nginx: src/event/ngx_event_openssl.c comparison

comparison src/event/ngx_event_openssl.c @ 8084:0f3d98e4bcc5

SSL: automatic rotation of session ticket keys. As long as ssl_session_cache in shared memory is configured, session ticket keys are now automatically generated in shared memory, and rotated periodically. This can be beneficial from forward secrecy point of view, and also avoids increased CPU usage after configuration reloads. This also helps BoringSSL to properly resume sessions in configurations with multiple worker processes and no ssl_session_ticket_key directives, as BoringSSL tries to automatically rotate session ticket keys and does this independently in different worker processes, thus breaking session resumption between worker processes.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Wed, 12 Oct 2022 20:14:53 +0300
parents	e13a271bdd40
children	043006e5a0b1

comparison

equal deleted inserted replaced

-:e13a271bdd40
+:0f3d98e4bcc5
 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
 static int ngx_ssl_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx,
 HMAC_CTX *hctx, int enc);
+static ngx_int_t ngx_ssl_rotate_ticket_keys(SSL_CTX *ssl_ctx, ngx_log_t *log);
 static void ngx_ssl_ticket_keys_cleanup(void *data);
 #endif
 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
 ngx_rbtree_init(&cache->session_rbtree, &cache->sentinel,
 ngx_ssl_session_rbtree_insert_value);
 ngx_queue_init(&cache->expire_queue);
+cache->ticket_keys[0].expire = 0;
+cache->ticket_keys[1].expire = 0;
 cache->fail_time = 0;
 len = sizeof(" in SSL session shared cache \"\"") + shm_zone->shm.name.len;
 shpool->log_ctx = ngx_slab_alloc(shpool, len);
 ngx_array_t           *keys;
 ngx_file_info_t        fi;
 ngx_pool_cleanup_t    *cln;
 ngx_ssl_ticket_key_t  *key;
-if (paths == NULL) {
+if (paths == NULL
+&& SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_session_cache_index) == NULL)
+{
 return NGX_OK;
 }
-keys = ngx_array_create(cf->pool, paths->nelts,
+keys = ngx_array_create(cf->pool, paths ? paths->nelts : 2,
 sizeof(ngx_ssl_ticket_key_t));
 if (keys == NULL) {
 return NGX_ERROR;
 }
 return NGX_ERROR;
 }
 cln->handler = ngx_ssl_ticket_keys_cleanup;
 cln->data = keys;
-path = paths->elts;
-for (i = 0; i < paths->nelts; i++) {
-if (ngx_conf_full_name(cf->cycle, &path[i], 1) != NGX_OK) {
-return NGX_ERROR;
-}
-ngx_memzero(&file, sizeof(ngx_file_t));
-file.name = path[i];
-file.log = cf->log;
-file.fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY,
-NGX_FILE_OPEN, 0);
-if (file.fd == NGX_INVALID_FILE) {
-ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
-ngx_open_file_n " \"%V\" failed", &file.name);
-return NGX_ERROR;
-}
-if (ngx_fd_info(file.fd, &fi) == NGX_FILE_ERROR) {
-ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
-ngx_fd_info_n " \"%V\" failed", &file.name);
-goto failed;
-}
-size = ngx_file_size(&fi);
-if (size != 48 && size != 80) {
-ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
-"\"%V\" must be 48 or 80 bytes", &file.name);
-goto failed;
-}
-n = ngx_read_file(&file, buf, size, 0);
-if (n == NGX_ERROR) {
-ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
-ngx_read_file_n " \"%V\" failed", &file.name);
-goto failed;
-}
-if ((size_t) n != size) {
-ngx_conf_log_error(NGX_LOG_CRIT, cf, 0,
-ngx_read_file_n " \"%V\" returned only "
-"%z bytes instead of %uz", &file.name, n, size);
-goto failed;
-}
-key = ngx_array_push(keys);
-if (key == NULL) {
-goto failed;
-}
-if (size == 48) {
-key->size = 48;
-ngx_memcpy(key->name, buf, 16);
-ngx_memcpy(key->aes_key, buf + 16, 16);
-ngx_memcpy(key->hmac_key, buf + 32, 16);
-} else {
-key->size = 80;
-ngx_memcpy(key->name, buf, 16);
-ngx_memcpy(key->hmac_key, buf + 16, 32);
-ngx_memcpy(key->aes_key, buf + 48, 32);
-}
-if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
-ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
-ngx_close_file_n " \"%V\" failed", &file.name);
-}
-ngx_explicit_memzero(&buf, 80);
-}
 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_ticket_keys_index, keys) == 0) {
 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
 "SSL_CTX_set_ex_data() failed");
 return NGX_ERROR;
 ngx_log_error(NGX_LOG_WARN, cf->log, 0,
 "nginx was built with Session Tickets support, however, "
 "now it is linked dynamically to an OpenSSL library "
 "which has no tlsext support, therefore Session Tickets "
 "are not available");
+return NGX_OK;
+}
+if (paths == NULL) {
+/* placeholder for keys in shared memory */
+key = ngx_array_push_n(keys, 2);
+key[0].shared = 1;
+key[1].shared = 1;
+return NGX_OK;
+}
+path = paths->elts;
+for (i = 0; i < paths->nelts; i++) {
+if (ngx_conf_full_name(cf->cycle, &path[i], 1) != NGX_OK) {
+return NGX_ERROR;
+}
+ngx_memzero(&file, sizeof(ngx_file_t));
+file.name = path[i];
+file.log = cf->log;
+file.fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY,
+NGX_FILE_OPEN, 0);
+if (file.fd == NGX_INVALID_FILE) {
+ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
+ngx_open_file_n " \"%V\" failed", &file.name);
+return NGX_ERROR;
+}
+if (ngx_fd_info(file.fd, &fi) == NGX_FILE_ERROR) {
+ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
+ngx_fd_info_n " \"%V\" failed", &file.name);
+goto failed;
+}
+size = ngx_file_size(&fi);
+if (size != 48 && size != 80) {
+ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+"\"%V\" must be 48 or 80 bytes", &file.name);
+goto failed;
+}
+n = ngx_read_file(&file, buf, size, 0);
+if (n == NGX_ERROR) {
+ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
+ngx_read_file_n " \"%V\" failed", &file.name);
+goto failed;
+}
+if ((size_t) n != size) {
+ngx_conf_log_error(NGX_LOG_CRIT, cf, 0,
+ngx_read_file_n " \"%V\" returned only "
+"%z bytes instead of %uz", &file.name, n, size);
+goto failed;
+}
+key = ngx_array_push(keys);
+if (key == NULL) {
+goto failed;
+}
+key->shared = 0;
+if (size == 48) {
+key->size = 48;
+ngx_memcpy(key->name, buf, 16);
+ngx_memcpy(key->aes_key, buf + 16, 16);
+ngx_memcpy(key->hmac_key, buf + 32, 16);
+} else {
+key->size = 80;
+ngx_memcpy(key->name, buf, 16);
+ngx_memcpy(key->hmac_key, buf + 16, 32);
+ngx_memcpy(key->aes_key, buf + 48, 32);
+}
+if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
+ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
+ngx_close_file_n " \"%V\" failed", &file.name);
+}
+ngx_explicit_memzero(&buf, 80);
 }
 return NGX_OK;
 failed:
 const EVP_CIPHER      *cipher;
 c = ngx_ssl_get_connection(ssl_conn);
 ssl_ctx = c->ssl->session_ctx;
+if (ngx_ssl_rotate_ticket_keys(ssl_ctx, c->log) != NGX_OK) {
+return -1;
+}
 #ifdef OPENSSL_NO_SHA256
 digest = EVP_sha1();
 #else
 digest = EVP_sha256();
 #endif
 return 2;
 }
 return 1;
 }
+}
+static ngx_int_t
+ngx_ssl_rotate_ticket_keys(SSL_CTX *ssl_ctx, ngx_log_t *log)
+{
+time_t                    now, expire;
+ngx_array_t              *keys;
+ngx_shm_zone_t           *shm_zone;
+ngx_slab_pool_t          *shpool;
+ngx_ssl_ticket_key_t     *key;
+ngx_ssl_session_cache_t  *cache;
+u_char                    buf[80];
+keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_ticket_keys_index);
+if (keys == NULL) {
+return NGX_OK;
+}
+key = keys->elts;
+if (!key[0].shared) {
+return NGX_OK;
+}
+now = ngx_time();
+expire = now + SSL_CTX_get_timeout(ssl_ctx);
+shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
+cache = shm_zone->data;
+shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
+ngx_shmtx_lock(&shpool->mutex);
+key = cache->ticket_keys;
+if (key[0].expire == 0) {
+/* initialize the current key */
+if (RAND_bytes(buf, 80) != 1) {
+ngx_ssl_error(NGX_LOG_ALERT, log, 0, "RAND_bytes() failed");
+ngx_shmtx_unlock(&shpool->mutex);
+return NGX_ERROR;
+}
+key->shared = 1;
+key->expire = expire;
+key->size = 80;
+ngx_memcpy(key->name, buf, 16);
+ngx_memcpy(key->hmac_key, buf + 16, 32);
+ngx_memcpy(key->aes_key, buf + 48, 32);
+ngx_explicit_memzero(&buf, 80);
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,
+"ssl ticket key: \"%*xs\"",
+(size_t) 16, key->name);
+}
+if (key[1].expire < now) {
+/*
+* if the previous key is no longer needed (or not initialized),
+* replace it with the current key and generate new current key
+*/
+key[1] = key[0];
+if (RAND_bytes(buf, 80) != 1) {
+ngx_ssl_error(NGX_LOG_ALERT, log, 0, "RAND_bytes() failed");
+ngx_shmtx_unlock(&shpool->mutex);
+return NGX_ERROR;
+}
+key->shared = 1;
+key->expire = expire;
+key->size = 80;
+ngx_memcpy(key->name, buf, 16);
+ngx_memcpy(key->hmac_key, buf + 16, 32);
+ngx_memcpy(key->aes_key, buf + 48, 32);
+ngx_explicit_memzero(&buf, 80);
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,
+"ssl ticket key: \"%*xs\"",
+(size_t) 16, key->name);
+}
+/*
+* update expiration of the current key: it is going to be needed
+* at least till the session being created expires
+*/
+if (expire > key[0].expire) {
+key[0].expire = expire;
+}
+/* sync keys to the worker process memory */
+ngx_memcpy(keys->elts, cache->ticket_keys,
+2 * sizeof(ngx_ssl_ticket_key_t));
+ngx_shmtx_unlock(&shpool->mutex);
+return NGX_OK;
 }
 static void
 ngx_ssl_ticket_keys_cleanup(void *data)

Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 8084:0f3d98e4bcc5