nxt_openssl.c (1967:98e518a1c90e) nxt_openssl.c (1975:6a47cab8f271)
1
2/*
3 * Copyright (C) Igor Sysoev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#include <nxt_main.h>
8#include <nxt_conf.h>

--- 607 unchanged lines hidden (view full) ---

616#endif
617
618#if (NXT_HAVE_OPENSSL_TLSEXT)
619
620static nxt_int_t
621nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init,
622 nxt_mp_t *mp)
623{
1
2/*
3 * Copyright (C) Igor Sysoev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#include <nxt_main.h>
8#include <nxt_conf.h>

--- 607 unchanged lines hidden (view full) ---

616#endif
617
618#if (NXT_HAVE_OPENSSL_TLSEXT)
619
620static nxt_int_t
621nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init,
622 nxt_mp_t *mp)
623{
624 size_t len;
624 uint32_t i;
625 uint32_t i;
625 nxt_int_t ret;
626 nxt_str_t value;
627 nxt_uint_t count;
628 nxt_conf_value_t *member, *tickets_conf;
629 nxt_tls_ticket_t *ticket;
630 nxt_tls_tickets_t *tickets;
631 u_char buf[80];
632
633 tickets_conf = tls_init->tickets_conf;

--- 47 unchanged lines hidden (view full) ---

681
682 } else {
683 /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
684 member = tickets_conf;
685 }
686
687 nxt_conf_get_string(member, &value);
688
626 nxt_str_t value;
627 nxt_uint_t count;
628 nxt_conf_value_t *member, *tickets_conf;
629 nxt_tls_ticket_t *ticket;
630 nxt_tls_tickets_t *tickets;
631 u_char buf[80];
632
633 tickets_conf = tls_init->tickets_conf;

--- 47 unchanged lines hidden (view full) ---

681
682 } else {
683 /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */
684 member = tickets_conf;
685 }
686
687 nxt_conf_get_string(member, &value);
688
689 ret = nxt_openssl_base64_decode(buf, 80, value.start, value.length);
690 if (nxt_slow_path(ret == NXT_ERROR)) {
691 return NXT_ERROR;
692 }
689 len = nxt_base64_decode(buf, value.start, value.length);
693
694 nxt_memcpy(ticket->name, buf, 16);
695
690
691 nxt_memcpy(ticket->name, buf, 16);
692
696 if (ret == 48) {
693 if (len == 48) {
697 nxt_memcpy(ticket->aes_key, buf + 16, 16);
698 nxt_memcpy(ticket->hmac_key, buf + 32, 16);
699 ticket->size = 16;
700
701 } else {
702 nxt_memcpy(ticket->hmac_key, buf + 16, 32);
703 nxt_memcpy(ticket->aes_key, buf + 48, 32);
704 ticket->size = 32;

--- 1108 unchanged lines hidden (view full) ---

1813 }
1814
1815 if (p < end) {
1816 *p++ = ')';
1817 }
1818
1819 return p;
1820}
694 nxt_memcpy(ticket->aes_key, buf + 16, 16);
695 nxt_memcpy(ticket->hmac_key, buf + 32, 16);
696 ticket->size = 16;
697
698 } else {
699 nxt_memcpy(ticket->hmac_key, buf + 16, 32);
700 nxt_memcpy(ticket->aes_key, buf + 48, 32);
701 ticket->size = 32;

--- 1108 unchanged lines hidden (view full) ---

1810 }
1811
1812 if (p < end) {
1813 *p++ = ')';
1814 }
1815
1816 return p;
1817}
1821
1822
1823nxt_int_t
1824nxt_openssl_base64_decode(u_char *d, size_t dlen, const u_char *s, size_t slen)
1825{
1826 BIO *bio, *b64;
1827 nxt_int_t count, ret;
1828 u_char buf[128];
1829
1830 b64 = BIO_new(BIO_f_base64());
1831 if (nxt_slow_path(b64 == NULL)) {
1832 goto error;
1833 }
1834
1835 bio = BIO_new_mem_buf(s, slen);
1836 if (nxt_slow_path(bio == NULL)) {
1837 goto error;
1838 }
1839
1840 bio = BIO_push(b64, bio);
1841
1842 BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL);
1843
1844 count = 0;
1845
1846 if (d == NULL) {
1847
1848 for ( ;; ) {
1849 ret = BIO_read(bio, buf, 128);
1850
1851 if (ret < 0) {
1852 goto invalid;
1853 }
1854
1855 count += ret;
1856
1857 if (ret != 128) {
1858 break;
1859 }
1860 }
1861
1862 } else {
1863 count = BIO_read(bio, d, dlen);
1864
1865 if (count < 0) {
1866 goto invalid;
1867 }
1868 }
1869
1870 BIO_free_all(bio);
1871
1872 return count;
1873
1874error:
1875
1876 BIO_vfree(b64);
1877 ERR_clear_error();
1878
1879 return NXT_ERROR;
1880
1881invalid:
1882
1883 BIO_free_all(bio);
1884 ERR_clear_error();
1885
1886 return NXT_DECLINED;
1887}