freenginx-1.27.5

Maxim Dounin mdounin at mdounin.ru
Thu Apr 10 05:09:53 UTC 2025 

Hello!

On Wed, Apr 09, 2025 at 09:56:17PM +0200, A. Schulze via nginx wrote:

> Am 08.04.25 um 17:50 schrieb Maxim Dounin:
> > Changes with freenginx 1.27.5                                    08 Apr 2025
> > ...
> 
> Hello,
> 
> I've build freenginx with the just releases openssl-3.5.0.
> The new PQ key exchange is enabled in openssl-3.5 and freenginx use it without special configuration.
> (the defaults for ssl_ecdh_curve are fine)
> 
> But in the log, the variable 'ssl_curve' [1] still say only the numeric number 0x11ec
> Firefox could name that key-exchange as "mlkem768x25519"

The $ssl_curve variable uses SSL_get_negotiated_group() and then 
uses OBJ_nid2sn() as long as the group is known to OpenSSL.

It looks like OpenSSL for some reason decided not to add NIDs for 
these groups - not sure why.  Either it is just an omission which 
is going to be fixed, or the intention is to force users to move 
away from using NIDs to newer interfaces, such as 
SSL_get0_group_name() and SSL_group_to_name().

I suspect this is just an omission and it will be eventually fixed 
in OpenSSL.  (Just for the record, with BoringSSL the code just 
works and provides correct $ssl_curves name for X25519MLKEM768.)

OTOH, you may try the following patch which tries to use 
SSL_get0_group_name() and SSL_group_to_name() if available.

Note thought that it slightly changes names as seen in the 
$ssl_curve and $ssl_curves variables.  In particular, with OpenSSL 
3.5 both on the server and as a client, variables are changed 
from:

$ssl_curve: 0x11ec
$ssl_curves: 0x11ec:X25519:prime256v1:X448:secp384r1:secp521r1:ffdhe2048:ffdhe3072

to the following:

$ssl_curve: X25519MLKEM768
$ssl_curves: X25519MLKEM768:x25519:secp256r1:x448:secp384r1:secp521r1:ffdhe2048:ffdhe3072

Note "X25519" changed to "x25519", and "prime256v1" to 
"secp256r1".

Please let me know what do you think.


# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1744258053 -10800
#      Thu Apr 10 07:07:33 2025 +0300
# Node ID 0c82db8ddbed7ae4104a5c00d442b4cf0d3434e1
# Parent  8e674d7e1a1ad3648498d0cba2c9b2a9da5d3777
SSL: improved handling of $ssl_curve and $ssl_curves variables.

Now $ssl_curve uses SSL_get0_group_name() if available, and $ssl_curves
uses SSL_get0_iana_groups().  Notably, this makes it possible to see
the names of the X25519MLKEM768 group as supported by OpenSSL 3.5.0.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -5256,7 +5256,31 @@ ngx_ssl_get_ciphers(ngx_connection_t *c,
 ngx_int_t
 ngx_ssl_get_curve(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
-#ifdef SSL_get_negotiated_group
+#ifdef SSL_get0_iana_groups
+
+    u_char  *name;
+
+    /*
+     * Both SSL_get0_group_name() and SSL_get0_iana_groups()
+     * appeared in OpenSSL 3.2.0.
+     */
+
+    name = (u_char *) SSL_get0_group_name(c->ssl->connection);
+
+    if (name) {
+        s->len = ngx_strlen(name);
+
+        s->data = ngx_pnalloc(pool, s->len);
+        if (s->data == NULL) {
+                return NGX_ERROR;
+        }
+
+        ngx_memcpy(s->data, name, s->len);
+
+        return NGX_OK;
+    }
+
+#elif defined SSL_get_negotiated_group
 
     int  nid;
 
@@ -5292,7 +5316,64 @@ ngx_ssl_get_curve(ngx_connection_t *c, n
 ngx_int_t
 ngx_ssl_get_curves(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
-#ifdef SSL_CTRL_GET_CURVES
+#ifdef SSL_get0_iana_groups
+
+    int          n, i, nid;
+    u_char      *p, *name;
+    size_t       len;
+    uint16_t    *groups;
+
+    n = SSL_get0_iana_groups(c->ssl->connection, &groups);
+
+    if (n <= 0) {
+        s->len = 0;
+        return NGX_OK;
+    }
+
+    len = 0;
+
+    for (i = 0; i < n; i++) {
+        nid = groups[i] | TLSEXT_nid_unknown;
+
+        name = (u_char *) SSL_group_to_name(c->ssl->connection, nid);
+
+        if (name) {
+            len += ngx_strlen(name);
+
+        } else {
+            len += sizeof("0x0000") - 1;
+        }
+
+        len += sizeof(":") - 1;
+    }
+
+    s->data = ngx_pnalloc(pool, len);
+    if (s->data == NULL) {
+        return NGX_ERROR;
+    }
+
+    p = s->data;
+
+    for (i = 0; i < n; i++) {
+        nid = groups[i] | TLSEXT_nid_unknown;
+
+        name = (u_char *) SSL_group_to_name(c->ssl->connection, nid);
+
+        if (name) {
+            p = ngx_sprintf(p, "%s", name);
+
+        } else {
+            p = ngx_sprintf(p, "0x%04xd", nid & 0xffff);
+        }
+
+        *p++ = ':';
+    }
+
+    p--;
+
+    s->len = p - s->data;
+
+#elif defined SSL_get1_curves
 
     int         *curves, n, i, nid;
     u_char      *p;



-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx mailing list