[PATCH 7 of 8] Created crypt-function based on OpenSSL encryption
Per Olav Høydahl Ohme
phoydahl at cisco.com
Fri Jul 18 12:05:53 UTC 2014
# HG changeset patch
# User Per Olav Hoydahl Ohme <phoydahl at cisco.com>
# Date 1405683324 -7200
# Fri Jul 18 13:35:24 2014 +0200
# Node ID 4b15d9a30a661d82130b8661ee0f97e1a9192ef6
# Parent 0d4f62e2c8115cb0d8b372fcabe7e8582a54d299
Created crypt-function based on OpenSSL encryption.
The encryption algorithm used depends on the provided salt:
$1$.. - MD5, $5$.. - SHA256, $6$.. - SHA512, other - DES
diff -r 0d4f62e2c811 -r 4b15d9a30a66 src/os/unix/ngx_user.c
--- a/src/os/unix/ngx_user.c Fri Jul 18 13:35:24 2014 +0200
+++ b/src/os/unix/ngx_user.c Fri Jul 18 13:35:24 2014 +0200
@@ -8,6 +8,11 @@
#include <ngx_config.h>
#include <ngx_core.h>
+#if (NGX_ANDROID)
+#include <openssl/des.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#endif
/*
* Solaris has thread-safe crypt()
@@ -53,6 +58,219 @@
return NGX_ERROR;
}
+#elif (NGX_ANDROID)
+
+static ngx_int_t
+ngx_DES_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
+{
+ char *value;
+ size_t len;
+ ngx_err_t err;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+
+ /* crypt() is a time consuming function, so we only try to lock */
+
+ if (ngx_mutex_trylock(ngx_crypt_mutex) != NGX_OK) {
+ return NGX_AGAIN;
+ }
+
+#endif
+
+ value = DES_crypt((char *) key, (char *) salt);
+
+ if (value) {
+ len = ngx_strlen(value) + 1;
+
+ *encrypted = ngx_pnalloc(pool, len);
+ if (*encrypted == NULL) {
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(*encrypted, value, len);
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+ return NGX_OK;
+ }
+
+ err = ngx_errno;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+
+ ngx_log_error(NGX_LOG_CRIT, pool->log, err, "crypt() failed");
+
+ return NGX_ERROR;
+}
+
+static ngx_int_t
+ngx_MD5_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
+{
+ u_char *value;
+ size_t len;
+ ngx_err_t err;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+
+ /* MD5() is a time consuming function, so we only try to lock */
+
+ if (ngx_mutex_trylock(ngx_crypt_mutex) != NGX_OK) {
+ return NGX_AGAIN;
+ }
+
+#endif
+
+ value = MD5(key, ngx_strlen(key), NULL);
+
+ if (value) {
+ len = ngx_strlen(value) + 1;
+
+ *encrypted = ngx_pnalloc(pool, len);
+ if (*encrypted == NULL) {
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(*encrypted, value, len);
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+ return NGX_OK;
+ }
+
+ err = ngx_errno;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+
+ ngx_log_error(NGX_LOG_CRIT, pool->log, err, "MD5() failed");
+
+ return NGX_ERROR;
+}
+
+static ngx_int_t
+ngx_SHA256_crypt(ngx_pool_t *pool, u_char *key, u_char *salt,
+ u_char **encrypted)
+{
+ char *value;
+ size_t len;
+ ngx_err_t err;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+
+ /* SHA256 is a time consuming function, so we only try to lock */
+
+ if (ngx_mutex_trylock(ngx_crypt_mutex) != NGX_OK) {
+ return NGX_AGAIN;
+ }
+
+#endif
+
+ value = SHA256(key, ngx_strlen(key), NULL);
+
+ if (value) {
+ len = ngx_strlen(value) + 1;
+
+ *encrypted = ngx_pnalloc(pool, len);
+ if (*encrypted == NULL) {
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(*encrypted, value, len);
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+ return NGX_OK;
+ }
+
+ err = ngx_errno;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+
+ ngx_log_error(NGX_LOG_CRIT, pool->log, err, "SHA256() failed");
+
+ return NGX_ERROR;
+}
+
+static ngx_int_t
+ngx_SHA512_crypt(ngx_pool_t *pool, u_char *key, u_char *salt,
+ u_char **encrypted)
+{
+ char *value;
+ size_t len;
+ ngx_err_t err;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+
+ /* SHA512() is a time consuming function, so we only try to lock */
+
+ if (ngx_mutex_trylock(ngx_crypt_mutex) != NGX_OK) {
+ return NGX_AGAIN;
+ }
+
+#endif
+
+ value = SHA512(key, ngx_strlen(key), NULL);
+
+ if (value) {
+ len = ngx_strlen(value) + 1;
+
+ *encrypted = ngx_pnalloc(pool, len);
+ if (*encrypted == NULL) {
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(*encrypted, value, len);
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+ return NGX_OK;
+ }
+
+ err = ngx_errno;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+ ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+
+ ngx_log_error(NGX_LOG_CRIT, pool->log, err, "SHA512() failed");
+
+ return NGX_ERROR;
+}
+
+ngx_int_t
+ngx_libc_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
+{
+ if (ngx_strlen(salt) > 3
+ && salt[0] == '$' && salt[1] == '1' && salt[2] == '$') {
+ return ngx_MD5_crypt(pool, key, salt, encrypted);
+ } else if (ngx_strlen(salt) > 3
+ && salt[0] == '$' && salt[1] == '5' && salt[2] == '$') {
+ return ngx_SHA256_crypt(pool, key, salt, encrypted);
+ } else if (ngx_strlen(salt) > 3
+ && salt[0] == '$' && salt[1] == '6' && salt[2] == '$') {
+ return ngx_SHA512_crypt(pool, key, salt, encrypted);
+ } else {
+ return ngx_DES_crypt(pool, key, salt, encrypted);
+ }
+}
+
#else
ngx_int_t
More information about the nginx-devel
mailing list