aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
...
* SSL: caching CA certificates.Sergey Kandaurov2024-10-01
| | | | | | | This can potentially provide a large amount of savings, because CA certificates can be quite large. Based on previous work by Mini Hawthorne.
* SSL: caching CRLs.Sergey Kandaurov2024-10-01
| | | | Based on previous work by Mini Hawthorne.
* SSL: caching certificate keys.Sergey Kandaurov2024-10-01
| | | | | | | EVP_KEY objects are a reference-counted container for key material, shallow copies and OpenSSL stack management aren't needed as with certificates. Based on previous work by Mini Hawthorne.
* SSL: caching certificates.Sergey Kandaurov2024-10-01
| | | | | | | | | | Certificate chains are now loaded once. The certificate cache provides each chain as a unique stack of reference counted elements. This shallow copy is required because OpenSSL stacks aren't reference counted. Based on previous work by Mini Hawthorne.
* SSL: object caching.Sergey Kandaurov2024-10-01
| | | | | | | | | | Added ngx_openssl_cache_module, which indexes a type-aware object cache. It maps an id to a unique instance, and provides references to it, which are dropped when the cycle's pool is destroyed. The cache will be used in subsequent patches. Based on previous work by Mini Hawthorne.
* SSL: moved certificate storage out of exdata.Sergey Kandaurov2024-10-01
| | | | | | | | Instead of cross-linking the objects using exdata, pointers to configured certificates are now stored in ngx_ssl_t, and OCSP staples are now accessed with rbtree in it. This allows sharing these objects between SSL contexts. Based on previous work by Mini Hawthorne.
* Fixed a typo of bpf makefile debug option.tzssangglass2024-09-24
|
* SSL: optional ssl_client_certificate for ssl_verify_client.Sergey Kandaurov2024-09-20
| | | | | | | | | | | | | | | | | | | | | | | | | Starting from TLSv1.1 (as seen since draft-ietf-tls-rfc2246-bis-00), the "certificate_authorities" field grammar of the CertificateRequest message was redone to allow no distinguished names. In TLSv1.3, with the restructured CertificateRequest message, this can be similarly done by optionally including the "certificate_authorities" extension. This allows to avoid sending DNs at all. In practice, aside from published TLS specifications, all supported SSL/TLS libraries allow to request client certificates with an empty DN list for any protocol version. For instance, when operating in TLSv1, this results in sending the "certificate_authorities" list as a zero-length vector, which corresponds to the TLSv1.1 specification. Such behaviour goes back to SSLeay. The change relaxes the requirement to specify at least one trusted CA certificate in the ssl_client_certificate directive, which resulted in sending DNs of these certificates (closes #142). Instead, all trusted CA certificates can be specified now using the ssl_trusted_certificate directive if needed. A notable difference that certificates specified in ssl_trusted_certificate are always loaded remains (see 3648ba7db). Co-authored-by: Praveen Chaudhary <praveenc@nvidia.com>
* Proxy: proxy_pass_trailers directive.Sergey Kandaurov2024-09-13
| | | | The directive allows to pass upstream response trailers to client.
* Stream: OCSP stapling.Sergey Kandaurov2024-08-22
|
* Stream: client certificate validation with OCSP.Sergey Kandaurov2024-08-22
|
* Version bump.Sergey Kandaurov2024-08-20
|
* Mp4: rejecting unordered chunks in stsc atom.Roman Arutyunyan2024-08-12
| | | | | | Unordered chunks could result in trak->end_chunk smaller than trak->start_chunk in ngx_http_mp4_crop_stsc_data(). Later in ngx_http_mp4_update_stco_atom() this caused buffer overread while trying to calculate trak->end_offset.
* Mp4: fixed buffer underread while updating stsz atom.Roman Arutyunyan2024-08-12
| | | | | | | | | | While cropping an stsc atom in ngx_http_mp4_crop_stsc_data(), a 32-bit integer overflow could happen, which could result in incorrect seeking and a very large value stored in "samples". This resulted in a large invalid value of trak->end_chunk_samples. This value is further used to calculate the value of trak->end_chunk_samples_size in ngx_http_mp4_update_stsz_atom(). While doing this, a large invalid value of trak->end_chunk_samples could result in reading memory before stsz atom start. This could potentially result in a segfault.
* Stream ssl_preread: do not reallocate a parsed SNI host.Sergey Kandaurov2024-08-09
| | | | We own this memory from the session pool.
* QUIC: zero out existing keying material only.Sergey Kandaurov2024-08-09
| | | | | Previously, this used to have extra ngx_explicit_memzero() calls from within ngx_quic_keys_cleanup(), which might be suboptimal.
* QUIC: discarding 0-RTT keys.Sergey Kandaurov2024-08-09
| | | | For simplicity, this is done on successful decryption of a 1-RTT packet.
* Version bump.Sergey Kandaurov2024-08-09
|
* HTTP/2: close connections initialized during graceful shutdown.Kasei Wang2024-07-18
| | | | | | | In some rare cases, graceful shutdown may happen while initializing an HTTP/2 connection. Previously, such a connection ignored the shutdown and remained active. Now it is gracefully closed prior to processing any streams to eliminate the shutdown delay.
* Stream: allow servers with no handler.Roman Arutyunyan2024-06-27
| | | | | | | | Previously handlers were mandatory. However they are not always needed. For example, a server configured with ssl_reject_handshake does not need a handler. Such servers required a fake handler to pass the check. Now handler absence check is moved to runtime. If handler is missing, the connection is closed with 500 code.
* HTTP/3: fixed handling of zero-length literal field line.Sergey Kandaurov2024-05-28
| | | | Previously, st->value was passed with NULL data pointer to header handlers.
* QUIC: ngx_quic_buffer_t use-after-free protection.Roman Arutyunyan2024-05-28
| | | | | | | Previously the last chain field of ngx_quic_buffer_t could still reference freed chains and buffers after calling ngx_quic_free_buffer(). While normally an ngx_quic_buffer_t object should not be used after freeing, resetting last_chain field would prevent a potential use-after-free.
* QUIC: ignore CRYPTO frames after handshake completion.Roman Arutyunyan2024-05-28
| | | | | | Sending handshake-level CRYPTO frames after the client's Finished message could lead to memory disclosure and a potential segfault, if those frames are sent in one packet with the Finished frame.
* HTTP/3: fixed dynamic table overflow.Roman Arutyunyan2024-05-28
| | | | | | | | | | | | While inserting a new entry into the dynamic table, first the entry is added, and then older entries are evicted until table size is within capacity. After the first step, the number of entries may temporarily exceed the maximum calculated from capacity by one entry, which previously caused table overflow. The easiest way to trigger the issue is to keep adding entries with empty names and values until first eviction. The issue was introduced by 987bee4363d1.
* HTTP/3: decoder stream pre-creation.Roman Arutyunyan2024-05-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | Previously a decoder stream was created on demand for sending Section Acknowledgement, Stream Cancellation and Insert Count Increment. If conditions for sending any of these instructions never happen, a decoder stream is not created at all. These conditions include client not using the dynamic table and no streams abandoned by server (RFC 9204, Section 2.2.2.2). However RFC 9204, Section 4.2 defines only one condition for not creating a decoder stream: An endpoint MAY avoid creating a decoder stream if its decoder sets the maximum capacity of the dynamic table to zero. The change enables pre-creation of the decoder stream at HTTP/3 session initialization if maximum dynamic table capacity is not zero. Note that this value is currently hardcoded to 4096 bytes and is not configurable, so the stream is now always created. Also, the change fixes a potential stack overflow when creating a decoder stream in ngx_http_v3_send_cancel_stream() while draining a request stream by ngx_drain_connections(). Creating a decoder stream involves calling ngx_get_connection(), which calls ngx_drain_connections(), which will drain the same request stream again. If client's MAX_STREAMS for uni stream is high enough, these recursive calls will continue until we run out of stack. Otherwise, decoder stream creation will fail at some point and the request stream connection will be drained. This may result in use-after-free, since this connection could still be referenced up the stack.
* QUIC: client transport parameter data length checking.Sergey Kandaurov2024-05-28
|
* Upstream: variables support in proxy_limit_rate and friends.J Carter2023-11-25
|
* Optimized chain link usage (ticket #2614).Roman Arutyunyan2024-05-23
| | | | | | | | | | Previously chain links could sometimes be dropped instead of being reused, which could result in increased memory consumption during long requests. A similar chain link issue in ngx_http_gzip_filter_module was fixed in da46bfc484ef (1.11.10). Based on a patch by Sangmin Lee.
* Stream pass: disabled passing from or to udp.Roman Arutyunyan2024-05-03
| | | | | | | Passing from udp was not possible for the most part due to preread buffer restriction. Passing to udp could occasionally work, but the connection would still be bound to the original listen rbtree, which prevented it from being deleted on connection closure.
* SSL: fixed possible configuration overwrite loading "engine:" keys.Sergey Kandaurov2024-05-03
| | | | | | | When loading certificate keys via ENGINE_load_private_key() in runtime, it was possible to overwrite configuration on ENGINE_by_id() failure. OpenSSL documention doesn't describe errors in details, the only reason I found in the comment to example is when the engine is not available.
* HTTP/3: fixed handling of malformed request body length.Sergey Kandaurov2024-05-03
| | | | | | | Previously, a request body larger than declared in Content-Length resulted in a 413 status code, because Content-Length was mistakenly used as the maximum allowed request body, similar to client_max_body_size. Following the HTTP/3 specification, such requests are now rejected with the 400 error as malformed.
* Version bump.Sergey Kandaurov2024-05-03
|
* Stream pass: limited the number of passes per connection.Roman Arutyunyan2024-04-11
| | | | Previously a cycle in pass configuration resulted in stack overflow.
* QUIC: fixed close timer processing with early data.Vladimir Khomutov2024-04-10
| | | | | | | | | | | | | | | | The ngx_quic_run() function uses qc->close timer to limit the handshake duration. Normally it is removed by ngx_quic_do_init_streams() which is called once when we are done with initial SSL processing. The problem happens when the client sends early data and streams are initialized in the ngx_quic_run() -> ngx_quic_handle_datagram() call. The order of set/remove timer calls is now reversed; the close timer is set up and the timer fires when assigned, starting the unexpected connection close process. The fix is to skip setting the timer if streams were initialized during handling of the initial datagram. The idle timer for quic is set anyway, and stream-related timeouts are managed by application layer.
* Detect cache line size at runtime on macOS.Piotr Sikora2024-02-26
| | | | | | | Notably, Apple Silicon CPUs have 128 byte cache line size, which is twice the default configured for generic aarch64. Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
* Win32: fixed unique file index calculations.Piotr Sikora2024-02-26
| | | | | | The old code was breaking strict aliasing rules. Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
* Rewrite: fixed "return" directive without response text.Piotr Sikora2024-02-26
| | | | | | | | | Previously, the response text wasn't initialized and the rewrite module was sending response body set to NULL. Found with UndefinedBehaviorSanitizer (pointer-overflow). Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
* Fixed undefined behaviour with IPv4-mapped IPv6 addresses.Sergey Kandaurov2024-03-18
| | | | | | | | | | | | | | | | Previously, it could result when left-shifting signed integer due to implicit integer promotion, such that the most significant bit appeared on the sign bit. In practice, though, this results in the same left value as with an explicit cast, at least on known compilers, such as GCC and Clang. The reason is that in_addr_t, which is equivalent to uint32_t and same as "unsigned int" in ILP32 and LP64 data type models, has the same type width as the intermediate after integer promotion, so there's no side effects such as sign-extension. This explains why adding an explicit cast does not change object files in practice. Found with UndefinedBehaviorSanitizer (shift). Based on a patch by Piotr Sikora.
* Geo: fixed uninitialized memory access.Piotr Sikora2024-03-14
| | | | | | | | | | | | While copying ngx_http_variable_value_t structures to geo binary base in ngx_http_geo_copy_values(), and similarly in the stream module, uninitialized parts of these structures are copied as well. These include the "escape" field and possible holes. Calculating crc32 of this data triggers uninitialized memory access. Found with MemorySanitizer. Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
* Stream: $server_name.Sergey Kandaurov2024-03-22
|
* Stream: moved fastopen compatibility check.Roman Arutyunyan2024-01-18
| | | | The move makes the code look similar to the corresponding code in http module.
* Stream: the "setfib" parameter of the "listen" directive.Sergey Kandaurov2024-03-22
| | | | The FreeBSD SO_SETFIB support.
* Stream: the "accept_filter" parameter of the "listen" directive.Sergey Kandaurov2024-03-22
| | | | The FreeBSD accept filters support.
* Stream: the "deferred" parameter of the "listen" directive.Sergey Kandaurov2024-03-22
| | | | The Linux TCP_DEFER_ACCEPT support.
* Stream: reshuffled ngx_stream_listen_opt_t fields.Sergey Kandaurov2024-03-22
| | | | | | In preparation for adding more parameters to the listen directive, and to be in sync with the corresponding structure in the http module. No functional changes.
* Overhauled some diagnostic messages akin to 1b05b9bbcebf.Sergey Kandaurov2024-03-22
|
* Stream: using ngx_stream_ssl_srv_conf_t *sscf naming convention.Sergey Kandaurov2024-03-22
| | | | | | | | Originally, the stream module was developed based on the mail module, following the existing style. Then it was diverged to closely follow the http module development. This change updates style to use sscf naming convention troughout the stream module, which matches the http module code style. No functional changes.
* Stream: ngx_stream_pass_module.Roman Arutyunyan2024-02-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The module allows to pass connections from Stream to other modules such as HTTP or Mail, as well as back to Stream. Previously, this was only possible with proxying. Connections with preread buffer read out from socket cannot be passed. The module allows selective SSL termination based on SNI. stream { server { listen 8000 default_server; ssl_preread on; ... } server { listen 8000; server_name foo.example.com; pass 127.0.0.1:8001; # to HTTP } server { listen 8000; server_name bar.example.com; ... } } http { server { listen 8001 ssl; ... location / { root html; } } }
* Stream: virtual servers.Roman Arutyunyan2023-12-14
| | | | | | | | | Server name is taken either from ngx_stream_ssl_module or ngx_stream_ssl_preread_module. The change adds "default_server" parameter to the "listen" directive, as well as the following directives: "server_names_hash_max_size", "server_names_hash_bucket_size", "server_name" and "ssl_reject_handshake".
* Stream: socket peek in preread phase.Roman Arutyunyan2023-12-13
| | | | | | | | | | Previously, preread buffer was always read out from socket, which made it impossible to terminate SSL on the connection without introducing additional SSL BIOs. The following patches will rely on this. Now, when possible, recv(MSG_PEEK) is used instead, which keeps data in socket. It's called if SSL is not already terminated and if an egde-triggered event method is used. For epoll, EPOLLRDHUP support is also required.