search

openresty / encrypted-session-nginx-module

encrypt and decrypt nginx variable values
http://openresty.org
198 stars 52 forks source link

BoringSSL support #21

Open splitice opened 4 years ago

splitice commented 4 years ago

EVP_EncryptFinal/EVP_DecryptFinal is not provided in BoringSSL. Perhaps EVP_EncryptFinal_ex.

Found in https://github.com/openresty/openresty/issues/556

urey-hiker commented 4 years ago

I do patch like this on openresty-1.15.8, and it works fine with boringssl.

--- a/bundle/encrypted-session-nginx-module-0.08/src/ngx_http_encrypted_session_cipher.c
+++ b/bundle/encrypted-session-nginx-module-0.08/src/ngx_http_encrypted_session_cipher.c
@@ -105,8 +105,11 @@ ngx_http_encrypted_session_aes_mac_encrypt(

     p += len;

+#ifdef OPENSSL_IS_BORINGSSL
+    ret = EVP_EncryptFinal_ex(emcf->session_ctx, p, &len);
+#else
     ret = EVP_EncryptFinal(emcf->session_ctx, p, &len);
-
+#endif
     emcf->reset_cipher_ctx(emcf->session_ctx);

     if (!ret) {
@@ -198,9 +201,11 @@ ngx_http_encrypted_session_aes_mac_decrypt(
     }

     p += len;
-
+#ifdef OPENSSL_IS_BORINGSSL
+        ret = EVP_DecryptFinal_ex(emcf->session_ctx, p, &len);
+#else
     ret = EVP_DecryptFinal(emcf->session_ctx, p, &len);
-
+#endif
Kullu14 commented 3 years ago

is BoringSSL support for nginx done ?

splitice commented 3 years ago

For those interested I posted this: https://github.com/openresty/openresty/issues/741