encrypted-session-nginx-module icon indicating copy to clipboard operation
encrypted-session-nginx-module copied to clipboard

Published 20 hours ago verified publisher icon openresty

BoringSSL support

Open splitice opened this issue 4 years ago • 3 comments

EVP_EncryptFinal/EVP_DecryptFinal is not provided in BoringSSL. Perhaps EVP_EncryptFinal_ex.

Found in https://github.com/openresty/openresty/issues/556

splitice avatar Jul 15 '20 13:07 splitice

I do patch like this on openresty-1.15.8, and it works fine with boringssl.

--- a/bundle/encrypted-session-nginx-module-0.08/src/ngx_http_encrypted_session_cipher.c
+++ b/bundle/encrypted-session-nginx-module-0.08/src/ngx_http_encrypted_session_cipher.c
@@ -105,8 +105,11 @@ ngx_http_encrypted_session_aes_mac_encrypt(

     p += len;

+#ifdef OPENSSL_IS_BORINGSSL
+    ret = EVP_EncryptFinal_ex(emcf->session_ctx, p, &len);
+#else
     ret = EVP_EncryptFinal(emcf->session_ctx, p, &len);
-
+#endif
     emcf->reset_cipher_ctx(emcf->session_ctx);

     if (!ret) {
@@ -198,9 +201,11 @@ ngx_http_encrypted_session_aes_mac_decrypt(
     }

     p += len;
-
+#ifdef OPENSSL_IS_BORINGSSL
+        ret = EVP_DecryptFinal_ex(emcf->session_ctx, p, &len);
+#else
     ret = EVP_DecryptFinal(emcf->session_ctx, p, &len);
-
+#endif

urey-hiker avatar Aug 31 '20 07:08 urey-hiker

is BoringSSL support for nginx done ?

Kullu14 avatar Mar 30 '21 17:03 Kullu14

For those interested I posted this: https://github.com/openresty/openresty/issues/741

splitice avatar May 28 '21 11:05 splitice