[PATCH 1/1] MEDIUM: ssl: new sample fetch method to get curve name

Fri, 14 Jul 2023 01:00:43 -0700 

Adds a new sample fetch method to get the curve name used in the
key agreement to enable better observability. In OpenSSLv3, the function
`SSL_get_negotiated_group` returns the NID of the curve and from the NID,
we get the curve name by passing the NID to OBJ_nid2sn. This was not
available in v1.1.1. SSL_get_curve_name(), which returns the curve name
directly was merged into OpenSSL master branch last week but will be available
only in its next release.
---
 doc/configuration.txt                |  8 +++++
 reg-tests/ssl/ssl_client_samples.vtc |  2 ++
 reg-tests/ssl/ssl_curves.vtc         |  4 +++
 src/ssl_sample.c                     | 46 ++++++++++++++++++++++++++++
 4 files changed, 60 insertions(+)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 8bcfc3c06..d944ac132 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -20646,6 +20646,10 @@ ssl_bc_cipher : string
   over an SSL/TLS transport layer. It can be used in a tcp-check or an
   http-check ruleset.
 
+ssl_bc_curve : string
+  Returns the name of the curve used in the key agreement when the outgoing
+  connection was made over an SSL/TLS transport layer.
+
 ssl_bc_client_random : binary
   Returns the client random of the back connection when the incoming connection
   was made over an SSL/TLS transport layer. It is useful to to decrypt traffic
@@ -20944,6 +20948,10 @@ ssl_fc_cipher : string
   Returns the name of the used cipher when the incoming connection was made
   over an SSL/TLS transport layer.
 
+ssl_fc_curve : string
+  Returns the name of the curve used in the key agreement when the incoming
+  connection was made over an SSL/TLS transport layer.
+
 ssl_fc_cipherlist_bin([<filter_option>]) : binary
   Returns the binary form of the client hello cipher list. The maximum
   returned value length is limited by the shared capture buffer size
diff --git a/reg-tests/ssl/ssl_client_samples.vtc 
b/reg-tests/ssl/ssl_client_samples.vtc
index 5a84e4b25..1f078ea98 100644
--- a/reg-tests/ssl/ssl_client_samples.vtc
+++ b/reg-tests/ssl/ssl_client_samples.vtc
@@ -46,6 +46,7 @@ haproxy h1 -conf {
         http-response add-header x-ssl-s_serial %[ssl_c_serial,hex]
         http-response add-header x-ssl-key_alg %[ssl_c_key_alg]
         http-response add-header x-ssl-version %[ssl_c_version]
+        http-response add-header x-ssl-curve-name %[ssl_fc_curve]
 
         bind "${tmpdir}/ssl.sock" ssl crt ${testdir}/common.pem ca-file 
${testdir}/ca-auth.crt verify optional crt-ignore-err all crl-file 
${testdir}/crl-auth.pem
 
@@ -69,6 +70,7 @@ client c1 -connect ${h1_clearlst_sock} {
     expect resp.http.x-ssl-s_serial == "02"
     expect resp.http.x-ssl-key_alg == "rsaEncryption"
     expect resp.http.x-ssl-version == "1"
+    expect resp.http.x-ssl-curve-name == "X25519"
 } -run
 
 
diff --git a/reg-tests/ssl/ssl_curves.vtc b/reg-tests/ssl/ssl_curves.vtc
index 5cc70df14..3dbe47c4d 100644
--- a/reg-tests/ssl/ssl_curves.vtc
+++ b/reg-tests/ssl/ssl_curves.vtc
@@ -75,6 +75,7 @@ haproxy h1 -conf {
     listen ssl1-lst
         bind "${tmpdir}/ssl1.sock" ssl crt ${testdir}/common.pem ca-file 
${testdir}/set_cafile_rootCA.crt verify optional curves P-256:P-384
         server s1 ${s1_addr}:${s1_port}
+        http-response add-header x-ssl-fc-curve-name %[ssl_fc_curve]
 
     # The prime256v1 curve, which is used by default by a backend when no
     # 'curves' or 'ecdhe' option is specified, is not allowed on this listener
@@ -98,6 +99,7 @@ haproxy h1 -conf {
 
         bind "${tmpdir}/ssl-ecdhe-256.sock" ssl crt ${testdir}/common.pem 
ca-file ${testdir}/set_cafile_rootCA.crt verify optional ecdhe prime256v1
         server s1 ${s1_addr}:${s1_port}
+        http-response add-header x-ssl-fc-curve-name %[ssl_fc_curve]
 
 } -start
 
@@ -105,6 +107,7 @@ client c1 -connect ${h1_clearlst_sock} {
   txreq
   rxresp
   expect resp.status == 200
+  expect resp.http.x-ssl-fc-curve-name == "prime256v1"
 } -run
 
 # The backend tries to use the prime256v1 curve that is not accepted by the
@@ -129,6 +132,7 @@ client c4 -connect ${h1_clearlst_sock} {
   txreq -url "/ecdhe-256"
   rxresp
   expect resp.status == 200
+  expect resp.http.x-ssl-fc-curve-name == "prime256v1"
 } -run
 
 syslog Slg_cust_fmt -wait
diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 5aec97fef..d7a7a09f9 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -1304,6 +1304,46 @@ smp_fetch_ssl_fc_is_resumed(const struct arg *args, 
struct sample *smp, const ch
        return 1;
 }
 
+/*
+ * string, returns the EC curve used for key agreement on the
+ * front and backend connection.
+ *
+ * The function to get the curve name (SSL_get_negotiated_group) is only 
available
+ * in OpenSSLv3 onwards and not for previous versions.
+ */
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
+static int
+smp_fetch_ssl_fc_ec(const struct arg *args, struct sample *smp, const char 
*kw, void *private)
+{
+    struct connection *conn;
+    SSL *ssl;
+    int nid;
+
+    if (obj_type(smp->sess->origin) == OBJ_TYPE_CHECK)
+        conn = (kw[4] == 'b') ? sc_conn(__objt_check(smp->sess->origin)->sc) : 
NULL;
+    else
+        conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
+                smp->strm ? sc_conn(smp->strm->scb) : NULL;
+
+    ssl = ssl_sock_get_ssl_object(conn);
+    if (!ssl)
+        return 0;
+
+    nid = SSL_get_negotiated_group(ssl);
+    if (!nid)
+            return 0;
+    smp->data.u.str.area = (char *)OBJ_nid2sn(nid);
+    if (!smp->data.u.str.area)
+        return 0;
+
+    smp->data.type = SMP_T_STR;
+    smp->flags |= SMP_F_VOL_SESS | SMP_F_CONST;
+    smp->data.u.str.data = strlen(smp->data.u.str.area);
+
+    return 1;
+}
+#endif
+
 /* string, returns the used cipher if front conn. transport layer is SSL.
  * This function is also usable on backend conn if the fetch keyword 5th
  * char is 'b'.
@@ -2174,6 +2214,9 @@ static struct sample_fetch_kw_list sample_fetch_keywords 
= {ILH, {
        { "ssl_bc_alpn",            smp_fetch_ssl_fc_alpn,        0,            
       NULL,    SMP_T_STR,  SMP_USE_L5SRV },
 #endif
        { "ssl_bc_cipher",          smp_fetch_ssl_fc_cipher,      0,            
       NULL,    SMP_T_STR,  SMP_USE_L5SRV },
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
+        { "ssl_bc_curve",           smp_fetch_ssl_fc_ec,          0,           
        NULL,    SMP_T_STR,  SMP_USE_L5SRV },
+#endif
 #if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
        { "ssl_bc_npn",             smp_fetch_ssl_fc_npn,         0,            
       NULL,    SMP_T_STR,  SMP_USE_L5SRV },
 #endif
@@ -2223,6 +2266,9 @@ static struct sample_fetch_kw_list sample_fetch_keywords 
= {ILH, {
        { "ssl_fc",                 smp_fetch_ssl_fc,             0,            
       NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
        { "ssl_fc_alg_keysize",     smp_fetch_ssl_fc_alg_keysize, 0,            
       NULL,    SMP_T_SINT, SMP_USE_L5CLI },
        { "ssl_fc_cipher",          smp_fetch_ssl_fc_cipher,      0,            
       NULL,    SMP_T_STR,  SMP_USE_L5CLI },
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x3000000fL)
+        { "ssl_fc_curve",           smp_fetch_ssl_fc_ec,          0,           
        NULL,    SMP_T_STR,  SMP_USE_L5CLI },
+#endif
        { "ssl_fc_has_crt",         smp_fetch_ssl_fc_has_crt,     0,            
       NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
        { "ssl_fc_has_early",       smp_fetch_ssl_fc_has_early,   0,            
       NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
        { "ssl_fc_has_sni",         smp_fetch_ssl_fc_has_sni,     0,            
       NULL,    SMP_T_BOOL, SMP_USE_L5CLI },
-- 
2.39.2 (Apple Git-143)

Reply via email to