xref: /unit/src/nxt_openssl.c (revision 1952:0bca988e9541)
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) NGINX, Inc.
5  */
6 
7 #include <nxt_main.h>
8 #include <nxt_conf.h>
9 #include <openssl/ssl.h>
10 #include <openssl/conf.h>
11 #include <openssl/err.h>
12 #include <openssl/rand.h>
13 #include <openssl/x509v3.h>
14 #include <openssl/bio.h>
15 #include <openssl/evp.h>
16 
17 
18 typedef struct {
19     SSL               *session;
20     nxt_conn_t        *conn;
21 
22     int               ssl_error;
23     uint8_t           times;      /* 2 bits */
24     uint8_t           handshake;  /* 1 bit  */
25 
26     nxt_tls_conf_t    *conf;
27     nxt_buf_mem_t     buffer;
28 } nxt_openssl_conn_t;
29 
30 
31 struct nxt_tls_ticket_s {
32     u_char            name[16];
33     u_char            hmac_key[32];
34     u_char            aes_key[32];
35     uint8_t           size;
36 };
37 
38 
39 struct nxt_tls_tickets_s {
40     nxt_uint_t        count;
41     nxt_tls_ticket_t  tickets[];
42 };
43 
44 
45 typedef enum {
46     NXT_OPENSSL_HANDSHAKE = 0,
47     NXT_OPENSSL_READ,
48     NXT_OPENSSL_WRITE,
49     NXT_OPENSSL_SHUTDOWN,
50 } nxt_openssl_io_t;
51 
52 
53 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
54 static void nxt_openssl_library_free(nxt_task_t *task);
55 #if OPENSSL_VERSION_NUMBER < 0x10100004L
56 static nxt_int_t nxt_openssl_locks_init(void);
57 static void nxt_openssl_lock(int mode, int type, const char *file, int line);
58 static unsigned long nxt_openssl_thread_id(void);
59 static void nxt_openssl_locks_free(void);
60 #endif
61 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
62     nxt_tls_init_t *tls_init, nxt_bool_t last);
63 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx,
64     nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single);
65 #if (NXT_HAVE_OPENSSL_CONF_CMD)
66 static nxt_int_t nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx,
67     nxt_conf_value_t *value, nxt_mp_t *mp);
68 #endif
69 #if (NXT_HAVE_OPENSSL_TLSEXT)
70 static nxt_int_t nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx,
71     nxt_tls_init_t *tls_init, nxt_mp_t *mp);
72 static int nxt_tls_ticket_key_callback(SSL *s, unsigned char *name,
73     unsigned char *iv, EVP_CIPHER_CTX *ectx,HMAC_CTX *hctx, int enc);
74 #endif
75 static void nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size,
76     time_t timeout);
77 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert,
78     nxt_tls_conf_t *conf, nxt_mp_t *mp);
79 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq,
80     void *data);
81 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task,
82     nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp);
83 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg);
84 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf,
85     nxt_str_t *sn);
86 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
87 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
88     nxt_conn_t *c);
89 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
90 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
91 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
92 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
93     void *buf, size_t size);
94 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
95     void *data);
96 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
97     int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
98 static void nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj,
99     void *data);
100 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
101     nxt_err_t err, const char *fmt, ...);
102 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
103 
104 
105 const nxt_tls_lib_t  nxt_openssl_lib = {
106     .library_init = nxt_openssl_library_init,
107     .library_free = nxt_openssl_library_free,
108 
109     .server_init = nxt_openssl_server_init,
110     .server_free = nxt_openssl_server_free,
111 };
112 
113 
114 static nxt_conn_io_t  nxt_openssl_conn_io = {
115     .read = nxt_conn_io_read,
116     .recvbuf = nxt_openssl_conn_io_recvbuf,
117 
118     .write = nxt_conn_io_write,
119     .sendbuf = nxt_openssl_conn_io_sendbuf,
120 
121     .shutdown = nxt_openssl_conn_io_shutdown,
122 };
123 
124 
125 static long  nxt_openssl_version;
126 static int   nxt_openssl_connection_index;
127 
128 
129 static nxt_int_t
130 nxt_openssl_library_init(nxt_task_t *task)
131 {
132     int  index;
133 
134     if (nxt_fast_path(nxt_openssl_version != 0)) {
135         return NXT_OK;
136     }
137 
138 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
139 
140     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
141 
142 #else
143     {
144         nxt_int_t  ret;
145 
146         SSL_load_error_strings();
147 
148         OPENSSL_config(NULL);
149 
150         /*
151          * SSL_library_init(3):
152          *
153          *   SSL_library_init() always returns "1",
154          *   so it is safe to discard the return value.
155          */
156         (void) SSL_library_init();
157 
158         ret = nxt_openssl_locks_init();
159         if (nxt_slow_path(ret != NXT_OK)) {
160             return ret;
161         }
162     }
163 
164 #endif
165 
166     nxt_openssl_version = SSLeay();
167 
168     nxt_log(task, NXT_LOG_INFO, "%s, %xl",
169             SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
170 
171 #ifndef SSL_OP_NO_COMPRESSION
172     {
173         /*
174          * Disable gzip compression in OpenSSL prior to 1.0.0
175          * version, this saves about 522K per connection.
176          */
177         int                 n;
178         STACK_OF(SSL_COMP)  *ssl_comp_methods;
179 
180         ssl_comp_methods = SSL_COMP_get_compression_methods();
181 
182         for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
183             (void) sk_SSL_COMP_pop(ssl_comp_methods);
184         }
185     }
186 #endif
187 
188     index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
189 
190     if (index == -1) {
191         nxt_openssl_log_error(task, NXT_LOG_ALERT,
192                               "SSL_get_ex_new_index() failed");
193         return NXT_ERROR;
194     }
195 
196     nxt_openssl_connection_index = index;
197 
198     return NXT_OK;
199 }
200 
201 
202 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
203 
204 static void
205 nxt_openssl_library_free(nxt_task_t *task)
206 {
207 }
208 
209 #else
210 
211 static nxt_thread_mutex_t  *nxt_openssl_locks;
212 
213 static nxt_int_t
214 nxt_openssl_locks_init(void)
215 {
216     int        i, n;
217     nxt_int_t  ret;
218 
219     n = CRYPTO_num_locks();
220 
221     nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
222     if (nxt_slow_path(nxt_openssl_locks == NULL)) {
223         return NXT_ERROR;
224     }
225 
226     for (i = 0; i < n; i++) {
227         ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
228         if (nxt_slow_path(ret != NXT_OK)) {
229             return ret;
230         }
231     }
232 
233     CRYPTO_set_locking_callback(nxt_openssl_lock);
234 
235     CRYPTO_set_id_callback(nxt_openssl_thread_id);
236 
237     return NXT_OK;
238 }
239 
240 
241 static void
242 nxt_openssl_lock(int mode, int type, const char *file, int line)
243 {
244     nxt_thread_mutex_t  *lock;
245 
246     lock = &nxt_openssl_locks[type];
247 
248     if ((mode & CRYPTO_LOCK) != 0) {
249         (void) nxt_thread_mutex_lock(lock);
250 
251     } else {
252         (void) nxt_thread_mutex_unlock(lock);
253     }
254 }
255 
256 
257 static u_long
258 nxt_openssl_thread_id(void)
259 {
260     return (u_long) nxt_thread_handle();
261 }
262 
263 
264 static void
265 nxt_openssl_library_free(nxt_task_t *task)
266 {
267     nxt_openssl_locks_free();
268 }
269 
270 
271 static void
272 nxt_openssl_locks_free(void)
273 {
274     int  i, n;
275 
276     n = CRYPTO_num_locks();
277 
278     CRYPTO_set_locking_callback(NULL);
279 
280     for (i = 0; i < n; i++) {
281         nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
282     }
283 
284     OPENSSL_free(nxt_openssl_locks);
285 }
286 
287 #endif
288 
289 
290 static nxt_int_t
291 nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
292     nxt_tls_init_t *tls_init, nxt_bool_t last)
293 {
294     SSL_CTX                *ctx;
295     const char             *ciphers, *ca_certificate;
296     nxt_tls_conf_t         *conf;
297     STACK_OF(X509_NAME)    *list;
298     nxt_tls_bundle_conf_t  *bundle;
299 
300     ctx = SSL_CTX_new(SSLv23_server_method());
301     if (ctx == NULL) {
302         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
303         return NXT_ERROR;
304     }
305 
306     conf = tls_init->conf;
307 
308     bundle = conf->bundle;
309     nxt_assert(bundle != NULL);
310 
311     bundle->ctx = ctx;
312 
313 #ifdef SSL_OP_NO_RENEGOTIATION
314     /* Renegration is not currently supported. */
315     SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
316 #endif
317 
318 #ifdef SSL_OP_NO_COMPRESSION
319     /*
320      * Disable gzip compression in OpenSSL 1.0.0,
321      * this saves about 522K per connection.
322      */
323     SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
324 #endif
325 
326 #ifdef SSL_MODE_RELEASE_BUFFERS
327 
328     if (nxt_openssl_version >= 10001078) {
329         /*
330          * Allow to release read and write buffers in OpenSSL 1.0.0,
331          * this saves about 34K per idle connection.  It is not safe
332          * before OpenSSL 1.0.1h (CVE-2010-5298).
333          */
334         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
335     }
336 
337 #endif
338 
339     if (nxt_openssl_chain_file(task, ctx, conf, mp,
340                                last && bundle->next == NULL)
341         != NXT_OK)
342     {
343         goto fail;
344     }
345 /*
346     key = conf->certificate_key;
347 
348     if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
349         nxt_openssl_log_error(task, NXT_LOG_ALERT,
350                               "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
351                               key);
352         goto fail;
353     }
354 */
355 
356     ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
357 
358     if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
359         nxt_openssl_log_error(task, NXT_LOG_ALERT,
360                               "SSL_CTX_set_cipher_list(\"%s\") failed",
361                               ciphers);
362         goto fail;
363     }
364 
365 #if (NXT_HAVE_OPENSSL_CONF_CMD)
366     if (tls_init->conf_cmds != NULL
367         && nxt_ssl_conf_commands(task, ctx, tls_init->conf_cmds, mp) != NXT_OK)
368     {
369         goto fail;
370     }
371 #endif
372 
373     nxt_ssl_session_cache(ctx, tls_init->cache_size, tls_init->timeout);
374 
375 #if (NXT_HAVE_OPENSSL_TLSEXT)
376     if (nxt_tls_ticket_keys(task, ctx, tls_init, mp) != NXT_OK) {
377         goto fail;
378     }
379 #endif
380 
381     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
382 
383     if (conf->ca_certificate != NULL) {
384 
385         /* TODO: verify callback */
386         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
387 
388         /* TODO: verify depth */
389         SSL_CTX_set_verify_depth(ctx, 1);
390 
391         ca_certificate = conf->ca_certificate;
392 
393         if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
394             nxt_openssl_log_error(task, NXT_LOG_ALERT,
395                               "SSL_CTX_load_verify_locations(\"%s\") failed",
396                               ca_certificate);
397             goto fail;
398         }
399 
400         list = SSL_load_client_CA_file(ca_certificate);
401 
402         if (list == NULL) {
403             nxt_openssl_log_error(task, NXT_LOG_ALERT,
404                               "SSL_load_client_CA_file(\"%s\") failed",
405                               ca_certificate);
406             goto fail;
407         }
408 
409         /*
410          * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
411          * 0.9.8 versions always leaves an error in the error queue.
412          */
413         ERR_clear_error();
414 
415         SSL_CTX_set_client_CA_list(ctx, list);
416     }
417 
418     if (last) {
419         conf->conn_init = nxt_openssl_conn_init;
420 
421         if (bundle->next != NULL) {
422             SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername);
423         }
424     }
425 
426     return NXT_OK;
427 
428 fail:
429 
430     SSL_CTX_free(ctx);
431 
432 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
433      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
434     RAND_keep_random_devices_open(0);
435 #endif
436 
437     return NXT_ERROR;
438 }
439 
440 
441 static nxt_int_t
442 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf,
443     nxt_mp_t *mp, nxt_bool_t single)
444 {
445     BIO                    *bio;
446     X509                   *cert, *ca;
447     long                   reason;
448     EVP_PKEY               *key;
449     nxt_int_t              ret;
450     nxt_tls_bundle_conf_t  *bundle;
451 
452     ret = NXT_ERROR;
453     cert = NULL;
454 
455     bio = BIO_new(BIO_s_fd());
456     if (bio == NULL) {
457         goto end;
458     }
459 
460     bundle = conf->bundle;
461 
462     BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE);
463 
464     cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
465     if (cert == NULL) {
466         goto end;
467     }
468 
469     if (SSL_CTX_use_certificate(ctx, cert) != 1) {
470         goto end;
471     }
472 
473     if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) {
474         goto clean;
475     }
476 
477     for ( ;; ) {
478         ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
479 
480         if (ca == NULL) {
481             reason = ERR_GET_REASON(ERR_peek_last_error());
482             if (reason != PEM_R_NO_START_LINE) {
483                 goto end;
484             }
485 
486             ERR_clear_error();
487             break;
488         }
489 
490         /*
491          * Note that ca isn't freed if it was successfully added to the chain,
492          * while the main certificate needs a X509_free() call, since
493          * its reference count is increased by SSL_CTX_use_certificate().
494          */
495 #ifdef SSL_CTX_add0_chain_cert
496         if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
497 #else
498         if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
499 #endif
500             X509_free(ca);
501             goto end;
502         }
503     }
504 
505     if (BIO_reset(bio) != 0) {
506         goto end;
507     }
508 
509     key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
510     if (key == NULL) {
511         goto end;
512     }
513 
514     if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
515         ret = NXT_OK;
516     }
517 
518     EVP_PKEY_free(key);
519 
520 end:
521 
522     if (ret != NXT_OK) {
523         nxt_openssl_log_error(task, NXT_LOG_ALERT,
524                               "nxt_openssl_chain_file() failed");
525     }
526 
527 clean:
528 
529     BIO_free(bio);
530     X509_free(cert);
531 
532     return ret;
533 }
534 
535 
536 #if (NXT_HAVE_OPENSSL_CONF_CMD)
537 
538 static nxt_int_t
539 nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, nxt_conf_value_t *conf,
540     nxt_mp_t *mp)
541 {
542     int               ret;
543     char              *zcmd, *zvalue;
544     uint32_t          index;
545     nxt_str_t         cmd, value;
546     SSL_CONF_CTX      *cctx;
547     nxt_conf_value_t  *member;
548 
549     cctx = SSL_CONF_CTX_new();
550     if (nxt_slow_path(cctx == NULL)) {
551         nxt_openssl_log_error(task, NXT_LOG_ALERT,
552                               "SSL_CONF_CTX_new() failed");
553         return NXT_ERROR;
554     }
555 
556     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE
557                                  | SSL_CONF_FLAG_SERVER
558                                  | SSL_CONF_FLAG_CERTIFICATE
559                                  | SSL_CONF_FLAG_SHOW_ERRORS);
560 
561     SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
562 
563     index = 0;
564 
565     for ( ;; ) {
566         member = nxt_conf_next_object_member(conf, &cmd, &index);
567         if (nxt_slow_path(member == NULL)) {
568             break;
569         }
570 
571         nxt_conf_get_string(member, &value);
572 
573         zcmd = nxt_str_cstrz(mp, &cmd);
574         zvalue = nxt_str_cstrz(mp, &value);
575 
576         if (nxt_slow_path(zcmd == NULL || zvalue == NULL)) {
577             goto fail;
578         }
579 
580         ret = SSL_CONF_cmd(cctx, zcmd, zvalue);
581         if (ret == -2) {
582             nxt_openssl_log_error(task, NXT_LOG_ERR,
583                                   "unknown command \"%s\" in "
584                                   "\"conf_commands\" option", zcmd);
585             goto fail;
586         }
587 
588         if (ret <= 0) {
589             nxt_openssl_log_error(task, NXT_LOG_ERR,
590                                   "invalid value \"%s\" for command \"%s\" "
591                                   "in \"conf_commands\" option",
592                                   zvalue, zcmd);
593             goto fail;
594         }
595 
596         nxt_debug(task, "SSL_CONF_cmd(\"%s\", \"%s\")", zcmd, zvalue);
597     }
598 
599     if (SSL_CONF_CTX_finish(cctx) != 1) {
600         nxt_openssl_log_error(task, NXT_LOG_ALERT,
601                               "SSL_CONF_finish() failed");
602         goto fail;
603     }
604 
605     SSL_CONF_CTX_free(cctx);
606 
607     return NXT_OK;
608 
609 fail:
610 
611     SSL_CONF_CTX_free(cctx);
612 
613     return NXT_ERROR;
614 }
615 
616 #endif
617 
618 #if (NXT_HAVE_OPENSSL_TLSEXT)
619 
620 static nxt_int_t
621 nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init,
622     nxt_mp_t *mp)
623 {
624     uint32_t           i;
625     nxt_int_t          ret;
626     nxt_str_t          value;
627     nxt_uint_t         count;
628     nxt_conf_value_t   *member, *tickets_conf;
629     nxt_tls_ticket_t   *ticket;
630     nxt_tls_tickets_t  *tickets;
631     u_char             buf[80];
632 
633     tickets_conf = tls_init->tickets_conf;
634 
635     if (tickets_conf == NULL) {
636         goto no_ticket;
637     }
638 
639     if (nxt_conf_type(tickets_conf) == NXT_CONF_BOOLEAN) {
640         if (nxt_conf_get_boolean(tickets_conf) == 0) {
641             goto no_ticket;
642         }
643 
644         return NXT_OK;
645     }
646 
647     if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) {
648         count = nxt_conf_array_elements_count(tickets_conf);
649 
650         if (count == 0) {
651             goto no_ticket;
652         }
653 
654     } else {
655         /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
656         count = 1;
657     }
658 
659 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
660 
661     tickets = nxt_mp_get(mp, sizeof(nxt_tls_tickets_t)
662                              + count * sizeof(nxt_tls_ticket_t));
663     if (nxt_slow_path(tickets == NULL)) {
664         return NXT_ERROR;
665     }
666 
667     tickets->count = count;
668     tls_init->conf->tickets = tickets;
669     i = 0;
670 
671     do {
672         ticket = &tickets->tickets[i];
673 
674         i++;
675 
676         if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) {
677             member = nxt_conf_get_array_element(tickets_conf, count - i);
678             if (member == NULL) {
679                 break;
680             }
681 
682         } else {
683             /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
684             member = tickets_conf;
685         }
686 
687         nxt_conf_get_string(member, &value);
688 
689         ret = nxt_openssl_base64_decode(buf, 80, value.start, value.length);
690         if (nxt_slow_path(ret == NXT_ERROR)) {
691             return NXT_ERROR;
692         }
693 
694         nxt_memcpy(ticket->name, buf, 16);
695 
696         if (ret == 48) {
697             nxt_memcpy(ticket->aes_key, buf + 16, 16);
698             nxt_memcpy(ticket->hmac_key, buf + 32, 16);
699             ticket->size = 16;
700 
701         } else {
702             nxt_memcpy(ticket->hmac_key, buf + 16, 32);
703             nxt_memcpy(ticket->aes_key, buf + 48, 32);
704             ticket->size = 32;
705         }
706 
707     } while (i < count);
708 
709     if (SSL_CTX_set_tlsext_ticket_key_cb(ctx, nxt_tls_ticket_key_callback)
710         == 0)
711     {
712         nxt_openssl_log_error(task, NXT_LOG_ALERT,
713                       "Unit was built with Session Tickets support, however, "
714                       "now it is linked dynamically to an OpenSSL library "
715                       "which has no tlsext support, therefore Session Tickets "
716                       "are not available");
717 
718         return NXT_ERROR;
719     }
720 
721     return NXT_OK;
722 
723 #else
724     nxt_alert(task, "Setting custom session ticket keys is not supported with "
725                     "this version of OpenSSL library");
726 
727     return NXT_ERROR;
728 
729 #endif
730 
731 no_ticket:
732 
733     SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
734 
735     return NXT_OK;
736 }
737 
738 
739 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
740 
741 static int
742 nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv,
743     EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
744 {
745     nxt_uint_t          i;
746     nxt_conn_t          *c;
747     const EVP_MD        *digest;
748     const EVP_CIPHER    *cipher;
749     nxt_tls_ticket_t    *ticket;
750     nxt_openssl_conn_t  *tls;
751 
752     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
753 
754     if (nxt_slow_path(c == NULL)) {
755         nxt_thread_log_alert("SSL_get_ex_data() failed");
756         return -1;
757     }
758 
759     tls = c->u.tls;
760     ticket = tls->conf->tickets->tickets;
761 
762     i = 0;
763 
764     if (enc == 1) {
765         /* encrypt session ticket */
766 
767         nxt_debug(c->socket.task, "TLS session ticket encrypt");
768 
769         cipher = (ticket[0].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
770 
771         if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) {
772             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
773                                   "RAND_bytes() failed");
774             return -1;
775         }
776 
777         nxt_memcpy(name, ticket[0].name, 16);
778 
779     } else {
780         /* decrypt session ticket */
781 
782         do {
783             if (nxt_memcmp(name, ticket[i].name, 16) == 0) {
784                 goto found;
785             }
786 
787         } while (++i < tls->conf->tickets->count);
788 
789         nxt_debug(c->socket.task, "TLS session ticket decrypt, key not found");
790 
791         return 0;
792 
793     found:
794 
795         nxt_debug(c->socket.task,
796                   "TLS session ticket decrypt, key number: \"%d\"", i);
797 
798         enc = (i == 0) ? 1 : 2 /* renew */;
799 
800         cipher = (ticket[i].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
801     }
802 
803     if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1) {
804         nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
805                               "EVP_DecryptInit_ex() failed");
806         return -1;
807     }
808 
809 #ifdef OPENSSL_NO_SHA256
810     digest = EVP_sha1();
811 #else
812     digest = EVP_sha256();
813 #endif
814 
815     if (HMAC_Init_ex(hctx, ticket[i].hmac_key, ticket[i].size, digest, NULL)
816         != 1)
817     {
818         nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
819                               "HMAC_Init_ex() failed");
820         return -1;
821     }
822 
823     return enc;
824 }
825 
826 #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
827 
828 #endif /* NXT_HAVE_OPENSSL_TLSEXT */
829 
830 
831 static void
832 nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, time_t timeout)
833 {
834     if (cache_size == 0) {
835         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
836         return;
837     }
838 
839     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
840 
841     SSL_CTX_sess_set_cache_size(ctx, cache_size);
842 
843     SSL_CTX_set_timeout(ctx, (long) timeout);
844 }
845 
846 
847 static nxt_uint_t
848 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf,
849     nxt_mp_t *mp)
850 {
851     int                         len;
852     nxt_str_t                   domain, str;
853     X509_NAME                   *x509_name;
854     nxt_uint_t                  i, n;
855     GENERAL_NAME                *name;
856     nxt_tls_bundle_conf_t       *bundle;
857     STACK_OF(GENERAL_NAME)      *alt_names;
858     nxt_tls_bundle_hash_item_t  *item;
859 
860     bundle = conf->bundle;
861 
862     alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
863 
864     if (alt_names != NULL) {
865         n = sk_GENERAL_NAME_num(alt_names);
866 
867         for (i = 0; i != n; i++) {
868             name = sk_GENERAL_NAME_value(alt_names, i);
869 
870             if (name->type != GEN_DNS) {
871                 continue;
872             }
873 
874             str.length = ASN1_STRING_length(name->d.dNSName);
875 #if OPENSSL_VERSION_NUMBER > 0x10100000L
876             str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
877 #else
878             str.start = ASN1_STRING_data(name->d.dNSName);
879 #endif
880 
881             domain.start = nxt_mp_nget(mp, str.length);
882             if (nxt_slow_path(domain.start == NULL)) {
883                 goto fail;
884             }
885 
886             domain.length = str.length;
887             nxt_memcpy_lowcase(domain.start, str.start, str.length);
888 
889             item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
890             if (nxt_slow_path(item == NULL)) {
891                 goto fail;
892             }
893 
894             item->name = domain;
895             item->bundle = bundle;
896 
897             if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash,
898                                                item, mp)
899                 == NXT_ERROR)
900             {
901                 goto fail;
902             }
903         }
904 
905         sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
906 
907     } else {
908         x509_name = X509_get_subject_name(cert);
909         len = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
910                                         NULL, 0);
911         if (len <= 0) {
912             nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither "
913                     "Subject Alternative Name nor Common Name", &bundle->name);
914             return NXT_OK;
915         }
916 
917         domain.start = nxt_mp_nget(mp, len + 1);
918         if (nxt_slow_path(domain.start == NULL)) {
919             return NXT_ERROR;
920         }
921 
922         domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
923                                                   (char *) domain.start,
924                                                   len + 1);
925         nxt_memcpy_lowcase(domain.start, domain.start, domain.length);
926 
927         item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
928         if (nxt_slow_path(item == NULL)) {
929             return NXT_ERROR;
930         }
931 
932         item->name = domain;
933         item->bundle = bundle;
934 
935         if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item,
936                                            mp)
937             == NXT_ERROR)
938         {
939             return NXT_ERROR;
940         }
941     }
942 
943     return NXT_OK;
944 
945 fail:
946 
947     sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
948 
949     return NXT_ERROR;
950 }
951 
952 
953 static const nxt_lvlhsh_proto_t  nxt_openssl_bundle_hash_proto
954     nxt_aligned(64) =
955 {
956     NXT_LVLHSH_DEFAULT,
957     nxt_openssl_bundle_hash_test,
958     nxt_mp_lvlhsh_alloc,
959     nxt_mp_lvlhsh_free,
960 };
961 
962 
963 static nxt_int_t
964 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data)
965 {
966     nxt_tls_bundle_hash_item_t  *item;
967 
968     item = data;
969 
970     return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED;
971 }
972 
973 
974 static nxt_int_t
975 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh,
976     nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp)
977 {
978     nxt_str_t                   str;
979     nxt_int_t                   ret;
980     nxt_lvlhsh_query_t          lhq;
981     nxt_tls_bundle_hash_item_t  *old;
982 
983     str = item->name;
984 
985     if (item->name.start[0] == '*') {
986         item->name.start++;
987         item->name.length--;
988 
989         if (item->name.length == 0 || item->name.start[0] != '.') {
990             nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" "
991                     "in certificate \"%V\": missing \".\" "
992                     "after wildcard symbol", &str, &item->bundle->name);
993             return NXT_OK;
994         }
995     }
996 
997     lhq.pool = mp;
998     lhq.key = item->name;
999     lhq.value = item;
1000     lhq.proto = &nxt_openssl_bundle_hash_proto;
1001     lhq.replace = 0;
1002     lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length);
1003 
1004     ret = nxt_lvlhsh_insert(lvlhsh, &lhq);
1005     if (nxt_fast_path(ret == NXT_OK)) {
1006         nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted",
1007                   &str, &item->bundle->name);
1008         return NXT_OK;
1009     }
1010 
1011     if (nxt_fast_path(ret == NXT_DECLINED)) {
1012         old = lhq.value;
1013         if (old->bundle != item->bundle) {
1014             nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" "
1015                     "in certificate \"%V\", identical name appears in \"%V\"",
1016                     &str, &old->bundle->name, &item->bundle->name);
1017 
1018             old->bundle = item->bundle;
1019         }
1020 
1021         return NXT_OK;
1022     }
1023 
1024     return NXT_ERROR;
1025 }
1026 
1027 
1028 static nxt_int_t
1029 nxt_openssl_servername(SSL *s, int *ad, void *arg)
1030 {
1031     nxt_str_t              str;
1032     nxt_uint_t             i;
1033     nxt_conn_t             *c;
1034     const char             *servername;
1035     nxt_tls_conf_t         *conf;
1036     nxt_openssl_conn_t     *tls;
1037     nxt_tls_bundle_conf_t  *bundle;
1038 
1039     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
1040 
1041     if (nxt_slow_path(c == NULL)) {
1042         nxt_thread_log_alert("SSL_get_ex_data() failed");
1043         return SSL_TLSEXT_ERR_ALERT_FATAL;
1044     }
1045 
1046     servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
1047 
1048     if (servername == NULL) {
1049         nxt_debug(c->socket.task, "SSL_get_servername(): NULL");
1050         goto done;
1051     }
1052 
1053     str.length = nxt_strlen(servername);
1054     if (str.length == 0) {
1055         nxt_debug(c->socket.task, "SSL_get_servername(): \"\" is empty");
1056         goto done;
1057     }
1058 
1059     if (servername[0] == '.') {
1060         nxt_debug(c->socket.task, "ignored the server name \"%s\": "
1061                                   "leading \".\"", servername);
1062         goto done;
1063     }
1064 
1065     nxt_debug(c->socket.task, "tls with servername \"%s\"", servername);
1066 
1067     str.start = nxt_mp_nget(c->mem_pool, str.length);
1068     if (nxt_slow_path(str.start == NULL)) {
1069         return SSL_TLSEXT_ERR_ALERT_FATAL;
1070     }
1071 
1072     nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length);
1073 
1074     tls = c->u.tls;
1075     conf = tls->conf;
1076 
1077     bundle = nxt_openssl_find_ctx(conf, &str);
1078 
1079     if (bundle == NULL) {
1080         for (i = 1; i < str.length; i++) {
1081             if (str.start[i] == '.') {
1082                 str.start += i;
1083                 str.length -= i;
1084 
1085                 bundle = nxt_openssl_find_ctx(conf, &str);
1086                 break;
1087             }
1088         }
1089     }
1090 
1091     if (bundle != NULL) {
1092         nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" "
1093                                   "(old: \"%V\")", &str, &bundle->name,
1094                                   &conf->bundle->name);
1095 
1096         if (bundle != conf->bundle) {
1097             if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) {
1098                 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
1099                                       "SSL_set_SSL_CTX() failed");
1100 
1101                 return SSL_TLSEXT_ERR_ALERT_FATAL;
1102             }
1103         }
1104     }
1105 
1106 done:
1107 
1108     return SSL_TLSEXT_ERR_OK;
1109 }
1110 
1111 
1112 static nxt_tls_bundle_conf_t *
1113 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn)
1114 {
1115     nxt_int_t                   ret;
1116     nxt_lvlhsh_query_t          lhq;
1117     nxt_tls_bundle_hash_item_t  *item;
1118 
1119     lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length);
1120     lhq.key = *sn;
1121     lhq.proto = &nxt_openssl_bundle_hash_proto;
1122 
1123     ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq);
1124     if (ret != NXT_OK) {
1125         return NULL;
1126     }
1127 
1128     item = lhq.value;
1129 
1130     return item->bundle;
1131 }
1132 
1133 
1134 static void
1135 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
1136 {
1137     nxt_tls_bundle_conf_t  *bundle;
1138 
1139     bundle = conf->bundle;
1140     nxt_assert(bundle != NULL);
1141 
1142     do {
1143         SSL_CTX_free(bundle->ctx);
1144         bundle = bundle->next;
1145     } while (bundle != NULL);
1146 
1147     if (conf->tickets) {
1148         nxt_memzero(conf->tickets->tickets,
1149                     conf->tickets->count * sizeof(nxt_tls_ticket_t));
1150     }
1151 
1152 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
1153      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
1154     RAND_keep_random_devices_open(0);
1155 #endif
1156 }
1157 
1158 
1159 static void
1160 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c)
1161 {
1162     int                 ret;
1163     SSL                 *s;
1164     SSL_CTX             *ctx;
1165     nxt_openssl_conn_t  *tls;
1166 
1167     nxt_log_debug(c->socket.log, "openssl conn init");
1168 
1169     tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t));
1170     if (tls == NULL) {
1171         goto fail;
1172     }
1173 
1174     c->u.tls = tls;
1175     nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size);
1176 
1177     ctx = conf->bundle->ctx;
1178 
1179     s = SSL_new(ctx);
1180     if (s == NULL) {
1181         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed");
1182         goto fail;
1183     }
1184 
1185     tls->session = s;
1186     /* To pass TLS config to the nxt_openssl_servername() callback. */
1187     tls->conf = conf;
1188     tls->conn = c;
1189 
1190     ret = SSL_set_fd(s, c->socket.fd);
1191 
1192     if (ret == 0) {
1193         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed",
1194                               c->socket.fd);
1195         goto fail;
1196     }
1197 
1198     SSL_set_accept_state(s);
1199 
1200     if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
1201         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed");
1202         goto fail;
1203     }
1204 
1205     c->io = &nxt_openssl_conn_io;
1206     c->sendfile = NXT_CONN_SENDFILE_OFF;
1207 
1208     nxt_openssl_conn_handshake(task, c, c->socket.data);
1209 
1210     return;
1211 
1212 fail:
1213 
1214     nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
1215                        task, c, c->socket.data);
1216 }
1217 
1218 
1219 nxt_inline void
1220 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
1221 {
1222     nxt_openssl_conn_t  *tls;
1223 
1224     nxt_debug(task, "openssl conn free");
1225 
1226     tls = c->u.tls;
1227 
1228     if (tls != NULL) {
1229         c->u.tls = NULL;
1230         nxt_free(tls->buffer.start);
1231         SSL_free(tls->session);
1232     }
1233 }
1234 
1235 
1236 static void
1237 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
1238 {
1239     int                     ret;
1240     nxt_int_t               n;
1241     nxt_err_t               err;
1242     nxt_conn_t              *c;
1243     nxt_work_queue_t        *wq;
1244     nxt_work_handler_t      handler;
1245     nxt_openssl_conn_t      *tls;
1246     const nxt_conn_state_t  *state;
1247 
1248     c = obj;
1249 
1250     nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
1251 
1252     if (c->socket.error != 0) {
1253         return;
1254     }
1255 
1256     tls = c->u.tls;
1257 
1258     if (tls == NULL) {
1259         return;
1260     }
1261 
1262     nxt_debug(task, "openssl conn handshake: %d times", tls->times);
1263 
1264     /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
1265 
1266     ret = SSL_do_handshake(tls->session);
1267 
1268     err = (ret <= 0) ? nxt_socket_errno : 0;
1269 
1270     nxt_thread_time_debug_update(task->thread);
1271 
1272     nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err);
1273 
1274     state = (c->read_state != NULL) ? c->read_state : c->write_state;
1275 
1276     if (ret > 0) {
1277         /* ret == 1, the handshake was successfully completed. */
1278         tls->handshake = 1;
1279 
1280         if (c->read_state != NULL) {
1281             if (state->io_read_handler != NULL || c->read != NULL) {
1282                 nxt_conn_read(task->thread->engine, c);
1283                 return;
1284             }
1285 
1286         } else {
1287             if (c->write != NULL) {
1288                 nxt_conn_write(task->thread->engine, c);
1289                 return;
1290             }
1291         }
1292 
1293         handler = state->ready_handler;
1294 
1295     } else {
1296         c->socket.read_handler = nxt_openssl_conn_handshake;
1297         c->socket.write_handler = nxt_openssl_conn_handshake;
1298 
1299         n = nxt_openssl_conn_test_error(task, c, ret, err,
1300                                         NXT_OPENSSL_HANDSHAKE);
1301         switch (n) {
1302 
1303         case NXT_AGAIN:
1304             if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) {
1305                 tls->times++;
1306             }
1307 
1308             return;
1309 
1310         case 0:
1311             handler = state->close_handler;
1312             break;
1313 
1314         default:
1315         case NXT_ERROR:
1316             nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed",
1317                                    c->socket.fd);
1318 
1319             handler = state->error_handler;
1320             break;
1321         }
1322     }
1323 
1324     wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue;
1325 
1326     nxt_work_queue_add(wq, handler, task, c, data);
1327 }
1328 
1329 
1330 static ssize_t
1331 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b)
1332 {
1333     int                 ret;
1334     size_t              size;
1335     nxt_int_t           n;
1336     nxt_err_t           err;
1337     nxt_openssl_conn_t  *tls;
1338 
1339     tls = c->u.tls;
1340     size = b->mem.end - b->mem.free;
1341 
1342     ret = SSL_read(tls->session, b->mem.free, size);
1343 
1344     err = (ret <= 0) ? nxt_socket_errno : 0;
1345 
1346     nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d",
1347               c->socket.fd, b->mem.free, size, ret, err);
1348 
1349     if (ret > 0) {
1350         return ret;
1351     }
1352 
1353     n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err,
1354                                     NXT_OPENSSL_READ);
1355     if (n == NXT_ERROR) {
1356         nxt_openssl_conn_error(c->socket.task, err,
1357                                "SSL_read(%d, %p, %uz) failed",
1358                                c->socket.fd, b->mem.free, size);
1359     }
1360 
1361     return n;
1362 }
1363 
1364 
1365 static ssize_t
1366 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb)
1367 {
1368     nxt_uint_t    niov;
1369     struct iovec  iov;
1370 
1371     niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1);
1372 
1373     if (niov == 0 && sb->sync) {
1374         return 0;
1375     }
1376 
1377     return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len);
1378 }
1379 
1380 
1381 static ssize_t
1382 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf,
1383     size_t size)
1384 {
1385     int                 ret;
1386     nxt_err_t           err;
1387     nxt_int_t           n;
1388     nxt_conn_t          *c;
1389     nxt_openssl_conn_t  *tls;
1390 
1391     tls = sb->tls;
1392 
1393     ret = SSL_write(tls->session, buf, size);
1394 
1395     err = (ret <= 0) ? nxt_socket_errno : 0;
1396 
1397     nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d",
1398               sb->socket, buf, size, ret, err);
1399 
1400     if (ret > 0) {
1401         return ret;
1402     }
1403 
1404     c = tls->conn;
1405     c->socket.write_ready = sb->ready;
1406 
1407     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE);
1408 
1409     sb->ready = c->socket.write_ready;
1410 
1411     if (n == NXT_ERROR) {
1412         sb->error = c->socket.error;
1413         nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed",
1414                                sb->socket, buf, size);
1415     }
1416 
1417     return n;
1418 }
1419 
1420 
1421 static void
1422 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
1423 {
1424     int                 ret, mode;
1425     SSL                 *s;
1426     nxt_err_t           err;
1427     nxt_int_t           n;
1428     nxt_bool_t          quiet, once;
1429     nxt_conn_t          *c;
1430     nxt_openssl_conn_t  *tls;
1431     nxt_work_handler_t  handler;
1432 
1433     c = obj;
1434 
1435     nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
1436 
1437     c->read_state = NULL;
1438     tls = c->u.tls;
1439 
1440     if (tls == NULL) {
1441         return;
1442     }
1443 
1444     s = tls->session;
1445 
1446     if (s == NULL || !tls->handshake) {
1447         handler = c->write_state->ready_handler;
1448         goto done;
1449     }
1450 
1451     mode = SSL_get_shutdown(s);
1452 
1453     if (c->socket.timedout || c->socket.error != 0) {
1454         quiet = 1;
1455 
1456     } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) {
1457         quiet = 1;
1458 
1459     } else {
1460         quiet = 0;
1461     }
1462 
1463     SSL_set_quiet_shutdown(s, quiet);
1464 
1465     if (tls->conf->no_wait_shutdown) {
1466         mode |= SSL_RECEIVED_SHUTDOWN;
1467     }
1468 
1469     once = 1;
1470 
1471     for ( ;; ) {
1472         SSL_set_shutdown(s, mode);
1473 
1474         ret = SSL_shutdown(s);
1475 
1476         err = (ret <= 0) ? nxt_socket_errno : 0;
1477 
1478         nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d",
1479                   c->socket.fd, mode, quiet, ret, err);
1480 
1481         if (ret > 0) {
1482             /* ret == 1, the shutdown was successfully completed. */
1483             handler = c->write_state->ready_handler;
1484             goto done;
1485         }
1486 
1487         if (ret == 0) {
1488             /*
1489              * If SSL_shutdown() returns 0 then it should be called
1490              * again.  The second SSL_shutdown() call should return
1491              * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE.
1492              * OpenSSL prior to 0.9.8m version however never returns
1493              * -1 at all.  Fortunately, OpenSSL preserves internally
1494              * correct status available via SSL_get_error(-1).
1495              */
1496             if (once) {
1497                 once = 0;
1498                 mode = SSL_get_shutdown(s);
1499                 continue;
1500             }
1501 
1502             ret = -1;
1503         }
1504 
1505         /* ret == -1 */
1506 
1507         break;
1508     }
1509 
1510     c->socket.read_handler = nxt_openssl_conn_io_shutdown;
1511     c->socket.write_handler = nxt_openssl_conn_io_shutdown;
1512     c->socket.error_handler = c->write_state->error_handler;
1513 
1514     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN);
1515 
1516     switch (n) {
1517 
1518     case 0:
1519         handler = c->write_state->close_handler;
1520         break;
1521 
1522     case NXT_AGAIN:
1523         c->write_timer.handler = nxt_openssl_conn_io_shutdown_timeout;
1524         nxt_timer_add(task->thread->engine, &c->write_timer, 5000);
1525         return;
1526 
1527     default:
1528     case NXT_ERROR:
1529         nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed",
1530                                c->socket.fd);
1531         handler = c->write_state->error_handler;
1532     }
1533 
1534 done:
1535 
1536     nxt_openssl_conn_free(task, c);
1537 
1538     nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
1539 }
1540 
1541 
1542 static nxt_int_t
1543 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
1544     nxt_err_t sys_err, nxt_openssl_io_t io)
1545 {
1546     u_long              lib_err;
1547     nxt_openssl_conn_t  *tls;
1548 
1549     tls = c->u.tls;
1550 
1551     tls->ssl_error = SSL_get_error(tls->session, ret);
1552 
1553     nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error);
1554 
1555     switch (tls->ssl_error) {
1556 
1557     case SSL_ERROR_WANT_READ:
1558         c->socket.read_ready = 0;
1559 
1560         if (io != NXT_OPENSSL_READ) {
1561             nxt_fd_event_block_write(task->thread->engine, &c->socket);
1562 
1563             if (nxt_fd_event_is_disabled(c->socket.read)) {
1564                 nxt_fd_event_enable_read(task->thread->engine, &c->socket);
1565             }
1566         }
1567 
1568         return NXT_AGAIN;
1569 
1570     case SSL_ERROR_WANT_WRITE:
1571         c->socket.write_ready = 0;
1572 
1573         if (io != NXT_OPENSSL_WRITE) {
1574             nxt_fd_event_block_read(task->thread->engine, &c->socket);
1575 
1576             if (nxt_fd_event_is_disabled(c->socket.write)) {
1577                 nxt_fd_event_enable_write(task->thread->engine, &c->socket);
1578             }
1579         }
1580 
1581         return NXT_AGAIN;
1582 
1583     case SSL_ERROR_SYSCALL:
1584         lib_err = ERR_peek_error();
1585 
1586         nxt_debug(task, "ERR_peek_error(): %l", lib_err);
1587 
1588         if (sys_err != 0 || lib_err != 0) {
1589             c->socket.error = sys_err;
1590             return NXT_ERROR;
1591         }
1592 
1593         /* A connection was just closed. */
1594         c->socket.closed = 1;
1595         return 0;
1596 
1597     case SSL_ERROR_ZERO_RETURN:
1598         /* A "close notify" alert. */
1599         return 0;
1600 
1601     default: /* SSL_ERROR_SSL, etc. */
1602         c->socket.error = 1000;  /* Nonexistent errno code. */
1603         return NXT_ERROR;
1604     }
1605 }
1606 
1607 
1608 static void
1609 nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, void *data)
1610 {
1611     nxt_conn_t   *c;
1612     nxt_timer_t  *timer;
1613 
1614     timer = obj;
1615 
1616     nxt_debug(task, "openssl conn shutdown timeout");
1617 
1618     c = nxt_write_timer_conn(timer);
1619 
1620     c->socket.timedout = 1;
1621     nxt_openssl_conn_io_shutdown(task, c, NULL);
1622 }
1623 
1624 
1625 static void nxt_cdecl
1626 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...)
1627 {
1628     u_char      *p, *end;
1629     va_list     args;
1630     nxt_uint_t  level;
1631     u_char      msg[NXT_MAX_ERROR_STR];
1632 
1633     level = nxt_openssl_log_error_level(err);
1634 
1635     if (nxt_log_level_enough(task->log, level)) {
1636 
1637         end = msg + sizeof(msg);
1638 
1639         va_start(args, fmt);
1640         p = nxt_vsprintf(msg, end, fmt, args);
1641         va_end(args);
1642 
1643         if (err != 0) {
1644             p = nxt_sprintf(p, end, " %E", err);
1645         }
1646 
1647         p = nxt_openssl_copy_error(p, end);
1648 
1649         nxt_log(task, level, "%*s", p - msg, msg);
1650 
1651     } else {
1652         ERR_clear_error();
1653     }
1654 }
1655 
1656 
1657 static nxt_uint_t
1658 nxt_openssl_log_error_level(nxt_err_t err)
1659 {
1660     switch (ERR_GET_REASON(ERR_peek_error())) {
1661 
1662     case 0:
1663         return nxt_socket_error_level(err);
1664 
1665     case SSL_R_BAD_CHANGE_CIPHER_SPEC:                    /*  103 */
1666     case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:                 /*  129 */
1667     case SSL_R_DIGEST_CHECK_FAILED:                       /*  149 */
1668     case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:             /*  151 */
1669     case SSL_R_EXCESSIVE_MESSAGE_SIZE:                    /*  152 */
1670     case SSL_R_LENGTH_MISMATCH:                           /*  159 */
1671 #ifdef SSL_R_NO_CIPHERS_PASSED
1672     case SSL_R_NO_CIPHERS_PASSED:                         /*  182 */
1673 #endif
1674     case SSL_R_NO_CIPHERS_SPECIFIED:                      /*  183 */
1675     case SSL_R_NO_COMPRESSION_SPECIFIED:                  /*  187 */
1676     case SSL_R_NO_SHARED_CIPHER:                          /*  193 */
1677     case SSL_R_RECORD_LENGTH_MISMATCH:                    /*  213 */
1678 #ifdef SSL_R_PARSE_TLSEXT
1679     case SSL_R_PARSE_TLSEXT:                              /*  227 */
1680 #endif
1681     case SSL_R_UNEXPECTED_MESSAGE:                        /*  244 */
1682     case SSL_R_UNEXPECTED_RECORD:                         /*  245 */
1683     case SSL_R_UNKNOWN_ALERT_TYPE:                        /*  246 */
1684     case SSL_R_UNKNOWN_PROTOCOL:                          /*  252 */
1685     case SSL_R_WRONG_VERSION_NUMBER:                      /*  267 */
1686     case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:       /*  281 */
1687 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
1688     case SSL_R_RENEGOTIATE_EXT_TOO_LONG:                  /*  335 */
1689     case SSL_R_RENEGOTIATION_ENCODING_ERR:                /*  336 */
1690     case SSL_R_RENEGOTIATION_MISMATCH:                    /*  337 */
1691 #endif
1692 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
1693     case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:      /*  338 */
1694 #endif
1695 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
1696     case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:          /*  345 */
1697 #endif
1698     case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
1699     case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:            /* 1010 */
1700     case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:                /* 1020 */
1701     case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED:             /* 1021 */
1702     case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:               /* 1022 */
1703     case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:         /* 1030 */
1704     case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:             /* 1040 */
1705     case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:             /* 1047 */
1706         break;
1707 
1708     case SSL_R_SSLV3_ALERT_NO_CERTIFICATE:                /* 1041 */
1709     case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:               /* 1042 */
1710     case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:       /* 1043 */
1711     case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:           /* 1044 */
1712     case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:           /* 1045 */
1713     case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:           /* 1046 */
1714     case SSL_R_TLSV1_ALERT_UNKNOWN_CA:                    /* 1048 */
1715     case SSL_R_TLSV1_ALERT_ACCESS_DENIED:                 /* 1049 */
1716     case SSL_R_TLSV1_ALERT_DECODE_ERROR:                  /* 1050 */
1717     case SSL_R_TLSV1_ALERT_DECRYPT_ERROR:                 /* 1051 */
1718     case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:            /* 1060 */
1719     case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:              /* 1070 */
1720     case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:         /* 1071 */
1721     case SSL_R_TLSV1_ALERT_INTERNAL_ERROR:                /* 1080 */
1722     case SSL_R_TLSV1_ALERT_USER_CANCELLED:                /* 1090 */
1723     case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:              /* 1100 */
1724         return NXT_LOG_ERR;
1725 
1726     default:
1727         return NXT_LOG_ALERT;
1728     }
1729 
1730     return NXT_LOG_INFO;
1731 }
1732 
1733 
1734 void nxt_cdecl
1735 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...)
1736 {
1737     u_char   *p, *end;
1738     va_list  args;
1739     u_char   msg[NXT_MAX_ERROR_STR];
1740 
1741     end = msg + sizeof(msg);
1742 
1743     va_start(args, fmt);
1744     p = nxt_vsprintf(msg, end, fmt, args);
1745     va_end(args);
1746 
1747     p = nxt_openssl_copy_error(p, end);
1748 
1749     nxt_log(task, level, "%*s", p - msg, msg);
1750 }
1751 
1752 
1753 u_char *
1754 nxt_openssl_copy_error(u_char *p, u_char *end)
1755 {
1756     int         flags;
1757     u_long      err;
1758     nxt_bool_t  clear;
1759     const char  *data, *delimiter;
1760 
1761     err = ERR_peek_error();
1762     if (err == 0) {
1763         return p;
1764     }
1765 
1766     /* Log the most relevant error message ... */
1767     data = ERR_reason_error_string(err);
1768 
1769     p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data);
1770 
1771     /*
1772      * ... followed by all queued cumbersome OpenSSL error messages
1773      * and drain the error queue.
1774      */
1775     delimiter = "";
1776     clear = 0;
1777 
1778     for ( ;; ) {
1779         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
1780         if (err == 0) {
1781             break;
1782         }
1783 
1784         p = nxt_sprintf(p, end, "%s", delimiter);
1785 
1786         ERR_error_string_n(err, (char *) p, end - p);
1787 
1788         while (p < end && *p != '\0') {
1789             p++;
1790         }
1791 
1792         if ((flags & ERR_TXT_STRING) != 0) {
1793             p = nxt_sprintf(p, end, ":%s", data);
1794         }
1795 
1796         clear |= ((flags & ERR_TXT_MALLOCED) != 0);
1797 
1798         delimiter = "; ";
1799     }
1800 
1801     /* Deallocate additional data. */
1802 
1803     if (clear) {
1804         ERR_clear_error();
1805     }
1806 
1807     if (p < end) {
1808         *p++ = ')';
1809     }
1810 
1811     return p;
1812 }
1813 
1814 
1815 nxt_int_t
1816 nxt_openssl_base64_decode(u_char *d, size_t dlen, const u_char *s, size_t slen)
1817 {
1818     BIO        *bio, *b64;
1819     nxt_int_t  count, ret;
1820     u_char     buf[128];
1821 
1822     b64 = BIO_new(BIO_f_base64());
1823     if (nxt_slow_path(b64 == NULL)) {
1824         goto error;
1825     }
1826 
1827     bio = BIO_new_mem_buf(s, slen);
1828     if (nxt_slow_path(bio == NULL)) {
1829         goto error;
1830     }
1831 
1832     bio = BIO_push(b64, bio);
1833 
1834     BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
1835 
1836     count = 0;
1837 
1838     if (d == NULL) {
1839 
1840         for ( ;; ) {
1841             ret = BIO_read(bio, buf, 128);
1842 
1843             if (ret < 0) {
1844                 goto invalid;
1845             }
1846 
1847             count += ret;
1848 
1849             if (ret != 128) {
1850                 break;
1851             }
1852         }
1853 
1854     } else {
1855         count = BIO_read(bio, d, dlen);
1856 
1857         if (count < 0) {
1858             goto invalid;
1859         }
1860     }
1861 
1862     BIO_free_all(bio);
1863 
1864     return count;
1865 
1866 error:
1867 
1868     BIO_vfree(b64);
1869     ERR_clear_error();
1870 
1871     return NXT_ERROR;
1872 
1873 invalid:
1874 
1875     BIO_free_all(bio);
1876     ERR_clear_error();
1877 
1878     return NXT_DECLINED;
1879 }
1880