Re: SSL Configuration Generator https://ssl-config.mozilla.org/

[Gena Makhomed]

On 10.01.2020 15:04, Maxim Dounin wrote:


Если создатели сайта https://ssl-config.mozilla.org/ ошибаются,
то осознать свою ошибку они смогут наверное только после того,
как им об этом напишет кто-то из разработчиков nginx?



Нет, разработчики nginx тут ни при чём.  Тут вопрос исключительно
в том, что именно хотят разрешить авторы конфигурации, а что -
нет.  Они явно хотят разрешить DHE-шифры, и явно специально
написали как директиву ssl_dhparam, так и
DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 в списке
шифров.

Возможно, тут дело в том, что предлагаемый список шифров -
закрытый, и шифров без forward secrecy там вообще нет.  И
соответственно DHE-шифры оставлены для того, чтобы какие-то
соверменные, но малораспространённые клиенты без поддержки ECDH
вообще хоть как-то могли коммуницировать с сервером.


Да, Вы правы.

Проблема есть с IE11 - по данным w3counter.com этот браузер имеет
2.30% Browser Market Share и вместе с тем, в случае использования
RSA сертификата, IE11 не умеет использовать ECDHE, и именно по этой
причине в списке шифров были оставлены DHE-шифры с RSA сертификатами.

Если же на сервере используется ECDSA сертификат - в таком случае
IE11 умеет использовать ECDHE, тогда нет никакой необходимости
использовать директиву ssl_dhparam и можно выключать все DHE-* шифры
и все *-RSA-* шифры в директиве ssl_ciphers, оставив там
только три самых нормальных ECDHE-ECDSA шифра
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-CHACHA20-POLY1305
в режиме ssl_prefer_server_ciphers off;


0.
Кстати, причин, чтобы использвать ECDSA и RSA сертификаты одновременно
для сервера в котором разрешены только протоколы TLS 1.2 и TLS 1.3 -
я так и не смог найти. По всей видимости, одновременное использование
ECDSA и RSA сертификатов имеет смысл только для тех серверов, в которых
разрешено использование протоколов TLS 1.0 и TLS 1.1. Или я тут ошибся?


В багтрекере страницы https://wiki.mozilla.org/Security/Server_Side_TLS
а именно в issue https://github.com/mozilla/server-side-tls/issues/268
я немного пообщался теми людьми, которые редактируют эту вики страницу,
узнал от них много нового и интересного про причины, почему сайт
https://ssl-config.mozilla.org/ выдает именно такие рекомендации.

Сейчас готовлю сервер для тестирования скорости работы
ECDHE с различными вариантами ssl_ecdh_curve и ssl_ciphers
и DHE с различными вариантами ssl_dhparam и ssl_ciphers
и в процессе настройки nginx наткнулся на проблемы.

Параметры сборки nginx из исходников на CentOS 7:

# nginx -V
nginx version: nginx/1.17.8
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.1.1d  10 Sep 2019
TLS SNI support enabled
configure arguments: --with-http_ssl_module 
--with-openssl=/root/src/openssl-1.1.1d --with-pcre=/root/src/pcre-8.43 
--without-http_gzip_module


Проблемы:

1.
В документации
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
написано, что директиву ssl_protocols можно задавать на уровне server.

Однако - если в default_server было задано ssl_protocols TLSv1.2;
то в других server`ах директива ssl_protocols TLSv1.3; не работает.

И наоборот, если в default_server задано ssl_protocols TLSv1.3;
то в других server`ах директива ssl_protocols TLSv1.2; не работает.

Это где ошибка - в документации на сайте или в коде nginx 1.17.8?

2.
Аналогичная проблема и с директивой ssl_ecdh_curve:

В документации
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve
написано, что директиву ssl_ecdh_curve можно задавать на уровне server.

Однако, nginx на эту директиву вообще никак не реагирует.

У меня есть три тестовых сервера:

server_name tls13-ecdsa-ecdhe-x25519.ideil.com;
ssl_ecdh_curve X25519;

server_name tls13-ecdsa-ecdhe-prime256v1.ideil.com;
ssl_ecdh_curve prime256v1;

server_name tls13-ecdsa-ecdhe-secp384r1.ideil.com;
ssl_ecdh_curve secp384r1;

В действительности - везде используется X25519 для Server Temp Key.

Это где ошибка - в документации на сайте или в коде nginx 1.17.8?

3.
Третий вопрос, если можно:

Тикет https://trac.nginx.org/nginx/ticket/1529 читал
но по причине https://github.com/openssl/openssl/issues/7938
- что нам с этим всем делать? Как управлять ciphers в TLS 1.3 ?

Может быть все-таки имеет смысл сделать [недокументированную (?)]
директиву ssl_ciphersuites которая будет управлять шифрами для TLS 1.3 ?
Оставив директиву ssl_ciphers для управления шифрами TLS 1.2 и 1.1/1.0 ?

Чтобы можно было, например, для теста настроить все возможные комбинации
шифров TLS 1.3 (их всего три) и все возможные комбинации рекомендуемых
сайтом https://wiki.mozilla.org/Security/Server_Side_TLS вариантов
ecdh curve (их тоже всего три: X25519, prime256v1, secp384r1).
Итого - только для TLS 1.3 получается всего 9 возможных комбинаций.
Для всех возможных комбинаций - необходимо будет 36 различных серверов.

Кстати, google пошел еще дальше, и в конфигурации для www.google.com
сделал возможность отдельно 

njs-0.3.8

[Dmitry Volyntsev]

Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

This release proceeds to extend the coverage of ECMAScript
specifications. This release adds Promise object support and
typed-arrays from ES6.

Notable new features:
- Promise support in r.subrequest():
:   r.subrequest(r, '/auth')
:   .then(reply => JSON.parse(reply.responseBody))
:   .then(response => {
:   if (!response['token']) {
:   throw new Error("token is not available");
:   }
:   return token;
:   })
:  .then(token => {
:  r.subrequest('/backend', `token=${token}`)
:  .then(reply => r.return(reply.status, reply.responseBody));
:  })
:  .catch(_ => r.return(500));

You can learn more about njs:

- Overview and introduction: http://nginx.org/en/docs/njs/
- Presentation: https://youtu.be/Jc_L6UffFOs
- Using node modules with njs: 
http://nginx.org/en/docs/njs/node_modules.html


Feel free to try it and give us feedback on:

- Github: https://github.com/nginx/njs/issues
- Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel


Changes with njs 0.3.8  21 Jan 2020

nginx modules:

*) Feature: added Promise support for r.subrequest(). If callback
   is not provided r.subrequest() returns an ordinary Promise object
   that resolves to subrequest response object.

*) Change: r.parent property handler now returns "undefined"
  instead of throwing exception if parent object is not available.

Core:

*) Feature: added Promise support. Implemented according to
   the specification without: Promise.all(), Promise.allSettled(),
   Promise.race().

*) Feature: added initial Typed-arrays support.
   Thanks to Tiago Natel de Moura.

*) Feature: added ArrayBuffer support.
   Thanks to Tiago Natel de Moura.

*) Feature: added initial Symbol support.
   Thanks to Artem S. Povalyukhin.

*) Feature: added externals supopor for JSON.stringify().

*) Feature: added Object.is().
   Thanks to Artem S. Povalyukhin.

*) Feature: added Object.setPrototypeOf().
   Thanks to Artem S. Povalyukhin.

*) Feature: introduced nullish coalescing operator.
   Thanks to Valentin Bartenev.

*) Bugfix: fixed Object.getPrototypeOf() according to the
   specification.

*) Bugfix: fixed Object.prototype.valueOf() according to the
   specification.

*) Bugfix: fixed JSON.stringify() with unprintable values and
   replacer function.

*) Bugfix: fixed operator "in" according to the specification.

*) Bugfix: fixed Object.defineProperties() according to the
   specification.

*) Bugfix: fixed Object.create() according to the specification.
   Thanks to Artem S. Povalyukhin.

*) Bugfix: fixed Number.prototype.toString(radix) when
   fast-math is enabled.

*) Bugfix: fixed RegExp() instance properties.

*) Bugfix: fixed import segfault.
   Thanks to 洪志道 (Hong Zhi Dao).
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

[nginx-announce] njs-0.3.8

[Dmitry Volyntsev]

Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

This release proceeds to extend the coverage of ECMAScript
specifications. This release adds Promise object support and
typed-arrays from ES6.

Notable new features:
- Promise support in r.subrequest():
:   r.subrequest(r, '/auth')
:   .then(reply => JSON.parse(reply.responseBody))
:   .then(response => {
:   if (!response['token']) {
:   throw new Error("token is not available");
:   }
:   return token;
:   })
:  .then(token => {
:  r.subrequest('/backend', `token=${token}`)
:  .then(reply => r.return(reply.status, reply.responseBody));
:  })
:  .catch(_ => r.return(500));

You can learn more about njs:

- Overview and introduction: http://nginx.org/en/docs/njs/
- Presentation: https://youtu.be/Jc_L6UffFOs
- Using node modules with njs: 
http://nginx.org/en/docs/njs/node_modules.html


Feel free to try it and give us feedback on:

- Github: https://github.com/nginx/njs/issues
- Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel


Changes with njs 0.3.8  21 Jan 2020

nginx modules:

*) Feature: added Promise support for r.subrequest(). If callback
   is not provided r.subrequest() returns an ordinary Promise object
   that resolves to subrequest response object.

*) Change: r.parent property handler now returns "undefined"
  instead of throwing exception if parent object is not available.

Core:

*) Feature: added Promise support. Implemented according to
   the specification without: Promise.all(), Promise.allSettled(),
   Promise.race().

*) Feature: added initial Typed-arrays support.
   Thanks to Tiago Natel de Moura.

*) Feature: added ArrayBuffer support.
   Thanks to Tiago Natel de Moura.

*) Feature: added initial Symbol support.
   Thanks to Artem S. Povalyukhin.

*) Feature: added externals supopor for JSON.stringify().

*) Feature: added Object.is().
   Thanks to Artem S. Povalyukhin.

*) Feature: added Object.setPrototypeOf().
   Thanks to Artem S. Povalyukhin.

*) Feature: introduced nullish coalescing operator.
   Thanks to Valentin Bartenev.

*) Bugfix: fixed Object.getPrototypeOf() according to the
   specification.

*) Bugfix: fixed Object.prototype.valueOf() according to the
   specification.

*) Bugfix: fixed JSON.stringify() with unprintable values and
   replacer function.

*) Bugfix: fixed operator "in" according to the specification.

*) Bugfix: fixed Object.defineProperties() according to the
   specification.

*) Bugfix: fixed Object.create() according to the specification.
   Thanks to Artem S. Povalyukhin.

*) Bugfix: fixed Number.prototype.toString(radix) when
   fast-math is enabled.

*) Bugfix: fixed RegExp() instance properties.

*) Bugfix: fixed import segfault.
   Thanks to 洪志道 (Hong Zhi Dao).
___
nginx-announce mailing list
nginx-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-announce

Re: [nginx-announce] nginx-1.17.8

[Kevin Worthington]

 Hello Nginx users,

Now available: Nginx 1.17.8 for Windows https://
kevinworthington.com/nginxwin1178 (32-bit and 64-bit versions)

These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are at
nginx.org.

Announcements are also available here:
Twitter http://twitter.com/kworthington

Thank you,
Kevin
--
Kevin Worthington
kworthington *@* (gmail]  [dot} {com)
https://kevinworthington.com/
https://twitter.com/kworthington

On Tue, Jan 21, 2020 at 8:55 AM Maxim Dounin  wrote:

> Changes with nginx 1.17.821 Jan
> 2020
>
> *) Feature: variables support in the "grpc_pass" directive.
>
> *) Bugfix: a timeout might occur while handling pipelined requests in
> an
>SSL connection; the bug had appeared in 1.17.5.
>
> *) Bugfix: in the "debug_points" directive when using HTTP/2.
>Thanks to Daniil Bondarev.
>
>
> --
> Maxim Dounin
> http://nginx.org/
> ___
> nginx-announce mailing list
> nginx-annou...@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-announce
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx-1.17.8

[Maxim Dounin]

Изменения в nginx 1.17.8  21.01.2020

*) Добавление: директива grpc_pass поддерживает переменные.

*) Исправление: при обработке pipelined-запросов по SSL-соединению мог
   произойти таймаут; ошибка появилась в 1.17.5.

*) Исправление: в директиве debug_points при использовании HTTP/2.
   Спасибо Даниилу Бондареву.


-- 
Maxim Dounin
http://nginx.org/
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

[nginx-announce] nginx-1.17.8

[Maxim Dounin]

Changes with nginx 1.17.821 Jan 2020

*) Feature: variables support in the "grpc_pass" directive.

*) Bugfix: a timeout might occur while handling pipelined requests in an
   SSL connection; the bug had appeared in 1.17.5.

*) Bugfix: in the "debug_points" directive when using HTTP/2.
   Thanks to Daniil Bondarev.


-- 
Maxim Dounin
http://nginx.org/
___
nginx-announce mailing list
nginx-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-announce

nginx-1.17.8

[Maxim Dounin]

Changes with nginx 1.17.821 Jan 2020

*) Feature: variables support in the "grpc_pass" directive.

*) Bugfix: a timeout might occur while handling pipelined requests in an
   SSL connection; the bug had appeared in 1.17.5.

*) Bugfix: in the "debug_points" directive when using HTTP/2.
   Thanks to Daniil Bondarev.


-- 
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

[nginx] nginx-1.17.8-RELEASE

[Maxim Dounin]

details:   https://hg.nginx.org/nginx/rev/fdacd273711d
branches:  
changeset: 7620:fdacd273711d
user:  Maxim Dounin 
date:  Tue Jan 21 16:39:41 2020 +0300
description:
nginx-1.17.8-RELEASE

diffstat:

 docs/xml/nginx/changes.xml |  36 
 1 files changed, 36 insertions(+), 0 deletions(-)

diffs (46 lines):

diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml
--- a/docs/xml/nginx/changes.xml
+++ b/docs/xml/nginx/changes.xml
@@ -5,6 +5,42 @@
 
 
 
+
+
+
+
+директива grpc_pass поддерживает переменные.
+
+
+variables support in the "grpc_pass" directive.
+
+
+
+
+
+при обработке pipelined-запросов по SSL-соединению мог произойти таймаут;
+ошибка появилась в 1.17.5.
+
+
+a timeout might occur while handling pipelined requests in an SSL connection;
+the bug had appeared in 1.17.5.
+
+
+
+
+
+в директиве debug_points при использовании HTTP/2.
+Спасибо Даниилу Бондареву.
+
+
+in the "debug_points" directive when using HTTP/2.
+Thanks to Daniil Bondarev.
+
+
+
+
+
+
 
 
 
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[nginx] release-1.17.8 tag

[Maxim Dounin]

details:   https://hg.nginx.org/nginx/rev/b8a512c6466c
branches:  
changeset: 7621:b8a512c6466c
user:  Maxim Dounin 
date:  Tue Jan 21 16:39:42 2020 +0300
description:
release-1.17.8 tag

diffstat:

 .hgtags |  1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diffs (8 lines):

diff --git a/.hgtags b/.hgtags
--- a/.hgtags
+++ b/.hgtags
@@ -446,3 +446,4 @@ ce2ced3856909f36f8130c99eaa4dbdbae636ddc
 9af0dddbddb2c368bfedd2801bc100ffad01e19b release-1.17.5
 de68d0d94320cbf033599c6f3ca37e5335c67fd7 release-1.17.6
 e56295fe0ea76bf53b06bffa77a2d3a9a335cb8c release-1.17.7
+fdacd273711ddf20f778c1fb91529ab53979a454 release-1.17.8
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Added tag 0.3.8 for changeset 1abb97e9d9dc

[Dmitry Volyntsev]

details:   https://hg.nginx.org/njs/rev/5396e72ca030
branches:  
changeset: 1310:5396e72ca030
user:  Dmitry Volyntsev 
date:  Tue Jan 21 16:30:20 2020 +0300
description:
Added tag 0.3.8 for changeset 1abb97e9d9dc

diffstat:

 .hgtags |  1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diffs (8 lines):

diff -r 1abb97e9d9dc -r 5396e72ca030 .hgtags
--- a/.hgtags   Tue Jan 21 16:06:20 2020 +0300
+++ b/.hgtags   Tue Jan 21 16:30:20 2020 +0300
@@ -31,3 +31,4 @@ 8eadbb3a7c7b7c3426f73adabfa251cd9d296752
 b7fa83f27f1b64443b88c990e1851f59583b2182 0.3.5
 7b302775917b72537e1abdbd5dc9d04e55a7d582 0.3.6
 9e5ef927c7eaed003de3e5e4a16fa3eab08de7f7 0.3.7
+1abb97e9d9dc07dcff2616d4c75132e6d189a6aa 0.3.8
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Version 0.3.8.

[Dmitry Volyntsev]

details:   https://hg.nginx.org/njs/rev/1abb97e9d9dc
branches:  
changeset: 1309:1abb97e9d9dc
user:  Dmitry Volyntsev 
date:  Tue Jan 21 16:06:20 2020 +0300
description:
Version 0.3.8.

diffstat:

 CHANGES |  62 ++
 LICENSE |   7 ---
 2 files changed, 66 insertions(+), 3 deletions(-)

diffs (84 lines):

diff -r a34f1293edba -r 1abb97e9d9dc CHANGES
--- a/CHANGES   Tue Jan 21 16:03:30 2020 +0300
+++ b/CHANGES   Tue Jan 21 16:06:20 2020 +0300
@@ -1,3 +1,65 @@
+
+Changes with njs 0.3.8   21 Jan 2020
+
+nginx modules:
+
+*) Feature: added Promise support for r.subrequest(). If callback
+   is not provided r.subrequest() returns an ordinary Promise object
+   that resolves to subrequest response object.
+
+*) Change: r.parent property handler now returns "undefined"
+  instead of throwing exception if parent object is not available.
+
+Core:
+
+*) Feature: added Promise support. Implemented according to
+   the specification without: Promise.all(), Promise.allSettled(),
+   Promise.race().
+
+*) Feature: added initial Typed-arrays support.
+   Thanks to Tiago Natel de Moura.
+
+*) Feature: added ArrayBuffer support.
+   Thanks to Tiago Natel de Moura.
+
+*) Feature: added initial Symbol support.
+   Thanks to Artem S. Povalyukhin.
+
+*) Feature: added externals supopor for JSON.stringify().
+
+*) Feature: added Object.is().
+   Thanks to Artem S. Povalyukhin.
+
+*) Feature: added Object.setPrototypeOf().
+   Thanks to Artem S. Povalyukhin.
+
+*) Feature: introduced nullish coalescing operator.
+   Thanks to Valentin Bartenev.
+
+*) Bugfix: fixed Object.getPrototypeOf() according to the
+   specification.
+
+*) Bugfix: fixed Object.prototype.valueOf() according to the
+   specification.
+
+*) Bugfix: fixed JSON.stringify() with unprintable values and
+   replacer function.
+
+*) Bugfix: fixed operator "in" according to the specification.
+
+*) Bugfix: fixed Object.defineProperties() according to the
+   specification.
+
+*) Bugfix: fixed Object.create() according to the specification.
+   Thanks to Artem S. Povalyukhin.
+
+*) Bugfix: fixed Number.prototype.toString(radix) when
+   fast-math is enabled.
+
+*) Bugfix: fixed RegExp() instance properties.
+
+*) Bugfix: fixed import segfault.
+   Thanks to 洪志道 (Hong Zhi Dao).
 
 Changes with njs 0.3.7   19 Nov 2019
 
diff -r a34f1293edba -r 1abb97e9d9dc LICENSE
--- a/LICENSE   Tue Jan 21 16:03:30 2020 +0300
+++ b/LICENSE   Tue Jan 21 16:06:20 2020 +0300
@@ -1,7 +1,8 @@
 /*
- * Copyright (C) 2015-2019 NGINX, Inc.
- * Copyright (C) 2015-2019 Igor Sysoev
- * Copyright (C) 2017-2019 Dmitry Volyntsev
+ * Copyright (C) 2015-2020 NGINX, Inc.
+ * Copyright (C) 2015-2020 Igor Sysoev
+ * Copyright (C) 2017-2020 Dmitry Volyntsev
+ * Copyright (C) 2019-2020 Alexander Borisov
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Added %TypedArray%.prototype.subarray().

[Dmitry Volyntsev]

details:   https://hg.nginx.org/njs/rev/5cf918cc0d06
branches:  
changeset: 1307:5cf918cc0d06
user:  Dmitry Volyntsev 
date:  Tue Jan 21 16:01:48 2020 +0300
description:
Added %TypedArray%.prototype.subarray().

diffstat:

 src/njs_typed_array.c|  87 ++-
 src/test/njs_unit_test.c |  32 +
 2 files changed, 87 insertions(+), 32 deletions(-)

diffs (188 lines):

diff -r 142b3fec5d4f -r 5cf918cc0d06 src/njs_typed_array.c
--- a/src/njs_typed_array.c Tue Jan 21 16:01:45 2020 +0300
+++ b/src/njs_typed_array.c Tue Jan 21 16:01:48 2020 +0300
@@ -607,10 +607,10 @@ njs_typed_array_prototype_fill(njs_vm_t 
 
 static njs_int_t
 njs_typed_array_species_create(njs_vm_t *vm, njs_value_t *exemplar,
-int64_t count, njs_value_t *retval)
+njs_value_t *args, njs_uint_t nargs, njs_value_t *retval)
 {
 njs_int_t  ret;
-njs_value_tthis, constructor, argument;
+njs_value_tthis, constructor;
 njs_object_t   *object;
 njs_typed_array_t  *array;
 
@@ -630,10 +630,9 @@ njs_typed_array_species_create(njs_vm_t 
 }
 
 njs_set_object(, object);
-njs_set_number(, count);
 
 ret = njs_function_call2(vm, njs_function(), ,
- , 1, retval, 1);
+ args, nargs, retval, 1);
 if (njs_slow_path(ret != NJS_OK)) {
 return NJS_ERROR;
 }
@@ -644,24 +643,18 @@ njs_typed_array_species_create(njs_vm_t 
 return NJS_ERROR;
 }
 
-array = njs_typed_array(retval);
-if (njs_typed_array_length(array) < count) {
-njs_type_error(vm, "Derived TypedArray constructor too small array");
-return NJS_ERROR;
-}
-
 return NJS_OK;
 }
 
 
 static njs_int_t
 njs_typed_array_prototype_slice(njs_vm_t *vm, njs_value_t *args,
-njs_uint_t nargs, njs_index_t unused)
+njs_uint_t nargs, njs_index_t copy)
 {
-int64_t start, end, count;
+int64_t start, end, count, offset;
 uint32_ti, element_size, length;
 njs_int_t   ret;
-njs_value_t *this, *value;
+njs_value_t arguments[3], *this, *value;
 njs_typed_array_t   *array, *new_array;
 njs_array_buffer_t  *buffer, *new_buffer;
 
@@ -698,32 +691,54 @@ njs_typed_array_prototype_slice(njs_vm_t
 
 end = (end < 0) ? njs_max(length + end, 0) : njs_min(end, length);
 
-count = njs_max(end - start, 0);
-
-ret = njs_typed_array_species_create(vm, this, count, >retval);
-if (njs_slow_path(ret != NJS_OK)) {
-return ret;
-}
-
-new_array = njs_typed_array(>retval);
-new_buffer = njs_typed_array_buffer(new_array);
 element_size = njs_typed_array_element_size(array->type);
 
-if (njs_fast_path(array->type == new_array->type)) {
-start = start * element_size;
-count = count * element_size;
+if (copy) {
+count = njs_max(end - start, 0);
+njs_set_number([0], count);
 
-memcpy(_buffer->u.u8[0], >u.u8[start], count);
+ret = njs_typed_array_species_create(vm, this,
+ njs_value_arg(arguments), 1,
+ >retval);
+if (njs_slow_path(ret != NJS_OK)) {
+return ret;
+}
+
+new_array = njs_typed_array(>retval);
+if (njs_typed_array_length(new_array) < count) {
+njs_type_error(vm, "Derived TypedArray constructor is "
+   "too small array");
+return NJS_ERROR;
+}
 
-} else {
-for (i = 0; i < count; i++) {
-njs_typed_array_set(new_array, i,
-njs_typed_array_get(array, i + start));
+new_buffer = njs_typed_array_buffer(new_array);
+element_size = njs_typed_array_element_size(array->type);
+
+if (njs_fast_path(array->type == new_array->type)) {
+start = start * element_size;
+count = count * element_size;
+
+memcpy(_buffer->u.u8[0], >u.u8[start], count);
+
+} else {
+for (i = 0; i < count; i++) {
+njs_typed_array_set(new_array, i,
+njs_typed_array_get(array, i + start));
+}
 }
+
+return NJS_OK;
 }
 
+offset = array->offset * element_size;
+offset += start * element_size;
 
-return NJS_OK;
+njs_set_array_buffer([0], buffer);
+njs_set_number([1], offset);
+njs_set_number([2], njs_max(end - start, 0));
+
+return njs_typed_array_species_create(vm, this, njs_value_arg(arguments), 
3,
+  >retval);
 }
 
 
@@ -1024,7 +1039,15 @@ static const njs_object_prop_t  njs_type
 {
 .type = NJS_PROPERTY,
 .name = njs_string("slice"),
-.value = njs_native_function(njs_typed_array_prototype_slice, 2),
+.value = 

[njs] Fixed %TypedArray%.prototype.fill().

[Dmitry Volyntsev]

details:   https://hg.nginx.org/njs/rev/a34f1293edba
branches:  
changeset: 1308:a34f1293edba
user:  Dmitry Volyntsev 
date:  Tue Jan 21 16:03:30 2020 +0300
description:
Fixed %TypedArray%.prototype.fill().

For subarrays starting from non-zero offset.

diffstat:

 src/njs_typed_array.c|  30 --
 src/njs_typed_array.h|   6 ++
 src/test/njs_unit_test.c |  11 +++
 3 files changed, 29 insertions(+), 18 deletions(-)

diffs (134 lines):

diff -r 5cf918cc0d06 -r a34f1293edba src/njs_typed_array.c
--- a/src/njs_typed_array.c Tue Jan 21 16:01:48 2020 +0300
+++ b/src/njs_typed_array.c Tue Jan 21 16:03:30 2020 +0300
@@ -491,7 +491,7 @@ njs_typed_array_prototype_fill(njs_vm_t 
 int16_t i16;
 int32_t i32;
 uint8_t u8;
-int64_t start, end;
+int64_t start, end, offset;
 uint32_ti, length;
 njs_int_t   ret;
 njs_value_t *this, *setval, lvalue;
@@ -535,20 +535,22 @@ njs_typed_array_prototype_fill(njs_vm_t 
 njs_set_typed_array(>retval, array);
 
 buffer = array->buffer;
+offset = array->offset;
 
 switch (array->type) {
 case NJS_OBJ_TYPE_UINT8_CLAMPED_ARRAY:
-if (num < 0) {
-num = 0;
+if (isnan(num) || num < 0) {
+u8 = 0;
 
 } else if (num > 255) {
-num = 255;
+u8 = 255;
+
+} else {
+u8 = lrint(num);
 }
 
-u8 = lrint(num);
-
-for (i = start; i < end; i++) {
-buffer->u.u8[i] = u8;
+if (start < end) {
+memset(>u.u8[start + offset], u8, end - start);
 }
 
 break;
@@ -557,8 +559,8 @@ njs_typed_array_prototype_fill(njs_vm_t 
 case NJS_OBJ_TYPE_INT8_ARRAY:
 i8 = njs_number_to_int32(num);
 
-for (i = start; i < end; i++) {
-buffer->u.u8[i] = i8;
+if (start < end) {
+memset(>u.u8[start + offset], i8, end - start);
 }
 
 break;
@@ -568,7 +570,7 @@ njs_typed_array_prototype_fill(njs_vm_t 
 i16 = njs_number_to_int32(num);
 
 for (i = start; i < end; i++) {
-buffer->u.u16[i] = i16;
+buffer->u.u16[i + offset] = i16;
 }
 
 break;
@@ -578,7 +580,7 @@ njs_typed_array_prototype_fill(njs_vm_t 
 i32 = njs_number_to_int32(num);
 
 for (i = start; i < end; i++) {
-buffer->u.u32[i] = i32;
+buffer->u.u32[i + offset] = i32;
 }
 
 break;
@@ -587,7 +589,7 @@ njs_typed_array_prototype_fill(njs_vm_t 
 f32 = num;
 
 for (i = start; i < end; i++) {
-buffer->u.f32[i] = f32;
+buffer->u.f32[i + offset] = f32;
 }
 
 break;
@@ -597,7 +599,7 @@ njs_typed_array_prototype_fill(njs_vm_t 
 /* NJS_OBJ_TYPE_FLOAT64_ARRAY. */
 
 for (i = start; i < end; i++) {
-buffer->u.f64[i] = num;
+buffer->u.f64[i + offset] = num;
 }
}
 
diff -r 5cf918cc0d06 -r a34f1293edba src/njs_typed_array.h
--- a/src/njs_typed_array.h Tue Jan 21 16:01:48 2020 +0300
+++ b/src/njs_typed_array.h Tue Jan 21 16:03:30 2020 +0300
@@ -103,11 +103,9 @@ njs_typed_array_set(njs_typed_array_t *a
 
 switch (array->type) {
 case NJS_OBJ_TYPE_UINT8_CLAMPED_ARRAY:
-if (v < 0) {
+if (isnan(v) || v < 0) {
 v = 0;
-}
-
-if (v > 255) {
+} else if (v > 255) {
 v = 255;
 }
 
diff -r 5cf918cc0d06 -r a34f1293edba src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c  Tue Jan 21 16:01:48 2020 +0300
+++ b/src/test/njs_unit_test.c  Tue Jan 21 16:03:30 2020 +0300
@@ -5005,6 +5005,11 @@ static njs_unit_test_t  njs_test[] =
   "   return (a[0] === 1 && a[1] === 12 && a[2] === 3 && 
a.length == 3)})"),
   njs_str("true") },
 
+{ njs_str(NJS_TYPED_ARRAY_LIST
+  ".every(v=>{var a = new v([0,0,0,0,0]).fill(8, -1, -3); "
+  "   return njs.dump(a) === `${v.name} [0,0,0,0,0]`;})"),
+  njs_str("true") },
+
 { njs_str(NJS_INT_TYPED_ARRAY_LIST
   ".every(v=>{var a = new v([1,2,3]); a.fill('qq', 1, 2); "
   "   return (a[0] === 1 && a[1] === 0 && a[2] === 3 && 
a.length == 3)})"),
@@ -5341,6 +5346,12 @@ static njs_unit_test_t  njs_test[] =
   njs_str("true") },
 
 { njs_str(NJS_TYPED_ARRAY_LIST
+  ".every(v=>{var a = new v([1,2,3,4]); "
+  "   a.subarray(1,10).fill(0);"
+  "   return  njs.dump(a) === `${v.name} [1,0,0,0]`;})"),
+  njs_str("true") },
+
+{ njs_str(NJS_TYPED_ARRAY_LIST
   ".every(v=>{var a = new v([1,2,3]); "
   "   var r = a.subarray(1,3);"
   "   return  a.buffer === r.buffer;})"),
___
nginx-devel mailing list

[njs] Fixed Function constructor according to the spec.

[Dmitry Volyntsev]

details:   https://hg.nginx.org/njs/rev/142b3fec5d4f
branches:  
changeset: 1306:142b3fec5d4f
user:  Dmitry Volyntsev 
date:  Tue Jan 21 16:01:45 2020 +0300
description:
Fixed Function constructor according to the spec.

"this" value should point to the global object.

diffstat:

 src/njs.h|2 +-
 src/njs_function.c   |  127 ++
 src/njs_value.h  |3 +-
 src/test/njs_unit_test.c |   12 
 test/njs_expect_test.exp |6 ++
 5 files changed, 93 insertions(+), 57 deletions(-)

diffs (242 lines):

diff -r c735708203e8 -r 142b3fec5d4f src/njs.h
--- a/src/njs.h Fri Jan 17 10:04:28 2020 +0300
+++ b/src/njs.h Tue Jan 21 16:01:45 2020 +0300
@@ -41,7 +41,7 @@ typedef struct {
 
 /* sizeof(njs_value_t) is 16 bytes. */
 #define njs_argument(args, n) \
-(njs_value_t *) ((u_char *) args + n * 16)
+(njs_value_t *) ((u_char *) args + (n) * 16)
 
 
 extern const njs_value_tnjs_value_undefined;
diff -r c735708203e8 -r 142b3fec5d4f src/njs_function.c
--- a/src/njs_function.cFri Jan 17 10:04:28 2020 +0300
+++ b/src/njs_function.cTue Jan 21 16:01:45 2020 +0300
@@ -463,7 +463,14 @@ njs_function_lambda_frame(njs_vm_t *vm, 
 native_frame->arguments = value;
 
 if (bound == NULL) {
-*value++ = *this;
+*value = *this;
+
+if (njs_slow_path(function->global_this
+  && njs_is_null_or_undefined(this))) {
+njs_set_object(value, >global_object);
+}
+
+value++;
 
 } else {
 n = function->args_offset;
@@ -838,64 +845,69 @@ static njs_int_t
 njs_function_constructor(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
 njs_index_t unused)
 {
-size_t  size;
-u_char  *start, *end;
-njs_int_t   ret;
-njs_str_t   str, file;
-njs_uint_t  i;
-njs_lexer_t lexer;
-njs_parser_t*parser;
-njs_generator_t generator;
-njs_parser_scope_t  *scope;
+njs_chb_t  chain;
+njs_int_t  ret;
+njs_str_t  str, file;
+njs_uint_t i;
+njs_value_t*body;
+njs_lexer_tlexer;
+njs_parser_t   *parser;
+njs_function_t *function;
+njs_generator_tgenerator;
+njs_parser_scope_t *scope;
+njs_function_lambda_t  *lambda;
+njs_vmcode_function_t  *code;
 
 if (!vm->options.unsafe) {
-njs_type_error(vm, "function constructor is disabled in \"safe\" 
mode");
-return NJS_ERROR;
+body = njs_argument(args, nargs - 1);
+ret = njs_value_to_string(vm, body, body);
+if (njs_slow_path(ret != NJS_OK)) {
+return ret;
+}
+
+njs_string_get(body, );
+
+/*
+ * Safe mode exception:
+ * "(new Function('return this'))" is often used to get
+ * the global object in a portable way.
+ */
+
+if (str.length != njs_length("return this")
+|| memcmp(str.start, "return this", 11) != 0)
+{
+njs_type_error(vm, "function constructor is disabled"
+   " in \"safe\" mode");
+return NJS_ERROR;
+}
 }
 
-if (nargs < 2) {
-start = (u_char *) "(function(){})";
-end = start + njs_length("(function(){})");
+njs_chb_init(, vm->mem_pool);
 
-} else {
-size = njs_length("(function(") + nargs + njs_length("){})");
+njs_chb_append_literal(, "(function(");
 
-for (i = 1; i < nargs; i++) {
-if (!njs_is_string([i])) {
-ret = njs_value_to_string(vm, [i], [i]);
-if (ret != NJS_OK) {
-return ret;
-}
-}
-
-njs_string_get([i], );
-size += str.length;
+for (i = 1; i < nargs - 1; i++) {
+ret = njs_value_to_chain(vm, , njs_argument(args, i));
+if (njs_slow_path(ret < NJS_OK)) {
+return ret;
 }
 
-start = njs_mp_alloc(vm->mem_pool, size);
-if (njs_slow_path(start == NULL)) {
-return NJS_ERROR;
-}
+njs_chb_append_literal(, ",");
+}
 
-end = njs_cpymem(start, "(function(", njs_length("(function("));
-
-for (i = 1; i < nargs - 1; i++) {
-if (i != 1) {
-*end++ = ',';
-}
+njs_chb_append_literal(, "){");
 
-njs_string_get([i], );
-end = njs_cpymem(end, str.start, str.length);
-}
+ret = njs_value_to_chain(vm, , njs_argument(args, nargs - 1));
+if (njs_slow_path(ret < NJS_OK)) {
+return ret;
+}
 
-*end++ = ')';
-*end++ = '{';
+njs_chb_append_literal(, "})");
 
-njs_string_get([nargs - 1], );
-end = njs_cpymem(end, str.start, str.length);
-
-