[PATCH 7 of 8] Created crypt-function based on OpenSSL encryption

Per Olav Høydahl Ohme phoydahl at cisco.com
Fri Jul 18 12:05:53 UTC 2014


# HG changeset patch
# User Per Olav Hoydahl Ohme <phoydahl at cisco.com>
# Date 1405683324 -7200
#      Fri Jul 18 13:35:24 2014 +0200
# Node ID 4b15d9a30a661d82130b8661ee0f97e1a9192ef6
# Parent  0d4f62e2c8115cb0d8b372fcabe7e8582a54d299
Created crypt-function based on OpenSSL encryption.
The encryption algorithm used depends on the provided salt:
$1$.. - MD5, $5$.. - SHA256, $6$.. - SHA512, other - DES

diff -r 0d4f62e2c811 -r 4b15d9a30a66 src/os/unix/ngx_user.c
--- a/src/os/unix/ngx_user.c	Fri Jul 18 13:35:24 2014 +0200
+++ b/src/os/unix/ngx_user.c	Fri Jul 18 13:35:24 2014 +0200
@@ -8,6 +8,11 @@
 #include <ngx_config.h>
 #include <ngx_core.h>
 
+#if (NGX_ANDROID)
+#include <openssl/des.h>
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+#endif
 
 /*
  * Solaris has thread-safe crypt()
@@ -53,6 +58,219 @@
     return NGX_ERROR;
 }
 
+#elif (NGX_ANDROID)
+
+static ngx_int_t
+ngx_DES_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
+{
+    char       *value;
+    size_t      len;
+    ngx_err_t   err;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+
+    /* crypt() is a time consuming function, so we only try to lock */
+
+    if (ngx_mutex_trylock(ngx_crypt_mutex) != NGX_OK) {
+        return NGX_AGAIN;
+    }
+
+#endif
+
+    value = DES_crypt((char *) key, (char *) salt);
+
+    if (value) {
+        len = ngx_strlen(value) + 1;
+
+        *encrypted = ngx_pnalloc(pool, len);
+        if (*encrypted == NULL) {
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+            ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+            return NGX_ERROR;
+        }
+
+        ngx_memcpy(*encrypted, value, len);
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+        ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+        return NGX_OK;
+    }
+
+    err = ngx_errno;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+    ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+
+    ngx_log_error(NGX_LOG_CRIT, pool->log, err, "crypt() failed");
+
+    return NGX_ERROR;
+}
+
+static ngx_int_t
+ngx_MD5_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
+{
+    u_char      *value;
+    size_t      len;
+    ngx_err_t   err;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+
+    /* MD5() is a time consuming function, so we only try to lock */
+
+    if (ngx_mutex_trylock(ngx_crypt_mutex) != NGX_OK) {
+        return NGX_AGAIN;
+    }
+
+#endif
+
+    value = MD5(key, ngx_strlen(key), NULL);
+
+    if (value) {
+        len = ngx_strlen(value) + 1;
+
+        *encrypted = ngx_pnalloc(pool, len);
+        if (*encrypted == NULL) {
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+            ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+            return NGX_ERROR;
+        }
+
+        ngx_memcpy(*encrypted, value, len);
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+        ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+        return NGX_OK;
+    }
+
+    err = ngx_errno;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+    ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+
+    ngx_log_error(NGX_LOG_CRIT, pool->log, err, "MD5() failed");
+
+    return NGX_ERROR;
+}
+
+static ngx_int_t
+ngx_SHA256_crypt(ngx_pool_t *pool, u_char *key, u_char *salt,
+                 u_char **encrypted)
+{
+    char       *value;
+    size_t      len;
+    ngx_err_t   err;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+
+    /* SHA256 is a time consuming function, so we only try to lock */
+
+    if (ngx_mutex_trylock(ngx_crypt_mutex) != NGX_OK) {
+        return NGX_AGAIN;
+    }
+
+#endif
+
+    value = SHA256(key, ngx_strlen(key), NULL);
+
+    if (value) {
+        len = ngx_strlen(value) + 1;
+
+        *encrypted = ngx_pnalloc(pool, len);
+        if (*encrypted == NULL) {
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+            ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+            return NGX_ERROR;
+        }
+
+        ngx_memcpy(*encrypted, value, len);
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+        ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+        return NGX_OK;
+    }
+
+    err = ngx_errno;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+    ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+
+    ngx_log_error(NGX_LOG_CRIT, pool->log, err, "SHA256() failed");
+
+    return NGX_ERROR;
+}
+
+static ngx_int_t
+ngx_SHA512_crypt(ngx_pool_t *pool, u_char *key, u_char *salt,
+                 u_char **encrypted)
+{
+    char       *value;
+    size_t      len;
+    ngx_err_t   err;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+
+    /* SHA512() is a time consuming function, so we only try to lock */
+
+    if (ngx_mutex_trylock(ngx_crypt_mutex) != NGX_OK) {
+        return NGX_AGAIN;
+    }
+
+#endif
+
+    value = SHA512(key, ngx_strlen(key), NULL);
+
+    if (value) {
+        len = ngx_strlen(value) + 1;
+
+        *encrypted = ngx_pnalloc(pool, len);
+        if (*encrypted == NULL) {
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+            ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+            return NGX_ERROR;
+        }
+
+        ngx_memcpy(*encrypted, value, len);
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+        ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+        return NGX_OK;
+    }
+
+    err = ngx_errno;
+
+#if (NGX_THREADS && NGX_NONREENTRANT_CRYPT)
+    ngx_mutex_unlock(ngx_crypt_mutex);
+#endif
+
+    ngx_log_error(NGX_LOG_CRIT, pool->log, err, "SHA512() failed");
+
+    return NGX_ERROR;
+}
+
+ngx_int_t
+ngx_libc_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
+{
+    if (ngx_strlen(salt) > 3
+        && salt[0] == '$' && salt[1] == '1' && salt[2] == '$') {
+        return ngx_MD5_crypt(pool, key, salt, encrypted);
+    } else if (ngx_strlen(salt) > 3
+               && salt[0] == '$' && salt[1] == '5' && salt[2] == '$') {
+        return ngx_SHA256_crypt(pool, key, salt, encrypted);
+    } else if (ngx_strlen(salt) > 3
+               && salt[0] == '$' && salt[1] == '6' && salt[2] == '$') {
+        return ngx_SHA512_crypt(pool, key, salt, encrypted);
+    } else {
+        return ngx_DES_crypt(pool, key, salt, encrypted);
+    }
+}
+
 #else
 
 ngx_int_t



More information about the nginx-devel mailing list