Mercurial > hg > nginx

annotate src/core/ngx_sha1.h @ 7360:8f25a44d9add

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: logging level of "no suitable key share". The "no suitable key share" errors are reported by OpenSSL 1.1.1 when using TLSv1.3 if there are no shared groups (that is, elliptic curves). In particular, it is easy enough to trigger by using only a single curve in ssl_ecdh_curve: ssl_ecdh_curve secp384r1; and using a different curve in the client: openssl s_client -connect 127.0.0.1:443 -curves prime256v1 On the client side it is seen as "sslv3 alert handshake failure", "SSL alert number 40": 0:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40 It can be also triggered with default ssl_ecdh_curve by using a curve which is not in the default list (X25519, prime256v1, X448, secp521r1, secp384r1): openssl s_client -connect 127.0.0.1:8443 -curves brainpoolP512r1 Given that many clients hardcode prime256v1, these errors might become a common problem with TLSv1.3 if ssl_ecdh_curve is redefined. Previously this resulted in not using ECDH with such clients, but with TLSv1.3 it is no longer possible and will result in a handshake failure. The SSL_R_NO_SHARED_GROUP error is what BoringSSL returns in the same situation. Seen at: https://serverfault.com/questions/932102/nginx-ssl-handshake-error-no-suitable-key-share
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 25 Sep 2018 13:59:53 +0300
parents 9eefb38f0005
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1573
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
1
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
2 /*
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
3 * Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 1598
diff changeset
4 * Copyright (C) Nginx, Inc.
1573
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
5 */
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
6
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 #ifndef _NGX_SHA1_H_INCLUDED_
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
9 #define _NGX_SHA1_H_INCLUDED_
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
10
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
11
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
12 #include <ngx_config.h>
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
13 #include <ngx_core.h>
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
14
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
15
6586
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
16 typedef struct {
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
17 uint64_t bytes;
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
18 uint32_t a, b, c, d, e, f;
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
19 u_char buffer[64];
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
20 } ngx_sha1_t;
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
21
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
22
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
23 void ngx_sha1_init(ngx_sha1_t *ctx);
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
24 void ngx_sha1_update(ngx_sha1_t *ctx, const void *data, size_t size);
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
25 void ngx_sha1_final(u_char result[20], ngx_sha1_t *ctx);
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
26
1064ea81ed3a An internal SHA1 implementation.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
27
1573
8f911d6d0d70 ngx_sha1.h
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
28 #endif /* _NGX_SHA1_H_INCLUDED_ */