nginx: src/event/ngx_event_openssl.c comparison

comparison src/event/ngx_event_openssl.c @ 6854:75e7d55214bd

SSL: support AES256 encryption of tickets. This implies ticket key size of 80 bytes instead of previously used 48, as both HMAC and AES keys are 32 bytes now. When an old 48-byte ticket key is provided, we fall back to using backward-compatible AES128 encryption. OpenSSL switched to using AES256 in 1.1.0, and we are providing equivalent security. While here, order of HMAC and AES keys was reverted to make the implementation compatible with keys used by OpenSSL with SSL_CTX_set_tlsext_ticket_keys(). Prodded by Christian Klinger.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Fri, 23 Dec 2016 17:28:20 +0300
parents	25d0d6dabe00
children	5cb85b0ee00b

comparison

equal deleted inserted replaced

-:c85dfd99a2dd
+:75e7d55214bd
 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
 ngx_int_t
 ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *paths)
 {
-u_char                         buf[48];
+u_char                         buf[80];
+size_t                         size;
 ssize_t                        n;
 ngx_str_t                     *path;
 ngx_file_t                     file;
 ngx_uint_t                     i;
 ngx_array_t                   *keys;
 ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
 ngx_fd_info_n " \"%V\" failed", &file.name);
 goto failed;
 }
-if (ngx_file_size(&fi) != 48) {
+size = ngx_file_size(&fi);
+if (size != 48 && size != 80) {
 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
-"\"%V\" must be 48 bytes", &file.name);
+"\"%V\" must be 48 or 80 bytes", &file.name);
 goto failed;
 }
-n = ngx_read_file(&file, buf, 48, 0);
+n = ngx_read_file(&file, buf, size, 0);
 if (n == NGX_ERROR) {
 ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno,
 ngx_read_file_n " \"%V\" failed", &file.name);
 goto failed;
 }
-if (n != 48) {
+if ((size_t) n != size) {
 ngx_conf_log_error(NGX_LOG_CRIT, cf, 0,
 ngx_read_file_n " \"%V\" returned only "
-"%z bytes instead of 48", &file.name, n);
+"%z bytes instead of %uz", &file.name, n, size);
 goto failed;
 }
 key = ngx_array_push(keys);
 if (key == NULL) {
 goto failed;
 }
-ngx_memcpy(key->name, buf, 16);
+if (size == 48) {
-ngx_memcpy(key->aes_key, buf + 16, 16);
+key->size = 48;
-ngx_memcpy(key->hmac_key, buf + 32, 16);
+ngx_memcpy(key->name, buf, 16);
+ngx_memcpy(key->aes_key, buf + 16, 16);
+ngx_memcpy(key->hmac_key, buf + 32, 16);
+} else {
+key->size = 80;
+ngx_memcpy(key->name, buf, 16);
+ngx_memcpy(key->hmac_key, buf + 16, 32);
+ngx_memcpy(key->aes_key, buf + 48, 32);
+}
 if (ngx_close_file(file.fd) == NGX_FILE_ERROR) {
 ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
 ngx_close_file_n " \"%V\" failed", &file.name);
 }
 static int
 ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx,
 HMAC_CTX *hctx, int enc)
 {
+size_t                         size;
 SSL_CTX                       *ssl_ctx;
 ngx_uint_t                     i;
 ngx_array_t                   *keys;
 ngx_connection_t              *c;
 ngx_ssl_session_ticket_key_t  *key;
 #endif
 c = ngx_ssl_get_connection(ssl_conn);
 ssl_ctx = c->ssl->session_ctx;
-cipher = EVP_aes_128_cbc();
 #ifdef OPENSSL_NO_SHA256
 digest = EVP_sha1();
 #else
 digest = EVP_sha256();
 #endif
 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "ssl session ticket encrypt, key: \"%*s\" (%s session)",
 ngx_hex_dump(buf, key[0].name, 16) - buf, buf,
 SSL_session_reused(ssl_conn) ? "reused" : "new");
+if (key[0].size == 48) {
+cipher = EVP_aes_128_cbc();
+size = 16;
+} else {
+cipher = EVP_aes_256_cbc();
+size = 32;
+}
 if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) {
 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "RAND_bytes() failed");
 return -1;
 }
 "EVP_EncryptInit_ex() failed");
 return -1;
 }
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
-if (HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL) != 1) {
+if (HMAC_Init_ex(hctx, key[0].hmac_key, size, digest, NULL) != 1) {
 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
 return -1;
 }
 #else
-HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL);
+HMAC_Init_ex(hctx, key[0].hmac_key, size, digest, NULL);
 #endif
 ngx_memcpy(name, key[0].name, 16);
 return 1;
 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
 "ssl session ticket decrypt, key: \"%*s\"%s",
 ngx_hex_dump(buf, key[i].name, 16) - buf, buf,
 (i == 0) ? " (default)" : "");
+if (key[i].size == 48) {
+cipher = EVP_aes_128_cbc();
+size = 16;
+} else {
+cipher = EVP_aes_256_cbc();
+size = 32;
+}
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
-if (HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL) != 1) {
+if (HMAC_Init_ex(hctx, key[i].hmac_key, size, digest, NULL) != 1) {
 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
 return -1;
 }
 #else
-HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL);
+HMAC_Init_ex(hctx, key[i].hmac_key, size, digest, NULL);
 #endif
 if (EVP_DecryptInit_ex(ectx, cipher, NULL, key[i].aes_key, iv) != 1) {
 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
 "EVP_DecryptInit_ex() failed");

Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 6854:75e7d55214bd