Klaus Demo nginx / 6831af3
SSL: improved session ticket callback error handling. Prodded by Guido Vranken. Sergey Kandaurov 3 years ago
1 changed file(s) with 32 addition(s) and 3 deletion(s). Raw diff Collapse all Expand all
29812981 ngx_hex_dump(buf, key[0].name, 16) - buf, buf,
29822982 SSL_session_reused(ssl_conn) ? "reused" : "new");
29832983
2984 RAND_bytes(iv, EVP_CIPHER_iv_length(cipher));
2985 EVP_EncryptInit_ex(ectx, cipher, NULL, key[0].aes_key, iv);
2984 if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) {
2985 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "RAND_bytes() failed");
2986 return -1;
2987 }
2988
2989 if (EVP_EncryptInit_ex(ectx, cipher, NULL, key[0].aes_key, iv) != 1) {
2990 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
2991 "EVP_EncryptInit_ex() failed");
2992 return -1;
2993 }
2994
2995 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
2996 if (HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL) != 1) {
2997 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
2998 return -1;
2999 }
3000 #else
29863001 HMAC_Init_ex(hctx, key[0].hmac_key, 16, digest, NULL);
3002 #endif
3003
29873004 ngx_memcpy(name, key[0].name, 16);
29883005
29893006 return 1;
30103027 ngx_hex_dump(buf, key[i].name, 16) - buf, buf,
30113028 (i == 0) ? " (default)" : "");
30123029
3030 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
3031 if (HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL) != 1) {
3032 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "HMAC_Init_ex() failed");
3033 return -1;
3034 }
3035 #else
30133036 HMAC_Init_ex(hctx, key[i].hmac_key, 16, digest, NULL);
3014 EVP_DecryptInit_ex(ectx, cipher, NULL, key[i].aes_key, iv);
3037 #endif
3038
3039 if (EVP_DecryptInit_ex(ectx, cipher, NULL, key[i].aes_key, iv) != 1) {
3040 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
3041 "EVP_DecryptInit_ex() failed");
3042 return -1;
3043 }
30153044
30163045 return (i == 0) ? 1 : 2 /* renew */;
30173046 }