Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 6687:dfa626cdde6b
SSL: improved session ticket callback error handling.
Prodded by Guido Vranken.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 12 Sep 2016 18:57:42 +0300 |
parents | f28e74f02c88 |
children | 9cf2dce316e5 |
comparison
equal
deleted
inserted
replaced
6686:f28e74f02c88 | 6687:dfa626cdde6b |
---|---|
2980 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2980 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
2981 "ssl session ticket encrypt, key: \"%*s\" (%s session)", | 2981 "ssl session ticket encrypt, key: \"%*s\" (%s session)", |
2982 ngx_hex_dump(buf, key[0].name, 16) - buf, buf, | 2982 ngx_hex_dump(buf, key[0].name, 16) - buf, buf, |
2983 SSL_session_reused(ssl_conn) ? "reused" : "new"); | 2983 SSL_session_reused(ssl_conn) ? "reused" : "new"); |
2984 | 2984 |
2985 RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)); | 2985 if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) { |
2986 EVP_EncryptInit_ex(ectx, cipher, NULL, key[0].aes_key, iv); | 2986 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "RAND_bytes() failed"); |
2987 return -1; | |
2988 } | |
2989 | |
2990 if (EVP_EncryptInit_ex(ectx, cipher, NULL, key[0].aes_key, iv) != 1) { | |
2991 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, | |
2992 "EVP_EncryptInit_ex() failed"); | |
2993 return -1; | |
2994 } | |
2995 | |
2996 #if OPENSSL_VERSION_NUMBER >= 0x10000000L | |
2997 if (HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL) != 1) { | |
2998 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed"); | |
2999 return -1; | |
3000 } | |
3001 #else | |
2987 HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL); | 3002 HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL); |
3003 #endif | |
3004 | |
2988 ngx_memcpy(name, key[0].name, 16); | 3005 ngx_memcpy(name, key[0].name, 16); |
2989 | 3006 |
2990 return 1; | 3007 return 1; |
2991 | 3008 |
2992 } else { | 3009 } else { |
3009 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 3026 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
3010 "ssl session ticket decrypt, key: \"%*s\"%s", | 3027 "ssl session ticket decrypt, key: \"%*s\"%s", |
3011 ngx_hex_dump(buf, key[i].name, 16) - buf, buf, | 3028 ngx_hex_dump(buf, key[i].name, 16) - buf, buf, |
3012 (i == 0) ? " (default)" : ""); | 3029 (i == 0) ? " (default)" : ""); |
3013 | 3030 |
3031 #if OPENSSL_VERSION_NUMBER >= 0x10000000L | |
3032 if (HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL) != 1) { | |
3033 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed"); | |
3034 return -1; | |
3035 } | |
3036 #else | |
3014 HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL); | 3037 HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL); |
3015 EVP_DecryptInit_ex(ectx, cipher, NULL, key[i].aes_key, iv); | 3038 #endif |
3039 | |
3040 if (EVP_DecryptInit_ex(ectx, cipher, NULL, key[i].aes_key, iv) != 1) { | |
3041 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, | |
3042 "EVP_DecryptInit_ex() failed"); | |
3043 return -1; | |
3044 } | |
3016 | 3045 |
3017 return (i == 0) ? 1 : 2 /* renew */; | 3046 return (i == 0) ? 1 : 2 /* renew */; |
3018 } | 3047 } |
3019 } | 3048 } |
3020 | 3049 |