xref: /unit/src/nxt_openssl.c (revision 1942:296628096d6c)
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) NGINX, Inc.
5  */
6 
7 #include <nxt_main.h>
8 #include <nxt_conf.h>
9 #include <openssl/ssl.h>
10 #include <openssl/conf.h>
11 #include <openssl/err.h>
12 #include <openssl/rand.h>
13 #include <openssl/x509v3.h>
14 #include <openssl/bio.h>
15 #include <openssl/evp.h>
16 
17 
18 typedef struct {
19     SSL             *session;
20     nxt_conn_t      *conn;
21 
22     int             ssl_error;
23     uint8_t         times;      /* 2 bits */
24     uint8_t         handshake;  /* 1 bit  */
25 
26     nxt_tls_conf_t  *conf;
27     nxt_buf_mem_t   buffer;
28 } nxt_openssl_conn_t;
29 
30 
31 typedef enum {
32     NXT_OPENSSL_HANDSHAKE = 0,
33     NXT_OPENSSL_READ,
34     NXT_OPENSSL_WRITE,
35     NXT_OPENSSL_SHUTDOWN,
36 } nxt_openssl_io_t;
37 
38 
39 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
40 static void nxt_openssl_library_free(nxt_task_t *task);
41 #if OPENSSL_VERSION_NUMBER < 0x10100004L
42 static nxt_int_t nxt_openssl_locks_init(void);
43 static void nxt_openssl_lock(int mode, int type, const char *file, int line);
44 static unsigned long nxt_openssl_thread_id(void);
45 static void nxt_openssl_locks_free(void);
46 #endif
47 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
48     nxt_tls_init_t *tls_init, nxt_bool_t last);
49 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx,
50     nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single);
51 #if (NXT_HAVE_OPENSSL_CONF_CMD)
52 static nxt_int_t nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx,
53     nxt_conf_value_t *value, nxt_mp_t *mp);
54 #endif
55 #if (NXT_HAVE_OPENSSL_TLSEXT)
56 static nxt_int_t nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx,
57     nxt_tls_init_t *tls_init, nxt_mp_t *mp);
58 static int nxt_tls_ticket_key_callback(SSL *s, unsigned char *name,
59     unsigned char *iv, EVP_CIPHER_CTX *ectx,HMAC_CTX *hctx, int enc);
60 #endif
61 static void nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size,
62     time_t timeout);
63 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert,
64     nxt_tls_conf_t *conf, nxt_mp_t *mp);
65 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq,
66     void *data);
67 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task,
68     nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp);
69 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg);
70 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf,
71     nxt_str_t *sn);
72 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
73 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
74     nxt_conn_t *c);
75 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
76 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
77 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
78 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
79     void *buf, size_t size);
80 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
81     void *data);
82 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
83     int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
84 static void nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj,
85     void *data);
86 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
87     nxt_err_t err, const char *fmt, ...);
88 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
89 
90 
91 const nxt_tls_lib_t  nxt_openssl_lib = {
92     .library_init = nxt_openssl_library_init,
93     .library_free = nxt_openssl_library_free,
94 
95     .server_init = nxt_openssl_server_init,
96     .server_free = nxt_openssl_server_free,
97 };
98 
99 
100 static nxt_conn_io_t  nxt_openssl_conn_io = {
101     .read = nxt_conn_io_read,
102     .recvbuf = nxt_openssl_conn_io_recvbuf,
103 
104     .write = nxt_conn_io_write,
105     .sendbuf = nxt_openssl_conn_io_sendbuf,
106 
107     .shutdown = nxt_openssl_conn_io_shutdown,
108 };
109 
110 
111 static long  nxt_openssl_version;
112 static int   nxt_openssl_connection_index;
113 
114 
115 static nxt_int_t
116 nxt_openssl_library_init(nxt_task_t *task)
117 {
118     int  index;
119 
120     if (nxt_fast_path(nxt_openssl_version != 0)) {
121         return NXT_OK;
122     }
123 
124 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
125 
126     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
127 
128 #else
129     {
130         nxt_int_t  ret;
131 
132         SSL_load_error_strings();
133 
134         OPENSSL_config(NULL);
135 
136         /*
137          * SSL_library_init(3):
138          *
139          *   SSL_library_init() always returns "1",
140          *   so it is safe to discard the return value.
141          */
142         (void) SSL_library_init();
143 
144         ret = nxt_openssl_locks_init();
145         if (nxt_slow_path(ret != NXT_OK)) {
146             return ret;
147         }
148     }
149 
150 #endif
151 
152     nxt_openssl_version = SSLeay();
153 
154     nxt_log(task, NXT_LOG_INFO, "%s, %xl",
155             SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
156 
157 #ifndef SSL_OP_NO_COMPRESSION
158     {
159         /*
160          * Disable gzip compression in OpenSSL prior to 1.0.0
161          * version, this saves about 522K per connection.
162          */
163         int                 n;
164         STACK_OF(SSL_COMP)  *ssl_comp_methods;
165 
166         ssl_comp_methods = SSL_COMP_get_compression_methods();
167 
168         for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
169             (void) sk_SSL_COMP_pop(ssl_comp_methods);
170         }
171     }
172 #endif
173 
174     index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
175 
176     if (index == -1) {
177         nxt_openssl_log_error(task, NXT_LOG_ALERT,
178                               "SSL_get_ex_new_index() failed");
179         return NXT_ERROR;
180     }
181 
182     nxt_openssl_connection_index = index;
183 
184     return NXT_OK;
185 }
186 
187 
188 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
189 
190 static void
191 nxt_openssl_library_free(nxt_task_t *task)
192 {
193 }
194 
195 #else
196 
197 static nxt_thread_mutex_t  *nxt_openssl_locks;
198 
199 static nxt_int_t
200 nxt_openssl_locks_init(void)
201 {
202     int        i, n;
203     nxt_int_t  ret;
204 
205     n = CRYPTO_num_locks();
206 
207     nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
208     if (nxt_slow_path(nxt_openssl_locks == NULL)) {
209         return NXT_ERROR;
210     }
211 
212     for (i = 0; i < n; i++) {
213         ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
214         if (nxt_slow_path(ret != NXT_OK)) {
215             return ret;
216         }
217     }
218 
219     CRYPTO_set_locking_callback(nxt_openssl_lock);
220 
221     CRYPTO_set_id_callback(nxt_openssl_thread_id);
222 
223     return NXT_OK;
224 }
225 
226 
227 static void
228 nxt_openssl_lock(int mode, int type, const char *file, int line)
229 {
230     nxt_thread_mutex_t  *lock;
231 
232     lock = &nxt_openssl_locks[type];
233 
234     if ((mode & CRYPTO_LOCK) != 0) {
235         (void) nxt_thread_mutex_lock(lock);
236 
237     } else {
238         (void) nxt_thread_mutex_unlock(lock);
239     }
240 }
241 
242 
243 static u_long
244 nxt_openssl_thread_id(void)
245 {
246     return (u_long) nxt_thread_handle();
247 }
248 
249 
250 static void
251 nxt_openssl_library_free(nxt_task_t *task)
252 {
253     nxt_openssl_locks_free();
254 }
255 
256 
257 static void
258 nxt_openssl_locks_free(void)
259 {
260     int  i, n;
261 
262     n = CRYPTO_num_locks();
263 
264     CRYPTO_set_locking_callback(NULL);
265 
266     for (i = 0; i < n; i++) {
267         nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
268     }
269 
270     OPENSSL_free(nxt_openssl_locks);
271 }
272 
273 #endif
274 
275 
276 static nxt_int_t
277 nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
278     nxt_tls_init_t *tls_init, nxt_bool_t last)
279 {
280     SSL_CTX                *ctx;
281     const char             *ciphers, *ca_certificate;
282     nxt_tls_conf_t         *conf;
283     STACK_OF(X509_NAME)    *list;
284     nxt_tls_bundle_conf_t  *bundle;
285 
286     ctx = SSL_CTX_new(SSLv23_server_method());
287     if (ctx == NULL) {
288         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
289         return NXT_ERROR;
290     }
291 
292     conf = tls_init->conf;
293 
294     bundle = conf->bundle;
295     nxt_assert(bundle != NULL);
296 
297     bundle->ctx = ctx;
298 
299 #ifdef SSL_OP_NO_RENEGOTIATION
300     /* Renegration is not currently supported. */
301     SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
302 #endif
303 
304 #ifdef SSL_OP_NO_COMPRESSION
305     /*
306      * Disable gzip compression in OpenSSL 1.0.0,
307      * this saves about 522K per connection.
308      */
309     SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
310 #endif
311 
312 #ifdef SSL_MODE_RELEASE_BUFFERS
313 
314     if (nxt_openssl_version >= 10001078) {
315         /*
316          * Allow to release read and write buffers in OpenSSL 1.0.0,
317          * this saves about 34K per idle connection.  It is not safe
318          * before OpenSSL 1.0.1h (CVE-2010-5298).
319          */
320         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
321     }
322 
323 #endif
324 
325     if (nxt_openssl_chain_file(task, ctx, conf, mp,
326                                last && bundle->next == NULL)
327         != NXT_OK)
328     {
329         goto fail;
330     }
331 /*
332     key = conf->certificate_key;
333 
334     if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
335         nxt_openssl_log_error(task, NXT_LOG_ALERT,
336                               "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
337                               key);
338         goto fail;
339     }
340 */
341 
342     ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
343 
344     if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
345         nxt_openssl_log_error(task, NXT_LOG_ALERT,
346                               "SSL_CTX_set_cipher_list(\"%s\") failed",
347                               ciphers);
348         goto fail;
349     }
350 
351 #if (NXT_HAVE_OPENSSL_CONF_CMD)
352     if (tls_init->conf_cmds != NULL
353         && nxt_ssl_conf_commands(task, ctx, tls_init->conf_cmds, mp) != NXT_OK)
354     {
355         goto fail;
356     }
357 #endif
358 
359     nxt_ssl_session_cache(ctx, tls_init->cache_size, tls_init->timeout);
360 
361 #if (NXT_HAVE_OPENSSL_TLSEXT)
362     if (nxt_tls_ticket_keys(task, ctx, tls_init, mp) != NXT_OK) {
363         goto fail;
364     }
365 #endif
366 
367     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
368 
369     if (conf->ca_certificate != NULL) {
370 
371         /* TODO: verify callback */
372         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
373 
374         /* TODO: verify depth */
375         SSL_CTX_set_verify_depth(ctx, 1);
376 
377         ca_certificate = conf->ca_certificate;
378 
379         if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
380             nxt_openssl_log_error(task, NXT_LOG_ALERT,
381                               "SSL_CTX_load_verify_locations(\"%s\") failed",
382                               ca_certificate);
383             goto fail;
384         }
385 
386         list = SSL_load_client_CA_file(ca_certificate);
387 
388         if (list == NULL) {
389             nxt_openssl_log_error(task, NXT_LOG_ALERT,
390                               "SSL_load_client_CA_file(\"%s\") failed",
391                               ca_certificate);
392             goto fail;
393         }
394 
395         /*
396          * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
397          * 0.9.8 versions always leaves an error in the error queue.
398          */
399         ERR_clear_error();
400 
401         SSL_CTX_set_client_CA_list(ctx, list);
402     }
403 
404     if (last) {
405         conf->conn_init = nxt_openssl_conn_init;
406 
407         if (bundle->next != NULL) {
408             SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername);
409         }
410     }
411 
412     return NXT_OK;
413 
414 fail:
415 
416     SSL_CTX_free(ctx);
417 
418 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
419      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
420     RAND_keep_random_devices_open(0);
421 #endif
422 
423     return NXT_ERROR;
424 }
425 
426 
427 static nxt_int_t
428 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf,
429     nxt_mp_t *mp, nxt_bool_t single)
430 {
431     BIO                    *bio;
432     X509                   *cert, *ca;
433     long                   reason;
434     EVP_PKEY               *key;
435     nxt_int_t              ret;
436     nxt_tls_bundle_conf_t  *bundle;
437 
438     ret = NXT_ERROR;
439     cert = NULL;
440 
441     bio = BIO_new(BIO_s_fd());
442     if (bio == NULL) {
443         goto end;
444     }
445 
446     bundle = conf->bundle;
447 
448     BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE);
449 
450     cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
451     if (cert == NULL) {
452         goto end;
453     }
454 
455     if (SSL_CTX_use_certificate(ctx, cert) != 1) {
456         goto end;
457     }
458 
459     if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) {
460         goto clean;
461     }
462 
463     for ( ;; ) {
464         ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
465 
466         if (ca == NULL) {
467             reason = ERR_GET_REASON(ERR_peek_last_error());
468             if (reason != PEM_R_NO_START_LINE) {
469                 goto end;
470             }
471 
472             ERR_clear_error();
473             break;
474         }
475 
476         /*
477          * Note that ca isn't freed if it was successfully added to the chain,
478          * while the main certificate needs a X509_free() call, since
479          * its reference count is increased by SSL_CTX_use_certificate().
480          */
481 #ifdef SSL_CTX_add0_chain_cert
482         if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
483 #else
484         if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
485 #endif
486             X509_free(ca);
487             goto end;
488         }
489     }
490 
491     if (BIO_reset(bio) != 0) {
492         goto end;
493     }
494 
495     key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
496     if (key == NULL) {
497         goto end;
498     }
499 
500     if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
501         ret = NXT_OK;
502     }
503 
504     EVP_PKEY_free(key);
505 
506 end:
507 
508     if (ret != NXT_OK) {
509         nxt_openssl_log_error(task, NXT_LOG_ALERT,
510                               "nxt_openssl_chain_file() failed");
511     }
512 
513 clean:
514 
515     BIO_free(bio);
516     X509_free(cert);
517 
518     return ret;
519 }
520 
521 
522 #if (NXT_HAVE_OPENSSL_CONF_CMD)
523 
524 static nxt_int_t
525 nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, nxt_conf_value_t *conf,
526     nxt_mp_t *mp)
527 {
528     int               ret;
529     char              *zcmd, *zvalue;
530     uint32_t          index;
531     nxt_str_t         cmd, value;
532     SSL_CONF_CTX      *cctx;
533     nxt_conf_value_t  *member;
534 
535     cctx = SSL_CONF_CTX_new();
536     if (nxt_slow_path(cctx == NULL)) {
537         nxt_openssl_log_error(task, NXT_LOG_ALERT,
538                               "SSL_CONF_CTX_new() failed");
539         return NXT_ERROR;
540     }
541 
542     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE
543                                  | SSL_CONF_FLAG_SERVER
544                                  | SSL_CONF_FLAG_CERTIFICATE
545                                  | SSL_CONF_FLAG_SHOW_ERRORS);
546 
547     SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
548 
549     index = 0;
550 
551     for ( ;; ) {
552         member = nxt_conf_next_object_member(conf, &cmd, &index);
553         if (nxt_slow_path(member == NULL)) {
554             break;
555         }
556 
557         nxt_conf_get_string(member, &value);
558 
559         zcmd = nxt_str_cstrz(mp, &cmd);
560         zvalue = nxt_str_cstrz(mp, &value);
561 
562         if (nxt_slow_path(zcmd == NULL || zvalue == NULL)) {
563             goto fail;
564         }
565 
566         ret = SSL_CONF_cmd(cctx, zcmd, zvalue);
567         if (ret == -2) {
568             nxt_openssl_log_error(task, NXT_LOG_ERR,
569                                   "unknown command \"%s\" in "
570                                   "\"conf_commands\" option", zcmd);
571             goto fail;
572         }
573 
574         if (ret <= 0) {
575             nxt_openssl_log_error(task, NXT_LOG_ERR,
576                                   "invalid value \"%s\" for command \"%s\" "
577                                   "in \"conf_commands\" option",
578                                   zvalue, zcmd);
579             goto fail;
580         }
581 
582         nxt_debug(task, "SSL_CONF_cmd(\"%s\", \"%s\")", zcmd, zvalue);
583     }
584 
585     if (SSL_CONF_CTX_finish(cctx) != 1) {
586         nxt_openssl_log_error(task, NXT_LOG_ALERT,
587                               "SSL_CONF_finish() failed");
588         goto fail;
589     }
590 
591     SSL_CONF_CTX_free(cctx);
592 
593     return NXT_OK;
594 
595 fail:
596 
597     SSL_CONF_CTX_free(cctx);
598 
599     return NXT_ERROR;
600 }
601 
602 #endif
603 
604 #if (NXT_HAVE_OPENSSL_TLSEXT)
605 
606 static nxt_int_t
607 nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init,
608     nxt_mp_t *mp)
609 {
610     uint32_t           i;
611     nxt_int_t          ret;
612     nxt_str_t          value;
613     nxt_uint_t         count;
614     nxt_conf_value_t   *member, *tickets_conf;
615     nxt_tls_ticket_t   *ticket;
616     nxt_tls_tickets_t  *tickets;
617     u_char             buf[80];
618 
619     tickets_conf = tls_init->tickets_conf;
620 
621     if (tickets_conf == NULL) {
622         goto no_ticket;
623     }
624 
625     if (nxt_conf_type(tickets_conf) == NXT_CONF_BOOLEAN) {
626         if (nxt_conf_get_boolean(tickets_conf) == 0) {
627             goto no_ticket;
628         }
629 
630         return NXT_OK;
631     }
632 
633     if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) {
634         count = nxt_conf_array_elements_count(tickets_conf);
635 
636         if (count == 0) {
637             goto no_ticket;
638         }
639 
640     } else {
641         /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
642         count = 1;
643     }
644 
645 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
646 
647     tickets = nxt_mp_get(mp, sizeof(nxt_tls_tickets_t)
648                              + count * sizeof(nxt_tls_ticket_t));
649     if (nxt_slow_path(tickets == NULL)) {
650         return NXT_ERROR;
651     }
652 
653     tickets->count = count;
654     tls_init->conf->tickets = tickets;
655     i = 0;
656 
657     do {
658         ticket = &tickets->tickets[i];
659 
660         i++;
661 
662         if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) {
663             member = nxt_conf_get_array_element(tickets_conf, count - i);
664             if (member == NULL) {
665                 break;
666             }
667 
668         } else {
669             /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
670             member = tickets_conf;
671         }
672 
673         nxt_conf_get_string(member, &value);
674 
675         ret = nxt_openssl_base64_decode(buf, 80, value.start, value.length);
676         if (nxt_slow_path(ret == NXT_ERROR)) {
677             return NXT_ERROR;
678         }
679 
680         if (ret == 48) {
681             ticket->aes128 = 1;
682             nxt_memcpy(ticket->aes_key, buf + 16, 16);
683             nxt_memcpy(ticket->hmac_key, buf + 32, 16);
684 
685         } else {
686             ticket->aes128 = 0;
687             nxt_memcpy(ticket->hmac_key, buf + 16, 32);
688             nxt_memcpy(ticket->aes_key, buf + 48, 32);
689         }
690 
691         nxt_memcpy(ticket->name, buf, 16);
692     } while (i < count);
693 
694     if (SSL_CTX_set_tlsext_ticket_key_cb(ctx, nxt_tls_ticket_key_callback)
695         == 0)
696     {
697         nxt_openssl_log_error(task, NXT_LOG_ALERT,
698                       "Unit was built with Session Tickets support, however, "
699                       "now it is linked dynamically to an OpenSSL library "
700                       "which has no tlsext support, therefore Session Tickets "
701                       "are not available");
702 
703         return NXT_ERROR;
704     }
705 
706     return NXT_OK;
707 
708 #else
709     nxt_alert(task, "Setting custom session ticket keys is not supported with "
710                     "this version of OpenSSL library");
711 
712     return NXT_ERROR;
713 
714 #endif
715 
716 no_ticket:
717 
718     SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
719 
720     return NXT_OK;
721 }
722 
723 
724 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
725 
726 static int
727 nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv,
728     EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
729 {
730     size_t              size;
731     nxt_uint_t          i;
732     nxt_conn_t          *c;
733     const EVP_MD        *digest;
734     const EVP_CIPHER    *cipher;
735     nxt_tls_ticket_t    *ticket;
736     nxt_openssl_conn_t  *tls;
737 
738     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
739 
740     if (nxt_slow_path(c == NULL)) {
741         nxt_thread_log_alert("SSL_get_ex_data() failed");
742         return -1;
743     }
744 
745     tls = c->u.tls;
746     ticket = tls->conf->tickets->tickets;
747 
748 #ifdef OPENSSL_NO_SHA256
749     digest = EVP_sha1();
750 #else
751     digest = EVP_sha256();
752 #endif
753 
754     if (enc == 1) {
755         /* encrypt session ticket */
756 
757         nxt_debug(c->socket.task, "TLS session ticket encrypt");
758 
759         if (ticket[0].aes128 == 1) {
760             cipher = EVP_aes_128_cbc();
761             size = 16;
762 
763         } else {
764             cipher = EVP_aes_256_cbc();
765             size = 32;
766         }
767 
768         if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) {
769             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
770                                   "RAND_bytes() failed");
771             return -1;
772         }
773 
774         if (EVP_EncryptInit_ex(ectx, cipher, NULL, ticket[0].aes_key, iv)
775             != 1)
776         {
777             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
778                                   "EVP_EncryptInit_ex() failed");
779             return -1;
780         }
781 
782         if (HMAC_Init_ex(hctx, ticket[0].hmac_key, size, digest, NULL) != 1) {
783             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
784                                   "HMAC_Init_ex() failed");
785             return -1;
786         }
787 
788         nxt_memcpy(name, ticket[0].name, 16);
789 
790         return 1;
791 
792     } else {
793         /* decrypt session ticket */
794 
795         for (i = 0; i < tls->conf->tickets->count; i++) {
796             if (nxt_memcmp(name, ticket[i].name, 16) == 0) {
797                 goto found;
798             }
799         }
800 
801         nxt_debug(c->socket.task, "TLS session ticket decrypt, key not found");
802 
803         return 0;
804 
805     found:
806 
807         nxt_debug(c->socket.task,
808                   "TLS session ticket decrypt, key number: \"%d\"", i);
809 
810         if (ticket[i].aes128 == 1) {
811             cipher = EVP_aes_128_cbc();
812             size = 16;
813 
814         } else {
815             cipher = EVP_aes_256_cbc();
816             size = 32;
817         }
818 
819         if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1) {
820             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
821                                   "EVP_DecryptInit_ex() failed");
822             return -1;
823         }
824 
825         if (HMAC_Init_ex(hctx, ticket[i].hmac_key, size, digest, NULL) != 1) {
826             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
827                                   "HMAC_Init_ex() failed");
828             return -1;
829         }
830 
831         return (i == 0) ? 1 : 2 /* renew */;
832     }
833 }
834 
835 #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
836 
837 #endif /* NXT_HAVE_OPENSSL_TLSEXT */
838 
839 
840 static void
841 nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, time_t timeout)
842 {
843     if (cache_size == 0) {
844         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
845         return;
846     }
847 
848     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
849 
850     SSL_CTX_sess_set_cache_size(ctx, cache_size);
851 
852     SSL_CTX_set_timeout(ctx, (long) timeout);
853 }
854 
855 
856 static nxt_uint_t
857 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf,
858     nxt_mp_t *mp)
859 {
860     int                         len;
861     nxt_str_t                   domain, str;
862     X509_NAME                   *x509_name;
863     nxt_uint_t                  i, n;
864     GENERAL_NAME                *name;
865     nxt_tls_bundle_conf_t       *bundle;
866     STACK_OF(GENERAL_NAME)      *alt_names;
867     nxt_tls_bundle_hash_item_t  *item;
868 
869     bundle = conf->bundle;
870 
871     alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
872 
873     if (alt_names != NULL) {
874         n = sk_GENERAL_NAME_num(alt_names);
875 
876         for (i = 0; i != n; i++) {
877             name = sk_GENERAL_NAME_value(alt_names, i);
878 
879             if (name->type != GEN_DNS) {
880                 continue;
881             }
882 
883             str.length = ASN1_STRING_length(name->d.dNSName);
884 #if OPENSSL_VERSION_NUMBER > 0x10100000L
885             str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
886 #else
887             str.start = ASN1_STRING_data(name->d.dNSName);
888 #endif
889 
890             domain.start = nxt_mp_nget(mp, str.length);
891             if (nxt_slow_path(domain.start == NULL)) {
892                 goto fail;
893             }
894 
895             domain.length = str.length;
896             nxt_memcpy_lowcase(domain.start, str.start, str.length);
897 
898             item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
899             if (nxt_slow_path(item == NULL)) {
900                 goto fail;
901             }
902 
903             item->name = domain;
904             item->bundle = bundle;
905 
906             if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash,
907                                                item, mp)
908                 == NXT_ERROR)
909             {
910                 goto fail;
911             }
912         }
913 
914         sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
915 
916     } else {
917         x509_name = X509_get_subject_name(cert);
918         len = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
919                                         NULL, 0);
920         if (len <= 0) {
921             nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither "
922                     "Subject Alternative Name nor Common Name", &bundle->name);
923             return NXT_OK;
924         }
925 
926         domain.start = nxt_mp_nget(mp, len + 1);
927         if (nxt_slow_path(domain.start == NULL)) {
928             return NXT_ERROR;
929         }
930 
931         domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
932                                                   (char *) domain.start,
933                                                   len + 1);
934         nxt_memcpy_lowcase(domain.start, domain.start, domain.length);
935 
936         item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
937         if (nxt_slow_path(item == NULL)) {
938             return NXT_ERROR;
939         }
940 
941         item->name = domain;
942         item->bundle = bundle;
943 
944         if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item,
945                                            mp)
946             == NXT_ERROR)
947         {
948             return NXT_ERROR;
949         }
950     }
951 
952     return NXT_OK;
953 
954 fail:
955 
956     sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
957 
958     return NXT_ERROR;
959 }
960 
961 
962 static const nxt_lvlhsh_proto_t  nxt_openssl_bundle_hash_proto
963     nxt_aligned(64) =
964 {
965     NXT_LVLHSH_DEFAULT,
966     nxt_openssl_bundle_hash_test,
967     nxt_mp_lvlhsh_alloc,
968     nxt_mp_lvlhsh_free,
969 };
970 
971 
972 static nxt_int_t
973 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data)
974 {
975     nxt_tls_bundle_hash_item_t  *item;
976 
977     item = data;
978 
979     return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED;
980 }
981 
982 
983 static nxt_int_t
984 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh,
985     nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp)
986 {
987     nxt_str_t                   str;
988     nxt_int_t                   ret;
989     nxt_lvlhsh_query_t          lhq;
990     nxt_tls_bundle_hash_item_t  *old;
991 
992     str = item->name;
993 
994     if (item->name.start[0] == '*') {
995         item->name.start++;
996         item->name.length--;
997 
998         if (item->name.length == 0 || item->name.start[0] != '.') {
999             nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" "
1000                     "in certificate \"%V\": missing \".\" "
1001                     "after wildcard symbol", &str, &item->bundle->name);
1002             return NXT_OK;
1003         }
1004     }
1005 
1006     lhq.pool = mp;
1007     lhq.key = item->name;
1008     lhq.value = item;
1009     lhq.proto = &nxt_openssl_bundle_hash_proto;
1010     lhq.replace = 0;
1011     lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length);
1012 
1013     ret = nxt_lvlhsh_insert(lvlhsh, &lhq);
1014     if (nxt_fast_path(ret == NXT_OK)) {
1015         nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted",
1016                   &str, &item->bundle->name);
1017         return NXT_OK;
1018     }
1019 
1020     if (nxt_fast_path(ret == NXT_DECLINED)) {
1021         old = lhq.value;
1022         if (old->bundle != item->bundle) {
1023             nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" "
1024                     "in certificate \"%V\", identical name appears in \"%V\"",
1025                     &str, &old->bundle->name, &item->bundle->name);
1026 
1027             old->bundle = item->bundle;
1028         }
1029 
1030         return NXT_OK;
1031     }
1032 
1033     return NXT_ERROR;
1034 }
1035 
1036 
1037 static nxt_int_t
1038 nxt_openssl_servername(SSL *s, int *ad, void *arg)
1039 {
1040     nxt_str_t              str;
1041     nxt_uint_t             i;
1042     nxt_conn_t             *c;
1043     const char             *servername;
1044     nxt_tls_conf_t         *conf;
1045     nxt_openssl_conn_t     *tls;
1046     nxt_tls_bundle_conf_t  *bundle;
1047 
1048     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
1049 
1050     if (nxt_slow_path(c == NULL)) {
1051         nxt_thread_log_alert("SSL_get_ex_data() failed");
1052         return SSL_TLSEXT_ERR_ALERT_FATAL;
1053     }
1054 
1055     servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
1056 
1057     if (servername == NULL) {
1058         nxt_debug(c->socket.task, "SSL_get_servername(): NULL");
1059         goto done;
1060     }
1061 
1062     str.length = nxt_strlen(servername);
1063     if (str.length == 0) {
1064         nxt_debug(c->socket.task, "SSL_get_servername(): \"\" is empty");
1065         goto done;
1066     }
1067 
1068     if (servername[0] == '.') {
1069         nxt_debug(c->socket.task, "ignored the server name \"%s\": "
1070                                   "leading \".\"", servername);
1071         goto done;
1072     }
1073 
1074     nxt_debug(c->socket.task, "tls with servername \"%s\"", servername);
1075 
1076     str.start = nxt_mp_nget(c->mem_pool, str.length);
1077     if (nxt_slow_path(str.start == NULL)) {
1078         return SSL_TLSEXT_ERR_ALERT_FATAL;
1079     }
1080 
1081     nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length);
1082 
1083     tls = c->u.tls;
1084     conf = tls->conf;
1085 
1086     bundle = nxt_openssl_find_ctx(conf, &str);
1087 
1088     if (bundle == NULL) {
1089         for (i = 1; i < str.length; i++) {
1090             if (str.start[i] == '.') {
1091                 str.start += i;
1092                 str.length -= i;
1093 
1094                 bundle = nxt_openssl_find_ctx(conf, &str);
1095                 break;
1096             }
1097         }
1098     }
1099 
1100     if (bundle != NULL) {
1101         nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" "
1102                                   "(old: \"%V\")", &str, &bundle->name,
1103                                   &conf->bundle->name);
1104 
1105         if (bundle != conf->bundle) {
1106             if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) {
1107                 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
1108                                       "SSL_set_SSL_CTX() failed");
1109 
1110                 return SSL_TLSEXT_ERR_ALERT_FATAL;
1111             }
1112         }
1113     }
1114 
1115 done:
1116 
1117     return SSL_TLSEXT_ERR_OK;
1118 }
1119 
1120 
1121 static nxt_tls_bundle_conf_t *
1122 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn)
1123 {
1124     nxt_int_t                   ret;
1125     nxt_lvlhsh_query_t          lhq;
1126     nxt_tls_bundle_hash_item_t  *item;
1127 
1128     lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length);
1129     lhq.key = *sn;
1130     lhq.proto = &nxt_openssl_bundle_hash_proto;
1131 
1132     ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq);
1133     if (ret != NXT_OK) {
1134         return NULL;
1135     }
1136 
1137     item = lhq.value;
1138 
1139     return item->bundle;
1140 }
1141 
1142 
1143 static void
1144 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
1145 {
1146     nxt_tls_bundle_conf_t  *bundle;
1147 
1148     bundle = conf->bundle;
1149     nxt_assert(bundle != NULL);
1150 
1151     do {
1152         SSL_CTX_free(bundle->ctx);
1153         bundle = bundle->next;
1154     } while (bundle != NULL);
1155 
1156     if (conf->tickets) {
1157         nxt_memzero(conf->tickets->tickets,
1158                     conf->tickets->count * sizeof(nxt_tls_ticket_t));
1159     }
1160 
1161 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
1162      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
1163     RAND_keep_random_devices_open(0);
1164 #endif
1165 }
1166 
1167 
1168 static void
1169 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c)
1170 {
1171     int                 ret;
1172     SSL                 *s;
1173     SSL_CTX             *ctx;
1174     nxt_openssl_conn_t  *tls;
1175 
1176     nxt_log_debug(c->socket.log, "openssl conn init");
1177 
1178     tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t));
1179     if (tls == NULL) {
1180         goto fail;
1181     }
1182 
1183     c->u.tls = tls;
1184     nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size);
1185 
1186     ctx = conf->bundle->ctx;
1187 
1188     s = SSL_new(ctx);
1189     if (s == NULL) {
1190         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed");
1191         goto fail;
1192     }
1193 
1194     tls->session = s;
1195     /* To pass TLS config to the nxt_openssl_servername() callback. */
1196     tls->conf = conf;
1197     tls->conn = c;
1198 
1199     ret = SSL_set_fd(s, c->socket.fd);
1200 
1201     if (ret == 0) {
1202         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed",
1203                               c->socket.fd);
1204         goto fail;
1205     }
1206 
1207     SSL_set_accept_state(s);
1208 
1209     if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
1210         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed");
1211         goto fail;
1212     }
1213 
1214     c->io = &nxt_openssl_conn_io;
1215     c->sendfile = NXT_CONN_SENDFILE_OFF;
1216 
1217     nxt_openssl_conn_handshake(task, c, c->socket.data);
1218 
1219     return;
1220 
1221 fail:
1222 
1223     nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
1224                        task, c, c->socket.data);
1225 }
1226 
1227 
1228 nxt_inline void
1229 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
1230 {
1231     nxt_openssl_conn_t  *tls;
1232 
1233     nxt_debug(task, "openssl conn free");
1234 
1235     tls = c->u.tls;
1236 
1237     if (tls != NULL) {
1238         c->u.tls = NULL;
1239         nxt_free(tls->buffer.start);
1240         SSL_free(tls->session);
1241     }
1242 }
1243 
1244 
1245 static void
1246 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
1247 {
1248     int                     ret;
1249     nxt_int_t               n;
1250     nxt_err_t               err;
1251     nxt_conn_t              *c;
1252     nxt_work_queue_t        *wq;
1253     nxt_work_handler_t      handler;
1254     nxt_openssl_conn_t      *tls;
1255     const nxt_conn_state_t  *state;
1256 
1257     c = obj;
1258 
1259     nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
1260 
1261     if (c->socket.error != 0) {
1262         return;
1263     }
1264 
1265     tls = c->u.tls;
1266 
1267     if (tls == NULL) {
1268         return;
1269     }
1270 
1271     nxt_debug(task, "openssl conn handshake: %d times", tls->times);
1272 
1273     /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
1274 
1275     ret = SSL_do_handshake(tls->session);
1276 
1277     err = (ret <= 0) ? nxt_socket_errno : 0;
1278 
1279     nxt_thread_time_debug_update(task->thread);
1280 
1281     nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err);
1282 
1283     state = (c->read_state != NULL) ? c->read_state : c->write_state;
1284 
1285     if (ret > 0) {
1286         /* ret == 1, the handshake was successfully completed. */
1287         tls->handshake = 1;
1288 
1289         if (c->read_state != NULL) {
1290             if (state->io_read_handler != NULL || c->read != NULL) {
1291                 nxt_conn_read(task->thread->engine, c);
1292                 return;
1293             }
1294 
1295         } else {
1296             if (c->write != NULL) {
1297                 nxt_conn_write(task->thread->engine, c);
1298                 return;
1299             }
1300         }
1301 
1302         handler = state->ready_handler;
1303 
1304     } else {
1305         c->socket.read_handler = nxt_openssl_conn_handshake;
1306         c->socket.write_handler = nxt_openssl_conn_handshake;
1307 
1308         n = nxt_openssl_conn_test_error(task, c, ret, err,
1309                                         NXT_OPENSSL_HANDSHAKE);
1310         switch (n) {
1311 
1312         case NXT_AGAIN:
1313             if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) {
1314                 tls->times++;
1315             }
1316 
1317             return;
1318 
1319         case 0:
1320             handler = state->close_handler;
1321             break;
1322 
1323         default:
1324         case NXT_ERROR:
1325             nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed",
1326                                    c->socket.fd);
1327 
1328             handler = state->error_handler;
1329             break;
1330         }
1331     }
1332 
1333     wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue;
1334 
1335     nxt_work_queue_add(wq, handler, task, c, data);
1336 }
1337 
1338 
1339 static ssize_t
1340 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b)
1341 {
1342     int                 ret;
1343     size_t              size;
1344     nxt_int_t           n;
1345     nxt_err_t           err;
1346     nxt_openssl_conn_t  *tls;
1347 
1348     tls = c->u.tls;
1349     size = b->mem.end - b->mem.free;
1350 
1351     ret = SSL_read(tls->session, b->mem.free, size);
1352 
1353     err = (ret <= 0) ? nxt_socket_errno : 0;
1354 
1355     nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d",
1356               c->socket.fd, b->mem.free, size, ret, err);
1357 
1358     if (ret > 0) {
1359         return ret;
1360     }
1361 
1362     n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err,
1363                                     NXT_OPENSSL_READ);
1364     if (n == NXT_ERROR) {
1365         nxt_openssl_conn_error(c->socket.task, err,
1366                                "SSL_read(%d, %p, %uz) failed",
1367                                c->socket.fd, b->mem.free, size);
1368     }
1369 
1370     return n;
1371 }
1372 
1373 
1374 static ssize_t
1375 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb)
1376 {
1377     nxt_uint_t    niov;
1378     struct iovec  iov;
1379 
1380     niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1);
1381 
1382     if (niov == 0 && sb->sync) {
1383         return 0;
1384     }
1385 
1386     return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len);
1387 }
1388 
1389 
1390 static ssize_t
1391 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf,
1392     size_t size)
1393 {
1394     int                 ret;
1395     nxt_err_t           err;
1396     nxt_int_t           n;
1397     nxt_conn_t          *c;
1398     nxt_openssl_conn_t  *tls;
1399 
1400     tls = sb->tls;
1401 
1402     ret = SSL_write(tls->session, buf, size);
1403 
1404     err = (ret <= 0) ? nxt_socket_errno : 0;
1405 
1406     nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d",
1407               sb->socket, buf, size, ret, err);
1408 
1409     if (ret > 0) {
1410         return ret;
1411     }
1412 
1413     c = tls->conn;
1414     c->socket.write_ready = sb->ready;
1415 
1416     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE);
1417 
1418     sb->ready = c->socket.write_ready;
1419 
1420     if (n == NXT_ERROR) {
1421         sb->error = c->socket.error;
1422         nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed",
1423                                sb->socket, buf, size);
1424     }
1425 
1426     return n;
1427 }
1428 
1429 
1430 static void
1431 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
1432 {
1433     int                 ret, mode;
1434     SSL                 *s;
1435     nxt_err_t           err;
1436     nxt_int_t           n;
1437     nxt_bool_t          quiet, once;
1438     nxt_conn_t          *c;
1439     nxt_openssl_conn_t  *tls;
1440     nxt_work_handler_t  handler;
1441 
1442     c = obj;
1443 
1444     nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
1445 
1446     c->read_state = NULL;
1447     tls = c->u.tls;
1448 
1449     if (tls == NULL) {
1450         return;
1451     }
1452 
1453     s = tls->session;
1454 
1455     if (s == NULL || !tls->handshake) {
1456         handler = c->write_state->ready_handler;
1457         goto done;
1458     }
1459 
1460     mode = SSL_get_shutdown(s);
1461 
1462     if (c->socket.timedout || c->socket.error != 0) {
1463         quiet = 1;
1464 
1465     } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) {
1466         quiet = 1;
1467 
1468     } else {
1469         quiet = 0;
1470     }
1471 
1472     SSL_set_quiet_shutdown(s, quiet);
1473 
1474     if (tls->conf->no_wait_shutdown) {
1475         mode |= SSL_RECEIVED_SHUTDOWN;
1476     }
1477 
1478     once = 1;
1479 
1480     for ( ;; ) {
1481         SSL_set_shutdown(s, mode);
1482 
1483         ret = SSL_shutdown(s);
1484 
1485         err = (ret <= 0) ? nxt_socket_errno : 0;
1486 
1487         nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d",
1488                   c->socket.fd, mode, quiet, ret, err);
1489 
1490         if (ret > 0) {
1491             /* ret == 1, the shutdown was successfully completed. */
1492             handler = c->write_state->ready_handler;
1493             goto done;
1494         }
1495 
1496         if (ret == 0) {
1497             /*
1498              * If SSL_shutdown() returns 0 then it should be called
1499              * again.  The second SSL_shutdown() call should return
1500              * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE.
1501              * OpenSSL prior to 0.9.8m version however never returns
1502              * -1 at all.  Fortunately, OpenSSL preserves internally
1503              * correct status available via SSL_get_error(-1).
1504              */
1505             if (once) {
1506                 once = 0;
1507                 mode = SSL_get_shutdown(s);
1508                 continue;
1509             }
1510 
1511             ret = -1;
1512         }
1513 
1514         /* ret == -1 */
1515 
1516         break;
1517     }
1518 
1519     c->socket.read_handler = nxt_openssl_conn_io_shutdown;
1520     c->socket.write_handler = nxt_openssl_conn_io_shutdown;
1521     c->socket.error_handler = c->write_state->error_handler;
1522 
1523     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN);
1524 
1525     switch (n) {
1526 
1527     case 0:
1528         handler = c->write_state->close_handler;
1529         break;
1530 
1531     case NXT_AGAIN:
1532         c->write_timer.handler = nxt_openssl_conn_io_shutdown_timeout;
1533         nxt_timer_add(task->thread->engine, &c->write_timer, 5000);
1534         return;
1535 
1536     default:
1537     case NXT_ERROR:
1538         nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed",
1539                                c->socket.fd);
1540         handler = c->write_state->error_handler;
1541     }
1542 
1543 done:
1544 
1545     nxt_openssl_conn_free(task, c);
1546 
1547     nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
1548 }
1549 
1550 
1551 static nxt_int_t
1552 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
1553     nxt_err_t sys_err, nxt_openssl_io_t io)
1554 {
1555     u_long              lib_err;
1556     nxt_openssl_conn_t  *tls;
1557 
1558     tls = c->u.tls;
1559 
1560     tls->ssl_error = SSL_get_error(tls->session, ret);
1561 
1562     nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error);
1563 
1564     switch (tls->ssl_error) {
1565 
1566     case SSL_ERROR_WANT_READ:
1567         c->socket.read_ready = 0;
1568 
1569         if (io != NXT_OPENSSL_READ) {
1570             nxt_fd_event_block_write(task->thread->engine, &c->socket);
1571 
1572             if (nxt_fd_event_is_disabled(c->socket.read)) {
1573                 nxt_fd_event_enable_read(task->thread->engine, &c->socket);
1574             }
1575         }
1576 
1577         return NXT_AGAIN;
1578 
1579     case SSL_ERROR_WANT_WRITE:
1580         c->socket.write_ready = 0;
1581 
1582         if (io != NXT_OPENSSL_WRITE) {
1583             nxt_fd_event_block_read(task->thread->engine, &c->socket);
1584 
1585             if (nxt_fd_event_is_disabled(c->socket.write)) {
1586                 nxt_fd_event_enable_write(task->thread->engine, &c->socket);
1587             }
1588         }
1589 
1590         return NXT_AGAIN;
1591 
1592     case SSL_ERROR_SYSCALL:
1593         lib_err = ERR_peek_error();
1594 
1595         nxt_debug(task, "ERR_peek_error(): %l", lib_err);
1596 
1597         if (sys_err != 0 || lib_err != 0) {
1598             c->socket.error = sys_err;
1599             return NXT_ERROR;
1600         }
1601 
1602         /* A connection was just closed. */
1603         c->socket.closed = 1;
1604         return 0;
1605 
1606     case SSL_ERROR_ZERO_RETURN:
1607         /* A "close notify" alert. */
1608         return 0;
1609 
1610     default: /* SSL_ERROR_SSL, etc. */
1611         c->socket.error = 1000;  /* Nonexistent errno code. */
1612         return NXT_ERROR;
1613     }
1614 }
1615 
1616 
1617 static void
1618 nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, void *data)
1619 {
1620     nxt_conn_t   *c;
1621     nxt_timer_t  *timer;
1622 
1623     timer = obj;
1624 
1625     nxt_debug(task, "openssl conn shutdown timeout");
1626 
1627     c = nxt_write_timer_conn(timer);
1628 
1629     c->socket.timedout = 1;
1630     nxt_openssl_conn_io_shutdown(task, c, NULL);
1631 }
1632 
1633 
1634 static void nxt_cdecl
1635 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...)
1636 {
1637     u_char      *p, *end;
1638     va_list     args;
1639     nxt_uint_t  level;
1640     u_char      msg[NXT_MAX_ERROR_STR];
1641 
1642     level = nxt_openssl_log_error_level(err);
1643 
1644     if (nxt_log_level_enough(task->log, level)) {
1645 
1646         end = msg + sizeof(msg);
1647 
1648         va_start(args, fmt);
1649         p = nxt_vsprintf(msg, end, fmt, args);
1650         va_end(args);
1651 
1652         if (err != 0) {
1653             p = nxt_sprintf(p, end, " %E", err);
1654         }
1655 
1656         p = nxt_openssl_copy_error(p, end);
1657 
1658         nxt_log(task, level, "%*s", p - msg, msg);
1659 
1660     } else {
1661         ERR_clear_error();
1662     }
1663 }
1664 
1665 
1666 static nxt_uint_t
1667 nxt_openssl_log_error_level(nxt_err_t err)
1668 {
1669     switch (ERR_GET_REASON(ERR_peek_error())) {
1670 
1671     case 0:
1672         return nxt_socket_error_level(err);
1673 
1674     case SSL_R_BAD_CHANGE_CIPHER_SPEC:                    /*  103 */
1675     case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:                 /*  129 */
1676     case SSL_R_DIGEST_CHECK_FAILED:                       /*  149 */
1677     case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:             /*  151 */
1678     case SSL_R_EXCESSIVE_MESSAGE_SIZE:                    /*  152 */
1679     case SSL_R_LENGTH_MISMATCH:                           /*  159 */
1680 #ifdef SSL_R_NO_CIPHERS_PASSED
1681     case SSL_R_NO_CIPHERS_PASSED:                         /*  182 */
1682 #endif
1683     case SSL_R_NO_CIPHERS_SPECIFIED:                      /*  183 */
1684     case SSL_R_NO_COMPRESSION_SPECIFIED:                  /*  187 */
1685     case SSL_R_NO_SHARED_CIPHER:                          /*  193 */
1686     case SSL_R_RECORD_LENGTH_MISMATCH:                    /*  213 */
1687 #ifdef SSL_R_PARSE_TLSEXT
1688     case SSL_R_PARSE_TLSEXT:                              /*  227 */
1689 #endif
1690     case SSL_R_UNEXPECTED_MESSAGE:                        /*  244 */
1691     case SSL_R_UNEXPECTED_RECORD:                         /*  245 */
1692     case SSL_R_UNKNOWN_ALERT_TYPE:                        /*  246 */
1693     case SSL_R_UNKNOWN_PROTOCOL:                          /*  252 */
1694     case SSL_R_WRONG_VERSION_NUMBER:                      /*  267 */
1695     case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:       /*  281 */
1696 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
1697     case SSL_R_RENEGOTIATE_EXT_TOO_LONG:                  /*  335 */
1698     case SSL_R_RENEGOTIATION_ENCODING_ERR:                /*  336 */
1699     case SSL_R_RENEGOTIATION_MISMATCH:                    /*  337 */
1700 #endif
1701 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
1702     case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:      /*  338 */
1703 #endif
1704 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
1705     case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:          /*  345 */
1706 #endif
1707     case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
1708     case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:            /* 1010 */
1709     case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:                /* 1020 */
1710     case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED:             /* 1021 */
1711     case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:               /* 1022 */
1712     case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:         /* 1030 */
1713     case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:             /* 1040 */
1714     case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:             /* 1047 */
1715         break;
1716 
1717     case SSL_R_SSLV3_ALERT_NO_CERTIFICATE:                /* 1041 */
1718     case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:               /* 1042 */
1719     case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:       /* 1043 */
1720     case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:           /* 1044 */
1721     case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:           /* 1045 */
1722     case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:           /* 1046 */
1723     case SSL_R_TLSV1_ALERT_UNKNOWN_CA:                    /* 1048 */
1724     case SSL_R_TLSV1_ALERT_ACCESS_DENIED:                 /* 1049 */
1725     case SSL_R_TLSV1_ALERT_DECODE_ERROR:                  /* 1050 */
1726     case SSL_R_TLSV1_ALERT_DECRYPT_ERROR:                 /* 1051 */
1727     case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:            /* 1060 */
1728     case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:              /* 1070 */
1729     case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:         /* 1071 */
1730     case SSL_R_TLSV1_ALERT_INTERNAL_ERROR:                /* 1080 */
1731     case SSL_R_TLSV1_ALERT_USER_CANCELLED:                /* 1090 */
1732     case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:              /* 1100 */
1733         return NXT_LOG_ERR;
1734 
1735     default:
1736         return NXT_LOG_ALERT;
1737     }
1738 
1739     return NXT_LOG_INFO;
1740 }
1741 
1742 
1743 void nxt_cdecl
1744 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...)
1745 {
1746     u_char   *p, *end;
1747     va_list  args;
1748     u_char   msg[NXT_MAX_ERROR_STR];
1749 
1750     end = msg + sizeof(msg);
1751 
1752     va_start(args, fmt);
1753     p = nxt_vsprintf(msg, end, fmt, args);
1754     va_end(args);
1755 
1756     p = nxt_openssl_copy_error(p, end);
1757 
1758     nxt_log(task, level, "%*s", p - msg, msg);
1759 }
1760 
1761 
1762 u_char *
1763 nxt_openssl_copy_error(u_char *p, u_char *end)
1764 {
1765     int         flags;
1766     u_long      err;
1767     nxt_bool_t  clear;
1768     const char  *data, *delimiter;
1769 
1770     err = ERR_peek_error();
1771     if (err == 0) {
1772         return p;
1773     }
1774 
1775     /* Log the most relevant error message ... */
1776     data = ERR_reason_error_string(err);
1777 
1778     p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data);
1779 
1780     /*
1781      * ... followed by all queued cumbersome OpenSSL error messages
1782      * and drain the error queue.
1783      */
1784     delimiter = "";
1785     clear = 0;
1786 
1787     for ( ;; ) {
1788         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
1789         if (err == 0) {
1790             break;
1791         }
1792 
1793         p = nxt_sprintf(p, end, "%s", delimiter);
1794 
1795         ERR_error_string_n(err, (char *) p, end - p);
1796 
1797         while (p < end && *p != '\0') {
1798             p++;
1799         }
1800 
1801         if ((flags & ERR_TXT_STRING) != 0) {
1802             p = nxt_sprintf(p, end, ":%s", data);
1803         }
1804 
1805         clear |= ((flags & ERR_TXT_MALLOCED) != 0);
1806 
1807         delimiter = "; ";
1808     }
1809 
1810     /* Deallocate additional data. */
1811 
1812     if (clear) {
1813         ERR_clear_error();
1814     }
1815 
1816     if (p < end) {
1817         *p++ = ')';
1818     }
1819 
1820     return p;
1821 }
1822 
1823 
1824 nxt_int_t
1825 nxt_openssl_base64_decode(u_char *d, size_t dlen, const u_char *s, size_t slen)
1826 {
1827     BIO        *bio, *b64;
1828     nxt_int_t  count, ret;
1829     u_char     buf[128];
1830 
1831     b64 = BIO_new(BIO_f_base64());
1832     if (nxt_slow_path(b64 == NULL)) {
1833         goto error;
1834     }
1835 
1836     bio = BIO_new_mem_buf(s, slen);
1837     if (nxt_slow_path(bio == NULL)) {
1838         goto error;
1839     }
1840 
1841     bio = BIO_push(b64, bio);
1842 
1843     BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
1844 
1845     count = 0;
1846 
1847     if (d == NULL) {
1848 
1849         for ( ;; ) {
1850             ret = BIO_read(bio, buf, 128);
1851 
1852             if (ret < 0) {
1853                 goto invalid;
1854             }
1855 
1856             count += ret;
1857 
1858             if (ret != 128) {
1859                 break;
1860             }
1861         }
1862 
1863     } else {
1864         count = BIO_read(bio, d, dlen);
1865 
1866         if (count < 0) {
1867             goto invalid;
1868         }
1869     }
1870 
1871     BIO_free_all(bio);
1872 
1873     return count;
1874 
1875 error:
1876 
1877     BIO_vfree(b64);
1878     ERR_clear_error();
1879 
1880     return NXT_ERROR;
1881 
1882 invalid:
1883 
1884     BIO_free_all(bio);
1885     ERR_clear_error();
1886 
1887     return NXT_DECLINED;
1888 }
1889