xref: /unit/src/nxt_openssl.c (revision 1967)
10Sigor@sysoev.ru 
20Sigor@sysoev.ru /*
30Sigor@sysoev.ru  * Copyright (C) Igor Sysoev
40Sigor@sysoev.ru  * Copyright (C) NGINX, Inc.
50Sigor@sysoev.ru  */
60Sigor@sysoev.ru 
70Sigor@sysoev.ru #include <nxt_main.h>
81885Sa.suvorov@f5.com #include <nxt_conf.h>
90Sigor@sysoev.ru #include <openssl/ssl.h>
100Sigor@sysoev.ru #include <openssl/conf.h>
110Sigor@sysoev.ru #include <openssl/err.h>
121818Smax.romanov@nginx.com #include <openssl/rand.h>
131828Sa.suvorov@f5.com #include <openssl/x509v3.h>
141942Sa.suvorov@f5.com #include <openssl/bio.h>
151942Sa.suvorov@f5.com #include <openssl/evp.h>
160Sigor@sysoev.ru 
170Sigor@sysoev.ru 
180Sigor@sysoev.ru typedef struct {
191952Svbart@nginx.com     SSL               *session;
201952Svbart@nginx.com     nxt_conn_t        *conn;
211952Svbart@nginx.com 
221952Svbart@nginx.com     int               ssl_error;
231952Svbart@nginx.com     uint8_t           times;      /* 2 bits */
241952Svbart@nginx.com     uint8_t           handshake;  /* 1 bit  */
251952Svbart@nginx.com 
261952Svbart@nginx.com     nxt_tls_conf_t    *conf;
271952Svbart@nginx.com     nxt_buf_mem_t     buffer;
281952Svbart@nginx.com } nxt_openssl_conn_t;
291952Svbart@nginx.com 
300Sigor@sysoev.ru 
311952Svbart@nginx.com struct nxt_tls_ticket_s {
321952Svbart@nginx.com     u_char            name[16];
331952Svbart@nginx.com     u_char            hmac_key[32];
341952Svbart@nginx.com     u_char            aes_key[32];
351952Svbart@nginx.com     uint8_t           size;
361952Svbart@nginx.com };
370Sigor@sysoev.ru 
381952Svbart@nginx.com 
391952Svbart@nginx.com struct nxt_tls_tickets_s {
401952Svbart@nginx.com     nxt_uint_t        count;
411952Svbart@nginx.com     nxt_tls_ticket_t  tickets[];
421952Svbart@nginx.com };
430Sigor@sysoev.ru 
440Sigor@sysoev.ru 
45771Sigor@sysoev.ru typedef enum {
46771Sigor@sysoev.ru     NXT_OPENSSL_HANDSHAKE = 0,
47771Sigor@sysoev.ru     NXT_OPENSSL_READ,
48771Sigor@sysoev.ru     NXT_OPENSSL_WRITE,
49771Sigor@sysoev.ru     NXT_OPENSSL_SHUTDOWN,
50771Sigor@sysoev.ru } nxt_openssl_io_t;
51771Sigor@sysoev.ru 
520Sigor@sysoev.ru 
53771Sigor@sysoev.ru static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
54771Sigor@sysoev.ru static void nxt_openssl_library_free(nxt_task_t *task);
55771Sigor@sysoev.ru #if OPENSSL_VERSION_NUMBER < 0x10100004L
56771Sigor@sysoev.ru static nxt_int_t nxt_openssl_locks_init(void);
57771Sigor@sysoev.ru static void nxt_openssl_lock(int mode, int type, const char *file, int line);
58771Sigor@sysoev.ru static unsigned long nxt_openssl_thread_id(void);
59771Sigor@sysoev.ru static void nxt_openssl_locks_free(void);
60771Sigor@sysoev.ru #endif
611920Sa.suvorov@f5.com static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
621920Sa.suvorov@f5.com     nxt_tls_init_t *tls_init, nxt_bool_t last);
631828Sa.suvorov@f5.com static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx,
641828Sa.suvorov@f5.com     nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single);
651885Sa.suvorov@f5.com #if (NXT_HAVE_OPENSSL_CONF_CMD)
661885Sa.suvorov@f5.com static nxt_int_t nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx,
671885Sa.suvorov@f5.com     nxt_conf_value_t *value, nxt_mp_t *mp);
681885Sa.suvorov@f5.com #endif
691942Sa.suvorov@f5.com #if (NXT_HAVE_OPENSSL_TLSEXT)
701942Sa.suvorov@f5.com static nxt_int_t nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx,
711942Sa.suvorov@f5.com     nxt_tls_init_t *tls_init, nxt_mp_t *mp);
721942Sa.suvorov@f5.com static int nxt_tls_ticket_key_callback(SSL *s, unsigned char *name,
731942Sa.suvorov@f5.com     unsigned char *iv, EVP_CIPHER_CTX *ectx,HMAC_CTX *hctx, int enc);
741942Sa.suvorov@f5.com #endif
751920Sa.suvorov@f5.com static void nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size,
761920Sa.suvorov@f5.com     time_t timeout);
771828Sa.suvorov@f5.com static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert,
781828Sa.suvorov@f5.com     nxt_tls_conf_t *conf, nxt_mp_t *mp);
791828Sa.suvorov@f5.com static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq,
801828Sa.suvorov@f5.com     void *data);
811828Sa.suvorov@f5.com static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task,
821828Sa.suvorov@f5.com     nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp);
831828Sa.suvorov@f5.com static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg);
841828Sa.suvorov@f5.com static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf,
851828Sa.suvorov@f5.com     nxt_str_t *sn);
86771Sigor@sysoev.ru static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
87771Sigor@sysoev.ru static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
8862Sigor@sysoev.ru     nxt_conn_t *c);
891Sigor@sysoev.ru static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
90771Sigor@sysoev.ru static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
91771Sigor@sysoev.ru static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
92771Sigor@sysoev.ru static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
93771Sigor@sysoev.ru     void *buf, size_t size);
941Sigor@sysoev.ru static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
950Sigor@sysoev.ru     void *data);
96771Sigor@sysoev.ru static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
97771Sigor@sysoev.ru     int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
981884Sa.suvorov@f5.com static void nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj,
991884Sa.suvorov@f5.com     void *data);
100771Sigor@sysoev.ru static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
101771Sigor@sysoev.ru     nxt_err_t err, const char *fmt, ...);
102771Sigor@sysoev.ru static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
1030Sigor@sysoev.ru 
1040Sigor@sysoev.ru 
105771Sigor@sysoev.ru const nxt_tls_lib_t  nxt_openssl_lib = {
106771Sigor@sysoev.ru     .library_init = nxt_openssl_library_init,
107771Sigor@sysoev.ru     .library_free = nxt_openssl_library_free,
108771Sigor@sysoev.ru 
109771Sigor@sysoev.ru     .server_init = nxt_openssl_server_init,
110771Sigor@sysoev.ru     .server_free = nxt_openssl_server_free,
1110Sigor@sysoev.ru };
1120Sigor@sysoev.ru 
1130Sigor@sysoev.ru 
11462Sigor@sysoev.ru static nxt_conn_io_t  nxt_openssl_conn_io = {
115771Sigor@sysoev.ru     .read = nxt_conn_io_read,
116771Sigor@sysoev.ru     .recvbuf = nxt_openssl_conn_io_recvbuf,
1170Sigor@sysoev.ru 
118771Sigor@sysoev.ru     .write = nxt_conn_io_write,
119771Sigor@sysoev.ru     .sendbuf = nxt_openssl_conn_io_sendbuf,
1200Sigor@sysoev.ru 
121771Sigor@sysoev.ru     .shutdown = nxt_openssl_conn_io_shutdown,
1220Sigor@sysoev.ru };
1230Sigor@sysoev.ru 
1240Sigor@sysoev.ru 
1250Sigor@sysoev.ru static long  nxt_openssl_version;
1260Sigor@sysoev.ru static int   nxt_openssl_connection_index;
1270Sigor@sysoev.ru 
1280Sigor@sysoev.ru 
1290Sigor@sysoev.ru static nxt_int_t
130771Sigor@sysoev.ru nxt_openssl_library_init(nxt_task_t *task)
1310Sigor@sysoev.ru {
1320Sigor@sysoev.ru     int  index;
1330Sigor@sysoev.ru 
1340Sigor@sysoev.ru     if (nxt_fast_path(nxt_openssl_version != 0)) {
1350Sigor@sysoev.ru         return NXT_OK;
1360Sigor@sysoev.ru     }
1370Sigor@sysoev.ru 
138771Sigor@sysoev.ru #if OPENSSL_VERSION_NUMBER >= 0x10100003L
139771Sigor@sysoev.ru 
140771Sigor@sysoev.ru     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
1410Sigor@sysoev.ru 
142771Sigor@sysoev.ru #else
143771Sigor@sysoev.ru     {
144771Sigor@sysoev.ru         nxt_int_t  ret;
145771Sigor@sysoev.ru 
146771Sigor@sysoev.ru         SSL_load_error_strings();
147771Sigor@sysoev.ru 
148771Sigor@sysoev.ru         OPENSSL_config(NULL);
1490Sigor@sysoev.ru 
150771Sigor@sysoev.ru         /*
151771Sigor@sysoev.ru          * SSL_library_init(3):
152771Sigor@sysoev.ru          *
153771Sigor@sysoev.ru          *   SSL_library_init() always returns "1",
154771Sigor@sysoev.ru          *   so it is safe to discard the return value.
155771Sigor@sysoev.ru          */
156771Sigor@sysoev.ru         (void) SSL_library_init();
157771Sigor@sysoev.ru 
158771Sigor@sysoev.ru         ret = nxt_openssl_locks_init();
159771Sigor@sysoev.ru         if (nxt_slow_path(ret != NXT_OK)) {
160771Sigor@sysoev.ru             return ret;
161771Sigor@sysoev.ru         }
162771Sigor@sysoev.ru     }
163771Sigor@sysoev.ru 
164771Sigor@sysoev.ru #endif
1650Sigor@sysoev.ru 
1660Sigor@sysoev.ru     nxt_openssl_version = SSLeay();
1670Sigor@sysoev.ru 
168771Sigor@sysoev.ru     nxt_log(task, NXT_LOG_INFO, "%s, %xl",
169771Sigor@sysoev.ru             SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
1700Sigor@sysoev.ru 
1710Sigor@sysoev.ru #ifndef SSL_OP_NO_COMPRESSION
1720Sigor@sysoev.ru     {
1730Sigor@sysoev.ru         /*
1740Sigor@sysoev.ru          * Disable gzip compression in OpenSSL prior to 1.0.0
1750Sigor@sysoev.ru          * version, this saves about 522K per connection.
1760Sigor@sysoev.ru          */
1770Sigor@sysoev.ru         int                 n;
1780Sigor@sysoev.ru         STACK_OF(SSL_COMP)  *ssl_comp_methods;
1790Sigor@sysoev.ru 
1800Sigor@sysoev.ru         ssl_comp_methods = SSL_COMP_get_compression_methods();
1810Sigor@sysoev.ru 
1820Sigor@sysoev.ru         for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
1830Sigor@sysoev.ru             (void) sk_SSL_COMP_pop(ssl_comp_methods);
1840Sigor@sysoev.ru         }
1850Sigor@sysoev.ru     }
1860Sigor@sysoev.ru #endif
1870Sigor@sysoev.ru 
1880Sigor@sysoev.ru     index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
1890Sigor@sysoev.ru 
1900Sigor@sysoev.ru     if (index == -1) {
191771Sigor@sysoev.ru         nxt_openssl_log_error(task, NXT_LOG_ALERT,
1920Sigor@sysoev.ru                               "SSL_get_ex_new_index() failed");
1930Sigor@sysoev.ru         return NXT_ERROR;
1940Sigor@sysoev.ru     }
1950Sigor@sysoev.ru 
1960Sigor@sysoev.ru     nxt_openssl_connection_index = index;
1970Sigor@sysoev.ru 
1980Sigor@sysoev.ru     return NXT_OK;
1990Sigor@sysoev.ru }
2000Sigor@sysoev.ru 
2010Sigor@sysoev.ru 
202771Sigor@sysoev.ru #if OPENSSL_VERSION_NUMBER >= 0x10100003L
203771Sigor@sysoev.ru 
204771Sigor@sysoev.ru static void
205771Sigor@sysoev.ru nxt_openssl_library_free(nxt_task_t *task)
206771Sigor@sysoev.ru {
207771Sigor@sysoev.ru }
208771Sigor@sysoev.ru 
209771Sigor@sysoev.ru #else
210771Sigor@sysoev.ru 
211771Sigor@sysoev.ru static nxt_thread_mutex_t  *nxt_openssl_locks;
212771Sigor@sysoev.ru 
2130Sigor@sysoev.ru static nxt_int_t
214771Sigor@sysoev.ru nxt_openssl_locks_init(void)
215771Sigor@sysoev.ru {
216771Sigor@sysoev.ru     int        i, n;
217771Sigor@sysoev.ru     nxt_int_t  ret;
218771Sigor@sysoev.ru 
219771Sigor@sysoev.ru     n = CRYPTO_num_locks();
220771Sigor@sysoev.ru 
221771Sigor@sysoev.ru     nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
222771Sigor@sysoev.ru     if (nxt_slow_path(nxt_openssl_locks == NULL)) {
223771Sigor@sysoev.ru         return NXT_ERROR;
224771Sigor@sysoev.ru     }
225771Sigor@sysoev.ru 
226771Sigor@sysoev.ru     for (i = 0; i < n; i++) {
227771Sigor@sysoev.ru         ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
228771Sigor@sysoev.ru         if (nxt_slow_path(ret != NXT_OK)) {
229771Sigor@sysoev.ru             return ret;
230771Sigor@sysoev.ru         }
231771Sigor@sysoev.ru     }
232771Sigor@sysoev.ru 
233771Sigor@sysoev.ru     CRYPTO_set_locking_callback(nxt_openssl_lock);
234771Sigor@sysoev.ru 
235771Sigor@sysoev.ru     CRYPTO_set_id_callback(nxt_openssl_thread_id);
236771Sigor@sysoev.ru 
237771Sigor@sysoev.ru     return NXT_OK;
238771Sigor@sysoev.ru }
239771Sigor@sysoev.ru 
240771Sigor@sysoev.ru 
241771Sigor@sysoev.ru static void
242771Sigor@sysoev.ru nxt_openssl_lock(int mode, int type, const char *file, int line)
243771Sigor@sysoev.ru {
244771Sigor@sysoev.ru     nxt_thread_mutex_t  *lock;
245771Sigor@sysoev.ru 
246771Sigor@sysoev.ru     lock = &nxt_openssl_locks[type];
247771Sigor@sysoev.ru 
248771Sigor@sysoev.ru     if ((mode & CRYPTO_LOCK) != 0) {
249771Sigor@sysoev.ru         (void) nxt_thread_mutex_lock(lock);
250771Sigor@sysoev.ru 
251771Sigor@sysoev.ru     } else {
252771Sigor@sysoev.ru         (void) nxt_thread_mutex_unlock(lock);
253771Sigor@sysoev.ru     }
254771Sigor@sysoev.ru }
255771Sigor@sysoev.ru 
256771Sigor@sysoev.ru 
257771Sigor@sysoev.ru static u_long
258771Sigor@sysoev.ru nxt_openssl_thread_id(void)
259771Sigor@sysoev.ru {
260771Sigor@sysoev.ru     return (u_long) nxt_thread_handle();
261771Sigor@sysoev.ru }
262771Sigor@sysoev.ru 
263771Sigor@sysoev.ru 
264771Sigor@sysoev.ru static void
265771Sigor@sysoev.ru nxt_openssl_library_free(nxt_task_t *task)
266771Sigor@sysoev.ru {
267771Sigor@sysoev.ru     nxt_openssl_locks_free();
268771Sigor@sysoev.ru }
269771Sigor@sysoev.ru 
270771Sigor@sysoev.ru 
271771Sigor@sysoev.ru static void
272771Sigor@sysoev.ru nxt_openssl_locks_free(void)
273771Sigor@sysoev.ru {
274771Sigor@sysoev.ru     int  i, n;
275771Sigor@sysoev.ru 
276771Sigor@sysoev.ru     n = CRYPTO_num_locks();
277771Sigor@sysoev.ru 
278771Sigor@sysoev.ru     CRYPTO_set_locking_callback(NULL);
279771Sigor@sysoev.ru 
280771Sigor@sysoev.ru     for (i = 0; i < n; i++) {
281771Sigor@sysoev.ru         nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
282771Sigor@sysoev.ru     }
283771Sigor@sysoev.ru 
284771Sigor@sysoev.ru     OPENSSL_free(nxt_openssl_locks);
285771Sigor@sysoev.ru }
286771Sigor@sysoev.ru 
287771Sigor@sysoev.ru #endif
288771Sigor@sysoev.ru 
289771Sigor@sysoev.ru 
290771Sigor@sysoev.ru static nxt_int_t
2911920Sa.suvorov@f5.com nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
2921920Sa.suvorov@f5.com     nxt_tls_init_t *tls_init, nxt_bool_t last)
2930Sigor@sysoev.ru {
2941828Sa.suvorov@f5.com     SSL_CTX                *ctx;
2951828Sa.suvorov@f5.com     const char             *ciphers, *ca_certificate;
2961920Sa.suvorov@f5.com     nxt_tls_conf_t         *conf;
2971828Sa.suvorov@f5.com     STACK_OF(X509_NAME)    *list;
2981828Sa.suvorov@f5.com     nxt_tls_bundle_conf_t  *bundle;
2990Sigor@sysoev.ru 
3000Sigor@sysoev.ru     ctx = SSL_CTX_new(SSLv23_server_method());
3010Sigor@sysoev.ru     if (ctx == NULL) {
302771Sigor@sysoev.ru         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
3030Sigor@sysoev.ru         return NXT_ERROR;
3040Sigor@sysoev.ru     }
3050Sigor@sysoev.ru 
3061920Sa.suvorov@f5.com     conf = tls_init->conf;
3071920Sa.suvorov@f5.com 
3081828Sa.suvorov@f5.com     bundle = conf->bundle;
3091828Sa.suvorov@f5.com     nxt_assert(bundle != NULL);
3101828Sa.suvorov@f5.com 
3111828Sa.suvorov@f5.com     bundle->ctx = ctx;
3120Sigor@sysoev.ru 
313771Sigor@sysoev.ru #ifdef SSL_OP_NO_RENEGOTIATION
314771Sigor@sysoev.ru     /* Renegration is not currently supported. */
315771Sigor@sysoev.ru     SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
316771Sigor@sysoev.ru #endif
317771Sigor@sysoev.ru 
3180Sigor@sysoev.ru #ifdef SSL_OP_NO_COMPRESSION
3190Sigor@sysoev.ru     /*
3200Sigor@sysoev.ru      * Disable gzip compression in OpenSSL 1.0.0,
3210Sigor@sysoev.ru      * this saves about 522K per connection.
3220Sigor@sysoev.ru      */
3230Sigor@sysoev.ru     SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
3240Sigor@sysoev.ru #endif
3250Sigor@sysoev.ru 
3260Sigor@sysoev.ru #ifdef SSL_MODE_RELEASE_BUFFERS
3270Sigor@sysoev.ru 
3280Sigor@sysoev.ru     if (nxt_openssl_version >= 10001078) {
3290Sigor@sysoev.ru         /*
3300Sigor@sysoev.ru          * Allow to release read and write buffers in OpenSSL 1.0.0,
3310Sigor@sysoev.ru          * this saves about 34K per idle connection.  It is not safe
3320Sigor@sysoev.ru          * before OpenSSL 1.0.1h (CVE-2010-5298).
3330Sigor@sysoev.ru          */
3340Sigor@sysoev.ru         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
3350Sigor@sysoev.ru     }
3360Sigor@sysoev.ru 
3370Sigor@sysoev.ru #endif
3380Sigor@sysoev.ru 
3391828Sa.suvorov@f5.com     if (nxt_openssl_chain_file(task, ctx, conf, mp,
3401828Sa.suvorov@f5.com                                last && bundle->next == NULL)
3411828Sa.suvorov@f5.com         != NXT_OK)
3421828Sa.suvorov@f5.com     {
3430Sigor@sysoev.ru         goto fail;
3440Sigor@sysoev.ru     }
345774Svbart@nginx.com /*
3460Sigor@sysoev.ru     key = conf->certificate_key;
3470Sigor@sysoev.ru 
3480Sigor@sysoev.ru     if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
349771Sigor@sysoev.ru         nxt_openssl_log_error(task, NXT_LOG_ALERT,
3500Sigor@sysoev.ru                               "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
3510Sigor@sysoev.ru                               key);
3520Sigor@sysoev.ru         goto fail;
3530Sigor@sysoev.ru     }
354774Svbart@nginx.com */
3551885Sa.suvorov@f5.com 
3560Sigor@sysoev.ru     ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
3570Sigor@sysoev.ru 
3580Sigor@sysoev.ru     if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
359771Sigor@sysoev.ru         nxt_openssl_log_error(task, NXT_LOG_ALERT,
3600Sigor@sysoev.ru                               "SSL_CTX_set_cipher_list(\"%s\") failed",
3610Sigor@sysoev.ru                               ciphers);
3620Sigor@sysoev.ru         goto fail;
3630Sigor@sysoev.ru     }
3640Sigor@sysoev.ru 
3651885Sa.suvorov@f5.com #if (NXT_HAVE_OPENSSL_CONF_CMD)
3661920Sa.suvorov@f5.com     if (tls_init->conf_cmds != NULL
3671920Sa.suvorov@f5.com         && nxt_ssl_conf_commands(task, ctx, tls_init->conf_cmds, mp) != NXT_OK)
3681885Sa.suvorov@f5.com     {
3691885Sa.suvorov@f5.com         goto fail;
3701885Sa.suvorov@f5.com     }
3711885Sa.suvorov@f5.com #endif
3721885Sa.suvorov@f5.com 
3731920Sa.suvorov@f5.com     nxt_ssl_session_cache(ctx, tls_init->cache_size, tls_init->timeout);
3741920Sa.suvorov@f5.com 
3751942Sa.suvorov@f5.com #if (NXT_HAVE_OPENSSL_TLSEXT)
3761942Sa.suvorov@f5.com     if (nxt_tls_ticket_keys(task, ctx, tls_init, mp) != NXT_OK) {
3771942Sa.suvorov@f5.com         goto fail;
3781942Sa.suvorov@f5.com     }
3791942Sa.suvorov@f5.com #endif
3801942Sa.suvorov@f5.com 
3810Sigor@sysoev.ru     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
3820Sigor@sysoev.ru 
3830Sigor@sysoev.ru     if (conf->ca_certificate != NULL) {
3840Sigor@sysoev.ru 
3850Sigor@sysoev.ru         /* TODO: verify callback */
3860Sigor@sysoev.ru         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
3870Sigor@sysoev.ru 
3880Sigor@sysoev.ru         /* TODO: verify depth */
3890Sigor@sysoev.ru         SSL_CTX_set_verify_depth(ctx, 1);
3900Sigor@sysoev.ru 
3910Sigor@sysoev.ru         ca_certificate = conf->ca_certificate;
3920Sigor@sysoev.ru 
3930Sigor@sysoev.ru         if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
394771Sigor@sysoev.ru             nxt_openssl_log_error(task, NXT_LOG_ALERT,
3950Sigor@sysoev.ru                               "SSL_CTX_load_verify_locations(\"%s\") failed",
3960Sigor@sysoev.ru                               ca_certificate);
3970Sigor@sysoev.ru             goto fail;
3980Sigor@sysoev.ru         }
3990Sigor@sysoev.ru 
4000Sigor@sysoev.ru         list = SSL_load_client_CA_file(ca_certificate);
4010Sigor@sysoev.ru 
4020Sigor@sysoev.ru         if (list == NULL) {
403771Sigor@sysoev.ru             nxt_openssl_log_error(task, NXT_LOG_ALERT,
4040Sigor@sysoev.ru                               "SSL_load_client_CA_file(\"%s\") failed",
4050Sigor@sysoev.ru                               ca_certificate);
4060Sigor@sysoev.ru             goto fail;
4070Sigor@sysoev.ru         }
4080Sigor@sysoev.ru 
4090Sigor@sysoev.ru         /*
4100Sigor@sysoev.ru          * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
4110Sigor@sysoev.ru          * 0.9.8 versions always leaves an error in the error queue.
4120Sigor@sysoev.ru          */
4130Sigor@sysoev.ru         ERR_clear_error();
4140Sigor@sysoev.ru 
4150Sigor@sysoev.ru         SSL_CTX_set_client_CA_list(ctx, list);
4160Sigor@sysoev.ru     }
4170Sigor@sysoev.ru 
4181828Sa.suvorov@f5.com     if (last) {
4191828Sa.suvorov@f5.com         conf->conn_init = nxt_openssl_conn_init;
4201828Sa.suvorov@f5.com 
4211828Sa.suvorov@f5.com         if (bundle->next != NULL) {
4221828Sa.suvorov@f5.com             SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername);
4231828Sa.suvorov@f5.com         }
4241828Sa.suvorov@f5.com     }
4251828Sa.suvorov@f5.com 
4260Sigor@sysoev.ru     return NXT_OK;
4270Sigor@sysoev.ru 
4280Sigor@sysoev.ru fail:
4290Sigor@sysoev.ru 
4300Sigor@sysoev.ru     SSL_CTX_free(ctx);
4310Sigor@sysoev.ru 
4321818Smax.romanov@nginx.com #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
4331818Smax.romanov@nginx.com      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
4341818Smax.romanov@nginx.com     RAND_keep_random_devices_open(0);
4351818Smax.romanov@nginx.com #endif
4361818Smax.romanov@nginx.com 
4370Sigor@sysoev.ru     return NXT_ERROR;
4380Sigor@sysoev.ru }
4390Sigor@sysoev.ru 
4400Sigor@sysoev.ru 
441833Svbart@nginx.com static nxt_int_t
4421828Sa.suvorov@f5.com nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf,
4431828Sa.suvorov@f5.com     nxt_mp_t *mp, nxt_bool_t single)
444774Svbart@nginx.com {
4451828Sa.suvorov@f5.com     BIO                    *bio;
4461828Sa.suvorov@f5.com     X509                   *cert, *ca;
4471828Sa.suvorov@f5.com     long                   reason;
4481828Sa.suvorov@f5.com     EVP_PKEY               *key;
4491828Sa.suvorov@f5.com     nxt_int_t              ret;
4501828Sa.suvorov@f5.com     nxt_tls_bundle_conf_t  *bundle;
4511828Sa.suvorov@f5.com 
4521828Sa.suvorov@f5.com     ret = NXT_ERROR;
4531828Sa.suvorov@f5.com     cert = NULL;
454774Svbart@nginx.com 
455774Svbart@nginx.com     bio = BIO_new(BIO_s_fd());
456774Svbart@nginx.com     if (bio == NULL) {
4571828Sa.suvorov@f5.com         goto end;
458774Svbart@nginx.com     }
459774Svbart@nginx.com 
4601828Sa.suvorov@f5.com     bundle = conf->bundle;
461774Svbart@nginx.com 
4621828Sa.suvorov@f5.com     BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE);
463774Svbart@nginx.com 
464774Svbart@nginx.com     cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
465774Svbart@nginx.com     if (cert == NULL) {
466774Svbart@nginx.com         goto end;
467774Svbart@nginx.com     }
468774Svbart@nginx.com 
469774Svbart@nginx.com     if (SSL_CTX_use_certificate(ctx, cert) != 1) {
470774Svbart@nginx.com         goto end;
471774Svbart@nginx.com     }
472774Svbart@nginx.com 
4731828Sa.suvorov@f5.com     if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) {
4741828Sa.suvorov@f5.com         goto clean;
4751828Sa.suvorov@f5.com     }
4761828Sa.suvorov@f5.com 
477774Svbart@nginx.com     for ( ;; ) {
478774Svbart@nginx.com         ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
479774Svbart@nginx.com 
480774Svbart@nginx.com         if (ca == NULL) {
481774Svbart@nginx.com             reason = ERR_GET_REASON(ERR_peek_last_error());
482774Svbart@nginx.com             if (reason != PEM_R_NO_START_LINE) {
483774Svbart@nginx.com                 goto end;
484774Svbart@nginx.com             }
485774Svbart@nginx.com 
486774Svbart@nginx.com             ERR_clear_error();
487774Svbart@nginx.com             break;
488774Svbart@nginx.com         }
489774Svbart@nginx.com 
490774Svbart@nginx.com         /*
491774Svbart@nginx.com          * Note that ca isn't freed if it was successfully added to the chain,
492774Svbart@nginx.com          * while the main certificate needs a X509_free() call, since
493774Svbart@nginx.com          * its reference count is increased by SSL_CTX_use_certificate().
494774Svbart@nginx.com          */
495808Spluknet@nginx.com #ifdef SSL_CTX_add0_chain_cert
496774Svbart@nginx.com         if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
497774Svbart@nginx.com #else
498774Svbart@nginx.com         if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
499774Svbart@nginx.com #endif
500774Svbart@nginx.com             X509_free(ca);
501774Svbart@nginx.com             goto end;
502774Svbart@nginx.com         }
503774Svbart@nginx.com     }
504774Svbart@nginx.com 
505774Svbart@nginx.com     if (BIO_reset(bio) != 0) {
506774Svbart@nginx.com         goto end;
507774Svbart@nginx.com     }
508774Svbart@nginx.com 
509774Svbart@nginx.com     key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
510774Svbart@nginx.com     if (key == NULL) {
511774Svbart@nginx.com         goto end;
512774Svbart@nginx.com     }
513774Svbart@nginx.com 
514774Svbart@nginx.com     if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
515774Svbart@nginx.com         ret = NXT_OK;
516774Svbart@nginx.com     }
517774Svbart@nginx.com 
518774Svbart@nginx.com     EVP_PKEY_free(key);
519774Svbart@nginx.com 
520774Svbart@nginx.com end:
521774Svbart@nginx.com 
5221828Sa.suvorov@f5.com     if (ret != NXT_OK) {
5231828Sa.suvorov@f5.com         nxt_openssl_log_error(task, NXT_LOG_ALERT,
5241828Sa.suvorov@f5.com                               "nxt_openssl_chain_file() failed");
5251828Sa.suvorov@f5.com     }
5261828Sa.suvorov@f5.com 
5271828Sa.suvorov@f5.com clean:
5281828Sa.suvorov@f5.com 
5291828Sa.suvorov@f5.com     BIO_free(bio);
530774Svbart@nginx.com     X509_free(cert);
531774Svbart@nginx.com 
532774Svbart@nginx.com     return ret;
533774Svbart@nginx.com }
534774Svbart@nginx.com 
535774Svbart@nginx.com 
5361885Sa.suvorov@f5.com #if (NXT_HAVE_OPENSSL_CONF_CMD)
5371885Sa.suvorov@f5.com 
5381885Sa.suvorov@f5.com static nxt_int_t
5391885Sa.suvorov@f5.com nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, nxt_conf_value_t *conf,
5401885Sa.suvorov@f5.com     nxt_mp_t *mp)
5411885Sa.suvorov@f5.com {
5421885Sa.suvorov@f5.com     int               ret;
5431885Sa.suvorov@f5.com     char              *zcmd, *zvalue;
5441885Sa.suvorov@f5.com     uint32_t          index;
5451885Sa.suvorov@f5.com     nxt_str_t         cmd, value;
5461885Sa.suvorov@f5.com     SSL_CONF_CTX      *cctx;
5471885Sa.suvorov@f5.com     nxt_conf_value_t  *member;
5481885Sa.suvorov@f5.com 
5491885Sa.suvorov@f5.com     cctx = SSL_CONF_CTX_new();
5501885Sa.suvorov@f5.com     if (nxt_slow_path(cctx == NULL)) {
5511885Sa.suvorov@f5.com         nxt_openssl_log_error(task, NXT_LOG_ALERT,
5521885Sa.suvorov@f5.com                               "SSL_CONF_CTX_new() failed");
5531885Sa.suvorov@f5.com         return NXT_ERROR;
5541885Sa.suvorov@f5.com     }
5551885Sa.suvorov@f5.com 
5561885Sa.suvorov@f5.com     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE
5571885Sa.suvorov@f5.com                                  | SSL_CONF_FLAG_SERVER
5581885Sa.suvorov@f5.com                                  | SSL_CONF_FLAG_CERTIFICATE
5591885Sa.suvorov@f5.com                                  | SSL_CONF_FLAG_SHOW_ERRORS);
5601885Sa.suvorov@f5.com 
5611885Sa.suvorov@f5.com     SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
5621885Sa.suvorov@f5.com 
5631885Sa.suvorov@f5.com     index = 0;
5641885Sa.suvorov@f5.com 
5651885Sa.suvorov@f5.com     for ( ;; ) {
5661885Sa.suvorov@f5.com         member = nxt_conf_next_object_member(conf, &cmd, &index);
5671885Sa.suvorov@f5.com         if (nxt_slow_path(member == NULL)) {
5681885Sa.suvorov@f5.com             break;
5691885Sa.suvorov@f5.com         }
5701885Sa.suvorov@f5.com 
5711885Sa.suvorov@f5.com         nxt_conf_get_string(member, &value);
5721885Sa.suvorov@f5.com 
5731885Sa.suvorov@f5.com         zcmd = nxt_str_cstrz(mp, &cmd);
5741885Sa.suvorov@f5.com         zvalue = nxt_str_cstrz(mp, &value);
5751885Sa.suvorov@f5.com 
5761885Sa.suvorov@f5.com         if (nxt_slow_path(zcmd == NULL || zvalue == NULL)) {
5771885Sa.suvorov@f5.com             goto fail;
5781885Sa.suvorov@f5.com         }
5791885Sa.suvorov@f5.com 
5801885Sa.suvorov@f5.com         ret = SSL_CONF_cmd(cctx, zcmd, zvalue);
5811885Sa.suvorov@f5.com         if (ret == -2) {
5821885Sa.suvorov@f5.com             nxt_openssl_log_error(task, NXT_LOG_ERR,
5831885Sa.suvorov@f5.com                                   "unknown command \"%s\" in "
5841885Sa.suvorov@f5.com                                   "\"conf_commands\" option", zcmd);
5851885Sa.suvorov@f5.com             goto fail;
5861885Sa.suvorov@f5.com         }
5871885Sa.suvorov@f5.com 
5881885Sa.suvorov@f5.com         if (ret <= 0) {
5891885Sa.suvorov@f5.com             nxt_openssl_log_error(task, NXT_LOG_ERR,
5901885Sa.suvorov@f5.com                                   "invalid value \"%s\" for command \"%s\" "
5911885Sa.suvorov@f5.com                                   "in \"conf_commands\" option",
5921885Sa.suvorov@f5.com                                   zvalue, zcmd);
5931885Sa.suvorov@f5.com             goto fail;
5941885Sa.suvorov@f5.com         }
5951885Sa.suvorov@f5.com 
5961885Sa.suvorov@f5.com         nxt_debug(task, "SSL_CONF_cmd(\"%s\", \"%s\")", zcmd, zvalue);
5971885Sa.suvorov@f5.com     }
5981885Sa.suvorov@f5.com 
5991885Sa.suvorov@f5.com     if (SSL_CONF_CTX_finish(cctx) != 1) {
6001885Sa.suvorov@f5.com         nxt_openssl_log_error(task, NXT_LOG_ALERT,
6011885Sa.suvorov@f5.com                               "SSL_CONF_finish() failed");
6021885Sa.suvorov@f5.com         goto fail;
6031885Sa.suvorov@f5.com     }
6041885Sa.suvorov@f5.com 
6051885Sa.suvorov@f5.com     SSL_CONF_CTX_free(cctx);
6061885Sa.suvorov@f5.com 
6071885Sa.suvorov@f5.com     return NXT_OK;
6081885Sa.suvorov@f5.com 
6091885Sa.suvorov@f5.com fail:
6101885Sa.suvorov@f5.com 
6111885Sa.suvorov@f5.com     SSL_CONF_CTX_free(cctx);
6121885Sa.suvorov@f5.com 
6131885Sa.suvorov@f5.com     return NXT_ERROR;
6141885Sa.suvorov@f5.com }
6151885Sa.suvorov@f5.com 
6161885Sa.suvorov@f5.com #endif
6171885Sa.suvorov@f5.com 
6181942Sa.suvorov@f5.com #if (NXT_HAVE_OPENSSL_TLSEXT)
6191942Sa.suvorov@f5.com 
6201942Sa.suvorov@f5.com static nxt_int_t
6211942Sa.suvorov@f5.com nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init,
6221942Sa.suvorov@f5.com     nxt_mp_t *mp)
6231942Sa.suvorov@f5.com {
6241942Sa.suvorov@f5.com     uint32_t           i;
6251942Sa.suvorov@f5.com     nxt_int_t          ret;
6261942Sa.suvorov@f5.com     nxt_str_t          value;
6271942Sa.suvorov@f5.com     nxt_uint_t         count;
6281942Sa.suvorov@f5.com     nxt_conf_value_t   *member, *tickets_conf;
6291942Sa.suvorov@f5.com     nxt_tls_ticket_t   *ticket;
6301942Sa.suvorov@f5.com     nxt_tls_tickets_t  *tickets;
6311942Sa.suvorov@f5.com     u_char             buf[80];
6321942Sa.suvorov@f5.com 
6331942Sa.suvorov@f5.com     tickets_conf = tls_init->tickets_conf;
6341942Sa.suvorov@f5.com 
6351942Sa.suvorov@f5.com     if (tickets_conf == NULL) {
6361942Sa.suvorov@f5.com         goto no_ticket;
6371942Sa.suvorov@f5.com     }
6381942Sa.suvorov@f5.com 
6391942Sa.suvorov@f5.com     if (nxt_conf_type(tickets_conf) == NXT_CONF_BOOLEAN) {
6401942Sa.suvorov@f5.com         if (nxt_conf_get_boolean(tickets_conf) == 0) {
6411942Sa.suvorov@f5.com             goto no_ticket;
6421942Sa.suvorov@f5.com         }
6431942Sa.suvorov@f5.com 
6441942Sa.suvorov@f5.com         return NXT_OK;
6451942Sa.suvorov@f5.com     }
6461942Sa.suvorov@f5.com 
6471942Sa.suvorov@f5.com     if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) {
6481942Sa.suvorov@f5.com         count = nxt_conf_array_elements_count(tickets_conf);
6491942Sa.suvorov@f5.com 
6501942Sa.suvorov@f5.com         if (count == 0) {
6511942Sa.suvorov@f5.com             goto no_ticket;
6521942Sa.suvorov@f5.com         }
6531942Sa.suvorov@f5.com 
6541942Sa.suvorov@f5.com     } else {
6551942Sa.suvorov@f5.com         /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
6561942Sa.suvorov@f5.com         count = 1;
6571942Sa.suvorov@f5.com     }
6581942Sa.suvorov@f5.com 
6591942Sa.suvorov@f5.com #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
6601942Sa.suvorov@f5.com 
6611942Sa.suvorov@f5.com     tickets = nxt_mp_get(mp, sizeof(nxt_tls_tickets_t)
6621942Sa.suvorov@f5.com                              + count * sizeof(nxt_tls_ticket_t));
6631942Sa.suvorov@f5.com     if (nxt_slow_path(tickets == NULL)) {
6641942Sa.suvorov@f5.com         return NXT_ERROR;
6651942Sa.suvorov@f5.com     }
6661942Sa.suvorov@f5.com 
6671942Sa.suvorov@f5.com     tickets->count = count;
6681942Sa.suvorov@f5.com     tls_init->conf->tickets = tickets;
6691942Sa.suvorov@f5.com     i = 0;
6701942Sa.suvorov@f5.com 
6711942Sa.suvorov@f5.com     do {
6721942Sa.suvorov@f5.com         ticket = &tickets->tickets[i];
6731942Sa.suvorov@f5.com 
6741942Sa.suvorov@f5.com         i++;
6751942Sa.suvorov@f5.com 
6761942Sa.suvorov@f5.com         if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) {
6771942Sa.suvorov@f5.com             member = nxt_conf_get_array_element(tickets_conf, count - i);
6781942Sa.suvorov@f5.com             if (member == NULL) {
6791942Sa.suvorov@f5.com                 break;
6801942Sa.suvorov@f5.com             }
6811942Sa.suvorov@f5.com 
6821942Sa.suvorov@f5.com         } else {
6831942Sa.suvorov@f5.com             /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
6841942Sa.suvorov@f5.com             member = tickets_conf;
6851942Sa.suvorov@f5.com         }
6861942Sa.suvorov@f5.com 
6871942Sa.suvorov@f5.com         nxt_conf_get_string(member, &value);
6881942Sa.suvorov@f5.com 
6891942Sa.suvorov@f5.com         ret = nxt_openssl_base64_decode(buf, 80, value.start, value.length);
6901942Sa.suvorov@f5.com         if (nxt_slow_path(ret == NXT_ERROR)) {
6911942Sa.suvorov@f5.com             return NXT_ERROR;
6921942Sa.suvorov@f5.com         }
6931942Sa.suvorov@f5.com 
6941952Svbart@nginx.com         nxt_memcpy(ticket->name, buf, 16);
6951952Svbart@nginx.com 
6961942Sa.suvorov@f5.com         if (ret == 48) {
6971942Sa.suvorov@f5.com             nxt_memcpy(ticket->aes_key, buf + 16, 16);
6981942Sa.suvorov@f5.com             nxt_memcpy(ticket->hmac_key, buf + 32, 16);
6991952Svbart@nginx.com             ticket->size = 16;
7001942Sa.suvorov@f5.com 
7011942Sa.suvorov@f5.com         } else {
7021942Sa.suvorov@f5.com             nxt_memcpy(ticket->hmac_key, buf + 16, 32);
7031942Sa.suvorov@f5.com             nxt_memcpy(ticket->aes_key, buf + 48, 32);
7041952Svbart@nginx.com             ticket->size = 32;
7051942Sa.suvorov@f5.com         }
7061942Sa.suvorov@f5.com 
7071942Sa.suvorov@f5.com     } while (i < count);
7081942Sa.suvorov@f5.com 
7091942Sa.suvorov@f5.com     if (SSL_CTX_set_tlsext_ticket_key_cb(ctx, nxt_tls_ticket_key_callback)
7101942Sa.suvorov@f5.com         == 0)
7111942Sa.suvorov@f5.com     {
7121942Sa.suvorov@f5.com         nxt_openssl_log_error(task, NXT_LOG_ALERT,
7131942Sa.suvorov@f5.com                       "Unit was built with Session Tickets support, however, "
7141942Sa.suvorov@f5.com                       "now it is linked dynamically to an OpenSSL library "
7151942Sa.suvorov@f5.com                       "which has no tlsext support, therefore Session Tickets "
7161942Sa.suvorov@f5.com                       "are not available");
7171942Sa.suvorov@f5.com 
7181942Sa.suvorov@f5.com         return NXT_ERROR;
7191942Sa.suvorov@f5.com     }
7201942Sa.suvorov@f5.com 
7211942Sa.suvorov@f5.com     return NXT_OK;
7221942Sa.suvorov@f5.com 
7231942Sa.suvorov@f5.com #else
7241942Sa.suvorov@f5.com     nxt_alert(task, "Setting custom session ticket keys is not supported with "
7251942Sa.suvorov@f5.com                     "this version of OpenSSL library");
7261942Sa.suvorov@f5.com 
7271942Sa.suvorov@f5.com     return NXT_ERROR;
7281942Sa.suvorov@f5.com 
7291942Sa.suvorov@f5.com #endif
7301942Sa.suvorov@f5.com 
7311942Sa.suvorov@f5.com no_ticket:
7321942Sa.suvorov@f5.com 
7331942Sa.suvorov@f5.com     SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
7341942Sa.suvorov@f5.com 
7351942Sa.suvorov@f5.com     return NXT_OK;
7361942Sa.suvorov@f5.com }
7371942Sa.suvorov@f5.com 
7381942Sa.suvorov@f5.com 
7391942Sa.suvorov@f5.com #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
7401942Sa.suvorov@f5.com 
7411942Sa.suvorov@f5.com static int
7421942Sa.suvorov@f5.com nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv,
7431942Sa.suvorov@f5.com     EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
7441942Sa.suvorov@f5.com {
7451942Sa.suvorov@f5.com     nxt_uint_t          i;
7461942Sa.suvorov@f5.com     nxt_conn_t          *c;
7471942Sa.suvorov@f5.com     const EVP_MD        *digest;
7481942Sa.suvorov@f5.com     const EVP_CIPHER    *cipher;
7491942Sa.suvorov@f5.com     nxt_tls_ticket_t    *ticket;
7501942Sa.suvorov@f5.com     nxt_openssl_conn_t  *tls;
7511942Sa.suvorov@f5.com 
7521942Sa.suvorov@f5.com     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
7531942Sa.suvorov@f5.com 
7541942Sa.suvorov@f5.com     if (nxt_slow_path(c == NULL)) {
7551942Sa.suvorov@f5.com         nxt_thread_log_alert("SSL_get_ex_data() failed");
7561942Sa.suvorov@f5.com         return -1;
7571942Sa.suvorov@f5.com     }
7581942Sa.suvorov@f5.com 
7591942Sa.suvorov@f5.com     tls = c->u.tls;
7601942Sa.suvorov@f5.com     ticket = tls->conf->tickets->tickets;
7611942Sa.suvorov@f5.com 
7621952Svbart@nginx.com     i = 0;
7631942Sa.suvorov@f5.com 
7641942Sa.suvorov@f5.com     if (enc == 1) {
7651942Sa.suvorov@f5.com         /* encrypt session ticket */
7661942Sa.suvorov@f5.com 
7671942Sa.suvorov@f5.com         nxt_debug(c->socket.task, "TLS session ticket encrypt");
7681942Sa.suvorov@f5.com 
7691952Svbart@nginx.com         cipher = (ticket[0].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
7701942Sa.suvorov@f5.com 
7711942Sa.suvorov@f5.com         if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) {
7721942Sa.suvorov@f5.com             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
7731942Sa.suvorov@f5.com                                   "RAND_bytes() failed");
7741942Sa.suvorov@f5.com             return -1;
7751942Sa.suvorov@f5.com         }
7761942Sa.suvorov@f5.com 
7771942Sa.suvorov@f5.com         nxt_memcpy(name, ticket[0].name, 16);
7781942Sa.suvorov@f5.com 
779*1967Sartem.konev@nginx.com         if (EVP_EncryptInit_ex(ectx, cipher, NULL, ticket[0].aes_key, iv) != 1)
780*1967Sartem.konev@nginx.com         {
781*1967Sartem.konev@nginx.com             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
782*1967Sartem.konev@nginx.com                                   "EVP_EncryptInit_ex() failed");
783*1967Sartem.konev@nginx.com             return -1;
784*1967Sartem.konev@nginx.com         }
785*1967Sartem.konev@nginx.com 
7861942Sa.suvorov@f5.com     } else {
7871942Sa.suvorov@f5.com         /* decrypt session ticket */
7881942Sa.suvorov@f5.com 
7891952Svbart@nginx.com         do {
7901942Sa.suvorov@f5.com             if (nxt_memcmp(name, ticket[i].name, 16) == 0) {
7911942Sa.suvorov@f5.com                 goto found;
7921942Sa.suvorov@f5.com             }
7931952Svbart@nginx.com 
7941952Svbart@nginx.com         } while (++i < tls->conf->tickets->count);
7951942Sa.suvorov@f5.com 
7961942Sa.suvorov@f5.com         nxt_debug(c->socket.task, "TLS session ticket decrypt, key not found");
7971942Sa.suvorov@f5.com 
7981942Sa.suvorov@f5.com         return 0;
7991942Sa.suvorov@f5.com 
8001942Sa.suvorov@f5.com     found:
8011942Sa.suvorov@f5.com 
8021942Sa.suvorov@f5.com         nxt_debug(c->socket.task,
8031942Sa.suvorov@f5.com                   "TLS session ticket decrypt, key number: \"%d\"", i);
8041942Sa.suvorov@f5.com 
8051952Svbart@nginx.com         enc = (i == 0) ? 1 : 2 /* renew */;
8061952Svbart@nginx.com 
8071952Svbart@nginx.com         cipher = (ticket[i].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
8081942Sa.suvorov@f5.com 
809*1967Sartem.konev@nginx.com         if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1)
810*1967Sartem.konev@nginx.com         {
811*1967Sartem.konev@nginx.com             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
812*1967Sartem.konev@nginx.com                                   "EVP_DecryptInit_ex() failed");
813*1967Sartem.konev@nginx.com             return -1;
814*1967Sartem.konev@nginx.com         }
8151952Svbart@nginx.com     }
8161942Sa.suvorov@f5.com 
8171952Svbart@nginx.com #ifdef OPENSSL_NO_SHA256
8181952Svbart@nginx.com     digest = EVP_sha1();
8191952Svbart@nginx.com #else
8201952Svbart@nginx.com     digest = EVP_sha256();
8211952Svbart@nginx.com #endif
8221942Sa.suvorov@f5.com 
8231952Svbart@nginx.com     if (HMAC_Init_ex(hctx, ticket[i].hmac_key, ticket[i].size, digest, NULL)
8241952Svbart@nginx.com         != 1)
8251952Svbart@nginx.com     {
8261952Svbart@nginx.com         nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
8271952Svbart@nginx.com                               "HMAC_Init_ex() failed");
8281952Svbart@nginx.com         return -1;
8291952Svbart@nginx.com     }
8301942Sa.suvorov@f5.com 
8311952Svbart@nginx.com     return enc;
8321942Sa.suvorov@f5.com }
8331942Sa.suvorov@f5.com 
8341942Sa.suvorov@f5.com #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
8351942Sa.suvorov@f5.com 
8361942Sa.suvorov@f5.com #endif /* NXT_HAVE_OPENSSL_TLSEXT */
8371942Sa.suvorov@f5.com 
8381885Sa.suvorov@f5.com 
8391920Sa.suvorov@f5.com static void
8401920Sa.suvorov@f5.com nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, time_t timeout)
8411920Sa.suvorov@f5.com {
8421920Sa.suvorov@f5.com     if (cache_size == 0) {
8431920Sa.suvorov@f5.com         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
8441920Sa.suvorov@f5.com         return;
8451920Sa.suvorov@f5.com     }
8461920Sa.suvorov@f5.com 
8471920Sa.suvorov@f5.com     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
8481920Sa.suvorov@f5.com 
8491920Sa.suvorov@f5.com     SSL_CTX_sess_set_cache_size(ctx, cache_size);
8501920Sa.suvorov@f5.com 
8511920Sa.suvorov@f5.com     SSL_CTX_set_timeout(ctx, (long) timeout);
8521920Sa.suvorov@f5.com }
8531920Sa.suvorov@f5.com 
8541920Sa.suvorov@f5.com 
8551828Sa.suvorov@f5.com static nxt_uint_t
8561828Sa.suvorov@f5.com nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf,
8571828Sa.suvorov@f5.com     nxt_mp_t *mp)
8581828Sa.suvorov@f5.com {
8591828Sa.suvorov@f5.com     int                         len;
8601828Sa.suvorov@f5.com     nxt_str_t                   domain, str;
8611828Sa.suvorov@f5.com     X509_NAME                   *x509_name;
8621828Sa.suvorov@f5.com     nxt_uint_t                  i, n;
8631828Sa.suvorov@f5.com     GENERAL_NAME                *name;
8641828Sa.suvorov@f5.com     nxt_tls_bundle_conf_t       *bundle;
8651828Sa.suvorov@f5.com     STACK_OF(GENERAL_NAME)      *alt_names;
8661828Sa.suvorov@f5.com     nxt_tls_bundle_hash_item_t  *item;
8671828Sa.suvorov@f5.com 
8681828Sa.suvorov@f5.com     bundle = conf->bundle;
8691828Sa.suvorov@f5.com 
8701828Sa.suvorov@f5.com     alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
8711828Sa.suvorov@f5.com 
8721828Sa.suvorov@f5.com     if (alt_names != NULL) {
8731828Sa.suvorov@f5.com         n = sk_GENERAL_NAME_num(alt_names);
8741828Sa.suvorov@f5.com 
8751828Sa.suvorov@f5.com         for (i = 0; i != n; i++) {
8761828Sa.suvorov@f5.com             name = sk_GENERAL_NAME_value(alt_names, i);
8771828Sa.suvorov@f5.com 
8781828Sa.suvorov@f5.com             if (name->type != GEN_DNS) {
8791828Sa.suvorov@f5.com                 continue;
8801828Sa.suvorov@f5.com             }
8811828Sa.suvorov@f5.com 
8821828Sa.suvorov@f5.com             str.length = ASN1_STRING_length(name->d.dNSName);
8831828Sa.suvorov@f5.com #if OPENSSL_VERSION_NUMBER > 0x10100000L
8841828Sa.suvorov@f5.com             str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
8851828Sa.suvorov@f5.com #else
8861828Sa.suvorov@f5.com             str.start = ASN1_STRING_data(name->d.dNSName);
8871828Sa.suvorov@f5.com #endif
8881828Sa.suvorov@f5.com 
8891828Sa.suvorov@f5.com             domain.start = nxt_mp_nget(mp, str.length);
8901828Sa.suvorov@f5.com             if (nxt_slow_path(domain.start == NULL)) {
8911828Sa.suvorov@f5.com                 goto fail;
8921828Sa.suvorov@f5.com             }
8931828Sa.suvorov@f5.com 
8941828Sa.suvorov@f5.com             domain.length = str.length;
8951828Sa.suvorov@f5.com             nxt_memcpy_lowcase(domain.start, str.start, str.length);
8961828Sa.suvorov@f5.com 
8971828Sa.suvorov@f5.com             item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
8981828Sa.suvorov@f5.com             if (nxt_slow_path(item == NULL)) {
8991828Sa.suvorov@f5.com                 goto fail;
9001828Sa.suvorov@f5.com             }
9011828Sa.suvorov@f5.com 
9021828Sa.suvorov@f5.com             item->name = domain;
9031828Sa.suvorov@f5.com             item->bundle = bundle;
9041828Sa.suvorov@f5.com 
9051828Sa.suvorov@f5.com             if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash,
9061828Sa.suvorov@f5.com                                                item, mp)
9071828Sa.suvorov@f5.com                 == NXT_ERROR)
9081828Sa.suvorov@f5.com             {
9091828Sa.suvorov@f5.com                 goto fail;
9101828Sa.suvorov@f5.com             }
9111828Sa.suvorov@f5.com         }
9121828Sa.suvorov@f5.com 
9131828Sa.suvorov@f5.com         sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
9141828Sa.suvorov@f5.com 
9151828Sa.suvorov@f5.com     } else {
9161828Sa.suvorov@f5.com         x509_name = X509_get_subject_name(cert);
9171828Sa.suvorov@f5.com         len = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
9181828Sa.suvorov@f5.com                                         NULL, 0);
9191828Sa.suvorov@f5.com         if (len <= 0) {
9201828Sa.suvorov@f5.com             nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither "
9211885Sa.suvorov@f5.com                     "Subject Alternative Name nor Common Name", &bundle->name);
9221828Sa.suvorov@f5.com             return NXT_OK;
9231828Sa.suvorov@f5.com         }
9241828Sa.suvorov@f5.com 
9251828Sa.suvorov@f5.com         domain.start = nxt_mp_nget(mp, len + 1);
9261828Sa.suvorov@f5.com         if (nxt_slow_path(domain.start == NULL)) {
9271828Sa.suvorov@f5.com             return NXT_ERROR;
9281828Sa.suvorov@f5.com         }
9291828Sa.suvorov@f5.com 
9301828Sa.suvorov@f5.com         domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
9311828Sa.suvorov@f5.com                                                   (char *) domain.start,
9321828Sa.suvorov@f5.com                                                   len + 1);
9331828Sa.suvorov@f5.com         nxt_memcpy_lowcase(domain.start, domain.start, domain.length);
9341828Sa.suvorov@f5.com 
9351828Sa.suvorov@f5.com         item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
9361828Sa.suvorov@f5.com         if (nxt_slow_path(item == NULL)) {
9371828Sa.suvorov@f5.com             return NXT_ERROR;
9381828Sa.suvorov@f5.com         }
9391828Sa.suvorov@f5.com 
9401828Sa.suvorov@f5.com         item->name = domain;
9411828Sa.suvorov@f5.com         item->bundle = bundle;
9421828Sa.suvorov@f5.com 
9431828Sa.suvorov@f5.com         if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item,
9441828Sa.suvorov@f5.com                                            mp)
9451828Sa.suvorov@f5.com             == NXT_ERROR)
9461828Sa.suvorov@f5.com         {
9471828Sa.suvorov@f5.com             return NXT_ERROR;
9481828Sa.suvorov@f5.com         }
9491828Sa.suvorov@f5.com     }
9501828Sa.suvorov@f5.com 
9511828Sa.suvorov@f5.com     return NXT_OK;
9521828Sa.suvorov@f5.com 
9531828Sa.suvorov@f5.com fail:
9541828Sa.suvorov@f5.com 
9551828Sa.suvorov@f5.com     sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
9561828Sa.suvorov@f5.com 
9571828Sa.suvorov@f5.com     return NXT_ERROR;
9581828Sa.suvorov@f5.com }
9591828Sa.suvorov@f5.com 
9601828Sa.suvorov@f5.com 
9611828Sa.suvorov@f5.com static const nxt_lvlhsh_proto_t  nxt_openssl_bundle_hash_proto
9621828Sa.suvorov@f5.com     nxt_aligned(64) =
9631828Sa.suvorov@f5.com {
9641828Sa.suvorov@f5.com     NXT_LVLHSH_DEFAULT,
9651828Sa.suvorov@f5.com     nxt_openssl_bundle_hash_test,
9661828Sa.suvorov@f5.com     nxt_mp_lvlhsh_alloc,
9671828Sa.suvorov@f5.com     nxt_mp_lvlhsh_free,
9681828Sa.suvorov@f5.com };
9691828Sa.suvorov@f5.com 
9701828Sa.suvorov@f5.com 
9711828Sa.suvorov@f5.com static nxt_int_t
9721828Sa.suvorov@f5.com nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data)
9731828Sa.suvorov@f5.com {
9741828Sa.suvorov@f5.com     nxt_tls_bundle_hash_item_t  *item;
9751828Sa.suvorov@f5.com 
9761828Sa.suvorov@f5.com     item = data;
9771828Sa.suvorov@f5.com 
9781828Sa.suvorov@f5.com     return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED;
9791828Sa.suvorov@f5.com }
9801828Sa.suvorov@f5.com 
9811828Sa.suvorov@f5.com 
9821828Sa.suvorov@f5.com static nxt_int_t
9831828Sa.suvorov@f5.com nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh,
9841828Sa.suvorov@f5.com     nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp)
9851828Sa.suvorov@f5.com {
986