1 2 /* 3 * Copyright (C) Igor Sysoev 4 * Copyright (C) NGINX, Inc. 5 */ 6 7 #include <nxt_main.h> 8 #include <nxt_conf.h> 9 #include <openssl/ssl.h> 10 #include <openssl/conf.h> 11 #include <openssl/err.h> 12 #include <openssl/rand.h> 13 #include <openssl/x509v3.h> 14 #include <openssl/bio.h> 15 #include <openssl/evp.h> 16 17 18 typedef struct { 19 SSL *session; 20 nxt_conn_t *conn; 21 22 int ssl_error; 23 uint8_t times; /* 2 bits */ 24 uint8_t handshake; /* 1 bit */ 25 26 nxt_tls_conf_t *conf; 27 nxt_buf_mem_t buffer; 28 } nxt_openssl_conn_t; 29 30 31 struct nxt_tls_ticket_s { 32 u_char name[16]; 33 u_char hmac_key[32]; 34 u_char aes_key[32]; 35 uint8_t size; 36 }; 37 38 39 struct nxt_tls_tickets_s { 40 nxt_uint_t count; 41 nxt_tls_ticket_t tickets[]; 42 }; 43 44 45 typedef enum { 46 NXT_OPENSSL_HANDSHAKE = 0, 47 NXT_OPENSSL_READ, 48 NXT_OPENSSL_WRITE, 49 NXT_OPENSSL_SHUTDOWN, 50 } nxt_openssl_io_t; 51 52 53 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task); 54 static void nxt_openssl_library_free(nxt_task_t *task); 55 #if OPENSSL_VERSION_NUMBER < 0x10100004L 56 static nxt_int_t nxt_openssl_locks_init(void); 57 static void nxt_openssl_lock(int mode, int type, const char *file, int line); 58 static unsigned long nxt_openssl_thread_id(void); 59 static void nxt_openssl_locks_free(void); 60 #endif 61 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp, 62 nxt_tls_init_t *tls_init, nxt_bool_t last); 63 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, 64 nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single); 65 #if (NXT_HAVE_OPENSSL_CONF_CMD) 66 static nxt_int_t nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, 67 nxt_conf_value_t *value, nxt_mp_t *mp); 68 #endif 69 #if (NXT_HAVE_OPENSSL_TLSEXT) 70 static nxt_int_t nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, 71 nxt_tls_init_t *tls_init, nxt_mp_t *mp); 72 static int nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, 73 unsigned char *iv, EVP_CIPHER_CTX *ectx,HMAC_CTX *hctx, int enc); 74 #endif 75 static void nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, 76 time_t timeout); 77 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, 78 nxt_tls_conf_t *conf, nxt_mp_t *mp); 79 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, 80 void *data); 81 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task, 82 nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp); 83 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg); 84 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf, 85 nxt_str_t *sn); 86 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf); 87 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, 88 nxt_conn_t *c); 89 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data); 90 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b); 91 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb); 92 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, 93 void *buf, size_t size); 94 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, 95 void *data); 96 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, 97 int ret, nxt_err_t sys_err, nxt_openssl_io_t io); 98 static void nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, 99 void *data); 100 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task, 101 nxt_err_t err, const char *fmt, ...); 102 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err); 103 104 105 const nxt_tls_lib_t nxt_openssl_lib = { 106 .library_init = nxt_openssl_library_init, 107 .library_free = nxt_openssl_library_free, 108 109 .server_init = nxt_openssl_server_init, 110 .server_free = nxt_openssl_server_free, 111 }; 112 113 114 static nxt_conn_io_t nxt_openssl_conn_io = { 115 .read = nxt_conn_io_read, 116 .recvbuf = nxt_openssl_conn_io_recvbuf, 117 118 .write = nxt_conn_io_write, 119 .sendbuf = nxt_openssl_conn_io_sendbuf, 120 121 .shutdown = nxt_openssl_conn_io_shutdown, 122 }; 123 124 125 static long nxt_openssl_version; 126 static int nxt_openssl_connection_index; 127 128 129 static nxt_int_t 130 nxt_openssl_library_init(nxt_task_t *task) 131 { 132 int index; 133 134 if (nxt_fast_path(nxt_openssl_version != 0)) { 135 return NXT_OK; 136 } 137 138 #if OPENSSL_VERSION_NUMBER >= 0x10100003L 139 140 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); 141 142 #else 143 { 144 nxt_int_t ret; 145 146 SSL_load_error_strings(); 147 148 OPENSSL_config(NULL); 149 150 /* 151 * SSL_library_init(3): 152 * 153 * SSL_library_init() always returns "1", 154 * so it is safe to discard the return value. 155 */ 156 (void) SSL_library_init(); 157 158 ret = nxt_openssl_locks_init(); 159 if (nxt_slow_path(ret != NXT_OK)) { 160 return ret; 161 } 162 } 163 164 #endif 165 166 nxt_openssl_version = SSLeay(); 167 168 nxt_log(task, NXT_LOG_INFO, "%s, %xl", 169 SSLeay_version(SSLEAY_VERSION), nxt_openssl_version); 170 171 #ifndef SSL_OP_NO_COMPRESSION 172 { 173 /* 174 * Disable gzip compression in OpenSSL prior to 1.0.0 175 * version, this saves about 522K per connection. 176 */ 177 int n; 178 STACK_OF(SSL_COMP) *ssl_comp_methods; 179 180 ssl_comp_methods = SSL_COMP_get_compression_methods(); 181 182 for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) { 183 (void) sk_SSL_COMP_pop(ssl_comp_methods); 184 } 185 } 186 #endif 187 188 index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); 189 190 if (index == -1) { 191 nxt_openssl_log_error(task, NXT_LOG_ALERT, 192 "SSL_get_ex_new_index() failed"); 193 return NXT_ERROR; 194 } 195 196 nxt_openssl_connection_index = index; 197 198 return NXT_OK; 199 } 200 201 202 #if OPENSSL_VERSION_NUMBER >= 0x10100003L 203 204 static void 205 nxt_openssl_library_free(nxt_task_t *task) 206 { 207 } 208 209 #else 210 211 static nxt_thread_mutex_t *nxt_openssl_locks; 212 213 static nxt_int_t 214 nxt_openssl_locks_init(void) 215 { 216 int i, n; 217 nxt_int_t ret; 218 219 n = CRYPTO_num_locks(); 220 221 nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t)); 222 if (nxt_slow_path(nxt_openssl_locks == NULL)) { 223 return NXT_ERROR; 224 } 225 226 for (i = 0; i < n; i++) { 227 ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]); 228 if (nxt_slow_path(ret != NXT_OK)) { 229 return ret; 230 } 231 } 232 233 CRYPTO_set_locking_callback(nxt_openssl_lock); 234 235 CRYPTO_set_id_callback(nxt_openssl_thread_id); 236 237 return NXT_OK; 238 } 239 240 241 static void 242 nxt_openssl_lock(int mode, int type, const char *file, int line) 243 { 244 nxt_thread_mutex_t *lock; 245 246 lock = &nxt_openssl_locks[type]; 247 248 if ((mode & CRYPTO_LOCK) != 0) { 249 (void) nxt_thread_mutex_lock(lock); 250 251 } else { 252 (void) nxt_thread_mutex_unlock(lock); 253 } 254 } 255 256 257 static u_long 258 nxt_openssl_thread_id(void) 259 { 260 return (u_long) nxt_thread_handle(); 261 } 262 263 264 static void 265 nxt_openssl_library_free(nxt_task_t *task) 266 { 267 nxt_openssl_locks_free(); 268 } 269 270 271 static void 272 nxt_openssl_locks_free(void) 273 { 274 int i, n; 275 276 n = CRYPTO_num_locks(); 277 278 CRYPTO_set_locking_callback(NULL); 279 280 for (i = 0; i < n; i++) { 281 nxt_thread_mutex_destroy(&nxt_openssl_locks[i]); 282 } 283 284 OPENSSL_free(nxt_openssl_locks); 285 } 286 287 #endif 288 289 290 static nxt_int_t 291 nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp, 292 nxt_tls_init_t *tls_init, nxt_bool_t last) 293 { 294 SSL_CTX *ctx; 295 const char *ciphers, *ca_certificate; 296 nxt_tls_conf_t *conf; 297 STACK_OF(X509_NAME) *list; 298 nxt_tls_bundle_conf_t *bundle; 299 300 ctx = SSL_CTX_new(SSLv23_server_method()); 301 if (ctx == NULL) { 302 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed"); 303 return NXT_ERROR; 304 } 305 306 conf = tls_init->conf; 307 308 bundle = conf->bundle; 309 nxt_assert(bundle != NULL); 310 311 bundle->ctx = ctx; 312 313 #ifdef SSL_OP_NO_RENEGOTIATION 314 /* Renegration is not currently supported. */ 315 SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); 316 #endif 317 318 #ifdef SSL_OP_NO_COMPRESSION 319 /* 320 * Disable gzip compression in OpenSSL 1.0.0, 321 * this saves about 522K per connection. 322 */ 323 SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); 324 #endif 325 326 #ifdef SSL_MODE_RELEASE_BUFFERS 327 328 if (nxt_openssl_version >= 10001078) { 329 /* 330 * Allow to release read and write buffers in OpenSSL 1.0.0, 331 * this saves about 34K per idle connection. It is not safe 332 * before OpenSSL 1.0.1h (CVE-2010-5298). 333 */ 334 SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); 335 } 336 337 #endif 338 339 if (nxt_openssl_chain_file(task, ctx, conf, mp, 340 last && bundle->next == NULL) 341 != NXT_OK) 342 { 343 goto fail; 344 } 345 /* 346 key = conf->certificate_key; 347 348 if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) { 349 nxt_openssl_log_error(task, NXT_LOG_ALERT, 350 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", 351 key); 352 goto fail; 353 } 354 */ 355 356 ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; 357 358 if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { 359 nxt_openssl_log_error(task, NXT_LOG_ALERT, 360 "SSL_CTX_set_cipher_list(\"%s\") failed", 361 ciphers); 362 goto fail; 363 } 364 365 #if (NXT_HAVE_OPENSSL_CONF_CMD) 366 if (tls_init->conf_cmds != NULL 367 && nxt_ssl_conf_commands(task, ctx, tls_init->conf_cmds, mp) != NXT_OK) 368 { 369 goto fail; 370 } 371 #endif 372 373 nxt_ssl_session_cache(ctx, tls_init->cache_size, tls_init->timeout); 374 375 #if (NXT_HAVE_OPENSSL_TLSEXT) 376 if (nxt_tls_ticket_keys(task, ctx, tls_init, mp) != NXT_OK) { 377 goto fail; 378 } 379 #endif 380 381 SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); 382 383 if (conf->ca_certificate != NULL) { 384 385 /* TODO: verify callback */ 386 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); 387 388 /* TODO: verify depth */ 389 SSL_CTX_set_verify_depth(ctx, 1); 390 391 ca_certificate = conf->ca_certificate; 392 393 if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) { 394 nxt_openssl_log_error(task, NXT_LOG_ALERT, 395 "SSL_CTX_load_verify_locations(\"%s\") failed", 396 ca_certificate); 397 goto fail; 398 } 399 400 list = SSL_load_client_CA_file(ca_certificate); 401 402 if (list == NULL) { 403 nxt_openssl_log_error(task, NXT_LOG_ALERT, 404 "SSL_load_client_CA_file(\"%s\") failed", 405 ca_certificate); 406 goto fail; 407 } 408 409 /* 410 * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and 411 * 0.9.8 versions always leaves an error in the error queue. 412 */ 413 ERR_clear_error(); 414 415 SSL_CTX_set_client_CA_list(ctx, list); 416 } 417 418 if (last) { 419 conf->conn_init = nxt_openssl_conn_init; 420 421 if (bundle->next != NULL) { 422 SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername); 423 } 424 } 425 426 return NXT_OK; 427 428 fail: 429 430 SSL_CTX_free(ctx); 431 432 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \ 433 && OPENSSL_VERSION_NUMBER < 0x1010101fL) 434 RAND_keep_random_devices_open(0); 435 #endif 436 437 return NXT_ERROR; 438 } 439 440 441 static nxt_int_t 442 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf, 443 nxt_mp_t *mp, nxt_bool_t single) 444 { 445 BIO *bio; 446 X509 *cert, *ca; 447 long reason; 448 EVP_PKEY *key; 449 nxt_int_t ret; 450 nxt_tls_bundle_conf_t *bundle; 451 452 ret = NXT_ERROR; 453 cert = NULL; 454 455 bio = BIO_new(BIO_s_fd()); 456 if (bio == NULL) { 457 goto end; 458 } 459 460 bundle = conf->bundle; 461 462 BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE); 463 464 cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); 465 if (cert == NULL) { 466 goto end; 467 } 468 469 if (SSL_CTX_use_certificate(ctx, cert) != 1) { 470 goto end; 471 } 472 473 if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) { 474 goto clean; 475 } 476 477 for ( ;; ) { 478 ca = PEM_read_bio_X509(bio, NULL, NULL, NULL); 479 480 if (ca == NULL) { 481 reason = ERR_GET_REASON(ERR_peek_last_error()); 482 if (reason != PEM_R_NO_START_LINE) { 483 goto end; 484 } 485 486 ERR_clear_error(); 487 break; 488 } 489 490 /* 491 * Note that ca isn't freed if it was successfully added to the chain, 492 * while the main certificate needs a X509_free() call, since 493 * its reference count is increased by SSL_CTX_use_certificate(). 494 */ 495 #ifdef SSL_CTX_add0_chain_cert 496 if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) { 497 #else 498 if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) { 499 #endif 500 X509_free(ca); 501 goto end; 502 } 503 } 504 505 if (BIO_reset(bio) != 0) { 506 goto end; 507 } 508 509 key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); 510 if (key == NULL) { 511 goto end; 512 } 513 514 if (SSL_CTX_use_PrivateKey(ctx, key) == 1) { 515 ret = NXT_OK; 516 } 517 518 EVP_PKEY_free(key); 519 520 end: 521 522 if (ret != NXT_OK) { 523 nxt_openssl_log_error(task, NXT_LOG_ALERT, 524 "nxt_openssl_chain_file() failed"); 525 } 526 527 clean: 528 529 BIO_free(bio); 530 X509_free(cert); 531 532 return ret; 533 } 534 535 536 #if (NXT_HAVE_OPENSSL_CONF_CMD) 537 538 static nxt_int_t 539 nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, nxt_conf_value_t *conf, 540 nxt_mp_t *mp) 541 { 542 int ret; 543 char *zcmd, *zvalue; 544 uint32_t index; 545 nxt_str_t cmd, value; 546 SSL_CONF_CTX *cctx; 547 nxt_conf_value_t *member; 548 549 cctx = SSL_CONF_CTX_new(); 550 if (nxt_slow_path(cctx == NULL)) { 551 nxt_openssl_log_error(task, NXT_LOG_ALERT, 552 "SSL_CONF_CTX_new() failed"); 553 return NXT_ERROR; 554 } 555 556 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE 557 | SSL_CONF_FLAG_SERVER 558 | SSL_CONF_FLAG_CERTIFICATE 559 | SSL_CONF_FLAG_SHOW_ERRORS); 560 561 SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); 562 563 index = 0; 564 565 for ( ;; ) { 566 member = nxt_conf_next_object_member(conf, &cmd, &index); 567 if (nxt_slow_path(member == NULL)) { 568 break; 569 } 570 571 nxt_conf_get_string(member, &value); 572 573 zcmd = nxt_str_cstrz(mp, &cmd); 574 zvalue = nxt_str_cstrz(mp, &value); 575 576 if (nxt_slow_path(zcmd == NULL || zvalue == NULL)) { 577 goto fail; 578 } 579 580 ret = SSL_CONF_cmd(cctx, zcmd, zvalue); 581 if (ret == -2) { 582 nxt_openssl_log_error(task, NXT_LOG_ERR, 583 "unknown command \"%s\" in " 584 "\"conf_commands\" option", zcmd); 585 goto fail; 586 } 587 588 if (ret <= 0) { 589 nxt_openssl_log_error(task, NXT_LOG_ERR, 590 "invalid value \"%s\" for command \"%s\" " 591 "in \"conf_commands\" option", 592 zvalue, zcmd); 593 goto fail; 594 } 595 596 nxt_debug(task, "SSL_CONF_cmd(\"%s\", \"%s\")", zcmd, zvalue); 597 } 598 599 if (SSL_CONF_CTX_finish(cctx) != 1) { 600 nxt_openssl_log_error(task, NXT_LOG_ALERT, 601 "SSL_CONF_finish() failed"); 602 goto fail; 603 } 604 605 SSL_CONF_CTX_free(cctx); 606 607 return NXT_OK; 608 609 fail: 610 611 SSL_CONF_CTX_free(cctx); 612 613 return NXT_ERROR; 614 } 615 616 #endif 617 618 #if (NXT_HAVE_OPENSSL_TLSEXT) 619 620 static nxt_int_t 621 nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init, 622 nxt_mp_t *mp) 623 { 624 uint32_t i; 625 nxt_int_t ret; 626 nxt_str_t value; 627 nxt_uint_t count; 628 nxt_conf_value_t *member, *tickets_conf; 629 nxt_tls_ticket_t *ticket; 630 nxt_tls_tickets_t *tickets; 631 u_char buf[80]; 632 633 tickets_conf = tls_init->tickets_conf; 634 635 if (tickets_conf == NULL) { 636 goto no_ticket; 637 } 638 639 if (nxt_conf_type(tickets_conf) == NXT_CONF_BOOLEAN) { 640 if (nxt_conf_get_boolean(tickets_conf) == 0) { 641 goto no_ticket; 642 } 643 644 return NXT_OK; 645 } 646 647 if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) { 648 count = nxt_conf_array_elements_count(tickets_conf); 649 650 if (count == 0) { 651 goto no_ticket; 652 } 653 654 } else { 655 /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */ 656 count = 1; 657 } 658 659 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 660 661 tickets = nxt_mp_get(mp, sizeof(nxt_tls_tickets_t) 662 + count * sizeof(nxt_tls_ticket_t)); 663 if (nxt_slow_path(tickets == NULL)) { 664 return NXT_ERROR; 665 } 666 667 tickets->count = count; 668 tls_init->conf->tickets = tickets; 669 i = 0; 670 671 do { 672 ticket = &tickets->tickets[i]; 673 674 i++; 675 676 if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) { 677 member = nxt_conf_get_array_element(tickets_conf, count - i); 678 if (member == NULL) { 679 break; 680 } 681 682 } else { 683 /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */ 684 member = tickets_conf; 685 } 686 687 nxt_conf_get_string(member, &value); 688 689 ret = nxt_openssl_base64_decode(buf, 80, value.start, value.length); 690 if (nxt_slow_path(ret == NXT_ERROR)) { 691 return NXT_ERROR; 692 } 693 694 nxt_memcpy(ticket->name, buf, 16); 695 696 if (ret == 48) { 697 nxt_memcpy(ticket->aes_key, buf + 16, 16); 698 nxt_memcpy(ticket->hmac_key, buf + 32, 16); 699 ticket->size = 16; 700 701 } else { 702 nxt_memcpy(ticket->hmac_key, buf + 16, 32); 703 nxt_memcpy(ticket->aes_key, buf + 48, 32); 704 ticket->size = 32; 705 } 706 707 } while (i < count); 708 709 if (SSL_CTX_set_tlsext_ticket_key_cb(ctx, nxt_tls_ticket_key_callback) 710 == 0) 711 { 712 nxt_openssl_log_error(task, NXT_LOG_ALERT, 713 "Unit was built with Session Tickets support, however, " 714 "now it is linked dynamically to an OpenSSL library " 715 "which has no tlsext support, therefore Session Tickets " 716 "are not available"); 717 718 return NXT_ERROR; 719 } 720 721 return NXT_OK; 722 723 #else 724 nxt_alert(task, "Setting custom session ticket keys is not supported with " 725 "this version of OpenSSL library"); 726 727 return NXT_ERROR; 728 729 #endif 730 731 no_ticket: 732 733 SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); 734 735 return NXT_OK; 736 } 737 738 739 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 740 741 static int 742 nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv, 743 EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc) 744 { 745 nxt_uint_t i; 746 nxt_conn_t *c; 747 const EVP_MD *digest; 748 const EVP_CIPHER *cipher; 749 nxt_tls_ticket_t *ticket; 750 nxt_openssl_conn_t *tls; 751 752 c = SSL_get_ex_data(s, nxt_openssl_connection_index); 753 754 if (nxt_slow_path(c == NULL)) { 755 nxt_thread_log_alert("SSL_get_ex_data() failed"); 756 return -1; 757 } 758 759 tls = c->u.tls; 760 ticket = tls->conf->tickets->tickets; 761 762 i = 0; 763 764 if (enc == 1) { 765 /* encrypt session ticket */ 766 767 nxt_debug(c->socket.task, "TLS session ticket encrypt"); 768 769 cipher = (ticket[0].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc(); 770 771 if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) { 772 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 773 "RAND_bytes() failed"); 774 return -1; 775 } 776 777 nxt_memcpy(name, ticket[0].name, 16); 778 779 if (EVP_EncryptInit_ex(ectx, cipher, NULL, ticket[0].aes_key, iv) != 1) 780 { 781 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 782 "EVP_EncryptInit_ex() failed"); 783 return -1; 784 } 785 786 } else { 787 /* decrypt session ticket */ 788 789 do { 790 if (nxt_memcmp(name, ticket[i].name, 16) == 0) { 791 goto found; 792 } 793 794 } while (++i < tls->conf->tickets->count); 795 796 nxt_debug(c->socket.task, "TLS session ticket decrypt, key not found"); 797 798 return 0; 799 800 found: 801 802 nxt_debug(c->socket.task, 803 "TLS session ticket decrypt, key number: \"%d\"", i); 804 805 enc = (i == 0) ? 1 : 2 /* renew */; 806 807 cipher = (ticket[i].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc(); 808 809 if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1) 810 { 811 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 812 "EVP_DecryptInit_ex() failed"); 813 return -1; 814 } 815 } 816 817 #ifdef OPENSSL_NO_SHA256 818 digest = EVP_sha1(); 819 #else 820 digest = EVP_sha256(); 821 #endif 822 823 if (HMAC_Init_ex(hctx, ticket[i].hmac_key, ticket[i].size, digest, NULL) 824 != 1) 825 { 826 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 827 "HMAC_Init_ex() failed"); 828 return -1; 829 } 830 831 return enc; 832 } 833 834 #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */ 835 836 #endif /* NXT_HAVE_OPENSSL_TLSEXT */ 837 838 839 static void 840 nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, time_t timeout) 841 { 842 if (cache_size == 0) { 843 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 844 return; 845 } 846 847 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER); 848 849 SSL_CTX_sess_set_cache_size(ctx, cache_size); 850 851 SSL_CTX_set_timeout(ctx, (long) timeout); 852 } 853 854 855 static nxt_uint_t 856 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf, 857 nxt_mp_t *mp) 858 { 859 int len; 860 nxt_str_t domain, str; 861 X509_NAME *x509_name; 862 nxt_uint_t i, n; 863 GENERAL_NAME *name; 864 nxt_tls_bundle_conf_t *bundle; 865 STACK_OF(GENERAL_NAME) *alt_names; 866 nxt_tls_bundle_hash_item_t *item; 867 868 bundle = conf->bundle; 869 870 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 871 872 if (alt_names != NULL) { 873 n = sk_GENERAL_NAME_num(alt_names); 874 875 for (i = 0; i != n; i++) { 876 name = sk_GENERAL_NAME_value(alt_names, i); 877 878 if (name->type != GEN_DNS) { 879 continue; 880 } 881 882 str.length = ASN1_STRING_length(name->d.dNSName); 883 #if OPENSSL_VERSION_NUMBER > 0x10100000L 884 str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName); 885 #else 886 str.start = ASN1_STRING_data(name->d.dNSName); 887 #endif 888 889 domain.start = nxt_mp_nget(mp, str.length); 890 if (nxt_slow_path(domain.start == NULL)) { 891 goto fail; 892 } 893 894 domain.length = str.length; 895 nxt_memcpy_lowcase(domain.start, str.start, str.length); 896 897 item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t)); 898 if (nxt_slow_path(item == NULL)) { 899 goto fail; 900 } 901 902 item->name = domain; 903 item->bundle = bundle; 904 905 if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, 906 item, mp) 907 == NXT_ERROR) 908 { 909 goto fail; 910 } 911 } 912 913 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); 914 915 } else { 916 x509_name = X509_get_subject_name(cert); 917 len = X509_NAME_get_text_by_NID(x509_name, NID_commonName, 918 NULL, 0); 919 if (len <= 0) { 920 nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither " 921 "Subject Alternative Name nor Common Name", &bundle->name); 922 return NXT_OK; 923 } 924 925 domain.start = nxt_mp_nget(mp, len + 1); 926 if (nxt_slow_path(domain.start == NULL)) { 927 return NXT_ERROR; 928 } 929 930 domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName, 931 (char *) domain.start, 932 len + 1); 933 nxt_memcpy_lowcase(domain.start, domain.start, domain.length); 934 935 item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t)); 936 if (nxt_slow_path(item == NULL)) { 937 return NXT_ERROR; 938 } 939 940 item->name = domain; 941 item->bundle = bundle; 942 943 if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item, 944 mp) 945 == NXT_ERROR) 946 { 947 return NXT_ERROR; 948 } 949 } 950 951 return NXT_OK; 952 953 fail: 954 955 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); 956 957 return NXT_ERROR; 958 } 959 960 961 static const nxt_lvlhsh_proto_t nxt_openssl_bundle_hash_proto 962 nxt_aligned(64) = 963 { 964 NXT_LVLHSH_DEFAULT, 965 nxt_openssl_bundle_hash_test, 966 nxt_mp_lvlhsh_alloc, 967 nxt_mp_lvlhsh_free, 968 }; 969 970 971 static nxt_int_t 972 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data) 973 { 974 nxt_tls_bundle_hash_item_t *item; 975 976 item = data; 977 978 return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED; 979 } 980 981 982 static nxt_int_t 983 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh, 984 nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp) 985 { 986 nxt_str_t str; 987 nxt_int_t ret; 988 nxt_lvlhsh_query_t lhq; 989 nxt_tls_bundle_hash_item_t *old; 990 991 str = item->name; 992 993 if (item->name.start[0] == '*') { 994 item->name.start++; 995 item->name.length--; 996 997 if (item->name.length == 0 || item->name.start[0] != '.') { 998 nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" " 999 "in certificate \"%V\": missing \".\" " 1000 "after wildcard symbol", &str, &item->bundle->name); 1001 return NXT_OK; 1002 } 1003 } 1004 1005 lhq.pool = mp; 1006 lhq.key = item->name; 1007 lhq.value = item; 1008 lhq.proto = &nxt_openssl_bundle_hash_proto; 1009 lhq.replace = 0; 1010 lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length); 1011 1012 ret = nxt_lvlhsh_insert(lvlhsh, &lhq); 1013 if (nxt_fast_path(ret == NXT_OK)) { 1014 nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted", 1015 &str, &item->bundle->name); 1016 return NXT_OK; 1017 } 1018 1019 if (nxt_fast_path(ret == NXT_DECLINED)) { 1020 old = lhq.value; 1021 if (old->bundle != item->bundle) { 1022 nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" " 1023 "in certificate \"%V\", identical name appears in \"%V\"", 1024 &str, &old->bundle->name, &item->bundle->name); 1025 1026 old->bundle = item->bundle; 1027 } 1028 1029 return NXT_OK; 1030 } 1031 1032 return NXT_ERROR; 1033 } 1034 1035 1036 static nxt_int_t 1037 nxt_openssl_servername(SSL *s, int *ad, void *arg) 1038 { 1039 nxt_str_t str; 1040 nxt_uint_t i; 1041 nxt_conn_t *c; 1042 const char *servername; 1043 nxt_tls_conf_t *conf; 1044 nxt_openssl_conn_t *tls; 1045 nxt_tls_bundle_conf_t *bundle; 1046 1047 c = SSL_get_ex_data(s, nxt_openssl_connection_index); 1048 1049 if (nxt_slow_path(c == NULL)) { 1050 nxt_thread_log_alert("SSL_get_ex_data() failed"); 1051 return SSL_TLSEXT_ERR_ALERT_FATAL; 1052 } 1053 1054 servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 1055 1056 if (servername == NULL) { 1057 nxt_debug(c->socket.task, "SSL_get_servername(): NULL"); 1058 goto done; 1059 } 1060 1061 str.length = nxt_strlen(servername); 1062 if (str.length == 0) { 1063 nxt_debug(c->socket.task, "SSL_get_servername(): \"\" is empty"); 1064 goto done; 1065 } 1066 1067 if (servername[0] == '.') { 1068 nxt_debug(c->socket.task, "ignored the server name \"%s\": " 1069 "leading \".\"", servername); 1070 goto done; 1071 } 1072 1073 nxt_debug(c->socket.task, "tls with servername \"%s\"", servername); 1074 1075 str.start = nxt_mp_nget(c->mem_pool, str.length); 1076 if (nxt_slow_path(str.start == NULL)) { 1077 return SSL_TLSEXT_ERR_ALERT_FATAL; 1078 } 1079 1080 nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length); 1081 1082 tls = c->u.tls; 1083 conf = tls->conf; 1084 1085 bundle = nxt_openssl_find_ctx(conf, &str); 1086 1087 if (bundle == NULL) { 1088 for (i = 1; i < str.length; i++) { 1089 if (str.start[i] == '.') { 1090 str.start += i; 1091 str.length -= i; 1092 1093 bundle = nxt_openssl_find_ctx(conf, &str); 1094 break; 1095 } 1096 } 1097 } 1098 1099 if (bundle != NULL) { 1100 nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" " 1101 "(old: \"%V\")", &str, &bundle->name, 1102 &conf->bundle->name); 1103 1104 if (bundle != conf->bundle) { 1105 if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) { 1106 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 1107 "SSL_set_SSL_CTX() failed"); 1108 1109 return SSL_TLSEXT_ERR_ALERT_FATAL; 1110 } 1111 } 1112 } 1113 1114 done: 1115 1116 return SSL_TLSEXT_ERR_OK; 1117 } 1118 1119 1120 static nxt_tls_bundle_conf_t * 1121 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn) 1122 { 1123 nxt_int_t ret; 1124 nxt_lvlhsh_query_t lhq; 1125 nxt_tls_bundle_hash_item_t *item; 1126 1127 lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length); 1128 lhq.key = *sn; 1129 lhq.proto = &nxt_openssl_bundle_hash_proto; 1130 1131 ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq); 1132 if (ret != NXT_OK) { 1133 return NULL; 1134 } 1135 1136 item = lhq.value; 1137 1138 return item->bundle; 1139 } 1140 1141 1142 static void 1143 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf) 1144 { 1145 nxt_tls_bundle_conf_t *bundle; 1146 1147 bundle = conf->bundle; 1148 nxt_assert(bundle != NULL); 1149 1150 do { 1151 SSL_CTX_free(bundle->ctx); 1152 bundle = bundle->next; 1153 } while (bundle != NULL); 1154 1155 if (conf->tickets) { 1156 nxt_memzero(conf->tickets->tickets, 1157 conf->tickets->count * sizeof(nxt_tls_ticket_t)); 1158 } 1159 1160 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \ 1161 && OPENSSL_VERSION_NUMBER < 0x1010101fL) 1162 RAND_keep_random_devices_open(0); 1163 #endif 1164 } 1165 1166 1167 static void 1168 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c) 1169 { 1170 int ret; 1171 SSL *s; 1172 SSL_CTX *ctx; 1173 nxt_openssl_conn_t *tls; 1174 1175 nxt_log_debug(c->socket.log, "openssl conn init"); 1176 1177 tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t)); 1178 if (tls == NULL) { 1179 goto fail; 1180 } 1181 1182 c->u.tls = tls; 1183 nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size); 1184 1185 ctx = conf->bundle->ctx; 1186 1187 s = SSL_new(ctx); 1188 if (s == NULL) { 1189 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed"); 1190 goto fail; 1191 } 1192 1193 tls->session = s; 1194 /* To pass TLS config to the nxt_openssl_servername() callback. */ 1195 tls->conf = conf; 1196 tls->conn = c; 1197 1198 ret = SSL_set_fd(s, c->socket.fd); 1199 1200 if (ret == 0) { 1201 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed", 1202 c->socket.fd); 1203 goto fail; 1204 } 1205 1206 SSL_set_accept_state(s); 1207 1208 if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) { 1209 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed"); 1210 goto fail; 1211 } 1212 1213 c->io = &nxt_openssl_conn_io; 1214 c->sendfile = NXT_CONN_SENDFILE_OFF; 1215 1216 nxt_openssl_conn_handshake(task, c, c->socket.data); 1217 1218 return; 1219 1220 fail: 1221 1222 nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler, 1223 task, c, c->socket.data); 1224 } 1225 1226 1227 nxt_inline void 1228 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c) 1229 { 1230 nxt_openssl_conn_t *tls; 1231 1232 nxt_debug(task, "openssl conn free"); 1233 1234 tls = c->u.tls; 1235 1236 if (tls != NULL) { 1237 c->u.tls = NULL; 1238 nxt_free(tls->buffer.start); 1239 SSL_free(tls->session); 1240 } 1241 } 1242 1243 1244 static void 1245 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data) 1246 { 1247 int ret; 1248 nxt_int_t n; 1249 nxt_err_t err; 1250 nxt_conn_t *c; 1251 nxt_work_queue_t *wq; 1252 nxt_work_handler_t handler; 1253 nxt_openssl_conn_t *tls; 1254 const nxt_conn_state_t *state; 1255 1256 c = obj; 1257 1258 nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd); 1259 1260 if (c->socket.error != 0) { 1261 return; 1262 } 1263 1264 tls = c->u.tls; 1265 1266 if (tls == NULL) { 1267 return; 1268 } 1269 1270 nxt_debug(task, "openssl conn handshake: %d times", tls->times); 1271 1272 /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */ 1273 1274 ret = SSL_do_handshake(tls->session); 1275 1276 err = (ret <= 0) ? nxt_socket_errno : 0; 1277 1278 nxt_thread_time_debug_update(task->thread); 1279 1280 nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err); 1281 1282 state = (c->read_state != NULL) ? c->read_state : c->write_state; 1283 1284 if (ret > 0) { 1285 /* ret == 1, the handshake was successfully completed. */ 1286 tls->handshake = 1; 1287 1288 if (c->read_state != NULL) { 1289 if (state->io_read_handler != NULL || c->read != NULL) { 1290 nxt_conn_read(task->thread->engine, c); 1291 return; 1292 } 1293 1294 } else { 1295 if (c->write != NULL) { 1296 nxt_conn_write(task->thread->engine, c); 1297 return; 1298 } 1299 } 1300 1301 handler = state->ready_handler; 1302 1303 } else { 1304 c->socket.read_handler = nxt_openssl_conn_handshake; 1305 c->socket.write_handler = nxt_openssl_conn_handshake; 1306 1307 n = nxt_openssl_conn_test_error(task, c, ret, err, 1308 NXT_OPENSSL_HANDSHAKE); 1309 switch (n) { 1310 1311 case NXT_AGAIN: 1312 if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) { 1313 tls->times++; 1314 } 1315 1316 return; 1317 1318 case 0: 1319 handler = state->close_handler; 1320 break; 1321 1322 default: 1323 case NXT_ERROR: 1324 nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed", 1325 c->socket.fd); 1326 1327 handler = state->error_handler; 1328 break; 1329 } 1330 } 1331 1332 wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue; 1333 1334 nxt_work_queue_add(wq, handler, task, c, data); 1335 } 1336 1337 1338 static ssize_t 1339 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b) 1340 { 1341 int ret; 1342 size_t size; 1343 nxt_int_t n; 1344 nxt_err_t err; 1345 nxt_openssl_conn_t *tls; 1346 1347 tls = c->u.tls; 1348 size = b->mem.end - b->mem.free; 1349 1350 ret = SSL_read(tls->session, b->mem.free, size); 1351 1352 err = (ret <= 0) ? nxt_socket_errno : 0; 1353 1354 nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d", 1355 c->socket.fd, b->mem.free, size, ret, err); 1356 1357 if (ret > 0) { 1358 return ret; 1359 } 1360 1361 n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err, 1362 NXT_OPENSSL_READ); 1363 if (n == NXT_ERROR) { 1364 nxt_openssl_conn_error(c->socket.task, err, 1365 "SSL_read(%d, %p, %uz) failed", 1366 c->socket.fd, b->mem.free, size); 1367 } 1368 1369 return n; 1370 } 1371 1372 1373 static ssize_t 1374 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb) 1375 { 1376 nxt_uint_t niov; 1377 struct iovec iov; 1378 1379 niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1); 1380 1381 if (niov == 0 && sb->sync) { 1382 return 0; 1383 } 1384 1385 return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len); 1386 } 1387 1388 1389 static ssize_t 1390 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf, 1391 size_t size) 1392 { 1393 int ret; 1394 nxt_err_t err; 1395 nxt_int_t n; 1396 nxt_conn_t *c; 1397 nxt_openssl_conn_t *tls; 1398 1399 tls = sb->tls; 1400 1401 ret = SSL_write(tls->session, buf, size); 1402 1403 err = (ret <= 0) ? nxt_socket_errno : 0; 1404 1405 nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d", 1406 sb->socket, buf, size, ret, err); 1407 1408 if (ret > 0) { 1409 return ret; 1410 } 1411 1412 c = tls->conn; 1413 c->socket.write_ready = sb->ready; 1414 1415 n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE); 1416 1417 sb->ready = c->socket.write_ready; 1418 1419 if (n == NXT_ERROR) { 1420 sb->error = c->socket.error; 1421 nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed", 1422 sb->socket, buf, size); 1423 } 1424 1425 return n; 1426 } 1427 1428 1429 static void 1430 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data) 1431 { 1432 int ret, mode; 1433 SSL *s; 1434 nxt_err_t err; 1435 nxt_int_t n; 1436 nxt_bool_t quiet, once; 1437 nxt_conn_t *c; 1438 nxt_openssl_conn_t *tls; 1439 nxt_work_handler_t handler; 1440 1441 c = obj; 1442 1443 nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd); 1444 1445 c->read_state = NULL; 1446 tls = c->u.tls; 1447 1448 if (tls == NULL) { 1449 return; 1450 } 1451 1452 s = tls->session; 1453 1454 if (s == NULL || !tls->handshake) { 1455 handler = c->write_state->ready_handler; 1456 goto done; 1457 } 1458 1459 mode = SSL_get_shutdown(s); 1460 1461 if (c->socket.timedout || c->socket.error != 0) { 1462 quiet = 1; 1463 1464 } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) { 1465 quiet = 1; 1466 1467 } else { 1468 quiet = 0; 1469 } 1470 1471 SSL_set_quiet_shutdown(s, quiet); 1472 1473 if (tls->conf->no_wait_shutdown) { 1474 mode |= SSL_RECEIVED_SHUTDOWN; 1475 } 1476 1477 once = 1; 1478 1479 for ( ;; ) { 1480 SSL_set_shutdown(s, mode); 1481 1482 ret = SSL_shutdown(s); 1483 1484 err = (ret <= 0) ? nxt_socket_errno : 0; 1485 1486 nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d", 1487 c->socket.fd, mode, quiet, ret, err); 1488 1489 if (ret > 0) { 1490 /* ret == 1, the shutdown was successfully completed. */ 1491 handler = c->write_state->ready_handler; 1492 goto done; 1493 } 1494 1495 if (ret == 0) { 1496 /* 1497 * If SSL_shutdown() returns 0 then it should be called 1498 * again. The second SSL_shutdown() call should return 1499 * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE. 1500 * OpenSSL prior to 0.9.8m version however never returns 1501 * -1 at all. Fortunately, OpenSSL preserves internally 1502 * correct status available via SSL_get_error(-1). 1503 */ 1504 if (once) { 1505 once = 0; 1506 mode = SSL_get_shutdown(s); 1507 continue; 1508 } 1509 1510 ret = -1; 1511 } 1512 1513 /* ret == -1 */ 1514 1515 break; 1516 } 1517 1518 c->socket.read_handler = nxt_openssl_conn_io_shutdown; 1519 c->socket.write_handler = nxt_openssl_conn_io_shutdown; 1520 c->socket.error_handler = c->write_state->error_handler; 1521 1522 n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN); 1523 1524 switch (n) { 1525 1526 case 0: 1527 handler = c->write_state->close_handler; 1528 break; 1529 1530 case NXT_AGAIN: 1531 c->write_timer.handler = nxt_openssl_conn_io_shutdown_timeout; 1532 nxt_timer_add(task->thread->engine, &c->write_timer, 5000); 1533 return; 1534 1535 default: 1536 case NXT_ERROR: 1537 nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed", 1538 c->socket.fd); 1539 handler = c->write_state->error_handler; 1540 } 1541 1542 done: 1543 1544 nxt_openssl_conn_free(task, c); 1545 1546 nxt_work_queue_add(c->write_work_queue, handler, task, c, data); 1547 } 1548 1549 1550 static nxt_int_t 1551 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret, 1552 nxt_err_t sys_err, nxt_openssl_io_t io) 1553 { 1554 u_long lib_err; 1555 nxt_openssl_conn_t *tls; 1556 1557 tls = c->u.tls; 1558 1559 tls->ssl_error = SSL_get_error(tls->session, ret); 1560 1561 nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error); 1562 1563 switch (tls->ssl_error) { 1564 1565 case SSL_ERROR_WANT_READ: 1566 c->socket.read_ready = 0; 1567 1568 if (io != NXT_OPENSSL_READ) { 1569 nxt_fd_event_block_write(task->thread->engine, &c->socket); 1570 1571 if (nxt_fd_event_is_disabled(c->socket.read)) { 1572 nxt_fd_event_enable_read(task->thread->engine, &c->socket); 1573 } 1574 } 1575 1576 return NXT_AGAIN; 1577 1578 case SSL_ERROR_WANT_WRITE: 1579 c->socket.write_ready = 0; 1580 1581 if (io != NXT_OPENSSL_WRITE) { 1582 nxt_fd_event_block_read(task->thread->engine, &c->socket); 1583 1584 if (nxt_fd_event_is_disabled(c->socket.write)) { 1585 nxt_fd_event_enable_write(task->thread->engine, &c->socket); 1586 } 1587 } 1588 1589 return NXT_AGAIN; 1590 1591 case SSL_ERROR_SYSCALL: 1592 lib_err = ERR_peek_error(); 1593 1594 nxt_debug(task, "ERR_peek_error(): %l", lib_err); 1595 1596 if (sys_err != 0 || lib_err != 0) { 1597 c->socket.error = sys_err; 1598 return NXT_ERROR; 1599 } 1600 1601 /* A connection was just closed. */ 1602 c->socket.closed = 1; 1603 return 0; 1604 1605 case SSL_ERROR_ZERO_RETURN: 1606 /* A "close notify" alert. */ 1607 return 0; 1608 1609 default: /* SSL_ERROR_SSL, etc. */ 1610 c->socket.error = 1000; /* Nonexistent errno code. */ 1611 return NXT_ERROR; 1612 } 1613 } 1614 1615 1616 static void 1617 nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, void *data) 1618 { 1619 nxt_conn_t *c; 1620 nxt_timer_t *timer; 1621 1622 timer = obj; 1623 1624 nxt_debug(task, "openssl conn shutdown timeout"); 1625 1626 c = nxt_write_timer_conn(timer); 1627 1628 c->socket.timedout = 1; 1629 nxt_openssl_conn_io_shutdown(task, c, NULL); 1630 } 1631 1632 1633 static void nxt_cdecl 1634 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...) 1635 { 1636 u_char *p, *end; 1637 va_list args; 1638 nxt_uint_t level; 1639 u_char msg[NXT_MAX_ERROR_STR]; 1640 1641 level = nxt_openssl_log_error_level(err); 1642 1643 if (nxt_log_level_enough(task->log, level)) { 1644 1645 end = msg + sizeof(msg); 1646 1647 va_start(args, fmt); 1648 p = nxt_vsprintf(msg, end, fmt, args); 1649 va_end(args); 1650 1651 if (err != 0) { 1652 p = nxt_sprintf(p, end, " %E", err); 1653 } 1654 1655 p = nxt_openssl_copy_error(p, end); 1656 1657 nxt_log(task, level, "%*s", p - msg, msg); 1658 1659 } else { 1660 ERR_clear_error(); 1661 } 1662 } 1663 1664 1665 static nxt_uint_t 1666 nxt_openssl_log_error_level(nxt_err_t err) 1667 { 1668 switch (ERR_GET_REASON(ERR_peek_error())) { 1669 1670 case 0: 1671 return nxt_socket_error_level(err); 1672 1673 case SSL_R_BAD_CHANGE_CIPHER_SPEC: /* 103 */ 1674 case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG: /* 129 */ 1675 case SSL_R_DIGEST_CHECK_FAILED: /* 149 */ 1676 case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST: /* 151 */ 1677 case SSL_R_EXCESSIVE_MESSAGE_SIZE: /* 152 */ 1678 case SSL_R_LENGTH_MISMATCH: /* 159 */ 1679 #ifdef SSL_R_NO_CIPHERS_PASSED 1680 case SSL_R_NO_CIPHERS_PASSED: /* 182 */ 1681 #endif 1682 case SSL_R_NO_CIPHERS_SPECIFIED: /* 183 */ 1683 case SSL_R_NO_COMPRESSION_SPECIFIED: /* 187 */ 1684 case SSL_R_NO_SHARED_CIPHER: /* 193 */ 1685 case SSL_R_RECORD_LENGTH_MISMATCH: /* 213 */ 1686 #ifdef SSL_R_PARSE_TLSEXT 1687 case SSL_R_PARSE_TLSEXT: /* 227 */ 1688 #endif 1689 case SSL_R_UNEXPECTED_MESSAGE: /* 244 */ 1690 case SSL_R_UNEXPECTED_RECORD: /* 245 */ 1691 case SSL_R_UNKNOWN_ALERT_TYPE: /* 246 */ 1692 case SSL_R_UNKNOWN_PROTOCOL: /* 252 */ 1693 case SSL_R_WRONG_VERSION_NUMBER: /* 267 */ 1694 case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC: /* 281 */ 1695 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG 1696 case SSL_R_RENEGOTIATE_EXT_TOO_LONG: /* 335 */ 1697 case SSL_R_RENEGOTIATION_ENCODING_ERR: /* 336 */ 1698 case SSL_R_RENEGOTIATION_MISMATCH: /* 337 */ 1699 #endif 1700 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 1701 case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED: /* 338 */ 1702 #endif 1703 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 1704 case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING: /* 345 */ 1705 #endif 1706 case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ 1707 case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE: /* 1010 */ 1708 case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC: /* 1020 */ 1709 case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED: /* 1021 */ 1710 case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW: /* 1022 */ 1711 case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE: /* 1030 */ 1712 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: /* 1040 */ 1713 case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER: /* 1047 */ 1714 break; 1715 1716 case SSL_R_SSLV3_ALERT_NO_CERTIFICATE: /* 1041 */ 1717 case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE: /* 1042 */ 1718 case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE: /* 1043 */ 1719 case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED: /* 1044 */ 1720 case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED: /* 1045 */ 1721 case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN: /* 1046 */ 1722 case SSL_R_TLSV1_ALERT_UNKNOWN_CA: /* 1048 */ 1723 case SSL_R_TLSV1_ALERT_ACCESS_DENIED: /* 1049 */ 1724 case SSL_R_TLSV1_ALERT_DECODE_ERROR: /* 1050 */ 1725 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR: /* 1051 */ 1726 case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION: /* 1060 */ 1727 case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION: /* 1070 */ 1728 case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY: /* 1071 */ 1729 case SSL_R_TLSV1_ALERT_INTERNAL_ERROR: /* 1080 */ 1730 case SSL_R_TLSV1_ALERT_USER_CANCELLED: /* 1090 */ 1731 case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION: /* 1100 */ 1732 return NXT_LOG_ERR; 1733 1734 default: 1735 return NXT_LOG_ALERT; 1736 } 1737 1738 return NXT_LOG_INFO; 1739 } 1740 1741 1742 void nxt_cdecl 1743 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...) 1744 { 1745 u_char *p, *end; 1746 va_list args; 1747 u_char msg[NXT_MAX_ERROR_STR]; 1748 1749 end = msg + sizeof(msg); 1750 1751 va_start(args, fmt); 1752 p = nxt_vsprintf(msg, end, fmt, args); 1753 va_end(args); 1754 1755 p = nxt_openssl_copy_error(p, end); 1756 1757 nxt_log(task, level, "%*s", p - msg, msg); 1758 } 1759 1760 1761 u_char * 1762 nxt_openssl_copy_error(u_char *p, u_char *end) 1763 { 1764 int flags; 1765 u_long err; 1766 nxt_bool_t clear; 1767 const char *data, *delimiter; 1768 1769 err = ERR_peek_error(); 1770 if (err == 0) { 1771 return p; 1772 } 1773 1774 /* Log the most relevant error message ... */ 1775 data = ERR_reason_error_string(err); 1776 1777 p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data); 1778 1779 /* 1780 * ... followed by all queued cumbersome OpenSSL error messages 1781 * and drain the error queue. 1782 */ 1783 delimiter = ""; 1784 clear = 0; 1785 1786 for ( ;; ) { 1787 err = ERR_get_error_line_data(NULL, NULL, &data, &flags); 1788 if (err == 0) { 1789 break; 1790 } 1791 1792 p = nxt_sprintf(p, end, "%s", delimiter); 1793 1794 ERR_error_string_n(err, (char *) p, end - p); 1795 1796 while (p < end && *p != '\0') { 1797 p++; 1798 } 1799 1800 if ((flags & ERR_TXT_STRING) != 0) { 1801 p = nxt_sprintf(p, end, ":%s", data); 1802 } 1803 1804 clear |= ((flags & ERR_TXT_MALLOCED) != 0); 1805 1806 delimiter = "; "; 1807 } 1808 1809 /* Deallocate additional data. */ 1810 1811 if (clear) { 1812 ERR_clear_error(); 1813 } 1814 1815 if (p < end) { 1816 *p++ = ')'; 1817 } 1818 1819 return p; 1820 } 1821 1822 1823 nxt_int_t 1824 nxt_openssl_base64_decode(u_char *d, size_t dlen, const u_char *s, size_t slen) 1825 { 1826 BIO *bio, *b64; 1827 nxt_int_t count, ret; 1828 u_char buf[128]; 1829 1830 b64 = BIO_new(BIO_f_base64()); 1831 if (nxt_slow_path(b64 == NULL)) { 1832 goto error; 1833 } 1834 1835 bio = BIO_new_mem_buf(s, slen); 1836 if (nxt_slow_path(bio == NULL)) { 1837 goto error; 1838 } 1839 1840 bio = BIO_push(b64, bio); 1841 1842 BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); 1843 1844 count = 0; 1845 1846 if (d == NULL) { 1847 1848 for ( ;; ) { 1849 ret = BIO_read(bio, buf, 128); 1850 1851 if (ret < 0) { 1852 goto invalid; 1853 } 1854 1855 count += ret; 1856 1857 if (ret != 128) { 1858 break; 1859 } 1860 } 1861 1862 } else { 1863 count = BIO_read(bio, d, dlen); 1864 1865 if (count < 0) { 1866 goto invalid; 1867 } 1868 } 1869 1870 BIO_free_all(bio); 1871 1872 return count; 1873 1874 error: 1875 1876 BIO_vfree(b64); 1877 ERR_clear_error(); 1878 1879 return NXT_ERROR; 1880 1881 invalid: 1882 1883 BIO_free_all(bio); 1884 ERR_clear_error(); 1885 1886 return NXT_DECLINED; 1887 } 1888