Commit Graph

8285 Commits

Author SHA1 Message Date
Sergey Kandaurov
0e7c9ddb27 Updated OpenSSL used for win32 builds. 2024-10-02 19:13:19 +04:00
Sergey Kandaurov
5917e9de5a SSL: caching CA certificates.
This can potentially provide a large amount of savings,
because CA certificates can be quite large.

Based on previous work by Mini Hawthorne.
2024-10-01 17:59:24 +04:00
Sergey Kandaurov
61314518de SSL: caching CRLs.
Based on previous work by Mini Hawthorne.
2024-10-01 17:59:24 +04:00
Sergey Kandaurov
7ea2fb6cb1 SSL: caching certificate keys.
EVP_KEY objects are a reference-counted container for key material, shallow
copies and OpenSSL stack management aren't needed as with certificates.

Based on previous work by Mini Hawthorne.
2024-10-01 17:59:24 +04:00
Sergey Kandaurov
78ed123e71 SSL: caching certificates.
Certificate chains are now loaded once.

The certificate cache provides each chain as a unique stack of reference
counted elements.  This shallow copy is required because OpenSSL stacks
aren't reference counted.

Based on previous work by Mini Hawthorne.
2024-10-01 17:59:24 +04:00
Sergey Kandaurov
7d7e8d2cb8 SSL: object caching.
Added ngx_openssl_cache_module, which indexes a type-aware object cache.
It maps an id to a unique instance, and provides references to it, which
are dropped when the cycle's pool is destroyed.

The cache will be used in subsequent patches.

Based on previous work by Mini Hawthorne.
2024-10-01 17:59:24 +04:00
Sergey Kandaurov
f36ff3550a SSL: moved certificate storage out of exdata.
Instead of cross-linking the objects using exdata, pointers to configured
certificates are now stored in ngx_ssl_t, and OCSP staples are now accessed
with rbtree in it.  This allows sharing these objects between SSL contexts.

Based on previous work by Mini Hawthorne.
2024-10-01 17:59:24 +04:00
tzssangglass
51857ce404 Fixed a typo of bpf makefile debug option. 2024-09-24 18:58:30 +04:00
Michael Vernik
b1e07409b1 Added new primary README.md file. 2024-09-20 09:57:11 -07:00
Sergey Kandaurov
18afcda938 SSL: optional ssl_client_certificate for ssl_verify_client.
Starting from TLSv1.1 (as seen since draft-ietf-tls-rfc2246-bis-00),
the "certificate_authorities" field grammar of the CertificateRequest
message was redone to allow no distinguished names.  In TLSv1.3, with
the restructured CertificateRequest message, this can be similarly
done by optionally including the "certificate_authorities" extension.
This allows to avoid sending DNs at all.

In practice, aside from published TLS specifications, all supported
SSL/TLS libraries allow to request client certificates with an empty
DN list for any protocol version.  For instance, when operating in
TLSv1, this results in sending the "certificate_authorities" list as
a zero-length vector, which corresponds to the TLSv1.1 specification.
Such behaviour goes back to SSLeay.

The change relaxes the requirement to specify at least one trusted CA
certificate in the ssl_client_certificate directive, which resulted in
sending DNs of these certificates (closes #142).  Instead, all trusted
CA certificates can be specified now using the ssl_trusted_certificate
directive if needed.  A notable difference that certificates specified
in ssl_trusted_certificate are always loaded remains (see 3648ba7db).

Co-authored-by: Praveen Chaudhary <praveenc@nvidia.com>
2024-09-20 14:43:00 +04:00
Sergey Kandaurov
1a64c196a7 Proxy: proxy_pass_trailers directive.
The directive allows to pass upstream response trailers to client.
2024-09-13 16:47:56 +04:00
Shaikh Yaser
00637cce36 Fixed a typo in win-utf. 2024-09-06 15:35:59 +04:00
Konstantin Pavlov
042b9cc4db Added CI based on GitHub Actions.
Pushes to master and stable branches will result in buildbot-like checks
on multiple OSes and architectures.

Pull requests will be checked on a public Ubuntu GitHub runner.
2024-09-04 20:01:47 +04:00
Maryna Herasimovich
082a3cbe3b Added GitHub templates. 2024-09-04 19:11:12 +04:00
Maryna Herasimovich
da468ec0c0 Added contributing guidelines. 2024-09-03 16:28:45 +04:00
Maryna Herasimovich
3b16b46aae Added security policy. 2024-09-02 20:10:28 +04:00
Maryna Herasimovich
e73ac62294 Added Code of Conduct. 2024-09-02 17:33:50 +04:00
Roman Arutyunyan
6bb4be1a79 Removed C-style comments from LICENSE. 2024-08-30 18:06:39 +04:00
Roman Arutyunyan
863ab647cd Moved LICENSE and README to root. 2024-08-30 18:06:39 +04:00
Roman Arutyunyan
81a933e1f6 Switched GNUmakefile from hg to git. 2024-08-30 18:06:39 +04:00
Roman Arutyunyan
900f4dc48c Removed .hgtags file. 2024-08-30 18:06:39 +04:00
Sergey Kandaurov
fb89d50eeb Stream: OCSP stapling. 2024-08-22 14:57:46 +04:00
Sergey Kandaurov
581cf22673 Stream: client certificate validation with OCSP. 2024-08-22 14:57:45 +04:00
Sergey Kandaurov
48ac1ee9c6 Version bump. 2024-08-20 21:18:30 +04:00
Sergey Kandaurov
a4100450c0 release-1.27.1 tag 2024-08-12 18:21:01 +04:00
Sergey Kandaurov
e06bdbd4a2 nginx-1.27.1-RELEASE 2024-08-12 18:20:52 +04:00
Sergey Kandaurov
c165589d09 Updated OpenSSL used for win32 builds. 2024-08-12 18:20:49 +04:00
Roman Arutyunyan
88955b1044 Mp4: rejecting unordered chunks in stsc atom.
Unordered chunks could result in trak->end_chunk smaller than trak->start_chunk
in ngx_http_mp4_crop_stsc_data().  Later in ngx_http_mp4_update_stco_atom()
this caused buffer overread while trying to calculate trak->end_offset.
2024-08-12 18:20:45 +04:00
Roman Arutyunyan
7362d01658 Mp4: fixed buffer underread while updating stsz atom.
While cropping an stsc atom in ngx_http_mp4_crop_stsc_data(), a 32-bit integer
overflow could happen, which could result in incorrect seeking and a very large
value stored in "samples".  This resulted in a large invalid value of
trak->end_chunk_samples.  This value is further used to calculate the value of
trak->end_chunk_samples_size in ngx_http_mp4_update_stsz_atom().  While doing
this, a large invalid value of trak->end_chunk_samples could result in reading
memory before stsz atom start.  This could potentially result in a segfault.
2024-08-12 18:20:43 +04:00
Sergey Kandaurov
0fa8434957 Stream ssl_preread: do not reallocate a parsed SNI host.
We own this memory from the session pool.
2024-08-09 19:12:26 +04:00
Sergey Kandaurov
504c78fc6d QUIC: zero out existing keying material only.
Previously, this used to have extra ngx_explicit_memzero() calls
from within ngx_quic_keys_cleanup(), which might be suboptimal.
2024-08-09 19:12:26 +04:00
Sergey Kandaurov
58b92177e7 QUIC: discarding 0-RTT keys.
For simplicity, this is done on successful decryption of a 1-RTT packet.
2024-08-09 19:12:25 +04:00
Sergey Kandaurov
250baed4ee Typo fixed. 2024-08-09 19:12:23 +04:00
Sergey Kandaurov
6ecc4e3807 Version bump. 2024-08-09 18:01:42 +04:00
Kasei Wang
145b228530 HTTP/2: close connections initialized during graceful shutdown.
In some rare cases, graceful shutdown may happen while initializing an HTTP/2
connection.  Previously, such a connection ignored the shutdown and remained
active.  Now it is gracefully closed prior to processing any streams to
eliminate the shutdown delay.
2024-07-18 17:43:25 +04:00
Roman Arutyunyan
788e462c5b Stream: allow servers with no handler.
Previously handlers were mandatory.  However they are not always needed.
For example, a server configured with ssl_reject_handshake does not need a
handler.  Such servers required a fake handler to pass the check.  Now handler
absence check is moved to runtime.  If handler is missing, the connection is
closed with 500 code.
2024-06-27 17:29:56 +04:00
Sergey Kandaurov
e734df6664 release-1.27.0 tag 2024-05-28 17:22:30 +04:00
Sergey Kandaurov
0ddcae05b6 nginx-1.27.0-RELEASE 2024-05-28 17:19:38 +04:00
Sergey Kandaurov
34bd899287 HTTP/3: fixed handling of zero-length literal field line.
Previously, st->value was passed with NULL data pointer to header handlers.
2024-05-28 17:20:45 +04:00
Roman Arutyunyan
9ddc6a08f4 QUIC: ngx_quic_buffer_t use-after-free protection.
Previously the last chain field of ngx_quic_buffer_t could still reference freed
chains and buffers after calling ngx_quic_free_buffer().  While normally an
ngx_quic_buffer_t object should not be used after freeing, resetting last_chain
field would prevent a potential use-after-free.
2024-05-28 17:19:21 +04:00
Roman Arutyunyan
6f8c520f49 QUIC: ignore CRYPTO frames after handshake completion.
Sending handshake-level CRYPTO frames after the client's Finished message could
lead to memory disclosure and a potential segfault, if those frames are sent in
one packet with the Finished frame.
2024-05-28 17:19:08 +04:00
Roman Arutyunyan
cca5655dd9 HTTP/3: fixed dynamic table overflow.
While inserting a new entry into the dynamic table, first the entry is added,
and then older entries are evicted until table size is within capacity.  After
the first step, the number of entries may temporarily exceed the maximum
calculated from capacity by one entry, which previously caused table overflow.

The easiest way to trigger the issue is to keep adding entries with empty names
and values until first eviction.

The issue was introduced by 987bee4363d1.
2024-05-28 17:18:50 +04:00
Roman Arutyunyan
0fd59c8b56 HTTP/3: decoder stream pre-creation.
Previously a decoder stream was created on demand for sending Section
Acknowledgement, Stream Cancellation and Insert Count Increment.  If conditions
for sending any of these instructions never happen, a decoder stream is not
created at all.  These conditions include client not using the dynamic table and
no streams abandoned by server (RFC 9204, Section 2.2.2.2).  However RFC 9204,
Section 4.2 defines only one condition for not creating a decoder stream:

   An endpoint MAY avoid creating a decoder stream if its decoder sets
   the maximum capacity of the dynamic table to zero.

The change enables pre-creation of the decoder stream at HTTP/3 session
initialization if maximum dynamic table capacity is not zero.  Note that this
value is currently hardcoded to 4096 bytes and is not configurable, so the
stream is now always created.

Also, the change fixes a potential stack overflow when creating a decoder
stream in ngx_http_v3_send_cancel_stream() while draining a request stream by
ngx_drain_connections().  Creating a decoder stream involves calling
ngx_get_connection(), which calls ngx_drain_connections(), which will drain the
same request stream again.  If client's MAX_STREAMS for uni stream is high
enough, these recursive calls will continue until we run out of stack.
Otherwise, decoder stream creation will fail at some point and the request
stream connection will be drained.  This may result in use-after-free, since
this connection could still be referenced up the stack.
2024-05-28 17:18:28 +04:00
Sergey Kandaurov
683e304e8b QUIC: client transport parameter data length checking. 2024-05-28 17:17:19 +04:00
J Carter
71ca978a35 Upstream: variables support in proxy_limit_rate and friends. 2023-11-25 21:57:09 +00:00
Roman Arutyunyan
ea8270c614 Optimized chain link usage (ticket #2614).
Previously chain links could sometimes be dropped instead of being reused,
which could result in increased memory consumption during long requests.

A similar chain link issue in ngx_http_gzip_filter_module was fixed in
da46bfc484ef (1.11.10).

Based on a patch by Sangmin Lee.
2024-05-23 19:15:38 +04:00
Edgar Bonet
efc6a217b9 Configure: fixed building libatomic test.
Using "long *" instead of "AO_t *" leads either to -Wincompatible-pointer-types
or -Wpointer-sign warnings, depending on whether long and size_t are compatible
types (e.g., ILP32 versus LP64 data models).  Notably, -Wpointer-sign warnings
are enabled by default in Clang only, and -Wincompatible-pointer-types is an
error starting from GCC 14.

Signed-off-by: Edgar Bonet <bonet@grenoble.cnrs.fr>
2024-05-16 11:15:10 +02:00
Roman Arutyunyan
489e1e6191 Stream pass: disabled passing from or to udp.
Passing from udp was not possible for the most part due to preread buffer
restriction.  Passing to udp could occasionally work, but the connection would
still be bound to the original listen rbtree, which prevented it from being
deleted on connection closure.
2024-05-03 20:26:05 +04:00
Sergey Kandaurov
6f7494081a SSL: fixed possible configuration overwrite loading "engine:" keys.
When loading certificate keys via ENGINE_load_private_key() in runtime,
it was possible to overwrite configuration on ENGINE_by_id() failure.
OpenSSL documention doesn't describe errors in details, the only reason
I found in the comment to example is when the engine is not available.
2024-05-03 20:29:01 +04:00
Sergey Kandaurov
a7e3cd52e0 HTTP/3: fixed handling of malformed request body length.
Previously, a request body larger than declared in Content-Length resulted in
a 413 status code, because Content-Length was mistakenly used as the maximum
allowed request body, similar to client_max_body_size.  Following the HTTP/3
specification, such requests are now rejected with the 400 error as malformed.
2024-05-03 20:28:32 +04:00