Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for changing IV and reading key / IV from nginx variables. #24

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add support for changing IV and reading key / IV from nginx variables. #24

wants to merge 3 commits into from

Conversation

rcosnita
Copy link

@rcosnita rcosnita commented Oct 29, 2020
edited
Loading

This PR closes two outstanding issues:

#2, #22 and #25 .

With these two issues resolved it is trivial to implement rotating IVs if necessary.

@rcosnita rcosnita changed the title Add support for changing IV and reading key / IV from nginx variables. WIP: Add support for changing IV and reading key / IV from nginx variables. Oct 30, 2020
@rcosnita rcosnita force-pushed the 2-iv-toclient branch 2 times, most recently from 653f911 to 8953ff7 Compare October 30, 2020 23:10
@rcosnita rcosnita changed the title WIP: Add support for changing IV and reading key / IV from nginx variables. Add support for changing IV and reading key / IV from nginx variables. Oct 30, 2020
@rcosnita
An IV should be generated for each encryption
654a175 
We now have the ability to decide if the IV is communicated to the client in a non forgeable manner or we only keep it on the server side.

Closes openresty#2
@rcosnita rcosnita force-pushed the 2-iv-toclient branch 2 times, most recently from d6f289f to dd9077e Compare November 3, 2020 14:45
@artembokhan
Copy link

Hello! Could you please also add configurable with var encrypted_session_expires?

@rcosnita
Copy link
Author

@artembokhan Of course. I will do this in the next two days and I'll push another commit.

@rcosnita
Copy link
Author

rcosnita commented Dec 5, 2020

@artembokhan Sorry for this delay. I've just managed to commit the fix for making session_expires configurable using nginx variables. Can you please review the latest change?

@artembokhan
Copy link

@artembokhan Sorry for this delay. I've just managed to commit the fix for making session_expires configurable using nginx variables. Can you please review the latest change?

Great thank. It seems to be working for me.

Unfortunately I'm just a project user so can't help with the PR review :(

@rcosnita
Copy link
Author

@artembokhan thank you. I'm glad it works for you. I am also using the codebase in some other projects and it works without memory leaks or segfaults :).

@kim0
Copy link

kim0 commented Jul 25, 2023

Any hope to get this merged soon?

@rcosnita
Copy link
Author

@kim0 Not sure honestly. It has been lingering here for over 2 years now so I lost any hope.

@zhuizhuhaomeng
Copy link
Contributor

This PR is in conflicted state.

@zhuizhuhaomeng
Copy link
Contributor

There are more serious problem exist in the PR.

==88657== 
==88657== Process terminating with default action of signal 11 (SIGSEGV)
==88657==  Bad permissions for mapped region at address 0x5184C4
==88657==    at 0x4201F5: ngx_hash_strlow (ngx_hash.c:672)
==88657==    by 0x4F358D: ngx_http_get_variable_by_name (ngx_http_encrypted_session_module.c:192)
==88657==    by 0x4F3C62: ngx_http_set_encode_encrypted_session (ngx_http_encrypted_session_module.c:377)
==88657==    by 0x4AA6AD: ndk_set_var_value_code (ndk_set_var.c:148)
==88657==    by 0x4935B7: ngx_http_rewrite_handler (ngx_http_rewrite_module.c:180)
==88657==    by 0x45BFF4: ngx_http_core_rewrite_phase (ngx_http_core_module.c:939)
==88657==    by 0x457781: ngx_http_core_run_phases (ngx_http_core_module.c:885)
==88657==    by 0x457821: ngx_http_handler (ngx_http_core_module.c:868)
==88657==    by 0x463316: ngx_http_process_request (ngx_http_request.c:2120)
==88657==    by 0x46394D: ngx_http_process_request_headers (ngx_http_request.c:1498)
==88657==    by 0x463D17: ngx_http_process_request_line (ngx_http_request.c:1165)
==88657==    by 0x463EC6: ngx_http_wait_request_handler (ngx_http_request.c:503)
==88657==    by 0x448CB3: ngx_epoll_process_events (ngx_epoll_module.c:901)
==88657==    by 0x43DB74: ngx_process_events_and_timers (ngx_event.c:257)
==88657==    by 0x447D18: ngx_single_process_cycle (ngx_process_cycle.c:323)
==88657==    by 0x41D5C5: main (nginx.c:383)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rcosnita @artembokhan @kim0 @zhuizhuhaomeng