nxt_openssl.c (13:3a52b2c3d3f1) nxt_openssl.c (62:5e1efcc7b740)
1
2/*
3 * Copyright (C) Igor Sysoev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#include <nxt_main.h>
8#include <openssl/ssl.h>

--- 9 unchanged lines hidden (view full) ---

18
19 nxt_buf_mem_t buffer;
20} nxt_openssl_conn_t;
21
22
23static nxt_int_t nxt_openssl_server_init(nxt_ssltls_conf_t *conf);
24
25static void nxt_openssl_conn_init(nxt_task_t *task, nxt_ssltls_conf_t *conf,
1
2/*
3 * Copyright (C) Igor Sysoev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#include <nxt_main.h>
8#include <openssl/ssl.h>

--- 9 unchanged lines hidden (view full) ---

18
19 nxt_buf_mem_t buffer;
20} nxt_openssl_conn_t;
21
22
23static nxt_int_t nxt_openssl_server_init(nxt_ssltls_conf_t *conf);
24
25static void nxt_openssl_conn_init(nxt_task_t *task, nxt_ssltls_conf_t *conf,
26 nxt_event_conn_t *c);
27static void nxt_openssl_session_cleanup(void *data);
26 nxt_conn_t *c);
27static void nxt_openssl_session_cleanup(nxt_task_t *task, void *data);
28static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
29static void nxt_openssl_conn_io_read(nxt_task_t *task, void *obj, void *data);
30static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
31 void *data);
28static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
29static void nxt_openssl_conn_io_read(nxt_task_t *task, void *obj, void *data);
30static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
31 void *data);
32static ssize_t nxt_openssl_conn_io_write_chunk(nxt_event_conn_t *c,
33 nxt_buf_t *b, size_t limit);
34static ssize_t nxt_openssl_conn_io_send(nxt_event_conn_t *c, void *buf,
35 size_t size);
32static ssize_t nxt_openssl_conn_io_write_chunk(nxt_conn_t *c, nxt_buf_t *b,
33 size_t limit);
34static ssize_t nxt_openssl_conn_io_send(nxt_conn_t *c, void *buf, size_t size);
36static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task,
35static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task,
37 nxt_event_conn_t *c, int ret, nxt_err_t sys_err,
38 nxt_work_handler_t handler);
39static void nxt_cdecl nxt_openssl_conn_error(nxt_event_conn_t *c, nxt_err_t err,
36 nxt_conn_t *c, int ret, nxt_err_t sys_err, nxt_work_handler_t handler);
37static void nxt_cdecl nxt_openssl_conn_error(nxt_conn_t *c, nxt_err_t err,
40 const char *fmt, ...);
38 const char *fmt, ...);
41static nxt_uint_t nxt_openssl_log_error_level(nxt_event_conn_t *c,
42 nxt_err_t err);
39static nxt_uint_t nxt_openssl_log_error_level(nxt_conn_t *c, nxt_err_t err);
43static void nxt_cdecl nxt_openssl_log_error(nxt_uint_t level, nxt_log_t *log,
44 const char *fmt, ...);
45static u_char *nxt_openssl_copy_error(u_char *p, u_char *end);
46
47
48const nxt_ssltls_lib_t nxt_openssl_lib = {
49 nxt_openssl_server_init,
50 NULL,
51};
52
53
40static void nxt_cdecl nxt_openssl_log_error(nxt_uint_t level, nxt_log_t *log,
41 const char *fmt, ...);
42static u_char *nxt_openssl_copy_error(u_char *p, u_char *end);
43
44
45const nxt_ssltls_lib_t nxt_openssl_lib = {
46 nxt_openssl_server_init,
47 NULL,
48};
49
50
54static nxt_event_conn_io_t nxt_openssl_event_conn_io = {
51static nxt_conn_io_t nxt_openssl_conn_io = {
55 NULL,
56 NULL,
57
58 nxt_openssl_conn_io_read,
59 NULL,
60 NULL,
61
62 nxt_conn_io_write,

--- 181 unchanged lines hidden (view full) ---

244
245 SSL_CTX_free(ctx);
246
247 return NXT_ERROR;
248}
249
250
251static void
52 NULL,
53 NULL,
54
55 nxt_openssl_conn_io_read,
56 NULL,
57 NULL,
58
59 nxt_conn_io_write,

--- 181 unchanged lines hidden (view full) ---

241
242 SSL_CTX_free(ctx);
243
244 return NXT_ERROR;
245}
246
247
248static void
252nxt_openssl_conn_init(nxt_task_t *task, nxt_ssltls_conf_t *conf,
253 nxt_event_conn_t *c)
249nxt_openssl_conn_init(nxt_task_t *task, nxt_ssltls_conf_t *conf, nxt_conn_t *c)
254{
255 int ret;
256 SSL *s;
257 SSL_CTX *ctx;
258 nxt_openssl_conn_t *ssltls;
259 nxt_mem_pool_cleanup_t *mpcl;
260
261 nxt_log_debug(c->socket.log, "openssl conn init");

--- 34 unchanged lines hidden (view full) ---

296 SSL_set_accept_state(s);
297
298 if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
299 nxt_openssl_log_error(NXT_LOG_CRIT, c->socket.log,
300 "SSL_set_ex_data() failed");
301 goto fail;
302 }
303
250{
251 int ret;
252 SSL *s;
253 SSL_CTX *ctx;
254 nxt_openssl_conn_t *ssltls;
255 nxt_mem_pool_cleanup_t *mpcl;
256
257 nxt_log_debug(c->socket.log, "openssl conn init");

--- 34 unchanged lines hidden (view full) ---

292 SSL_set_accept_state(s);
293
294 if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
295 nxt_openssl_log_error(NXT_LOG_CRIT, c->socket.log,
296 "SSL_set_ex_data() failed");
297 goto fail;
298 }
299
304 c->io = &nxt_openssl_event_conn_io;
300 c->io = &nxt_openssl_conn_io;
305 c->sendfile = NXT_CONN_SENDFILE_OFF;
306
307 nxt_openssl_conn_handshake(task, c, c->socket.data);
308 return;
309
310fail:
311
312 nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
313 task, c, c->socket.data);
314}
315
316
317static void
301 c->sendfile = NXT_CONN_SENDFILE_OFF;
302
303 nxt_openssl_conn_handshake(task, c, c->socket.data);
304 return;
305
306fail:
307
308 nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
309 task, c, c->socket.data);
310}
311
312
313static void
318nxt_openssl_session_cleanup(void *data)
314nxt_openssl_session_cleanup(nxt_task_t *task, void *data)
319{
320 nxt_openssl_conn_t *ssltls;
321
322 ssltls = data;
323
315{
316 nxt_openssl_conn_t *ssltls;
317
318 ssltls = data;
319
324 nxt_thread_log_debug("openssl session cleanup");
320 nxt_debug(task, "openssl session cleanup");
325
326 nxt_free(ssltls->buffer.start);
327
328 SSL_free(ssltls->session);
329}
330
331
332static void
333nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
334{
335 int ret;
336 nxt_int_t n;
337 nxt_err_t err;
321
322 nxt_free(ssltls->buffer.start);
323
324 SSL_free(ssltls->session);
325}
326
327
328static void
329nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
330{
331 int ret;
332 nxt_int_t n;
333 nxt_err_t err;
338 nxt_event_conn_t *c;
334 nxt_conn_t *c;
339 nxt_openssl_conn_t *ssltls;
340
341 c = obj;
342 ssltls = c->u.ssltls;
343
344 nxt_debug(task, "openssl conn handshake: %d", ssltls->times);
345
346 /* "ssltls->times == 1" is suitable to run SSL_do_handshake() in job. */

--- 30 unchanged lines hidden (view full) ---

377
378static void
379nxt_openssl_conn_io_read(nxt_task_t *task, void *obj, void *data)
380{
381 int ret;
382 nxt_buf_t *b;
383 nxt_int_t n;
384 nxt_err_t err;
335 nxt_openssl_conn_t *ssltls;
336
337 c = obj;
338 ssltls = c->u.ssltls;
339
340 nxt_debug(task, "openssl conn handshake: %d", ssltls->times);
341
342 /* "ssltls->times == 1" is suitable to run SSL_do_handshake() in job. */

--- 30 unchanged lines hidden (view full) ---

373
374static void
375nxt_openssl_conn_io_read(nxt_task_t *task, void *obj, void *data)
376{
377 int ret;
378 nxt_buf_t *b;
379 nxt_int_t n;
380 nxt_err_t err;
385 nxt_event_conn_t *c;
381 nxt_conn_t *c;
386 nxt_work_handler_t handler;
387 nxt_openssl_conn_t *ssltls;
388
389 c = obj;
390
391 nxt_debug(task, "openssl conn read");
392
393 handler = c->read_state->ready_handler;

--- 33 unchanged lines hidden (view full) ---

427 }
428 }
429
430 nxt_work_queue_add(c->read_work_queue, handler, task, c, data);
431}
432
433
434static ssize_t
382 nxt_work_handler_t handler;
383 nxt_openssl_conn_t *ssltls;
384
385 c = obj;
386
387 nxt_debug(task, "openssl conn read");
388
389 handler = c->read_state->ready_handler;

--- 33 unchanged lines hidden (view full) ---

423 }
424 }
425
426 nxt_work_queue_add(c->read_work_queue, handler, task, c, data);
427}
428
429
430static ssize_t
435nxt_openssl_conn_io_write_chunk(nxt_event_conn_t *c, nxt_buf_t *b, size_t limit)
431nxt_openssl_conn_io_write_chunk(nxt_conn_t *c, nxt_buf_t *b, size_t limit)
436{
437 nxt_openssl_conn_t *ssltls;
438
439 nxt_debug(c->socket.task, "openssl conn write chunk");
440
441 ssltls = c->u.ssltls;
442
443 return nxt_sendbuf_copy_coalesce(c, &ssltls->buffer, b, limit);
444}
445
446
447static ssize_t
432{
433 nxt_openssl_conn_t *ssltls;
434
435 nxt_debug(c->socket.task, "openssl conn write chunk");
436
437 ssltls = c->u.ssltls;
438
439 return nxt_sendbuf_copy_coalesce(c, &ssltls->buffer, b, limit);
440}
441
442
443static ssize_t
448nxt_openssl_conn_io_send(nxt_event_conn_t *c, void *buf, size_t size)
444nxt_openssl_conn_io_send(nxt_conn_t *c, void *buf, size_t size)
449{
450 int ret;
451 nxt_err_t err;
452 nxt_int_t n;
453 nxt_openssl_conn_t *ssltls;
454
455 ssltls = c->u.ssltls;
456

--- 29 unchanged lines hidden (view full) ---

486static void
487nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
488{
489 int ret, mode;
490 SSL *s;
491 nxt_err_t err;
492 nxt_int_t n;
493 nxt_bool_t quiet, once;
445{
446 int ret;
447 nxt_err_t err;
448 nxt_int_t n;
449 nxt_openssl_conn_t *ssltls;
450
451 ssltls = c->u.ssltls;
452

--- 29 unchanged lines hidden (view full) ---

482static void
483nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
484{
485 int ret, mode;
486 SSL *s;
487 nxt_err_t err;
488 nxt_int_t n;
489 nxt_bool_t quiet, once;
494 nxt_event_conn_t *c;
490 nxt_conn_t *c;
495 nxt_work_handler_t handler;
496 nxt_openssl_conn_t *ssltls;
497
498 c = obj;
499
500 nxt_debug(task, "openssl conn shutdown");
501
502 ssltls = c->u.ssltls;

--- 78 unchanged lines hidden (view full) ---

581
582done:
583
584 nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
585}
586
587
588static nxt_int_t
491 nxt_work_handler_t handler;
492 nxt_openssl_conn_t *ssltls;
493
494 c = obj;
495
496 nxt_debug(task, "openssl conn shutdown");
497
498 ssltls = c->u.ssltls;

--- 78 unchanged lines hidden (view full) ---

577
578done:
579
580 nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
581}
582
583
584static nxt_int_t
589nxt_openssl_conn_test_error(nxt_task_t *task, nxt_event_conn_t *c, int ret,
585nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
590 nxt_err_t sys_err, nxt_work_handler_t handler)
591{
592 u_long lib_err;
593 nxt_work_queue_t *wq;
594 nxt_openssl_conn_t *ssltls;
595
596 ssltls = c->u.ssltls;
597

--- 61 unchanged lines hidden (view full) ---

659 default: /* SSL_ERROR_SSL, etc. */
660 c->socket.error = 1000; /* Nonexistent errno code. */
661 return NXT_ERROR;
662 }
663}
664
665
666static void nxt_cdecl
586 nxt_err_t sys_err, nxt_work_handler_t handler)
587{
588 u_long lib_err;
589 nxt_work_queue_t *wq;
590 nxt_openssl_conn_t *ssltls;
591
592 ssltls = c->u.ssltls;
593

--- 61 unchanged lines hidden (view full) ---

655 default: /* SSL_ERROR_SSL, etc. */
656 c->socket.error = 1000; /* Nonexistent errno code. */
657 return NXT_ERROR;
658 }
659}
660
661
662static void nxt_cdecl
667nxt_openssl_conn_error(nxt_event_conn_t *c, nxt_err_t err, const char *fmt, ...)
663nxt_openssl_conn_error(nxt_conn_t *c, nxt_err_t err, const char *fmt, ...)
668{
669 u_char *p, *end;
670 va_list args;
671 nxt_uint_t level;
672 u_char msg[NXT_MAX_ERROR_STR];
673
674 c->socket.error = err;
675 level = nxt_openssl_log_error_level(c, err);

--- 16 unchanged lines hidden (view full) ---

692
693 } else {
694 ERR_clear_error();
695 }
696}
697
698
699static nxt_uint_t
664{
665 u_char *p, *end;
666 va_list args;
667 nxt_uint_t level;
668 u_char msg[NXT_MAX_ERROR_STR];
669
670 c->socket.error = err;
671 level = nxt_openssl_log_error_level(c, err);

--- 16 unchanged lines hidden (view full) ---

688
689 } else {
690 ERR_clear_error();
691 }
692}
693
694
695static nxt_uint_t
700nxt_openssl_log_error_level(nxt_event_conn_t *c, nxt_err_t err)
696nxt_openssl_log_error_level(nxt_conn_t *c, nxt_err_t err)
701{
702 switch (ERR_GET_REASON(ERR_peek_error())) {
703
704 case 0:
705 return nxt_socket_error_level(err);
706
707 case SSL_R_BAD_CHANGE_CIPHER_SPEC: /* 103 */
708 case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG: /* 129 */

--- 144 unchanged lines hidden ---
697{
698 switch (ERR_GET_REASON(ERR_peek_error())) {
699
700 case 0:
701 return nxt_socket_error_level(err);
702
703 case SSL_R_BAD_CHANGE_CIPHER_SPEC: /* 103 */
704 case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG: /* 129 */

--- 144 unchanged lines hidden ---