Backport to Varnish 6.0 from branch 6.5.

- RST formatting changes in README - Old naming conventions from the vmodtool. - No macros VPFX() or VARGS() - Event function without the vmod_ prefix - struct vmod_priv for BLOB - Old signature for VRT_blob() (no type)

Backport to Varnish 6.0 from branch 6.5.
- RST formatting changes in README - Old naming conventions from the vmodtool. - No macros VPFX() or VARGS() - Event function without the vmod_ prefix - struct vmod_priv for BLOB - Old signature for VRT_blob() (no type)
0c2a6dbd · Geoff Simmons · 8c00786e · 0c2a6dbd · 0c2a6dbd
Commit 0c2a6dbd authored Mar 11, 2021 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 88 additions and 69 deletions

README.rst README.rst +54 -34

vmod_gcrypt.c src/vmod_gcrypt.c +34 -35

No files found.
--- a/README.rst
+++ b/README.rst
 ..
 .. NB:  This file is machine generated, DO NOT EDIT!
 ..
-.. Edit ../src/vmod_gcrypt.vcc and run make instead
+.. Edit vmod.vcc and run make instead
 ..

 .. role:: ref(emphasis)

+.. _vmod_gcrypt(3):
+
 ===========
 vmod_gcrypt
 ===========
@@ -19,34 +21,37 @@ access the libgcrypt cryptographic library
 SYNOPSIS
 ========

-.. parsed-literal::

-  import gcrypt [as name] [from "path"]
-  
-  VOID init(ENUM, BYTES n)
+::
+
+   import gcrypt [from "path"] ;
+   
+   VOID init(ENUM, BYTES n)
  
-  new xsymmetric = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding, BLOB key, BOOL secure, BOOL cbc_cts)
+   new xsymmetric = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding, BLOB key, BOOL secure, BOOL cbc_cts)
  
      BLOB xsymmetric.encrypt(BLOB plaintext, [BLOB iv], [BLOB ctr])
-   
+  
      BLOB xsymmetric.decrypt(BLOB ciphertext, [BLOB iv], [BLOB ctr])
-   
-  BLOB fileread(STRING path)
  
-  BLOB random([ENUM quality], BYTES n)
+   BLOB fileread(STRING path)
  
-  INT random_int(ENUM quality, INT bound)
+   BLOB random([ENUM quality], BYTES n)
  
-  REAL random_real(ENUM)
+   INT random_int(ENUM quality, INT bound)
  
-  BOOL random_bool(ENUM)
+   REAL random_real(ENUM)
+  
+   BOOL random_bool(ENUM)
  
-  VOID wipe(BLOB)
+   VOID wipe(BLOB)
  
-  STRING version()
+   STRING version()
  
-  STRING gcrypt_version()
+   STRING gcrypt_version()
  
+
+
 ::

  gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [, BYTES n])
@@ -184,7 +189,8 @@ described below), but if it does:

 * A Varnish panic is invoked with the error message from libgcrypt.

-.. _gcrypt.init():
+
+.. _func_init:

 VOID init(ENUM, BYTES n)
 ------------------------
@@ -283,10 +289,11 @@ Examples::
      gcrypt.init(FINISH);
  }

-.. _gcrypt.symmetric():

-new xsymmetric = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding, BLOB key, BOOL secure, BOOL cbc_cts)
------------------------------------------------------------------------------------------------------------
+.. _obj_symmetric:
+
+symmetric(...)
+--------------

 ::

@@ -403,10 +410,10 @@ Examples::
                                    cbc_cts=true, secure=true);
  }

-.. _xsymmetric.encrypt():
+.. _func_symmetric.encrypt:

-BLOB xsymmetric.encrypt(BLOB plaintext, [BLOB iv], [BLOB ctr])
--------------------------------------------------------------
+symmetric.encrypt(...)
+----------------------

 ::

@@ -467,10 +474,11 @@ Examples::
                         iv=blob.decode(BASE64, resp.http.X-IV-256)));
  }

-.. _xsymmetric.decrypt():

-BLOB xsymmetric.decrypt(BLOB ciphertext, [BLOB iv], [BLOB ctr])
---------------------------------------------------------------
+.. _func_symmetric.decrypt:
+
+symmetric.decrypt(...)
+----------------------

 ::

@@ -528,7 +536,11 @@ Examples::
                         iv=blob.decode(BASE64, req.http.X-IV-256)));
  }

-.. _gcrypt.fileread():
+
+
+
+
+.. _func_fileread:

 BLOB fileread(STRING path)
 --------------------------
@@ -617,7 +629,8 @@ Example::
                                    key=gcrypt.fileread("/path/to/key"));
  }

-.. _gcrypt.random():
+
+.. _func_random:

 BLOB random([ENUM quality], BYTES n)
 ------------------------------------
@@ -714,7 +727,8 @@ Example::
      unset resp.http.X-Msg;
  }

-.. _gcrypt.random_int():
+
+.. _func_random_int:

 INT random_int(ENUM {STRONG, NONCE} quality, INT bound=0)
 ---------------------------------------------------------
@@ -740,7 +754,8 @@ Example::
  # Assign a random group number from 0 to 99 to a request.
  set req.http.X-Group = gcrypt.random_int(NONCE, 100);

-.. _gcrypt.random_real():
+
+.. _func_random_real:

 REAL random_real(ENUM {STRONG, NONCE})
 --------------------------------------
@@ -766,7 +781,8 @@ Example::
  # Assign an unpredictable REAL from -1.0 to 1.0 to a request.
  set req.http.X-Real = gcrypt.random_real(STRONG) * 2 - 1;

-.. _gcrypt.random_bool():
+
+.. _func_random_bool:

 BOOL random_bool(ENUM {STRONG, NONCE})
 --------------------------------------
@@ -792,7 +808,8 @@ Example::
      call do_that;
  }

-.. _gcrypt.wipe():
+
+.. _func_wipe:

 VOID wipe(BLOB)
 ---------------
@@ -816,7 +833,8 @@ Example::
      gcrypt.wipe(key.get());
  }

-.. _gcrypt.version():
+
+.. _func_version:

 STRING version()
 ----------------
@@ -827,7 +845,8 @@ Example::

        std.log("Using VMOD gcrypt version " + gcrypt.version());

-.. _gcrypt.gcrypt_version():
+
+.. _func_gcrypt_version:

 STRING gcrypt_version()
 -----------------------
@@ -1043,6 +1062,7 @@ SEE ALSO
 * developer contact: <varnish-support@uplex.de>, and at the source
  repository site

+
 COPYRIGHT
 =========


--- a/src/vmod_gcrypt.c
+++ b/src/vmod_gcrypt.c
@@ -184,7 +184,7 @@ gcrypt_fatal(void *priv, int err, const char *text)
 }

 int
-vmod_event(VRT_CTX, struct vmod_priv *priv, enum vcl_event_e e)
+event(VRT_CTX, struct vmod_priv *priv, enum vcl_event_e e)
 {
 	(void) ctx;
 	(void) priv;
@@ -294,7 +294,7 @@ vmod_symmetric__init(VRT_CTX, struct vmod_gcrypt_symmetric **symmetricp,
 		     vcl_name);
 		return;
 	}
-	if (key == NULL || key->blob == NULL) {
+	if (key == NULL || key->priv == NULL) {
 		VERR(ctx, "key is NULL in %s constructor", vcl_name);
 		return;
 	}
@@ -352,7 +352,7 @@ vmod_symmetric__init(VRT_CTX, struct vmod_gcrypt_symmetric **symmetricp,
 		     vcl_name, gcry_strsource(err), gcry_strerror(err));
 		return;
 	}
-	err = gcry_cipher_setkey(hd, key->blob, key->len);
+	err = gcry_cipher_setkey(hd, key->priv, key->len);
 	gcry_cipher_close(hd);
 	if (err != GPG_ERR_NO_ERROR) {
 		VERR(ctx, "Cannot set key in %s constructor: %s/%s",
@@ -385,7 +385,7 @@ vmod_symmetric__init(VRT_CTX, struct vmod_gcrypt_symmetric **symmetricp,
 		VERRNOMEM(ctx, "copying key in %s constructor", vcl_name);
 		return;
 	}
-	memcpy(symmetric->key, key->blob, key->len);
+	memcpy(symmetric->key, key->priv, key->len);
 	symmetric->vcl_name = strdup(vcl_name);
 	if (symmetric->vcl_name == NULL) {
 		VERRNOMEM(ctx, "copying object name in %s constructor",
@@ -466,8 +466,8 @@ get_symmetric_hd(VRT_CTX,
 }

 VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
-    struct VPFX(gcrypt_symmetric) *symmetric,
-    struct VARGS(symmetric_encrypt)* args)
+    struct vmod_gcrypt_symmetric *symmetric,
+    struct vmod_symmetric_encrypt_arg *args)
 {
 	VCL_BLOB plainblob = args->plaintext, iv = NULL, ctr = NULL;
 	size_t len, blocklen;
@@ -480,7 +480,7 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,

 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	CHECK_OBJ_NOTNULL(symmetric, VMOD_GCRYPT_SYMMETRIC_MAGIC);
-	if (plainblob == NULL || plainblob->blob == NULL) {
+	if (plainblob == NULL || plainblob->priv == NULL) {
 		VERR(ctx, "Plaintext BLOB is NULL in %s.encrypt()",
 		     symmetric->vcl_name);
 		return NULL;
@@ -495,7 +495,7 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 	blocklen = gcry_cipher_get_algo_blklen(symmetric->algo);
 	AN(blocklen);
 	if (symmetric->padding != NONE) {
-		plaintext = (padf[symmetric->padding])(ctx->ws, plainblob->blob,
+		plaintext = (padf[symmetric->padding])(ctx->ws, plainblob->priv,
 						       plainblob->len, blocklen,
 						       &len);
 		if (plaintext == NULL) {
@@ -505,7 +505,7 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 		}
 	}
 	else {
-		plaintext = plainblob->blob;
+		plaintext = plainblob->priv;
 		len = plainblob->len;
 	}
 	if ((ciphertext = WS_Alloc(ctx->ws, len)) == NULL) {
@@ -524,9 +524,9 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 			goto fail;
 		}
 		/* A NULL iv of length 0 is permitted. */
-		if (iv->blob == NULL)
+		if (iv->priv == NULL)
 			assert(iv->len == 0);
-		if ((err = gcry_cipher_setiv(*hd, iv->blob, iv->len))
+		if ((err = gcry_cipher_setiv(*hd, iv->priv, iv->len))
 		    != GPG_ERR_NO_ERROR) {
 			VERR(ctx, "Cannot set initialization vector in "
 			     "%s.encrypt(): %s/%s", symmetric->vcl_name,
@@ -535,12 +535,12 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 		}
 	}
 	if (need_ctr[symmetric->mode]) {
-		if (ctr == NULL || ctr->blob == NULL) {
+		if (ctr == NULL || ctr->priv == NULL) {
 			VERR(ctx, "Required counter vector is NULL in "
 			     "%s.encrypt()", symmetric->vcl_name);
 			goto fail;
 		}
-		if ((err = gcry_cipher_setctr(*hd, ctr->blob, ctr->len))
+		if ((err = gcry_cipher_setctr(*hd, ctr->priv, ctr->len))
 		    != GPG_ERR_NO_ERROR) {
 			VERR(ctx, "Cannot set counter vector in %s.encrypt(): "
 			     "%s/%s", symmetric->vcl_name, gcry_strsource(err),
@@ -556,8 +556,7 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 		goto fail;
 	}

-	b = VRT_blob(ctx, "xgcrypt.encrypt()", ciphertext, len,
-	    BLOB_VMOD_GCRYPT_TYPE);
+	b = VRT_blob(ctx, "xgcrypt.encrypt()", ciphertext, len);

 	if (b == NULL)
 		goto fail;
@@ -570,12 +569,12 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 }

 VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
-    struct VPFX(gcrypt_symmetric) *symmetric,
-    struct VARGS(symmetric_decrypt) *args)
+    struct vmod_gcrypt_symmetric *symmetric,
+    struct vmod_symmetric_decrypt_arg *args)
 {
 	VCL_BLOB ciphertext = args->ciphertext, iv = NULL, ctr = NULL;
 	uintptr_t snap;
-	struct vrt_blob *plaintext;
+	struct vmod_priv *plaintext;
 	void *plain;
 	gcry_error_t err = GPG_ERR_NO_ERROR;
 	gcry_cipher_hd_t *hd;
@@ -583,7 +582,7 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,

 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	CHECK_OBJ_NOTNULL(symmetric, VMOD_GCRYPT_SYMMETRIC_MAGIC);
-	if (ciphertext == NULL || ciphertext->blob == NULL) {
+	if (ciphertext == NULL || ciphertext->priv == NULL) {
 		VERR(ctx, "Ciphertext BLOB is NULL in %s.decrypt()",
 		     symmetric->vcl_name);
 		return NULL;
@@ -606,7 +605,7 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 		WS_Reset(ctx->ws, snap);
 		return NULL;
 	}
-	plaintext->blob = plain = WS_Reservation(ctx->ws);
+	plaintext->priv = plain = WS_Front(ctx->ws);

 	hd = get_symmetric_hd(ctx, symmetric, "decrypt");
 	if (hd == NULL)
@@ -618,9 +617,9 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 			goto fail;
 		}
 		/* A NULL iv of length 0 is permitted. */
-		if (iv->blob == NULL)
+		if (iv->priv == NULL)
 			assert(iv->len == 0);
-		if ((err = gcry_cipher_setiv(*hd, iv->blob, iv->len))
+		if ((err = gcry_cipher_setiv(*hd, iv->priv, iv->len))
 		    != GPG_ERR_NO_ERROR) {
 			VERR(ctx, "Cannot set initialization vector in "
 			     "%s.decrypt(): %s/%s", symmetric->vcl_name,
@@ -629,12 +628,12 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 		}
 	}
 	if (need_ctr[symmetric->mode]) {
-		if (ctr == NULL || ctr->blob == NULL) {
+		if (ctr == NULL || ctr->priv == NULL) {
 			VERR(ctx, "Required counter vector is NULL in "
 			     "%s.decrypt()", symmetric->vcl_name);
 			goto fail;
 		}
-		if ((err = gcry_cipher_setctr(*hd, ctr->blob, ctr->len))
+		if ((err = gcry_cipher_setctr(*hd, ctr->priv, ctr->len))
 		    != GPG_ERR_NO_ERROR) {
 			VERR(ctx, "Cannot set counter vector in %s.decrypt(): "
 			     "%s/%s", symmetric->vcl_name, gcry_strsource(err),
@@ -643,7 +642,7 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 		}
 	}
 	if ((err = gcry_cipher_decrypt(*hd, plain, ciphertext->len,
-				       ciphertext->blob, ciphertext->len))
+				       ciphertext->priv, ciphertext->len))
 	    != GPG_ERR_NO_ERROR) {
 		VERR(ctx, "in %s.decrypt(): %s/%s", symmetric->vcl_name,
 		     gcry_strsource(err), gcry_strerror(err));
@@ -698,12 +697,12 @@ get_rnd(VCL_ENUM const restrict qualitys, void * restrict p, size_t n)
 }

 VCL_BLOB
-vmod_random(VRT_CTX, struct VARGS(random)*args)
+vmod_random(VRT_CTX, struct vmod_random_arg *args)
 {
 	struct vmod_priv *rnd_task = args->arg1;
 	VCL_ENUM qualitys = NULL;
 	VCL_BYTES n = args->n;
-	struct vrt_blob *rnd_blob;
+	struct vmod_priv *rnd_blob;
 	uintptr_t snap;
 	void *rnd;

@@ -744,7 +743,7 @@ vmod_random(VRT_CTX, struct VARGS(random)*args)
 	}

 	get_rnd(qualitys, rnd, n);
-	rnd_blob->blob = rnd;
+	rnd_blob->priv = rnd;
 	rnd_blob->len = n;

 	rnd_task->priv = rnd_blob;
@@ -938,14 +937,14 @@ VCL_VOID
 vmod_wipe(VRT_CTX, VCL_BLOB b)
 {
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
-	if (b == NULL || b->len == 0 || b->blob == NULL) {
+	if (b == NULL || b->len == 0 || b->priv == NULL) {
 		ERR(ctx, "empty blob in gcrypt.wipe()");
 		return;
 	}
-	wipe(b->blob, b->len, 0xff);
-	wipe(b->blob, b->len, 0xaa);
-	wipe(b->blob, b->len, 0x55);
-	wipe(b->blob, b->len, 0x00);
+	wipe(b->priv, b->len, 0xff);
+	wipe(b->priv, b->len, 0xaa);
+	wipe(b->priv, b->len, 0x55);
+	wipe(b->priv, b->len, 0x00);
 }

 /* Function fileread */
@@ -984,7 +983,7 @@ filedata_free(void *p)
 VCL_BLOB
 vmod_fileread(VRT_CTX, struct vmod_priv *task, VCL_STRING path)
 {
-	struct vrt_blob *b;
+	struct vmod_priv *b;
 	struct filedata_head *fhead;
 	struct filedata *fdata;
 	struct stat st, fst;
@@ -1099,7 +1098,7 @@ vmod_fileread(VRT_CTX, struct vmod_priv *task, VCL_STRING path)
 	fdata->contents = contents;
 	fdata->len = st.st_size;
 	VSLIST_INSERT_HEAD(fhead, fdata, list);
-	b->blob = contents;
+	b->priv = contents;
 	b->len = st.st_size;
 	return b;