Hi,
On Wed, Mar 01, 2023 at 05:56:03PM +0300, Maxim Dounin wrote:
> # HG changeset patch
> # User Maxim Dounin <mdounin@mdounin.ru>
> # Date 1677682421 -10800
> # Wed Mar 01 17:53:41 2023 +0300
> # Node ID c76e163105f1eac7727ce4e6d955fecb38d93e49
> # Parent 4d0a265c1d20f22f196680dfcc9d044f9e711865
> SSL: logging levels of various errors reported with tlsfuzzer.
>
> To further differentiate client-related errors and adjust logging levels
> of various SSL errors, nginx was tested with tlsfuzzer with multiple
> OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
> 1.0.0s, 0.9.8zh).
While mentioned here, OpenSSL 3.1.0-beta1 is not referenced anywhere in the
text below. It should be added to the list of versions not adding new client
errors compared to other versions.
> The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
> and are clearly client-related:
>
> SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
> SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
> SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
> SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
>
> Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
> SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
> ("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> ("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
> errors are now logged at the "info" level.
>
> Additionally, the following errors were observed with OpenSSL 3.0.8 and
> with TLSv1.3 enabled:
>
> SSL_do_handshake() failed (SSL: error:02800066:Diffie-Hellman routines::invalid public key error:0A000132:SSL routines::bad ecpoint)
> SSL_do_handshake() failed (SSL: error:08000066:elliptic curve routines::invalid encoding error:0A000132:SSL routines::bad ecpoint)
> SSL_do_handshake() failed (SSL: error:0800006B:elliptic curve routines::point is not on curve error:0A000132:SSL routines::bad ecpoint)
> SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
> SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
> SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
> SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
> SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
> SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
>
> Accordingly, the SSL_R_BAD_ECPOINT ("bad ecpoint"),
SSL_R_BAD_ECPOINT is already logged at the "info" level, added by you in
cac164d0807e. This text is probably a leftover from testing this without the
previous patch applied, in which case a crypto error was analyzed and ignored.
> SSL_R_BAD_DIGEST_LENGTH
> ("bad digest length"), SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs
> extension"), SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
> SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
> and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
> handshake data") errors are now logged at the "info" level.
>
> Additionally, the following errors were observed with OpenSSL 1.1.1t:
>
> SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
> SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
> SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
> SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
>
> Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
> SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
> SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
> SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
> at the "info" level.
>
> Additionally, the following errors were observed with OpenSSL 1.0.2u:
>
> SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
> SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
>
> Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
> SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
> logged at the "info" level.
>
> No additional client-related errors were observed while testing with
> OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s, and OpenSSL 0.9.8zh.
>
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c
> +++ b/src/event/ngx_event_openssl.c
> @@ -3402,16 +3402,35 @@ ngx_ssl_connection_error(ngx_connection_
> #ifdef SSL_R_BAD_EXTENSION
> || n == SSL_R_BAD_EXTENSION /* 110 */
> #endif
> + || n == SSL_R_BAD_DIGEST_LENGTH /* 111 */
> +#ifdef SSL_R_MISSING_SIGALGS_EXTENSION
> + || n == SSL_R_MISSING_SIGALGS_EXTENSION /* 112 */
> +#endif
> #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM
> || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */
> #endif
> +#ifdef SSL_R_BAD_KEY_UPDATE
> + || n == SSL_R_BAD_KEY_UPDATE /* 122 */
> +#endif
> || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
> + || n == SSL_R_CCS_RECEIVED_EARLY /* 133 */
> +#ifdef SSL_R_DATA_BETWEEN_CCS_AND_FINISHED
> + || n == SSL_R_DATA_BETWEEN_CCS_AND_FINISHED /* 145 */
> +#endif
> + || n == SSL_R_DATA_LENGTH_TOO_LONG /* 146 */
> || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
> + || n == SSL_R_ENCRYPTED_LENGTH_TOO_LONG /* 150 */
> || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */
> || n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */
> +#ifdef SSL_R_GOT_A_FIN_BEFORE_A_CCS
> + || n == SSL_R_GOT_A_FIN_BEFORE_A_CCS /* 154 */
> +#endif
> || n == SSL_R_HTTPS_PROXY_REQUEST /* 155 */
> || n == SSL_R_HTTP_REQUEST /* 156 */
> || n == SSL_R_LENGTH_MISMATCH /* 159 */
> +#ifdef SSL_R_LENGTH_TOO_SHORT
> + || n == SSL_R_LENGTH_TOO_SHORT /* 160 */
> +#endif
> #ifdef SSL_R_NO_CIPHERS_PASSED
> || n == SSL_R_NO_CIPHERS_PASSED /* 182 */
> #endif
> @@ -3421,6 +3440,9 @@ ngx_ssl_connection_error(ngx_connection_
> #endif
> || n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
> || n == SSL_R_NO_SHARED_CIPHER /* 193 */
> +#ifdef SSL_R_PACKET_LENGTH_TOO_LONG
> + || n == SSL_R_PACKET_LENGTH_TOO_LONG /* 198 */
> +#endif
> || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
> #ifdef SSL_R_CLIENTHELLO_TLSEXT
> || n == SSL_R_CLIENTHELLO_TLSEXT /* 226 */
> @@ -3446,6 +3468,7 @@ ngx_ssl_connection_error(ngx_connection_
> || n == SSL_R_NO_SHARED_GROUP /* 266 */
> #endif
> || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */
> + || n == SSL_R_BAD_LENGTH /* 271 */
> || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */
> #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY
> || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY /* 291 */
> @@ -3453,6 +3476,15 @@ ngx_ssl_connection_error(ngx_connection_
> #ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN
> || n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN /* 291 */
> #endif
> +#ifdef SSL_R_BAD_LEGACY_VERSION
> + || n == SSL_R_BAD_LEGACY_VERSION /* 292 */
> +#endif
> +#ifdef SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA
> + || n == SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA /* 293 */
> +#endif
> +#ifdef SSL_R_RECORD_TOO_SMALL
> + || n == SSL_R_RECORD_TOO_SMALL /* 298 */
> +#endif
> #ifdef SSL_R_BAD_ECPOINT
> || n == SSL_R_BAD_ECPOINT /* 306 */
> #endif
> @@ -3470,12 +3502,21 @@ ngx_ssl_connection_error(ngx_connection_
> #ifdef SSL_R_INAPPROPRIATE_FALLBACK
> || n == SSL_R_INAPPROPRIATE_FALLBACK /* 373 */
> #endif
> +#ifdef SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
> + || n == SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS /* 376 */
> +#endif
> +#ifdef SSL_R_NO_SHARED_SIGATURE_ALGORITHMS
> + || n == SSL_R_NO_SHARED_SIGATURE_ALGORITHMS /* 376 */
> +#endif
> #ifdef SSL_R_CERT_CB_ERROR
> || n == SSL_R_CERT_CB_ERROR /* 377 */
> #endif
> #ifdef SSL_R_VERSION_TOO_LOW
> || n == SSL_R_VERSION_TOO_LOW /* 396 */
> #endif
> +#ifdef SSL_R_TOO_MANY_WARN_ALERTS
> + || n == SSL_R_TOO_MANY_WARN_ALERTS /* 409 */
> +#endif
> #ifdef SSL_R_BAD_RECORD_TYPE
> || n == SSL_R_BAD_RECORD_TYPE /* 443 */
> #endif
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel
Tha patch is ok.
--
Roman Arutyunyan
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel