xref: /unit/src/nxt_openssl.c (revision 2089:dcec02b45917)
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) NGINX, Inc.
5  */
6 
7 #include <nxt_main.h>
8 #include <nxt_conf.h>
9 
10 #define OPENSSL_SUPPRESS_DEPRECATED
11 
12 #include <openssl/ssl.h>
13 #include <openssl/conf.h>
14 #include <openssl/err.h>
15 #include <openssl/rand.h>
16 #include <openssl/x509v3.h>
17 #include <openssl/bio.h>
18 #include <openssl/evp.h>
19 
20 
21 typedef struct {
22     SSL               *session;
23     nxt_conn_t        *conn;
24 
25     int               ssl_error;
26     uint8_t           times;      /* 2 bits */
27     uint8_t           handshake;  /* 1 bit  */
28 
29     nxt_tls_conf_t    *conf;
30     nxt_buf_mem_t     buffer;
31 } nxt_openssl_conn_t;
32 
33 
34 struct nxt_tls_ticket_s {
35     u_char            name[16];
36     u_char            hmac_key[32];
37     u_char            aes_key[32];
38     uint8_t           size;
39 };
40 
41 
42 struct nxt_tls_tickets_s {
43     nxt_uint_t        count;
44     nxt_tls_ticket_t  tickets[];
45 };
46 
47 
48 typedef enum {
49     NXT_OPENSSL_HANDSHAKE = 0,
50     NXT_OPENSSL_READ,
51     NXT_OPENSSL_WRITE,
52     NXT_OPENSSL_SHUTDOWN,
53 } nxt_openssl_io_t;
54 
55 
56 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
57 static void nxt_openssl_library_free(nxt_task_t *task);
58 #if OPENSSL_VERSION_NUMBER < 0x10100004L
59 static nxt_int_t nxt_openssl_locks_init(void);
60 static void nxt_openssl_lock(int mode, int type, const char *file, int line);
61 static unsigned long nxt_openssl_thread_id(void);
62 static void nxt_openssl_locks_free(void);
63 #endif
64 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
65     nxt_tls_init_t *tls_init, nxt_bool_t last);
66 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx,
67     nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single);
68 #if (NXT_HAVE_OPENSSL_CONF_CMD)
69 static nxt_int_t nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx,
70     nxt_conf_value_t *value, nxt_mp_t *mp);
71 #endif
72 #if (NXT_HAVE_OPENSSL_TLSEXT)
73 static nxt_int_t nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx,
74     nxt_tls_init_t *tls_init, nxt_mp_t *mp);
75 static int nxt_tls_ticket_key_callback(SSL *s, unsigned char *name,
76     unsigned char *iv, EVP_CIPHER_CTX *ectx,HMAC_CTX *hctx, int enc);
77 #endif
78 static void nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size,
79     time_t timeout);
80 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert,
81     nxt_tls_conf_t *conf, nxt_mp_t *mp);
82 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq,
83     void *data);
84 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task,
85     nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp);
86 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg);
87 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf,
88     nxt_str_t *sn);
89 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
90 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
91     nxt_conn_t *c);
92 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
93 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
94 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
95 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
96     void *buf, size_t size);
97 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
98     void *data);
99 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
100     int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
101 static void nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj,
102     void *data);
103 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
104     nxt_err_t err, const char *fmt, ...);
105 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
106 
107 
108 const nxt_tls_lib_t  nxt_openssl_lib = {
109     .library_init = nxt_openssl_library_init,
110     .library_free = nxt_openssl_library_free,
111 
112     .server_init = nxt_openssl_server_init,
113     .server_free = nxt_openssl_server_free,
114 };
115 
116 
117 static nxt_conn_io_t  nxt_openssl_conn_io = {
118     .read = nxt_conn_io_read,
119     .recvbuf = nxt_openssl_conn_io_recvbuf,
120 
121     .write = nxt_conn_io_write,
122     .sendbuf = nxt_openssl_conn_io_sendbuf,
123 
124     .shutdown = nxt_openssl_conn_io_shutdown,
125 };
126 
127 
128 static long  nxt_openssl_version;
129 static int   nxt_openssl_connection_index;
130 
131 
132 static nxt_int_t
133 nxt_openssl_library_init(nxt_task_t *task)
134 {
135     int  index;
136 
137     if (nxt_fast_path(nxt_openssl_version != 0)) {
138         return NXT_OK;
139     }
140 
141 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
142 
143     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
144 
145 #else
146     {
147         nxt_int_t  ret;
148 
149         SSL_load_error_strings();
150 
151         OPENSSL_config(NULL);
152 
153         /*
154          * SSL_library_init(3):
155          *
156          *   SSL_library_init() always returns "1",
157          *   so it is safe to discard the return value.
158          */
159         (void) SSL_library_init();
160 
161         ret = nxt_openssl_locks_init();
162         if (nxt_slow_path(ret != NXT_OK)) {
163             return ret;
164         }
165     }
166 
167 #endif
168 
169     nxt_openssl_version = SSLeay();
170 
171     nxt_log(task, NXT_LOG_INFO, "%s, %xl",
172             SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
173 
174 #ifndef SSL_OP_NO_COMPRESSION
175     {
176         /*
177          * Disable gzip compression in OpenSSL prior to 1.0.0
178          * version, this saves about 522K per connection.
179          */
180         int                 n;
181         STACK_OF(SSL_COMP)  *ssl_comp_methods;
182 
183         ssl_comp_methods = SSL_COMP_get_compression_methods();
184 
185         for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
186             (void) sk_SSL_COMP_pop(ssl_comp_methods);
187         }
188     }
189 #endif
190 
191     index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
192 
193     if (index == -1) {
194         nxt_openssl_log_error(task, NXT_LOG_ALERT,
195                               "SSL_get_ex_new_index() failed");
196         return NXT_ERROR;
197     }
198 
199     nxt_openssl_connection_index = index;
200 
201     return NXT_OK;
202 }
203 
204 
205 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
206 
207 static void
208 nxt_openssl_library_free(nxt_task_t *task)
209 {
210 }
211 
212 #else
213 
214 static nxt_thread_mutex_t  *nxt_openssl_locks;
215 
216 static nxt_int_t
217 nxt_openssl_locks_init(void)
218 {
219     int        i, n;
220     nxt_int_t  ret;
221 
222     n = CRYPTO_num_locks();
223 
224     nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
225     if (nxt_slow_path(nxt_openssl_locks == NULL)) {
226         return NXT_ERROR;
227     }
228 
229     for (i = 0; i < n; i++) {
230         ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
231         if (nxt_slow_path(ret != NXT_OK)) {
232             return ret;
233         }
234     }
235 
236     CRYPTO_set_locking_callback(nxt_openssl_lock);
237 
238     CRYPTO_set_id_callback(nxt_openssl_thread_id);
239 
240     return NXT_OK;
241 }
242 
243 
244 static void
245 nxt_openssl_lock(int mode, int type, const char *file, int line)
246 {
247     nxt_thread_mutex_t  *lock;
248 
249     lock = &nxt_openssl_locks[type];
250 
251     if ((mode & CRYPTO_LOCK) != 0) {
252         (void) nxt_thread_mutex_lock(lock);
253 
254     } else {
255         (void) nxt_thread_mutex_unlock(lock);
256     }
257 }
258 
259 
260 static u_long
261 nxt_openssl_thread_id(void)
262 {
263     return (u_long) nxt_thread_handle();
264 }
265 
266 
267 static void
268 nxt_openssl_library_free(nxt_task_t *task)
269 {
270     nxt_openssl_locks_free();
271 }
272 
273 
274 static void
275 nxt_openssl_locks_free(void)
276 {
277     int  i, n;
278 
279     n = CRYPTO_num_locks();
280 
281     CRYPTO_set_locking_callback(NULL);
282 
283     for (i = 0; i < n; i++) {
284         nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
285     }
286 
287     OPENSSL_free(nxt_openssl_locks);
288 }
289 
290 #endif
291 
292 
293 static nxt_int_t
294 nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
295     nxt_tls_init_t *tls_init, nxt_bool_t last)
296 {
297     SSL_CTX                *ctx;
298     const char             *ciphers, *ca_certificate;
299     nxt_tls_conf_t         *conf;
300     STACK_OF(X509_NAME)    *list;
301     nxt_tls_bundle_conf_t  *bundle;
302 
303     ctx = SSL_CTX_new(SSLv23_server_method());
304     if (ctx == NULL) {
305         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
306         return NXT_ERROR;
307     }
308 
309     conf = tls_init->conf;
310 
311     bundle = conf->bundle;
312     nxt_assert(bundle != NULL);
313 
314     bundle->ctx = ctx;
315 
316 #ifdef SSL_OP_NO_RENEGOTIATION
317     /* Renegration is not currently supported. */
318     SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
319 #endif
320 
321 #ifdef SSL_OP_NO_COMPRESSION
322     /*
323      * Disable gzip compression in OpenSSL 1.0.0,
324      * this saves about 522K per connection.
325      */
326     SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
327 #endif
328 
329 #ifdef SSL_MODE_RELEASE_BUFFERS
330 
331     if (nxt_openssl_version >= 10001078) {
332         /*
333          * Allow to release read and write buffers in OpenSSL 1.0.0,
334          * this saves about 34K per idle connection.  It is not safe
335          * before OpenSSL 1.0.1h (CVE-2010-5298).
336          */
337         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
338     }
339 
340 #endif
341 
342     if (nxt_openssl_chain_file(task, ctx, conf, mp,
343                                last && bundle->next == NULL)
344         != NXT_OK)
345     {
346         goto fail;
347     }
348 /*
349     key = conf->certificate_key;
350 
351     if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
352         nxt_openssl_log_error(task, NXT_LOG_ALERT,
353                               "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
354                               key);
355         goto fail;
356     }
357 */
358 
359     ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
360 
361     if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
362         nxt_openssl_log_error(task, NXT_LOG_ALERT,
363                               "SSL_CTX_set_cipher_list(\"%s\") failed",
364                               ciphers);
365         goto fail;
366     }
367 
368 #if (NXT_HAVE_OPENSSL_CONF_CMD)
369     if (tls_init->conf_cmds != NULL
370         && nxt_ssl_conf_commands(task, ctx, tls_init->conf_cmds, mp) != NXT_OK)
371     {
372         goto fail;
373     }
374 #endif
375 
376     nxt_ssl_session_cache(ctx, tls_init->cache_size, tls_init->timeout);
377 
378 #if (NXT_HAVE_OPENSSL_TLSEXT)
379     if (nxt_tls_ticket_keys(task, ctx, tls_init, mp) != NXT_OK) {
380         goto fail;
381     }
382 #endif
383 
384     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
385 
386     if (conf->ca_certificate != NULL) {
387 
388         /* TODO: verify callback */
389         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
390 
391         /* TODO: verify depth */
392         SSL_CTX_set_verify_depth(ctx, 1);
393 
394         ca_certificate = conf->ca_certificate;
395 
396         if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
397             nxt_openssl_log_error(task, NXT_LOG_ALERT,
398                               "SSL_CTX_load_verify_locations(\"%s\") failed",
399                               ca_certificate);
400             goto fail;
401         }
402 
403         list = SSL_load_client_CA_file(ca_certificate);
404 
405         if (list == NULL) {
406             nxt_openssl_log_error(task, NXT_LOG_ALERT,
407                               "SSL_load_client_CA_file(\"%s\") failed",
408                               ca_certificate);
409             goto fail;
410         }
411 
412         /*
413          * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
414          * 0.9.8 versions always leaves an error in the error queue.
415          */
416         ERR_clear_error();
417 
418         SSL_CTX_set_client_CA_list(ctx, list);
419     }
420 
421     if (last) {
422         conf->conn_init = nxt_openssl_conn_init;
423 
424         if (bundle->next != NULL) {
425             SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername);
426         }
427     }
428 
429     return NXT_OK;
430 
431 fail:
432 
433     SSL_CTX_free(ctx);
434 
435 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
436      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
437     RAND_keep_random_devices_open(0);
438 #endif
439 
440     return NXT_ERROR;
441 }
442 
443 
444 static nxt_int_t
445 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf,
446     nxt_mp_t *mp, nxt_bool_t single)
447 {
448     BIO                    *bio;
449     X509                   *cert, *ca;
450     long                   reason;
451     EVP_PKEY               *key;
452     nxt_int_t              ret;
453     nxt_tls_bundle_conf_t  *bundle;
454 
455     ret = NXT_ERROR;
456     cert = NULL;
457 
458     bio = BIO_new(BIO_s_fd());
459     if (bio == NULL) {
460         goto end;
461     }
462 
463     bundle = conf->bundle;
464 
465     BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE);
466 
467     cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
468     if (cert == NULL) {
469         goto end;
470     }
471 
472     if (SSL_CTX_use_certificate(ctx, cert) != 1) {
473         goto end;
474     }
475 
476     if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) {
477         goto clean;
478     }
479 
480     for ( ;; ) {
481         ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
482 
483         if (ca == NULL) {
484             reason = ERR_GET_REASON(ERR_peek_last_error());
485             if (reason != PEM_R_NO_START_LINE) {
486                 goto end;
487             }
488 
489             ERR_clear_error();
490             break;
491         }
492 
493         /*
494          * Note that ca isn't freed if it was successfully added to the chain,
495          * while the main certificate needs a X509_free() call, since
496          * its reference count is increased by SSL_CTX_use_certificate().
497          */
498 #ifdef SSL_CTX_add0_chain_cert
499         if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
500 #else
501         if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
502 #endif
503             X509_free(ca);
504             goto end;
505         }
506     }
507 
508     if (BIO_reset(bio) != 0) {
509         goto end;
510     }
511 
512     key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
513     if (key == NULL) {
514         goto end;
515     }
516 
517     if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
518         ret = NXT_OK;
519     }
520 
521     EVP_PKEY_free(key);
522 
523 end:
524 
525     if (ret != NXT_OK) {
526         nxt_openssl_log_error(task, NXT_LOG_ALERT,
527                               "nxt_openssl_chain_file() failed");
528     }
529 
530 clean:
531 
532     BIO_free(bio);
533     X509_free(cert);
534 
535     return ret;
536 }
537 
538 
539 #if (NXT_HAVE_OPENSSL_CONF_CMD)
540 
541 static nxt_int_t
542 nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, nxt_conf_value_t *conf,
543     nxt_mp_t *mp)
544 {
545     int               ret;
546     char              *zcmd, *zvalue;
547     uint32_t          index;
548     nxt_str_t         cmd, value;
549     SSL_CONF_CTX      *cctx;
550     nxt_conf_value_t  *member;
551 
552     cctx = SSL_CONF_CTX_new();
553     if (nxt_slow_path(cctx == NULL)) {
554         nxt_openssl_log_error(task, NXT_LOG_ALERT,
555                               "SSL_CONF_CTX_new() failed");
556         return NXT_ERROR;
557     }
558 
559     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE
560                                  | SSL_CONF_FLAG_SERVER
561                                  | SSL_CONF_FLAG_CERTIFICATE
562                                  | SSL_CONF_FLAG_SHOW_ERRORS);
563 
564     SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
565 
566     index = 0;
567 
568     for ( ;; ) {
569         member = nxt_conf_next_object_member(conf, &cmd, &index);
570         if (nxt_slow_path(member == NULL)) {
571             break;
572         }
573 
574         nxt_conf_get_string(member, &value);
575 
576         zcmd = nxt_str_cstrz(mp, &cmd);
577         zvalue = nxt_str_cstrz(mp, &value);
578 
579         if (nxt_slow_path(zcmd == NULL || zvalue == NULL)) {
580             goto fail;
581         }
582 
583         ret = SSL_CONF_cmd(cctx, zcmd, zvalue);
584         if (ret == -2) {
585             nxt_openssl_log_error(task, NXT_LOG_ERR,
586                                   "unknown command \"%s\" in "
587                                   "\"conf_commands\" option", zcmd);
588             goto fail;
589         }
590 
591         if (ret <= 0) {
592             nxt_openssl_log_error(task, NXT_LOG_ERR,
593                                   "invalid value \"%s\" for command \"%s\" "
594                                   "in \"conf_commands\" option",
595                                   zvalue, zcmd);
596             goto fail;
597         }
598 
599         nxt_debug(task, "SSL_CONF_cmd(\"%s\", \"%s\")", zcmd, zvalue);
600     }
601 
602     if (SSL_CONF_CTX_finish(cctx) != 1) {
603         nxt_openssl_log_error(task, NXT_LOG_ALERT,
604                               "SSL_CONF_finish() failed");
605         goto fail;
606     }
607 
608     SSL_CONF_CTX_free(cctx);
609 
610     return NXT_OK;
611 
612 fail:
613 
614     SSL_CONF_CTX_free(cctx);
615 
616     return NXT_ERROR;
617 }
618 
619 #endif
620 
621 #if (NXT_HAVE_OPENSSL_TLSEXT)
622 
623 static nxt_int_t
624 nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init,
625     nxt_mp_t *mp)
626 {
627     size_t             len;
628     uint32_t           i;
629     nxt_str_t          value;
630     nxt_uint_t         count;
631     nxt_conf_value_t   *member, *tickets_conf;
632     nxt_tls_ticket_t   *ticket;
633     nxt_tls_tickets_t  *tickets;
634     u_char             buf[80];
635 
636     tickets_conf = tls_init->tickets_conf;
637 
638     if (tickets_conf == NULL) {
639         goto no_ticket;
640     }
641 
642     if (nxt_conf_type(tickets_conf) == NXT_CONF_BOOLEAN) {
643         if (nxt_conf_get_boolean(tickets_conf) == 0) {
644             goto no_ticket;
645         }
646 
647         return NXT_OK;
648     }
649 
650     count = nxt_conf_array_elements_count_or_1(tickets_conf);
651 
652     if (count == 0) {
653         goto no_ticket;
654     }
655 
656 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
657 
658     tickets = nxt_mp_get(mp, sizeof(nxt_tls_tickets_t)
659                              + count * sizeof(nxt_tls_ticket_t));
660     if (nxt_slow_path(tickets == NULL)) {
661         return NXT_ERROR;
662     }
663 
664     tickets->count = count;
665     tls_init->conf->tickets = tickets;
666     i = 0;
667 
668     do {
669         ticket = &tickets->tickets[i];
670 
671         i++;
672 
673         member = nxt_conf_get_array_element_or_itself(tickets_conf, count - i);
674         if (member == NULL) {
675             break;
676         }
677 
678         nxt_conf_get_string(member, &value);
679 
680         len = nxt_base64_decode(buf, value.start, value.length);
681 
682         nxt_memcpy(ticket->name, buf, 16);
683 
684         if (len == 48) {
685             nxt_memcpy(ticket->aes_key, buf + 16, 16);
686             nxt_memcpy(ticket->hmac_key, buf + 32, 16);
687             ticket->size = 16;
688 
689         } else {
690             nxt_memcpy(ticket->hmac_key, buf + 16, 32);
691             nxt_memcpy(ticket->aes_key, buf + 48, 32);
692             ticket->size = 32;
693         }
694 
695     } while (i < count);
696 
697     if (SSL_CTX_set_tlsext_ticket_key_cb(ctx, nxt_tls_ticket_key_callback)
698         == 0)
699     {
700         nxt_openssl_log_error(task, NXT_LOG_ALERT,
701                       "Unit was built with Session Tickets support, however, "
702                       "now it is linked dynamically to an OpenSSL library "
703                       "which has no tlsext support, therefore Session Tickets "
704                       "are not available");
705 
706         return NXT_ERROR;
707     }
708 
709     return NXT_OK;
710 
711 #else
712     nxt_alert(task, "Setting custom session ticket keys is not supported with "
713                     "this version of OpenSSL library");
714 
715     return NXT_ERROR;
716 
717 #endif
718 
719 no_ticket:
720 
721     SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
722 
723     return NXT_OK;
724 }
725 
726 
727 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
728 
729 static int
730 nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv,
731     EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc)
732 {
733     nxt_uint_t          i;
734     nxt_conn_t          *c;
735     const EVP_MD        *digest;
736     const EVP_CIPHER    *cipher;
737     nxt_tls_ticket_t    *ticket;
738     nxt_openssl_conn_t  *tls;
739 
740     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
741 
742     if (nxt_slow_path(c == NULL)) {
743         nxt_thread_log_alert("SSL_get_ex_data() failed");
744         return -1;
745     }
746 
747     tls = c->u.tls;
748     ticket = tls->conf->tickets->tickets;
749 
750     i = 0;
751 
752     if (enc == 1) {
753         /* encrypt session ticket */
754 
755         nxt_debug(c->socket.task, "TLS session ticket encrypt");
756 
757         cipher = (ticket[0].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
758 
759         if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) {
760             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
761                                   "RAND_bytes() failed");
762             return -1;
763         }
764 
765         nxt_memcpy(name, ticket[0].name, 16);
766 
767         if (EVP_EncryptInit_ex(ectx, cipher, NULL, ticket[0].aes_key, iv) != 1)
768         {
769             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
770                                   "EVP_EncryptInit_ex() failed");
771             return -1;
772         }
773 
774     } else {
775         /* decrypt session ticket */
776 
777         do {
778             if (nxt_memcmp(name, ticket[i].name, 16) == 0) {
779                 goto found;
780             }
781 
782         } while (++i < tls->conf->tickets->count);
783 
784         nxt_debug(c->socket.task, "TLS session ticket decrypt, key not found");
785 
786         return 0;
787 
788     found:
789 
790         nxt_debug(c->socket.task,
791                   "TLS session ticket decrypt, key number: \"%d\"", i);
792 
793         enc = (i == 0) ? 1 : 2 /* renew */;
794 
795         cipher = (ticket[i].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc();
796 
797         if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1)
798         {
799             nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
800                                   "EVP_DecryptInit_ex() failed");
801             return -1;
802         }
803     }
804 
805 #ifdef OPENSSL_NO_SHA256
806     digest = EVP_sha1();
807 #else
808     digest = EVP_sha256();
809 #endif
810 
811     if (HMAC_Init_ex(hctx, ticket[i].hmac_key, ticket[i].size, digest, NULL)
812         != 1)
813     {
814         nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
815                               "HMAC_Init_ex() failed");
816         return -1;
817     }
818 
819     return enc;
820 }
821 
822 #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */
823 
824 #endif /* NXT_HAVE_OPENSSL_TLSEXT */
825 
826 
827 static void
828 nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, time_t timeout)
829 {
830     if (cache_size == 0) {
831         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
832         return;
833     }
834 
835     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
836 
837     SSL_CTX_sess_set_cache_size(ctx, cache_size);
838 
839     SSL_CTX_set_timeout(ctx, (long) timeout);
840 }
841 
842 
843 static nxt_uint_t
844 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf,
845     nxt_mp_t *mp)
846 {
847     int                         len;
848     nxt_str_t                   domain, str;
849     X509_NAME                   *x509_name;
850     nxt_uint_t                  i, n;
851     GENERAL_NAME                *name;
852     nxt_tls_bundle_conf_t       *bundle;
853     STACK_OF(GENERAL_NAME)      *alt_names;
854     nxt_tls_bundle_hash_item_t  *item;
855 
856     bundle = conf->bundle;
857 
858     alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
859 
860     if (alt_names != NULL) {
861         n = sk_GENERAL_NAME_num(alt_names);
862 
863         for (i = 0; i != n; i++) {
864             name = sk_GENERAL_NAME_value(alt_names, i);
865 
866             if (name->type != GEN_DNS) {
867                 continue;
868             }
869 
870             str.length = ASN1_STRING_length(name->d.dNSName);
871 #if OPENSSL_VERSION_NUMBER > 0x10100000L
872             str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
873 #else
874             str.start = ASN1_STRING_data(name->d.dNSName);
875 #endif
876 
877             domain.start = nxt_mp_nget(mp, str.length);
878             if (nxt_slow_path(domain.start == NULL)) {
879                 goto fail;
880             }
881 
882             domain.length = str.length;
883             nxt_memcpy_lowcase(domain.start, str.start, str.length);
884 
885             item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
886             if (nxt_slow_path(item == NULL)) {
887                 goto fail;
888             }
889 
890             item->name = domain;
891             item->bundle = bundle;
892 
893             if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash,
894                                                item, mp)
895                 == NXT_ERROR)
896             {
897                 goto fail;
898             }
899         }
900 
901         sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
902 
903     } else {
904         x509_name = X509_get_subject_name(cert);
905         len = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
906                                         NULL, 0);
907         if (len <= 0) {
908             nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither "
909                     "Subject Alternative Name nor Common Name", &bundle->name);
910             return NXT_OK;
911         }
912 
913         domain.start = nxt_mp_nget(mp, len + 1);
914         if (nxt_slow_path(domain.start == NULL)) {
915             return NXT_ERROR;
916         }
917 
918         domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
919                                                   (char *) domain.start,
920                                                   len + 1);
921         nxt_memcpy_lowcase(domain.start, domain.start, domain.length);
922 
923         item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
924         if (nxt_slow_path(item == NULL)) {
925             return NXT_ERROR;
926         }
927 
928         item->name = domain;
929         item->bundle = bundle;
930 
931         if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item,
932                                            mp)
933             == NXT_ERROR)
934         {
935             return NXT_ERROR;
936         }
937     }
938 
939     return NXT_OK;
940 
941 fail:
942 
943     sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
944 
945     return NXT_ERROR;
946 }
947 
948 
949 static const nxt_lvlhsh_proto_t  nxt_openssl_bundle_hash_proto
950     nxt_aligned(64) =
951 {
952     NXT_LVLHSH_DEFAULT,
953     nxt_openssl_bundle_hash_test,
954     nxt_mp_lvlhsh_alloc,
955     nxt_mp_lvlhsh_free,
956 };
957 
958 
959 static nxt_int_t
960 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data)
961 {
962     nxt_tls_bundle_hash_item_t  *item;
963 
964     item = data;
965 
966     return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED;
967 }
968 
969 
970 static nxt_int_t
971 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh,
972     nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp)
973 {
974     nxt_str_t                   str;
975     nxt_int_t                   ret;
976     nxt_lvlhsh_query_t          lhq;
977     nxt_tls_bundle_hash_item_t  *old;
978 
979     str = item->name;
980 
981     if (item->name.start[0] == '*') {
982         item->name.start++;
983         item->name.length--;
984 
985         if (item->name.length == 0 || item->name.start[0] != '.') {
986             nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" "
987                     "in certificate \"%V\": missing \".\" "
988                     "after wildcard symbol", &str, &item->bundle->name);
989             return NXT_OK;
990         }
991     }
992 
993     lhq.pool = mp;
994     lhq.key = item->name;
995     lhq.value = item;
996     lhq.proto = &nxt_openssl_bundle_hash_proto;
997     lhq.replace = 0;
998     lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length);
999 
1000     ret = nxt_lvlhsh_insert(lvlhsh, &lhq);
1001     if (nxt_fast_path(ret == NXT_OK)) {
1002         nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted",
1003                   &str, &item->bundle->name);
1004         return NXT_OK;
1005     }
1006 
1007     if (nxt_fast_path(ret == NXT_DECLINED)) {
1008         old = lhq.value;
1009         if (old->bundle != item->bundle) {
1010             nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" "
1011                     "in certificate \"%V\", identical name appears in \"%V\"",
1012                     &str, &old->bundle->name, &item->bundle->name);
1013 
1014             old->bundle = item->bundle;
1015         }
1016 
1017         return NXT_OK;
1018     }
1019 
1020     return NXT_ERROR;
1021 }
1022 
1023 
1024 static nxt_int_t
1025 nxt_openssl_servername(SSL *s, int *ad, void *arg)
1026 {
1027     nxt_str_t              str;
1028     nxt_uint_t             i;
1029     nxt_conn_t             *c;
1030     const char             *servername;
1031     nxt_tls_conf_t         *conf;
1032     nxt_openssl_conn_t     *tls;
1033     nxt_tls_bundle_conf_t  *bundle;
1034 
1035     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
1036 
1037     if (nxt_slow_path(c == NULL)) {
1038         nxt_thread_log_alert("SSL_get_ex_data() failed");
1039         return SSL_TLSEXT_ERR_ALERT_FATAL;
1040     }
1041 
1042     servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
1043 
1044     if (servername == NULL) {
1045         nxt_debug(c->socket.task, "SSL_get_servername(): NULL");
1046         goto done;
1047     }
1048 
1049     str.length = nxt_strlen(servername);
1050     if (str.length == 0) {
1051         nxt_debug(c->socket.task, "SSL_get_servername(): \"\" is empty");
1052         goto done;
1053     }
1054 
1055     if (servername[0] == '.') {
1056         nxt_debug(c->socket.task, "ignored the server name \"%s\": "
1057                                   "leading \".\"", servername);
1058         goto done;
1059     }
1060 
1061     nxt_debug(c->socket.task, "tls with servername \"%s\"", servername);
1062 
1063     str.start = nxt_mp_nget(c->mem_pool, str.length);
1064     if (nxt_slow_path(str.start == NULL)) {
1065         return SSL_TLSEXT_ERR_ALERT_FATAL;
1066     }
1067 
1068     nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length);
1069 
1070     tls = c->u.tls;
1071     conf = tls->conf;
1072 
1073     bundle = nxt_openssl_find_ctx(conf, &str);
1074 
1075     if (bundle == NULL) {
1076         for (i = 1; i < str.length; i++) {
1077             if (str.start[i] == '.') {
1078                 str.start += i;
1079                 str.length -= i;
1080 
1081                 bundle = nxt_openssl_find_ctx(conf, &str);
1082                 break;
1083             }
1084         }
1085     }
1086 
1087     if (bundle != NULL) {
1088         nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" "
1089                                   "(old: \"%V\")", &str, &bundle->name,
1090                                   &conf->bundle->name);
1091 
1092         if (bundle != conf->bundle) {
1093             if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) {
1094                 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
1095                                       "SSL_set_SSL_CTX() failed");
1096 
1097                 return SSL_TLSEXT_ERR_ALERT_FATAL;
1098             }
1099         }
1100     }
1101 
1102 done:
1103 
1104     return SSL_TLSEXT_ERR_OK;
1105 }
1106 
1107 
1108 static nxt_tls_bundle_conf_t *
1109 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn)
1110 {
1111     nxt_int_t                   ret;
1112     nxt_lvlhsh_query_t          lhq;
1113     nxt_tls_bundle_hash_item_t  *item;
1114 
1115     lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length);
1116     lhq.key = *sn;
1117     lhq.proto = &nxt_openssl_bundle_hash_proto;
1118 
1119     ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq);
1120     if (ret != NXT_OK) {
1121         return NULL;
1122     }
1123 
1124     item = lhq.value;
1125 
1126     return item->bundle;
1127 }
1128 
1129 
1130 static void
1131 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
1132 {
1133     nxt_tls_bundle_conf_t  *bundle;
1134 
1135     bundle = conf->bundle;
1136     nxt_assert(bundle != NULL);
1137 
1138     do {
1139         SSL_CTX_free(bundle->ctx);
1140         bundle = bundle->next;
1141     } while (bundle != NULL);
1142 
1143     if (conf->tickets) {
1144         nxt_memzero(conf->tickets->tickets,
1145                     conf->tickets->count * sizeof(nxt_tls_ticket_t));
1146     }
1147 
1148 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
1149      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
1150     RAND_keep_random_devices_open(0);
1151 #endif
1152 }
1153 
1154 
1155 static void
1156 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c)
1157 {
1158     int                 ret;
1159     SSL                 *s;
1160     SSL_CTX             *ctx;
1161     nxt_openssl_conn_t  *tls;
1162 
1163     nxt_log_debug(c->socket.log, "openssl conn init");
1164 
1165     tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t));
1166     if (tls == NULL) {
1167         goto fail;
1168     }
1169 
1170     c->u.tls = tls;
1171     nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size);
1172 
1173     ctx = conf->bundle->ctx;
1174 
1175     s = SSL_new(ctx);
1176     if (s == NULL) {
1177         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed");
1178         goto fail;
1179     }
1180 
1181     tls->session = s;
1182     /* To pass TLS config to the nxt_openssl_servername() callback. */
1183     tls->conf = conf;
1184     tls->conn = c;
1185 
1186     ret = SSL_set_fd(s, c->socket.fd);
1187 
1188     if (ret == 0) {
1189         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed",
1190                               c->socket.fd);
1191         goto fail;
1192     }
1193 
1194     SSL_set_accept_state(s);
1195 
1196     if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
1197         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed");
1198         goto fail;
1199     }
1200 
1201     c->io = &nxt_openssl_conn_io;
1202     c->sendfile = NXT_CONN_SENDFILE_OFF;
1203 
1204     nxt_openssl_conn_handshake(task, c, c->socket.data);
1205 
1206     return;
1207 
1208 fail:
1209 
1210     nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
1211                        task, c, c->socket.data);
1212 }
1213 
1214 
1215 nxt_inline void
1216 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
1217 {
1218     nxt_openssl_conn_t  *tls;
1219 
1220     nxt_debug(task, "openssl conn free");
1221 
1222     tls = c->u.tls;
1223 
1224     if (tls != NULL) {
1225         c->u.tls = NULL;
1226         nxt_free(tls->buffer.start);
1227         SSL_free(tls->session);
1228     }
1229 }
1230 
1231 
1232 static void
1233 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
1234 {
1235     int                     ret;
1236     nxt_int_t               n;
1237     nxt_err_t               err;
1238     nxt_conn_t              *c;
1239     nxt_work_queue_t        *wq;
1240     nxt_work_handler_t      handler;
1241     nxt_openssl_conn_t      *tls;
1242     const nxt_conn_state_t  *state;
1243 
1244     c = obj;
1245 
1246     nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
1247 
1248     if (c->socket.error != 0) {
1249         return;
1250     }
1251 
1252     tls = c->u.tls;
1253 
1254     if (tls == NULL) {
1255         return;
1256     }
1257 
1258     nxt_debug(task, "openssl conn handshake: %d times", tls->times);
1259 
1260     /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
1261 
1262     ret = SSL_do_handshake(tls->session);
1263 
1264     err = (ret <= 0) ? nxt_socket_errno : 0;
1265 
1266     nxt_thread_time_debug_update(task->thread);
1267 
1268     nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err);
1269 
1270     state = (c->read_state != NULL) ? c->read_state : c->write_state;
1271 
1272     if (ret > 0) {
1273         /* ret == 1, the handshake was successfully completed. */
1274         tls->handshake = 1;
1275 
1276         if (c->read_state != NULL) {
1277             if (state->io_read_handler != NULL || c->read != NULL) {
1278                 nxt_conn_read(task->thread->engine, c);
1279                 return;
1280             }
1281 
1282         } else {
1283             if (c->write != NULL) {
1284                 nxt_conn_write(task->thread->engine, c);
1285                 return;
1286             }
1287         }
1288 
1289         handler = state->ready_handler;
1290 
1291     } else {
1292         c->socket.read_handler = nxt_openssl_conn_handshake;
1293         c->socket.write_handler = nxt_openssl_conn_handshake;
1294 
1295         n = nxt_openssl_conn_test_error(task, c, ret, err,
1296                                         NXT_OPENSSL_HANDSHAKE);
1297         switch (n) {
1298 
1299         case NXT_AGAIN:
1300             if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) {
1301                 tls->times++;
1302             }
1303 
1304             return;
1305 
1306         case 0:
1307             handler = state->close_handler;
1308             break;
1309 
1310         default:
1311         case NXT_ERROR:
1312             nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed",
1313                                    c->socket.fd);
1314 
1315             handler = state->error_handler;
1316             break;
1317         }
1318     }
1319 
1320     wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue;
1321 
1322     nxt_work_queue_add(wq, handler, task, c, data);
1323 }
1324 
1325 
1326 static ssize_t
1327 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b)
1328 {
1329     int                 ret;
1330     size_t              size;
1331     nxt_int_t           n;
1332     nxt_err_t           err;
1333     nxt_openssl_conn_t  *tls;
1334 
1335     tls = c->u.tls;
1336     size = b->mem.end - b->mem.free;
1337 
1338     ret = SSL_read(tls->session, b->mem.free, size);
1339 
1340     err = (ret <= 0) ? nxt_socket_errno : 0;
1341 
1342     nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d",
1343               c->socket.fd, b->mem.free, size, ret, err);
1344 
1345     if (ret > 0) {
1346         return ret;
1347     }
1348 
1349     n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err,
1350                                     NXT_OPENSSL_READ);
1351     if (n == NXT_ERROR) {
1352         nxt_openssl_conn_error(c->socket.task, err,
1353                                "SSL_read(%d, %p, %uz) failed",
1354                                c->socket.fd, b->mem.free, size);
1355     }
1356 
1357     return n;
1358 }
1359 
1360 
1361 static ssize_t
1362 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb)
1363 {
1364     nxt_uint_t    niov;
1365     struct iovec  iov;
1366 
1367     niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1);
1368 
1369     if (niov == 0 && sb->sync) {
1370         return 0;
1371     }
1372 
1373     return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len);
1374 }
1375 
1376 
1377 static ssize_t
1378 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf,
1379     size_t size)
1380 {
1381     int                 ret;
1382     nxt_err_t           err;
1383     nxt_int_t           n;
1384     nxt_conn_t          *c;
1385     nxt_openssl_conn_t  *tls;
1386 
1387     tls = sb->tls;
1388 
1389     ret = SSL_write(tls->session, buf, size);
1390 
1391     err = (ret <= 0) ? nxt_socket_errno : 0;
1392 
1393     nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d",
1394               sb->socket, buf, size, ret, err);
1395 
1396     if (ret > 0) {
1397         return ret;
1398     }
1399 
1400     c = tls->conn;
1401     c->socket.write_ready = sb->ready;
1402 
1403     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE);
1404 
1405     sb->ready = c->socket.write_ready;
1406 
1407     if (n == NXT_ERROR) {
1408         sb->error = c->socket.error;
1409         nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed",
1410                                sb->socket, buf, size);
1411     }
1412 
1413     return n;
1414 }
1415 
1416 
1417 static void
1418 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
1419 {
1420     int                 ret, mode;
1421     SSL                 *s;
1422     nxt_err_t           err;
1423     nxt_int_t           n;
1424     nxt_bool_t          quiet, once;
1425     nxt_conn_t          *c;
1426     nxt_openssl_conn_t  *tls;
1427     nxt_work_handler_t  handler;
1428 
1429     c = obj;
1430 
1431     nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
1432 
1433     c->read_state = NULL;
1434     tls = c->u.tls;
1435 
1436     if (tls == NULL) {
1437         return;
1438     }
1439 
1440     s = tls->session;
1441 
1442     if (s == NULL || !tls->handshake) {
1443         handler = c->write_state->ready_handler;
1444         goto done;
1445     }
1446 
1447     mode = SSL_get_shutdown(s);
1448 
1449     if (c->socket.timedout || c->socket.error != 0) {
1450         quiet = 1;
1451 
1452     } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) {
1453         quiet = 1;
1454 
1455     } else {
1456         quiet = 0;
1457     }
1458 
1459     SSL_set_quiet_shutdown(s, quiet);
1460 
1461     if (tls->conf->no_wait_shutdown) {
1462         mode |= SSL_RECEIVED_SHUTDOWN;
1463     }
1464 
1465     once = 1;
1466 
1467     for ( ;; ) {
1468         SSL_set_shutdown(s, mode);
1469 
1470         ret = SSL_shutdown(s);
1471 
1472         err = (ret <= 0) ? nxt_socket_errno : 0;
1473 
1474         nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d",
1475                   c->socket.fd, mode, quiet, ret, err);
1476 
1477         if (ret > 0) {
1478             /* ret == 1, the shutdown was successfully completed. */
1479             handler = c->write_state->ready_handler;
1480             goto done;
1481         }
1482 
1483         if (ret == 0) {
1484             /*
1485              * If SSL_shutdown() returns 0 then it should be called
1486              * again.  The second SSL_shutdown() call should return
1487              * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE.
1488              * OpenSSL prior to 0.9.8m version however never returns
1489              * -1 at all.  Fortunately, OpenSSL preserves internally
1490              * correct status available via SSL_get_error(-1).
1491              */
1492             if (once) {
1493                 once = 0;
1494                 mode = SSL_get_shutdown(s);
1495                 continue;
1496             }
1497 
1498             ret = -1;
1499         }
1500 
1501         /* ret == -1 */
1502 
1503         break;
1504     }
1505 
1506     c->socket.read_handler = nxt_openssl_conn_io_shutdown;
1507     c->socket.write_handler = nxt_openssl_conn_io_shutdown;
1508     c->socket.error_handler = c->write_state->error_handler;
1509 
1510     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN);
1511 
1512     switch (n) {
1513 
1514     case 0:
1515         handler = c->write_state->close_handler;
1516         break;
1517 
1518     case NXT_AGAIN:
1519         c->write_timer.handler = nxt_openssl_conn_io_shutdown_timeout;
1520         nxt_timer_add(task->thread->engine, &c->write_timer, 5000);
1521         return;
1522 
1523     default:
1524     case NXT_ERROR:
1525         nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed",
1526                                c->socket.fd);
1527         handler = c->write_state->error_handler;
1528     }
1529 
1530 done:
1531 
1532     nxt_openssl_conn_free(task, c);
1533 
1534     nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
1535 }
1536 
1537 
1538 static nxt_int_t
1539 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
1540     nxt_err_t sys_err, nxt_openssl_io_t io)
1541 {
1542     u_long              lib_err;
1543     nxt_openssl_conn_t  *tls;
1544 
1545     tls = c->u.tls;
1546 
1547     tls->ssl_error = SSL_get_error(tls->session, ret);
1548 
1549     nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error);
1550 
1551     switch (tls->ssl_error) {
1552 
1553     case SSL_ERROR_WANT_READ:
1554         c->socket.read_ready = 0;
1555 
1556         if (io != NXT_OPENSSL_READ) {
1557             nxt_fd_event_block_write(task->thread->engine, &c->socket);
1558 
1559             if (nxt_fd_event_is_disabled(c->socket.read)) {
1560                 nxt_fd_event_enable_read(task->thread->engine, &c->socket);
1561             }
1562         }
1563 
1564         return NXT_AGAIN;
1565 
1566     case SSL_ERROR_WANT_WRITE:
1567         c->socket.write_ready = 0;
1568 
1569         if (io != NXT_OPENSSL_WRITE) {
1570             nxt_fd_event_block_read(task->thread->engine, &c->socket);
1571 
1572             if (nxt_fd_event_is_disabled(c->socket.write)) {
1573                 nxt_fd_event_enable_write(task->thread->engine, &c->socket);
1574             }
1575         }
1576 
1577         return NXT_AGAIN;
1578 
1579     case SSL_ERROR_SYSCALL:
1580         lib_err = ERR_peek_error();
1581 
1582         nxt_debug(task, "ERR_peek_error(): %l", lib_err);
1583 
1584         if (sys_err != 0 || lib_err != 0) {
1585             c->socket.error = sys_err;
1586             return NXT_ERROR;
1587         }
1588 
1589         /* A connection was just closed. */
1590         c->socket.closed = 1;
1591         return 0;
1592 
1593     case SSL_ERROR_ZERO_RETURN:
1594         /* A "close notify" alert. */
1595         return 0;
1596 
1597     default: /* SSL_ERROR_SSL, etc. */
1598         c->socket.error = 1000;  /* Nonexistent errno code. */
1599         return NXT_ERROR;
1600     }
1601 }
1602 
1603 
1604 static void
1605 nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, void *data)
1606 {
1607     nxt_conn_t   *c;
1608     nxt_timer_t  *timer;
1609 
1610     timer = obj;
1611 
1612     nxt_debug(task, "openssl conn shutdown timeout");
1613 
1614     c = nxt_write_timer_conn(timer);
1615 
1616     c->socket.timedout = 1;
1617     nxt_openssl_conn_io_shutdown(task, c, NULL);
1618 }
1619 
1620 
1621 static void nxt_cdecl
1622 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...)
1623 {
1624     u_char      *p, *end;
1625     va_list     args;
1626     nxt_uint_t  level;
1627     u_char      msg[NXT_MAX_ERROR_STR];
1628 
1629     level = nxt_openssl_log_error_level(err);
1630 
1631     if (nxt_log_level_enough(task->log, level)) {
1632 
1633         end = msg + sizeof(msg);
1634 
1635         va_start(args, fmt);
1636         p = nxt_vsprintf(msg, end, fmt, args);
1637         va_end(args);
1638 
1639         if (err != 0) {
1640             p = nxt_sprintf(p, end, " %E", err);
1641         }
1642 
1643         p = nxt_openssl_copy_error(p, end);
1644 
1645         nxt_log(task, level, "%*s", p - msg, msg);
1646 
1647     } else {
1648         ERR_clear_error();
1649     }
1650 }
1651 
1652 
1653 static nxt_uint_t
1654 nxt_openssl_log_error_level(nxt_err_t err)
1655 {
1656     switch (ERR_GET_REASON(ERR_peek_error())) {
1657 
1658     case 0:
1659         return nxt_socket_error_level(err);
1660 
1661     case SSL_R_BAD_CHANGE_CIPHER_SPEC:                    /*  103 */
1662     case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:                 /*  129 */
1663     case SSL_R_DIGEST_CHECK_FAILED:                       /*  149 */
1664     case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:             /*  151 */
1665     case SSL_R_EXCESSIVE_MESSAGE_SIZE:                    /*  152 */
1666     case SSL_R_LENGTH_MISMATCH:                           /*  159 */
1667 #ifdef SSL_R_NO_CIPHERS_PASSED
1668     case SSL_R_NO_CIPHERS_PASSED:                         /*  182 */
1669 #endif
1670     case SSL_R_NO_CIPHERS_SPECIFIED:                      /*  183 */
1671     case SSL_R_NO_COMPRESSION_SPECIFIED:                  /*  187 */
1672     case SSL_R_NO_SHARED_CIPHER:                          /*  193 */
1673     case SSL_R_RECORD_LENGTH_MISMATCH:                    /*  213 */
1674 #ifdef SSL_R_PARSE_TLSEXT
1675     case SSL_R_PARSE_TLSEXT:                              /*  227 */
1676 #endif
1677     case SSL_R_UNEXPECTED_MESSAGE:                        /*  244 */
1678     case SSL_R_UNEXPECTED_RECORD:                         /*  245 */
1679     case SSL_R_UNKNOWN_ALERT_TYPE:                        /*  246 */
1680     case SSL_R_UNKNOWN_PROTOCOL:                          /*  252 */
1681     case SSL_R_WRONG_VERSION_NUMBER:                      /*  267 */
1682     case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:       /*  281 */
1683 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
1684     case SSL_R_RENEGOTIATE_EXT_TOO_LONG:                  /*  335 */
1685     case SSL_R_RENEGOTIATION_ENCODING_ERR:                /*  336 */
1686     case SSL_R_RENEGOTIATION_MISMATCH:                    /*  337 */
1687 #endif
1688 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
1689     case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:      /*  338 */
1690 #endif
1691 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
1692     case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:          /*  345 */
1693 #endif
1694     case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
1695     case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:            /* 1010 */
1696     case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:                /* 1020 */
1697     case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED:             /* 1021 */
1698     case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:               /* 1022 */
1699     case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:         /* 1030 */
1700     case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:             /* 1040 */
1701     case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:             /* 1047 */
1702         break;
1703 
1704     case SSL_R_SSLV3_ALERT_NO_CERTIFICATE:                /* 1041 */
1705     case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:               /* 1042 */
1706     case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:       /* 1043 */
1707     case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:           /* 1044 */
1708     case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:           /* 1045 */
1709     case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:           /* 1046 */
1710     case SSL_R_TLSV1_ALERT_UNKNOWN_CA:                    /* 1048 */
1711     case SSL_R_TLSV1_ALERT_ACCESS_DENIED:                 /* 1049 */
1712     case SSL_R_TLSV1_ALERT_DECODE_ERROR:                  /* 1050 */
1713     case SSL_R_TLSV1_ALERT_DECRYPT_ERROR:                 /* 1051 */
1714     case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:            /* 1060 */
1715     case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:              /* 1070 */
1716     case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:         /* 1071 */
1717     case SSL_R_TLSV1_ALERT_INTERNAL_ERROR:                /* 1080 */
1718     case SSL_R_TLSV1_ALERT_USER_CANCELLED:                /* 1090 */
1719     case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:              /* 1100 */
1720         return NXT_LOG_ERR;
1721 
1722     default:
1723         return NXT_LOG_ALERT;
1724     }
1725 
1726     return NXT_LOG_INFO;
1727 }
1728 
1729 
1730 void nxt_cdecl
1731 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...)
1732 {
1733     u_char   *p, *end;
1734     va_list  args;
1735     u_char   msg[NXT_MAX_ERROR_STR];
1736 
1737     end = msg + sizeof(msg);
1738 
1739     va_start(args, fmt);
1740     p = nxt_vsprintf(msg, end, fmt, args);
1741     va_end(args);
1742 
1743     p = nxt_openssl_copy_error(p, end);
1744 
1745     nxt_log(task, level, "%*s", p - msg, msg);
1746 }
1747 
1748 
1749 u_char *
1750 nxt_openssl_copy_error(u_char *p, u_char *end)
1751 {
1752     int         flags;
1753     u_long      err;
1754     nxt_bool_t  clear;
1755     const char  *data, *delimiter;
1756 
1757     err = ERR_peek_error();
1758     if (err == 0) {
1759         return p;
1760     }
1761 
1762     /* Log the most relevant error message ... */
1763     data = ERR_reason_error_string(err);
1764 
1765     p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data);
1766 
1767     /*
1768      * ... followed by all queued cumbersome OpenSSL error messages
1769      * and drain the error queue.
1770      */
1771     delimiter = "";
1772     clear = 0;
1773 
1774     for ( ;; ) {
1775         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
1776         if (err == 0) {
1777             break;
1778         }
1779 
1780         p = nxt_sprintf(p, end, "%s", delimiter);
1781 
1782         ERR_error_string_n(err, (char *) p, end - p);
1783 
1784         while (p < end && *p != '\0') {
1785             p++;
1786         }
1787 
1788         if ((flags & ERR_TXT_STRING) != 0) {
1789             p = nxt_sprintf(p, end, ":%s", data);
1790         }
1791 
1792         clear |= ((flags & ERR_TXT_MALLOCED) != 0);
1793 
1794         delimiter = "; ";
1795     }
1796 
1797     /* Deallocate additional data. */
1798 
1799     if (clear) {
1800         ERR_clear_error();
1801     }
1802 
1803     if (p < end) {
1804         *p++ = ')';
1805     }
1806 
1807     return p;
1808 }
1809