crypto: emulate OpenSSL 1.0 ticket scheme in 1.1

OpenSSL 1.0.x used a 48-byte ticket key, but OpenSSL 1.1.x made it larger by using a larger HMAC-SHA256 key and using AES-256-CBC to encrypt. However, Node's public API exposes the 48-byte key. Implement the ticket key callback to restore the OpenSSL 1.0.x behavior. PR-URL: https://github.com/nodejs/node/pull/16130 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rod Vagg <rod@vagg.org>
author: David Benjamin <davidben@google.com> 2017-09-23 02:55:19 -0400
committer: Rod Vagg <rod@vagg.org> 2017-11-11 20:42:50 +1100
commit: f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2 (patch)
tree: ed9aa11712d57da1752d13fd2b17792264bca9a2 /src/node_crypto.h
parent: 00a55e62877faab053dbbe1178488f7cf8dee466 (diff)
download: android-node-v8-f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2.tar.gz
android-node-v8-f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2.tar.bz2
android-node-v8-f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/src/node_crypto.h b/src/node_crypto.h
index c26bde0b8d..c3bc5d24c3 100644
--- a/src/node_crypto.h
+++ b/src/node_crypto.h
@@ -103,6 +103,12 @@ class SecureContext : public BaseObject {
   static const int kTicketKeyNameIndex = 3;
   static const int kTicketKeyIVIndex = 4;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  unsigned char ticket_key_name_[16];
+  unsigned char ticket_key_aes_[16];
+  unsigned char ticket_key_hmac_[16];
+#endif
+
  protected:
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
   static const int64_t kExternalSize = sizeof(SSL_CTX);
@@ -148,6 +154,15 @@ class SecureContext : public BaseObject {
                                HMAC_CTX* hctx,
                                int enc);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  static int TicketCompatibilityCallback(SSL* ssl,
+                                         unsigned char* name,
+                                         unsigned char* iv,
+                                         EVP_CIPHER_CTX* ectx,
+                                         HMAC_CTX* hctx,
+                                         int enc);
+#endif
+
   SecureContext(Environment* env, v8::Local<v8::Object> wrap)
       : BaseObject(env, wrap),
         ctx_(nullptr),
author	David Benjamin <davidben@google.com>	2017-09-23 02:55:19 -0400
committer	Rod Vagg <rod@vagg.org>	2017-11-11 20:42:50 +1100
commit	f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2 (patch)
tree	ed9aa11712d57da1752d13fd2b17792264bca9a2 /src/node_crypto.h
parent	00a55e62877faab053dbbe1178488f7cf8dee466 (diff)
download	android-node-v8-f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2.tar.gz android-node-v8-f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2.tar.bz2 android-node-v8-f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2.zip