1
2 /*
3 * Copyright (C) Igor Sysoev
4 * Copyright (C) NGINX, Inc.
5 */
6
7 #include <nxt_main.h>
8 #include <nxt_conf.h>
9 #include <openssl/ssl.h>
10 #include <openssl/conf.h>
11 #include <openssl/err.h>
12 #include <openssl/rand.h>
13 #include <openssl/x509v3.h>
14 #include <openssl/bio.h>
15 #include <openssl/evp.h>
16
17
18 typedef struct {
19 SSL *session;
20 nxt_conn_t *conn;
21
22 int ssl_error;
23 uint8_t times; /* 2 bits */
24 uint8_t handshake; /* 1 bit */
25
26 nxt_tls_conf_t *conf;
27 nxt_buf_mem_t buffer;
28 } nxt_openssl_conn_t;
29
30
31 struct nxt_tls_ticket_s {
32 u_char name[16];
33 u_char hmac_key[32];
34 u_char aes_key[32];
35 uint8_t size;
36 };
37
38
39 struct nxt_tls_tickets_s {
40 nxt_uint_t count;
41 nxt_tls_ticket_t tickets[];
42 };
43
44
45 typedef enum {
46 NXT_OPENSSL_HANDSHAKE = 0,
47 NXT_OPENSSL_READ,
48 NXT_OPENSSL_WRITE,
49 NXT_OPENSSL_SHUTDOWN,
50 } nxt_openssl_io_t;
51
52
53 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
54 static void nxt_openssl_library_free(nxt_task_t *task);
55 #if OPENSSL_VERSION_NUMBER < 0x10100004L
56 static nxt_int_t nxt_openssl_locks_init(void);
57 static void nxt_openssl_lock(int mode, int type, const char *file, int line);
58 static unsigned long nxt_openssl_thread_id(void);
59 static void nxt_openssl_locks_free(void);
60 #endif
61 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
62 nxt_tls_init_t *tls_init, nxt_bool_t last);
63 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx,
64 nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single);
65 #if (NXT_HAVE_OPENSSL_CONF_CMD)
66 static nxt_int_t nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx,
67 nxt_conf_value_t *value, nxt_mp_t *mp);
68 #endif
69 #if (NXT_HAVE_OPENSSL_TLSEXT)
70 static nxt_int_t nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx,
71 nxt_tls_init_t *tls_init, nxt_mp_t *mp);
72 static int nxt_tls_ticket_key_callback(SSL *s, unsigned char *name,
73 unsigned char *iv, EVP_CIPHER_CTX *ectx,HMAC_CTX *hctx, int enc);
74 #endif
75 static void nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size,
76 time_t timeout);
77 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert,
78 nxt_tls_conf_t *conf, nxt_mp_t *mp);
79 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq,
80 void *data);
81 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task,
82 nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp);
83 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg);
84 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf,
85 nxt_str_t *sn);
86 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
87 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
88 nxt_conn_t *c);
89 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
90 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
91 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
92 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
93 void *buf, size_t size);
94 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
95 void *data);
96 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
97 int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
98 static void nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj,
99 void *data);
100 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
101 nxt_err_t err, const char *fmt, ...);
102 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
103
104
105 const nxt_tls_lib_t nxt_openssl_lib = {
106 .library_init = nxt_openssl_library_init,
107 .library_free = nxt_openssl_library_free,
108
109 .server_init = nxt_openssl_server_init,
110 .server_free = nxt_openssl_server_free,
111 };
112
113
114 static nxt_conn_io_t nxt_openssl_conn_io = {
115 .read = nxt_conn_io_read,
116 .recvbuf = nxt_openssl_conn_io_recvbuf,
117
118 .write = nxt_conn_io_write,
119 .sendbuf = nxt_openssl_conn_io_sendbuf,
120
121 .shutdown = nxt_openssl_conn_io_shutdown,
122 };
123
124
125 static long nxt_openssl_version;
126 static int nxt_openssl_connection_index;
127
128
129 static nxt_int_t
nxt_openssl_library_init(nxt_task_t * task)130 nxt_openssl_library_init(nxt_task_t *task)
131 {
132 int index;
133
134 if (nxt_fast_path(nxt_openssl_version != 0)) {
135 return NXT_OK;
136 }
137
138 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
139
140 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
141
142 #else
143 {
144 nxt_int_t ret;
145
146 SSL_load_error_strings();
147
148 OPENSSL_config(NULL);
149
150 /*
151 * SSL_library_init(3):
152 *
153 * SSL_library_init() always returns "1",
154 * so it is safe to discard the return value.
155 */
156 (void) SSL_library_init();
157
158 ret = nxt_openssl_locks_init();
159 if (nxt_slow_path(ret != NXT_OK)) {
160 return ret;
161 }
162 }
163
164 #endif
165
166 nxt_openssl_version = SSLeay();
167
168 nxt_log(task, NXT_LOG_INFO, "%s, %xl",
169 SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
170
171 #ifndef SSL_OP_NO_COMPRESSION
172 {
173 /*
174 * Disable gzip compression in OpenSSL prior to 1.0.0
175 * version, this saves about 522K per connection.
176 */
177 int n;
178 STACK_OF(SSL_COMP) *ssl_comp_methods;
179
180 ssl_comp_methods = SSL_COMP_get_compression_methods();
181
182 for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
183 (void) sk_SSL_COMP_pop(ssl_comp_methods);
184 }
185 }
186 #endif
187
188 index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
189
190 if (index == -1) {
191 nxt_openssl_log_error(task, NXT_LOG_ALERT,
192 "SSL_get_ex_new_index() failed");
193 return NXT_ERROR;
194 }
195
196 nxt_openssl_connection_index = index;
197
198 return NXT_OK;
199 }
200
201
202 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
203
204 static void
nxt_openssl_library_free(nxt_task_t * task)205 nxt_openssl_library_free(nxt_task_t *task)
206 {
207 }
208
209 #else
210
211 static nxt_thread_mutex_t *nxt_openssl_locks;
212
213 static nxt_int_t
nxt_openssl_locks_init(void)214 nxt_openssl_locks_init(void)
215 {
216 int i, n;
217 nxt_int_t ret;
218
219 n = CRYPTO_num_locks();
220
221 nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
222 if (nxt_slow_path(nxt_openssl_locks == NULL)) {
223 return NXT_ERROR;
224 }
225
226 for (i = 0; i < n; i++) {
227 ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
228 if (nxt_slow_path(ret != NXT_OK)) {
229 return ret;
230 }
231 }
232
233 CRYPTO_set_locking_callback(nxt_openssl_lock);
234
235 CRYPTO_set_id_callback(nxt_openssl_thread_id);
236
237 return NXT_OK;
238 }
239
240
241 static void
nxt_openssl_lock(int mode,int type,const char * file,int line)242 nxt_openssl_lock(int mode, int type, const char *file, int line)
243 {
244 nxt_thread_mutex_t *lock;
245
246 lock = &nxt_openssl_locks[type];
247
248 if ((mode & CRYPTO_LOCK) != 0) {
249 (void) nxt_thread_mutex_lock(lock);
250
251 } else {
252 (void) nxt_thread_mutex_unlock(lock);
253 }
254 }
255
256
257 static u_long
nxt_openssl_thread_id(void)258 nxt_openssl_thread_id(void)
259 {
260 return (u_long) nxt_thread_handle();
261 }
262
263
264 static void
nxt_openssl_library_free(nxt_task_t * task)265 nxt_openssl_library_free(nxt_task_t *task)
266 {
267 nxt_openssl_locks_free();
268 }
269
270
271 static void
nxt_openssl_locks_free(void)272 nxt_openssl_locks_free(void)
273 {
274 int i, n;
275
276 n = CRYPTO_num_locks();
277
278 CRYPTO_set_locking_callback(NULL);
279
280 for (i = 0; i < n; i++) {
281 nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
282 }
283
284 OPENSSL_free(nxt_openssl_locks);
285 }
286
287 #endif
288
289
290 static nxt_int_t
nxt_openssl_server_init(nxt_task_t * task,nxt_mp_t * mp,nxt_tls_init_t * tls_init,nxt_bool_t last)291 nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
292 nxt_tls_init_t *tls_init, nxt_bool_t last)
293 {
294 SSL_CTX *ctx;
295 const char *ciphers, *ca_certificate;
296 nxt_tls_conf_t *conf;
297 STACK_OF(X509_NAME) *list;
298 nxt_tls_bundle_conf_t *bundle;
299
300 ctx = SSL_CTX_new(SSLv23_server_method());
301 if (ctx == NULL) {
302 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
303 return NXT_ERROR;
304 }
305
306 conf = tls_init->conf;
307
308 bundle = conf->bundle;
309 nxt_assert(bundle != NULL);
310
311 bundle->ctx = ctx;
312
313 #ifdef SSL_OP_NO_RENEGOTIATION
314 /* Renegration is not currently supported. */
315 SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
316 #endif
317
318 #ifdef SSL_OP_NO_COMPRESSION
319 /*
320 * Disable gzip compression in OpenSSL 1.0.0,
321 * this saves about 522K per connection.
322 */
323 SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
324 #endif
325
326 #ifdef SSL_MODE_RELEASE_BUFFERS
327
328 if (nxt_openssl_version >= 10001078) {
329 /*
330 * Allow to release read and write buffers in OpenSSL 1.0.0,
331 * this saves about 34K per idle connection. It is not safe
332 * before OpenSSL 1.0.1h (CVE-2010-5298).
333 */
334 SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
335 }
336
337 #endif
338
339 if (nxt_openssl_chain_file(task, ctx, conf, mp,
340 last && bundle->next == NULL)
341 != NXT_OK)
342 {
343 goto fail;
344 }
345 /*
346 key = conf->certificate_key;
347
348 if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
349 nxt_openssl_log_error(task, NXT_LOG_ALERT,
350 "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
351 key);
352 goto fail;
353 }
354 */
355
356 ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
357
358 if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
359 nxt_openssl_log_error(task, NXT_LOG_ALERT,
360 "SSL_CTX_set_cipher_list(\"%s\") failed",
361 ciphers);
362 goto fail;
363 }
364
365 #if (NXT_HAVE_OPENSSL_CONF_CMD)
366 if (tls_init->conf_cmds != NULL
367 && nxt_ssl_conf_commands(task, ctx, tls_init->conf_cmds, mp) != NXT_OK)
368 {
369 goto fail;
370 }
371 #endif
372
373 nxt_ssl_session_cache(ctx, tls_init->cache_size, tls_init->timeout);
374
375 #if (NXT_HAVE_OPENSSL_TLSEXT)
376 if (nxt_tls_ticket_keys(task, ctx, tls_init, mp) != NXT_OK) {
377 goto fail;
378 }
379 #endif
380
381 SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
382
383 if (conf->ca_certificate != NULL) {
384
385 /* TODO: verify callback */
386 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
387
388 /* TODO: verify depth */
389 SSL_CTX_set_verify_depth(ctx, 1);
390
391 ca_certificate = conf->ca_certificate;
392
393 if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
394 nxt_openssl_log_error(task, NXT_LOG_ALERT,
395 "SSL_CTX_load_verify_locations(\"%s\") failed",
396 ca_certificate);
397 goto fail;
398 }
399
400 list = SSL_load_client_CA_file(ca_certificate);
401
402 if (list == NULL) {
403 nxt_openssl_log_error(task, NXT_LOG_ALERT,
404 "SSL_load_client_CA_file(\"%s\") failed",
405 ca_certificate);
406 goto fail;
407 }
408
409 /*
410 * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
411 * 0.9.8 versions always leaves an error in the error queue.
412 */
413 ERR_clear_error();
414
415 SSL_CTX_set_client_CA_list(ctx, list);
416 }
417
418 if (last) {
419 conf->conn_init = nxt_openssl_conn_init;
420
421 if (bundle->next != NULL) {
422 SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername);
423 }
424 }
425
426 return NXT_OK;
427
428 fail:
429
430 SSL_CTX_free(ctx);
431
432 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
433 && OPENSSL_VERSION_NUMBER < 0x1010101fL)
434 RAND_keep_random_devices_open(0);
435 #endif
436
437 return NXT_ERROR;
438 }
439
440
441 static nxt_int_t
nxt_openssl_chain_file(nxt_task_t * task,SSL_CTX * ctx,nxt_tls_conf_t * conf,nxt_mp_t * mp,nxt_bool_t single)442 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf,
443 nxt_mp_t *mp, nxt_bool_t single)
444 {
445 BIO *bio;
446 X509 *cert, *ca;
447 long reason;
448 EVP_PKEY *key;
449 nxt_int_t ret;
450 nxt_tls_bundle_conf_t *bundle;
451
452 ret = NXT_ERROR;
453 cert = NULL;
454
455 bio = BIO_new(BIO_s_fd());
456 if (bio == NULL) {
457 goto end;
458 }
459
460 bundle = conf->bundle;
461
462 BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE);
463
464 cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
465 if (cert == NULL) {
466 goto end;
467 }
468
469 if (SSL_CTX_use_certificate(ctx, cert) != 1) {
470 goto end;
471 }
472
473 if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) {
474 goto clean;
475 }
476
477 for ( ;; ) {
478 ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
479
480 if (ca == NULL) {
481 reason = ERR_GET_REASON(ERR_peek_last_error());
482 if (reason != PEM_R_NO_START_LINE) {
483 goto end;
484 }
485
486 ERR_clear_error();
487 break;
488 }
489
490 /*
491 * Note that ca isn't freed if it was successfully added to the chain,
492 * while the main certificate needs a X509_free() call, since
493 * its reference count is increased by SSL_CTX_use_certificate().
494 */
495 #ifdef SSL_CTX_add0_chain_cert
496 if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
497 #else
498 if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
499 #endif
500 X509_free(ca);
501 goto end;
502 }
503 }
504
505 if (BIO_reset(bio) != 0) {
506 goto end;
507 }
508
509 key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
510 if (key == NULL) {
511 goto end;
512 }
513
514 if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
515 ret = NXT_OK;
516 }
517
518 EVP_PKEY_free(key);
519
520 end:
521
522 if (ret != NXT_OK) {
523 nxt_openssl_log_error(task, NXT_LOG_ALERT,
524 "nxt_openssl_chain_file() failed");
525 }
526
527 clean:
528
529 BIO_free(bio);
530 X509_free(cert);
531
532 return ret;
533 }
534
535
536 #if (NXT_HAVE_OPENSSL_CONF_CMD)
537
538 static nxt_int_t
539 nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, nxt_conf_value_t *conf,
540 nxt_mp_t *mp)
541 {
542 int ret;
543 char *zcmd, *zvalue;
544 uint32_t index;
545 nxt_str_t cmd, value;
546 SSL_CONF_CTX *cctx;
547 nxt_conf_value_t *member;
548
549 cctx = SSL_CONF_CTX_new();
550 if (nxt_slow_path(cctx == NULL)) {
551 nxt_openssl_log_error(task, NXT_LOG_ALERT,
552 "SSL_CONF_CTX_new() failed");
553 return NXT_ERROR;
554 }
555
556 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE
557 | SSL_CONF_FLAG_SERVER
558 | SSL_CONF_FLAG_CERTIFICATE
559 | SSL_CONF_FLAG_SHOW_ERRORS);
560
561 SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
562
563 index = 0;
564
565 for ( ;; ) {
566 member = nxt_conf_next_object_member(conf, &cmd, &index);
567 if (nxt_slow_path(member == NULL)) {
568 break;
569 }
570
571 nxt_conf_get_string(member, &value);
572
573 zcmd = nxt_str_cstrz(mp, &cmd);
574 zvalue = nxt_str_cstrz(mp, &value);
575
576 if (nxt_slow_path(zcmd == NULL || zvalue == NULL)) {
577 goto fail;
578 }
579
580 ret = SSL_CONF_cmd(cctx, zcmd, zvalue);
581 if (ret == -2) {
582 nxt_openssl_log_error(task, NXT_LOG_ERR,
583 "unknown command \"%s\" in "
584 "\"conf_commands\" option", zcmd);
585 goto fail;
586 }
587
588 if (ret <= 0) {
589 nxt_openssl_log_error(task, NXT_LOG_ERR,
590 "invalid value \"%s\" for command \"%s\" "
591 "in \"conf_commands\" option",
592 zvalue, zcmd);
593 goto fail;
594 }
595
596 nxt_debug(task, "SSL_CONF_cmd(\"%s\", \"%s\")", zcmd, zvalue);
597 }
598
599 if (SSL_CONF_CTX_finish(cctx) != 1) {
600 nxt_openssl_log_error(task, NXT_LOG_ALERT,
601 "SSL_CONF_finish() failed");
602 goto fail;
603 }
604
605 SSL_CONF_CTX_free(cctx);
606
607 return NXT_OK;
608
609 fail:
610
611 SSL_CONF_CTX_free(cctx);
612
613 return NXT_ERROR;
614 }
615
616 #endif
617
618 #if (NXT_HAVE_OPENSSL_TLSEXT)
619
620 static nxt_int_t
621 nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init,
622 nxt_mp_t *mp)
623 {
624 size_t len;
625 uint32_t i;
626 nxt_str_t value;
627 nxt_uint_t count;
628 nxt_conf_value_t *member, *tickets_conf;
629 nxt_tls_ticket_t *ticket;
630 nxt_tls_tickets_t *tickets;
631 u_char buf[80];
632
633 tickets_conf = tls_init->tickets_conf;
634
635 if (tickets_conf == NULL) {
636 goto no_ticket;
637 }
638
639 if (nxt_conf_type(tickets_conf) == NXT_CONF_BOOLEAN) {
640 if (nxt_conf_get_boolean(tickets_conf) == 0) {
641 goto no_ticket;
642 }
643
644 return NXT_OK;
645 }
646
647 if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) {
648 count = nxt_conf_array_elements_count(tickets_conf);
649
650 if (count == 0) {
651 goto no_ticket;
652 }
653
654 } else {
655 /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
656 count = 1;
657 }
658
659 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
660
661 tickets = nxt_mp_get(mp, sizeof(nxt_tls_tickets_t)
662 + count * sizeof(nxt_tls_ticket_t));
663 if (nxt_slow_path(tickets == NULL)) {
664 return NXT_ERROR;
665 }
666
667 tickets->count = count;
668 tls_init->conf->tickets = tickets;
669 i = 0;
670
671 do {
672 ticket = &tickets->tickets[i];
673
674 i++;
675
676 if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) {
677 member = nxt_conf_get_array_element(tickets_conf, count - i);
678 if (member == NULL) {
679 break;
680 }
681
682 } else {
683 /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
684 member = tickets_conf;
685 }
686
687 nxt_conf_get_string(member, &value);
688
689 len = nxt_base64_decode(buf, value.start, value.length);
690
691 nxt_memcpy(ticket->name, buf, 16);
692
693 if (len == 48) {
694 nxt_memcpy(ticket->aes_key, buf + 16, 16);
695 nxt_memcpy(ticket->hmac_key, buf + 32, 16);
696 ticket->size = 16;
697
698 } else {
699 nxt_memcpy(ticket->hmac_key, buf + 16, 32);
700 nxt_memcpy(ticket->aes_key, buf + 48, 32);
701 ticket->size = 32;
702 }
703
704 } while (i < count);
705
706 if (SSL_CTX_set_tlsext_ticket_key_cb(ctx, nxt_tls_ticket_key_callback)
707 == 0)
708 {
709 nxt_openssl_log_error(task, NXT_LOG_ALERT,
710 "Unit was built with Session Tickets support, however, "
711 "now it is linked dynamically to an OpenSSL library "
712 "which has no tlsext support, therefore Session Tickets "
713 "are not available");
714
715 return NXT_ERROR;
716 }
717
718 return NXT_OK;
719
720 #else
721 nxt_alert(task, "Setting custom session ticket keys is not supported with "
722 "this version of OpenSSL library");
723
724 return NXT_ERROR;
725
726 #endif
727
728 no_ticket:
729
730 SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
731
732 return NXT_OK;
733 }
734
735
736 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
737
738 static int
739 nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv,
740 EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
741 {
742 nxt_uint_t i;
743 nxt_conn_t *c;
744 const EVP_MD *digest;
745 const EVP_CIPHER *cipher;
746 nxt_tls_ticket_t *ticket;
747 nxt_openssl_conn_t *tls;
748
749 c = SSL_get_ex_data(s, nxt_openssl_connection_index);
750
751 if (nxt_slow_path(c == NULL)) {
752 nxt_thread_log_alert("SSL_get_ex_data() failed");
753 return -1;
754 }
755
756 tls = c->u.tls;
757 ticket = tls->conf->tickets->tickets;
758
759 i = 0;
760
761 if (enc == 1) {
762 /* encrypt session ticket */
763
764 nxt_debug(c->socket.task, "TLS session ticket encrypt");
765
766 cipher = (ticket[0].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
767
768 if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) {
769 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
770 "RAND_bytes() failed");
771 return -1;
772 }
773
774 nxt_memcpy(name, ticket[0].name, 16);
775
776 if (EVP_EncryptInit_ex(ectx, cipher, NULL, ticket[0].aes_key, iv) != 1)
777 {
778 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
779 "EVP_EncryptInit_ex() failed");
780 return -1;
781 }
782
783 } else {
784 /* decrypt session ticket */
785
786 do {
787 if (nxt_memcmp(name, ticket[i].name, 16) == 0) {
788 goto found;
789 }
790
791 } while (++i < tls->conf->tickets->count);
792
793 nxt_debug(c->socket.task, "TLS session ticket decrypt, key not found");
794
795 return 0;
796
797 found:
798
799 nxt_debug(c->socket.task,
800 "TLS session ticket decrypt, key number: \"%d\"", i);
801
802 enc = (i == 0) ? 1 : 2 /* renew */;
803
804 cipher = (ticket[i].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
805
806 if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1)
807 {
808 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
809 "EVP_DecryptInit_ex() failed");
810 return -1;
811 }
812 }
813
814 #ifdef OPENSSL_NO_SHA256
815 digest = EVP_sha1();
816 #else
817 digest = EVP_sha256();
818 #endif
819
820 if (HMAC_Init_ex(hctx, ticket[i].hmac_key, ticket[i].size, digest, NULL)
821 != 1)
822 {
823 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
824 "HMAC_Init_ex() failed");
825 return -1;
826 }
827
828 return enc;
829 }
830
831 #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
832
833 #endif /* NXT_HAVE_OPENSSL_TLSEXT */
834
835
836 static void
837 nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, time_t timeout)
838 {
839 if (cache_size == 0) {
840 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
841 return;
842 }
843
844 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
845
846 SSL_CTX_sess_set_cache_size(ctx, cache_size);
847
848 SSL_CTX_set_timeout(ctx, (long) timeout);
849 }
850
851
852 static nxt_uint_t
853 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf,
854 nxt_mp_t *mp)
855 {
856 int len;
857 nxt_str_t domain, str;
858 X509_NAME *x509_name;
859 nxt_uint_t i, n;
860 GENERAL_NAME *name;
861 nxt_tls_bundle_conf_t *bundle;
862 STACK_OF(GENERAL_NAME) *alt_names;
863 nxt_tls_bundle_hash_item_t *item;
864
865 bundle = conf->bundle;
866
867 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
868
869 if (alt_names != NULL) {
870 n = sk_GENERAL_NAME_num(alt_names);
871
872 for (i = 0; i != n; i++) {
873 name = sk_GENERAL_NAME_value(alt_names, i);
874
875 if (name->type != GEN_DNS) {
876 continue;
877 }
878
879 str.length = ASN1_STRING_length(name->d.dNSName);
880 #if OPENSSL_VERSION_NUMBER > 0x10100000L
881 str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
882 #else
883 str.start = ASN1_STRING_data(name->d.dNSName);
884 #endif
885
886 domain.start = nxt_mp_nget(mp, str.length);
887 if (nxt_slow_path(domain.start == NULL)) {
888 goto fail;
889 }
890
891 domain.length = str.length;
892 nxt_memcpy_lowcase(domain.start, str.start, str.length);
893
894 item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
895 if (nxt_slow_path(item == NULL)) {
896 goto fail;
897 }
898
899 item->name = domain;
900 item->bundle = bundle;
901
902 if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash,
903 item, mp)
904 == NXT_ERROR)
905 {
906 goto fail;
907 }
908 }
909
910 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
911
912 } else {
913 x509_name = X509_get_subject_name(cert);
914 len = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
915 NULL, 0);
916 if (len <= 0) {
917 nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither "
918 "Subject Alternative Name nor Common Name", &bundle->name);
919 return NXT_OK;
920 }
921
922 domain.start = nxt_mp_nget(mp, len + 1);
923 if (nxt_slow_path(domain.start == NULL)) {
924 return NXT_ERROR;
925 }
926
927 domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
928 (char *) domain.start,
929 len + 1);
930 nxt_memcpy_lowcase(domain.start, domain.start, domain.length);
931
932 item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
933 if (nxt_slow_path(item == NULL)) {
934 return NXT_ERROR;
935 }
936
937 item->name = domain;
938 item->bundle = bundle;
939
940 if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item,
941 mp)
942 == NXT_ERROR)
943 {
944 return NXT_ERROR;
945 }
946 }
947
948 return NXT_OK;
949
950 fail:
951
952 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
953
954 return NXT_ERROR;
955 }
956
957
958 static const nxt_lvlhsh_proto_t nxt_openssl_bundle_hash_proto
959 nxt_aligned(64) =
960 {
961 NXT_LVLHSH_DEFAULT,
962 nxt_openssl_bundle_hash_test,
963 nxt_mp_lvlhsh_alloc,
964 nxt_mp_lvlhsh_free,
965 };
966
967
968 static nxt_int_t
969 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data)
970 {
971 nxt_tls_bundle_hash_item_t *item;
972
973 item = data;
974
975 return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED;
976 }
977
978
979 static nxt_int_t
980 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh,
981 nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp)
982 {
983 nxt_str_t str;
984 nxt_int_t ret;
985 nxt_lvlhsh_query_t lhq;
986 nxt_tls_bundle_hash_item_t *old;
987
988 str = item->name;
989
990 if (item->name.start[0] == '*') {
991 item->name.start++;
992 item->name.length--;
993
994 if (item->name.length == 0 || item->name.start[0] != '.') {
995 nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" "
996 "in certificate \"%V\": missing \".\" "
997 "after wildcard symbol", &str, &item->bundle->name);
998 return NXT_OK;
999 }
1000 }
1001
1002 lhq.pool = mp;
1003 lhq.key = item->name;
1004 lhq.value = item;
1005 lhq.proto = &nxt_openssl_bundle_hash_proto;
1006 lhq.replace = 0;
1007 lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length);
1008
1009 ret = nxt_lvlhsh_insert(lvlhsh, &lhq);
1010 if (nxt_fast_path(ret == NXT_OK)) {
1011 nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted",
1012 &str, &item->bundle->name);
1013 return NXT_OK;
1014 }
1015
1016 if (nxt_fast_path(ret == NXT_DECLINED)) {
1017 old = lhq.value;
1018 if (old->bundle != item->bundle) {
1019 nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" "
1020 "in certificate \"%V\", identical name appears in \"%V\"",
1021 &str, &old->bundle->name, &item->bundle->name);
1022
1023 old->bundle = item->bundle;
1024 }
1025
1026 return NXT_OK;
1027 }
1028
1029 return NXT_ERROR;
1030 }
1031
1032
1033 static nxt_int_t
1034 nxt_openssl_servername(SSL *s, int *ad, void *arg)
1035 {
1036 nxt_str_t str;
1037 nxt_uint_t i;
1038 nxt_conn_t *c;
1039 const char *servername;
1040 nxt_tls_conf_t *conf;
1041 nxt_openssl_conn_t *tls;
1042 nxt_tls_bundle_conf_t *bundle;
1043
1044 c = SSL_get_ex_data(s, nxt_openssl_connection_index);
1045
1046 if (nxt_slow_path(c == NULL)) {
1047 nxt_thread_log_alert("SSL_get_ex_data() failed");
1048 return SSL_TLSEXT_ERR_ALERT_FATAL;
1049 }
1050
1051 servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
1052
1053 if (servername == NULL) {
1054 nxt_debug(c->socket.task, "SSL_get_servername(): NULL");
1055 goto done;
1056 }
1057
1058 str.length = nxt_strlen(servername);
1059 if (str.length == 0) {
1060 nxt_debug(c->socket.task, "SSL_get_servername(): \"\" is empty");
1061 goto done;
1062 }
1063
1064 if (servername[0] == '.') {
1065 nxt_debug(c->socket.task, "ignored the server name \"%s\": "
1066 "leading \".\"", servername);
1067 goto done;
1068 }
1069
1070 nxt_debug(c->socket.task, "tls with servername \"%s\"", servername);
1071
1072 str.start = nxt_mp_nget(c->mem_pool, str.length);
1073 if (nxt_slow_path(str.start == NULL)) {
1074 return SSL_TLSEXT_ERR_ALERT_FATAL;
1075 }
1076
1077 nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length);
1078
1079 tls = c->u.tls;
1080 conf = tls->conf;
1081
1082 bundle = nxt_openssl_find_ctx(conf, &str);
1083
1084 if (bundle == NULL) {
1085 for (i = 1; i < str.length; i++) {
1086 if (str.start[i] == '.') {
1087 str.start += i;
1088 str.length -= i;
1089
1090 bundle = nxt_openssl_find_ctx(conf, &str);
1091 break;
1092 }
1093 }
1094 }
1095
1096 if (bundle != NULL) {
1097 nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" "
1098 "(old: \"%V\")", &str, &bundle->name,
1099 &conf->bundle->name);
1100
1101 if (bundle != conf->bundle) {
1102 if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) {
1103 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
1104 "SSL_set_SSL_CTX() failed");
1105
1106 return SSL_TLSEXT_ERR_ALERT_FATAL;
1107 }
1108 }
1109 }
1110
1111 done:
1112
1113 return SSL_TLSEXT_ERR_OK;
1114 }
1115
1116
1117 static nxt_tls_bundle_conf_t *
1118 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn)
1119 {
1120 nxt_int_t ret;
1121 nxt_lvlhsh_query_t lhq;
1122 nxt_tls_bundle_hash_item_t *item;
1123
1124 lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length);
1125 lhq.key = *sn;
1126 lhq.proto = &nxt_openssl_bundle_hash_proto;
1127
1128 ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq);
1129 if (ret != NXT_OK) {
1130 return NULL;
1131 }
1132
1133 item = lhq.value;
1134
1135 return item->bundle;
1136 }
1137
1138
1139 static void
1140 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
1141 {
1142 nxt_tls_bundle_conf_t *bundle;
1143
1144 bundle = conf->bundle;
1145 nxt_assert(bundle != NULL);
1146
1147 do {
1148 SSL_CTX_free(bundle->ctx);
1149 bundle = bundle->next;
1150 } while (bundle != NULL);
1151
1152 if (conf->tickets) {
1153 nxt_memzero(conf->tickets->tickets,
1154 conf->tickets->count * sizeof(nxt_tls_ticket_t));
1155 }
1156
1157 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
1158 && OPENSSL_VERSION_NUMBER < 0x1010101fL)
1159 RAND_keep_random_devices_open(0);
1160 #endif
1161 }
1162
1163
1164 static void
1165 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c)
1166 {
1167 int ret;
1168 SSL *s;
1169 SSL_CTX *ctx;
1170 nxt_openssl_conn_t *tls;
1171
1172 nxt_log_debug(c->socket.log, "openssl conn init");
1173
1174 tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t));
1175 if (tls == NULL) {
1176 goto fail;
1177 }
1178
1179 c->u.tls = tls;
1180 nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size);
1181
1182 ctx = conf->bundle->ctx;
1183
1184 s = SSL_new(ctx);
1185 if (s == NULL) {
1186 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed");
1187 goto fail;
1188 }
1189
1190 tls->session = s;
1191 /* To pass TLS config to the nxt_openssl_servername() callback. */
1192 tls->conf = conf;
1193 tls->conn = c;
1194
1195 ret = SSL_set_fd(s, c->socket.fd);
1196
1197 if (ret == 0) {
1198 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed",
1199 c->socket.fd);
1200 goto fail;
1201 }
1202
1203 SSL_set_accept_state(s);
1204
1205 if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
1206 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed");
1207 goto fail;
1208 }
1209
1210 c->io = &nxt_openssl_conn_io;
1211 c->sendfile = NXT_CONN_SENDFILE_OFF;
1212
1213 nxt_openssl_conn_handshake(task, c, c->socket.data);
1214
1215 return;
1216
1217 fail:
1218
1219 nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
1220 task, c, c->socket.data);
1221 }
1222
1223
1224 nxt_inline void
1225 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
1226 {
1227 nxt_openssl_conn_t *tls;
1228
1229 nxt_debug(task, "openssl conn free");
1230
1231 tls = c->u.tls;
1232
1233 if (tls != NULL) {
1234 c->u.tls = NULL;
1235 nxt_free(tls->buffer.start);
1236 SSL_free(tls->session);
1237 }
1238 }
1239
1240
1241 static void
1242 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
1243 {
1244 int ret;
1245 nxt_int_t n;
1246 nxt_err_t err;
1247 nxt_conn_t *c;
1248 nxt_work_queue_t *wq;
1249 nxt_work_handler_t handler;
1250 nxt_openssl_conn_t *tls;
1251 const nxt_conn_state_t *state;
1252
1253 c = obj;
1254
1255 nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
1256
1257 if (c->socket.error != 0) {
1258 return;
1259 }
1260
1261 tls = c->u.tls;
1262
1263 if (tls == NULL) {
1264 return;
1265 }
1266
1267 nxt_debug(task, "openssl conn handshake: %d times", tls->times);
1268
1269 /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
1270
1271 ret = SSL_do_handshake(tls->session);
1272
1273 err = (ret <= 0) ? nxt_socket_errno : 0;
1274
1275 nxt_thread_time_debug_update(task->thread);
1276
1277 nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err);
1278
1279 state = (c->read_state != NULL) ? c->read_state : c->write_state;
1280
1281 if (ret > 0) {
1282 /* ret == 1, the handshake was successfully completed. */
1283 tls->handshake = 1;
1284
1285 if (c->read_state != NULL) {
1286 if (state->io_read_handler != NULL || c->read != NULL) {
1287 nxt_conn_read(task->thread->engine, c);
1288 return;
1289 }
1290
1291 } else {
1292 if (c->write != NULL) {
1293 nxt_conn_write(task->thread->engine, c);
1294 return;
1295 }
1296 }
1297
1298 handler = state->ready_handler;
1299
1300 } else {
1301 c->socket.read_handler = nxt_openssl_conn_handshake;
1302 c->socket.write_handler = nxt_openssl_conn_handshake;
1303
1304 n = nxt_openssl_conn_test_error(task, c, ret, err,
1305 NXT_OPENSSL_HANDSHAKE);
1306 switch (n) {
1307
1308 case NXT_AGAIN:
1309 if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) {
1310 tls->times++;
1311 }
1312
1313 return;
1314
1315 case 0:
1316 handler = state->close_handler;
1317 break;
1318
1319 default:
1320 case NXT_ERROR:
1321 nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed",
1322 c->socket.fd);
1323
1324 handler = state->error_handler;
1325 break;
1326 }
1327 }
1328
1329 wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue;
1330
1331 nxt_work_queue_add(wq, handler, task, c, data);
1332 }
1333
1334
1335 static ssize_t
1336 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b)
1337 {
1338 int ret;
1339 size_t size;
1340 nxt_int_t n;
1341 nxt_err_t err;
1342 nxt_openssl_conn_t *tls;
1343
1344 tls = c->u.tls;
1345 size = b->mem.end - b->mem.free;
1346
1347 ret = SSL_read(tls->session, b->mem.free, size);
1348
1349 err = (ret <= 0) ? nxt_socket_errno : 0;
1350
1351 nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d",
1352 c->socket.fd, b->mem.free, size, ret, err);
1353
1354 if (ret > 0) {
1355 return ret;
1356 }
1357
1358 n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err,
1359 NXT_OPENSSL_READ);
1360 if (n == NXT_ERROR) {
1361 nxt_openssl_conn_error(c->socket.task, err,
1362 "SSL_read(%d, %p, %uz) failed",
1363 c->socket.fd, b->mem.free, size);
1364 }
1365
1366 return n;
1367 }
1368
1369
1370 static ssize_t
1371 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb)
1372 {
1373 nxt_uint_t niov;
1374 struct iovec iov;
1375
1376 niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1);
1377
1378 if (niov == 0 && sb->sync) {
1379 return 0;
1380 }
1381
1382 return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len);
1383 }
1384
1385
1386 static ssize_t
1387 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf,
1388 size_t size)
1389 {
1390 int ret;
1391 nxt_err_t err;
1392 nxt_int_t n;
1393 nxt_conn_t *c;
1394 nxt_openssl_conn_t *tls;
1395
1396 tls = sb->tls;
1397
1398 ret = SSL_write(tls->session, buf, size);
1399
1400 err = (ret <= 0) ? nxt_socket_errno : 0;
1401
1402 nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d",
1403 sb->socket, buf, size, ret, err);
1404
1405 if (ret > 0) {
1406 return ret;
1407 }
1408
1409 c = tls->conn;
1410 c->socket.write_ready = sb->ready;
1411
1412 n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE);
1413
1414 sb->ready = c->socket.write_ready;
1415
1416 if (n == NXT_ERROR) {
1417 sb->error = c->socket.error;
1418 nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed",
1419 sb->socket, buf, size);
1420 }
1421
1422 return n;
1423 }
1424
1425
1426 static void
1427 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
1428 {
1429 int ret, mode;
1430 SSL *s;
1431 nxt_err_t err;
1432 nxt_int_t n;
1433 nxt_bool_t quiet, once;
1434 nxt_conn_t *c;
1435 nxt_openssl_conn_t *tls;
1436 nxt_work_handler_t handler;
1437
1438 c = obj;
1439
1440 nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
1441
1442 c->read_state = NULL;
1443 tls = c->u.tls;
1444
1445 if (tls == NULL) {
1446 return;
1447 }
1448
1449 s = tls->session;
1450
1451 if (s == NULL || !tls->handshake) {
1452 handler = c->write_state->ready_handler;
1453 goto done;
1454 }
1455
1456 mode = SSL_get_shutdown(s);
1457
1458 if (c->socket.timedout || c->socket.error != 0) {
1459 quiet = 1;
1460
1461 } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) {
1462 quiet = 1;
1463
1464 } else {
1465 quiet = 0;
1466 }
1467
1468 SSL_set_quiet_shutdown(s, quiet);
1469
1470 if (tls->conf->no_wait_shutdown) {
1471 mode |= SSL_RECEIVED_SHUTDOWN;
1472 }
1473
1474 once = 1;
1475
1476 for ( ;; ) {
1477 SSL_set_shutdown(s, mode);
1478
1479 ret = SSL_shutdown(s);
1480
1481 err = (ret <= 0) ? nxt_socket_errno : 0;
1482
1483 nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d",
1484 c->socket.fd, mode, quiet, ret, err);
1485
1486 if (ret > 0) {
1487 /* ret == 1, the shutdown was successfully completed. */
1488 handler = c->write_state->ready_handler;
1489 goto done;
1490 }
1491
1492 if (ret == 0) {
1493 /*
1494 * If SSL_shutdown() returns 0 then it should be called
1495 * again. The second SSL_shutdown() call should return
1496 * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE.
1497 * OpenSSL prior to 0.9.8m version however never returns
1498 * -1 at all. Fortunately, OpenSSL preserves internally
1499 * correct status available via SSL_get_error(-1).
1500 */
1501 if (once) {
1502 once = 0;
1503 mode = SSL_get_shutdown(s);
1504 continue;
1505 }
1506
1507 ret = -1;
1508 }
1509
1510 /* ret == -1 */
1511
1512 break;
1513 }
1514
1515 c->socket.read_handler = nxt_openssl_conn_io_shutdown;
1516 c->socket.write_handler = nxt_openssl_conn_io_shutdown;
1517 c->socket.error_handler = c->write_state->error_handler;
1518
1519 n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN);
1520
1521 switch (n) {
1522
1523 case 0:
1524 handler = c->write_state->close_handler;
1525 break;
1526
1527 case NXT_AGAIN:
1528 c->write_timer.handler = nxt_openssl_conn_io_shutdown_timeout;
1529 nxt_timer_add(task->thread->engine, &c->write_timer, 5000);
1530 return;
1531
1532 default:
1533 case NXT_ERROR:
1534 nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed",
1535 c->socket.fd);
1536 handler = c->write_state->error_handler;
1537 }
1538
1539 done:
1540
1541 nxt_openssl_conn_free(task, c);
1542
1543 nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
1544 }
1545
1546
1547 static nxt_int_t
1548 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
1549 nxt_err_t sys_err, nxt_openssl_io_t io)
1550 {
1551 u_long lib_err;
1552 nxt_openssl_conn_t *tls;
1553
1554 tls = c->u.tls;
1555
1556 tls->ssl_error = SSL_get_error(tls->session, ret);
1557
1558 nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error);
1559
1560 switch (tls->ssl_error) {
1561
1562 case SSL_ERROR_WANT_READ:
1563 c->socket.read_ready = 0;
1564
1565 if (io != NXT_OPENSSL_READ) {
1566 nxt_fd_event_block_write(task->thread->engine, &c->socket);
1567
1568 if (nxt_fd_event_is_disabled(c->socket.read)) {
1569 nxt_fd_event_enable_read(task->thread->engine, &c->socket);
1570 }
1571 }
1572
1573 return NXT_AGAIN;
1574
1575 case SSL_ERROR_WANT_WRITE:
1576 c->socket.write_ready = 0;
1577
1578 if (io != NXT_OPENSSL_WRITE) {
1579 nxt_fd_event_block_read(task->thread->engine, &c->socket);
1580
1581 if (nxt_fd_event_is_disabled(c->socket.write)) {
1582 nxt_fd_event_enable_write(task->thread->engine, &c->socket);
1583 }
1584 }
1585
1586 return NXT_AGAIN;
1587
1588 case SSL_ERROR_SYSCALL:
1589 lib_err = ERR_peek_error();
1590
1591 nxt_debug(task, "ERR_peek_error(): %l", lib_err);
1592
1593 if (sys_err != 0 || lib_err != 0) {
1594 c->socket.error = sys_err;
1595 return NXT_ERROR;
1596 }
1597
1598 /* A connection was just closed. */
1599 c->socket.closed = 1;
1600 return 0;
1601
1602 case SSL_ERROR_ZERO_RETURN:
1603 /* A "close notify" alert. */
1604 return 0;
1605
1606 default: /* SSL_ERROR_SSL, etc. */
1607 c->socket.error = 1000; /* Nonexistent errno code. */
1608 return NXT_ERROR;
1609 }
1610 }
1611
1612
1613 static void
1614 nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, void *data)
1615 {
1616 nxt_conn_t *c;
1617 nxt_timer_t *timer;
1618
1619 timer = obj;
1620
1621 nxt_debug(task, "openssl conn shutdown timeout");
1622
1623 c = nxt_write_timer_conn(timer);
1624
1625 c->socket.timedout = 1;
1626 nxt_openssl_conn_io_shutdown(task, c, NULL);
1627 }
1628
1629
1630 static void nxt_cdecl
1631 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...)
1632 {
1633 u_char *p, *end;
1634 va_list args;
1635 nxt_uint_t level;
1636 u_char msg[NXT_MAX_ERROR_STR];
1637
1638 level = nxt_openssl_log_error_level(err);
1639
1640 if (nxt_log_level_enough(task->log, level)) {
1641
1642 end = msg + sizeof(msg);
1643
1644 va_start(args, fmt);
1645 p = nxt_vsprintf(msg, end, fmt, args);
1646 va_end(args);
1647
1648 if (err != 0) {
1649 p = nxt_sprintf(p, end, " %E", err);
1650 }
1651
1652 p = nxt_openssl_copy_error(p, end);
1653
1654 nxt_log(task, level, "%*s", p - msg, msg);
1655
1656 } else {
1657 ERR_clear_error();
1658 }
1659 }
1660
1661
1662 static nxt_uint_t
1663 nxt_openssl_log_error_level(nxt_err_t err)
1664 {
1665 switch (ERR_GET_REASON(ERR_peek_error())) {
1666
1667 case 0:
1668 return nxt_socket_error_level(err);
1669
1670 case SSL_R_BAD_CHANGE_CIPHER_SPEC: /* 103 */
1671 case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG: /* 129 */
1672 case SSL_R_DIGEST_CHECK_FAILED: /* 149 */
1673 case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST: /* 151 */
1674 case SSL_R_EXCESSIVE_MESSAGE_SIZE: /* 152 */
1675 case SSL_R_LENGTH_MISMATCH: /* 159 */
1676 #ifdef SSL_R_NO_CIPHERS_PASSED
1677 case SSL_R_NO_CIPHERS_PASSED: /* 182 */
1678 #endif
1679 case SSL_R_NO_CIPHERS_SPECIFIED: /* 183 */
1680 case SSL_R_NO_COMPRESSION_SPECIFIED: /* 187 */
1681 case SSL_R_NO_SHARED_CIPHER: /* 193 */
1682 case SSL_R_RECORD_LENGTH_MISMATCH: /* 213 */
1683 #ifdef SSL_R_PARSE_TLSEXT
1684 case SSL_R_PARSE_TLSEXT: /* 227 */
1685 #endif
1686 case SSL_R_UNEXPECTED_MESSAGE: /* 244 */
1687 case SSL_R_UNEXPECTED_RECORD: /* 245 */
1688 case SSL_R_UNKNOWN_ALERT_TYPE: /* 246 */
1689 case SSL_R_UNKNOWN_PROTOCOL: /* 252 */
1690 case SSL_R_WRONG_VERSION_NUMBER: /* 267 */
1691 case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC: /* 281 */
1692 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
1693 case SSL_R_RENEGOTIATE_EXT_TOO_LONG: /* 335 */
1694 case SSL_R_RENEGOTIATION_ENCODING_ERR: /* 336 */
1695 case SSL_R_RENEGOTIATION_MISMATCH: /* 337 */
1696 #endif
1697 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
1698 case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED: /* 338 */
1699 #endif
1700 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
1701 case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING: /* 345 */
1702 #endif
1703 case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
1704 case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE: /* 1010 */
1705 case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC: /* 1020 */
1706 case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED: /* 1021 */
1707 case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW: /* 1022 */
1708 case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE: /* 1030 */
1709 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: /* 1040 */
1710 case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER: /* 1047 */
1711 break;
1712
1713 case SSL_R_SSLV3_ALERT_NO_CERTIFICATE: /* 1041 */
1714 case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE: /* 1042 */
1715 case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE: /* 1043 */
1716 case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED: /* 1044 */
1717 case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED: /* 1045 */
1718 case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN: /* 1046 */
1719 case SSL_R_TLSV1_ALERT_UNKNOWN_CA: /* 1048 */
1720 case SSL_R_TLSV1_ALERT_ACCESS_DENIED: /* 1049 */
1721 case SSL_R_TLSV1_ALERT_DECODE_ERROR: /* 1050 */
1722 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR: /* 1051 */
1723 case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION: /* 1060 */
1724 case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION: /* 1070 */
1725 case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY: /* 1071 */
1726 case SSL_R_TLSV1_ALERT_INTERNAL_ERROR: /* 1080 */
1727 case SSL_R_TLSV1_ALERT_USER_CANCELLED: /* 1090 */
1728 case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION: /* 1100 */
1729 return NXT_LOG_ERR;
1730
1731 default:
1732 return NXT_LOG_ALERT;
1733 }
1734
1735 return NXT_LOG_INFO;
1736 }
1737
1738
1739 void nxt_cdecl
1740 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...)
1741 {
1742 u_char *p, *end;
1743 va_list args;
1744 u_char msg[NXT_MAX_ERROR_STR];
1745
1746 end = msg + sizeof(msg);
1747
1748 va_start(args, fmt);
1749 p = nxt_vsprintf(msg, end, fmt, args);
1750 va_end(args);
1751
1752 p = nxt_openssl_copy_error(p, end);
1753
1754 nxt_log(task, level, "%*s", p - msg, msg);
1755 }
1756
1757
1758 u_char *
1759 nxt_openssl_copy_error(u_char *p, u_char *end)
1760 {
1761 int flags;
1762 u_long err;
1763 nxt_bool_t clear;
1764 const char *data, *delimiter;
1765
1766 err = ERR_peek_error();
1767 if (err == 0) {
1768 return p;
1769 }
1770
1771 /* Log the most relevant error message ... */
1772 data = ERR_reason_error_string(err);
1773
1774 p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data);
1775
1776 /*
1777 * ... followed by all queued cumbersome OpenSSL error messages
1778 * and drain the error queue.
1779 */
1780 delimiter = "";
1781 clear = 0;
1782
1783 for ( ;; ) {
1784 err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
1785 if (err == 0) {
1786 break;
1787 }
1788
1789 p = nxt_sprintf(p, end, "%s", delimiter);
1790
1791 ERR_error_string_n(err, (char *) p, end - p);
1792
1793 while (p < end && *p != '\0') {
1794 p++;
1795 }
1796
1797 if ((flags & ERR_TXT_STRING) != 0) {
1798 p = nxt_sprintf(p, end, ":%s", data);
1799 }
1800
1801 clear |= ((flags & ERR_TXT_MALLOCED) != 0);
1802
1803 delimiter = "; ";
1804 }
1805
1806 /* Deallocate additional data. */
1807
1808 if (clear) {
1809 ERR_clear_error();
1810 }
1811
1812 if (p < end) {
1813 *p++ = ')';
1814 }
1815
1816 return p;
1817 }
1818