Mercurial > hg > nginx
annotate src/event/ngx_event_timer.h @ 8144:6bee5e692579
SSL: logging levels of various errors reported with tlsfuzzer.
To further differentiate client-related errors and adjust logging levels
of various SSL errors, nginx was tested with tlsfuzzer with multiple
OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
1.0.0s, 0.9.8zh).
The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
and are clearly client-related:
SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
errors are now logged at the "info" level.
Additionally, the following errors were observed with OpenSSL 3.0.8 and
with TLSv1.3 enabled:
SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
Accordingly, the SSL_R_BAD_DIGEST_LENGTH ("bad digest length"),
SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs extension"),
SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
handshake data") errors are now logged at the "info" level.
Additionally, the following errors were observed with OpenSSL 1.1.1t:
SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
at the "info" level.
Additionally, the following errors were observed with OpenSSL 1.0.2u:
SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
logged at the "info" level.
No additional client-related errors were observed while testing with
OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
and OpenSSL 0.9.8zh.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 08 Mar 2023 22:21:59 +0300 |
parents | 3069dd358ba2 |
children |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
371
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
371
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
4412 | 4 * Copyright (C) Nginx, Inc. |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
371
diff
changeset
|
5 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
371
diff
changeset
|
6 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
371
diff
changeset
|
7 |
50
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #ifndef _NGX_EVENT_TIMER_H_INCLUDED_ |
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #define _NGX_EVENT_TIMER_H_INCLUDED_ |
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 #include <ngx_config.h> |
103
6dfda4cf5200
nginx-0.0.1-2003-06-11-19:28:34 import
Igor Sysoev <igor@sysoev.ru>
parents:
91
diff
changeset
|
13 #include <ngx_core.h> |
50
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
14 #include <ngx_event.h> |
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
15 |
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 |
501 | 17 #define NGX_TIMER_INFINITE (ngx_msec_t) -1 |
270
7bb9562216ce
nginx-0.0.2-2004-02-25-23:16:15 import
Igor Sysoev <igor@sysoev.ru>
parents:
230
diff
changeset
|
18 |
493 | 19 #define NGX_TIMER_LAZY_DELAY 300 |
20 | |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
21 |
270
7bb9562216ce
nginx-0.0.2-2004-02-25-23:16:15 import
Igor Sysoev <igor@sysoev.ru>
parents:
230
diff
changeset
|
22 ngx_int_t ngx_event_timer_init(ngx_log_t *log); |
206
9aa426375256
nginx-0.0.1-2003-12-05-10:11:46 import
Igor Sysoev <igor@sysoev.ru>
parents:
205
diff
changeset
|
23 ngx_msec_t ngx_event_find_timer(void); |
557 | 24 void ngx_event_expire_timers(void); |
6929
3069dd358ba2
Cancelable timers are now preserved if there are other timers.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5896
diff
changeset
|
25 ngx_int_t ngx_event_no_timers_left(void); |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
26 |
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
27 |
5894
1f513d7f1b45
Events: removed broken thread support from event timers.
Valentin Bartenev <vbart@nginx.com>
parents:
4412
diff
changeset
|
28 extern ngx_rbtree_t ngx_event_timer_rbtree; |
207
6e0fef527732
nginx-0.0.1-2003-12-05-20:07:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
206
diff
changeset
|
29 |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
30 |
493 | 31 static ngx_inline void |
32 ngx_event_del_timer(ngx_event_t *ev) | |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
33 { |
214
e0c502f15852
nginx-0.0.1-2003-12-22-12:40:48 import
Igor Sysoev <igor@sysoev.ru>
parents:
213
diff
changeset
|
34 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0, |
557 | 35 "event timer del: %d: %M", |
559 | 36 ngx_event_ident(ev->data), ev->timer.key); |
213
f536f91e8e99
nginx-0.0.1-2003-12-19-15:45:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
210
diff
changeset
|
37 |
559 | 38 ngx_rbtree_delete(&ngx_event_timer_rbtree, &ev->timer); |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
39 |
214
e0c502f15852
nginx-0.0.1-2003-12-22-12:40:48 import
Igor Sysoev <igor@sysoev.ru>
parents:
213
diff
changeset
|
40 #if (NGX_DEBUG) |
559 | 41 ev->timer.left = NULL; |
42 ev->timer.right = NULL; | |
43 ev->timer.parent = NULL; | |
214
e0c502f15852
nginx-0.0.1-2003-12-22-12:40:48 import
Igor Sysoev <igor@sysoev.ru>
parents:
213
diff
changeset
|
44 #endif |
e0c502f15852
nginx-0.0.1-2003-12-22-12:40:48 import
Igor Sysoev <igor@sysoev.ru>
parents:
213
diff
changeset
|
45 |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
46 ev->timer_set = 0; |
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
47 } |
50
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
48 |
b288069a8696
nginx-0.0.1-2003-01-23-21:47:54 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
49 |
493 | 50 static ngx_inline void |
51 ngx_event_add_timer(ngx_event_t *ev, ngx_msec_t timer) | |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
52 { |
561 | 53 ngx_msec_t key; |
54 ngx_msec_int_t diff; | |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
55 |
563 | 56 key = ngx_current_msec + timer; |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
57 |
303
00c5660d2707
nginx-0.0.3-2004-04-01-20:20:53 import
Igor Sysoev <igor@sysoev.ru>
parents:
275
diff
changeset
|
58 if (ev->timer_set) { |
304
bcbe876f4262
nginx-0.0.3-2004-04-02-09:14:40 import
Igor Sysoev <igor@sysoev.ru>
parents:
303
diff
changeset
|
59 |
bcbe876f4262
nginx-0.0.3-2004-04-02-09:14:40 import
Igor Sysoev <igor@sysoev.ru>
parents:
303
diff
changeset
|
60 /* |
1807 | 61 * Use a previous timer value if difference between it and a new |
62 * value is less than NGX_TIMER_LAZY_DELAY milliseconds: this allows | |
63 * to minimize the rbtree operations for fast connections. | |
304
bcbe876f4262
nginx-0.0.3-2004-04-02-09:14:40 import
Igor Sysoev <igor@sysoev.ru>
parents:
303
diff
changeset
|
64 */ |
bcbe876f4262
nginx-0.0.3-2004-04-02-09:14:40 import
Igor Sysoev <igor@sysoev.ru>
parents:
303
diff
changeset
|
65 |
561 | 66 diff = (ngx_msec_int_t) (key - ev->timer.key); |
557 | 67 |
68 if (ngx_abs(diff) < NGX_TIMER_LAZY_DELAY) { | |
303
00c5660d2707
nginx-0.0.3-2004-04-01-20:20:53 import
Igor Sysoev <igor@sysoev.ru>
parents:
275
diff
changeset
|
69 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, ev->log, 0, |
557 | 70 "event timer: %d, old: %M, new: %M", |
559 | 71 ngx_event_ident(ev->data), ev->timer.key, key); |
303
00c5660d2707
nginx-0.0.3-2004-04-01-20:20:53 import
Igor Sysoev <igor@sysoev.ru>
parents:
275
diff
changeset
|
72 return; |
00c5660d2707
nginx-0.0.3-2004-04-01-20:20:53 import
Igor Sysoev <igor@sysoev.ru>
parents:
275
diff
changeset
|
73 } |
00c5660d2707
nginx-0.0.3-2004-04-01-20:20:53 import
Igor Sysoev <igor@sysoev.ru>
parents:
275
diff
changeset
|
74 |
00c5660d2707
nginx-0.0.3-2004-04-01-20:20:53 import
Igor Sysoev <igor@sysoev.ru>
parents:
275
diff
changeset
|
75 ngx_del_timer(ev); |
00c5660d2707
nginx-0.0.3-2004-04-01-20:20:53 import
Igor Sysoev <igor@sysoev.ru>
parents:
275
diff
changeset
|
76 } |
00c5660d2707
nginx-0.0.3-2004-04-01-20:20:53 import
Igor Sysoev <igor@sysoev.ru>
parents:
275
diff
changeset
|
77 |
559 | 78 ev->timer.key = key; |
303
00c5660d2707
nginx-0.0.3-2004-04-01-20:20:53 import
Igor Sysoev <igor@sysoev.ru>
parents:
275
diff
changeset
|
79 |
557 | 80 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, ev->log, 0, |
81 "event timer add: %d: %M:%M", | |
559 | 82 ngx_event_ident(ev->data), timer, ev->timer.key); |
213
f536f91e8e99
nginx-0.0.1-2003-12-19-15:45:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
210
diff
changeset
|
83 |
559 | 84 ngx_rbtree_insert(&ngx_event_timer_rbtree, &ev->timer); |
205
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
85 |
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
86 ev->timer_set = 1; |
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
87 } |
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
88 |
4a9a2b1dd6fa
nginx-0.0.1-2003-12-04-17:53:00 import
Igor Sysoev <igor@sysoev.ru>
parents:
195
diff
changeset
|
89 |
59
e8cdc2989cee
nginx-0.0.1-2003-02-06-20:21:13 import
Igor Sysoev <igor@sysoev.ru>
parents:
53
diff
changeset
|
90 #endif /* _NGX_EVENT_TIMER_H_INCLUDED_ */ |