nginx.git/src/event, branch release-1.23.3 nginx SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors. 2022-12-01T01:22:31+00:00 Maxim Dounin mdounin@mdounin.ru 2022-12-01T01:22:31+00:00 39892c6265bb36604bbcbd5e315ec3ee0e91c277 With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(), which used to always reset c->read->ready to 0 when returning errors. This fixes an infinite loop in unbuffered SSL proxying if writing to the client is blocked and an SSL error happens (ticket #2418). With this change, the fix for a similar issue in the stream module (6868:ee3645078759), which used a different approach of explicitly testing c->read->error instead, is no longer needed and was reverted. 
With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(),
which used to always reset c->read->ready to 0 when returning errors.

This fixes an infinite loop in unbuffered SSL proxying if writing to the
client is blocked and an SSL error happens (ticket #2418).

With this change, the fix for a similar issue in the stream module
(6868:ee3645078759), which used a different approach of explicitly
testing c->read->error instead, is no longer needed and was reverted.
SSL: fixed debug logging of SSL_sendfile() return value. 2022-11-24T19:08:30+00:00 Sergey Kandaurov pluknet@nginx.com 2022-11-24T19:08:30+00:00 765ef1098d169622ada67eb4eccad1d45d47a61c 






Fixed segfault when switching off master process during upgrade.
2022-11-23T20:48:53+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-11-23T20:48:53+00:00

d52e5684437aedd6bb74d6b2b602b7306f4212ba

Binary upgrades are not supported without master process, but it is,
however, possible, that nginx running with master process is asked
to upgrade binary, and the configuration file as available on disk
at this time includes "master_process off;".

If this happens, listening sockets inherited from the previous binary
will have ls[i].previous set.  But the old cycle on initial process
startup, including startup after binary upgrade, is destroyed by
ngx_init_cycle() once configuration parsing is complete.  As a result,
an attempt to dereference ls[i].previous in ngx_event_process_init()
accesses already freed memory.

Fix is to avoid looking into ls[i].previous if the old cycle is already
freed.

With this change it is also no longer needed to clear ls[i].previous in
worker processes, so the relevant code was removed.





Binary upgrades are not supported without master process, but it is,
however, possible, that nginx running with master process is asked
to upgrade binary, and the configuration file as available on disk
at this time includes "master_process off;".

If this happens, listening sockets inherited from the previous binary
will have ls[i].previous set.  But the old cycle on initial process
startup, including startup after binary upgrade, is destroyed by
ngx_init_cycle() once configuration parsing is complete.  As a result,
an attempt to dereference ls[i].previous in ngx_event_process_init()
accesses already freed memory.

Fix is to avoid looking into ls[i].previous if the old cycle is already
freed.

With this change it is also no longer needed to clear ls[i].previous in
worker processes, so the relevant code was removed.







Disabled cloning of sockets without master process (ticket #2403).
2022-11-23T20:12:04+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-11-23T20:12:04+00:00

593bb543873ac57efade09dbcc2f93ab6b4d5ab0

Cloning of listening sockets for each worker process does not make sense
when working without master process, and causes some of the connections
not to be accepted if worker_processes is set to more than one and there
are listening sockets configured with the reuseport flag.  Fix is to
disable cloning when master process is disabled.





Cloning of listening sockets for each worker process does not make sense
when working without master process, and causes some of the connections
not to be accepted if worker_processes is set to more than one and there
are listening sockets configured with the reuseport flag.  Fix is to
disable cloning when master process is disabled.







SSL: removed cast not needed after 5ffd76a9ccf3.
2022-10-13T12:18:56+00:00

Sergey Kandaurov
pluknet@nginx.com

2022-10-13T12:18:56+00:00

5b23fe690f0ddd0fe4af1ed01d7a4df95aa54d10












SSL: workaround for session timeout handling with TLSv1.3.
2022-10-12T17:14:57+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-10-12T17:14:57+00:00

4d61d59ae9ecc8f1a5f0f505bf0310035b0d9ce9

OpenSSL with TLSv1.3 updates the session creation time on session
resumption and keeps the session timeout unmodified, making it possible
to maintain the session forever, bypassing client certificate expiration
and revocation.  To make sure session timeouts are actually used, we
now update the session creation time and reduce the session timeout
accordingly.

BoringSSL with TLSv1.3 ignores configured session timeouts and uses a
hardcoded timeout instead, 7 days.  So we update session timeout to
the configured value as soon as a session is created.





OpenSSL with TLSv1.3 updates the session creation time on session
resumption and keeps the session timeout unmodified, making it possible
to maintain the session forever, bypassing client certificate expiration
and revocation.  To make sure session timeouts are actually used, we
now update the session creation time and reduce the session timeout
accordingly.

BoringSSL with TLSv1.3 ignores configured session timeouts and uses a
hardcoded timeout instead, 7 days.  So we update session timeout to
the configured value as soon as a session is created.







SSL: optimized rotation of session ticket keys.
2022-10-12T17:14:55+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-10-12T17:14:55+00:00

02314f0c3c70bad88ae3554eb66439a261898f24

Instead of syncing keys with shared memory on each ticket operation,
the code now does this only when the worker is going to change expiration
of the current key, or going to switch to a new key: that is, usually
at most once per second.

To do so without races, the code maintains 3 keys: current, previous,
and next.  If a worker will switch to the next key earlier, other workers
will still be able to decrypt new tickets, since they will be encrypted
with the next key.





Instead of syncing keys with shared memory on each ticket operation,
the code now does this only when the worker is going to change expiration
of the current key, or going to switch to a new key: that is, usually
at most once per second.

To do so without races, the code maintains 3 keys: current, previous,
and next.  If a worker will switch to the next key earlier, other workers
will still be able to decrypt new tickets, since they will be encrypted
with the next key.







SSL: automatic rotation of session ticket keys.
2022-10-12T17:14:53+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-10-12T17:14:53+00:00

1d572e359a210dcb27e5e073c016c1768c435263

As long as ssl_session_cache in shared memory is configured, session ticket
keys are now automatically generated in shared memory, and rotated
periodically.  This can be beneficial from forward secrecy point of view,
and also avoids increased CPU usage after configuration reloads.

This also helps BoringSSL to properly resume sessions in configurations
with multiple worker processes and no ssl_session_ticket_key directives,
as BoringSSL tries to automatically rotate session ticket keys and does
this independently in different worker processes, thus breaking session
resumption between worker processes.





As long as ssl_session_cache in shared memory is configured, session ticket
keys are now automatically generated in shared memory, and rotated
periodically.  This can be beneficial from forward secrecy point of view,
and also avoids increased CPU usage after configuration reloads.

This also helps BoringSSL to properly resume sessions in configurations
with multiple worker processes and no ssl_session_ticket_key directives,
as BoringSSL tries to automatically rotate session ticket keys and does
this independently in different worker processes, thus breaking session
resumption between worker processes.







SSL: shorter debug messages about session tickets.
2022-10-12T17:14:51+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-10-12T17:14:51+00:00

3b127da11169c63c04d2ea41a79023b030010a1e












SSL: renamed session ticket key functions and data index.
2022-10-12T17:14:49+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-10-12T17:14:49+00:00

2a8e56b1e2addb0fdf9fbd0d33b2c1371409176b

Previously used names are way too long, renamed to simplify writing code.





Previously used names are way too long, renamed to simplify writing code.