Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 6687:dfa626cdde6b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: improved session ticket callback error handling. Prodded by Guido Vranken.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 12 Sep 2016 18:57:42 +0300
parents f28e74f02c88
children 9cf2dce316e5
comparison
equal deleted inserted replaced
6686:f28e74f02c88 6687:dfa626cdde6b
2980 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, 2980 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
2981 "ssl session ticket encrypt, key: \"%*s\" (%s session)", 2981 "ssl session ticket encrypt, key: \"%*s\" (%s session)",
2982 ngx_hex_dump(buf, key[0].name, 16) - buf, buf, 2982 ngx_hex_dump(buf, key[0].name, 16) - buf, buf,
2983 SSL_session_reused(ssl_conn) ? "reused" : "new"); 2983 SSL_session_reused(ssl_conn) ? "reused" : "new");
2984 2984
2985 RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)); 2985 if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) {
2986 EVP_EncryptInit_ex(ectx, cipher, NULL, key[0].aes_key, iv); 2986 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "RAND_bytes() failed");
2987 return -1;
2988 }
2989
2990 if (EVP_EncryptInit_ex(ectx, cipher, NULL, key[0].aes_key, iv) != 1) {
2991 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
2992 "EVP_EncryptInit_ex() failed");
2993 return -1;
2994 }
2995
2996 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
2997 if (HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL) != 1) {
2998 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
2999 return -1;
3000 }
3001 #else
2987 HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL); 3002 HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL);
3003 #endif
3004
2988 ngx_memcpy(name, key[0].name, 16); 3005 ngx_memcpy(name, key[0].name, 16);
2989 3006
2990 return 1; 3007 return 1;
2991 3008
2992 } else { 3009 } else {
3009 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, 3026 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
3010 "ssl session ticket decrypt, key: \"%*s\"%s", 3027 "ssl session ticket decrypt, key: \"%*s\"%s",
3011 ngx_hex_dump(buf, key[i].name, 16) - buf, buf, 3028 ngx_hex_dump(buf, key[i].name, 16) - buf, buf,
3012 (i == 0) ? " (default)" : ""); 3029 (i == 0) ? " (default)" : "");
3013 3030
3031 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
3032 if (HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL) != 1) {
3033 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
3034 return -1;
3035 }
3036 #else
3014 HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL); 3037 HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL);
3015 EVP_DecryptInit_ex(ectx, cipher, NULL, key[i].aes_key, iv); 3038 #endif
3039
3040 if (EVP_DecryptInit_ex(ectx, cipher, NULL, key[i].aes_key, iv) != 1) {
3041 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
3042 "EVP_DecryptInit_ex() failed");
3043 return -1;
3044 }
3016 3045
3017 return (i == 0) ? 1 : 2 /* renew */; 3046 return (i == 0) ? 1 : 2 /* renew */;
3018 } 3047 }
3019 } 3048 }
3020 3049