1 2 /* 3 * Copyright (C) Igor Sysoev 4 * Copyright (C) NGINX, Inc. 5 */ 6 7 #include <nxt_main.h> 8 #include <openssl/ssl.h> 9 #include <openssl/conf.h> 10 #include <openssl/err.h> 11 #include <openssl/rand.h> 12 #include <openssl/x509v3.h> 13 14 15 typedef struct { 16 SSL *session; 17 nxt_conn_t *conn; 18 19 int ssl_error; 20 uint8_t times; /* 2 bits */ 21 uint8_t handshake; /* 1 bit */ 22 23 nxt_tls_conf_t *conf; 24 nxt_buf_mem_t buffer; 25 } nxt_openssl_conn_t; 26 27 28 typedef enum { 29 NXT_OPENSSL_HANDSHAKE = 0, 30 NXT_OPENSSL_READ, 31 NXT_OPENSSL_WRITE, 32 NXT_OPENSSL_SHUTDOWN, 33 } nxt_openssl_io_t; 34 35 36 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task); 37 static void nxt_openssl_library_free(nxt_task_t *task); 38 #if OPENSSL_VERSION_NUMBER < 0x10100004L 39 static nxt_int_t nxt_openssl_locks_init(void); 40 static void nxt_openssl_lock(int mode, int type, const char *file, int line); 41 static unsigned long nxt_openssl_thread_id(void); 42 static void nxt_openssl_locks_free(void); 43 #endif 44 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, 45 nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t last); 46 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, 47 nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single); 48 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, 49 nxt_tls_conf_t *conf, nxt_mp_t *mp); 50 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, 51 void *data); 52 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task, 53 nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp); 54 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg); 55 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf, 56 nxt_str_t *sn); 57 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf); 58 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, 59 nxt_conn_t *c); 60 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data); 61 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b); 62 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb); 63 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, 64 void *buf, size_t size); 65 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, 66 void *data); 67 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, 68 int ret, nxt_err_t sys_err, nxt_openssl_io_t io); 69 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task, 70 nxt_err_t err, const char *fmt, ...); 71 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err); 72 73 74 const nxt_tls_lib_t nxt_openssl_lib = { 75 .library_init = nxt_openssl_library_init, 76 .library_free = nxt_openssl_library_free, 77 78 .server_init = nxt_openssl_server_init, 79 .server_free = nxt_openssl_server_free, 80 }; 81 82 83 static nxt_conn_io_t nxt_openssl_conn_io = { 84 .read = nxt_conn_io_read, 85 .recvbuf = nxt_openssl_conn_io_recvbuf, 86 87 .write = nxt_conn_io_write, 88 .sendbuf = nxt_openssl_conn_io_sendbuf, 89 90 .shutdown = nxt_openssl_conn_io_shutdown, 91 }; 92 93 94 static long nxt_openssl_version; 95 static int nxt_openssl_connection_index; 96 97 98 static nxt_int_t 99 nxt_openssl_library_init(nxt_task_t *task) 100 { 101 int index; 102 103 if (nxt_fast_path(nxt_openssl_version != 0)) { 104 return NXT_OK; 105 } 106 107 #if OPENSSL_VERSION_NUMBER >= 0x10100003L 108 109 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); 110 111 #else 112 { 113 nxt_int_t ret; 114 115 SSL_load_error_strings(); 116 117 OPENSSL_config(NULL); 118 119 /* 120 * SSL_library_init(3): 121 * 122 * SSL_library_init() always returns "1", 123 * so it is safe to discard the return value. 124 */ 125 (void) SSL_library_init(); 126 127 ret = nxt_openssl_locks_init(); 128 if (nxt_slow_path(ret != NXT_OK)) { 129 return ret; 130 } 131 } 132 133 #endif 134 135 nxt_openssl_version = SSLeay(); 136 137 nxt_log(task, NXT_LOG_INFO, "%s, %xl", 138 SSLeay_version(SSLEAY_VERSION), nxt_openssl_version); 139 140 #ifndef SSL_OP_NO_COMPRESSION 141 { 142 /* 143 * Disable gzip compression in OpenSSL prior to 1.0.0 144 * version, this saves about 522K per connection. 145 */ 146 int n; 147 STACK_OF(SSL_COMP) *ssl_comp_methods; 148 149 ssl_comp_methods = SSL_COMP_get_compression_methods(); 150 151 for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) { 152 (void) sk_SSL_COMP_pop(ssl_comp_methods); 153 } 154 } 155 #endif 156 157 index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); 158 159 if (index == -1) { 160 nxt_openssl_log_error(task, NXT_LOG_ALERT, 161 "SSL_get_ex_new_index() failed"); 162 return NXT_ERROR; 163 } 164 165 nxt_openssl_connection_index = index; 166 167 return NXT_OK; 168 } 169 170 171 #if OPENSSL_VERSION_NUMBER >= 0x10100003L 172 173 static void 174 nxt_openssl_library_free(nxt_task_t *task) 175 { 176 } 177 178 #else 179 180 static nxt_thread_mutex_t *nxt_openssl_locks; 181 182 static nxt_int_t 183 nxt_openssl_locks_init(void) 184 { 185 int i, n; 186 nxt_int_t ret; 187 188 n = CRYPTO_num_locks(); 189 190 nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t)); 191 if (nxt_slow_path(nxt_openssl_locks == NULL)) { 192 return NXT_ERROR; 193 } 194 195 for (i = 0; i < n; i++) { 196 ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]); 197 if (nxt_slow_path(ret != NXT_OK)) { 198 return ret; 199 } 200 } 201 202 CRYPTO_set_locking_callback(nxt_openssl_lock); 203 204 CRYPTO_set_id_callback(nxt_openssl_thread_id); 205 206 return NXT_OK; 207 } 208 209 210 static void 211 nxt_openssl_lock(int mode, int type, const char *file, int line) 212 { 213 nxt_thread_mutex_t *lock; 214 215 lock = &nxt_openssl_locks[type]; 216 217 if ((mode & CRYPTO_LOCK) != 0) { 218 (void) nxt_thread_mutex_lock(lock); 219 220 } else { 221 (void) nxt_thread_mutex_unlock(lock); 222 } 223 } 224 225 226 static u_long 227 nxt_openssl_thread_id(void) 228 { 229 return (u_long) nxt_thread_handle(); 230 } 231 232 233 static void 234 nxt_openssl_library_free(nxt_task_t *task) 235 { 236 nxt_openssl_locks_free(); 237 } 238 239 240 static void 241 nxt_openssl_locks_free(void) 242 { 243 int i, n; 244 245 n = CRYPTO_num_locks(); 246 247 CRYPTO_set_locking_callback(NULL); 248 249 for (i = 0; i < n; i++) { 250 nxt_thread_mutex_destroy(&nxt_openssl_locks[i]); 251 } 252 253 OPENSSL_free(nxt_openssl_locks); 254 } 255 256 #endif 257 258 259 static nxt_int_t 260 nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf, 261 nxt_mp_t *mp, nxt_bool_t last) 262 { 263 SSL_CTX *ctx; 264 const char *ciphers, *ca_certificate; 265 STACK_OF(X509_NAME) *list; 266 nxt_tls_bundle_conf_t *bundle; 267 268 ctx = SSL_CTX_new(SSLv23_server_method()); 269 if (ctx == NULL) { 270 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed"); 271 return NXT_ERROR; 272 } 273 274 bundle = conf->bundle; 275 nxt_assert(bundle != NULL); 276 277 bundle->ctx = ctx; 278 279 #ifdef SSL_OP_NO_RENEGOTIATION 280 /* Renegration is not currently supported. */ 281 SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); 282 #endif 283 284 #ifdef SSL_OP_NO_COMPRESSION 285 /* 286 * Disable gzip compression in OpenSSL 1.0.0, 287 * this saves about 522K per connection. 288 */ 289 SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); 290 #endif 291 292 #ifdef SSL_MODE_RELEASE_BUFFERS 293 294 if (nxt_openssl_version >= 10001078) { 295 /* 296 * Allow to release read and write buffers in OpenSSL 1.0.0, 297 * this saves about 34K per idle connection. It is not safe 298 * before OpenSSL 1.0.1h (CVE-2010-5298). 299 */ 300 SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); 301 } 302 303 #endif 304 305 if (nxt_openssl_chain_file(task, ctx, conf, mp, 306 last && bundle->next == NULL) 307 != NXT_OK) 308 { 309 goto fail; 310 } 311 /* 312 key = conf->certificate_key; 313 314 if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) { 315 nxt_openssl_log_error(task, NXT_LOG_ALERT, 316 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", 317 key); 318 goto fail; 319 } 320 */ 321 ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; 322 323 if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { 324 nxt_openssl_log_error(task, NXT_LOG_ALERT, 325 "SSL_CTX_set_cipher_list(\"%s\") failed", 326 ciphers); 327 goto fail; 328 } 329 330 SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); 331 332 if (conf->ca_certificate != NULL) { 333 334 /* TODO: verify callback */ 335 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); 336 337 /* TODO: verify depth */ 338 SSL_CTX_set_verify_depth(ctx, 1); 339 340 ca_certificate = conf->ca_certificate; 341 342 if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) { 343 nxt_openssl_log_error(task, NXT_LOG_ALERT, 344 "SSL_CTX_load_verify_locations(\"%s\") failed", 345 ca_certificate); 346 goto fail; 347 } 348 349 list = SSL_load_client_CA_file(ca_certificate); 350 351 if (list == NULL) { 352 nxt_openssl_log_error(task, NXT_LOG_ALERT, 353 "SSL_load_client_CA_file(\"%s\") failed", 354 ca_certificate); 355 goto fail; 356 } 357 358 /* 359 * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and 360 * 0.9.8 versions always leaves an error in the error queue. 361 */ 362 ERR_clear_error(); 363 364 SSL_CTX_set_client_CA_list(ctx, list); 365 } 366 367 if (last) { 368 conf->conn_init = nxt_openssl_conn_init; 369 370 if (bundle->next != NULL) { 371 SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername); 372 } 373 } 374 375 return NXT_OK; 376 377 fail: 378 379 SSL_CTX_free(ctx); 380 381 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \ 382 && OPENSSL_VERSION_NUMBER < 0x1010101fL) 383 RAND_keep_random_devices_open(0); 384 #endif 385 386 return NXT_ERROR; 387 } 388 389 390 static nxt_int_t 391 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf, 392 nxt_mp_t *mp, nxt_bool_t single) 393 { 394 BIO *bio; 395 X509 *cert, *ca; 396 long reason; 397 EVP_PKEY *key; 398 nxt_int_t ret; 399 nxt_tls_bundle_conf_t *bundle; 400 401 ret = NXT_ERROR; 402 cert = NULL; 403 404 bio = BIO_new(BIO_s_fd()); 405 if (bio == NULL) { 406 goto end; 407 } 408 409 bundle = conf->bundle; 410 411 BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE); 412 413 cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); 414 if (cert == NULL) { 415 goto end; 416 } 417 418 if (SSL_CTX_use_certificate(ctx, cert) != 1) { 419 goto end; 420 } 421 422 if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) { 423 goto clean; 424 } 425 426 for ( ;; ) { 427 ca = PEM_read_bio_X509(bio, NULL, NULL, NULL); 428 429 if (ca == NULL) { 430 reason = ERR_GET_REASON(ERR_peek_last_error()); 431 if (reason != PEM_R_NO_START_LINE) { 432 goto end; 433 } 434 435 ERR_clear_error(); 436 break; 437 } 438 439 /* 440 * Note that ca isn't freed if it was successfully added to the chain, 441 * while the main certificate needs a X509_free() call, since 442 * its reference count is increased by SSL_CTX_use_certificate(). 443 */ 444 #ifdef SSL_CTX_add0_chain_cert 445 if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) { 446 #else 447 if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) { 448 #endif 449 X509_free(ca); 450 goto end; 451 } 452 } 453 454 if (BIO_reset(bio) != 0) { 455 goto end; 456 } 457 458 key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); 459 if (key == NULL) { 460 goto end; 461 } 462 463 if (SSL_CTX_use_PrivateKey(ctx, key) == 1) { 464 ret = NXT_OK; 465 } 466 467 EVP_PKEY_free(key); 468 469 end: 470 471 if (ret != NXT_OK) { 472 nxt_openssl_log_error(task, NXT_LOG_ALERT, 473 "nxt_openssl_chain_file() failed"); 474 } 475 476 clean: 477 478 BIO_free(bio); 479 X509_free(cert); 480 481 return ret; 482 } 483 484 485 static nxt_uint_t 486 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf, 487 nxt_mp_t *mp) 488 { 489 int len; 490 nxt_str_t domain, str; 491 X509_NAME *x509_name; 492 nxt_uint_t i, n; 493 GENERAL_NAME *name; 494 nxt_tls_bundle_conf_t *bundle; 495 STACK_OF(GENERAL_NAME) *alt_names; 496 nxt_tls_bundle_hash_item_t *item; 497 498 bundle = conf->bundle; 499 500 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 501 502 if (alt_names != NULL) { 503 n = sk_GENERAL_NAME_num(alt_names); 504 505 for (i = 0; i != n; i++) { 506 name = sk_GENERAL_NAME_value(alt_names, i); 507 508 if (name->type != GEN_DNS) { 509 continue; 510 } 511 512 str.length = ASN1_STRING_length(name->d.dNSName); 513 #if OPENSSL_VERSION_NUMBER > 0x10100000L 514 str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName); 515 #else 516 str.start = ASN1_STRING_data(name->d.dNSName); 517 #endif 518 519 domain.start = nxt_mp_nget(mp, str.length); 520 if (nxt_slow_path(domain.start == NULL)) { 521 goto fail; 522 } 523 524 domain.length = str.length; 525 nxt_memcpy_lowcase(domain.start, str.start, str.length); 526 527 item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t)); 528 if (nxt_slow_path(item == NULL)) { 529 goto fail; 530 } 531 532 item->name = domain; 533 item->bundle = bundle; 534 535 if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, 536 item, mp) 537 == NXT_ERROR) 538 { 539 goto fail; 540 } 541 } 542 543 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); 544 545 } else { 546 x509_name = X509_get_subject_name(cert); 547 len = X509_NAME_get_text_by_NID(x509_name, NID_commonName, 548 NULL, 0); 549 if (len <= 0) { 550 nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither " 551 "Subject Alternative Name nor Common Name", bundle->name); 552 return NXT_OK; 553 } 554 555 domain.start = nxt_mp_nget(mp, len + 1); 556 if (nxt_slow_path(domain.start == NULL)) { 557 return NXT_ERROR; 558 } 559 560 domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName, 561 (char *) domain.start, 562 len + 1); 563 nxt_memcpy_lowcase(domain.start, domain.start, domain.length); 564 565 item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t)); 566 if (nxt_slow_path(item == NULL)) { 567 return NXT_ERROR; 568 } 569 570 item->name = domain; 571 item->bundle = bundle; 572 573 if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item, 574 mp) 575 == NXT_ERROR) 576 { 577 return NXT_ERROR; 578 } 579 } 580 581 return NXT_OK; 582 583 fail: 584 585 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); 586 587 return NXT_ERROR; 588 } 589 590 591 static const nxt_lvlhsh_proto_t nxt_openssl_bundle_hash_proto 592 nxt_aligned(64) = 593 { 594 NXT_LVLHSH_DEFAULT, 595 nxt_openssl_bundle_hash_test, 596 nxt_mp_lvlhsh_alloc, 597 nxt_mp_lvlhsh_free, 598 }; 599 600 601 static nxt_int_t 602 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data) 603 { 604 nxt_tls_bundle_hash_item_t *item; 605 606 item = data; 607 608 return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED; 609 } 610 611 612 static nxt_int_t 613 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh, 614 nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp) 615 { 616 nxt_str_t str; 617 nxt_int_t ret; 618 nxt_lvlhsh_query_t lhq; 619 nxt_tls_bundle_hash_item_t *old; 620 621 str = item->name; 622 623 if (item->name.start[0] == '*') { 624 item->name.start++; 625 item->name.length--; 626 627 if (item->name.length == 0 || item->name.start[0] != '.') { 628 nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" " 629 "in certificate \"%V\": missing \".\" " 630 "after wildcard symbol", &str, item->bundle->name); 631 return NXT_OK; 632 } 633 } 634 635 lhq.pool = mp; 636 lhq.key = item->name; 637 lhq.value = item; 638 lhq.proto = &nxt_openssl_bundle_hash_proto; 639 lhq.replace = 0; 640 lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length); 641 642 ret = nxt_lvlhsh_insert(lvlhsh, &lhq); 643 if (nxt_fast_path(ret == NXT_OK)) { 644 nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted", 645 &str, item->bundle->name); 646 return NXT_OK; 647 } 648 649 if (nxt_fast_path(ret == NXT_DECLINED)) { 650 old = lhq.value; 651 if (old->bundle != item->bundle) { 652 nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" " 653 "in certificate \"%V\", identical name appears in \"%V\"", 654 &str, old->bundle->name, item->bundle->name); 655 656 old->bundle = item->bundle; 657 } 658 659 return NXT_OK; 660 } 661 662 return NXT_ERROR; 663 } 664 665 666 static nxt_int_t 667 nxt_openssl_servername(SSL *s, int *ad, void *arg) 668 { 669 nxt_str_t str; 670 nxt_uint_t i; 671 nxt_conn_t *c; 672 const char *servername; 673 nxt_tls_conf_t *conf; 674 nxt_openssl_conn_t *tls; 675 nxt_tls_bundle_conf_t *bundle; 676 677 c = SSL_get_ex_data(s, nxt_openssl_connection_index); 678 679 if (nxt_slow_path(c == NULL)) { 680 nxt_thread_log_alert("SSL_get_ex_data() failed"); 681 return SSL_TLSEXT_ERR_ALERT_FATAL; 682 } 683 684 servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 685 if (nxt_slow_path(servername == NULL)) { 686 nxt_log(c->socket.task, NXT_LOG_ALERT, "SSL_get_servername() returned " 687 "NULL in server name callback"); 688 return SSL_TLSEXT_ERR_ALERT_FATAL; 689 } 690 691 str.length = nxt_strlen(servername); 692 if (str.length == 0) { 693 nxt_debug(c->socket.task, "client sent zero-length server name"); 694 goto done; 695 } 696 697 if (servername[0] == '.') { 698 nxt_debug(c->socket.task, "ignored the server name \"%s\": " 699 "leading \".\"", servername); 700 goto done; 701 } 702 703 nxt_debug(c->socket.task, "tls with servername \"%s\"", servername); 704 705 str.start = nxt_mp_nget(c->mem_pool, str.length); 706 if (nxt_slow_path(str.start == NULL)) { 707 return SSL_TLSEXT_ERR_ALERT_FATAL; 708 } 709 710 nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length); 711 712 tls = c->u.tls; 713 conf = tls->conf; 714 715 bundle = nxt_openssl_find_ctx(conf, &str); 716 717 if (bundle == NULL) { 718 for (i = 1; i < str.length; i++) { 719 if (str.start[i] == '.') { 720 str.start += i; 721 str.length -= i; 722 723 bundle = nxt_openssl_find_ctx(conf, &str); 724 break; 725 } 726 } 727 } 728 729 if (bundle != NULL) { 730 nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" " 731 "(old: \"%V\")", &str, bundle->name, 732 conf->bundle->name); 733 734 if (bundle != conf->bundle) { 735 if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) { 736 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 737 "SSL_set_SSL_CTX() failed"); 738 739 return SSL_TLSEXT_ERR_ALERT_FATAL; 740 } 741 } 742 } 743 744 done: 745 746 return SSL_TLSEXT_ERR_OK; 747 } 748 749 750 static nxt_tls_bundle_conf_t * 751 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn) 752 { 753 nxt_int_t ret; 754 nxt_lvlhsh_query_t lhq; 755 nxt_tls_bundle_hash_item_t *item; 756 757 lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length); 758 lhq.key = *sn; 759 lhq.proto = &nxt_openssl_bundle_hash_proto; 760 761 ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq); 762 if (ret != NXT_OK) { 763 return NULL; 764 } 765 766 item = lhq.value; 767 768 return item->bundle; 769 } 770 771 772 static void 773 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf) 774 { 775 nxt_tls_bundle_conf_t *bundle; 776 777 bundle = conf->bundle; 778 nxt_assert(bundle != NULL); 779 780 do { 781 SSL_CTX_free(bundle->ctx); 782 bundle = bundle->next; 783 } while (bundle != NULL); 784 785 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \ 786 && OPENSSL_VERSION_NUMBER < 0x1010101fL) 787 RAND_keep_random_devices_open(0); 788 #endif 789 } 790 791 792 static void 793 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c) 794 { 795 int ret; 796 SSL *s; 797 SSL_CTX *ctx; 798 nxt_openssl_conn_t *tls; 799 800 nxt_log_debug(c->socket.log, "openssl conn init"); 801 802 tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t)); 803 if (tls == NULL) { 804 goto fail; 805 } 806 807 c->u.tls = tls; 808 nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size); 809 810 ctx = conf->bundle->ctx; 811 812 s = SSL_new(ctx); 813 if (s == NULL) { 814 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed"); 815 goto fail; 816 } 817 818 tls->session = s; 819 /* To pass TLS config to the nxt_openssl_servername() callback. */ 820 tls->conf = conf; 821 tls->conn = c; 822 823 ret = SSL_set_fd(s, c->socket.fd); 824 825 if (ret == 0) { 826 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed", 827 c->socket.fd); 828 goto fail; 829 } 830 831 SSL_set_accept_state(s); 832 833 if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) { 834 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed"); 835 goto fail; 836 } 837 838 c->io = &nxt_openssl_conn_io; 839 c->sendfile = NXT_CONN_SENDFILE_OFF; 840 841 nxt_openssl_conn_handshake(task, c, c->socket.data); 842 /* 843 * TLS configuration might be destroyed after the TLS connection 844 * is established. 845 */ 846 tls->conf = NULL; 847 return; 848 849 fail: 850 851 nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler, 852 task, c, c->socket.data); 853 } 854 855 856 nxt_inline void 857 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c) 858 { 859 nxt_openssl_conn_t *tls; 860 861 nxt_debug(task, "openssl conn free"); 862 863 tls = c->u.tls; 864 865 if (tls != NULL) { 866 c->u.tls = NULL; 867 nxt_free(tls->buffer.start); 868 SSL_free(tls->session); 869 } 870 } 871 872 873 static void 874 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data) 875 { 876 int ret; 877 nxt_int_t n; 878 nxt_err_t err; 879 nxt_conn_t *c; 880 nxt_work_queue_t *wq; 881 nxt_work_handler_t handler; 882 nxt_openssl_conn_t *tls; 883 const nxt_conn_state_t *state; 884 885 c = obj; 886 887 nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd); 888 889 if (c->socket.error != 0) { 890 return; 891 } 892 893 tls = c->u.tls; 894 895 if (tls == NULL) { 896 return; 897 } 898 899 nxt_debug(task, "openssl conn handshake: %d times", tls->times); 900 901 /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */ 902 903 ret = SSL_do_handshake(tls->session); 904 905 err = (ret <= 0) ? nxt_socket_errno : 0; 906 907 nxt_thread_time_debug_update(task->thread); 908 909 nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err); 910 911 state = (c->read_state != NULL) ? c->read_state : c->write_state; 912 913 if (ret > 0) { 914 /* ret == 1, the handshake was successfully completed. */ 915 tls->handshake = 1; 916 917 if (c->read_state != NULL) { 918 if (state->io_read_handler != NULL || c->read != NULL) { 919 nxt_conn_read(task->thread->engine, c); 920 return; 921 } 922 923 } else { 924 if (c->write != NULL) { 925 nxt_conn_write(task->thread->engine, c); 926 return; 927 } 928 } 929 930 handler = state->ready_handler; 931 932 } else { 933 c->socket.read_handler = nxt_openssl_conn_handshake; 934 c->socket.write_handler = nxt_openssl_conn_handshake; 935 936 n = nxt_openssl_conn_test_error(task, c, ret, err, 937 NXT_OPENSSL_HANDSHAKE); 938 switch (n) { 939 940 case NXT_AGAIN: 941 if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) { 942 tls->times++; 943 } 944 945 return; 946 947 case 0: 948 handler = state->close_handler; 949 break; 950 951 default: 952 case NXT_ERROR: 953 nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed", 954 c->socket.fd); 955 956 handler = state->error_handler; 957 break; 958 } 959 } 960 961 wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue; 962 963 nxt_work_queue_add(wq, handler, task, c, data); 964 } 965 966 967 static ssize_t 968 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b) 969 { 970 int ret; 971 size_t size; 972 nxt_int_t n; 973 nxt_err_t err; 974 nxt_openssl_conn_t *tls; 975 976 tls = c->u.tls; 977 size = b->mem.end - b->mem.free; 978 979 ret = SSL_read(tls->session, b->mem.free, size); 980 981 err = (ret <= 0) ? nxt_socket_errno : 0; 982 983 nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d", 984 c->socket.fd, b->mem.free, size, ret, err); 985 986 if (ret > 0) { 987 return ret; 988 } 989 990 n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err, 991 NXT_OPENSSL_READ); 992 if (n == NXT_ERROR) { 993 nxt_openssl_conn_error(c->socket.task, err, 994 "SSL_read(%d, %p, %uz) failed", 995 c->socket.fd, b->mem.free, size); 996 } 997 998 return n; 999 } 1000 1001 1002 static ssize_t 1003 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb) 1004 { 1005 nxt_uint_t niov; 1006 struct iovec iov; 1007 1008 niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1); 1009 1010 if (niov == 0 && sb->sync) { 1011 return 0; 1012 } 1013 1014 return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len); 1015 } 1016 1017 1018 static ssize_t 1019 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf, 1020 size_t size) 1021 { 1022 int ret; 1023 nxt_err_t err; 1024 nxt_int_t n; 1025 nxt_conn_t *c; 1026 nxt_openssl_conn_t *tls; 1027 1028 tls = sb->tls; 1029 1030 ret = SSL_write(tls->session, buf, size); 1031 1032 err = (ret <= 0) ? nxt_socket_errno : 0; 1033 1034 nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d", 1035 sb->socket, buf, size, ret, err); 1036 1037 if (ret > 0) { 1038 return ret; 1039 } 1040 1041 c = tls->conn; 1042 c->socket.write_ready = sb->ready; 1043 1044 n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE); 1045 1046 sb->ready = c->socket.write_ready; 1047 1048 if (n == NXT_ERROR) { 1049 sb->error = c->socket.error; 1050 nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed", 1051 sb->socket, buf, size); 1052 } 1053 1054 return n; 1055 } 1056 1057 1058 static void 1059 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data) 1060 { 1061 int ret, mode; 1062 SSL *s; 1063 nxt_err_t err; 1064 nxt_int_t n; 1065 nxt_bool_t quiet, once; 1066 nxt_conn_t *c; 1067 nxt_openssl_conn_t *tls; 1068 nxt_work_handler_t handler; 1069 1070 c = obj; 1071 1072 nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd); 1073 1074 c->read_state = NULL; 1075 tls = c->u.tls; 1076 1077 if (tls == NULL) { 1078 return; 1079 } 1080 1081 s = tls->session; 1082 1083 if (s == NULL || !tls->handshake) { 1084 handler = c->write_state->ready_handler; 1085 goto done; 1086 } 1087 1088 mode = SSL_get_shutdown(s); 1089 1090 if (c->socket.timedout || c->socket.error != 0) { 1091 quiet = 1; 1092 1093 } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) { 1094 quiet = 1; 1095 1096 } else { 1097 quiet = 0; 1098 } 1099 1100 SSL_set_quiet_shutdown(s, quiet); 1101 1102 once = 1; 1103 1104 for ( ;; ) { 1105 SSL_set_shutdown(s, mode); 1106 1107 ret = SSL_shutdown(s); 1108 1109 err = (ret <= 0) ? nxt_socket_errno : 0; 1110 1111 nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d", 1112 c->socket.fd, mode, quiet, ret, err); 1113 1114 if (ret > 0) { 1115 /* ret == 1, the shutdown was successfully completed. */ 1116 handler = c->write_state->ready_handler; 1117 goto done; 1118 } 1119 1120 if (ret == 0) { 1121 /* 1122 * If SSL_shutdown() returns 0 then it should be called 1123 * again. The second SSL_shutdown() call should return 1124 * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE. 1125 * OpenSSL prior to 0.9.8m version however never returns 1126 * -1 at all. Fortunately, OpenSSL preserves internally 1127 * correct status available via SSL_get_error(-1). 1128 */ 1129 if (once) { 1130 once = 0; 1131 mode = SSL_get_shutdown(s); 1132 continue; 1133 } 1134 1135 ret = -1; 1136 } 1137 1138 /* ret == -1 */ 1139 1140 break; 1141 } 1142 1143 c->socket.read_handler = nxt_openssl_conn_io_shutdown; 1144 c->socket.write_handler = nxt_openssl_conn_io_shutdown; 1145 c->socket.error_handler = c->write_state->error_handler; 1146 1147 n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN); 1148 1149 switch (n) { 1150 1151 case 0: 1152 handler = c->write_state->close_handler; 1153 break; 1154 1155 case NXT_AGAIN: 1156 nxt_timer_add(task->thread->engine, &c->read_timer, 5000); 1157 return; 1158 1159 default: 1160 case NXT_ERROR: 1161 nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed", 1162 c->socket.fd); 1163 handler = c->write_state->error_handler; 1164 } 1165 1166 done: 1167 1168 nxt_openssl_conn_free(task, c); 1169 1170 nxt_work_queue_add(c->write_work_queue, handler, task, c, data); 1171 } 1172 1173 1174 static nxt_int_t 1175 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret, 1176 nxt_err_t sys_err, nxt_openssl_io_t io) 1177 { 1178 u_long lib_err; 1179 nxt_openssl_conn_t *tls; 1180 1181 tls = c->u.tls; 1182 1183 tls->ssl_error = SSL_get_error(tls->session, ret); 1184 1185 nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error); 1186 1187 switch (tls->ssl_error) { 1188 1189 case SSL_ERROR_WANT_READ: 1190 c->socket.read_ready = 0; 1191 1192 if (io != NXT_OPENSSL_READ) { 1193 nxt_fd_event_block_write(task->thread->engine, &c->socket); 1194 1195 if (nxt_fd_event_is_disabled(c->socket.read)) { 1196 nxt_fd_event_enable_read(task->thread->engine, &c->socket); 1197 } 1198 } 1199 1200 return NXT_AGAIN; 1201 1202 case SSL_ERROR_WANT_WRITE: 1203 c->socket.write_ready = 0; 1204 1205 if (io != NXT_OPENSSL_WRITE) { 1206 nxt_fd_event_block_read(task->thread->engine, &c->socket); 1207 1208 if (nxt_fd_event_is_disabled(c->socket.write)) { 1209 nxt_fd_event_enable_write(task->thread->engine, &c->socket); 1210 } 1211 } 1212 1213 return NXT_AGAIN; 1214 1215 case SSL_ERROR_SYSCALL: 1216 lib_err = ERR_peek_error(); 1217 1218 nxt_debug(task, "ERR_peek_error(): %l", lib_err); 1219 1220 if (sys_err != 0 || lib_err != 0) { 1221 c->socket.error = sys_err; 1222 return NXT_ERROR; 1223 } 1224 1225 /* A connection was just closed. */ 1226 c->socket.closed = 1; 1227 return 0; 1228 1229 case SSL_ERROR_ZERO_RETURN: 1230 /* A "close notify" alert. */ 1231 return 0; 1232 1233 default: /* SSL_ERROR_SSL, etc. */ 1234 c->socket.error = 1000; /* Nonexistent errno code. */ 1235 return NXT_ERROR; 1236 } 1237 } 1238 1239 1240 static void nxt_cdecl 1241 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...) 1242 { 1243 u_char *p, *end; 1244 va_list args; 1245 nxt_uint_t level; 1246 u_char msg[NXT_MAX_ERROR_STR]; 1247 1248 level = nxt_openssl_log_error_level(err); 1249 1250 if (nxt_log_level_enough(task->log, level)) { 1251 1252 end = msg + sizeof(msg); 1253 1254 va_start(args, fmt); 1255 p = nxt_vsprintf(msg, end, fmt, args); 1256 va_end(args); 1257 1258 if (err != 0) { 1259 p = nxt_sprintf(p, end, " %E", err); 1260 } 1261 1262 p = nxt_openssl_copy_error(p, end); 1263 1264 nxt_log(task, level, "%*s", p - msg, msg); 1265 1266 } else { 1267 ERR_clear_error(); 1268 } 1269 } 1270 1271 1272 static nxt_uint_t 1273 nxt_openssl_log_error_level(nxt_err_t err) 1274 { 1275 switch (ERR_GET_REASON(ERR_peek_error())) { 1276 1277 case 0: 1278 return nxt_socket_error_level(err); 1279 1280 case SSL_R_BAD_CHANGE_CIPHER_SPEC: /* 103 */ 1281 case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG: /* 129 */ 1282 case SSL_R_DIGEST_CHECK_FAILED: /* 149 */ 1283 case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST: /* 151 */ 1284 case SSL_R_EXCESSIVE_MESSAGE_SIZE: /* 152 */ 1285 case SSL_R_LENGTH_MISMATCH: /* 159 */ 1286 #ifdef SSL_R_NO_CIPHERS_PASSED 1287 case SSL_R_NO_CIPHERS_PASSED: /* 182 */ 1288 #endif 1289 case SSL_R_NO_CIPHERS_SPECIFIED: /* 183 */ 1290 case SSL_R_NO_COMPRESSION_SPECIFIED: /* 187 */ 1291 case SSL_R_NO_SHARED_CIPHER: /* 193 */ 1292 case SSL_R_RECORD_LENGTH_MISMATCH: /* 213 */ 1293 #ifdef SSL_R_PARSE_TLSEXT 1294 case SSL_R_PARSE_TLSEXT: /* 227 */ 1295 #endif 1296 case SSL_R_UNEXPECTED_MESSAGE: /* 244 */ 1297 case SSL_R_UNEXPECTED_RECORD: /* 245 */ 1298 case SSL_R_UNKNOWN_ALERT_TYPE: /* 246 */ 1299 case SSL_R_UNKNOWN_PROTOCOL: /* 252 */ 1300 case SSL_R_WRONG_VERSION_NUMBER: /* 267 */ 1301 case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC: /* 281 */ 1302 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG 1303 case SSL_R_RENEGOTIATE_EXT_TOO_LONG: /* 335 */ 1304 case SSL_R_RENEGOTIATION_ENCODING_ERR: /* 336 */ 1305 case SSL_R_RENEGOTIATION_MISMATCH: /* 337 */ 1306 #endif 1307 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 1308 case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED: /* 338 */ 1309 #endif 1310 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 1311 case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING: /* 345 */ 1312 #endif 1313 case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ 1314 case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE: /* 1010 */ 1315 case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC: /* 1020 */ 1316 case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED: /* 1021 */ 1317 case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW: /* 1022 */ 1318 case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE: /* 1030 */ 1319 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: /* 1040 */ 1320 case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER: /* 1047 */ 1321 break; 1322 1323 case SSL_R_SSLV3_ALERT_NO_CERTIFICATE: /* 1041 */ 1324 case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE: /* 1042 */ 1325 case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE: /* 1043 */ 1326 case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED: /* 1044 */ 1327 case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED: /* 1045 */ 1328 case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN: /* 1046 */ 1329 case SSL_R_TLSV1_ALERT_UNKNOWN_CA: /* 1048 */ 1330 case SSL_R_TLSV1_ALERT_ACCESS_DENIED: /* 1049 */ 1331 case SSL_R_TLSV1_ALERT_DECODE_ERROR: /* 1050 */ 1332 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR: /* 1051 */ 1333 case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION: /* 1060 */ 1334 case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION: /* 1070 */ 1335 case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY: /* 1071 */ 1336 case SSL_R_TLSV1_ALERT_INTERNAL_ERROR: /* 1080 */ 1337 case SSL_R_TLSV1_ALERT_USER_CANCELLED: /* 1090 */ 1338 case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION: /* 1100 */ 1339 return NXT_LOG_ERR; 1340 1341 default: 1342 return NXT_LOG_ALERT; 1343 } 1344 1345 return NXT_LOG_INFO; 1346 } 1347 1348 1349 void nxt_cdecl 1350 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...) 1351 { 1352 u_char *p, *end; 1353 va_list args; 1354 u_char msg[NXT_MAX_ERROR_STR]; 1355 1356 end = msg + sizeof(msg); 1357 1358 va_start(args, fmt); 1359 p = nxt_vsprintf(msg, end, fmt, args); 1360 va_end(args); 1361 1362 p = nxt_openssl_copy_error(p, end); 1363 1364 nxt_log(task, level, "%*s", p - msg, msg); 1365 } 1366 1367 1368 u_char * 1369 nxt_openssl_copy_error(u_char *p, u_char *end) 1370 { 1371 int flags; 1372 u_long err; 1373 nxt_bool_t clear; 1374 const char *data, *delimiter; 1375 1376 err = ERR_peek_error(); 1377 if (err == 0) { 1378 return p; 1379 } 1380 1381 /* Log the most relevant error message ... */ 1382 data = ERR_reason_error_string(err); 1383 1384 p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data); 1385 1386 /* 1387 * ... followed by all queued cumbersome OpenSSL error messages 1388 * and drain the error queue. 1389 */ 1390 delimiter = ""; 1391 clear = 0; 1392 1393 for ( ;; ) { 1394 err = ERR_get_error_line_data(NULL, NULL, &data, &flags); 1395 if (err == 0) { 1396 break; 1397 } 1398 1399 p = nxt_sprintf(p, end, "%s", delimiter); 1400 1401 ERR_error_string_n(err, (char *) p, end - p); 1402 1403 while (p < end && *p != '\0') { 1404 p++; 1405 } 1406 1407 if ((flags & ERR_TXT_STRING) != 0) { 1408 p = nxt_sprintf(p, end, ":%s", data); 1409 } 1410 1411 clear |= ((flags & ERR_TXT_MALLOCED) != 0); 1412 1413 delimiter = "; "; 1414 } 1415 1416 /* Deallocate additional data. */ 1417 1418 if (clear) { 1419 ERR_clear_error(); 1420 } 1421 1422 if (p < end) { 1423 *p++ = ')'; 1424 } 1425 1426 return p; 1427 } 1428