From: Olivier Houchard <ohouchard@haproxy.com>
Date: Fri, 27 Oct 2017 12:58:08 +0000 (+0200)
Subject: MINOR: ssl: Don't abuse ssl_options.
X-Git-Tag: v1.8-rc1~209
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9679ac997a8d93e22f629b5a838e7f3aadc5fade;p=thirdparty%2Fhaproxy.git

MINOR: ssl: Don't abuse ssl_options.

A bind_conf does contain a ssl_bind_conf, which already has a flag to know
if early data are activated, so use that, instead of adding a new flag in
the ssl_options field.
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index cf0d696064..b63ceb4084 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -847,6 +847,10 @@ resetenv [<name> ...]
   next line in the configuration file sees the new environment. See also
   "setenv", "presetenv", and "unsetenv".
 
+ssl-allow-0rtt
+  Allow using 0RTT on every listener. 0RTT is prone to various attacks, so be
+  sure to know the security implications before activating it.
+
 stats bind-process [ all | odd | even | <number 1-64>[-<number 1-64>] ] ...
   Limits the stats socket to a certain set of processes numbers. By default the
   stats socket is bound to all processes, causing a warning to be emitted when
diff --git a/include/types/listener.h b/include/types/listener.h
index 19d1dbe3bb..bcebea8107 100644
--- a/include/types/listener.h
+++ b/include/types/listener.h
@@ -105,7 +105,6 @@ enum li_state {
 #define BC_SSL_O_NONE           0x0000
 #define BC_SSL_O_NO_TLS_TICKETS 0x0100	/* disable session resumption tickets */
 #define BC_SSL_O_PREF_CLIE_CIPH 0x0200  /* prefer client ciphers */
-#define BC_SSL_O_EARLY_DATA     0x0400  /* Accept early data */
 #endif
 
 /* ssl "bind" settings */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 844be0a0e8..62fcd00bd8 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -165,6 +165,7 @@ static struct {
 	char *crt_base;             /* base directory path for certificates */
 	char *ca_base;              /* base directory path for CAs and CRLs */
 	int  async;                 /* whether we use ssl async mode */
+	int default_early_data;     /* Shall we default to allow early data */
 
 	char *listen_default_ciphers;
 	char *connect_default_ciphers;
@@ -2009,7 +2010,7 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 	conn = SSL_get_app_data(ssl);
 	s = objt_listener(conn->target)->bind_conf;
 
-	if (s->ssl_options & BC_SSL_O_EARLY_DATA)
+	if (s->ssl_conf.early_data)
 		allow_early = 1;
 #ifdef OPENSSL_IS_BORINGSSL
 	if (SSL_early_callback_ctx_extension_get(ctx, TLSEXT_TYPE_server_name,
@@ -6976,7 +6977,7 @@ static int ssl_bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px,
 
 static int bind_parse_allow_0rtt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
 {
-	conf->ssl_options |= BC_SSL_O_EARLY_DATA;
+	conf->ssl_conf.early_data = 1;
 	return 0;
 }
 
@@ -7102,6 +7103,7 @@ static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bin
 		conf->ssl_conf.ciphers = strdup(global_ssl.listen_default_ciphers);
 	conf->ssl_options |= global_ssl.listen_default_ssloptions;
 	conf->ssl_conf.ssl_methods.flags |= global_ssl.listen_default_sslmethods.flags;
+	conf->ssl_conf.early_data = global_ssl.default_early_data;
 	if (!conf->ssl_conf.ssl_methods.min)
 		conf->ssl_conf.ssl_methods.min = global_ssl.listen_default_sslmethods.min;
 	if (!conf->ssl_conf.ssl_methods.max)
@@ -7519,8 +7521,6 @@ static int ssl_parse_default_bind_options(char **args, int section_type, struct
 	while (*(args[i])) {
 		if (!strcmp(args[i], "no-tls-tickets"))
 			global_ssl.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
-		else if (!strcmp(args[i], "allow-0rtt"))
-			global_ssl.listen_default_ssloptions |= BC_SSL_O_EARLY_DATA;
 		else if (!strcmp(args[i], "prefer-client-ciphers"))
 			global_ssl.listen_default_ssloptions |= BC_SSL_O_PREF_CLIE_CIPH;
 		else if (!strcmp(args[i], "ssl-min-ver") || !strcmp(args[i], "ssl-max-ver")) {
@@ -7597,6 +7597,23 @@ static int ssl_parse_global_ca_crt_base(char **args, int section_type, struct pr
 	return 0;
 }
 
+/* parse the "ssl-allow-0rtt" keyword in global section.
+ * Returns <0 on alert, >0 on warning, 0 on success.
+ */
+static int ssl_parse_global_ssl_allow_0rtt(char **args, int section_type,
+    struct proxy *curpx, struct proxy *defpx, const char *file, int line,
+    char **err)
+{
+#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
+        global_ssl.default_early_data = 1;
+        return 0;
+#else
+        memprintf(err, "'%s': openssl library does not early data", args[0]);
+        return -1;
+#endif
+
+}
+
 /* parse the "ssl-mode-async" keyword in global section.
  * Returns <0 on alert, >0 on warning, 0 on success.
  */
@@ -8287,6 +8304,7 @@ static struct cfg_kw_list cfg_kws = {ILH, {
 	{ CFG_GLOBAL, "ca-base",  ssl_parse_global_ca_crt_base },
 	{ CFG_GLOBAL, "crt-base", ssl_parse_global_ca_crt_base },
 	{ CFG_GLOBAL, "maxsslconn", ssl_parse_global_int },
+	{ CFG_GLOBAL, "ssl-allow-0rtt", ssl_parse_global_ssl_allow_0rtt },
 	{ CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
 	{ CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
 #ifndef OPENSSL_NO_DH