Re: SSL Configuration Generator https://ssl-config.mozilla.org/
On 10.01.2020 15:04, Maxim Dounin wrote: Если создатели сайта https://ssl-config.mozilla.org/ ошибаются, то осознать свою ошибку они смогут наверное только после того, как им об этом напишет кто-то из разработчиков nginx? Нет, разработчики nginx тут ни при чём. Тут вопрос исключительно в том, что именно хотят разрешить авторы конфигурации, а что - нет. Они явно хотят разрешить DHE-шифры, и явно специально написали как директиву ssl_dhparam, так и DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 в списке шифров. Возможно, тут дело в том, что предлагаемый список шифров - закрытый, и шифров без forward secrecy там вообще нет. И соответственно DHE-шифры оставлены для того, чтобы какие-то соверменные, но малораспространённые клиенты без поддержки ECDH вообще хоть как-то могли коммуницировать с сервером. Да, Вы правы. Проблема есть с IE11 - по данным w3counter.com этот браузер имеет 2.30% Browser Market Share и вместе с тем, в случае использования RSA сертификата, IE11 не умеет использовать ECDHE, и именно по этой причине в списке шифров были оставлены DHE-шифры с RSA сертификатами. Если же на сервере используется ECDSA сертификат - в таком случае IE11 умеет использовать ECDHE, тогда нет никакой необходимости использовать директиву ssl_dhparam и можно выключать все DHE-* шифры и все *-RSA-* шифры в директиве ssl_ciphers, оставив там только три самых нормальных ECDHE-ECDSA шифра ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-CHACHA20-POLY1305 в режиме ssl_prefer_server_ciphers off; 0. Кстати, причин, чтобы использвать ECDSA и RSA сертификаты одновременно для сервера в котором разрешены только протоколы TLS 1.2 и TLS 1.3 - я так и не смог найти. По всей видимости, одновременное использование ECDSA и RSA сертификатов имеет смысл только для тех серверов, в которых разрешено использование протоколов TLS 1.0 и TLS 1.1. Или я тут ошибся? В багтрекере страницы https://wiki.mozilla.org/Security/Server_Side_TLS а именно в issue https://github.com/mozilla/server-side-tls/issues/268 я немного пообщался теми людьми, которые редактируют эту вики страницу, узнал от них много нового и интересного про причины, почему сайт https://ssl-config.mozilla.org/ выдает именно такие рекомендации. Сейчас готовлю сервер для тестирования скорости работы ECDHE с различными вариантами ssl_ecdh_curve и ssl_ciphers и DHE с различными вариантами ssl_dhparam и ssl_ciphers и в процессе настройки nginx наткнулся на проблемы. Параметры сборки nginx из исходников на CentOS 7: # nginx -V nginx version: nginx/1.17.8 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.1.1d 10 Sep 2019 TLS SNI support enabled configure arguments: --with-http_ssl_module --with-openssl=/root/src/openssl-1.1.1d --with-pcre=/root/src/pcre-8.43 --without-http_gzip_module Проблемы: 1. В документации http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols написано, что директиву ssl_protocols можно задавать на уровне server. Однако - если в default_server было задано ssl_protocols TLSv1.2; то в других server`ах директива ssl_protocols TLSv1.3; не работает. И наоборот, если в default_server задано ssl_protocols TLSv1.3; то в других server`ах директива ssl_protocols TLSv1.2; не работает. Это где ошибка - в документации на сайте или в коде nginx 1.17.8? 2. Аналогичная проблема и с директивой ssl_ecdh_curve: В документации http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ecdh_curve написано, что директиву ssl_ecdh_curve можно задавать на уровне server. Однако, nginx на эту директиву вообще никак не реагирует. У меня есть три тестовых сервера: server_name tls13-ecdsa-ecdhe-x25519.ideil.com; ssl_ecdh_curve X25519; server_name tls13-ecdsa-ecdhe-prime256v1.ideil.com; ssl_ecdh_curve prime256v1; server_name tls13-ecdsa-ecdhe-secp384r1.ideil.com; ssl_ecdh_curve secp384r1; В действительности - везде используется X25519 для Server Temp Key. Это где ошибка - в документации на сайте или в коде nginx 1.17.8? 3. Третий вопрос, если можно: Тикет https://trac.nginx.org/nginx/ticket/1529 читал но по причине https://github.com/openssl/openssl/issues/7938 - что нам с этим всем делать? Как управлять ciphers в TLS 1.3 ? Может быть все-таки имеет смысл сделать [недокументированную (?)] директиву ssl_ciphersuites которая будет управлять шифрами для TLS 1.3 ? Оставив директиву ssl_ciphers для управления шифрами TLS 1.2 и 1.1/1.0 ? Чтобы можно было, например, для теста настроить все возможные комбинации шифров TLS 1.3 (их всего три) и все возможные комбинации рекомендуемых сайтом https://wiki.mozilla.org/Security/Server_Side_TLS вариантов ecdh curve (их тоже всего три: X25519, prime256v1, secp384r1). Итого - только для TLS 1.3 получается всего 9 возможных комбинаций. Для всех возможных комбинаций - необходимо будет 36 различных серверов. Кстати, google пошел еще дальше, и в конфигурации для www.google.com сделал возможность отдельно
njs-0.3.8
Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release proceeds to extend the coverage of ECMAScript specifications. This release adds Promise object support and typed-arrays from ES6. Notable new features: - Promise support in r.subrequest(): : r.subrequest(r, '/auth') : .then(reply => JSON.parse(reply.responseBody)) : .then(response => { : if (!response['token']) { : throw new Error("token is not available"); : } : return token; : }) : .then(token => { : r.subrequest('/backend', `token=${token}`) : .then(reply => r.return(reply.status, reply.responseBody)); : }) : .catch(_ => r.return(500)); You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs - Using node modules with njs: http://nginx.org/en/docs/njs/node_modules.html Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.8 21 Jan 2020 nginx modules: *) Feature: added Promise support for r.subrequest(). If callback is not provided r.subrequest() returns an ordinary Promise object that resolves to subrequest response object. *) Change: r.parent property handler now returns "undefined" instead of throwing exception if parent object is not available. Core: *) Feature: added Promise support. Implemented according to the specification without: Promise.all(), Promise.allSettled(), Promise.race(). *) Feature: added initial Typed-arrays support. Thanks to Tiago Natel de Moura. *) Feature: added ArrayBuffer support. Thanks to Tiago Natel de Moura. *) Feature: added initial Symbol support. Thanks to Artem S. Povalyukhin. *) Feature: added externals supopor for JSON.stringify(). *) Feature: added Object.is(). Thanks to Artem S. Povalyukhin. *) Feature: added Object.setPrototypeOf(). Thanks to Artem S. Povalyukhin. *) Feature: introduced nullish coalescing operator. Thanks to Valentin Bartenev. *) Bugfix: fixed Object.getPrototypeOf() according to the specification. *) Bugfix: fixed Object.prototype.valueOf() according to the specification. *) Bugfix: fixed JSON.stringify() with unprintable values and replacer function. *) Bugfix: fixed operator "in" according to the specification. *) Bugfix: fixed Object.defineProperties() according to the specification. *) Bugfix: fixed Object.create() according to the specification. Thanks to Artem S. Povalyukhin. *) Bugfix: fixed Number.prototype.toString(radix) when fast-math is enabled. *) Bugfix: fixed RegExp() instance properties. *) Bugfix: fixed import segfault. Thanks to 洪志道 (Hong Zhi Dao). ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
[nginx-announce] njs-0.3.8
Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release proceeds to extend the coverage of ECMAScript specifications. This release adds Promise object support and typed-arrays from ES6. Notable new features: - Promise support in r.subrequest(): : r.subrequest(r, '/auth') : .then(reply => JSON.parse(reply.responseBody)) : .then(response => { : if (!response['token']) { : throw new Error("token is not available"); : } : return token; : }) : .then(token => { : r.subrequest('/backend', `token=${token}`) : .then(reply => r.return(reply.status, reply.responseBody)); : }) : .catch(_ => r.return(500)); You can learn more about njs: - Overview and introduction: http://nginx.org/en/docs/njs/ - Presentation: https://youtu.be/Jc_L6UffFOs - Using node modules with njs: http://nginx.org/en/docs/njs/node_modules.html Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel Changes with njs 0.3.8 21 Jan 2020 nginx modules: *) Feature: added Promise support for r.subrequest(). If callback is not provided r.subrequest() returns an ordinary Promise object that resolves to subrequest response object. *) Change: r.parent property handler now returns "undefined" instead of throwing exception if parent object is not available. Core: *) Feature: added Promise support. Implemented according to the specification without: Promise.all(), Promise.allSettled(), Promise.race(). *) Feature: added initial Typed-arrays support. Thanks to Tiago Natel de Moura. *) Feature: added ArrayBuffer support. Thanks to Tiago Natel de Moura. *) Feature: added initial Symbol support. Thanks to Artem S. Povalyukhin. *) Feature: added externals supopor for JSON.stringify(). *) Feature: added Object.is(). Thanks to Artem S. Povalyukhin. *) Feature: added Object.setPrototypeOf(). Thanks to Artem S. Povalyukhin. *) Feature: introduced nullish coalescing operator. Thanks to Valentin Bartenev. *) Bugfix: fixed Object.getPrototypeOf() according to the specification. *) Bugfix: fixed Object.prototype.valueOf() according to the specification. *) Bugfix: fixed JSON.stringify() with unprintable values and replacer function. *) Bugfix: fixed operator "in" according to the specification. *) Bugfix: fixed Object.defineProperties() according to the specification. *) Bugfix: fixed Object.create() according to the specification. Thanks to Artem S. Povalyukhin. *) Bugfix: fixed Number.prototype.toString(radix) when fast-math is enabled. *) Bugfix: fixed RegExp() instance properties. *) Bugfix: fixed import segfault. Thanks to 洪志道 (Hong Zhi Dao). ___ nginx-announce mailing list nginx-announce@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-announce
Re: [nginx-announce] nginx-1.17.8
Hello Nginx users, Now available: Nginx 1.17.8 for Windows https:// kevinworthington.com/nginxwin1178 (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available here: Twitter http://twitter.com/kworthington Thank you, Kevin -- Kevin Worthington kworthington *@* (gmail] [dot} {com) https://kevinworthington.com/ https://twitter.com/kworthington On Tue, Jan 21, 2020 at 8:55 AM Maxim Dounin wrote: > Changes with nginx 1.17.821 Jan > 2020 > > *) Feature: variables support in the "grpc_pass" directive. > > *) Bugfix: a timeout might occur while handling pipelined requests in > an >SSL connection; the bug had appeared in 1.17.5. > > *) Bugfix: in the "debug_points" directive when using HTTP/2. >Thanks to Daniil Bondarev. > > > -- > Maxim Dounin > http://nginx.org/ > ___ > nginx-announce mailing list > nginx-annou...@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-announce > ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
nginx-1.17.8
Изменения в nginx 1.17.8 21.01.2020 *) Добавление: директива grpc_pass поддерживает переменные. *) Исправление: при обработке pipelined-запросов по SSL-соединению мог произойти таймаут; ошибка появилась в 1.17.5. *) Исправление: в директиве debug_points при использовании HTTP/2. Спасибо Даниилу Бондареву. -- Maxim Dounin http://nginx.org/ ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
[nginx-announce] nginx-1.17.8
Changes with nginx 1.17.821 Jan 2020 *) Feature: variables support in the "grpc_pass" directive. *) Bugfix: a timeout might occur while handling pipelined requests in an SSL connection; the bug had appeared in 1.17.5. *) Bugfix: in the "debug_points" directive when using HTTP/2. Thanks to Daniil Bondarev. -- Maxim Dounin http://nginx.org/ ___ nginx-announce mailing list nginx-announce@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-announce
nginx-1.17.8
Changes with nginx 1.17.821 Jan 2020 *) Feature: variables support in the "grpc_pass" directive. *) Bugfix: a timeout might occur while handling pipelined requests in an SSL connection; the bug had appeared in 1.17.5. *) Bugfix: in the "debug_points" directive when using HTTP/2. Thanks to Daniil Bondarev. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
[nginx] nginx-1.17.8-RELEASE
details: https://hg.nginx.org/nginx/rev/fdacd273711d branches: changeset: 7620:fdacd273711d user: Maxim Dounin date: Tue Jan 21 16:39:41 2020 +0300 description: nginx-1.17.8-RELEASE diffstat: docs/xml/nginx/changes.xml | 36 1 files changed, 36 insertions(+), 0 deletions(-) diffs (46 lines): diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -5,6 +5,42 @@ + + + + +директива grpc_pass поддерживает переменные. + + +variables support in the "grpc_pass" directive. + + + + + +при обработке pipelined-запросов по SSL-соединению мог произойти таймаут; +ошибка появилась в 1.17.5. + + +a timeout might occur while handling pipelined requests in an SSL connection; +the bug had appeared in 1.17.5. + + + + + +в директиве debug_points при использовании HTTP/2. +Спасибо Даниилу Бондареву. + + +in the "debug_points" directive when using HTTP/2. +Thanks to Daniil Bondarev. + + + + + + ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.17.8 tag
details: https://hg.nginx.org/nginx/rev/b8a512c6466c branches: changeset: 7621:b8a512c6466c user: Maxim Dounin date: Tue Jan 21 16:39:42 2020 +0300 description: release-1.17.8 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff --git a/.hgtags b/.hgtags --- a/.hgtags +++ b/.hgtags @@ -446,3 +446,4 @@ ce2ced3856909f36f8130c99eaa4dbdbae636ddc 9af0dddbddb2c368bfedd2801bc100ffad01e19b release-1.17.5 de68d0d94320cbf033599c6f3ca37e5335c67fd7 release-1.17.6 e56295fe0ea76bf53b06bffa77a2d3a9a335cb8c release-1.17.7 +fdacd273711ddf20f778c1fb91529ab53979a454 release-1.17.8 ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[njs] Added tag 0.3.8 for changeset 1abb97e9d9dc
details: https://hg.nginx.org/njs/rev/5396e72ca030 branches: changeset: 1310:5396e72ca030 user: Dmitry Volyntsev date: Tue Jan 21 16:30:20 2020 +0300 description: Added tag 0.3.8 for changeset 1abb97e9d9dc diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 1abb97e9d9dc -r 5396e72ca030 .hgtags --- a/.hgtags Tue Jan 21 16:06:20 2020 +0300 +++ b/.hgtags Tue Jan 21 16:30:20 2020 +0300 @@ -31,3 +31,4 @@ 8eadbb3a7c7b7c3426f73adabfa251cd9d296752 b7fa83f27f1b64443b88c990e1851f59583b2182 0.3.5 7b302775917b72537e1abdbd5dc9d04e55a7d582 0.3.6 9e5ef927c7eaed003de3e5e4a16fa3eab08de7f7 0.3.7 +1abb97e9d9dc07dcff2616d4c75132e6d189a6aa 0.3.8 ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[njs] Version 0.3.8.
details: https://hg.nginx.org/njs/rev/1abb97e9d9dc branches: changeset: 1309:1abb97e9d9dc user: Dmitry Volyntsev date: Tue Jan 21 16:06:20 2020 +0300 description: Version 0.3.8. diffstat: CHANGES | 62 ++ LICENSE | 7 --- 2 files changed, 66 insertions(+), 3 deletions(-) diffs (84 lines): diff -r a34f1293edba -r 1abb97e9d9dc CHANGES --- a/CHANGES Tue Jan 21 16:03:30 2020 +0300 +++ b/CHANGES Tue Jan 21 16:06:20 2020 +0300 @@ -1,3 +1,65 @@ + +Changes with njs 0.3.8 21 Jan 2020 + +nginx modules: + +*) Feature: added Promise support for r.subrequest(). If callback + is not provided r.subrequest() returns an ordinary Promise object + that resolves to subrequest response object. + +*) Change: r.parent property handler now returns "undefined" + instead of throwing exception if parent object is not available. + +Core: + +*) Feature: added Promise support. Implemented according to + the specification without: Promise.all(), Promise.allSettled(), + Promise.race(). + +*) Feature: added initial Typed-arrays support. + Thanks to Tiago Natel de Moura. + +*) Feature: added ArrayBuffer support. + Thanks to Tiago Natel de Moura. + +*) Feature: added initial Symbol support. + Thanks to Artem S. Povalyukhin. + +*) Feature: added externals supopor for JSON.stringify(). + +*) Feature: added Object.is(). + Thanks to Artem S. Povalyukhin. + +*) Feature: added Object.setPrototypeOf(). + Thanks to Artem S. Povalyukhin. + +*) Feature: introduced nullish coalescing operator. + Thanks to Valentin Bartenev. + +*) Bugfix: fixed Object.getPrototypeOf() according to the + specification. + +*) Bugfix: fixed Object.prototype.valueOf() according to the + specification. + +*) Bugfix: fixed JSON.stringify() with unprintable values and + replacer function. + +*) Bugfix: fixed operator "in" according to the specification. + +*) Bugfix: fixed Object.defineProperties() according to the + specification. + +*) Bugfix: fixed Object.create() according to the specification. + Thanks to Artem S. Povalyukhin. + +*) Bugfix: fixed Number.prototype.toString(radix) when + fast-math is enabled. + +*) Bugfix: fixed RegExp() instance properties. + +*) Bugfix: fixed import segfault. + Thanks to 洪志道 (Hong Zhi Dao). Changes with njs 0.3.7 19 Nov 2019 diff -r a34f1293edba -r 1abb97e9d9dc LICENSE --- a/LICENSE Tue Jan 21 16:03:30 2020 +0300 +++ b/LICENSE Tue Jan 21 16:06:20 2020 +0300 @@ -1,7 +1,8 @@ /* - * Copyright (C) 2015-2019 NGINX, Inc. - * Copyright (C) 2015-2019 Igor Sysoev - * Copyright (C) 2017-2019 Dmitry Volyntsev + * Copyright (C) 2015-2020 NGINX, Inc. + * Copyright (C) 2015-2020 Igor Sysoev + * Copyright (C) 2017-2020 Dmitry Volyntsev + * Copyright (C) 2019-2020 Alexander Borisov * All rights reserved. * * Redistribution and use in source and binary forms, with or without ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[njs] Added %TypedArray%.prototype.subarray().
details: https://hg.nginx.org/njs/rev/5cf918cc0d06 branches: changeset: 1307:5cf918cc0d06 user: Dmitry Volyntsev date: Tue Jan 21 16:01:48 2020 +0300 description: Added %TypedArray%.prototype.subarray(). diffstat: src/njs_typed_array.c| 87 ++- src/test/njs_unit_test.c | 32 + 2 files changed, 87 insertions(+), 32 deletions(-) diffs (188 lines): diff -r 142b3fec5d4f -r 5cf918cc0d06 src/njs_typed_array.c --- a/src/njs_typed_array.c Tue Jan 21 16:01:45 2020 +0300 +++ b/src/njs_typed_array.c Tue Jan 21 16:01:48 2020 +0300 @@ -607,10 +607,10 @@ njs_typed_array_prototype_fill(njs_vm_t static njs_int_t njs_typed_array_species_create(njs_vm_t *vm, njs_value_t *exemplar, -int64_t count, njs_value_t *retval) +njs_value_t *args, njs_uint_t nargs, njs_value_t *retval) { njs_int_t ret; -njs_value_tthis, constructor, argument; +njs_value_tthis, constructor; njs_object_t *object; njs_typed_array_t *array; @@ -630,10 +630,9 @@ njs_typed_array_species_create(njs_vm_t } njs_set_object(, object); -njs_set_number(, count); ret = njs_function_call2(vm, njs_function(), , - , 1, retval, 1); + args, nargs, retval, 1); if (njs_slow_path(ret != NJS_OK)) { return NJS_ERROR; } @@ -644,24 +643,18 @@ njs_typed_array_species_create(njs_vm_t return NJS_ERROR; } -array = njs_typed_array(retval); -if (njs_typed_array_length(array) < count) { -njs_type_error(vm, "Derived TypedArray constructor too small array"); -return NJS_ERROR; -} - return NJS_OK; } static njs_int_t njs_typed_array_prototype_slice(njs_vm_t *vm, njs_value_t *args, -njs_uint_t nargs, njs_index_t unused) +njs_uint_t nargs, njs_index_t copy) { -int64_t start, end, count; +int64_t start, end, count, offset; uint32_ti, element_size, length; njs_int_t ret; -njs_value_t *this, *value; +njs_value_t arguments[3], *this, *value; njs_typed_array_t *array, *new_array; njs_array_buffer_t *buffer, *new_buffer; @@ -698,32 +691,54 @@ njs_typed_array_prototype_slice(njs_vm_t end = (end < 0) ? njs_max(length + end, 0) : njs_min(end, length); -count = njs_max(end - start, 0); - -ret = njs_typed_array_species_create(vm, this, count, >retval); -if (njs_slow_path(ret != NJS_OK)) { -return ret; -} - -new_array = njs_typed_array(>retval); -new_buffer = njs_typed_array_buffer(new_array); element_size = njs_typed_array_element_size(array->type); -if (njs_fast_path(array->type == new_array->type)) { -start = start * element_size; -count = count * element_size; +if (copy) { +count = njs_max(end - start, 0); +njs_set_number([0], count); -memcpy(_buffer->u.u8[0], >u.u8[start], count); +ret = njs_typed_array_species_create(vm, this, + njs_value_arg(arguments), 1, + >retval); +if (njs_slow_path(ret != NJS_OK)) { +return ret; +} + +new_array = njs_typed_array(>retval); +if (njs_typed_array_length(new_array) < count) { +njs_type_error(vm, "Derived TypedArray constructor is " + "too small array"); +return NJS_ERROR; +} -} else { -for (i = 0; i < count; i++) { -njs_typed_array_set(new_array, i, -njs_typed_array_get(array, i + start)); +new_buffer = njs_typed_array_buffer(new_array); +element_size = njs_typed_array_element_size(array->type); + +if (njs_fast_path(array->type == new_array->type)) { +start = start * element_size; +count = count * element_size; + +memcpy(_buffer->u.u8[0], >u.u8[start], count); + +} else { +for (i = 0; i < count; i++) { +njs_typed_array_set(new_array, i, +njs_typed_array_get(array, i + start)); +} } + +return NJS_OK; } +offset = array->offset * element_size; +offset += start * element_size; -return NJS_OK; +njs_set_array_buffer([0], buffer); +njs_set_number([1], offset); +njs_set_number([2], njs_max(end - start, 0)); + +return njs_typed_array_species_create(vm, this, njs_value_arg(arguments), 3, + >retval); } @@ -1024,7 +1039,15 @@ static const njs_object_prop_t njs_type { .type = NJS_PROPERTY, .name = njs_string("slice"), -.value = njs_native_function(njs_typed_array_prototype_slice, 2), +.value =
[njs] Fixed %TypedArray%.prototype.fill().
details: https://hg.nginx.org/njs/rev/a34f1293edba branches: changeset: 1308:a34f1293edba user: Dmitry Volyntsev date: Tue Jan 21 16:03:30 2020 +0300 description: Fixed %TypedArray%.prototype.fill(). For subarrays starting from non-zero offset. diffstat: src/njs_typed_array.c| 30 -- src/njs_typed_array.h| 6 ++ src/test/njs_unit_test.c | 11 +++ 3 files changed, 29 insertions(+), 18 deletions(-) diffs (134 lines): diff -r 5cf918cc0d06 -r a34f1293edba src/njs_typed_array.c --- a/src/njs_typed_array.c Tue Jan 21 16:01:48 2020 +0300 +++ b/src/njs_typed_array.c Tue Jan 21 16:03:30 2020 +0300 @@ -491,7 +491,7 @@ njs_typed_array_prototype_fill(njs_vm_t int16_t i16; int32_t i32; uint8_t u8; -int64_t start, end; +int64_t start, end, offset; uint32_ti, length; njs_int_t ret; njs_value_t *this, *setval, lvalue; @@ -535,20 +535,22 @@ njs_typed_array_prototype_fill(njs_vm_t njs_set_typed_array(>retval, array); buffer = array->buffer; +offset = array->offset; switch (array->type) { case NJS_OBJ_TYPE_UINT8_CLAMPED_ARRAY: -if (num < 0) { -num = 0; +if (isnan(num) || num < 0) { +u8 = 0; } else if (num > 255) { -num = 255; +u8 = 255; + +} else { +u8 = lrint(num); } -u8 = lrint(num); - -for (i = start; i < end; i++) { -buffer->u.u8[i] = u8; +if (start < end) { +memset(>u.u8[start + offset], u8, end - start); } break; @@ -557,8 +559,8 @@ njs_typed_array_prototype_fill(njs_vm_t case NJS_OBJ_TYPE_INT8_ARRAY: i8 = njs_number_to_int32(num); -for (i = start; i < end; i++) { -buffer->u.u8[i] = i8; +if (start < end) { +memset(>u.u8[start + offset], i8, end - start); } break; @@ -568,7 +570,7 @@ njs_typed_array_prototype_fill(njs_vm_t i16 = njs_number_to_int32(num); for (i = start; i < end; i++) { -buffer->u.u16[i] = i16; +buffer->u.u16[i + offset] = i16; } break; @@ -578,7 +580,7 @@ njs_typed_array_prototype_fill(njs_vm_t i32 = njs_number_to_int32(num); for (i = start; i < end; i++) { -buffer->u.u32[i] = i32; +buffer->u.u32[i + offset] = i32; } break; @@ -587,7 +589,7 @@ njs_typed_array_prototype_fill(njs_vm_t f32 = num; for (i = start; i < end; i++) { -buffer->u.f32[i] = f32; +buffer->u.f32[i + offset] = f32; } break; @@ -597,7 +599,7 @@ njs_typed_array_prototype_fill(njs_vm_t /* NJS_OBJ_TYPE_FLOAT64_ARRAY. */ for (i = start; i < end; i++) { -buffer->u.f64[i] = num; +buffer->u.f64[i + offset] = num; } } diff -r 5cf918cc0d06 -r a34f1293edba src/njs_typed_array.h --- a/src/njs_typed_array.h Tue Jan 21 16:01:48 2020 +0300 +++ b/src/njs_typed_array.h Tue Jan 21 16:03:30 2020 +0300 @@ -103,11 +103,9 @@ njs_typed_array_set(njs_typed_array_t *a switch (array->type) { case NJS_OBJ_TYPE_UINT8_CLAMPED_ARRAY: -if (v < 0) { +if (isnan(v) || v < 0) { v = 0; -} - -if (v > 255) { +} else if (v > 255) { v = 255; } diff -r 5cf918cc0d06 -r a34f1293edba src/test/njs_unit_test.c --- a/src/test/njs_unit_test.c Tue Jan 21 16:01:48 2020 +0300 +++ b/src/test/njs_unit_test.c Tue Jan 21 16:03:30 2020 +0300 @@ -5005,6 +5005,11 @@ static njs_unit_test_t njs_test[] = " return (a[0] === 1 && a[1] === 12 && a[2] === 3 && a.length == 3)})"), njs_str("true") }, +{ njs_str(NJS_TYPED_ARRAY_LIST + ".every(v=>{var a = new v([0,0,0,0,0]).fill(8, -1, -3); " + " return njs.dump(a) === `${v.name} [0,0,0,0,0]`;})"), + njs_str("true") }, + { njs_str(NJS_INT_TYPED_ARRAY_LIST ".every(v=>{var a = new v([1,2,3]); a.fill('qq', 1, 2); " " return (a[0] === 1 && a[1] === 0 && a[2] === 3 && a.length == 3)})"), @@ -5341,6 +5346,12 @@ static njs_unit_test_t njs_test[] = njs_str("true") }, { njs_str(NJS_TYPED_ARRAY_LIST + ".every(v=>{var a = new v([1,2,3,4]); " + " a.subarray(1,10).fill(0);" + " return njs.dump(a) === `${v.name} [1,0,0,0]`;})"), + njs_str("true") }, + +{ njs_str(NJS_TYPED_ARRAY_LIST ".every(v=>{var a = new v([1,2,3]); " " var r = a.subarray(1,3);" " return a.buffer === r.buffer;})"), ___ nginx-devel mailing list
[njs] Fixed Function constructor according to the spec.
details: https://hg.nginx.org/njs/rev/142b3fec5d4f branches: changeset: 1306:142b3fec5d4f user: Dmitry Volyntsev date: Tue Jan 21 16:01:45 2020 +0300 description: Fixed Function constructor according to the spec. "this" value should point to the global object. diffstat: src/njs.h|2 +- src/njs_function.c | 127 ++ src/njs_value.h |3 +- src/test/njs_unit_test.c | 12 test/njs_expect_test.exp |6 ++ 5 files changed, 93 insertions(+), 57 deletions(-) diffs (242 lines): diff -r c735708203e8 -r 142b3fec5d4f src/njs.h --- a/src/njs.h Fri Jan 17 10:04:28 2020 +0300 +++ b/src/njs.h Tue Jan 21 16:01:45 2020 +0300 @@ -41,7 +41,7 @@ typedef struct { /* sizeof(njs_value_t) is 16 bytes. */ #define njs_argument(args, n) \ -(njs_value_t *) ((u_char *) args + n * 16) +(njs_value_t *) ((u_char *) args + (n) * 16) extern const njs_value_tnjs_value_undefined; diff -r c735708203e8 -r 142b3fec5d4f src/njs_function.c --- a/src/njs_function.cFri Jan 17 10:04:28 2020 +0300 +++ b/src/njs_function.cTue Jan 21 16:01:45 2020 +0300 @@ -463,7 +463,14 @@ njs_function_lambda_frame(njs_vm_t *vm, native_frame->arguments = value; if (bound == NULL) { -*value++ = *this; +*value = *this; + +if (njs_slow_path(function->global_this + && njs_is_null_or_undefined(this))) { +njs_set_object(value, >global_object); +} + +value++; } else { n = function->args_offset; @@ -838,64 +845,69 @@ static njs_int_t njs_function_constructor(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs, njs_index_t unused) { -size_t size; -u_char *start, *end; -njs_int_t ret; -njs_str_t str, file; -njs_uint_t i; -njs_lexer_t lexer; -njs_parser_t*parser; -njs_generator_t generator; -njs_parser_scope_t *scope; +njs_chb_t chain; +njs_int_t ret; +njs_str_t str, file; +njs_uint_t i; +njs_value_t*body; +njs_lexer_tlexer; +njs_parser_t *parser; +njs_function_t *function; +njs_generator_tgenerator; +njs_parser_scope_t *scope; +njs_function_lambda_t *lambda; +njs_vmcode_function_t *code; if (!vm->options.unsafe) { -njs_type_error(vm, "function constructor is disabled in \"safe\" mode"); -return NJS_ERROR; +body = njs_argument(args, nargs - 1); +ret = njs_value_to_string(vm, body, body); +if (njs_slow_path(ret != NJS_OK)) { +return ret; +} + +njs_string_get(body, ); + +/* + * Safe mode exception: + * "(new Function('return this'))" is often used to get + * the global object in a portable way. + */ + +if (str.length != njs_length("return this") +|| memcmp(str.start, "return this", 11) != 0) +{ +njs_type_error(vm, "function constructor is disabled" + " in \"safe\" mode"); +return NJS_ERROR; +} } -if (nargs < 2) { -start = (u_char *) "(function(){})"; -end = start + njs_length("(function(){})"); +njs_chb_init(, vm->mem_pool); -} else { -size = njs_length("(function(") + nargs + njs_length("){})"); +njs_chb_append_literal(, "(function("); -for (i = 1; i < nargs; i++) { -if (!njs_is_string([i])) { -ret = njs_value_to_string(vm, [i], [i]); -if (ret != NJS_OK) { -return ret; -} -} - -njs_string_get([i], ); -size += str.length; +for (i = 1; i < nargs - 1; i++) { +ret = njs_value_to_chain(vm, , njs_argument(args, i)); +if (njs_slow_path(ret < NJS_OK)) { +return ret; } -start = njs_mp_alloc(vm->mem_pool, size); -if (njs_slow_path(start == NULL)) { -return NJS_ERROR; -} +njs_chb_append_literal(, ","); +} -end = njs_cpymem(start, "(function(", njs_length("(function(")); - -for (i = 1; i < nargs - 1; i++) { -if (i != 1) { -*end++ = ','; -} +njs_chb_append_literal(, "){"); -njs_string_get([i], ); -end = njs_cpymem(end, str.start, str.length); -} +ret = njs_value_to_chain(vm, , njs_argument(args, nargs - 1)); +if (njs_slow_path(ret < NJS_OK)) { +return ret; +} -*end++ = ')'; -*end++ = '{'; +njs_chb_append_literal(, "})"); -njs_string_get([nargs - 1], ); -end = njs_cpymem(end, str.start, str.length); - -