Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-crypto
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-crypto
Commits
517be163
Unverified
Commit
517be163
authored
Jun 13, 2023
by
Nils Goroll
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use $Restrict
parent
fc9291af
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
29 additions
and
13 deletions
+29
-13
vmod_crypto.c
src/vmod_crypto.c
+5
-13
vmod_crypto.rst
src/vmod_crypto.rst
+16
-0
vmod_crypto.vcc
src/vmod_crypto.vcc
+8
-0
No files found.
src/vmod_crypto.c
View file @
517be163
...
@@ -227,23 +227,17 @@ vmod_key__fini(struct VPFX(crypto_key) **kp)
...
@@ -227,23 +227,17 @@ vmod_key__fini(struct VPFX(crypto_key) **kp)
*
kp
=
NULL
;
*
kp
=
NULL
;
}
}
static
int
static
void
key_ctx_ok
(
VRT_CTX
)
key_ctx_ok
(
VRT_CTX
)
{
{
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
CHECK_OBJ_NOTNULL
(
ctx
,
VRT_CTX_MAGIC
);
assert
(
ctx
->
method
==
VCL_MET_INIT
);
if
(
ctx
->
method
==
VCL_MET_INIT
)
return
(
1
);
VRT_fail
(
ctx
,
"key methods can only be used in vcl_init {}"
);
return
(
0
);
}
}
VCL_BLOB
VCL_BLOB
vmod_key_use
(
VRT_CTX
,
struct
VPFX
(
crypto_key
)
*
k
)
vmod_key_use
(
VRT_CTX
,
struct
VPFX
(
crypto_key
)
*
k
)
{
{
if
(
!
key_ctx_ok
(
ctx
))
key_ctx_ok
(
ctx
);
return
(
NULL
);
CHECK_OBJ_NOTNULL
(
k
,
VMOD_CRYPTO_KEY_MAGIC
);
CHECK_OBJ_NOTNULL
(
k
,
VMOD_CRYPTO_KEY_MAGIC
);
return
(
VRT_blob
(
ctx
,
"xkey.use()"
,
k
,
sizeof
*
k
,
CRYPTO_KEY_BLOB
));
return
(
VRT_blob
(
ctx
,
"xkey.use()"
,
k
,
sizeof
*
k
,
CRYPTO_KEY_BLOB
));
...
@@ -339,8 +333,7 @@ privkey_pem(VRT_CTX, VCL_STRING pem, VCL_STRING password)
...
@@ -339,8 +333,7 @@ privkey_pem(VRT_CTX, VCL_STRING pem, VCL_STRING password)
static
struct
VPFX
(
crypto_key
)
*
static
struct
VPFX
(
crypto_key
)
*
crypto_key_ok
(
VRT_CTX
,
VCL_STRING
name
,
struct
VPFX
(
crypto_key
)
*
k
)
crypto_key_ok
(
VRT_CTX
,
VCL_STRING
name
,
struct
VPFX
(
crypto_key
)
*
k
)
{
{
if
(
!
key_ctx_ok
(
ctx
))
key_ctx_ok
(
ctx
);
return
(
NULL
);
CHECK_OBJ_NOTNULL
(
k
,
VMOD_CRYPTO_KEY_MAGIC
);
CHECK_OBJ_NOTNULL
(
k
,
VMOD_CRYPTO_KEY_MAGIC
);
...
@@ -381,8 +374,7 @@ vmod_key_rsa(VRT_CTX, struct VPFX(crypto_key) *k, struct VARGS(key_rsa) *args) {
...
@@ -381,8 +374,7 @@ vmod_key_rsa(VRT_CTX, struct VPFX(crypto_key) *k, struct VARGS(key_rsa) *args) {
EVP_PKEY
*
pkey
;
EVP_PKEY
*
pkey
;
RSA
*
rsa
;
RSA
*
rsa
;
if
(
!
key_ctx_ok
(
ctx
))
key_ctx_ok
(
ctx
);
return
;
CHECK_OBJ_NOTNULL
(
k
,
VMOD_CRYPTO_KEY_MAGIC
);
CHECK_OBJ_NOTNULL
(
k
,
VMOD_CRYPTO_KEY_MAGIC
);
...
...
src/vmod_crypto.rst
View file @
517be163
...
@@ -95,6 +95,10 @@ BLOB xkey.use()
...
@@ -95,6 +95,10 @@ BLOB xkey.use()
Wrap the key in a blob to be passed to `crypto.verifier()`_
Wrap the key in a blob to be passed to `crypto.verifier()`_
Restricted to: ``vcl_init``.
.. _xkey.pem_pubkey():
.. _xkey.pem_pubkey():
VOID xkey.pem_pubkey(STRING)
VOID xkey.pem_pubkey(STRING)
...
@@ -108,6 +112,10 @@ comprise RSA and DSA.
...
@@ -108,6 +112,10 @@ comprise RSA and DSA.
Any error is fatal to vcl initialization.
Any error is fatal to vcl initialization.
Restricted to: ``vcl_init``.
.. _xkey.pem_privkey():
.. _xkey.pem_privkey():
VOID xkey.pem_privkey(STRING, STRING password=0)
VOID xkey.pem_privkey(STRING, STRING password=0)
...
@@ -122,6 +130,10 @@ comprise RSA and DSA.
...
@@ -122,6 +130,10 @@ comprise RSA and DSA.
Any error is fatal to vcl initialization.
Any error is fatal to vcl initialization.
Restricted to: ``vcl_init``.
.. _xkey.rsa():
.. _xkey.rsa():
VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])
VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])
...
@@ -131,6 +143,10 @@ Create an RSA key from the parameters n, e, and optionally d.
...
@@ -131,6 +143,10 @@ Create an RSA key from the parameters n, e, and optionally d.
Any error is fatal to vcl initialization.
Any error is fatal to vcl initialization.
Restricted to: ``vcl_init``.
.. _crypto.verifier():
.. _crypto.verifier():
new xverifier = crypto.verifier(ENUM digest, [STRING pem], [BLOB key])
new xverifier = crypto.verifier(ENUM digest, [STRING pem], [BLOB key])
...
...
src/vmod_crypto.vcc
View file @
517be163
...
@@ -48,6 +48,8 @@ $Method BLOB .use()
...
@@ -48,6 +48,8 @@ $Method BLOB .use()
Wrap the key in a blob to be passed to `crypto.verifier()`_
Wrap the key in a blob to be passed to `crypto.verifier()`_
$Restrict vcl_init
$Method VOID .pem_pubkey(STRING)
$Method VOID .pem_pubkey(STRING)
Create a key from the PEM-encoded public key.
Create a key from the PEM-encoded public key.
...
@@ -58,6 +60,8 @@ comprise RSA and DSA.
...
@@ -58,6 +60,8 @@ comprise RSA and DSA.
Any error is fatal to vcl initialization.
Any error is fatal to vcl initialization.
$Restrict vcl_init
$Method VOID .pem_privkey(STRING, STRING password=0)
$Method VOID .pem_privkey(STRING, STRING password=0)
Create a key from the PEM-encoded private key, optionally decrypting
Create a key from the PEM-encoded private key, optionally decrypting
...
@@ -69,12 +73,16 @@ comprise RSA and DSA.
...
@@ -69,12 +73,16 @@ comprise RSA and DSA.
Any error is fatal to vcl initialization.
Any error is fatal to vcl initialization.
$Restrict vcl_init
$Method VOID .rsa(BLOB n, BLOB e, [BLOB d])
$Method VOID .rsa(BLOB n, BLOB e, [BLOB d])
Create an RSA key from the parameters n, e, and optionally d.
Create an RSA key from the parameters n, e, and optionally d.
Any error is fatal to vcl initialization.
Any error is fatal to vcl initialization.
$Restrict vcl_init
$Object verifier(ENUM {md_null, md4, md5, sha1, sha224,
$Object verifier(ENUM {md_null, md4, md5, sha1, sha224,
sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
[STRING pem], [BLOB key])
[STRING pem], [BLOB key])
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment