nginx.git/src/event, branch no-short-read-checks nginx Remove short read checks 2025-06-26T21:24:01+00:00 Andrew Clayton ac@sigsegv.uk 2025-06-26T21:20:46+00:00 0c5bb8a5e10657cec505729596c8b2f0c794cc8f This removes a bunch of checks for cases where we _read_ less bytes than asked for. There are several reasons why we may _read_ less bytes including reading data from a network file system. This has proven to be an issue. Closes: https://github.com/nginx/nginx/issues/265 Signed-off-by: Andrew Clayton <ac@sigsegv.uk> 
This removes a bunch of checks for cases where we _read_ less bytes than
asked for.

There are several reasons why we may _read_ less bytes including reading
data from a network file system.

This has proven to be an issue.

Closes: https://github.com/nginx/nginx/issues/265
Signed-off-by: Andrew Clayton <ac@sigsegv.uk>
Use NULL instead of 0 for null pointer constant. 2025-06-21T06:36:45+00:00 Andrew Clayton a.clayton@nginx.com 2025-05-21T21:30:20+00:00 4eaecc5e8aa7bbaf9e58bf56560a8b1e67d0a8b7 There were a few random places where 0 was being used as a null pointer constant. We have a NULL macro for this very purpose, use it. There is also some interest in actually deprecating the use of 0 as a null pointer constant in C. This was found with -Wzero-as-null-pointer-constant which was enabled for C in GCC 15 (not enabled with Wall or Wextra... yet). Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117059> 
There were a few random places where 0 was being used as a null pointer
constant.

We have a NULL macro for this very purpose, use it.

There is also some interest in actually deprecating the use of 0 as a
null pointer constant in C.

This was found with -Wzero-as-null-pointer-constant which was enabled
for C in GCC 15 (not enabled with Wall or Wextra... yet).

Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117059>
Core: added support for TCP keepalive parameters on macOS. 2025-05-26T21:59:02+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-26T12:11:36+00:00 5b8a5c08ce28639e788734b2528faad70baa113c The support first appeared in OS X Mavericks 10.9 and documented since OS X Yosemite 10.10. It has a subtle implementation difference from other operating systems in that the TCP_KEEPALIVE socket option (used in place of TCP_KEEPIDLE) isn't inherited from a listening socket to an accepted socket. An apparent reason for this behaviour is that it might be preserved for the sake of backward compatibility. The TCP_KEEPALIVE socket option is not inherited since appearance in OS X Panther 10.3, which long predates two other TCP_KEEPINTVL and TCP_KEEPCNT socket options. Thanks to Andy Pan for initial work. 
The support first appeared in OS X Mavericks 10.9 and documented since
OS X Yosemite 10.10.

It has a subtle implementation difference from other operating systems
in that the TCP_KEEPALIVE socket option (used in place of TCP_KEEPIDLE)
isn't inherited from a listening socket to an accepted socket.

An apparent reason for this behaviour is that it might be preserved for
the sake of backward compatibility.  The TCP_KEEPALIVE socket option is
not inherited since appearance in OS X Panther 10.3, which long predates
two other TCP_KEEPINTVL and TCP_KEEPCNT socket options.

Thanks to Andy Pan for initial work.
SSL: disabled UI console prompts from worker processes. 2025-05-26T13:56:18+00:00 Aleksei Bavshin a.bavshin@nginx.com 2025-01-17T20:24:08+00:00 3d5889a3ee41a282bad54d9c0d3662dba9f52c1b Certain providers may attempt to reload the key on the first use after a fork. Such attempt would require re-prompting the pin, and this time we are not able to pass the password callback. While it is addressable with configuration for a specific provider, it would be prudent to ensure that no such prompts could block worker processes by setting the default UI method. UI_null() first appeared in 1.1.1 along with the OSSL_STORE, so it is safe to assume the same set of guards. 
Certain providers may attempt to reload the key on the first use after a
fork.  Such attempt would require re-prompting the pin, and this time we
are not able to pass the password callback.

While it is addressable with configuration for a specific provider, it would
be prudent to ensure that no such prompts could block worker processes by
setting the default UI method.

UI_null() first appeared in 1.1.1 along with the OSSL_STORE, so it is safe
to assume the same set of guards.
SSL: support loading keys via OSSL_STORE. 2025-05-26T13:56:18+00:00 Aleksei Bavshin a.bavshin@nginx.com 2024-12-17T01:56:45+00:00 0fdbfc1ff45adb8e98e71004e5d147987e7d8974 A new "store:..." prefix for the "ssl_certificate_key" directive allows loading keys via the OSSL_STORE API. The change is required to support hardware backed keys in OpenSSL 3.x using the new "provider(7ossl)" modules, such as "pkcs11-provider". While the engine API is present in 3.x, some operating systems (notably, RHEL10) have already disabled it in their builds of OpenSSL. Related: https://trac.nginx.org/nginx/ticket/2449 
A new "store:..." prefix for the "ssl_certificate_key" directive allows
loading keys via the OSSL_STORE API.

The change is required to support hardware backed keys in OpenSSL 3.x using
the new "provider(7ossl)" modules, such as "pkcs11-provider".  While the
engine API is present in 3.x, some operating systems (notably, RHEL10)
have already disabled it in their builds of OpenSSL.

Related: https://trac.nginx.org/nginx/ticket/2449
QUIC: using QUIC API introduced in OpenSSL 3.5. 2025-05-23T11:00:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-02-13T13:00:56+00:00 6a134dfd4888fc3850d22294687cfb3940994c69 Similarly to the QUIC API originated in BoringSSL, this API allows to register custom TLS callbacks for an external QUIC implementation. See the SSL_set_quic_tls_cbs manual page for details. Due to a different approach used in OpenSSL 3.5, handling of CRYPTO frames was streamlined to always write an incoming CRYPTO buffer to the crypto context. Using SSL_provide_quic_data(), this results in transient allocation of chain links and buffers for CRYPTO frames received in order. Testing didn't reveal performance degradation of QUIC handshakes, https://github.com/nginx/nginx/pull/646 provides specific results. 
Similarly to the QUIC API originated in BoringSSL, this API allows
to register custom TLS callbacks for an external QUIC implementation.
See the SSL_set_quic_tls_cbs manual page for details.

Due to a different approach used in OpenSSL 3.5, handling of CRYPTO
frames was streamlined to always write an incoming CRYPTO buffer to
the crypto context.  Using SSL_provide_quic_data(), this results in
transient allocation of chain links and buffers for CRYPTO frames
received in order.  Testing didn't reveal performance degradation of
QUIC handshakes, https://github.com/nginx/nginx/pull/646 provides
specific results.
QUIC: better approach for premature handshake completion. 2025-05-23T11:00:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-15T21:10:11+00:00 1d4d2f2c962c33aafdd8f79d9fc50b7cacf05e24 Using SSL_in_init() to inspect a handshake state was replaced with SSL_is_init_finished(). This represents a more complete fix to the BoringSSL issue addressed in 22671b37e. This provides awareness of the early data handshake state when using OpenSSL 3.5 TLS callbacks in 0-RTT enabled configurations, which, in particular, is used to avoid premature completion of the initial TLS handshake, before required client handshake messages are received. This is a non-functional change when using BoringSSL. It supersedes testing non-positive SSL_do_handshake() results in all supported SSL libraries, hence simplified. In preparation for using OpenSSL 3.5 TLS callbacks. 
Using SSL_in_init() to inspect a handshake state was replaced with
SSL_is_init_finished().  This represents a more complete fix to the
BoringSSL issue addressed in 22671b37e.

This provides awareness of the early data handshake state when using
OpenSSL 3.5 TLS callbacks in 0-RTT enabled configurations, which, in
particular, is used to avoid premature completion of the initial TLS
handshake, before required client handshake messages are received.

This is a non-functional change when using BoringSSL.  It supersedes
testing non-positive SSL_do_handshake() results in all supported SSL
libraries, hence simplified.

In preparation for using OpenSSL 3.5 TLS callbacks.
QUIC: ssl_encryption_level_t abstraction layer. 2025-05-23T11:00:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-06T11:58:17+00:00 bcb9d3fd2cc88eee23a5da854a0e2aa5c5b688d7 Encryption level values are decoupled from ssl_encryption_level_t, which is now limited to BoringSSL QUIC callbacks, with mappings provided. Although the values match, this provides a technically safe approach, in particular, to access protection level sized arrays. In preparation for using OpenSSL 3.5 TLS callbacks. 
Encryption level values are decoupled from ssl_encryption_level_t,
which is now limited to BoringSSL QUIC callbacks, with mappings
provided.  Although the values match, this provides a technically
safe approach, in particular, to access protection level sized arrays.

In preparation for using OpenSSL 3.5 TLS callbacks.
QUIC: factored out SSL_provide_quic_data() to the helper function. 2025-05-23T11:00:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-21T16:32:48+00:00 9857578f15352ec248813f5b3e58ca55dc82f967 It is now called from ngx_quic_handle_crypto_frame(), prior to proceeding with the handshake. With this logic removed, the handshake function is renamed to ngx_quic_handshake() to better match ngx_ssl_handshake(). 
It is now called from ngx_quic_handle_crypto_frame(), prior to proceeding
with the handshake.  With this logic removed, the handshake function is
renamed to ngx_quic_handshake() to better match ngx_ssl_handshake().
QUIC: defined SSL API macros in a single place. 2025-05-23T11:00:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-20T23:54:45+00:00 e561f7dbcfc27f5f648e5151de0796e691cbc1b0 All definitions now set in ngx_event_quic.h, this includes moving NGX_QUIC_OPENSSL_COMPAT from autotests to compile time. Further, to improve code readability, a new NGX_QUIC_QUICTLS_API macro is used for QuicTLS that provides old BoringSSL QUIC API. 
All definitions now set in ngx_event_quic.h, this includes moving
NGX_QUIC_OPENSSL_COMPAT from autotests to compile time.  Further,
to improve code readability, a new NGX_QUIC_QUICTLS_API macro is
used for QuicTLS that provides old BoringSSL QUIC API.