_str;
7520 p2 = p1 + 1;
7521 while (1) {
7522 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
7523 if (!p2)
7524 p2 = p1 + 1 + strlen(p1 + 1);
7525
7526 if (p2 - (p1 + 1) > 255) {
7527 *p2 = '\0';
7528 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7529 return ERR_ALERT | ERR_FATAL;
7530 }
7531
7532 *p1 = p2 - (p1 + 1);
7533 p1 = p2;
7534
7535 if (!*p2)
7536 break;
7537
7538 *(p2++) = '\0';
7539 }
7540 return 0;
7541#else
7542 if (err)
7543 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
7544 return ERR_ALERT | ERR_FATAL;
7545#endif
7546}
7547
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007548static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7549{
7550 return ssl_bind_parse_npn(args, cur_arg, px, &conf->ssl_conf, err);
7551}
7552
Willy Tarreauab861d32013-04-02 02:30:41 +02007553/* parse the "alpn" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007554static int ssl_bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Willy Tarreauab861d32013-04-02 02:30:41 +02007555{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01007556#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02007557 char *p1, *p2;
7558
7559 if (!*args[cur_arg + 1]) {
7560 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
7561 return ERR_ALERT | ERR_FATAL;
7562 }
7563
7564 free(conf->alpn_str);
7565
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007566 /* the ALPN string is built as a suite of (<len> <name>)*,
7567 * so we reuse each comma to store the next <len> and need
7568 * one more for the end of the string.
7569 */
Willy Tarreauab861d32013-04-02 02:30:41 +02007570 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
Marcoen Hirschbergbef60912016-02-12 17:05:24 +01007571 conf->alpn_str = calloc(1, conf->alpn_len + 1);
Willy Tarreauab861d32013-04-02 02:30:41 +02007572 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
7573
7574 /* replace commas with the name length */
7575 p1 = conf->alpn_str;
7576 p2 = p1 + 1;
7577 while (1) {
7578 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
7579 if (!p2)
7580 p2 = p1 + 1 + strlen(p1 + 1);
7581
7582 if (p2 - (p1 + 1) > 255) {
7583 *p2 = '\0';
7584 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
7585 return ERR_ALERT | ERR_FATAL;
7586 }
7587
7588 *p1 = p2 - (p1 + 1);
7589 p1 = p2;
7590
7591 if (!*p2)
7592 break;
7593
7594 *(p2++) = '\0';
7595 }
7596 return 0;
7597#else
7598 if (err)
7599 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
7600 return ERR_ALERT | ERR_FATAL;
7601#endif
7602}
7603
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007604static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7605{
7606 return ssl_bind_parse_alpn(args, cur_arg, px, &conf->ssl_conf, err);
7607}
7608
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007609/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02007610static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007611{
Willy Tarreau71a8c7c2016-12-21 22:04:54 +01007612 conf->xprt = &ssl_sock;
Willy Tarreau4348fad2012-09-20 16:48:07 +02007613 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02007614
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007615 if (global_ssl.listen_default_ciphers && !conf->ssl_conf.ciphers)
7616 conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
Emmanuel Hocdet4608ed92017-01-20 13:06:27 +01007617 conf->ssl_options |= global_ssl.listen_default_ssloptions;
Emmanuel Hocdet43664762017-08-09 18:26:20 +02007618 conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
7619 if (!conf->ssl_conf.ssl_methods.min)
7620 conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
7621 if (!conf->ssl_conf.ssl_methods.max)
7622 conf->ssl_conf.ssl_methods.max = global_ssl.listen_default_sslmethods.max;
Emeric Brun76d88952012-10-05 15:47:31 +02007623
Willy Tarreau79eeafa2012-09-14 07:53:05 +02007624 return 0;
7625}
7626
Lukas Tribus53ae85c2017-05-04 15:45:40 +00007627/* parse the "prefer-client-ciphers" bind keyword */
7628static int bind_parse_pcc(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7629{
7630 conf->ssl_options |= BC_SSL_O_PREF_CLIE_CIPH;
7631 return 0;
7632}
7633
Christopher Faulet31af49d2015-06-09 17:29:50 +02007634/* parse the "generate-certificates" bind keyword */
7635static int bind_parse_generate_certs(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7636{
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01007637#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Christopher Faulet31af49d2015-06-09 17:29:50 +02007638 conf->generate_certs = 1;
7639#else
7640 memprintf(err, "%sthis version of openssl cannot generate SSL certificates.\n",
7641 err && *err ? *err : "");
7642#endif
7643 return 0;
7644}
7645
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007646/* parse the "strict-sni" bind keyword */
7647static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7648{
7649 conf->strict_sni = 1;
7650 return 0;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007651}
7652
7653/* parse the "tls-ticket-keys" bind keyword */
7654static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7655{
7656#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
7657 FILE *f;
7658 int i = 0;
7659 char thisline[LINESIZE];
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007660 struct tls_keys_ref *keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007661
7662 if (!*args[cur_arg + 1]) {
7663 if (err)
7664 memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
7665 return ERR_ALERT | ERR_FATAL;
7666 }
7667
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007668 keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007669 if (keys_ref) {
7670 keys_ref->refcount++;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007671 conf->keys_ref = keys_ref;
7672 return 0;
7673 }
7674
Vincent Bernat02779b62016-04-03 13:48:43 +02007675 keys_ref = malloc(sizeof(*keys_ref));
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007676 keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(struct tls_sess_key));
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007677
7678 if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
7679 if (err)
7680 memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
7681 return ERR_ALERT | ERR_FATAL;
7682 }
7683
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007684 keys_ref->filename = strdup(args[cur_arg + 1]);
7685
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007686 while (fgets(thisline, sizeof(thisline), f) != NULL) {
7687 int len = strlen(thisline);
7688 /* Strip newline characters from the end */
7689 if(thisline[len - 1] == '\n')
7690 thisline[--len] = 0;
7691
7692 if(thisline[len - 1] == '\r')
7693 thisline[--len] = 0;
7694
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007695 if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007696 if (err)
7697 memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
mildis16aa0152016-06-22 17:46:29 +02007698 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007699 return ERR_ALERT | ERR_FATAL;
7700 }
7701 i++;
7702 }
7703
7704 if (i < TLS_TICKETS_NO) {
7705 if (err)
7706 memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
mildis16aa0152016-06-22 17:46:29 +02007707 fclose(f);
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007708 return ERR_ALERT | ERR_FATAL;
7709 }
7710
7711 fclose(f);
7712
7713 /* Use penultimate key for encryption, handle when TLS_TICKETS_NO = 1 */
Nenad Merdanovic17891152016-03-25 22:16:57 +01007714 i -= 2;
7715 keys_ref->tls_ticket_enc_index = i < 0 ? 0 : i % TLS_TICKETS_NO;
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007716 keys_ref->unique_id = -1;
Willy Tarreau17b4aa12018-07-17 10:05:32 +02007717 keys_ref->refcount = 1;
Christopher Faulet16f45c82018-02-16 11:23:49 +01007718 HA_RWLOCK_INIT(&keys_ref->lock);
Nenad Merdanovic146defa2015-05-09 08:46:00 +02007719 conf->keys_ref = keys_ref;
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007720
Nenad Merdanovic200b0fa2015-05-09 08:46:01 +02007721 LIST_ADD(&tlskeys_reference, &keys_ref->list);
7722
Nenad Merdanovic05552d42015-02-27 19:56:49 +01007723 return 0;
7724#else
7725 if (err)
7726 memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);
7727 return ERR_ALERT | ERR_FATAL;
7728#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01007729}
7730
Emeric Brund94b3fe2012-09-20 18:23:56 +02007731/* parse the "verify" bind keyword */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007732static int ssl_bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02007733{
7734 if (!*args[cur_arg + 1]) {
7735 if (err)
7736 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
7737 return ERR_ALERT | ERR_FATAL;
7738 }
7739
7740 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007741 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007742 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007743 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007744 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01007745 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02007746 else {
7747 if (err)
7748 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
7749 args[cur_arg], args[cur_arg + 1]);
7750 return ERR_ALERT | ERR_FATAL;
7751 }
7752
7753 return 0;
7754}
Emmanuel Hocdet98263292016-12-29 18:26:15 +01007755static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7756{
7757 return ssl_bind_parse_verify(args, cur_arg, px, &conf->ssl_conf, err);
7758}
Emeric Brund94b3fe2012-09-20 18:23:56 +02007759
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02007760/* parse the "no-ca-names" bind keyword */
7761static int ssl_bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct ssl_bind_conf *conf, char **err)
7762{
7763 conf->no_ca_names = 1;
7764 return 0;
7765}
7766static int bind_parse_no_ca_names(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
7767{
7768 return ssl_bind_parse_no_ca_names(args, cur_arg, px, &conf->ssl_conf, err);
7769}
7770
Willy Tarreau92faadf2012-10-10 23:04:25 +02007771/************** "server" keywords ****************/
7772
Emeric Brunef42d922012-10-11 16:11:36 +02007773/* parse the "ca-file" server keyword */
7774static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7775{
7776 if (!*args[*cur_arg + 1]) {
7777 if (err)
7778 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
7779 return ERR_ALERT | ERR_FATAL;
7780 }
7781
Willy Tarreauef934602016-12-22 23:12:01 +01007782 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7783 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007784 else
7785 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
7786
7787 return 0;
7788}
7789
Olivier Houchard9130a962017-10-17 17:33:43 +02007790/* parse the "check-sni" server keyword */
7791static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7792{
7793 if (!*args[*cur_arg + 1]) {
7794 if (err)
7795 memprintf(err, "'%s' : missing SNI", args[*cur_arg]);
7796 return ERR_ALERT | ERR_FATAL;
7797 }
7798
7799 newsrv->check.sni = strdup(args[*cur_arg + 1]);
7800 if (!newsrv->check.sni) {
7801 memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]);
7802 return ERR_ALERT | ERR_FATAL;
7803 }
7804 return 0;
7805
7806}
7807
Willy Tarreau92faadf2012-10-10 23:04:25 +02007808/* parse the "check-ssl" server keyword */
7809static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7810{
7811 newsrv->check.use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007812 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7813 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
7814 newsrv->ssl_ctx.options |= global_ssl.connect_default_ssloptions;
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02007815 newsrv->ssl_ctx.methods.flags |= global_ssl.connect_default_sslmethods.flags;
7816 if (!newsrv->ssl_ctx.methods.min)
7817 newsrv->ssl_ctx.methods.min = global_ssl.connect_default_sslmethods.min;
7818 if (!newsrv->ssl_ctx.methods.max)
7819 newsrv->ssl_ctx.methods.max = global_ssl.connect_default_sslmethods.max;
7820
Willy Tarreau92faadf2012-10-10 23:04:25 +02007821 return 0;
7822}
7823
7824/* parse the "ciphers" server keyword */
7825static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7826{
7827 if (!*args[*cur_arg + 1]) {
7828 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
7829 return ERR_ALERT | ERR_FATAL;
7830 }
7831
7832 free(newsrv->ssl_ctx.ciphers);
7833 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
7834 return 0;
7835}
7836
Emeric Brunef42d922012-10-11 16:11:36 +02007837/* parse the "crl-file" server keyword */
7838static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7839{
7840#ifndef X509_V_FLAG_CRL_CHECK
7841 if (err)
7842 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
7843 return ERR_ALERT | ERR_FATAL;
7844#else
7845 if (!*args[*cur_arg + 1]) {
7846 if (err)
7847 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
7848 return ERR_ALERT | ERR_FATAL;
7849 }
7850
Willy Tarreauef934602016-12-22 23:12:01 +01007851 if ((*args[*cur_arg + 1] != '/') && global_ssl.ca_base)
7852 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global_ssl.ca_base, args[*cur_arg + 1]);
Emeric Brunef42d922012-10-11 16:11:36 +02007853 else
7854 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
7855
7856 return 0;
7857#endif
7858}
7859
Emeric Bruna7aa3092012-10-26 12:58:00 +02007860/* parse the "crt" server keyword */
7861static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7862{
7863 if (!*args[*cur_arg + 1]) {
7864 if (err)
7865 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
7866 return ERR_ALERT | ERR_FATAL;
7867 }
7868
Willy Tarreauef934602016-12-22 23:12:01 +01007869 if ((*args[*cur_arg + 1] != '/') && global_ssl.crt_base)
Christopher Fauletff3a41e2017-11-23 09:13:32 +01007870 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global_ssl.crt_base, args[*cur_arg + 1]);
Emeric Bruna7aa3092012-10-26 12:58:00 +02007871 else
7872 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
7873
7874 return 0;
7875}
Emeric Brunef42d922012-10-11 16:11:36 +02007876
Frédéric Lécaille340ae602017-03-13 10:38:04 +01007877/* parse the "no-check-ssl" server keyword */
7878static int srv_parse_no_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7879{
7880 newsrv->check.use_ssl = 0;
7881 free(newsrv->ssl_ctx.ciphers);
7882 newsrv->ssl_ctx.ciphers = NULL;
7883 newsrv->ssl_ctx.options &= ~global_ssl.connect_default_ssloptions;
7884 return 0;
7885}
7886
Frédéric Lécaillee892c4c2017-03-13 12:08:01 +01007887/* parse the "no-send-proxy-v2-ssl" server keyword */
7888static int srv_parse_no_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7889{
7890 newsrv->pp_opts &= ~SRV_PP_V2;
7891 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7892 return 0;
7893}
7894
7895/* parse the "no-send-proxy-v2-ssl-cn" server keyword */
7896static int srv_parse_no_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7897{
7898 newsrv->pp_opts &= ~SRV_PP_V2;
7899 newsrv->pp_opts &= ~SRV_PP_V2_SSL;
7900 newsrv->pp_opts &= ~SRV_PP_V2_SSL_CN;
7901 return 0;
7902}
7903
Frédéric Lécaillee381d762017-03-13 11:54:17 +01007904/* parse the "no-ssl" server keyword */
7905static int srv_parse_no_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7906{
7907 newsrv->use_ssl = 0;
7908 free(newsrv->ssl_ctx.ciphers);
7909 newsrv->ssl_ctx.ciphers = NULL;
7910 return 0;
7911}
7912
Olivier Houchard522eea72017-11-03 16:27:47 +01007913/* parse the "allow-0rtt" server keyword */
7914static int srv_parse_allow_0rtt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7915{
7916 newsrv->ssl_ctx.options |= SRV_SSL_O_EARLY_DATA;
7917 return 0;
7918}
7919
Willy Tarreau2a3fb1c2015-02-05 16:47:07 +01007920/* parse the "no-ssl-reuse" server keyword */
7921static int srv_parse_no_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7922{
7923 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_REUSE;
7924 return 0;
7925}
7926
Emeric Brunf9c5c472012-10-11 15:28:34 +02007927/* parse the "no-tls-tickets" server keyword */
7928static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7929{
7930 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
7931 return 0;
7932}
David Safb76832014-05-08 23:42:08 -04007933/* parse the "send-proxy-v2-ssl" server keyword */
7934static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7935{
7936 newsrv->pp_opts |= SRV_PP_V2;
7937 newsrv->pp_opts |= SRV_PP_V2_SSL;
7938 return 0;
7939}
7940
7941/* parse the "send-proxy-v2-ssl-cn" server keyword */
7942static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7943{
7944 newsrv->pp_opts |= SRV_PP_V2;
7945 newsrv->pp_opts |= SRV_PP_V2_SSL;
7946 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
7947 return 0;
7948}
Emeric Brunf9c5c472012-10-11 15:28:34 +02007949
Willy Tarreau732eac42015-07-09 11:40:25 +02007950/* parse the "sni" server keyword */
7951static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7952{
7953#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
7954 memprintf(err, "'%s' : the current SSL library doesn't support the SNI TLS extension", args[*cur_arg]);
7955 return ERR_ALERT | ERR_FATAL;
7956#else
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007957 char *arg;
Willy Tarreau732eac42015-07-09 11:40:25 +02007958
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007959 arg = args[*cur_arg + 1];
7960 if (!*arg) {
Willy Tarreau732eac42015-07-09 11:40:25 +02007961 memprintf(err, "'%s' : missing sni expression", args[*cur_arg]);
7962 return ERR_ALERT | ERR_FATAL;
7963 }
7964
Frédéric Lécaille9a146de2017-03-20 14:54:41 +01007965 free(newsrv->sni_expr);
7966 newsrv->sni_expr = strdup(arg);
Willy Tarreau732eac42015-07-09 11:40:25 +02007967
Willy Tarreau732eac42015-07-09 11:40:25 +02007968 return 0;
7969#endif
7970}
7971
Willy Tarreau92faadf2012-10-10 23:04:25 +02007972/* parse the "ssl" server keyword */
7973static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7974{
7975 newsrv->use_ssl = 1;
Willy Tarreauef934602016-12-22 23:12:01 +01007976 if (global_ssl.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
7977 newsrv->ssl_ctx.ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau92faadf2012-10-10 23:04:25 +02007978 return 0;
7979}
7980
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007981/* parse the "ssl-reuse" server keyword */
7982static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7983{
7984 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE;
7985 return 0;
7986}
7987
Frédéric Lécaille2cfcdbe2017-03-13 11:32:20 +01007988/* parse the "tls-tickets" server keyword */
7989static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7990{
7991 newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS;
7992 return 0;
7993}
7994
Emeric Brunef42d922012-10-11 16:11:36 +02007995/* parse the "verify" server keyword */
7996static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
7997{
7998 if (!*args[*cur_arg + 1]) {
7999 if (err)
8000 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
8001 return ERR_ALERT | ERR_FATAL;
8002 }
8003
8004 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008005 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02008006 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01008007 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02008008 else {
8009 if (err)
8010 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
8011 args[*cur_arg], args[*cur_arg + 1]);
8012 return ERR_ALERT | ERR_FATAL;
8013 }
8014
Evan Broderbe554312013-06-27 00:05:25 -07008015 return 0;
8016}
8017
8018/* parse the "verifyhost" server keyword */
8019static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
8020{
8021 if (!*args[*cur_arg + 1]) {
8022 if (err)
8023 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
8024 return ERR_ALERT | ERR_FATAL;
8025 }
8026
Frédéric Lécaille273f3212017-03-13 15:52:01 +01008027 free(newsrv->ssl_ctx.verify_host);
Evan Broderbe554312013-06-27 00:05:25 -07008028 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
8029
Emeric Brunef42d922012-10-11 16:11:36 +02008030 return 0;
8031}
8032
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008033/* parse the "ssl-default-bind-options" keyword in global section */
8034static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
8035 struct proxy *defpx, const char *file, int line,
8036 char **err) {
8037 int i = 1;
8038
8039 if (*(args[i]) == 0) {
8040 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8041 return -1;
8042 }
8043 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008044 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008045 global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
Lukas Tribus53ae85c2017-05-04 15:45:40 +00008046 else if (!strcmp(args[i], "prefer-client-ciphers"))
8047 global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008048 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8049 if (!parse_tls_method_minmax(args, i, &global_ssl.listen_default_sslmethods, err))
8050 i++;
8051 else {
8052 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8053 return -1;
8054 }
8055 }
8056 else if (parse_tls_method_options(args[i], &global_ssl.listen_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008057 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8058 return -1;
8059 }
8060 i++;
8061 }
8062 return 0;
8063}
8064
8065/* parse the "ssl-default-server-options" keyword in global section */
8066static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
8067 struct proxy *defpx, const char *file, int line,
8068 char **err) {
8069 int i = 1;
8070
8071 if (*(args[i]) == 0) {
8072 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
8073 return -1;
8074 }
8075 while (*(args[i])) {
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008076 if (!strcmp(args[i], "no-tls-tickets"))
Willy Tarreauef934602016-12-22 23:12:01 +01008077 global_ssl.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008078 else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
8079 if (!parse_tls_method_minmax(args, i, &global_ssl.connect_default_sslmethods, err))
8080 i++;
8081 else {
8082 memprintf(err, "%s on global statement '%s'.", *err, args[0]);
8083 return -1;
8084 }
8085 }
8086 else if (parse_tls_method_options(args[i], &global_ssl.connect_default_sslmethods, err)) {
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008087 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
8088 return -1;
8089 }
8090 i++;
8091 }
8092 return 0;
8093}
8094
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008095/* parse the "ca-base" / "crt-base" keywords in global section.
8096 * Returns <0 on alert, >0 on warning, 0 on success.
8097 */
8098static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct proxy *curpx,
8099 struct proxy *defpx, const char *file, int line,
8100 char **err)
8101{
8102 char **target;
8103
Willy Tarreauef934602016-12-22 23:12:01 +01008104 target = (args[0][1] == 'a') ? &global_ssl.ca_base : &global_ssl.crt_base;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008105
8106 if (too_many_args(1, args, err, NULL))
8107 return -1;
8108
8109 if (*target) {
8110 memprintf(err, "'%s' already specified.", args[0]);
8111 return -1;
8112 }
8113
8114 if (*(args[1]) == 0) {
8115 memprintf(err, "global statement '%s' expects a directory path as an argument.", args[0]);
8116 return -1;
8117 }
8118 *target = strdup(args[1]);
8119 return 0;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008120}
8121
8122/* parse the "ssl-mode-async" keyword in global section.
8123 * Returns <0 on alert, >0 on warning, 0 on success.
8124 */
8125static int ssl_parse_global_ssl_async(char **args, int section_type, struct proxy *curpx,
8126 struct proxy *defpx, const char *file, int line,
8127 char **err)
8128{
Emmanuel Hocdete966e4e2017-10-24 18:11:48 +02008129#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008130 global_ssl.async = 1;
Emeric Brunece0c332017-12-06 13:51:49 +01008131 global.ssl_used_async_engines = nb_engines;
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008132 return 0;
8133#else
8134 memprintf(err, "'%s': openssl library does not support async mode", args[0]);
8135 return -1;
8136#endif
8137}
8138
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008139#ifndef OPENSSL_NO_ENGINE
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008140static int ssl_check_async_engine_count(void) {
8141 int err_code = 0;
8142
Emeric Brun3854e012017-05-17 20:42:48 +02008143 if (global_ssl.async && (openssl_engines_initialized > 32)) {
Christopher Faulet767a84b2017-11-24 16:50:31 +01008144 ha_alert("ssl-mode-async only supports a maximum of 32 engines.\n");
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008145 err_code = ERR_ABORT;
8146 }
8147 return err_code;
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008148}
8149
Grant Zhang872f9c22017-01-21 01:10:18 +00008150/* parse the "ssl-engine" keyword in global section.
8151 * Returns <0 on alert, >0 on warning, 0 on success.
8152 */
8153static int ssl_parse_global_ssl_engine(char **args, int section_type, struct proxy *curpx,
8154 struct proxy *defpx, const char *file, int line,
8155 char **err)
8156{
8157 char *algo;
8158 int ret = -1;
8159
8160 if (*(args[1]) == 0) {
8161 memprintf(err, "global statement '%s' expects a valid engine name as an argument.", args[0]);
8162 return ret;
8163 }
8164
8165 if (*(args[2]) == 0) {
8166 /* if no list of algorithms is given, it defaults to ALL */
8167 algo = strdup("ALL");
8168 goto add_engine;
8169 }
8170
8171 /* otherwise the expected format is ssl-engine <engine_name> algo <list of algo> */
8172 if (strcmp(args[2], "algo") != 0) {
8173 memprintf(err, "global statement '%s' expects to have algo keyword.", args[0]);
8174 return ret;
8175 }
8176
8177 if (*(args[3]) == 0) {
8178 memprintf(err, "global statement '%s' expects algorithm names as an argument.", args[0]);
8179 return ret;
8180 }
8181 algo = strdup(args[3]);
8182
8183add_engine:
8184 if (ssl_init_single_engine(args[1], algo)==0) {
8185 openssl_engines_initialized++;
8186 ret = 0;
8187 }
8188 free(algo);
8189 return ret;
8190}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008191#endif
Grant Zhang872f9c22017-01-21 01:10:18 +00008192
Willy Tarreauf22e9682016-12-21 23:23:19 +01008193/* parse the "ssl-default-bind-ciphers" / "ssl-default-server-ciphers" keywords
8194 * in global section. Returns <0 on alert, >0 on warning, 0 on success.
8195 */
8196static int ssl_parse_global_ciphers(char **args, int section_type, struct proxy *curpx,
8197 struct proxy *defpx, const char *file, int line,
8198 char **err)
8199{
8200 char **target;
8201
Willy Tarreauef934602016-12-22 23:12:01 +01008202 target = (args[0][12] == 'b') ? &global_ssl.listen_default_ciphers : &global_ssl.connect_default_ciphers;
Willy Tarreauf22e9682016-12-21 23:23:19 +01008203
8204 if (too_many_args(1, args, err, NULL))
8205 return -1;
8206
8207 if (*(args[1]) == 0) {
8208 memprintf(err, "global statement '%s' expects a cipher suite as an argument.", args[0]);
8209 return -1;
8210 }
8211
8212 free(*target);
8213 *target = strdup(args[1]);
8214 return 0;
8215}
8216
Willy Tarreau9ceda382016-12-21 23:13:03 +01008217/* parse various global tune.ssl settings consisting in positive integers.
8218 * Returns <0 on alert, >0 on warning, 0 on success.
8219 */
8220static int ssl_parse_global_int(char **args, int section_type, struct proxy *curpx,
8221 struct proxy *defpx, const char *file, int line,
8222 char **err)
8223{
8224 int *target;
8225
8226 if (strcmp(args[0], "tune.ssl.cachesize") == 0)
8227 target = &global.tune.sslcachesize;
8228 else if (strcmp(args[0], "tune.ssl.maxrecord") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008229 target = (int *)&global_ssl.max_record;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008230 else if (strcmp(args[0], "tune.ssl.ssl-ctx-cache-size") == 0)
Willy Tarreauef934602016-12-22 23:12:01 +01008231 target = &global_ssl.ctx_cache;
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008232 else if (strcmp(args[0], "maxsslconn") == 0)
8233 target = &global.maxsslconn;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008234 else if (strcmp(args[0], "tune.ssl.capture-cipherlist-size") == 0)
8235 target = &global_ssl.capture_cipherlist;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008236 else {
8237 memprintf(err, "'%s' keyword not unhandled (please report this bug).", args[0]);
8238 return -1;
8239 }
8240
8241 if (too_many_args(1, args, err, NULL))
8242 return -1;
8243
8244 if (*(args[1]) == 0) {
8245 memprintf(err, "'%s' expects an integer argument.", args[0]);
8246 return -1;
8247 }
8248
8249 *target = atoi(args[1]);
8250 if (*target < 0) {
8251 memprintf(err, "'%s' expects a positive numeric value.", args[0]);
8252 return -1;
8253 }
8254 return 0;
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008255}
8256
8257static int ssl_parse_global_capture_cipherlist(char **args, int section_type, struct proxy *curpx,
8258 struct proxy *defpx, const char *file, int line,
8259 char **err)
8260{
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008261 int ret;
8262
8263 ret = ssl_parse_global_int(args, section_type, curpx, defpx, file, line, err);
8264 if (ret != 0)
8265 return ret;
8266
Willy Tarreaubafbe012017-11-24 17:34:44 +01008267 if (pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008268 memprintf(err, "'%s' is already configured.", args[0]);
8269 return -1;
8270 }
8271
Willy Tarreaubafbe012017-11-24 17:34:44 +01008272 pool_head_ssl_capture = create_pool("ssl-capture", sizeof(struct ssl_capture) + global_ssl.capture_cipherlist, MEM_F_SHARED);
8273 if (!pool_head_ssl_capture) {
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008274 memprintf(err, "Out of memory error.");
8275 return -1;
8276 }
8277 return 0;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008278}
8279
8280/* parse "ssl.force-private-cache".
8281 * Returns <0 on alert, >0 on warning, 0 on success.
8282 */
8283static int ssl_parse_global_private_cache(char **args, int section_type, struct proxy *curpx,
8284 struct proxy *defpx, const char *file, int line,
8285 char **err)
8286{
8287 if (too_many_args(0, args, err, NULL))
8288 return -1;
8289
Willy Tarreauef934602016-12-22 23:12:01 +01008290 global_ssl.private_cache = 1;
Willy Tarreau9ceda382016-12-21 23:13:03 +01008291 return 0;
8292}
8293
8294/* parse "ssl.lifetime".
8295 * Returns <0 on alert, >0 on warning, 0 on success.
8296 */
8297static int ssl_parse_global_lifetime(char **args, int section_type, struct proxy *curpx,
8298 struct proxy *defpx, const char *file, int line,
8299 char **err)
8300{
8301 const char *res;
8302
8303 if (too_many_args(1, args, err, NULL))
8304 return -1;
8305
8306 if (*(args[1]) == 0) {
8307 memprintf(err, "'%s' expects ssl sessions <lifetime> in seconds as argument.", args[0]);
8308 return -1;
8309 }
8310
Willy Tarreauef934602016-12-22 23:12:01 +01008311 res = parse_time_err(args[1], &global_ssl.life_time, TIME_UNIT_S);
Willy Tarreau9ceda382016-12-21 23:13:03 +01008312 if (res) {
8313 memprintf(err, "unexpected character '%c' in argument to <%s>.", *res, args[0]);
8314 return -1;
8315 }
8316 return 0;
8317}
8318
8319#ifndef OPENSSL_NO_DH
Willy Tarreau14e36a12016-12-21 23:28:13 +01008320/* parse "ssl-dh-param-file".
8321 * Returns <0 on alert, >0 on warning, 0 on success.
8322 */
8323static int ssl_parse_global_dh_param_file(char **args, int section_type, struct proxy *curpx,
8324 struct proxy *defpx, const char *file, int line,
8325 char **err)
8326{
8327 if (too_many_args(1, args, err, NULL))
8328 return -1;
8329
8330 if (*(args[1]) == 0) {
8331 memprintf(err, "'%s' expects a file path as an argument.", args[0]);
8332 return -1;
8333 }
8334
8335 if (ssl_sock_load_global_dh_param_from_file(args[1])) {
8336 memprintf(err, "'%s': unable to load DH parameters from file <%s>.", args[0], args[1]);
8337 return -1;
8338 }
8339 return 0;
8340}
8341
Willy Tarreau9ceda382016-12-21 23:13:03 +01008342/* parse "ssl.default-dh-param".
8343 * Returns <0 on alert, >0 on warning, 0 on success.
8344 */
8345static int ssl_parse_global_default_dh(char **args, int section_type, struct proxy *curpx,
8346 struct proxy *defpx, const char *file, int line,
8347 char **err)
8348{
8349 if (too_many_args(1, args, err, NULL))
8350 return -1;
8351
8352 if (*(args[1]) == 0) {
8353 memprintf(err, "'%s' expects an integer argument.", args[0]);
8354 return -1;
8355 }
8356
Willy Tarreauef934602016-12-22 23:12:01 +01008357 global_ssl.default_dh_param = atoi(args[1]);
8358 if (global_ssl.default_dh_param < 1024) {
Willy Tarreau9ceda382016-12-21 23:13:03 +01008359 memprintf(err, "'%s' expects a value >= 1024.", args[0]);
8360 return -1;
8361 }
8362 return 0;
8363}
8364#endif
8365
8366
William Lallemand32af2032016-10-29 18:09:35 +02008367/* This function is used with TLS ticket keys management. It permits to browse
8368 * each reference. The variable <getnext> must contain the current node,
8369 * <end> point to the root node.
8370 */
8371#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8372static inline
8373struct tls_keys_ref *tlskeys_list_get_next(struct tls_keys_ref *getnext, struct list *end)
8374{
8375 struct tls_keys_ref *ref = getnext;
8376
8377 while (1) {
8378
8379 /* Get next list entry. */
8380 ref = LIST_NEXT(&ref->list, struct tls_keys_ref *, list);
8381
8382 /* If the entry is the last of the list, return NULL. */
8383 if (&ref->list == end)
8384 return NULL;
8385
8386 return ref;
8387 }
8388}
8389
8390static inline
8391struct tls_keys_ref *tlskeys_ref_lookup_ref(const char *reference)
8392{
8393 int id;
8394 char *error;
8395
8396 /* If the reference starts by a '#', this is numeric id. */
8397 if (reference[0] == '#') {
8398 /* Try to convert the numeric id. If the conversion fails, the lookup fails. */
8399 id = strtol(reference + 1, &error, 10);
8400 if (*error != '\0')
8401 return NULL;
8402
8403 /* Perform the unique id lookup. */
8404 return tlskeys_ref_lookupid(id);
8405 }
8406
8407 /* Perform the string lookup. */
8408 return tlskeys_ref_lookup(reference);
8409}
8410#endif
8411
8412
8413#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8414
8415static int cli_io_handler_tlskeys_files(struct appctx *appctx);
8416
8417static inline int cli_io_handler_tlskeys_entries(struct appctx *appctx) {
8418 return cli_io_handler_tlskeys_files(appctx);
8419}
8420
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008421/* dumps all tls keys. Relies on cli.i0 (non-null = only list file names), cli.i1
8422 * (next index to be dumped), and cli.p0 (next key reference).
8423 */
William Lallemand32af2032016-10-29 18:09:35 +02008424static int cli_io_handler_tlskeys_files(struct appctx *appctx) {
8425
8426 struct stream_interface *si = appctx->owner;
8427
8428 switch (appctx->st2) {
8429 case STAT_ST_INIT:
8430 /* Display the column headers. If the message cannot be sent,
8431 * quit the fucntion with returning 0. The function is called
8432 * later and restart at the state "STAT_ST_INIT".
8433 */
8434 chunk_reset(&trash);
8435
8436 if (appctx->io_handler == cli_io_handler_tlskeys_entries)
8437 chunk_appendf(&trash, "# id secret\n");
8438 else
8439 chunk_appendf(&trash, "# id (file)\n");
8440
Willy Tarreau06d80a92017-10-19 14:32:15 +02008441 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008442 si_applet_cant_put(si);
8443 return 0;
8444 }
8445
William Lallemand32af2032016-10-29 18:09:35 +02008446 /* Now, we start the browsing of the references lists.
8447 * Note that the following call to LIST_ELEM return bad pointer. The only
8448 * available field of this pointer is <list>. It is used with the function
8449 * tlskeys_list_get_next() for retruning the first available entry
8450 */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008451 if (appctx->ctx.cli.p0 == NULL) {
8452 appctx->ctx.cli.p0 = LIST_ELEM(&tlskeys_reference, struct tls_keys_ref *, list);
8453 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008454 }
8455
8456 appctx->st2 = STAT_ST_LIST;
8457 /* fall through */
8458
8459 case STAT_ST_LIST:
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008460 while (appctx->ctx.cli.p0) {
8461 struct tls_keys_ref *ref = appctx->ctx.cli.p0;
William Lallemand32af2032016-10-29 18:09:35 +02008462
8463 chunk_reset(&trash);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008464 if (appctx->io_handler == cli_io_handler_tlskeys_entries && appctx->ctx.cli.i1 == 0)
William Lallemand32af2032016-10-29 18:09:35 +02008465 chunk_appendf(&trash, "# ");
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008466
8467 if (appctx->ctx.cli.i1 == 0)
8468 chunk_appendf(&trash, "%d (%s)\n", ref->unique_id, ref->filename);
8469
William Lallemand32af2032016-10-29 18:09:35 +02008470 if (appctx->io_handler == cli_io_handler_tlskeys_entries) {
Christopher Faulet16f45c82018-02-16 11:23:49 +01008471 int head;
8472
8473 HA_RWLOCK_RDLOCK(TLSKEYS_REF_LOCK, &ref->lock);
8474 head = ref->tls_ticket_enc_index;
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008475 while (appctx->ctx.cli.i1 < TLS_TICKETS_NO) {
William Lallemand32af2032016-10-29 18:09:35 +02008476 struct chunk *t2 = get_trash_chunk();
8477
8478 chunk_reset(t2);
8479 /* should never fail here because we dump only a key in the t2 buffer */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008480 t2->len = a2base64((char *)(ref->tlskeys + (head + 2 + appctx->ctx.cli.i1) % TLS_TICKETS_NO),
William Lallemand32af2032016-10-29 18:09:35 +02008481 sizeof(struct tls_sess_key), t2->str, t2->size);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008482 chunk_appendf(&trash, "%d.%d %s\n", ref->unique_id, appctx->ctx.cli.i1, t2->str);
William Lallemand32af2032016-10-29 18:09:35 +02008483
Willy Tarreau06d80a92017-10-19 14:32:15 +02008484 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008485 /* let's try again later from this stream. We add ourselves into
8486 * this stream's users so that it can remove us upon termination.
8487 */
Christopher Faulet16f45c82018-02-16 11:23:49 +01008488 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
William Lallemand32af2032016-10-29 18:09:35 +02008489 si_applet_cant_put(si);
8490 return 0;
8491 }
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008492 appctx->ctx.cli.i1++;
William Lallemand32af2032016-10-29 18:09:35 +02008493 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008494 HA_RWLOCK_RDUNLOCK(TLSKEYS_REF_LOCK, &ref->lock);
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008495 appctx->ctx.cli.i1 = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008496 }
Willy Tarreau06d80a92017-10-19 14:32:15 +02008497 if (ci_putchk(si_ic(si), &trash) == -1) {
William Lallemand32af2032016-10-29 18:09:35 +02008498 /* let's try again later from this stream. We add ourselves into
8499 * this stream's users so that it can remove us upon termination.
8500 */
8501 si_applet_cant_put(si);
8502 return 0;
8503 }
8504
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008505 if (appctx->ctx.cli.i0 == 0) /* don't display everything if not necessary */
William Lallemand32af2032016-10-29 18:09:35 +02008506 break;
8507
8508 /* get next list entry and check the end of the list */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008509 appctx->ctx.cli.p0 = tlskeys_list_get_next(appctx->ctx.cli.p0, &tlskeys_reference);
William Lallemand32af2032016-10-29 18:09:35 +02008510 }
8511
8512 appctx->st2 = STAT_ST_FIN;
8513 /* fall through */
8514
8515 default:
8516 appctx->st2 = STAT_ST_FIN;
8517 return 1;
8518 }
8519 return 0;
8520}
8521
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008522/* sets cli.i0 to non-zero if only file lists should be dumped */
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008523static int cli_parse_show_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008524{
William Lallemand32af2032016-10-29 18:09:35 +02008525 /* no parameter, shows only file list */
8526 if (!*args[2]) {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008527 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008528 appctx->io_handler = cli_io_handler_tlskeys_files;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008529 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008530 }
8531
8532 if (args[2][0] == '*') {
8533 /* list every TLS ticket keys */
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008534 appctx->ctx.cli.i0 = 1;
William Lallemand32af2032016-10-29 18:09:35 +02008535 } else {
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008536 appctx->ctx.cli.p0 = tlskeys_ref_lookup_ref(args[2]);
8537 if (!appctx->ctx.cli.p0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008538 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008539 appctx->ctx.cli.msg = "'show tls-keys' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008540 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008541 return 1;
8542 }
8543 }
William Lallemand32af2032016-10-29 18:09:35 +02008544 appctx->io_handler = cli_io_handler_tlskeys_entries;
Willy Tarreau3067bfa2016-12-05 14:50:15 +01008545 return 0;
William Lallemand32af2032016-10-29 18:09:35 +02008546}
8547
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008548static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008549{
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008550 struct tls_keys_ref *ref;
8551
William Lallemand32af2032016-10-29 18:09:35 +02008552 /* Expect two parameters: the filename and the new new TLS key in encoding */
8553 if (!*args[3] || !*args[4]) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008554 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008555 appctx->ctx.cli.msg = "'set ssl tls-key' expects a filename and the new TLS key in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008556 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008557 return 1;
8558 }
8559
Willy Tarreauf5f26e82016-12-16 18:47:27 +01008560 ref = tlskeys_ref_lookup_ref(args[3]);
8561 if (!ref) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008562 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008563 appctx->ctx.cli.msg = "'set ssl tls-key' unable to locate referenced filename\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008564 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008565 return 1;
8566 }
8567
8568 trash.len = base64dec(args[4], strlen(args[4]), trash.str, trash.size);
8569 if (trash.len != sizeof(struct tls_sess_key)) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008570 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008571 appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008572 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008573 return 1;
8574 }
Christopher Faulet16f45c82018-02-16 11:23:49 +01008575 ssl_sock_update_tlskey_ref(ref, &trash);
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008576 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008577 appctx->ctx.cli.msg = "TLS ticket key updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008578 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008579 return 1;
8580
8581}
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008582#endif
William Lallemand32af2032016-10-29 18:09:35 +02008583
Aurélien Nephtaliabbf6072018-04-18 13:26:46 +02008584static int cli_parse_set_ocspresponse(char **args, char *payload, struct appctx *appctx, void *private)
William Lallemand32af2032016-10-29 18:09:35 +02008585{
8586#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
8587 char *err = NULL;
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008588 int i, j;
8589
8590 if (!payload)
8591 payload = args[3];
William Lallemand32af2032016-10-29 18:09:35 +02008592
8593 /* Expect one parameter: the new response in base64 encoding */
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008594 if (!*payload) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008595 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008596 appctx->ctx.cli.msg = "'set ssl ocsp-response' expects response in base64 encoding.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008597 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008598 return 1;
8599 }
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008600
8601 /* remove \r and \n from the payload */
8602 for (i = 0, j = 0; payload[i]; i++) {
8603 if (payload[i] == '\r' || payload[i] == '\n')
8604 continue;
8605 payload[j++] = payload[i];
8606 }
8607 payload[j] = 0;
William Lallemand32af2032016-10-29 18:09:35 +02008608
Aurélien Nephtali1e0867c2018-04-18 14:04:58 +02008609 trash.len = base64dec(payload, j, trash.str, trash.size);
William Lallemand32af2032016-10-29 18:09:35 +02008610 if (trash.len < 0) {
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008611 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008612 appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008613 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008614 return 1;
8615 }
8616
8617 if (ssl_sock_update_ocsp_response(&trash, &err)) {
8618 if (err) {
8619 memprintf(&err, "%s.\n", err);
8620 appctx->ctx.cli.err = err;
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008621 appctx->st0 = CLI_ST_PRINT_FREE;
William Lallemand32af2032016-10-29 18:09:35 +02008622 }
Aurélien Nephtali9a4da682018-04-16 19:02:42 +02008623 else {
8624 appctx->ctx.cli.severity = LOG_ERR;
8625 appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
8626 appctx->st0 = CLI_ST_PRINT;
8627 }
William Lallemand32af2032016-10-29 18:09:35 +02008628 return 1;
8629 }
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008630 appctx->ctx.cli.severity = LOG_INFO;
Aurélien Nephtali6e8a41d2018-03-15 21:48:50 +01008631 appctx->ctx.cli.msg = "OCSP Response updated!\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008632 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008633 return 1;
8634#else
Andjelko Iharosc3680ec2017-07-20 16:49:14 +02008635 appctx->ctx.cli.severity = LOG_ERR;
William Lallemand32af2032016-10-29 18:09:35 +02008636 appctx->ctx.cli.msg = "HAProxy was compiled against a version of OpenSSL that doesn't support OCSP stapling.\n";
Willy Tarreau3b6e5472016-11-24 15:53:53 +01008637 appctx->st0 = CLI_ST_PRINT;
William Lallemand32af2032016-10-29 18:09:35 +02008638 return 1;
8639#endif
8640
8641}
8642
8643/* register cli keywords */
8644static struct cli_kw_list cli_kws = {{ },{
8645#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8646 { { "show", "tls-keys", NULL }, "show tls-keys [id|*]: show tls keys references or dump tls ticket keys when id specified", cli_parse_show_tlskeys, NULL },
Lukas Tribusf4bbc432017-10-24 12:26:31 +02008647 { { "set", "ssl", "tls-key", NULL }, "set ssl tls-key [id|keyfile] <tlskey>: set the next TLS key for the <id> or <keyfile> listener to <tlskey>", cli_parse_set_tlskeys, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008648#endif
Emmanuel Hocdetfdec7892017-01-13 17:48:18 +01008649 { { "set", "ssl", "ocsp-response", NULL }, NULL, cli_parse_set_ocspresponse, NULL },
William Lallemand32af2032016-10-29 18:09:35 +02008650 { { NULL }, NULL, NULL, NULL }
8651}};
8652
8653
Willy Tarreau7875d092012-09-10 08:20:03 +02008654/* Note: must not be declared <const> as its list will be overwritten.
8655 * Please take care of keeping this list alphabetically sorted.
8656 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008657static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02008658 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008659 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008660 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brun74f7ffa2018-02-19 16:14:12 +01008661 { "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02008662 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02008663 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008664 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008665#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02008666 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Patrick Hemmer41966772018-04-28 19:15:48 -04008667#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008668#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8669 { "ssl_bc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
8670#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008671 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8672 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008673 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008674 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008675 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8676 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8677 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8678 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8679 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8680 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8681 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8682 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008683 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008684 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
8685 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01008686 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02008687 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8688 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8689 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8690 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8691 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8692 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
8693 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02008694 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008695 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008696 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008697 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008698 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008699 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008700 { "ssl_fc_has_early", smp_fetch_ssl_fc_has_early, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01008701 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Nenad Merdanovic26ea8222015-05-18 02:28:57 +02008702 { "ssl_fc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Bernard Spil13c53f82018-02-15 13:34:58 +01008703#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008704 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02008705#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01008706#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008707 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02008708#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008709 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008710#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brunb73a9b02014-04-30 18:49:19 +02008711 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008712#endif
Thierry FOURNIER07ee64e2015-07-06 23:43:03 +02008713 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008714#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008715 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008716#endif
Patrick Hemmere0275472018-04-28 19:15:51 -04008717#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_IS_BORINGSSL)
8718 { "ssl_fc_session_key", smp_fetch_ssl_fc_session_key, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8719#endif
Patrick Hemmer41966772018-04-28 19:15:48 -04008720#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01008721 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Patrick Hemmer41966772018-04-28 19:15:48 -04008722#endif
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008723 { "ssl_fc_cipherlist_bin", smp_fetch_ssl_fc_cl_bin, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8724 { "ssl_fc_cipherlist_hex", smp_fetch_ssl_fc_cl_hex, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
8725 { "ssl_fc_cipherlist_str", smp_fetch_ssl_fc_cl_str, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
8726 { "ssl_fc_cipherlist_xxh", smp_fetch_ssl_fc_cl_xxh64, 0, NULL, SMP_T_SINT, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02008727 { NULL, NULL, 0, 0, 0 },
8728}};
8729
8730/* Note: must not be declared <const> as its list will be overwritten.
8731 * Please take care of keeping this list alphabetically sorted.
8732 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02008733static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01008734 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
8735 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01008736 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02008737}};
8738
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008739/* Note: must not be declared <const> as its list will be overwritten.
8740 * Please take care of keeping this list alphabetically sorted, doing so helps
8741 * all code contributors.
8742 * Optional keywords are also declared with a NULL ->parse() function so that
8743 * the config parser can report an appropriate error when a known keyword was
8744 * not enabled.
8745 */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008746static struct ssl_bind_kw ssl_bind_kws[] = {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008747 { "allow-0rtt", ssl_bind_parse_allow_0rtt, 0 }, /* allow 0-RTT */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008748 { "alpn", ssl_bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8749 { "ca-file", ssl_bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8750 { "ciphers", ssl_bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8751 { "crl-file", ssl_bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emmanuel Hocdete7f2b732017-01-09 16:15:54 +01008752 { "curves", ssl_bind_parse_curves, 1 }, /* set SSL curve suite */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008753 { "ecdhe", ssl_bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008754 { "no-ca-names", ssl_bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008755 { "npn", ssl_bind_parse_npn, 1 }, /* set NPN supported protocols */
Emmanuel Hocdetdf701a22017-05-18 12:46:50 +02008756 { "ssl-min-ver", ssl_bind_parse_tls_method_minmax,1 }, /* minimum version */
8757 { "ssl-max-ver", ssl_bind_parse_tls_method_minmax,1 }, /* maximum version */
Emmanuel Hocdet98263292016-12-29 18:26:15 +01008758 { "verify", ssl_bind_parse_verify, 1 }, /* set SSL verify method */
8759 { NULL, NULL, 0 },
8760};
8761
Willy Tarreau51fb7652012-09-18 18:24:39 +02008762static struct bind_kw_list bind_kws = { "SSL", { }, {
Olivier Houchardc2aae742017-09-22 18:26:28 +02008763 { "allow-0rtt", bind_parse_allow_0rtt, 0 }, /* Allow 0RTT */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008764 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
8765 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
8766 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
8767 { "ca-sign-file", bind_parse_ca_sign_file, 1 }, /* set CAFile used to generate and sign server certs */
8768 { "ca-sign-pass", bind_parse_ca_sign_pass, 1 }, /* set CAKey passphrase */
8769 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
8770 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
8771 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
8772 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
8773 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
8774 { "curves", bind_parse_curves, 1 }, /* set SSL curve suite */
8775 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
8776 { "force-sslv3", bind_parse_tls_method_options, 0 }, /* force SSLv3 */
8777 { "force-tlsv10", bind_parse_tls_method_options, 0 }, /* force TLSv10 */
8778 { "force-tlsv11", bind_parse_tls_method_options, 0 }, /* force TLSv11 */
8779 { "force-tlsv12", bind_parse_tls_method_options, 0 }, /* force TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008780 { "force-tlsv13", bind_parse_tls_method_options, 0 }, /* force TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008781 { "generate-certificates", bind_parse_generate_certs, 0 }, /* enable the server certificates generation */
Emmanuel Hocdet174dfe52017-07-28 15:01:05 +02008782 { "no-ca-names", bind_parse_no_ca_names, 0 }, /* do not send ca names to clients (ca_file related) */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008783 { "no-sslv3", bind_parse_tls_method_options, 0 }, /* disable SSLv3 */
8784 { "no-tlsv10", bind_parse_tls_method_options, 0 }, /* disable TLSv10 */
8785 { "no-tlsv11", bind_parse_tls_method_options, 0 }, /* disable TLSv11 */
8786 { "no-tlsv12", bind_parse_tls_method_options, 0 }, /* disable TLSv12 */
Emmanuel Hocdet42fb9802017-03-30 19:29:39 +02008787 { "no-tlsv13", bind_parse_tls_method_options, 0 }, /* disable TLSv13 */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008788 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
8789 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008790 { "ssl-min-ver", bind_parse_tls_method_minmax, 1 }, /* minimum version */
8791 { "ssl-max-ver", bind_parse_tls_method_minmax, 1 }, /* maximum version */
Emmanuel Hocdet5db33cb2017-03-30 19:19:37 +02008792 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
8793 { "tls-ticket-keys", bind_parse_tls_ticket_keys, 1 }, /* set file to load TLS ticket keys from */
8794 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
8795 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
8796 { "prefer-client-ciphers", bind_parse_pcc, 0 }, /* prefer client ciphers */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008797 { NULL, NULL, 0 },
8798}};
Emeric Brun46591952012-05-18 15:47:34 +02008799
Willy Tarreau92faadf2012-10-10 23:04:25 +02008800/* Note: must not be declared <const> as its list will be overwritten.
8801 * Please take care of keeping this list alphabetically sorted, doing so helps
8802 * all code contributors.
8803 * Optional keywords are also declared with a NULL ->parse() function so that
8804 * the config parser can report an appropriate error when a known keyword was
8805 * not enabled.
8806 */
8807static struct srv_kw_list srv_kws = { "SSL", { }, {
Olivier Houchard522eea72017-11-03 16:27:47 +01008808 { "allow-0rtt", srv_parse_allow_0rtt, 0, 1 }, /* Allow using early data on this server */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008809 { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
Olivier Houchard9130a962017-10-17 17:33:43 +02008810 { "check-sni", srv_parse_check_sni, 1, 1 }, /* set SNI */
Emmanuel Hocdete1c722b2017-03-31 15:02:54 +02008811 { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
8812 { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
8813 { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
8814 { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
8815 { "force-sslv3", srv_parse_tls_method_options, 0, 1 }, /* force SSLv3 */
8816 { "force-tlsv10", srv_parse_tls_method_options, 0, 1 }, /* force TLSv10 */
8817 { "force-tlsv11", srv_parse_tls_method_options, 0, 1 }, /* force TLSv11 */
8818 { "force-tlsv12", srv_parse_tls_method_options, 0, 1 }, /* force TLSv12 */
8819 { "force-tlsv13", srv_parse_tls_method_options, 0, 1 }, /* force TLSv13 */
8820 { "no-check-ssl", srv_parse_no_check_ssl, 0, 1 }, /* disable SSL for health checks */
8821 { "no-send-proxy-v2-ssl", srv_parse_no_send_proxy_ssl, 0, 1 }, /* do not send PROXY protocol header v2 with SSL info */
8822 { "no-send-proxy-v2-ssl-cn", srv_parse_no_send_proxy_cn, 0, 1 }, /* do not send PROXY protocol header v2 with CN */
8823 { "no-ssl", srv_parse_no_ssl, 0, 1 }, /* disable SSL processing */
8824 { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */
8825 { "no-sslv3", srv_parse_tls_method_options, 0, 0 }, /* disable SSLv3 */
8826 { "no-tlsv10", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv10 */
8827 { "no-tlsv11", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv11 */
8828 { "no-tlsv12", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv12 */
8829 { "no-tlsv13", srv_parse_tls_method_options, 0, 0 }, /* disable TLSv13 */
8830 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */
8831 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 1 }, /* send PROXY protocol header v2 with SSL info */
8832 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 1 }, /* send PROXY protocol header v2 with CN */
8833 { "sni", srv_parse_sni, 1, 1 }, /* send SNI extension */
8834 { "ssl", srv_parse_ssl, 0, 1 }, /* enable SSL processing */
8835 { "ssl-min-ver", srv_parse_tls_method_minmax, 1, 1 }, /* minimum version */
8836 { "ssl-max-ver", srv_parse_tls_method_minmax, 1, 1 }, /* maximum version */
8837 { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */
8838 { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */
8839 { "verify", srv_parse_verify, 1, 1 }, /* set SSL verify method */
8840 { "verifyhost", srv_parse_verifyhost, 1, 1 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02008841 { NULL, NULL, 0, 0 },
8842}};
8843
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008844static struct cfg_kw_list cfg_kws = {ILH, {
Willy Tarreau8c3b0fd2016-12-21 22:44:46 +01008845 { CFG_GLOBAL, "ca-base", ssl_parse_global_ca_crt_base },
8846 { CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
Willy Tarreau0bea58d2016-12-21 23:17:25 +01008847 { CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008848 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
8849 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
Willy Tarreau14e36a12016-12-21 23:28:13 +01008850#ifndef OPENSSL_NO_DH
8851 { CFG_GLOBAL, "ssl-dh-param-file", ssl_parse_global_dh_param_file },
8852#endif
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008853 { CFG_GLOBAL, "ssl-mode-async", ssl_parse_global_ssl_async },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008854#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008855 { CFG_GLOBAL, "ssl-engine", ssl_parse_global_ssl_engine },
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008856#endif
Willy Tarreau9ceda382016-12-21 23:13:03 +01008857 { CFG_GLOBAL, "tune.ssl.cachesize", ssl_parse_global_int },
8858#ifndef OPENSSL_NO_DH
8859 { CFG_GLOBAL, "tune.ssl.default-dh-param", ssl_parse_global_default_dh },
8860#endif
8861 { CFG_GLOBAL, "tune.ssl.force-private-cache", ssl_parse_global_private_cache },
8862 { CFG_GLOBAL, "tune.ssl.lifetime", ssl_parse_global_lifetime },
8863 { CFG_GLOBAL, "tune.ssl.maxrecord", ssl_parse_global_int },
8864 { CFG_GLOBAL, "tune.ssl.ssl-ctx-cache-size", ssl_parse_global_int },
Thierry FOURNIER5bf77322017-02-25 12:45:22 +01008865 { CFG_GLOBAL, "tune.ssl.capture-cipherlist-size", ssl_parse_global_capture_cipherlist },
Willy Tarreauf22e9682016-12-21 23:23:19 +01008866 { CFG_GLOBAL, "ssl-default-bind-ciphers", ssl_parse_global_ciphers },
8867 { CFG_GLOBAL, "ssl-default-server-ciphers", ssl_parse_global_ciphers },
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008868 { 0, NULL, NULL },
8869}};
8870
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02008871/* transport-layer operations for SSL sockets */
Willy Tarreaud9f5cca2016-12-22 21:08:52 +01008872static struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02008873 .snd_buf = ssl_sock_from_buf,
8874 .rcv_buf = ssl_sock_to_buf,
8875 .rcv_pipe = NULL,
8876 .snd_pipe = NULL,
8877 .shutr = NULL,
8878 .shutw = ssl_sock_shutw,
8879 .close = ssl_sock_close,
8880 .init = ssl_sock_init,
Willy Tarreau55d37912016-12-21 23:38:39 +01008881 .prepare_bind_conf = ssl_sock_prepare_bind_conf,
Willy Tarreau795cdab2016-12-22 17:30:54 +01008882 .destroy_bind_conf = ssl_sock_destroy_bind_conf,
Willy Tarreau17d45382016-12-22 21:16:08 +01008883 .prepare_srv = ssl_sock_prepare_srv_ctx,
8884 .destroy_srv = ssl_sock_free_srv_ctx,
Willy Tarreau8743f7e2016-12-04 18:44:29 +01008885 .get_alpn = ssl_sock_get_alpn,
Willy Tarreau8e0bb0a2016-11-24 16:58:12 +01008886 .name = "SSL",
Emeric Brun46591952012-05-18 15:47:34 +02008887};
8888
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008889enum act_return ssl_action_wait_for_hs(struct act_rule *rule, struct proxy *px,
8890 struct session *sess, struct stream *s, int flags)
8891{
8892 struct connection *conn;
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008893 struct conn_stream *cs;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008894
8895 conn = objt_conn(sess->origin);
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008896 cs = objt_cs(s->si[0].end);
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008897
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008898 if (conn && cs) {
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008899 if (conn->flags & (CO_FL_EARLY_SSL_HS | CO_FL_SSL_WAIT_HS)) {
Olivier Houchard6fa63d92017-11-27 18:41:32 +01008900 cs->flags |= CS_FL_WAIT_FOR_HS;
Olivier Houchardccaa7de2017-10-02 11:51:03 +02008901 s->req.flags |= CF_READ_NULL;
8902 return ACT_RET_YIELD;
8903 }
8904 }
8905 return (ACT_RET_CONT);
8906}
8907
8908static enum act_parse_ret ssl_parse_wait_for_hs(const char **args, int *orig_arg, struct proxy *px, struct act_rule *rule, char **err)
8909{
8910 rule->action_ptr = ssl_action_wait_for_hs;
8911
8912 return ACT_RET_PRS_OK;
8913}
8914
8915static struct action_kw_list http_req_actions = {ILH, {
8916 { "wait-for-handshake", ssl_parse_wait_for_hs },
8917 { /* END */ }
8918}};
8919
Daniel Jakots54ffb912015-11-06 20:02:41 +01008920#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008921
8922static void ssl_sock_sctl_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8923{
8924 if (ptr) {
8925 chunk_destroy(ptr);
8926 free(ptr);
8927 }
8928}
8929
8930#endif
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008931static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
8932{
Willy Tarreaubafbe012017-11-24 17:34:44 +01008933 pool_free(pool_head_ssl_capture, ptr);
Emmanuel Hocdetaaee7502017-03-07 18:34:58 +01008934}
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008935
Emeric Brun46591952012-05-18 15:47:34 +02008936__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02008937static void __ssl_sock_init(void)
8938{
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008939 char *ptr;
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02008940 int i;
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008941
Emeric Brun46591952012-05-18 15:47:34 +02008942 STACK_OF(SSL_COMP)* cm;
8943
Willy Tarreauef934602016-12-22 23:12:01 +01008944 if (global_ssl.listen_default_ciphers)
8945 global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
8946 if (global_ssl.connect_default_ciphers)
8947 global_ssl.connect_default_ciphers = strdup(global_ssl.connect_default_ciphers);
Willy Tarreau610f04b2014-02-13 11:36:41 +01008948
Willy Tarreau13e14102016-12-22 20:25:26 +01008949 xprt_register(XPRT_SSL, &ssl_sock);
Emeric Brun46591952012-05-18 15:47:34 +02008950 SSL_library_init();
8951 cm = SSL_COMP_get_compression_methods();
8952 sk_SSL_COMP_zero(cm);
Emeric Brun821bb9b2017-06-15 16:37:39 +02008953#ifdef USE_THREAD
8954 ssl_locking_init();
8955#endif
Daniel Jakots54ffb912015-11-06 20:02:41 +01008956#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
Janusz Dziemidowicz2c701b52015-03-07 23:03:59 +01008957 sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func);
8958#endif
Thierry FOURNIER28962c92018-06-17 21:37:05 +02008959 ssl_app_data_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Thierry FOURNIER16ff0502018-06-17 21:33:01 +02008960 ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func);
Emmanuel Hocdet96b78342017-10-31 15:46:07 +01008961 ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Willy Tarreau7875d092012-09-10 08:20:03 +02008962 sample_register_fetches(&sample_fetch_keywords);
8963 acl_register_keywords(&acl_kws);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02008964 bind_register_keywords(&bind_kws);
Willy Tarreau92faadf2012-10-10 23:04:25 +02008965 srv_register_keywords(&srv_kws);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01008966 cfg_register_keywords(&cfg_kws);
William Lallemand32af2032016-10-29 18:09:35 +02008967 cli_register_kw(&cli_kws);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008968#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00008969 ENGINE_load_builtin_engines();
Grant Zhangfa6c7ee2017-01-14 01:42:15 +00008970 hap_register_post_check(ssl_check_async_engine_count);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02008971#endif
Willy Tarreaud1c57502016-12-22 22:46:15 +01008972#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
8973 hap_register_post_check(tlskeys_finalize_config);
8974#endif
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01008975
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008976 ptr = NULL;
8977 memprintf(&ptr, "Built with OpenSSL version : "
8978#ifdef OPENSSL_IS_BORINGSSL
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01008979 "BoringSSL");
Willy Tarreauc2c0b612016-12-21 19:23:20 +01008980#else /* OPENSSL_IS_BORINGSSL */
8981 OPENSSL_VERSION_TEXT
8982 "\nRunning on OpenSSL version : %s%s",
8983 SSLeay_version(SSLEAY_VERSION),
8984 ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
8985#endif
8986 memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
8987#if OPENSSL_VERSION_NUMBER < 0x00907000L
8988 "no (library version too old)"
8989#elif defined(OPENSSL_NO_TLSEXT)
8990 "no (disabled via OPENSSL_NO_TLSEXT)"
8991#else
8992 "yes"
8993#endif
8994 "", ptr);
8995
8996 memprintf(&ptr, "%s\nOpenSSL library supports SNI : "
8997#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
8998 "yes"
8999#else
9000#ifdef OPENSSL_NO_TLSEXT
9001 "no (because of OPENSSL_NO_TLSEXT)"
9002#else
9003 "no (version might be too old, 0.9.8f min needed)"
9004#endif
9005#endif
9006 "", ptr);
9007
Emmanuel Hocdetf80bc242017-07-12 14:25:38 +02009008 memprintf(&ptr, "%s\nOpenSSL library supports :", ptr);
9009 for (i = CONF_TLSV_MIN; i <= CONF_TLSV_MAX; i++)
9010 if (methodVersions[i].option)
9011 memprintf(&ptr, "%s %s", ptr, methodVersions[i].name);
Emmanuel Hocdet50e25e12017-03-24 15:20:03 +01009012
Willy Tarreauc2c0b612016-12-21 19:23:20 +01009013 hap_register_build_opts(ptr, 1);
9014
Willy Tarreaud92aa5c2015-01-15 21:34:39 +01009015 global.ssl_session_max_cost = SSL_SESSION_MAX_COST;
9016 global.ssl_handshake_max_cost = SSL_HANDSHAKE_MAX_COST;
Remi Gacogne4f902b82015-05-28 16:23:00 +02009017
9018#ifndef OPENSSL_NO_DH
9019 ssl_dh_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
Grant Zhang872f9c22017-01-21 01:10:18 +00009020 hap_register_post_deinit(ssl_free_dh);
Remi Gacogne4f902b82015-05-28 16:23:00 +02009021#endif
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009022#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009023 hap_register_post_deinit(ssl_free_engines);
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009024#endif
Thierry FOURNIER / OZON.IO8b068c22016-10-10 11:59:50 +02009025 /* Load SSL string for the verbose & debug mode. */
9026 ERR_load_SSL_strings();
Olivier Houchardccaa7de2017-10-02 11:51:03 +02009027
9028 http_req_keywords_register(&http_req_actions);
Emeric Brun46591952012-05-18 15:47:34 +02009029}
9030
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009031#ifndef OPENSSL_NO_ENGINE
Grant Zhang872f9c22017-01-21 01:10:18 +00009032void ssl_free_engines(void) {
9033 struct ssl_engine_list *wl, *wlb;
9034 /* free up engine list */
9035 list_for_each_entry_safe(wl, wlb, &openssl_engines, list) {
9036 ENGINE_finish(wl->e);
9037 ENGINE_free(wl->e);
9038 LIST_DEL(&wl->list);
9039 free(wl);
9040 }
9041}
Emmanuel Hocdet9ac143b2017-05-29 14:36:20 +02009042#endif
Christopher Faulet31af49d2015-06-09 17:29:50 +02009043
Remi Gacogned3a23c32015-05-28 16:39:47 +02009044#ifndef OPENSSL_NO_DH
Grant Zhang872f9c22017-01-21 01:10:18 +00009045void ssl_free_dh(void) {
9046 if (local_dh_1024) {
9047 DH_free(local_dh_1024);
9048 local_dh_1024 = NULL;
9049 }
9050 if (local_dh_2048) {
9051 DH_free(local_dh_2048);
9052 local_dh_2048 = NULL;
9053 }
9054 if (local_dh_4096) {
9055 DH_free(local_dh_4096);
9056 local_dh_4096 = NULL;
9057 }
Remi Gacogne47783ef2015-05-29 15:53:22 +02009058 if (global_dh) {
9059 DH_free(global_dh);
9060 global_dh = NULL;
9061 }
Grant Zhang872f9c22017-01-21 01:10:18 +00009062}
9063#endif
9064
9065__attribute__((destructor))
9066static void __ssl_sock_deinit(void)
9067{
9068#if (defined SSL_CTRL_SET_TLSEXT_HOSTNAME && !defined SSL_NO_GENERATE_CERTIFICATES)
Emeric Brun821bb9b2017-06-15 16:37:39 +02009069 if (ssl_ctx_lru_tree) {
9070 lru64_destroy(ssl_ctx_lru_tree);
Christopher Faulet2a944ee2017-11-07 10:42:54 +01009071 HA_RWLOCK_DESTROY(&ssl_ctx_lru_rwlock);
Emeric Brun821bb9b2017-06-15 16:37:39 +02009072 }
Remi Gacogned3a23c32015-05-28 16:39:47 +02009073#endif
9074
9075 ERR_remove_state(0);
9076 ERR_free_strings();
9077
9078 EVP_cleanup();
9079
9080#if OPENSSL_VERSION_NUMBER >= 0x00907000L
9081 CRYPTO_cleanup_all_ex_data();
9082#endif
9083}
9084
9085
Emeric Brun46591952012-05-18 15:47:34 +02009086/*
9087 * Local variables:
9088 * c-indent-level: 8
9089 * c-basic-offset: 8
9090 * End:
9091 */