1 2 /* 3 * Copyright (C) Igor Sysoev 4 * Copyright (C) NGINX, Inc. 5 */ 6 7 #include <nxt_main.h> 8 #include <nxt_conf.h> 9 10 #define OPENSSL_SUPPRESS_DEPRECATED 11 12 #include <openssl/ssl.h> 13 #include <openssl/conf.h> 14 #include <openssl/err.h> 15 #include <openssl/rand.h> 16 #include <openssl/x509v3.h> 17 #include <openssl/bio.h> 18 #include <openssl/evp.h> 19 20 21 typedef struct { 22 SSL *session; 23 nxt_conn_t *conn; 24 25 int ssl_error; 26 uint8_t times; /* 2 bits */ 27 uint8_t handshake; /* 1 bit */ 28 29 nxt_tls_conf_t *conf; 30 nxt_buf_mem_t buffer; 31 } nxt_openssl_conn_t; 32 33 34 struct nxt_tls_ticket_s { 35 u_char name[16]; 36 u_char hmac_key[32]; 37 u_char aes_key[32]; 38 uint8_t size; 39 }; 40 41 42 struct nxt_tls_tickets_s { 43 nxt_uint_t count; 44 nxt_tls_ticket_t tickets[]; 45 }; 46 47 48 typedef enum { 49 NXT_OPENSSL_HANDSHAKE = 0, 50 NXT_OPENSSL_READ, 51 NXT_OPENSSL_WRITE, 52 NXT_OPENSSL_SHUTDOWN, 53 } nxt_openssl_io_t; 54 55 56 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task); 57 static void nxt_openssl_library_free(nxt_task_t *task); 58 #if OPENSSL_VERSION_NUMBER < 0x10100004L 59 static nxt_int_t nxt_openssl_locks_init(void); 60 static void nxt_openssl_lock(int mode, int type, const char *file, int line); 61 static unsigned long nxt_openssl_thread_id(void); 62 static void nxt_openssl_locks_free(void); 63 #endif 64 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp, 65 nxt_tls_init_t *tls_init, nxt_bool_t last); 66 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, 67 nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single); 68 #if (NXT_HAVE_OPENSSL_CONF_CMD) 69 static nxt_int_t nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, 70 nxt_conf_value_t *value, nxt_mp_t *mp); 71 #endif 72 #if (NXT_HAVE_OPENSSL_TLSEXT) 73 static nxt_int_t nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, 74 nxt_tls_init_t *tls_init, nxt_mp_t *mp); 75 static int nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, 76 unsigned char *iv, EVP_CIPHER_CTX *ectx,HMAC_CTX *hctx, int enc); 77 #endif 78 static void nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, 79 time_t timeout); 80 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, 81 nxt_tls_conf_t *conf, nxt_mp_t *mp); 82 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, 83 void *data); 84 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task, 85 nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp); 86 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg); 87 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf, 88 nxt_str_t *sn); 89 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf); 90 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, 91 nxt_conn_t *c); 92 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data); 93 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b); 94 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb); 95 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, 96 void *buf, size_t size); 97 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, 98 void *data); 99 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, 100 int ret, nxt_err_t sys_err, nxt_openssl_io_t io); 101 static void nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, 102 void *data); 103 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task, 104 nxt_err_t err, const char *fmt, ...); 105 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err); 106 107 108 const nxt_tls_lib_t nxt_openssl_lib = { 109 .library_init = nxt_openssl_library_init, 110 .library_free = nxt_openssl_library_free, 111 112 .server_init = nxt_openssl_server_init, 113 .server_free = nxt_openssl_server_free, 114 }; 115 116 117 static nxt_conn_io_t nxt_openssl_conn_io = { 118 .read = nxt_conn_io_read, 119 .recvbuf = nxt_openssl_conn_io_recvbuf, 120 121 .write = nxt_conn_io_write, 122 .sendbuf = nxt_openssl_conn_io_sendbuf, 123 124 .shutdown = nxt_openssl_conn_io_shutdown, 125 }; 126 127 128 static long nxt_openssl_version; 129 static int nxt_openssl_connection_index; 130 131 132 static nxt_int_t 133 nxt_openssl_library_init(nxt_task_t *task) 134 { 135 int index; 136 137 if (nxt_fast_path(nxt_openssl_version != 0)) { 138 return NXT_OK; 139 } 140 141 #if OPENSSL_VERSION_NUMBER >= 0x10100003L 142 143 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); 144 145 #else 146 { 147 nxt_int_t ret; 148 149 SSL_load_error_strings(); 150 151 OPENSSL_config(NULL); 152 153 /* 154 * SSL_library_init(3): 155 * 156 * SSL_library_init() always returns "1", 157 * so it is safe to discard the return value. 158 */ 159 (void) SSL_library_init(); 160 161 ret = nxt_openssl_locks_init(); 162 if (nxt_slow_path(ret != NXT_OK)) { 163 return ret; 164 } 165 } 166 167 #endif 168 169 nxt_openssl_version = SSLeay(); 170 171 nxt_log(task, NXT_LOG_INFO, "%s, %xl", 172 SSLeay_version(SSLEAY_VERSION), nxt_openssl_version); 173 174 #ifndef SSL_OP_NO_COMPRESSION 175 { 176 /* 177 * Disable gzip compression in OpenSSL prior to 1.0.0 178 * version, this saves about 522K per connection. 179 */ 180 int n; 181 STACK_OF(SSL_COMP) *ssl_comp_methods; 182 183 ssl_comp_methods = SSL_COMP_get_compression_methods(); 184 185 for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) { 186 (void) sk_SSL_COMP_pop(ssl_comp_methods); 187 } 188 } 189 #endif 190 191 index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); 192 193 if (index == -1) { 194 nxt_openssl_log_error(task, NXT_LOG_ALERT, 195 "SSL_get_ex_new_index() failed"); 196 return NXT_ERROR; 197 } 198 199 nxt_openssl_connection_index = index; 200 201 return NXT_OK; 202 } 203 204 205 #if OPENSSL_VERSION_NUMBER >= 0x10100003L 206 207 static void 208 nxt_openssl_library_free(nxt_task_t *task) 209 { 210 } 211 212 #else 213 214 static nxt_thread_mutex_t *nxt_openssl_locks; 215 216 static nxt_int_t 217 nxt_openssl_locks_init(void) 218 { 219 int i, n; 220 nxt_int_t ret; 221 222 n = CRYPTO_num_locks(); 223 224 nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t)); 225 if (nxt_slow_path(nxt_openssl_locks == NULL)) { 226 return NXT_ERROR; 227 } 228 229 for (i = 0; i < n; i++) { 230 ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]); 231 if (nxt_slow_path(ret != NXT_OK)) { 232 return ret; 233 } 234 } 235 236 CRYPTO_set_locking_callback(nxt_openssl_lock); 237 238 CRYPTO_set_id_callback(nxt_openssl_thread_id); 239 240 return NXT_OK; 241 } 242 243 244 static void 245 nxt_openssl_lock(int mode, int type, const char *file, int line) 246 { 247 nxt_thread_mutex_t *lock; 248 249 lock = &nxt_openssl_locks[type]; 250 251 if ((mode & CRYPTO_LOCK) != 0) { 252 (void) nxt_thread_mutex_lock(lock); 253 254 } else { 255 (void) nxt_thread_mutex_unlock(lock); 256 } 257 } 258 259 260 static u_long 261 nxt_openssl_thread_id(void) 262 { 263 return (u_long) nxt_thread_handle(); 264 } 265 266 267 static void 268 nxt_openssl_library_free(nxt_task_t *task) 269 { 270 nxt_openssl_locks_free(); 271 } 272 273 274 static void 275 nxt_openssl_locks_free(void) 276 { 277 int i, n; 278 279 n = CRYPTO_num_locks(); 280 281 CRYPTO_set_locking_callback(NULL); 282 283 for (i = 0; i < n; i++) { 284 nxt_thread_mutex_destroy(&nxt_openssl_locks[i]); 285 } 286 287 OPENSSL_free(nxt_openssl_locks); 288 } 289 290 #endif 291 292 293 static nxt_int_t 294 nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp, 295 nxt_tls_init_t *tls_init, nxt_bool_t last) 296 { 297 SSL_CTX *ctx; 298 const char *ciphers, *ca_certificate; 299 nxt_tls_conf_t *conf; 300 STACK_OF(X509_NAME) *list; 301 nxt_tls_bundle_conf_t *bundle; 302 303 ctx = SSL_CTX_new(SSLv23_server_method()); 304 if (ctx == NULL) { 305 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed"); 306 return NXT_ERROR; 307 } 308 309 conf = tls_init->conf; 310 311 bundle = conf->bundle; 312 nxt_assert(bundle != NULL); 313 314 bundle->ctx = ctx; 315 316 #ifdef SSL_OP_NO_RENEGOTIATION 317 /* Renegration is not currently supported. */ 318 SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION); 319 #endif 320 321 #ifdef SSL_OP_NO_COMPRESSION 322 /* 323 * Disable gzip compression in OpenSSL 1.0.0, 324 * this saves about 522K per connection. 325 */ 326 SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION); 327 #endif 328 329 #ifdef SSL_OP_IGNORE_UNEXPECTED_EOF 330 /* Request SSL_ERROR_ZERO_RETURN on EOF. */ 331 SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); 332 #endif 333 334 #ifdef SSL_MODE_RELEASE_BUFFERS 335 336 if (nxt_openssl_version >= 10001078) { 337 /* 338 * Allow to release read and write buffers in OpenSSL 1.0.0, 339 * this saves about 34K per idle connection. It is not safe 340 * before OpenSSL 1.0.1h (CVE-2010-5298). 341 */ 342 SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS); 343 } 344 345 #endif 346 347 if (nxt_openssl_chain_file(task, ctx, conf, mp, 348 last && bundle->next == NULL) 349 != NXT_OK) 350 { 351 goto fail; 352 } 353 /* 354 key = conf->certificate_key; 355 356 if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) { 357 nxt_openssl_log_error(task, NXT_LOG_ALERT, 358 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", 359 key); 360 goto fail; 361 } 362 */ 363 364 ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; 365 366 if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { 367 nxt_openssl_log_error(task, NXT_LOG_ALERT, 368 "SSL_CTX_set_cipher_list(\"%s\") failed", 369 ciphers); 370 goto fail; 371 } 372 373 #if (NXT_HAVE_OPENSSL_CONF_CMD) 374 if (tls_init->conf_cmds != NULL 375 && nxt_ssl_conf_commands(task, ctx, tls_init->conf_cmds, mp) != NXT_OK) 376 { 377 goto fail; 378 } 379 #endif 380 381 nxt_ssl_session_cache(ctx, tls_init->cache_size, tls_init->timeout); 382 383 #if (NXT_HAVE_OPENSSL_TLSEXT) 384 if (nxt_tls_ticket_keys(task, ctx, tls_init, mp) != NXT_OK) { 385 goto fail; 386 } 387 #endif 388 389 SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); 390 391 if (conf->ca_certificate != NULL) { 392 393 /* TODO: verify callback */ 394 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); 395 396 /* TODO: verify depth */ 397 SSL_CTX_set_verify_depth(ctx, 1); 398 399 ca_certificate = conf->ca_certificate; 400 401 if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) { 402 nxt_openssl_log_error(task, NXT_LOG_ALERT, 403 "SSL_CTX_load_verify_locations(\"%s\") failed", 404 ca_certificate); 405 goto fail; 406 } 407 408 list = SSL_load_client_CA_file(ca_certificate); 409 410 if (list == NULL) { 411 nxt_openssl_log_error(task, NXT_LOG_ALERT, 412 "SSL_load_client_CA_file(\"%s\") failed", 413 ca_certificate); 414 goto fail; 415 } 416 417 /* 418 * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and 419 * 0.9.8 versions always leaves an error in the error queue. 420 */ 421 ERR_clear_error(); 422 423 SSL_CTX_set_client_CA_list(ctx, list); 424 } 425 426 if (last) { 427 conf->conn_init = nxt_openssl_conn_init; 428 429 if (bundle->next != NULL) { 430 SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername); 431 } 432 } 433 434 return NXT_OK; 435 436 fail: 437 438 SSL_CTX_free(ctx); 439 440 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \ 441 && OPENSSL_VERSION_NUMBER < 0x1010101fL) 442 RAND_keep_random_devices_open(0); 443 #endif 444 445 return NXT_ERROR; 446 } 447 448 449 static nxt_int_t 450 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf, 451 nxt_mp_t *mp, nxt_bool_t single) 452 { 453 BIO *bio; 454 X509 *cert, *ca; 455 long reason; 456 EVP_PKEY *key; 457 nxt_int_t ret; 458 nxt_tls_bundle_conf_t *bundle; 459 460 ret = NXT_ERROR; 461 cert = NULL; 462 463 bio = BIO_new(BIO_s_fd()); 464 if (bio == NULL) { 465 goto end; 466 } 467 468 bundle = conf->bundle; 469 470 BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE); 471 472 cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); 473 if (cert == NULL) { 474 goto end; 475 } 476 477 if (SSL_CTX_use_certificate(ctx, cert) != 1) { 478 goto end; 479 } 480 481 if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) { 482 goto clean; 483 } 484 485 for ( ;; ) { 486 ca = PEM_read_bio_X509(bio, NULL, NULL, NULL); 487 488 if (ca == NULL) { 489 reason = ERR_GET_REASON(ERR_peek_last_error()); 490 if (reason != PEM_R_NO_START_LINE) { 491 goto end; 492 } 493 494 ERR_clear_error(); 495 break; 496 } 497 498 /* 499 * Note that ca isn't freed if it was successfully added to the chain, 500 * while the main certificate needs a X509_free() call, since 501 * its reference count is increased by SSL_CTX_use_certificate(). 502 */ 503 #ifdef SSL_CTX_add0_chain_cert 504 if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) { 505 #else 506 if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) { 507 #endif 508 X509_free(ca); 509 goto end; 510 } 511 } 512 513 if (BIO_reset(bio) != 0) { 514 goto end; 515 } 516 517 key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); 518 if (key == NULL) { 519 goto end; 520 } 521 522 if (SSL_CTX_use_PrivateKey(ctx, key) == 1) { 523 ret = NXT_OK; 524 } 525 526 EVP_PKEY_free(key); 527 528 end: 529 530 if (ret != NXT_OK) { 531 nxt_openssl_log_error(task, NXT_LOG_ALERT, 532 "nxt_openssl_chain_file() failed"); 533 } 534 535 clean: 536 537 BIO_free(bio); 538 X509_free(cert); 539 540 return ret; 541 } 542 543 544 #if (NXT_HAVE_OPENSSL_CONF_CMD) 545 546 static nxt_int_t 547 nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, nxt_conf_value_t *conf, 548 nxt_mp_t *mp) 549 { 550 int ret; 551 char *zcmd, *zvalue; 552 uint32_t index; 553 nxt_str_t cmd, value; 554 SSL_CONF_CTX *cctx; 555 nxt_conf_value_t *member; 556 557 cctx = SSL_CONF_CTX_new(); 558 if (nxt_slow_path(cctx == NULL)) { 559 nxt_openssl_log_error(task, NXT_LOG_ALERT, 560 "SSL_CONF_CTX_new() failed"); 561 return NXT_ERROR; 562 } 563 564 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE 565 | SSL_CONF_FLAG_SERVER 566 | SSL_CONF_FLAG_CERTIFICATE 567 | SSL_CONF_FLAG_SHOW_ERRORS); 568 569 SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); 570 571 index = 0; 572 573 for ( ;; ) { 574 member = nxt_conf_next_object_member(conf, &cmd, &index); 575 if (nxt_slow_path(member == NULL)) { 576 break; 577 } 578 579 nxt_conf_get_string(member, &value); 580 581 zcmd = nxt_str_cstrz(mp, &cmd); 582 zvalue = nxt_str_cstrz(mp, &value); 583 584 if (nxt_slow_path(zcmd == NULL || zvalue == NULL)) { 585 goto fail; 586 } 587 588 ret = SSL_CONF_cmd(cctx, zcmd, zvalue); 589 if (ret == -2) { 590 nxt_openssl_log_error(task, NXT_LOG_ERR, 591 "unknown command \"%s\" in " 592 "\"conf_commands\" option", zcmd); 593 goto fail; 594 } 595 596 if (ret <= 0) { 597 nxt_openssl_log_error(task, NXT_LOG_ERR, 598 "invalid value \"%s\" for command \"%s\" " 599 "in \"conf_commands\" option", 600 zvalue, zcmd); 601 goto fail; 602 } 603 604 nxt_debug(task, "SSL_CONF_cmd(\"%s\", \"%s\")", zcmd, zvalue); 605 } 606 607 if (SSL_CONF_CTX_finish(cctx) != 1) { 608 nxt_openssl_log_error(task, NXT_LOG_ALERT, 609 "SSL_CONF_finish() failed"); 610 goto fail; 611 } 612 613 SSL_CONF_CTX_free(cctx); 614 615 return NXT_OK; 616 617 fail: 618 619 SSL_CONF_CTX_free(cctx); 620 621 return NXT_ERROR; 622 } 623 624 #endif 625 626 #if (NXT_HAVE_OPENSSL_TLSEXT) 627 628 static nxt_int_t 629 nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init, 630 nxt_mp_t *mp) 631 { 632 size_t len; 633 uint32_t i; 634 nxt_str_t value; 635 nxt_uint_t count; 636 nxt_conf_value_t *member, *tickets_conf; 637 nxt_tls_ticket_t *ticket; 638 nxt_tls_tickets_t *tickets; 639 u_char buf[80]; 640 641 tickets_conf = tls_init->tickets_conf; 642 643 if (tickets_conf == NULL) { 644 goto no_ticket; 645 } 646 647 if (nxt_conf_type(tickets_conf) == NXT_CONF_BOOLEAN) { 648 if (nxt_conf_get_boolean(tickets_conf) == 0) { 649 goto no_ticket; 650 } 651 652 return NXT_OK; 653 } 654 655 count = nxt_conf_array_elements_count_or_1(tickets_conf); 656 657 if (count == 0) { 658 goto no_ticket; 659 } 660 661 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 662 663 tickets = nxt_mp_get(mp, sizeof(nxt_tls_tickets_t) 664 + count * sizeof(nxt_tls_ticket_t)); 665 if (nxt_slow_path(tickets == NULL)) { 666 return NXT_ERROR; 667 } 668 669 tickets->count = count; 670 tls_init->conf->tickets = tickets; 671 i = 0; 672 673 do { 674 ticket = &tickets->tickets[i]; 675 676 i++; 677 678 member = nxt_conf_get_array_element_or_itself(tickets_conf, count - i); 679 if (member == NULL) { 680 break; 681 } 682 683 nxt_conf_get_string(member, &value); 684 685 len = nxt_base64_decode(buf, value.start, value.length); 686 687 nxt_memcpy(ticket->name, buf, 16); 688 689 if (len == 48) { 690 nxt_memcpy(ticket->aes_key, buf + 16, 16); 691 nxt_memcpy(ticket->hmac_key, buf + 32, 16); 692 ticket->size = 16; 693 694 } else { 695 nxt_memcpy(ticket->hmac_key, buf + 16, 32); 696 nxt_memcpy(ticket->aes_key, buf + 48, 32); 697 ticket->size = 32; 698 } 699 700 } while (i < count); 701 702 if (SSL_CTX_set_tlsext_ticket_key_cb(ctx, nxt_tls_ticket_key_callback) 703 == 0) 704 { 705 nxt_openssl_log_error(task, NXT_LOG_ALERT, 706 "Unit was built with Session Tickets support, however, " 707 "now it is linked dynamically to an OpenSSL library " 708 "which has no tlsext support, therefore Session Tickets " 709 "are not available"); 710 711 return NXT_ERROR; 712 } 713 714 return NXT_OK; 715 716 #else 717 nxt_alert(task, "Setting custom session ticket keys is not supported with " 718 "this version of OpenSSL library"); 719 720 return NXT_ERROR; 721 722 #endif 723 724 no_ticket: 725 726 SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); 727 728 return NXT_OK; 729 } 730 731 732 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 733 734 static int 735 nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv, 736 EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc) 737 { 738 nxt_uint_t i; 739 nxt_conn_t *c; 740 const EVP_MD *digest; 741 const EVP_CIPHER *cipher; 742 nxt_tls_ticket_t *ticket; 743 nxt_openssl_conn_t *tls; 744 745 c = SSL_get_ex_data(s, nxt_openssl_connection_index); 746 747 if (nxt_slow_path(c == NULL)) { 748 nxt_thread_log_alert("SSL_get_ex_data() failed"); 749 return -1; 750 } 751 752 tls = c->u.tls; 753 ticket = tls->conf->tickets->tickets; 754 755 i = 0; 756 757 if (enc == 1) { 758 /* encrypt session ticket */ 759 760 nxt_debug(c->socket.task, "TLS session ticket encrypt"); 761 762 cipher = (ticket[0].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc(); 763 764 if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) { 765 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 766 "RAND_bytes() failed"); 767 return -1; 768 } 769 770 nxt_memcpy(name, ticket[0].name, 16); 771 772 if (EVP_EncryptInit_ex(ectx, cipher, NULL, ticket[0].aes_key, iv) != 1) 773 { 774 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 775 "EVP_EncryptInit_ex() failed"); 776 return -1; 777 } 778 779 } else { 780 /* decrypt session ticket */ 781 782 do { 783 if (nxt_memcmp(name, ticket[i].name, 16) == 0) { 784 goto found; 785 } 786 787 } while (++i < tls->conf->tickets->count); 788 789 nxt_debug(c->socket.task, "TLS session ticket decrypt, key not found"); 790 791 return 0; 792 793 found: 794 795 nxt_debug(c->socket.task, 796 "TLS session ticket decrypt, key number: \"%d\"", i); 797 798 enc = (i == 0) ? 1 : 2 /* renew */; 799 800 cipher = (ticket[i].size == 16) ? EVP_aes_128_cbc() : EVP_aes_256_cbc(); 801 802 if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1) 803 { 804 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 805 "EVP_DecryptInit_ex() failed"); 806 return -1; 807 } 808 } 809 810 #ifdef OPENSSL_NO_SHA256 811 digest = EVP_sha1(); 812 #else 813 digest = EVP_sha256(); 814 #endif 815 816 if (HMAC_Init_ex(hctx, ticket[i].hmac_key, ticket[i].size, digest, NULL) 817 != 1) 818 { 819 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 820 "HMAC_Init_ex() failed"); 821 return -1; 822 } 823 824 return enc; 825 } 826 827 #endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */ 828 829 #endif /* NXT_HAVE_OPENSSL_TLSEXT */ 830 831 832 static void 833 nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, time_t timeout) 834 { 835 if (cache_size == 0) { 836 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); 837 return; 838 } 839 840 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER); 841 842 SSL_CTX_sess_set_cache_size(ctx, cache_size); 843 844 SSL_CTX_set_timeout(ctx, (long) timeout); 845 } 846 847 848 static nxt_uint_t 849 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf, 850 nxt_mp_t *mp) 851 { 852 int len; 853 nxt_str_t domain, str; 854 X509_NAME *x509_name; 855 nxt_uint_t i, n; 856 GENERAL_NAME *name; 857 nxt_tls_bundle_conf_t *bundle; 858 STACK_OF(GENERAL_NAME) *alt_names; 859 nxt_tls_bundle_hash_item_t *item; 860 861 bundle = conf->bundle; 862 863 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); 864 865 if (alt_names != NULL) { 866 n = sk_GENERAL_NAME_num(alt_names); 867 868 for (i = 0; i != n; i++) { 869 name = sk_GENERAL_NAME_value(alt_names, i); 870 871 if (name->type != GEN_DNS) { 872 continue; 873 } 874 875 str.length = ASN1_STRING_length(name->d.dNSName); 876 #if OPENSSL_VERSION_NUMBER > 0x10100000L 877 str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName); 878 #else 879 str.start = ASN1_STRING_data(name->d.dNSName); 880 #endif 881 882 domain.start = nxt_mp_nget(mp, str.length); 883 if (nxt_slow_path(domain.start == NULL)) { 884 goto fail; 885 } 886 887 domain.length = str.length; 888 nxt_memcpy_lowcase(domain.start, str.start, str.length); 889 890 item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t)); 891 if (nxt_slow_path(item == NULL)) { 892 goto fail; 893 } 894 895 item->name = domain; 896 item->bundle = bundle; 897 898 if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, 899 item, mp) 900 == NXT_ERROR) 901 { 902 goto fail; 903 } 904 } 905 906 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); 907 908 } else { 909 x509_name = X509_get_subject_name(cert); 910 len = X509_NAME_get_text_by_NID(x509_name, NID_commonName, 911 NULL, 0); 912 if (len <= 0) { 913 nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither " 914 "Subject Alternative Name nor Common Name", &bundle->name); 915 return NXT_OK; 916 } 917 918 domain.start = nxt_mp_nget(mp, len + 1); 919 if (nxt_slow_path(domain.start == NULL)) { 920 return NXT_ERROR; 921 } 922 923 domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName, 924 (char *) domain.start, 925 len + 1); 926 nxt_memcpy_lowcase(domain.start, domain.start, domain.length); 927 928 item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t)); 929 if (nxt_slow_path(item == NULL)) { 930 return NXT_ERROR; 931 } 932 933 item->name = domain; 934 item->bundle = bundle; 935 936 if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item, 937 mp) 938 == NXT_ERROR) 939 { 940 return NXT_ERROR; 941 } 942 } 943 944 return NXT_OK; 945 946 fail: 947 948 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); 949 950 return NXT_ERROR; 951 } 952 953 954 static const nxt_lvlhsh_proto_t nxt_openssl_bundle_hash_proto 955 nxt_aligned(64) = 956 { 957 NXT_LVLHSH_DEFAULT, 958 nxt_openssl_bundle_hash_test, 959 nxt_mp_lvlhsh_alloc, 960 nxt_mp_lvlhsh_free, 961 }; 962 963 964 static nxt_int_t 965 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data) 966 { 967 nxt_tls_bundle_hash_item_t *item; 968 969 item = data; 970 971 return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED; 972 } 973 974 975 static nxt_int_t 976 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh, 977 nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp) 978 { 979 nxt_str_t str; 980 nxt_int_t ret; 981 nxt_lvlhsh_query_t lhq; 982 nxt_tls_bundle_hash_item_t *old; 983 984 str = item->name; 985 986 if (item->name.start[0] == '*') { 987 item->name.start++; 988 item->name.length--; 989 990 if (item->name.length == 0 || item->name.start[0] != '.') { 991 nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" " 992 "in certificate \"%V\": missing \".\" " 993 "after wildcard symbol", &str, &item->bundle->name); 994 return NXT_OK; 995 } 996 } 997 998 lhq.pool = mp; 999 lhq.key = item->name; 1000 lhq.value = item; 1001 lhq.proto = &nxt_openssl_bundle_hash_proto; 1002 lhq.replace = 0; 1003 lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length); 1004 1005 ret = nxt_lvlhsh_insert(lvlhsh, &lhq); 1006 if (nxt_fast_path(ret == NXT_OK)) { 1007 nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted", 1008 &str, &item->bundle->name); 1009 return NXT_OK; 1010 } 1011 1012 if (nxt_fast_path(ret == NXT_DECLINED)) { 1013 old = lhq.value; 1014 if (old->bundle != item->bundle) { 1015 nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" " 1016 "in certificate \"%V\", identical name appears in \"%V\"", 1017 &str, &old->bundle->name, &item->bundle->name); 1018 1019 old->bundle = item->bundle; 1020 } 1021 1022 return NXT_OK; 1023 } 1024 1025 return NXT_ERROR; 1026 } 1027 1028 1029 static nxt_int_t 1030 nxt_openssl_servername(SSL *s, int *ad, void *arg) 1031 { 1032 nxt_str_t str; 1033 nxt_uint_t i; 1034 nxt_conn_t *c; 1035 const char *servername; 1036 nxt_tls_conf_t *conf; 1037 nxt_openssl_conn_t *tls; 1038 nxt_tls_bundle_conf_t *bundle; 1039 1040 c = SSL_get_ex_data(s, nxt_openssl_connection_index); 1041 1042 if (nxt_slow_path(c == NULL)) { 1043 nxt_thread_log_alert("SSL_get_ex_data() failed"); 1044 return SSL_TLSEXT_ERR_ALERT_FATAL; 1045 } 1046 1047 servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); 1048 1049 if (servername == NULL) { 1050 nxt_debug(c->socket.task, "SSL_get_servername(): NULL"); 1051 goto done; 1052 } 1053 1054 str.length = nxt_strlen(servername); 1055 if (str.length == 0) { 1056 nxt_debug(c->socket.task, "SSL_get_servername(): \"\" is empty"); 1057 goto done; 1058 } 1059 1060 if (servername[0] == '.') { 1061 nxt_debug(c->socket.task, "ignored the server name \"%s\": " 1062 "leading \".\"", servername); 1063 goto done; 1064 } 1065 1066 nxt_debug(c->socket.task, "tls with servername \"%s\"", servername); 1067 1068 str.start = nxt_mp_nget(c->mem_pool, str.length); 1069 if (nxt_slow_path(str.start == NULL)) { 1070 return SSL_TLSEXT_ERR_ALERT_FATAL; 1071 } 1072 1073 nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length); 1074 1075 tls = c->u.tls; 1076 conf = tls->conf; 1077 1078 bundle = nxt_openssl_find_ctx(conf, &str); 1079 1080 if (bundle == NULL) { 1081 for (i = 1; i < str.length; i++) { 1082 if (str.start[i] == '.') { 1083 str.start += i; 1084 str.length -= i; 1085 1086 bundle = nxt_openssl_find_ctx(conf, &str); 1087 break; 1088 } 1089 } 1090 } 1091 1092 if (bundle != NULL) { 1093 nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" " 1094 "(old: \"%V\")", &str, &bundle->name, 1095 &conf->bundle->name); 1096 1097 if (bundle != conf->bundle) { 1098 if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) { 1099 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, 1100 "SSL_set_SSL_CTX() failed"); 1101 1102 return SSL_TLSEXT_ERR_ALERT_FATAL; 1103 } 1104 } 1105 } 1106 1107 done: 1108 1109 return SSL_TLSEXT_ERR_OK; 1110 } 1111 1112 1113 static nxt_tls_bundle_conf_t * 1114 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn) 1115 { 1116 nxt_int_t ret; 1117 nxt_lvlhsh_query_t lhq; 1118 nxt_tls_bundle_hash_item_t *item; 1119 1120 lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length); 1121 lhq.key = *sn; 1122 lhq.proto = &nxt_openssl_bundle_hash_proto; 1123 1124 ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq); 1125 if (ret != NXT_OK) { 1126 return NULL; 1127 } 1128 1129 item = lhq.value; 1130 1131 return item->bundle; 1132 } 1133 1134 1135 static void 1136 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf) 1137 { 1138 nxt_tls_bundle_conf_t *bundle; 1139 1140 bundle = conf->bundle; 1141 nxt_assert(bundle != NULL); 1142 1143 do { 1144 SSL_CTX_free(bundle->ctx); 1145 bundle = bundle->next; 1146 } while (bundle != NULL); 1147 1148 if (conf->tickets) { 1149 nxt_memzero(conf->tickets->tickets, 1150 conf->tickets->count * sizeof(nxt_tls_ticket_t)); 1151 } 1152 1153 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \ 1154 && OPENSSL_VERSION_NUMBER < 0x1010101fL) 1155 RAND_keep_random_devices_open(0); 1156 #endif 1157 } 1158 1159 1160 static void 1161 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c) 1162 { 1163 int ret; 1164 SSL *s; 1165 SSL_CTX *ctx; 1166 nxt_openssl_conn_t *tls; 1167 1168 nxt_log_debug(c->socket.log, "openssl conn init"); 1169 1170 tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t)); 1171 if (tls == NULL) { 1172 goto fail; 1173 } 1174 1175 c->u.tls = tls; 1176 nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size); 1177 1178 ctx = conf->bundle->ctx; 1179 1180 s = SSL_new(ctx); 1181 if (s == NULL) { 1182 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed"); 1183 goto fail; 1184 } 1185 1186 tls->session = s; 1187 /* To pass TLS config to the nxt_openssl_servername() callback. */ 1188 tls->conf = conf; 1189 tls->conn = c; 1190 1191 ret = SSL_set_fd(s, c->socket.fd); 1192 1193 if (ret == 0) { 1194 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed", 1195 c->socket.fd); 1196 goto fail; 1197 } 1198 1199 SSL_set_accept_state(s); 1200 1201 if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) { 1202 nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed"); 1203 goto fail; 1204 } 1205 1206 c->io = &nxt_openssl_conn_io; 1207 c->sendfile = NXT_CONN_SENDFILE_OFF; 1208 1209 nxt_openssl_conn_handshake(task, c, c->socket.data); 1210 1211 return; 1212 1213 fail: 1214 1215 nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler, 1216 task, c, c->socket.data); 1217 } 1218 1219 1220 nxt_inline void 1221 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c) 1222 { 1223 nxt_openssl_conn_t *tls; 1224 1225 nxt_debug(task, "openssl conn free"); 1226 1227 tls = c->u.tls; 1228 1229 if (tls != NULL) { 1230 c->u.tls = NULL; 1231 nxt_free(tls->buffer.start); 1232 SSL_free(tls->session); 1233 } 1234 } 1235 1236 1237 static void 1238 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data) 1239 { 1240 int ret; 1241 nxt_int_t n; 1242 nxt_err_t err; 1243 nxt_conn_t *c; 1244 nxt_work_queue_t *wq; 1245 nxt_work_handler_t handler; 1246 nxt_openssl_conn_t *tls; 1247 const nxt_conn_state_t *state; 1248 1249 c = obj; 1250 1251 nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd); 1252 1253 if (c->socket.error != 0) { 1254 return; 1255 } 1256 1257 tls = c->u.tls; 1258 1259 if (tls == NULL) { 1260 return; 1261 } 1262 1263 nxt_debug(task, "openssl conn handshake: %d times", tls->times); 1264 1265 /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */ 1266 1267 ret = SSL_do_handshake(tls->session); 1268 1269 err = (ret <= 0) ? nxt_socket_errno : 0; 1270 1271 nxt_thread_time_debug_update(task->thread); 1272 1273 nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err); 1274 1275 state = (c->read_state != NULL) ? c->read_state : c->write_state; 1276 1277 if (ret > 0) { 1278 /* ret == 1, the handshake was successfully completed. */ 1279 tls->handshake = 1; 1280 1281 if (c->read_state != NULL) { 1282 if (state->io_read_handler != NULL || c->read != NULL) { 1283 nxt_conn_read(task->thread->engine, c); 1284 return; 1285 } 1286 1287 } else { 1288 if (c->write != NULL) { 1289 nxt_conn_write(task->thread->engine, c); 1290 return; 1291 } 1292 } 1293 1294 handler = state->ready_handler; 1295 1296 } else { 1297 c->socket.read_handler = nxt_openssl_conn_handshake; 1298 c->socket.write_handler = nxt_openssl_conn_handshake; 1299 1300 n = nxt_openssl_conn_test_error(task, c, ret, err, 1301 NXT_OPENSSL_HANDSHAKE); 1302 switch (n) { 1303 1304 case NXT_AGAIN: 1305 if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) { 1306 tls->times++; 1307 } 1308 1309 return; 1310 1311 case 0: 1312 handler = state->close_handler; 1313 break; 1314 1315 default: 1316 case NXT_ERROR: 1317 nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed", 1318 c->socket.fd); 1319 1320 handler = state->error_handler; 1321 break; 1322 } 1323 } 1324 1325 wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue; 1326 1327 nxt_work_queue_add(wq, handler, task, c, data); 1328 } 1329 1330 1331 static ssize_t 1332 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b) 1333 { 1334 int ret; 1335 size_t size; 1336 nxt_int_t n; 1337 nxt_err_t err; 1338 nxt_openssl_conn_t *tls; 1339 1340 tls = c->u.tls; 1341 size = b->mem.end - b->mem.free; 1342 1343 ret = SSL_read(tls->session, b->mem.free, size); 1344 1345 err = (ret <= 0) ? nxt_socket_errno : 0; 1346 1347 nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d", 1348 c->socket.fd, b->mem.free, size, ret, err); 1349 1350 if (ret > 0) { 1351 return ret; 1352 } 1353 1354 n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err, 1355 NXT_OPENSSL_READ); 1356 if (n == NXT_ERROR) { 1357 nxt_openssl_conn_error(c->socket.task, err, 1358 "SSL_read(%d, %p, %uz) failed", 1359 c->socket.fd, b->mem.free, size); 1360 } 1361 1362 return n; 1363 } 1364 1365 1366 static ssize_t 1367 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb) 1368 { 1369 nxt_uint_t niov; 1370 struct iovec iov; 1371 1372 niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1); 1373 1374 if (niov == 0 && sb->sync) { 1375 return 0; 1376 } 1377 1378 return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len); 1379 } 1380 1381 1382 static ssize_t 1383 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf, 1384 size_t size) 1385 { 1386 int ret; 1387 nxt_err_t err; 1388 nxt_int_t n; 1389 nxt_conn_t *c; 1390 nxt_openssl_conn_t *tls; 1391 1392 tls = sb->tls; 1393 1394 ret = SSL_write(tls->session, buf, size); 1395 1396 err = (ret <= 0) ? nxt_socket_errno : 0; 1397 1398 nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d", 1399 sb->socket, buf, size, ret, err); 1400 1401 if (ret > 0) { 1402 return ret; 1403 } 1404 1405 c = tls->conn; 1406 c->socket.write_ready = sb->ready; 1407 1408 n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE); 1409 1410 sb->ready = c->socket.write_ready; 1411 1412 if (n == NXT_ERROR) { 1413 sb->error = c->socket.error; 1414 nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed", 1415 sb->socket, buf, size); 1416 } 1417 1418 return n; 1419 } 1420 1421 1422 static void 1423 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data) 1424 { 1425 int ret, mode; 1426 SSL *s; 1427 nxt_err_t err; 1428 nxt_int_t n; 1429 nxt_bool_t quiet, once; 1430 nxt_conn_t *c; 1431 nxt_openssl_conn_t *tls; 1432 nxt_work_handler_t handler; 1433 1434 c = obj; 1435 1436 nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd); 1437 1438 c->read_state = NULL; 1439 tls = c->u.tls; 1440 1441 if (tls == NULL) { 1442 return; 1443 } 1444 1445 s = tls->session; 1446 1447 if (s == NULL || !tls->handshake) { 1448 handler = c->write_state->ready_handler; 1449 goto done; 1450 } 1451 1452 mode = SSL_get_shutdown(s); 1453 1454 if (c->socket.timedout || c->socket.error != 0) { 1455 quiet = 1; 1456 1457 } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) { 1458 quiet = 1; 1459 1460 } else { 1461 quiet = 0; 1462 } 1463 1464 SSL_set_quiet_shutdown(s, quiet); 1465 1466 if (tls->conf->no_wait_shutdown) { 1467 mode |= SSL_RECEIVED_SHUTDOWN; 1468 } 1469 1470 once = 1; 1471 1472 for ( ;; ) { 1473 SSL_set_shutdown(s, mode); 1474 1475 ret = SSL_shutdown(s); 1476 1477 err = (ret <= 0) ? nxt_socket_errno : 0; 1478 1479 nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d", 1480 c->socket.fd, mode, quiet, ret, err); 1481 1482 if (ret > 0) { 1483 /* ret == 1, the shutdown was successfully completed. */ 1484 handler = c->write_state->ready_handler; 1485 goto done; 1486 } 1487 1488 if (ret == 0) { 1489 /* 1490 * If SSL_shutdown() returns 0 then it should be called 1491 * again. The second SSL_shutdown() call should return 1492 * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE. 1493 * OpenSSL prior to 0.9.8m version however never returns 1494 * -1 at all. Fortunately, OpenSSL preserves internally 1495 * correct status available via SSL_get_error(-1). 1496 */ 1497 if (once) { 1498 once = 0; 1499 mode = SSL_get_shutdown(s); 1500 continue; 1501 } 1502 1503 ret = -1; 1504 } 1505 1506 /* ret == -1 */ 1507 1508 break; 1509 } 1510 1511 c->socket.read_handler = nxt_openssl_conn_io_shutdown; 1512 c->socket.write_handler = nxt_openssl_conn_io_shutdown; 1513 c->socket.error_handler = c->write_state->error_handler; 1514 1515 n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN); 1516 1517 switch (n) { 1518 1519 case 0: 1520 handler = c->write_state->close_handler; 1521 break; 1522 1523 case NXT_AGAIN: 1524 c->write_timer.handler = nxt_openssl_conn_io_shutdown_timeout; 1525 nxt_timer_add(task->thread->engine, &c->write_timer, 5000); 1526 return; 1527 1528 default: 1529 case NXT_ERROR: 1530 nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed", 1531 c->socket.fd); 1532 handler = c->write_state->error_handler; 1533 } 1534 1535 done: 1536 1537 nxt_openssl_conn_free(task, c); 1538 1539 nxt_work_queue_add(c->write_work_queue, handler, task, c, data); 1540 } 1541 1542 1543 static nxt_int_t 1544 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret, 1545 nxt_err_t sys_err, nxt_openssl_io_t io) 1546 { 1547 u_long lib_err; 1548 nxt_openssl_conn_t *tls; 1549 1550 tls = c->u.tls; 1551 1552 tls->ssl_error = SSL_get_error(tls->session, ret); 1553 1554 nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error); 1555 1556 switch (tls->ssl_error) { 1557 1558 case SSL_ERROR_WANT_READ: 1559 c->socket.read_ready = 0; 1560 1561 if (io != NXT_OPENSSL_READ) { 1562 nxt_fd_event_block_write(task->thread->engine, &c->socket); 1563 1564 if (nxt_fd_event_is_disabled(c->socket.read)) { 1565 nxt_fd_event_enable_read(task->thread->engine, &c->socket); 1566 } 1567 } 1568 1569 return NXT_AGAIN; 1570 1571 case SSL_ERROR_WANT_WRITE: 1572 c->socket.write_ready = 0; 1573 1574 if (io != NXT_OPENSSL_WRITE) { 1575 nxt_fd_event_block_read(task->thread->engine, &c->socket); 1576 1577 if (nxt_fd_event_is_disabled(c->socket.write)) { 1578 nxt_fd_event_enable_write(task->thread->engine, &c->socket); 1579 } 1580 } 1581 1582 return NXT_AGAIN; 1583 1584 case SSL_ERROR_SYSCALL: 1585 lib_err = ERR_peek_error(); 1586 1587 nxt_debug(task, "ERR_peek_error(): %l", lib_err); 1588 1589 if (sys_err != 0 || lib_err != 0) { 1590 c->socket.error = sys_err; 1591 return NXT_ERROR; 1592 } 1593 1594 /* A connection was just closed. */ 1595 c->socket.closed = 1; 1596 return 0; 1597 1598 case SSL_ERROR_ZERO_RETURN: 1599 /* A "close notify" alert. */ 1600 return 0; 1601 1602 default: /* SSL_ERROR_SSL, etc. */ 1603 c->socket.error = 1000; /* Nonexistent errno code. */ 1604 return NXT_ERROR; 1605 } 1606 } 1607 1608 1609 static void 1610 nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, void *data) 1611 { 1612 nxt_conn_t *c; 1613 nxt_timer_t *timer; 1614 1615 timer = obj; 1616 1617 nxt_debug(task, "openssl conn shutdown timeout"); 1618 1619 c = nxt_write_timer_conn(timer); 1620 1621 c->socket.timedout = 1; 1622 nxt_openssl_conn_io_shutdown(task, c, NULL); 1623 } 1624 1625 1626 static void nxt_cdecl 1627 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...) 1628 { 1629 u_char *p, *end; 1630 va_list args; 1631 nxt_uint_t level; 1632 u_char msg[NXT_MAX_ERROR_STR]; 1633 1634 level = nxt_openssl_log_error_level(err); 1635 1636 if (nxt_log_level_enough(task->log, level)) { 1637 1638 end = msg + sizeof(msg); 1639 1640 va_start(args, fmt); 1641 p = nxt_vsprintf(msg, end, fmt, args); 1642 va_end(args); 1643 1644 if (err != 0) { 1645 p = nxt_sprintf(p, end, " %E", err); 1646 } 1647 1648 p = nxt_openssl_copy_error(p, end); 1649 1650 nxt_log(task, level, "%*s", p - msg, msg); 1651 1652 } else { 1653 ERR_clear_error(); 1654 } 1655 } 1656 1657 1658 static nxt_uint_t 1659 nxt_openssl_log_error_level(nxt_err_t err) 1660 { 1661 switch (ERR_GET_REASON(ERR_peek_error())) { 1662 1663 case 0: 1664 return nxt_socket_error_level(err); 1665 1666 case SSL_R_BAD_CHANGE_CIPHER_SPEC: /* 103 */ 1667 case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG: /* 129 */ 1668 case SSL_R_DIGEST_CHECK_FAILED: /* 149 */ 1669 case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST: /* 151 */ 1670 case SSL_R_EXCESSIVE_MESSAGE_SIZE: /* 152 */ 1671 case SSL_R_LENGTH_MISMATCH: /* 159 */ 1672 #ifdef SSL_R_NO_CIPHERS_PASSED 1673 case SSL_R_NO_CIPHERS_PASSED: /* 182 */ 1674 #endif 1675 case SSL_R_NO_CIPHERS_SPECIFIED: /* 183 */ 1676 case SSL_R_NO_COMPRESSION_SPECIFIED: /* 187 */ 1677 case SSL_R_NO_SHARED_CIPHER: /* 193 */ 1678 case SSL_R_RECORD_LENGTH_MISMATCH: /* 213 */ 1679 #ifdef SSL_R_PARSE_TLSEXT 1680 case SSL_R_PARSE_TLSEXT: /* 227 */ 1681 #endif 1682 case SSL_R_UNEXPECTED_MESSAGE: /* 244 */ 1683 case SSL_R_UNEXPECTED_RECORD: /* 245 */ 1684 case SSL_R_UNKNOWN_ALERT_TYPE: /* 246 */ 1685 case SSL_R_UNKNOWN_PROTOCOL: /* 252 */ 1686 case SSL_R_WRONG_VERSION_NUMBER: /* 267 */ 1687 case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC: /* 281 */ 1688 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG 1689 case SSL_R_RENEGOTIATE_EXT_TOO_LONG: /* 335 */ 1690 case SSL_R_RENEGOTIATION_ENCODING_ERR: /* 336 */ 1691 case SSL_R_RENEGOTIATION_MISMATCH: /* 337 */ 1692 #endif 1693 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 1694 case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED: /* 338 */ 1695 #endif 1696 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 1697 case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING: /* 345 */ 1698 #endif 1699 case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ 1700 case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE: /* 1010 */ 1701 case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC: /* 1020 */ 1702 case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED: /* 1021 */ 1703 case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW: /* 1022 */ 1704 case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE: /* 1030 */ 1705 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: /* 1040 */ 1706 case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER: /* 1047 */ 1707 break; 1708 1709 case SSL_R_SSLV3_ALERT_NO_CERTIFICATE: /* 1041 */ 1710 case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE: /* 1042 */ 1711 case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE: /* 1043 */ 1712 case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED: /* 1044 */ 1713 case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED: /* 1045 */ 1714 case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN: /* 1046 */ 1715 case SSL_R_TLSV1_ALERT_UNKNOWN_CA: /* 1048 */ 1716 case SSL_R_TLSV1_ALERT_ACCESS_DENIED: /* 1049 */ 1717 case SSL_R_TLSV1_ALERT_DECODE_ERROR: /* 1050 */ 1718 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR: /* 1051 */ 1719 case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION: /* 1060 */ 1720 case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION: /* 1070 */ 1721 case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY: /* 1071 */ 1722 case SSL_R_TLSV1_ALERT_INTERNAL_ERROR: /* 1080 */ 1723 case SSL_R_TLSV1_ALERT_USER_CANCELLED: /* 1090 */ 1724 case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION: /* 1100 */ 1725 return NXT_LOG_ERR; 1726 1727 default: 1728 return NXT_LOG_ALERT; 1729 } 1730 1731 return NXT_LOG_INFO; 1732 } 1733 1734 1735 void nxt_cdecl 1736 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...) 1737 { 1738 u_char *p, *end; 1739 va_list args; 1740 u_char msg[NXT_MAX_ERROR_STR]; 1741 1742 end = msg + sizeof(msg); 1743 1744 va_start(args, fmt); 1745 p = nxt_vsprintf(msg, end, fmt, args); 1746 va_end(args); 1747 1748 p = nxt_openssl_copy_error(p, end); 1749 1750 nxt_log(task, level, "%*s", p - msg, msg); 1751 } 1752 1753 1754 u_char * 1755 nxt_openssl_copy_error(u_char *p, u_char *end) 1756 { 1757 int flags; 1758 u_long err; 1759 nxt_bool_t clear; 1760 const char *data, *delimiter; 1761 1762 err = ERR_peek_error(); 1763 if (err == 0) { 1764 return p; 1765 } 1766 1767 /* Log the most relevant error message ... */ 1768 data = ERR_reason_error_string(err); 1769 1770 p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data); 1771 1772 /* 1773 * ... followed by all queued cumbersome OpenSSL error messages 1774 * and drain the error queue. 1775 */ 1776 delimiter = ""; 1777 clear = 0; 1778 1779 for ( ;; ) { 1780 err = ERR_get_error_line_data(NULL, NULL, &data, &flags); 1781 if (err == 0) { 1782 break; 1783 } 1784 1785 p = nxt_sprintf(p, end, "%s", delimiter); 1786 1787 ERR_error_string_n(err, (char *) p, end - p); 1788 1789 while (p < end && *p != '\0') { 1790 p++; 1791 } 1792 1793 if ((flags & ERR_TXT_STRING) != 0) { 1794 p = nxt_sprintf(p, end, ":%s", data); 1795 } 1796 1797 clear |= ((flags & ERR_TXT_MALLOCED) != 0); 1798 1799 delimiter = "; "; 1800 } 1801 1802 /* Deallocate additional data. */ 1803 1804 if (clear) { 1805 ERR_clear_error(); 1806 } 1807 1808 if (p < end) { 1809 *p++ = ')'; 1810 } 1811 1812 return p; 1813 } 1814