diff options
author | David Benjamin <davidben@google.com> | 2017-09-23 02:55:19 -0400 |
---|---|---|
committer | Rod Vagg <rod@vagg.org> | 2017-11-11 20:42:50 +1100 |
commit | f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2 (patch) | |
tree | ed9aa11712d57da1752d13fd2b17792264bca9a2 /src/node_crypto.h | |
parent | 00a55e62877faab053dbbe1178488f7cf8dee466 (diff) | |
download | android-node-v8-f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2.tar.gz android-node-v8-f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2.tar.bz2 android-node-v8-f72975ffa29b7f3a8d4210bf6b34ca625e6b29f2.zip |
crypto: emulate OpenSSL 1.0 ticket scheme in 1.1
OpenSSL 1.0.x used a 48-byte ticket key, but OpenSSL 1.1.x made it
larger by using a larger HMAC-SHA256 key and using AES-256-CBC to
encrypt. However, Node's public API exposes the 48-byte key. Implement
the ticket key callback to restore the OpenSSL 1.0.x behavior.
PR-URL: https://github.com/nodejs/node/pull/16130
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'src/node_crypto.h')
-rw-r--r-- | src/node_crypto.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/node_crypto.h b/src/node_crypto.h index c26bde0b8d..c3bc5d24c3 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -103,6 +103,12 @@ class SecureContext : public BaseObject { static const int kTicketKeyNameIndex = 3; static const int kTicketKeyIVIndex = 4; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + unsigned char ticket_key_name_[16]; + unsigned char ticket_key_aes_[16]; + unsigned char ticket_key_hmac_[16]; +#endif + protected: #if OPENSSL_VERSION_NUMBER < 0x10100000L static const int64_t kExternalSize = sizeof(SSL_CTX); @@ -148,6 +154,15 @@ class SecureContext : public BaseObject { HMAC_CTX* hctx, int enc); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + static int TicketCompatibilityCallback(SSL* ssl, + unsigned char* name, + unsigned char* iv, + EVP_CIPHER_CTX* ectx, + HMAC_CTX* hctx, + int enc); +#endif + SecureContext(Environment* env, v8::Local<v8::Object> wrap) : BaseObject(env, wrap), ctx_(nullptr), |