Skip to content

Variables are not supported for configuring the module. #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Variables are not supported for configuring the module. #23

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 38 additions & 4 deletions src/ngx_http_encrypted_session_module.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,26 @@ ngx_module_t ngx_http_encrypted_session_module = {
NGX_MODULE_V1_PADDING
};

static ngx_str_t ngx_http_get_variable_by_name(ngx_http_request_t *r,
unsigned char *name, ngx_http_encrypted_session_conf_t *conf)
{
ngx_http_variable_value_t *v;
ngx_str_t name_str;
name_str.data = name;
name_str.len = strlen((const char *)name);

ngx_uint_t key = ngx_hash_strlow(name, name, name_str.len);
v = ngx_http_get_variable(r, &name_str, key);

if (v->not_found) {
return name_str;
}

ngx_str_t var_value;
var_value.len = v->len;
var_value.data = v->data;
return var_value;
}

static ngx_int_t
ngx_http_set_encode_encrypted_session(ngx_http_request_t *r,
Expand All @@ -176,9 +196,11 @@ ngx_http_set_encode_encrypted_session(ngx_http_request_t *r,
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"encrypted_session: expires=%T", conf->expires);

ngx_str_t iv = ngx_http_get_variable_by_name(r, conf->iv, conf);
ngx_str_t key = ngx_http_get_variable_by_name(r, conf->key, conf);

rc = ngx_http_encrypted_session_aes_mac_encrypt(emcf, r->pool,
r->connection->log, conf->iv, ngx_http_encrypted_session_iv_length,
conf->key, ngx_http_encrypted_session_key_length,
r->connection->log, iv.data, iv.len, key.data, key.len,
v->data, v->len, (ngx_uint_t) conf->expires, &dst, &len);

if (rc != NGX_OK) {
Expand Down Expand Up @@ -218,9 +240,11 @@ ngx_http_set_decode_encrypted_session(ngx_http_request_t *r,
return NGX_ERROR;
}

ngx_str_t iv = ngx_http_get_variable_by_name(r, conf->iv, conf);
ngx_str_t key = ngx_http_get_variable_by_name(r, conf->key, conf);

rc = ngx_http_encrypted_session_aes_mac_decrypt(emcf, r->pool,
r->connection->log, conf->iv, ngx_http_encrypted_session_iv_length,
conf->key, ngx_http_encrypted_session_key_length,
r->connection->log, iv.data, iv.len, key.data, key.len,
v->data, v->len, &dst, &len);

if (rc != NGX_OK) {
Expand Down Expand Up @@ -248,6 +272,11 @@ ngx_http_encrypted_session_key(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)

value = cf->args->elts;

if (value[1].len > 1 && value[1].data[0] == '$') {
llcf->key = &(value[1].data[1]);
return NGX_CONF_OK;
}

if (value[1].len != ngx_http_encrypted_session_key_length) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"encrypted_session_key: the key must be of %d "
Expand Down Expand Up @@ -276,6 +305,11 @@ ngx_http_encrypted_session_iv(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)

value = cf->args->elts;

if (value[1].len > 1 && value[1].data[0] == '$') {
llcf->iv = &(value[1].data[1]);
return NGX_CONF_OK;
}

if (value[1].len > ngx_http_encrypted_session_iv_length) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"encrypted_session_iv: the init vector must NOT "
Expand Down