Releases: nginx-modules/ngx_http_hmac_secure_link_module
Releases · nginx-modules/ngx_http_hmac_secure_link_module
Release list
ngx_http_hmac_secure_link_module v2.0.0
RFC 7231 timestamps, OpenSSL 3.x, 14 bug fixes, full test suite
Add RFC 7231/IMF-fixdate and ISO 8601 'Z' suffix timestamp parsing, port HMAC computation to the OpenSSL 3.0 EVP_MAC API, fix 14 correctness and safety bugs found during code review, and add a full Perl test suite with CI.
Timestamp Parsing
- ISO 8601 Support: Added UTC
'Z'suffix support ("YYYY-MM-DDThh:mm:ssZ"). Previously, these strings fell through to the Unix branch and were silently misread. - RFC 7231 / IMF-fixdate: Added support for
"Day, DD Mon YYYY hh:mm:ss GMT", including case-insensitive month-name lookup (per RFC 7231 §7.1.1.1). - Comma Parsing Fix: Resolved an internal-comma bug where the comma in
"Sun, 06 Nov …"was mistaken for a field separator. It is now correctly skipped during boundary detection. - Validation Logic:
- Extracted
ngx_http_secure_link_gauss()to perform calendar-field range checks (Year ≥ 1970, Month 1–12, Day 1–31, etc.). - Centralized logic in
ngx_http_secure_link_parse_ts(), which returns(time_t)-1on any failure.
- Extracted
Security & Correctness
- Y2038 Overflow Fix: Changed
365 * year(int calculation) to(time_t)year * 365. This promotes arithmetic to the wider type, preventing overflows on large dates. - Strict Unix Validation: Replaced
sscanf "%llu"with a digit-only byte scan followed byngx_atotm(). This prevents fragments like"2025"from being accepted as valid timestamps. - Type Mismatch Fix: Resolved a
size_tvsunsigned intmismatch. Passing(u_int*)&hmac.lentoHMAC()caused memory corruption on LP64 and Big-Endian systems. Now uses a localunsigned int hmac_len. - Variable Handling: Fixed
$secure_link_hmac_expiresincorrectly returning token bytes by ensuringctx->expirespoints to the actual expiry-period substring. - OpenSSL Error Handling: Added checks for
EVP_MD_size(). OpenSSL 3.0 returns-1on error; previously, an unchecked cast produced a huge length passed toCRYPTO_memcmp. - Sign Logic: Refactored GMT-offset sign detection using
if/else if/elseto ensure unexpected characters cannot bypass the offset application.
OpenSSL Compatibility
- API Migration: Wrapped HMAC computation in
ngx_http_secure_link_hmac_compute().- Uses
EVP_MACon OpenSSL >= 3.0 to avoid deprecation warnings. - Falls back to
HMAC()on OpenSSL 1.x.
- Uses
- Macro Wrappers:
NGX_HMAC_MD_SIZEnow abstractsEVP_MD_size(1.x) andEVP_MD_get_size(3.x). - Guard Rails: Added
key.lenoverflow guards before narrowingsize_ttoint.
Code Quality
- Portable sscanf: Removed incorrect
(ngx_tm_t*)casts; used plainint*for%dcompatibility across platforms. - Format String Fix: Changed
%02dto%2dinsscanf. The0flag is aprintffeature and is ignored byscanf. - Debug Logging: Fixed timestamp width in logs; it now uses the actual substring length
(int)(ts_end - ts_start)instead of a hardcoded 25 bytes. - Static Analysis: Resolved all
cppcheck --enable=allwarnings by narrowing variable scopes and markingconstpointers.
Documentation & Examples
- Changelog: Replaced the verbose "BUGS FIXED" block with a concise summary; full rationale lives in
CHANGELOG.md. - Separator Rules:
secure_link_hmac: Separator is always a comma (hardcoded).secure_link_hmac_message: Separator is operator-defined (pipe, colon, slash, none, …).
- Variable Docs: Detailed documentation for
$secure_link_hmac,$secure_link_hmac_expires, and$secure_link_hmac_tokenregarding evaluation ordering. - Client Implementation Examples:
- PHP:
gmdate() - Node.js:
toUTCString() - Python:
isoformat()with'Z'suffix.
- PHP:
ngx_http_hmac_secure_link_module v0.3
- Added support for Unix Timestamp (#9)
- Fixed format specifiers iso8601
ngx_http_hmac_secure_link_module v0.2
- Compatibility with ngx_http_secure_link_module
- Bugfix compilation on the latest gcc
ngx_http_hmac_secure_link_module v0.1
Update ngx_http_hmac_secure_link_module.c