...
 
Commits (2)
......@@ -147,7 +147,7 @@ struct vmod_crypto_verifier_task {
VCL_VOID
vmod_verifier__init(VRT_CTX,
struct vmod_crypto_verifier **vcvp, const char *vcl_name, VCL_ENUM md_s,
VCL_STRING key_s)
VCL_STRING pem)
{
struct vmod_crypto_verifier *vcv;
const EVP_MD *md = md_evp(md_parse(md_s));
......@@ -189,7 +189,7 @@ vmod_verifier__init(VRT_CTX,
goto err_digest;
}
bio = BIO_new_mem_buf(key_s, -1);
bio = BIO_new_mem_buf(pem, -1);
if (bio == NULL) {
VRT_fail(ctx, "key bio failed");
goto err_digest;
......@@ -309,27 +309,31 @@ crypto_verifier_task_md_ctx(VRT_CTX,
VCL_BOOL
vmod_verifier_update(VRT_CTX, struct vmod_crypto_verifier *vcv,
const char *s, ...)
VCL_STRANDS str)
{
EVP_MD_CTX *evpctx = crypto_verifier_task_md_ctx(ctx, vcv, 0);
va_list ap;
const char *s;
int i;
if (evpctx == NULL)
return (0);
AN(str);
ERR_clear_error();
va_start(ap, s);
while (s != vrt_magic_string_end) {
if (s && *s &&
EVP_DigestVerifyUpdate(evpctx, s, strlen(s)) != 1) {
for (i = 0; i < str->n; i++) {
s = str->p[i];
if (s == NULL || *s == '\0')
continue;
if (EVP_DigestVerifyUpdate(evpctx, s, strlen(s)) != 1) {
VRT_fail(ctx, "EVP_DigestVerifyUpdate"
" failed, error 0x%lx", ERR_get_error());
return (0);
}
s = va_arg(ap, const char *);
}
va_end(ap);
return (1);
}
......@@ -338,7 +342,6 @@ vmod_verifier_update_blob(VRT_CTX, struct vmod_crypto_verifier *vcv,
VCL_BLOB blob)
{
EVP_MD_CTX *evpctx = crypto_verifier_task_md_ctx(ctx, vcv, 0);
va_list ap;
if (evpctx == NULL)
return (0);
......
......@@ -18,7 +18,7 @@ SYNOPSIS
.. parsed-literal::
import crypto [from "path"]
import crypto [as name] [from "path"]
:ref:`vmod_crypto.verifier`
......@@ -61,23 +61,23 @@ Example
.. _vmod_crypto.verifier:
new xverifier = crypto.verifier(ENUM digest, STRING key)
new xverifier = crypto.verifier(ENUM digest, STRING pem)
--------------------------------------------------------
::
new xverifier = crypto.verifier(
ENUM {md_null, md4, md5, sha1, sha224, sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
STRING key
STRING pem
)
Create an object to verify signatures created using _digest_ and
_key_.
_pem_.
The _key_ argument is a PEM-encoded public key specification.
The _pem_ argument is a PEM-encoded public key specification.
The cryptographic method to be used and the key length are
automatically determined from _key_. Typically supported methods
automatically determined from _pem_. Typically supported methods
comprise RSA and DSA.
.. _vmod_crypto.verifier.update:
......
......@@ -41,18 +41,18 @@ Example
$Object verifier(ENUM {md_null, md4, md5, sha1, sha224,
sha256, sha384, sha512, ripemd160, rmd160, whirlpool} digest,
STRING key)
STRING pem)
Create an object to verify signatures created using _digest_ and
_key_.
_pem_.
The _key_ argument is a PEM-encoded public key specification.
The _pem_ argument is a PEM-encoded public key specification.
The cryptographic method to be used and the key length are
automatically determined from _key_. Typically supported methods
automatically determined from _pem_. Typically supported methods
comprise RSA and DSA.
$Method BOOL .update(STRING_LIST)
$Method BOOL .update(STRANDS)
Add strings to the data to be verfied with the verifier object.
......