details: http://hg.nginx.org/nginx/rev/f28e74f02c88 branches: changeset: 6686:f28e74f02c88 user: Sergey Kandaurov <pluk...@nginx.com> date: Mon Sep 12 18:57:42 2016 +0300 description: SSL: factored out digest and cipher in session ticket callback.
No functional changes. diffstat: src/event/ngx_event_openssl.c | 28 ++++++++++++++-------------- 1 files changed, 14 insertions(+), 14 deletions(-) diffs (66 lines): diff -r 4a16fceea03b -r f28e74f02c88 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Thu Sep 08 15:51:36 2016 +0300 +++ b/src/event/ngx_event_openssl.c Mon Sep 12 18:57:42 2016 +0300 @@ -2941,13 +2941,6 @@ failed: } -#ifdef OPENSSL_NO_SHA256 -#define ngx_ssl_session_ticket_md EVP_sha1 -#else -#define ngx_ssl_session_ticket_md EVP_sha256 -#endif - - static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, @@ -2958,6 +2951,8 @@ ngx_ssl_session_ticket_key_callback(ngx_ ngx_array_t *keys; ngx_connection_t *c; ngx_ssl_session_ticket_key_t *key; + const EVP_MD *digest; + const EVP_CIPHER *cipher; #if (NGX_DEBUG) u_char buf[32]; #endif @@ -2965,6 +2960,13 @@ ngx_ssl_session_ticket_key_callback(ngx_ c = ngx_ssl_get_connection(ssl_conn); ssl_ctx = c->ssl->session_ctx; + cipher = EVP_aes_128_cbc(); +#ifdef OPENSSL_NO_SHA256 + digest = EVP_sha1(); +#else + digest = EVP_sha256(); +#endif + keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index); if (keys == NULL) { return -1; @@ -2980,10 +2982,9 @@ ngx_ssl_session_ticket_key_callback(ngx_ ngx_hex_dump(buf, key[0].name, 16) - buf, buf, SSL_session_reused(ssl_conn) ? "reused" : "new"); - RAND_bytes(iv, 16); - EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv); - HMAC_Init_ex(hctx, key[0].hmac_key, 16, - ngx_ssl_session_ticket_md(), NULL); + RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)); + EVP_EncryptInit_ex(ectx, cipher, NULL, key[0].aes_key, iv); + HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL); ngx_memcpy(name, key[0].name, 16); return 1; @@ -3010,9 +3011,8 @@ ngx_ssl_session_ticket_key_callback(ngx_ ngx_hex_dump(buf, key[i].name, 16) - buf, buf, (i == 0) ? " (default)" : ""); - HMAC_Init_ex(hctx, key[i].hmac_key, 16, - ngx_ssl_session_ticket_md(), NULL); - EVP_DecryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[i].aes_key, iv); + HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL); + EVP_DecryptInit_ex(ectx, cipher, NULL, key[i].aes_key, iv); return (i == 0) ? 1 : 2 /* renew */; } _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel