[PATCH] [PATCH 3 of 4] SSL: add PSK identity variable

Maxim Dounin mdounin at mdounin.ru
Thu Aug 31 14:44:23 UTC 2017 

Hello!

On Wed, Aug 23, 2017 at 09:22:17PM -0500, Nate Karstens wrote:

> # HG changeset patch
> # User Nate Karstens <nate.karstens at garmin.com>
> # Date 1503540211 18000
> #      Wed Aug 23 21:03:31 2017 -0500
> # Node ID a11e114a2bcde4afb515dd0b70f3ef39693f475a
> # Parent  97953fe374455a04973268c4b2fbadd7ced91ffe
> [PATCH 3 of 4] SSL: add PSK identity variable.

Same as in previous patches, there is no need for "[PATCH ...".

> 
> Adds the variable $ssl_psk_identity to get the PSK identity
> used in a connnection secured with a PSK cipher suite.
> 
> Signed-off-by: Nate Karstens <nate.karstens at garmin.com>
> 
> diff -r 97953fe37445 -r a11e114a2bcd src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c     Wed Aug 23 21:00:59 2017 -0500
> +++ b/src/event/ngx_event_openssl.c     Wed Aug 23 21:03:31 2017 -0500
> @@ -4388,6 +4388,38 @@ ngx_ssl_parse_time(
>  }
> 
> 
> +ngx_int_t
> +ngx_ssl_get_psk_identity(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
> +{
> +#ifdef PSK_MAX_IDENTITY_LEN
> +
> +    const char  *identity;
> +
> +    s->len = 0;
> +
> +    identity = SSL_get_psk_identity(c->ssl->connection);
> +
> +    if (identity) {
> +        s->len = ngx_strlen(identity);
> +
> +        s->data = ngx_pnalloc(pool, s->len + 1);

There is no need to allocate space for and/or copy terminating NUL 
character.  In nginx, ngx_str_t strings are not null-terminated 
unless it is required for some reason (for example, in file 
names).

> +        if (s->data == NULL) {
> +            return NGX_ERROR;
> +        }
> +
> +        ngx_cpystrn(s->data, (u_char *) identity, s->len + 1);
> +    }
> +
> +#else
> +
> +    s->len = 0;
> +
> +#endif

Taking "s->len = 0" out of the #ifdef should produce slightly more 
readable (and shorter code) code.  Using recent 
ngx_ssl_get_server_name() code with corresponding modifications:

ngx_int_t
ngx_ssl_get_psk_identity(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
#ifdef PSK_MAX_IDENTITY_LEN
    
    size_t       len;
    const char  *identity;
    
    identity = SSL_get_psk_identity(c->ssl->connection);
    
    if (identity) {
        len = ngx_strlen(identity);
    
        s->len = len;
        s->data = ngx_pnalloc(pool, len);
        if (s->data == NULL) {
            return NGX_ERROR;
        }

        ngx_memcpy(s->data, identity, len);
    
        return NGX_OK;
    }

#endif

    s->len = 0;
    return NGX_OK;
}

[...]

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx-devel mailing list