Skip to content

Instantly share code, notes, and snippets.

@CarterLi

CarterLi/add_proxy_ssl_alpn_directive.diff

Created June 15, 2018 09:34
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save CarterLi/f6e21d4749984a255edc7b358b44bf58 to your computer and use it in GitHub Desktop.
Save CarterLi/f6e21d4749984a255edc7b358b44bf58 to your computer and use it in GitHub Desktop.
Download ZIP
Backport nginx patches from google nginx
Raw
add_proxy_ssl_alpn_directive.diff
From c45dfdd8d0c3de53b4f56610292a72ecad321362 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E9=80=9A=E6=B4=B2?= <carter.li@eoitek.com>
Date: Fri, 15 Jun 2018 14:58:33 +0800
Subject: [PATCH] add "proxy_ssl_alpn" directive
---
src/event/ngx_event_openssl.c | 22 ++++++++++++++++++
src/event/ngx_event_openssl.h | 2 ++
src/http/modules/ngx_http_proxy_module.c | 29 ++++++++++++++++++++++++
src/http/modules/ngx_http_ssl_module.c | 2 --
src/http/ngx_http.h | 5 ++++
src/http/ngx_http_upstream.h | 1 +
6 files changed, 59 insertions(+), 2 deletions(-)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 88a6dbe..831dbc3 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -653,6 +653,28 @@ ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
}
+ngx_int_t
+ngx_ssl_alpn_protos(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *protos)
+{
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+
+ if (SSL_CTX_set_alpn_protos(ssl->ctx, protos->data, protos->len) != 0) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_set_alpn_protos() failed");
+ return NGX_ERROR;
+ }
+
+ return NGX_OK;
+
+#else
+
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "nginx was built with OpenSSL that lacks ALPN support");
+ return NGX_ERROR;
+
+#endif
+}
+
ngx_int_t
ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
ngx_int_t depth)
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 623d851..0c8a5c6 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -154,6 +154,8 @@ ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
ngx_uint_t prefer_server_ciphers);
+ngx_int_t ngx_ssl_alpn_protos(ngx_conf_t *cf, ngx_ssl_t *ssl,
+ ngx_str_t *protos);
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_int_t depth);
ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index e7f829d..55b3ca3 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -652,6 +652,13 @@ static ngx_command_t ngx_http_proxy_commands[] = {
offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers),
NULL },
+ { ngx_string("proxy_ssl_alpn"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_alpn),
+ NULL },
+
{ ngx_string("proxy_ssl_name"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_http_set_complex_value_slot,
@@ -2871,6 +2878,7 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
conf->upstream.intercept_errors = NGX_CONF_UNSET;
#if (NGX_HTTP_SSL)
+ conf->upstream.ssl_alpn = NGX_CONF_UNSET;
conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
conf->upstream.ssl_server_name = NGX_CONF_UNSET;
conf->upstream.ssl_verify = NGX_CONF_UNSET;
@@ -3201,6 +3209,8 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
conf->upstream.ssl_name = prev->upstream.ssl_name;
}
+ ngx_conf_merge_value(conf->upstream.ssl_alpn,
+ prev->upstream.ssl_alpn, 0);
ngx_conf_merge_value(conf->upstream.ssl_server_name,
prev->upstream.ssl_server_name, 0);
ngx_conf_merge_value(conf->upstream.ssl_verify,
@@ -4242,6 +4252,7 @@ ngx_http_proxy_lowat_check(ngx_conf_t *cf, void *post, void *data)
static ngx_int_t
ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
{
+ ngx_str_t alpn;
ngx_pool_cleanup_t *cln;
plcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
@@ -4288,6 +4299,24 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
return NGX_ERROR;
}
+ if (plcf->upstream.ssl_alpn) {
+
+ switch (plcf->http_version) {
+
+ case NGX_HTTP_VERSION_10:
+ ngx_str_set(&alpn, NGX_HTTP_10_ALPN_ADVERTISE);
+ break;
+
+ case NGX_HTTP_VERSION_11:
+ ngx_str_set(&alpn, NGX_HTTP_11_ALPN_ADVERTISE);
+ break;
+ }
+
+ if (ngx_ssl_alpn_protos(cf, plcf->upstream.ssl, &alpn) != NGX_OK) {
+ return NGX_ERROR;
+ }
+ }
+
if (plcf->upstream.ssl_verify) {
if (plcf->ssl_trusted_certificate.len == 0) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 7e95441..37438bd 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -17,8 +17,6 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
#define NGX_DEFAULT_ECDH_CURVE "auto"
-#define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
-
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
static int ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
diff --git a/src/http/ngx_http.h b/src/http/ngx_http.h
index afab4f6..f7d1fd3 100644
--- a/src/http/ngx_http.h
+++ b/src/http/ngx_http.h
@@ -13,6 +13,11 @@
#include <ngx_core.h>
+#define NGX_HTTP_10_ALPN_ADVERTISE "\x08http/1.0"
+#define NGX_HTTP_11_ALPN_ADVERTISE "\x08http/1.1"
+#define NGX_HTTP_NPN_ADVERTISE NGX_HTTP_11_ALPN_ADVERTISE
+
+
typedef struct ngx_http_request_s ngx_http_request_t;
typedef struct ngx_http_upstream_s ngx_http_upstream_t;
typedef struct ngx_http_cache_s ngx_http_cache_t;
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index c2f4dc0..14cc62f 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -227,6 +227,7 @@ typedef struct {
#if (NGX_HTTP_SSL || NGX_COMPAT)
ngx_ssl_t *ssl;
+ ngx_flag_t ssl_alpn;
ngx_flag_t ssl_session_reuse;
ngx_http_complex_value_t *ssl_name;
--
2.17.1
Raw
add_upstream_bytes_set_variable.diff
From f2a73d172bf60dab552b8bb5e1197ef213085edd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E9=80=9A=E6=B4=B2?= <carter.li@eoitek.com>
Date: Fri, 15 Jun 2018 16:52:19 +0800
Subject: [PATCH] add $upstream_bytes_sent variable.
---
src/http/ngx_http_upstream.c | 27 +++++++++++++++++++++------
src/http/ngx_http_upstream.h | 1 +
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 8fc3042..c685e85 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -162,8 +162,8 @@ static ngx_int_t ngx_http_upstream_status_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_upstream_response_time_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
-static ngx_int_t ngx_http_upstream_response_length_variable(
- ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data);
+static ngx_int_t ngx_http_upstream_bytes_variable(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_upstream_header_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_upstream_trailer_variable(ngx_http_request_t *r,
@@ -401,11 +401,15 @@ static ngx_http_variable_t ngx_http_upstream_vars[] = {
NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("upstream_response_length"), NULL,
- ngx_http_upstream_response_length_variable, 0,
+ ngx_http_upstream_bytes_variable, 0,
NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("upstream_bytes_received"), NULL,
- ngx_http_upstream_response_length_variable, 1,
+ ngx_http_upstream_bytes_variable, 1,
+ NGX_HTTP_VAR_NOCACHEABLE, 0 },
+
+ { ngx_string("upstream_bytes_sent"), NULL,
+ ngx_http_upstream_bytes_variable, 2,
NGX_HTTP_VAR_NOCACHEABLE, 0 },
#if (NGX_HTTP_CACHE)
@@ -4089,6 +4093,10 @@ ngx_http_upstream_next(ngx_http_request_t *r, ngx_http_upstream_t *u,
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"http next upstream, %xi", ft_type);
+ if (u->state && u->state->bytes_sent == 0 && u->peer.connection) {
+ u->state->bytes_sent = u->peer.connection->sent;
+ }
+
if (u->peer.sockaddr) {
if (ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_403
@@ -4274,6 +4282,10 @@ ngx_http_upstream_finalize_request(ngx_http_request_t *r,
- u->pipe->preread_size;
u->state->response_length = u->pipe->read_length;
}
+
+ if (u->state->bytes_sent == 0 && u->peer.connection) {
+ u->state->bytes_sent = u->peer.connection->sent;
+ }
}
u->finalize_request(r, rc);
@@ -5423,7 +5435,7 @@ ngx_http_upstream_response_time_variable(ngx_http_request_t *r,
static ngx_int_t
-ngx_http_upstream_response_length_variable(ngx_http_request_t *r,
+ngx_http_upstream_bytes_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
u_char *p;
@@ -5454,7 +5466,10 @@ ngx_http_upstream_response_length_variable(ngx_http_request_t *r,
for ( ;; ) {
- if (data == 1) {
+ if (data == 2) {
+ p = ngx_sprintf(p, "%O", state[i].bytes_sent);
+
+ } else if (data == 1) {
p = ngx_sprintf(p, "%O", state[i].bytes_received);
} else {
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index 14cc62f..af8339b 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -64,6 +64,7 @@ typedef struct {
ngx_msec_t queue_time;
off_t response_length;
off_t bytes_received;
+ off_t bytes_sent;
ngx_str_t *peer;
} ngx_http_upstream_state_t;
--
2.17.1
Raw
use_openssl_md5_sha1.diff
From 8a1511840d4785f2ad9ea617c3204c173632daf2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=8E=E9=80=9A=E6=B4=B2?= <carter.li@eoitek.com>
Date: Fri, 15 Jun 2018 14:58:09 +0800
Subject: [PATCH] Use openssl md5 / sha1
---
auto/sources | 2 -
src/core/ngx_md5.c | 283 ------------------------------------------
src/core/ngx_md5.h | 14 +--
src/core/ngx_sha1.c | 294 --------------------------------------------
src/core/ngx_sha1.h | 14 +--
5 files changed, 10 insertions(+), 597 deletions(-)
delete mode 100644 src/core/ngx_md5.c
delete mode 100644 src/core/ngx_sha1.c
diff --git a/auto/sources b/auto/sources
index 9b42506..e5e3f6a 100644
--- a/auto/sources
+++ b/auto/sources
@@ -60,8 +60,6 @@ CORE_SRCS="src/core/nginx.c \
src/core/ngx_file.c \
src/core/ngx_crc32.c \
src/core/ngx_murmurhash.c \
- src/core/ngx_md5.c \
- src/core/ngx_sha1.c \
src/core/ngx_rbtree.c \
src/core/ngx_radix_tree.c \
src/core/ngx_slab.c \
diff --git a/src/core/ngx_md5.c b/src/core/ngx_md5.c
deleted file mode 100644
index c25d002..0000000
--- a/src/core/ngx_md5.c
+++ /dev/null
@@ -1,283 +0,0 @@
-
-/*
- * An internal implementation, based on Alexander Peslyak's
- * public domain implementation:
- * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
- */
-
-
-#include <ngx_config.h>
-#include <ngx_core.h>
-#include <ngx_md5.h>
-
-
-static const u_char *ngx_md5_body(ngx_md5_t *ctx, const u_char *data,
- size_t size);
-
-
-void
-ngx_md5_init(ngx_md5_t *ctx)
-{
- ctx->a = 0x67452301;
- ctx->b = 0xefcdab89;
- ctx->c = 0x98badcfe;
- ctx->d = 0x10325476;
-
- ctx->bytes = 0;
-}
-
-
-void
-ngx_md5_update(ngx_md5_t *ctx, const void *data, size_t size)
-{
- size_t used, free;
-
- used = (size_t) (ctx->bytes & 0x3f);
- ctx->bytes += size;
-
- if (used) {
- free = 64 - used;
-
- if (size < free) {
- ngx_memcpy(&ctx->buffer[used], data, size);
- return;
- }
-
- ngx_memcpy(&ctx->buffer[used], data, free);
- data = (u_char *) data + free;
- size -= free;
- (void) ngx_md5_body(ctx, ctx->buffer, 64);
- }
-
- if (size >= 64) {
- data = ngx_md5_body(ctx, data, size & ~(size_t) 0x3f);
- size &= 0x3f;
- }
-
- ngx_memcpy(ctx->buffer, data, size);
-}
-
-
-void
-ngx_md5_final(u_char result[16], ngx_md5_t *ctx)
-{
- size_t used, free;
-
- used = (size_t) (ctx->bytes & 0x3f);
-
- ctx->buffer[used++] = 0x80;
-
- free = 64 - used;
-
- if (free < 8) {
- ngx_memzero(&ctx->buffer[used], free);
- (void) ngx_md5_body(ctx, ctx->buffer, 64);
- used = 0;
- free = 64;
- }
-
- ngx_memzero(&ctx->buffer[used], free - 8);
-
- ctx->bytes <<= 3;
- ctx->buffer[56] = (u_char) ctx->bytes;
- ctx->buffer[57] = (u_char) (ctx->bytes >> 8);
- ctx->buffer[58] = (u_char) (ctx->bytes >> 16);
- ctx->buffer[59] = (u_char) (ctx->bytes >> 24);
- ctx->buffer[60] = (u_char) (ctx->bytes >> 32);
- ctx->buffer[61] = (u_char) (ctx->bytes >> 40);
- ctx->buffer[62] = (u_char) (ctx->bytes >> 48);
- ctx->buffer[63] = (u_char) (ctx->bytes >> 56);
-
- (void) ngx_md5_body(ctx, ctx->buffer, 64);
-
- result[0] = (u_char) ctx->a;
- result[1] = (u_char) (ctx->a >> 8);
- result[2] = (u_char) (ctx->a >> 16);
- result[3] = (u_char) (ctx->a >> 24);
- result[4] = (u_char) ctx->b;
- result[5] = (u_char) (ctx->b >> 8);
- result[6] = (u_char) (ctx->b >> 16);
- result[7] = (u_char) (ctx->b >> 24);
- result[8] = (u_char) ctx->c;
- result[9] = (u_char) (ctx->c >> 8);
- result[10] = (u_char) (ctx->c >> 16);
- result[11] = (u_char) (ctx->c >> 24);
- result[12] = (u_char) ctx->d;
- result[13] = (u_char) (ctx->d >> 8);
- result[14] = (u_char) (ctx->d >> 16);
- result[15] = (u_char) (ctx->d >> 24);
-
- ngx_memzero(ctx, sizeof(*ctx));
-}
-
-
-/*
- * The basic MD5 functions.
- *
- * F and G are optimized compared to their RFC 1321 definitions for
- * architectures that lack an AND-NOT instruction, just like in
- * Colin Plumb's implementation.
- */
-
-#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
-#define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y))))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-#define I(x, y, z) ((y) ^ ((x) | ~(z)))
-
-/*
- * The MD5 transformation for all four rounds.
- */
-
-#define STEP(f, a, b, c, d, x, t, s) \
- (a) += f((b), (c), (d)) + (x) + (t); \
- (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s)))); \
- (a) += (b)
-
-/*
- * SET() reads 4 input bytes in little-endian byte order and stores them
- * in a properly aligned word in host byte order.
- *
- * The check for little-endian architectures that tolerate unaligned
- * memory accesses is just an optimization. Nothing will break if it
- * does not work.
- */
-
-#if (NGX_HAVE_LITTLE_ENDIAN && NGX_HAVE_NONALIGNED)
-
-#define SET(n) (*(uint32_t *) &p[n * 4])
-#define GET(n) (*(uint32_t *) &p[n * 4])
-
-#else
-
-#define SET(n) \
- (block[n] = \
- (uint32_t) p[n * 4] | \
- ((uint32_t) p[n * 4 + 1] << 8) | \
- ((uint32_t) p[n * 4 + 2] << 16) | \
- ((uint32_t) p[n * 4 + 3] << 24))
-
-#define GET(n) block[n]
-
-#endif
-
-
-/*
- * This processes one or more 64-byte data blocks, but does not update
- * the bit counters. There are no alignment requirements.
- */
-
-static const u_char *
-ngx_md5_body(ngx_md5_t *ctx, const u_char *data, size_t size)
-{
- uint32_t a, b, c, d;
- uint32_t saved_a, saved_b, saved_c, saved_d;
- const u_char *p;
-#if !(NGX_HAVE_LITTLE_ENDIAN && NGX_HAVE_NONALIGNED)
- uint32_t block[16];
-#endif
-
- p = data;
-
- a = ctx->a;
- b = ctx->b;
- c = ctx->c;
- d = ctx->d;
-
- do {
- saved_a = a;
- saved_b = b;
- saved_c = c;
- saved_d = d;
-
- /* Round 1 */
-
- STEP(F, a, b, c, d, SET(0), 0xd76aa478, 7);
- STEP(F, d, a, b, c, SET(1), 0xe8c7b756, 12);
- STEP(F, c, d, a, b, SET(2), 0x242070db, 17);
- STEP(F, b, c, d, a, SET(3), 0xc1bdceee, 22);
- STEP(F, a, b, c, d, SET(4), 0xf57c0faf, 7);
- STEP(F, d, a, b, c, SET(5), 0x4787c62a, 12);
- STEP(F, c, d, a, b, SET(6), 0xa8304613, 17);
- STEP(F, b, c, d, a, SET(7), 0xfd469501, 22);
- STEP(F, a, b, c, d, SET(8), 0x698098d8, 7);
- STEP(F, d, a, b, c, SET(9), 0x8b44f7af, 12);
- STEP(F, c, d, a, b, SET(10), 0xffff5bb1, 17);
- STEP(F, b, c, d, a, SET(11), 0x895cd7be, 22);
- STEP(F, a, b, c, d, SET(12), 0x6b901122, 7);
- STEP(F, d, a, b, c, SET(13), 0xfd987193, 12);
- STEP(F, c, d, a, b, SET(14), 0xa679438e, 17);
- STEP(F, b, c, d, a, SET(15), 0x49b40821, 22);
-
- /* Round 2 */
-
- STEP(G, a, b, c, d, GET(1), 0xf61e2562, 5);
- STEP(G, d, a, b, c, GET(6), 0xc040b340, 9);
- STEP(G, c, d, a, b, GET(11), 0x265e5a51, 14);
- STEP(G, b, c, d, a, GET(0), 0xe9b6c7aa, 20);
- STEP(G, a, b, c, d, GET(5), 0xd62f105d, 5);
- STEP(G, d, a, b, c, GET(10), 0x02441453, 9);
- STEP(G, c, d, a, b, GET(15), 0xd8a1e681, 14);
- STEP(G, b, c, d, a, GET(4), 0xe7d3fbc8, 20);
- STEP(G, a, b, c, d, GET(9), 0x21e1cde6, 5);
- STEP(G, d, a, b, c, GET(14), 0xc33707d6, 9);
- STEP(G, c, d, a, b, GET(3), 0xf4d50d87, 14);
- STEP(G, b, c, d, a, GET(8), 0x455a14ed, 20);
- STEP(G, a, b, c, d, GET(13), 0xa9e3e905, 5);
- STEP(G, d, a, b, c, GET(2), 0xfcefa3f8, 9);
- STEP(G, c, d, a, b, GET(7), 0x676f02d9, 14);
- STEP(G, b, c, d, a, GET(12), 0x8d2a4c8a, 20);
-
- /* Round 3 */
-
- STEP(H, a, b, c, d, GET(5), 0xfffa3942, 4);
- STEP(H, d, a, b, c, GET(8), 0x8771f681, 11);
- STEP(H, c, d, a, b, GET(11), 0x6d9d6122, 16);
- STEP(H, b, c, d, a, GET(14), 0xfde5380c, 23);
- STEP(H, a, b, c, d, GET(1), 0xa4beea44, 4);
- STEP(H, d, a, b, c, GET(4), 0x4bdecfa9, 11);
- STEP(H, c, d, a, b, GET(7), 0xf6bb4b60, 16);
- STEP(H, b, c, d, a, GET(10), 0xbebfbc70, 23);
- STEP(H, a, b, c, d, GET(13), 0x289b7ec6, 4);
- STEP(H, d, a, b, c, GET(0), 0xeaa127fa, 11);
- STEP(H, c, d, a, b, GET(3), 0xd4ef3085, 16);
- STEP(H, b, c, d, a, GET(6), 0x04881d05, 23);
- STEP(H, a, b, c, d, GET(9), 0xd9d4d039, 4);
- STEP(H, d, a, b, c, GET(12), 0xe6db99e5, 11);
- STEP(H, c, d, a, b, GET(15), 0x1fa27cf8, 16);
- STEP(H, b, c, d, a, GET(2), 0xc4ac5665, 23);
-
- /* Round 4 */
-
- STEP(I, a, b, c, d, GET(0), 0xf4292244, 6);
- STEP(I, d, a, b, c, GET(7), 0x432aff97, 10);
- STEP(I, c, d, a, b, GET(14), 0xab9423a7, 15);
- STEP(I, b, c, d, a, GET(5), 0xfc93a039, 21);
- STEP(I, a, b, c, d, GET(12), 0x655b59c3, 6);
- STEP(I, d, a, b, c, GET(3), 0x8f0ccc92, 10);
- STEP(I, c, d, a, b, GET(10), 0xffeff47d, 15);
- STEP(I, b, c, d, a, GET(1), 0x85845dd1, 21);
- STEP(I, a, b, c, d, GET(8), 0x6fa87e4f, 6);
- STEP(I, d, a, b, c, GET(15), 0xfe2ce6e0, 10);
- STEP(I, c, d, a, b, GET(6), 0xa3014314, 15);
- STEP(I, b, c, d, a, GET(13), 0x4e0811a1, 21);
- STEP(I, a, b, c, d, GET(4), 0xf7537e82, 6);
- STEP(I, d, a, b, c, GET(11), 0xbd3af235, 10);
- STEP(I, c, d, a, b, GET(2), 0x2ad7d2bb, 15);
- STEP(I, b, c, d, a, GET(9), 0xeb86d391, 21);
-
- a += saved_a;
- b += saved_b;
- c += saved_c;
- d += saved_d;
-
- p += 64;
-
- } while (size -= 64);
-
- ctx->a = a;
- ctx->b = b;
- ctx->c = c;
- ctx->d = d;
-
- return p;
-}
diff --git a/src/core/ngx_md5.h b/src/core/ngx_md5.h
index 713b614..b7e83ce 100644
--- a/src/core/ngx_md5.h
+++ b/src/core/ngx_md5.h
@@ -12,17 +12,13 @@
#include <ngx_config.h>
#include <ngx_core.h>
+#include <openssl/md5.h>
-typedef struct {
- uint64_t bytes;
- uint32_t a, b, c, d;
- u_char buffer[64];
-} ngx_md5_t;
+typedef MD5_CTX ngx_md5_t;
-
-void ngx_md5_init(ngx_md5_t *ctx);
-void ngx_md5_update(ngx_md5_t *ctx, const void *data, size_t size);
-void ngx_md5_final(u_char result[16], ngx_md5_t *ctx);
+#define ngx_md5_init MD5_Init
+#define ngx_md5_update MD5_Update
+#define ngx_md5_final MD5_Final
#endif /* _NGX_MD5_H_INCLUDED_ */
diff --git a/src/core/ngx_sha1.c b/src/core/ngx_sha1.c
deleted file mode 100644
index f00dc52..0000000
--- a/src/core/ngx_sha1.c
+++ /dev/null
@@ -1,294 +0,0 @@
-
-/*
- * Copyright (C) Maxim Dounin
- * Copyright (C) Nginx, Inc.
- *
- * An internal SHA1 implementation.
- */
-
-
-#include <ngx_config.h>
-#include <ngx_core.h>
-#include <ngx_sha1.h>
-
-
-static const u_char *ngx_sha1_body(ngx_sha1_t *ctx, const u_char *data,
- size_t size);
-
-
-void
-ngx_sha1_init(ngx_sha1_t *ctx)
-{
- ctx->a = 0x67452301;
- ctx->b = 0xefcdab89;
- ctx->c = 0x98badcfe;
- ctx->d = 0x10325476;
- ctx->e = 0xc3d2e1f0;
-
- ctx->bytes = 0;
-}
-
-
-void
-ngx_sha1_update(ngx_sha1_t *ctx, const void *data, size_t size)
-{
- size_t used, free;
-
- used = (size_t) (ctx->bytes & 0x3f);
- ctx->bytes += size;
-
- if (used) {
- free = 64 - used;
-
- if (size < free) {
- ngx_memcpy(&ctx->buffer[used], data, size);
- return;
- }
-
- ngx_memcpy(&ctx->buffer[used], data, free);
- data = (u_char *) data + free;
- size -= free;
- (void) ngx_sha1_body(ctx, ctx->buffer, 64);
- }
-
- if (size >= 64) {
- data = ngx_sha1_body(ctx, data, size & ~(size_t) 0x3f);
- size &= 0x3f;
- }
-
- ngx_memcpy(ctx->buffer, data, size);
-}
-
-
-void
-ngx_sha1_final(u_char result[20], ngx_sha1_t *ctx)
-{
- size_t used, free;
-
- used = (size_t) (ctx->bytes & 0x3f);
-
- ctx->buffer[used++] = 0x80;
-
- free = 64 - used;
-
- if (free < 8) {
- ngx_memzero(&ctx->buffer[used], free);
- (void) ngx_sha1_body(ctx, ctx->buffer, 64);
- used = 0;
- free = 64;
- }
-
- ngx_memzero(&ctx->buffer[used], free - 8);
-
- ctx->bytes <<= 3;
- ctx->buffer[56] = (u_char) (ctx->bytes >> 56);
- ctx->buffer[57] = (u_char) (ctx->bytes >> 48);
- ctx->buffer[58] = (u_char) (ctx->bytes >> 40);
- ctx->buffer[59] = (u_char) (ctx->bytes >> 32);
- ctx->buffer[60] = (u_char) (ctx->bytes >> 24);
- ctx->buffer[61] = (u_char) (ctx->bytes >> 16);
- ctx->buffer[62] = (u_char) (ctx->bytes >> 8);
- ctx->buffer[63] = (u_char) ctx->bytes;
-
- (void) ngx_sha1_body(ctx, ctx->buffer, 64);
-
- result[0] = (u_char) (ctx->a >> 24);
- result[1] = (u_char) (ctx->a >> 16);
- result[2] = (u_char) (ctx->a >> 8);
- result[3] = (u_char) ctx->a;
- result[4] = (u_char) (ctx->b >> 24);
- result[5] = (u_char) (ctx->b >> 16);
- result[6] = (u_char) (ctx->b >> 8);
- result[7] = (u_char) ctx->b;
- result[8] = (u_char) (ctx->c >> 24);
- result[9] = (u_char) (ctx->c >> 16);
- result[10] = (u_char) (ctx->c >> 8);
- result[11] = (u_char) ctx->c;
- result[12] = (u_char) (ctx->d >> 24);
- result[13] = (u_char) (ctx->d >> 16);
- result[14] = (u_char) (ctx->d >> 8);
- result[15] = (u_char) ctx->d;
- result[16] = (u_char) (ctx->e >> 24);
- result[17] = (u_char) (ctx->e >> 16);
- result[18] = (u_char) (ctx->e >> 8);
- result[19] = (u_char) ctx->e;
-
- ngx_memzero(ctx, sizeof(*ctx));
-}
-
-
-/*
- * Helper functions.
- */
-
-#define ROTATE(bits, word) (((word) << (bits)) | ((word) >> (32 - (bits))))
-
-#define F1(b, c, d) (((b) & (c)) | ((~(b)) & (d)))
-#define F2(b, c, d) ((b) ^ (c) ^ (d))
-#define F3(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
-
-#define STEP(f, a, b, c, d, e, w, t) \
- temp = ROTATE(5, (a)) + f((b), (c), (d)) + (e) + (w) + (t); \
- (e) = (d); \
- (d) = (c); \
- (c) = ROTATE(30, (b)); \
- (b) = (a); \
- (a) = temp;
-
-
-/*
- * GET() reads 4 input bytes in big-endian byte order and returns
- * them as uint32_t.
- */
-
-#define GET(n) \
- ((uint32_t) p[n * 4 + 3] | \
- ((uint32_t) p[n * 4 + 2] << 8) | \
- ((uint32_t) p[n * 4 + 1] << 16) | \
- ((uint32_t) p[n * 4] << 24))
-
-
-/*
- * This processes one or more 64-byte data blocks, but does not update
- * the bit counters. There are no alignment requirements.
- */
-
-static const u_char *
-ngx_sha1_body(ngx_sha1_t *ctx, const u_char *data, size_t size)
-{
- uint32_t a, b, c, d, e, temp;
- uint32_t saved_a, saved_b, saved_c, saved_d, saved_e;
- uint32_t words[80];
- ngx_uint_t i;
- const u_char *p;
-
- p = data;
-
- a = ctx->a;
- b = ctx->b;
- c = ctx->c;
- d = ctx->d;
- e = ctx->e;
-
- do {
- saved_a = a;
- saved_b = b;
- saved_c = c;
- saved_d = d;
- saved_e = e;
-
- /* Load data block into the words array */
-
- for (i = 0; i < 16; i++) {
- words[i] = GET(i);
- }
-
- for (i = 16; i < 80; i++) {
- words[i] = ROTATE(1, words[i - 3] ^ words[i - 8] ^ words[i - 14]
- ^ words[i - 16]);
- }
-
- /* Transformations */
-
- STEP(F1, a, b, c, d, e, words[0], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[1], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[2], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[3], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[4], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[5], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[6], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[7], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[8], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[9], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[10], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[11], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[12], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[13], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[14], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[15], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[16], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[17], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[18], 0x5a827999);
- STEP(F1, a, b, c, d, e, words[19], 0x5a827999);
-
- STEP(F2, a, b, c, d, e, words[20], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[21], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[22], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[23], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[24], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[25], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[26], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[27], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[28], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[29], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[30], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[31], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[32], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[33], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[34], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[35], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[36], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[37], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[38], 0x6ed9eba1);
- STEP(F2, a, b, c, d, e, words[39], 0x6ed9eba1);
-
- STEP(F3, a, b, c, d, e, words[40], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[41], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[42], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[43], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[44], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[45], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[46], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[47], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[48], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[49], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[50], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[51], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[52], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[53], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[54], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[55], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[56], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[57], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[58], 0x8f1bbcdc);
- STEP(F3, a, b, c, d, e, words[59], 0x8f1bbcdc);
-
- STEP(F2, a, b, c, d, e, words[60], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[61], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[62], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[63], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[64], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[65], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[66], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[67], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[68], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[69], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[70], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[71], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[72], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[73], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[74], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[75], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[76], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[77], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[78], 0xca62c1d6);
- STEP(F2, a, b, c, d, e, words[79], 0xca62c1d6);
-
- a += saved_a;
- b += saved_b;
- c += saved_c;
- d += saved_d;
- e += saved_e;
-
- p += 64;
-
- } while (size -= 64);
-
- ctx->a = a;
- ctx->b = b;
- ctx->c = c;
- ctx->d = d;
- ctx->e = e;
-
- return p;
-}
diff --git a/src/core/ngx_sha1.h b/src/core/ngx_sha1.h
index 4a98f71..e145d80 100644
--- a/src/core/ngx_sha1.h
+++ b/src/core/ngx_sha1.h
@@ -12,17 +12,13 @@
#include <ngx_config.h>
#include <ngx_core.h>
+#include <openssl/sha.h>
-typedef struct {
- uint64_t bytes;
- uint32_t a, b, c, d, e, f;
- u_char buffer[64];
-} ngx_sha1_t;
+typedef SHA_CTX ngx_sha1_t;
-
-void ngx_sha1_init(ngx_sha1_t *ctx);
-void ngx_sha1_update(ngx_sha1_t *ctx, const void *data, size_t size);
-void ngx_sha1_final(u_char result[20], ngx_sha1_t *ctx);
+#define ngx_sha1_init SHA1_Init
+#define ngx_sha1_update SHA1_Update
+#define ngx_sha1_final SHA1_Final
#endif /* _NGX_SHA1_H_INCLUDED_ */
--
2.17.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment