Commit 65e5af40 authored by Geoff Simmons's avatar Geoff Simmons

Revert "assert an initialized blob for hmac constructor"

This reverts commit 3b8459d7.

Return NULL and report errors in the log if a HMAC key or message
is NULL, rather than tripping assertions.
parent ba225228
Pipeline #101 skipped
...@@ -56,7 +56,7 @@ client c1 { ...@@ -56,7 +56,7 @@ client c1 {
} -run } -run
# Test repeated calls of the digest.final() method # Test repeated calls of the digest.final() method
server s1 -wait { server s1 {
rxreq rxreq
txresp -hdr "Cache-Control: max-age=0" txresp -hdr "Cache-Control: max-age=0"
} -start } -start
...@@ -228,3 +228,56 @@ varnish v2 -cliok "vcl.use vcl2" ...@@ -228,3 +228,56 @@ varnish v2 -cliok "vcl.use vcl2"
varnish v2 -cliok "vcl.discard vcl1" varnish v2 -cliok "vcl.discard vcl1"
logexpect l2 -wait logexpect l2 -wait
# hmac constructor fails if the key is NULL
varnish v1 -errvcl {vmod blobcode error: cannot decode, illegal encoding beginning with "x"vmod blobdigest error: key is NULL in fail constructor} {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new fail = blobdigest.hmac(MD5, blobcode.decode(HEX, "x"));
}
}
# hmac method and hmacf function fail if msg or key is NULL
varnish v1 -vcl {
import blobdigest from "${vmod_topbuild}/src/.libs/libvmod_blobdigest.so";
import blobcode;
backend bk { .host = "${bad_ip}"; }
sub vcl_init {
new h = blobdigest.hmac(MD5, blobcode.decode(HEX, "ff"));
new b = blobcode.blob(HEX, "ff");
}
sub vcl_recv {
return(synth(200));
}
sub vcl_synth {
set resp.http.obj = blobcode.encode(HEXLC,
h.hmac(blobcode.decode(HEX, "x")));
set resp.http.key = blobcode.encode(HEXLC,
blobdigest.hmacf(MD5, key=blobcode.decode(HEX, "x"),
msg=b.get()));
set resp.http.msg = blobcode.encode(HEXLC,
blobdigest.hmacf(MD5, msg=blobcode.decode(HEX, "x"),
key=b.get()));
}
}
logexpect l3 -v v1 -d 0 -g vxid -q "VCL_Error" {
expect 0 * Begin req
expect * = VCL_Error "^vmod blobdigest error: msg is NULL in h.hmac..$"
expect * = VCL_Error "^vmod blobdigest error: key is NULL in blobdigest.hmacf..$"
expect * = VCL_Error "^vmod blobdigest error: msg is NULL in blobdigest.hmacf..$"
expect * = End
} -start
client c1 {
txreq
rxresp
} -run
logexpect l3 -wait
...@@ -475,10 +475,14 @@ vmod_hmac__init(VRT_CTX, struct vmod_blobdigest_hmac **hmacp, ...@@ -475,10 +475,14 @@ vmod_hmac__init(VRT_CTX, struct vmod_blobdigest_hmac **hmacp,
AN(vcl_name); AN(vcl_name);
ALLOC_OBJ(hmac, VMOD_BLOBDIGEST_HMAC_MAGIC); ALLOC_OBJ(hmac, VMOD_BLOBDIGEST_HMAC_MAGIC);
AN(hmac); AN(hmac);
if (key == NULL || key->priv == NULL) {
VERR(ctx, "key is NULL in %s constructor", vcl_name);
return;
}
*hmacp = hmac; *hmacp = hmac;
hmac->hash = hash; hmac->hash = hash;
hmac->vcl_name = strdup(vcl_name); hmac->vcl_name = strdup(vcl_name);
hmac_init(hash, key, &hmac->inner_ctx, &hmac->outer_ctx); hmac_init(hash, key, &hmac->inner_ctx, &hmac->outer_ctx);
} }
...@@ -489,6 +493,10 @@ vmod_hmac_hmac(VRT_CTX, struct vmod_blobdigest_hmac *h, VCL_BLOB msg) ...@@ -489,6 +493,10 @@ vmod_hmac_hmac(VRT_CTX, struct vmod_blobdigest_hmac *h, VCL_BLOB msg)
CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
CHECK_OBJ_NOTNULL(h, VMOD_BLOBDIGEST_HMAC_MAGIC); CHECK_OBJ_NOTNULL(h, VMOD_BLOBDIGEST_HMAC_MAGIC);
if (msg == NULL || msg->priv == NULL) {
VERR(ctx, "msg is NULL in %s.hmac()", h->vcl_name);
return NULL;
}
memcpy(&inner_ctx, &h->inner_ctx, sizeof(hash_ctx)); memcpy(&inner_ctx, &h->inner_ctx, sizeof(hash_ctx));
memcpy(&outer_ctx, &h->outer_ctx, sizeof(hash_ctx)); memcpy(&outer_ctx, &h->outer_ctx, sizeof(hash_ctx));
...@@ -502,7 +510,8 @@ vmod_hmac__fini(struct vmod_blobdigest_hmac **hmacp) ...@@ -502,7 +510,8 @@ vmod_hmac__fini(struct vmod_blobdigest_hmac **hmacp)
{ {
struct vmod_blobdigest_hmac *hmac; struct vmod_blobdigest_hmac *hmac;
AN(*hmacp); if (*hmacp == NULL)
return;
hmac = *hmacp; hmac = *hmacp;
*hmacp = NULL; *hmacp = NULL;
CHECK_OBJ_NOTNULL(hmac, VMOD_BLOBDIGEST_HMAC_MAGIC); CHECK_OBJ_NOTNULL(hmac, VMOD_BLOBDIGEST_HMAC_MAGIC);
...@@ -537,6 +546,14 @@ vmod_hmacf(VRT_CTX, VCL_ENUM hashs, VCL_BLOB key, VCL_BLOB msg) ...@@ -537,6 +546,14 @@ vmod_hmacf(VRT_CTX, VCL_ENUM hashs, VCL_BLOB key, VCL_BLOB msg)
enum algorithm hash = parse_algorithm(hashs); enum algorithm hash = parse_algorithm(hashs);
hash_ctx inner_ctx, outer_ctx; hash_ctx inner_ctx, outer_ctx;
if (key == NULL || key->priv == NULL) {
ERR(ctx, "key is NULL in blobdigest.hmacf()");
return NULL;
}
if (msg == NULL || msg->priv == NULL) {
ERR(ctx, "msg is NULL in blobdigest.hmacf()");
return NULL;
}
hmac_init(hash, key, &inner_ctx, &outer_ctx); hmac_init(hash, key, &inner_ctx, &outer_ctx);
return hmac_final(ctx, hash, msg, &inner_ctx, &outer_ctx, "blobdigest", return hmac_final(ctx, hash, msg, &inner_ctx, &outer_ctx, "blobdigest",
"hmacf"); "hmacf");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment