Welcome! Log In Create A New Profile

[nginx] SSL: factored out digest and cipher in session ticket callback.

Forum List Message List New Topic Print View

Sergey Kandaurov

September 12, 2016 12:06PM

details: http://hg.nginx.org/nginx/rev/f28e74f02c88
branches:
changeset: 6686:f28e74f02c88
user: Sergey Kandaurov <pluknet@nginx.com>
date: Mon Sep 12 18:57:42 2016 +0300
description:
SSL: factored out digest and cipher in session ticket callback.

No functional changes.

diffstat:

src/event/ngx_event_openssl.c | 28 ++++++++++++++--------------
1 files changed, 14 insertions(+), 14 deletions(-)

diffs (66 lines):

diff -r 4a16fceea03b -r f28e74f02c88 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Sep 08 15:51:36 2016 +0300
+++ b/src/event/ngx_event_openssl.c Mon Sep 12 18:57:42 2016 +0300
@@ -2941,13 +2941,6 @@ failed:
}

-#ifdef OPENSSL_NO_SHA256
-#define ngx_ssl_session_ticket_md EVP_sha1
-#else
-#define ngx_ssl_session_ticket_md EVP_sha256
-#endif
-
-
static int
ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx,
@@ -2958,6 +2951,8 @@ ngx_ssl_session_ticket_key_callback(ngx_
ngx_array_t *keys;
ngx_connection_t *c;
ngx_ssl_session_ticket_key_t *key;
+ const EVP_MD *digest;
+ const EVP_CIPHER *cipher;
#if (NGX_DEBUG)
u_char buf[32];
#endif
@@ -2965,6 +2960,13 @@ ngx_ssl_session_ticket_key_callback(ngx_
c = ngx_ssl_get_connection(ssl_conn);
ssl_ctx = c->ssl->session_ctx;

+ cipher = EVP_aes_128_cbc();
+#ifdef OPENSSL_NO_SHA256
+ digest = EVP_sha1();
+#else
+ digest = EVP_sha256();
+#endif
+
keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index);
if (keys == NULL) {
return -1;
@@ -2980,10 +2982,9 @@ ngx_ssl_session_ticket_key_callback(ngx_
ngx_hex_dump(buf, key[0].name, 16) - buf, buf,
SSL_session_reused(ssl_conn) ? "reused" : "new");

- RAND_bytes(iv, 16);
- EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv);
- HMAC_Init_ex(hctx, key[0].hmac_key, 16,
- ngx_ssl_session_ticket_md(), NULL);
+ RAND_bytes(iv, EVP_CIPHER_iv_length(cipher));
+ EVP_EncryptInit_ex(ectx, cipher, NULL, key[0].aes_key, iv);
+ HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL);
ngx_memcpy(name, key[0].name, 16);

return 1;
@@ -3010,9 +3011,8 @@ ngx_ssl_session_ticket_key_callback(ngx_
ngx_hex_dump(buf, key[i].name, 16) - buf, buf,
(i == 0) ? " (default)" : "");

- HMAC_Init_ex(hctx, key[i].hmac_key, 16,
- ngx_ssl_session_ticket_md(), NULL);
- EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[i].aes_key, iv);
+ HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL);
+ EVP_DecryptInit_ex(ectx, cipher, NULL, key[i].aes_key, iv);

return (i == 0) ? 1 : 2 /* renew */;
}

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] SSL: factored out digest and cipher in session ticket callback.	Sergey Kandaurov	301	September 12, 2016 12:06PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 170

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018