nginx: src/event/ngx_event_openssl.c comparison

comparison src/event/ngx_event_openssl.c @ 9035:3be953161026 quic

Merged with the default branch.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Thu, 20 Oct 2022 16:41:36 +0400
parents	b30bec3d71d6 81b4326daac7
children	91ad1abfb285

comparison

equal deleted inserted replaced

-:79cd6993a3e3
+:3be953161026
 ngx_slab_pool_t *shpool, ngx_uint_t n);
 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
-static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
+static int ngx_ssl_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx,
 HMAC_CTX *hctx, int enc);
-static void ngx_ssl_session_ticket_keys_cleanup(void *data);
+static ngx_int_t ngx_ssl_rotate_ticket_keys(SSL_CTX *ssl_ctx, ngx_log_t *log);
+static void ngx_ssl_ticket_keys_cleanup(void *data);
 #endif
 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
 #endif
 int  ngx_ssl_connection_index;
 int  ngx_ssl_server_conf_index;
 int  ngx_ssl_session_cache_index;
-int  ngx_ssl_session_ticket_keys_index;
+int  ngx_ssl_ticket_keys_index;
 int  ngx_ssl_ocsp_index;
 int  ngx_ssl_certificate_index;
 int  ngx_ssl_next_certificate_index;
 int  ngx_ssl_certificate_name_index;
 int  ngx_ssl_stapling_index;
 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
 "SSL_CTX_get_ex_new_index() failed");
 return NGX_ERROR;
 }
-ngx_ssl_session_ticket_keys_index = SSL_CTX_get_ex_new_index(0, NULL, NULL,
+ngx_ssl_ticket_keys_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
-NULL, NULL);
+NULL);
-if (ngx_ssl_session_ticket_keys_index == -1) {
+if (ngx_ssl_ticket_keys_index == -1) {
 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
 "SSL_CTX_get_ex_new_index() failed");
 return NGX_ERROR;
 }
 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
 if (c->ssl->handshaked) {
 c->ssl->renegotiation = 1;
 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation");
+}
+}
+#endif
+#ifdef TLS1_3_VERSION
+if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP
+&& SSL_version(ssl_conn) == TLS1_3_VERSION)
+{
+time_t        now, time, timeout, conf_timeout;
+SSL_SESSION  *sess;
+/*
+* OpenSSL with TLSv1.3 updates the session creation time on
+* session resumption and keeps the session timeout unmodified,
+* making it possible to maintain the session forever, bypassing
+* client certificate expiration and revocation.  To make sure
+* session timeouts are actually used, we now update the session
+* creation time and reduce the session timeout accordingly.
+*
+* BoringSSL with TLSv1.3 ignores configured session timeouts
+* and uses a hardcoded timeout instead, 7 days.  So we update
+* session timeout to the configured value as soon as a session
+* is created.
+*/
+c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
+sess = SSL_get0_session(ssl_conn);
+if (!c->ssl->session_timeout_set && sess) {
+c->ssl->session_timeout_set = 1;
+now = ngx_time();
+time = SSL_SESSION_get_time(sess);
+timeout = SSL_SESSION_get_timeout(sess);
+conf_timeout = SSL_CTX_get_timeout(c->ssl->session_ctx);
+timeout = ngx_min(timeout, conf_timeout);
+if (now - time >= timeout) {
+SSL_SESSION_set1_id_context(sess, (unsigned char *) "", 0);
+} else {
+SSL_SESSION_set_time(sess, now);
+SSL_SESSION_set_timeout(sess, timeout - (now - time));
+}
 }
 }
 #endif
 * does for ciphers.
 */
 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
-#if SSL_CTRL_SET_ECDH_AUTO
+#ifdef SSL_CTRL_SET_ECDH_AUTO
 /* not needed in OpenSSL 1.1.0+ */
-SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
+(void) SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
 #endif
 if (ngx_strcmp(name->data, "auto") == 0) {
 return NGX_OK;
 }
 #endif
 #endif
 #endif
-#ifdef BIO_get_ktls_send
+#if (defined BIO_get_ktls_send && !NGX_WIN32)
 if (BIO_get_ktls_send(SSL_get_wbio(c->ssl->connection)) == 1) {
 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "BIO_get_ktls_send(): 1");
 c->ssl->sendfile = 1;
 c->send_chain = ngx_ssl_send_chain;
 c->read->ready = 1;
 c->write->ready = 1;
-#ifdef BIO_get_ktls_send
+#if (defined BIO_get_ktls_send && !NGX_WIN32)
 if (BIO_get_ktls_send(SSL_get_wbio(c->ssl->connection)) == 1) {
 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "BIO_get_ktls_send(): 1");
 c->ssl->sendfile = 1;
 static ssize_t
 ngx_ssl_sendfile(ngx_connection_t *c, ngx_buf_t *file, size_t size)
 {
-#ifdef BIO_get_ktls_send
+#if (defined BIO_get_ktls_send && !NGX_WIN32)
 int        sslerr, flags;
 ssize_t    n;
 ngx_err_t  err;
 #ifdef SSL_R_CERT_CB_ERROR
 || n == SSL_R_CERT_CB_ERROR                              /*  377 */
 #endif
 #ifdef SSL_R_VERSION_TOO_LOW
 || n == SSL_R_VERSION_TOO_LOW                            /*  396 */
+#endif
+#ifdef SSL_R_BAD_RECORD_TYPE
+|| n == SSL_R_BAD_RECORD_TYPE                            /*  443 */
 #endif
 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
 #ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE
 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             /* 1010 */
 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 /* 1020 */
 ngx_rbtree_init(&cache->session_rbtree, &cache->sentinel,
 ngx_ssl_session_rbtree_insert_value);
 ngx_queue_init(&cache->expire_queue);
+cache->ticket_keys[0].expire = 0;
+cache->ticket_keys[1].expire = 0;
+cache->ticket_keys[2].expire = 0;
+cache->fail_time = 0;
 len = sizeof(" in SSL session shared cache \"\"") + shm_zone->shm.name.len;
 shpool->log_ctx = ngx_slab_alloc(shpool, len);
 if (shpool->log_ctx == NULL) {
 return NGX_ERROR;
 }
 /*
 * The length of the session id is 16 bytes for SSLv2 sessions and
-* between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes.
+* between 1 and 32 bytes for SSLv3 and TLS, typically 32 bytes.
-* It seems that the typical length of the external ASN1 representation
+* Typical length of the external ASN1 representation of a session
-* of a session is 118 or 119 bytes for SSLv3/TSLv1.
+* is about 150 bytes plus SNI server name.
 *
-* Thus on 32-bit platforms we allocate separately an rbtree node,
+* On 32-bit platforms we allocate an rbtree node, a session id, and
-* a session id, and an ASN1 representation, they take accordingly
+* an ASN1 representation in a single allocation, it typically takes
-* 64, 32, and 128 bytes.
+* 256 bytes.
 *
 * On 64-bit platforms we allocate separately an rbtree node + session_id,
-* and an ASN1 representation, they take accordingly 128 and 128 bytes.
+* and an ASN1 representation, they take accordingly 128 and 256 bytes.
 *
 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
 * so they are outside the code locked by shared pool mutex
 */
 static int
 ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
 {
 int                       len;
-u_char                   *p, *id, *cached_sess, *session_id;
+u_char                   *p, *session_id;
+size_t                    n;
 uint32_t                  hash;
 SSL_CTX                  *ssl_ctx;
 unsigned int              session_id_length;
 ngx_shm_zone_t           *shm_zone;
 ngx_connection_t         *c;
 ngx_slab_pool_t          *shpool;
 ngx_ssl_sess_id_t        *sess_id;
 ngx_ssl_session_cache_t  *cache;
 u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
+#ifdef TLS1_3_VERSION
+/*
+* OpenSSL tries to save TLSv1.3 sessions into session cache
+* even when using tickets for stateless session resumption,
+* "because some applications just want to know about the creation
+* of a session"; do not cache such sessions
+*/
+if (SSL_version(ssl_conn) == TLS1_3_VERSION
+&& (SSL_get_options(ssl_conn) & SSL_OP_NO_TICKET) == 0)
+{
+return 0;
+}
+#endif
 len = i2d_SSL_SESSION(sess, NULL);
 /* do not cache too big session */
-if (len > (int) NGX_SSL_MAX_SESSION_SIZE) {
+if (len > NGX_SSL_MAX_SESSION_SIZE) {
 return 0;
 }
 p = buf;
 i2d_SSL_SESSION(sess, &p);
+session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length);
+/* do not cache sessions with too long session id */
+if (session_id_length > 32) {
+return 0;
+}
 c = ngx_ssl_get_connection(ssl_conn);
 ssl_ctx = c->ssl->session_ctx;
 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
 ngx_shmtx_lock(&shpool->mutex);
 /* drop one or two expired sessions */
 ngx_ssl_expire_sessions(cache, shpool, 1);
-cached_sess = ngx_slab_alloc_locked(shpool, len);
+#if (NGX_PTR_SIZE == 8)
+n = sizeof(ngx_ssl_sess_id_t);
-if (cached_sess == NULL) {
+#else
+n = offsetof(ngx_ssl_sess_id_t, session) + len;
+#endif
+sess_id = ngx_slab_alloc_locked(shpool, n);
+if (sess_id == NULL) {
 /* drop the oldest non-expired session and try once more */
 ngx_ssl_expire_sessions(cache, shpool, 0);
-cached_sess = ngx_slab_alloc_locked(shpool, len);
+sess_id = ngx_slab_alloc_locked(shpool, n);
-if (cached_sess == NULL) {
-sess_id = NULL;
-goto failed;
-}
-}
-sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
-if (sess_id == NULL) {
-/* drop the oldest non-expired session and try once more */
-ngx_ssl_expire_sessions(cache, shpool, 0);
-sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
 if (sess_id == NULL) {
 goto failed;
 }
 }
-session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length);
 #if (NGX_PTR_SIZE == 8)
-id = sess_id->sess_id;
+sess_id->session = ngx_slab_alloc_locked(shpool, len);
-#else
+if (sess_id->session == NULL) {
-id = ngx_slab_alloc_locked(shpool, session_id_length);
-if (id == NULL) {
 /* drop the oldest non-expired session and try once more */
 ngx_ssl_expire_sessions(cache, shpool, 0);
-id = ngx_slab_alloc_locked(shpool, session_id_length);
+sess_id->session = ngx_slab_alloc_locked(shpool, len);
-if (id == NULL) {
+if (sess_id->session == NULL) {
 goto failed;
 }
 }
 #endif
-ngx_memcpy(cached_sess, buf, len);
+ngx_memcpy(sess_id->session, buf, len);
+ngx_memcpy(sess_id->id, session_id, session_id_length);
-ngx_memcpy(id, session_id, session_id_length);
 hash = ngx_crc32_short(session_id, session_id_length);
 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "ssl new session: %08XD:%ud:%d",
 hash, session_id_length, len);
 sess_id->node.key = hash;
 sess_id->node.data = (u_char) session_id_length;
-sess_id->id = id;
 sess_id->len = len;
-sess_id->session = cached_sess;
 sess_id->expire = ngx_time() + SSL_CTX_get_timeout(ssl_ctx);
 ngx_queue_insert_head(&cache->expire_queue, &sess_id->queue);
 ngx_shmtx_unlock(&shpool->mutex);
 return 0;
 failed:
-if (cached_sess) {
-ngx_slab_free_locked(shpool, cached_sess);
-}
 if (sess_id) {
 ngx_slab_free_locked(shpool, sess_id);
 }
 ngx_shmtx_unlock(&shpool->mutex);
-ngx_log_error(NGX_LOG_ALERT, c->log, 0,
+if (cache->fail_time != ngx_time()) {
-"could not allocate new session%s", shpool->log_ctx);
+cache->fail_time = ngx_time();
+ngx_log_error(NGX_LOG_WARN, c->log, 0,
+"could not allocate new session%s", shpool->log_ctx);
+}
 return 0;
 }
 ngx_queue_remove(&sess_id->queue);
 ngx_rbtree_delete(&cache->session_rbtree, node);
+ngx_explicit_memzero(sess_id->session, sess_id->len);
+#if (NGX_PTR_SIZE == 8)
 ngx_slab_free_locked(shpool, sess_id->session);
-#if (NGX_PTR_SIZE == 4)
-ngx_slab_free_locked(shpool, sess_id->id);
 #endif
 ngx_slab_free_locked(shpool, sess_id);
 sess = NULL;
 ngx_queue_remove(&sess_id->queue);
 ngx_rbtree_delete(&cache->session_rbtree, node);
+ngx_explicit_memzero(sess_id->session, sess_id->len);
+#if (NGX_PTR_SIZE == 8)
 ngx_slab_free_locked(shpool, sess_id->session);
-#if (NGX_PTR_SIZE == 4)
-ngx_slab_free_locked(shpool, sess_id->id);
 #endif
 ngx_slab_free_locked(shpool, sess_id);
 goto done;
 }
 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
 "expire session: %08Xi", sess_id->node.key);
 ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node);
+ngx_explicit_memzero(sess_id->session, sess_id->len);
+#if (NGX_PTR_SIZE == 8)
 ngx_slab_free_locked(shpool, sess_id->session);
-#if (NGX_PTR_SIZE == 4)
-ngx_slab_free_locked(shpool, sess_id->id);
 #endif
 ngx_slab_free_locked(shpool, sess_id);
 }
 }
 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
 ngx_int_t
 ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *paths)
 {
-u_char                         buf[80];
+u_char                 buf[80];
-size_t                         size;
+size_t                 size;
-ssize_t                        n;
+ssize_t                n;
-ngx_str_t                     *path;
+ngx_str_t             *path;
-ngx_file_t                     file;
+ngx_file_t             file;
-ngx_uint_t                     i;
+ngx_uint_t             i;
-ngx_array_t                   *keys;
+ngx_array_t           *keys;
-ngx_file_info_t                fi;
+ngx_file_info_t        fi;
-ngx_pool_cleanup_t            *cln;
+ngx_pool_cleanup_t    *cln;
-ngx_ssl_session_ticket_key_t  *key;
+ngx_ssl_ticket_key_t  *key;
-if (paths == NULL) {
+if (paths == NULL
+&& SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_session_cache_index) == NULL)
+{
 return NGX_OK;
 }
-keys = ngx_array_create(cf->pool, paths->nelts,
+keys = ngx_array_create(cf->pool, paths ? paths->nelts : 3,
-sizeof(ngx_ssl_session_ticket_key_t));
+sizeof(ngx_ssl_ticket_key_t));
 if (keys == NULL) {
 return NGX_ERROR;
 }
 cln = ngx_pool_cleanup_add(cf->pool, 0);
 if (cln == NULL) {
 return NGX_ERROR;
 }
-cln->handler = ngx_ssl_session_ticket_keys_cleanup;
+cln->handler = ngx_ssl_ticket_keys_cleanup;
 cln->data = keys;
-path = paths->elts;
+if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_ticket_keys_index, keys) == 0) {
-for (i = 0; i < paths->nelts; i++) {
-if (ngx_conf_full_name(cf->cycle, &path[i], 1) != NGX_OK) {
-return NGX_ERROR;
-}
-ngx_memzero(&file, sizeof(ngx_file_t));
-file.name = path[i];
-file.log = cf->log;
-file.fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY,
-NGX_FILE_OPEN, 0);
-if (file.fd == NGX_INVALID_FILE) {
-ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
-ngx_open_file_n " \"%V\" failed", &file.name);
-return NGX_ERROR;
-}
-if (ngx_fd_info(file.fd, &fi) == NGX_FILE_ERROR) {
-ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
-ngx_fd_info_n " \"%V\" failed", &file.name);
-goto failed;
-}
-size = ngx_file_size(&fi);
-if (size != 48 && size != 80) {
-ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
-"\"%V\" must be 48 or 80 bytes", &file.name);
-goto failed;
-}
-n = ngx_read_file(&file, buf, size, 0);
-if (n == NGX_ERROR) {
-ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
-ngx_read_file_n " \"%V\" failed", &file.name);
-goto failed;
-}
-if ((size_t) n != size) {
-ngx_conf_log_error(NGX_LOG_CRIT, cf, 0,
-ngx_read_file_n " \"%V\" returned only "
-"%z bytes instead of %uz", &file.name, n, size);
-goto failed;
-}
-key = ngx_array_push(keys);
-if (key == NULL) {
-goto failed;
-}
-if (size == 48) {
-key->size = 48;
-ngx_memcpy(key->name, buf, 16);
-ngx_memcpy(key->aes_key, buf + 16, 16);
-ngx_memcpy(key->hmac_key, buf + 32, 16);
-} else {
-key->size = 80;
-ngx_memcpy(key->name, buf, 16);
-ngx_memcpy(key->hmac_key, buf + 16, 32);
-ngx_memcpy(key->aes_key, buf + 48, 32);
-}
-if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
-ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
-ngx_close_file_n " \"%V\" failed", &file.name);
-}
-ngx_explicit_memzero(&buf, 80);
-}
-if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_ticket_keys_index, keys)
-== 0)
-{
 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
 "SSL_CTX_set_ex_data() failed");
 return NGX_ERROR;
 }
-if (SSL_CTX_set_tlsext_ticket_key_cb(ssl->ctx,
+if (SSL_CTX_set_tlsext_ticket_key_cb(ssl->ctx, ngx_ssl_ticket_key_callback)
-ngx_ssl_session_ticket_key_callback)
 == 0)
 {
 ngx_log_error(NGX_LOG_WARN, cf->log, 0,
 "nginx was built with Session Tickets support, however, "
 "now it is linked dynamically to an OpenSSL library "
 "which has no tlsext support, therefore Session Tickets "
 "are not available");
+return NGX_OK;
+}
+if (paths == NULL) {
+/* placeholder for keys in shared memory */
+key = ngx_array_push_n(keys, 3);
+key[0].shared = 1;
+key[0].expire = 0;
+key[1].shared = 1;
+key[1].expire = 0;
+key[2].shared = 1;
+key[2].expire = 0;
+return NGX_OK;
+}
+path = paths->elts;
+for (i = 0; i < paths->nelts; i++) {
+if (ngx_conf_full_name(cf->cycle, &path[i], 1) != NGX_OK) {
+return NGX_ERROR;
+}
+ngx_memzero(&file, sizeof(ngx_file_t));
+file.name = path[i];
+file.log = cf->log;
+file.fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY,
+NGX_FILE_OPEN, 0);
+if (file.fd == NGX_INVALID_FILE) {
+ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
+ngx_open_file_n " \"%V\" failed", &file.name);
+return NGX_ERROR;
+}
+if (ngx_fd_info(file.fd, &fi) == NGX_FILE_ERROR) {
+ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
+ngx_fd_info_n " \"%V\" failed", &file.name);
+goto failed;
+}
+size = ngx_file_size(&fi);
+if (size != 48 && size != 80) {
+ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+"\"%V\" must be 48 or 80 bytes", &file.name);
+goto failed;
+}
+n = ngx_read_file(&file, buf, size, 0);
+if (n == NGX_ERROR) {
+ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
+ngx_read_file_n " \"%V\" failed", &file.name);
+goto failed;
+}
+if ((size_t) n != size) {
+ngx_conf_log_error(NGX_LOG_CRIT, cf, 0,
+ngx_read_file_n " \"%V\" returned only "
+"%z bytes instead of %uz", &file.name, n, size);
+goto failed;
+}
+key = ngx_array_push(keys);
+if (key == NULL) {
+goto failed;
+}
+key->shared = 0;
+key->expire = 1;
+if (size == 48) {
+key->size = 48;
+ngx_memcpy(key->name, buf, 16);
+ngx_memcpy(key->aes_key, buf + 16, 16);
+ngx_memcpy(key->hmac_key, buf + 32, 16);
+} else {
+key->size = 80;
+ngx_memcpy(key->name, buf, 16);
+ngx_memcpy(key->hmac_key, buf + 16, 32);
+ngx_memcpy(key->aes_key, buf + 48, 32);
+}
+if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
+ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
+ngx_close_file_n " \"%V\" failed", &file.name);
+}
+ngx_explicit_memzero(&buf, 80);
 }
 return NGX_OK;
 failed:
 return NGX_ERROR;
 }
 static int
-ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
+ngx_ssl_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx,
 HMAC_CTX *hctx, int enc)
 {
-size_t                         size;
+size_t                 size;
-SSL_CTX                       *ssl_ctx;
+SSL_CTX               *ssl_ctx;
-ngx_uint_t                     i;
+ngx_uint_t             i;
-ngx_array_t                   *keys;
+ngx_array_t           *keys;
-ngx_connection_t              *c;
+ngx_connection_t      *c;
-ngx_ssl_session_ticket_key_t  *key;
+ngx_ssl_ticket_key_t  *key;
-const EVP_MD                  *digest;
+const EVP_MD          *digest;
-const EVP_CIPHER              *cipher;
+const EVP_CIPHER      *cipher;
 c = ngx_ssl_get_connection(ssl_conn);
 ssl_ctx = c->ssl->session_ctx;
+if (ngx_ssl_rotate_ticket_keys(ssl_ctx, c->log) != NGX_OK) {
+return -1;
+}
 #ifdef OPENSSL_NO_SHA256
 digest = EVP_sha1();
 #else
 digest = EVP_sha256();
 #endif
-keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index);
+keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_ticket_keys_index);
 if (keys == NULL) {
 return -1;
 }
 key = keys->elts;
 if (enc == 1) {
 /* encrypt session ticket */
 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"ssl session ticket encrypt, key: \"%*xs\" (%s session)",
+"ssl ticket encrypt, key: \"%*xs\" (%s session)",
 (size_t) 16, key[0].name,
 SSL_session_reused(ssl_conn) ? "reused" : "new");
 if (key[0].size == 48) {
 cipher = EVP_aes_128_cbc();
 goto found;
 }
 }
 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"ssl session ticket decrypt, key: \"%*xs\" not found",
+"ssl ticket decrypt, key: \"%*xs\" not found",
 (size_t) 16, name);
 return 0;
 found:
 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
-"ssl session ticket decrypt, key: \"%*xs\"%s",
+"ssl ticket decrypt, key: \"%*xs\"%s",
 (size_t) 16, key[i].name, (i == 0) ? " (default)" : "");
 if (key[i].size == 48) {
 cipher = EVP_aes_128_cbc();
 size = 16;
 }
 #endif
 /* renew if non-default key */
-if (i != 0) {
+if (i != 0 && key[i].expire) {
 return 2;
 }
 return 1;
 }
 }
+static ngx_int_t
+ngx_ssl_rotate_ticket_keys(SSL_CTX *ssl_ctx, ngx_log_t *log)
+{
+time_t                    now, expire;
+ngx_array_t              *keys;
+ngx_shm_zone_t           *shm_zone;
+ngx_slab_pool_t          *shpool;
+ngx_ssl_ticket_key_t     *key;
+ngx_ssl_session_cache_t  *cache;
+u_char                    buf[80];
+keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_ticket_keys_index);
+if (keys == NULL) {
+return NGX_OK;
+}
+key = keys->elts;
+if (!key[0].shared) {
+return NGX_OK;
+}
+/*
+* if we don't need to update expiration of the current key
+* and the previous key is still needed, don't sync with shared
+* memory to save some work; in the worst case other worker process
+* will switch to the next key, but this process will still be able
+* to decrypt tickets encrypted with it
+*/
+now = ngx_time();
+expire = now + SSL_CTX_get_timeout(ssl_ctx);
+if (key[0].expire >= expire && key[1].expire >= now) {
+return NGX_OK;
+}
+shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
+cache = shm_zone->data;
+shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
+ngx_shmtx_lock(&shpool->mutex);
+key = cache->ticket_keys;
+if (key[0].expire == 0) {
+/* initialize the current key */
+if (RAND_bytes(buf, 80) != 1) {
+ngx_ssl_error(NGX_LOG_ALERT, log, 0, "RAND_bytes() failed");
+ngx_shmtx_unlock(&shpool->mutex);
+return NGX_ERROR;
+}
+key[0].shared = 1;
+key[0].expire = expire;
+key[0].size = 80;
+ngx_memcpy(key[0].name, buf, 16);
+ngx_memcpy(key[0].hmac_key, buf + 16, 32);
+ngx_memcpy(key[0].aes_key, buf + 48, 32);
+ngx_explicit_memzero(&buf, 80);
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,
+"ssl ticket key: \"%*xs\"",
+(size_t) 16, key[0].name);
+/*
+* copy the current key to the next key, as initialization of
+* the previous key will replace the current key with the next
+* key
+*/
+key[2] = key[0];
+}
+if (key[1].expire < now) {
+/*
+* if the previous key is no longer needed (or not initialized),
+* replace it with the current key, replace the current key with
+* the next key, and generate new next key
+*/
+key[1] = key[0];
+key[0] = key[2];
+if (RAND_bytes(buf, 80) != 1) {
+ngx_ssl_error(NGX_LOG_ALERT, log, 0, "RAND_bytes() failed");
+ngx_shmtx_unlock(&shpool->mutex);
+return NGX_ERROR;
+}
+key[2].shared = 1;
+key[2].expire = 0;
+key[2].size = 80;
+ngx_memcpy(key[2].name, buf, 16);
+ngx_memcpy(key[2].hmac_key, buf + 16, 32);
+ngx_memcpy(key[2].aes_key, buf + 48, 32);
+ngx_explicit_memzero(&buf, 80);
+ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,
+"ssl ticket key: \"%*xs\"",
+(size_t) 16, key[2].name);
+}
+/*
+* update expiration of the current key: it is going to be needed
+* at least till the session being created expires
+*/
+if (expire > key[0].expire) {
+key[0].expire = expire;
+}
+/* sync keys to the worker process memory */
+ngx_memcpy(keys->elts, cache->ticket_keys,
+2 * sizeof(ngx_ssl_ticket_key_t));
+ngx_shmtx_unlock(&shpool->mutex);
+return NGX_OK;
+}
 static void
-ngx_ssl_session_ticket_keys_cleanup(void *data)
+ngx_ssl_ticket_keys_cleanup(void *data)
 {
 ngx_array_t  *keys = data;
 ngx_explicit_memzero(keys->elts,
-keys->nelts * sizeof(ngx_ssl_session_ticket_key_t));
+keys->nelts * sizeof(ngx_ssl_ticket_key_t));
 }
 #else
 ngx_int_t

Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 9035:3be953161026 quic