Backport to Varnish 6.0 from branch 6.5.

- RST formatting changes in README - Old naming conventions from the vmodtool. - No macros VPFX() or VARGS() - Event function without the vmod_ prefix - struct vmod_priv for BLOB - Old signature for VRT_blob() (no type)

Backport to Varnish 6.0 from branch 6.5.
- RST formatting changes in README - Old naming conventions from the vmodtool. - No macros VPFX() or VARGS() - Event function without the vmod_ prefix - struct vmod_priv for BLOB - Old signature for VRT_blob() (no type)
0c2a6dbd · Geoff Simmons · 8c00786e · 0c2a6dbd · 0c2a6dbd
Commit 0c2a6dbd authored Mar 11, 2021 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 88 additions and 69 deletions

README.rst README.rst +54 -34

vmod_gcrypt.c src/vmod_gcrypt.c +34 -35

No files found.
--- a/README.rst
+++ b/README.rst
 ..
 .. NB:  This file is machine generated, DO NOT EDIT!
 ..
-.. Edit ../src/vmod_gcrypt.vcc and run make instead
+.. Edit vmod.vcc and run make instead
 ..
 .. role:: ref(emphasis)
+.. _vmod_gcrypt(3):
 ===========
 vmod_gcrypt
 ===========
@@ -19,34 +21,37 @@ access the libgcrypt cryptographic library
 SYNOPSIS
 ========
-.. parsed-literal::
-  import gcrypt [as name] [from "path"]
+::
-  VOID init(ENUM, BYTES n)
+   import gcrypt [from "path"] ;
+   VOID init(ENUM, BYTES n)
-  new xsymmetric = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding, BLOB key, BOOL secure, BOOL cbc_cts)
+   new xsymmetric = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding, BLOB key, BOOL secure, BOOL cbc_cts)
      BLOB xsymmetric.encrypt(BLOB plaintext, [BLOB iv], [BLOB ctr])
      BLOB xsymmetric.decrypt(BLOB ciphertext, [BLOB iv], [BLOB ctr])
-  BLOB fileread(STRING path)
-  BLOB random([ENUM quality], BYTES n)
+   BLOB fileread(STRING path)
-  INT random_int(ENUM quality, INT bound)
+   BLOB random([ENUM quality], BYTES n)
-  REAL random_real(ENUM)
+   INT random_int(ENUM quality, INT bound)
-  BOOL random_bool(ENUM)
+   REAL random_real(ENUM)
+   BOOL random_bool(ENUM)
-  VOID wipe(BLOB)
+   VOID wipe(BLOB)
-  STRING version()
+   STRING version()
-  STRING gcrypt_version()
+   STRING gcrypt_version()
 ::
  gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [, BYTES n])
@@ -184,7 +189,8 @@ described below), but if it does:
 * A Varnish panic is invoked with the error message from libgcrypt.
-.. _gcrypt.init():
+.. _func_init:
 VOID init(ENUM, BYTES n)
 ------------------------
@@ -283,10 +289,11 @@ Examples::
      gcrypt.init(FINISH);
  }
-.. _gcrypt.symmetric():
-new xsymmetric = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding, BLOB key, BOOL secure, BOOL cbc_cts)
+.. _obj_symmetric:
------------------------------------------------------------------------------------------------------------
+symmetric(...)
+--------------
 ::
@@ -403,10 +410,10 @@ Examples::
                                    cbc_cts=true, secure=true);
  }
-.. _xsymmetric.encrypt():
+.. _func_symmetric.encrypt:
-BLOB xsymmetric.encrypt(BLOB plaintext, [BLOB iv], [BLOB ctr])
+symmetric.encrypt(...)
--------------------------------------------------------------
+----------------------
 ::
@@ -467,10 +474,11 @@ Examples::
                         iv=blob.decode(BASE64, resp.http.X-IV-256)));
  }
-.. _xsymmetric.decrypt():
-BLOB xsymmetric.decrypt(BLOB ciphertext, [BLOB iv], [BLOB ctr])
+.. _func_symmetric.decrypt:
---------------------------------------------------------------
+symmetric.decrypt(...)
+----------------------
 ::
@@ -528,7 +536,11 @@ Examples::
                         iv=blob.decode(BASE64, req.http.X-IV-256)));
  }
-.. _gcrypt.fileread():
+.. _func_fileread:
 BLOB fileread(STRING path)
 --------------------------
@@ -617,7 +629,8 @@ Example::
                                    key=gcrypt.fileread("/path/to/key"));
  }
-.. _gcrypt.random():
+.. _func_random:
 BLOB random([ENUM quality], BYTES n)
 ------------------------------------
@@ -714,7 +727,8 @@ Example::
      unset resp.http.X-Msg;
  }
-.. _gcrypt.random_int():
+.. _func_random_int:
 INT random_int(ENUM {STRONG, NONCE} quality, INT bound=0)
 ---------------------------------------------------------
@@ -740,7 +754,8 @@ Example::
  # Assign a random group number from 0 to 99 to a request.
  set req.http.X-Group = gcrypt.random_int(NONCE, 100);
-.. _gcrypt.random_real():
+.. _func_random_real:
 REAL random_real(ENUM {STRONG, NONCE})
 --------------------------------------
@@ -766,7 +781,8 @@ Example::
  # Assign an unpredictable REAL from -1.0 to 1.0 to a request.
  set req.http.X-Real = gcrypt.random_real(STRONG) * 2 - 1;
-.. _gcrypt.random_bool():
+.. _func_random_bool:
 BOOL random_bool(ENUM {STRONG, NONCE})
 --------------------------------------
@@ -792,7 +808,8 @@ Example::
      call do_that;
  }
-.. _gcrypt.wipe():
+.. _func_wipe:
 VOID wipe(BLOB)
 ---------------
@@ -816,7 +833,8 @@ Example::
      gcrypt.wipe(key.get());
  }
-.. _gcrypt.version():
+.. _func_version:
 STRING version()
 ----------------
@@ -827,7 +845,8 @@ Example::
        std.log("Using VMOD gcrypt version " + gcrypt.version());
-.. _gcrypt.gcrypt_version():
+.. _func_gcrypt_version:
 STRING gcrypt_version()
 -----------------------
@@ -1043,6 +1062,7 @@ SEE ALSO
 * developer contact: <varnish-support@uplex.de>, and at the source
  repository site
 COPYRIGHT
 =========

--- a/src/vmod_gcrypt.c
+++ b/src/vmod_gcrypt.c
@@ -184,7 +184,7 @@ gcrypt_fatal(void *priv, int err, const char *text)
 }
 int
-vmod_event(VRT_CTX, struct vmod_priv *priv, enum vcl_event_e e)
+event(VRT_CTX, struct vmod_priv *priv, enum vcl_event_e e)
 {
 	(void) ctx;
 	(void) priv;
@@ -294,7 +294,7 @@ vmod_symmetric__init(VRT_CTX, struct vmod_gcrypt_symmetric **symmetricp,
 		     vcl_name);
 		return;
 	}
-	if (key == NULL || key->blob == NULL) {
+	if (key == NULL || key->priv == NULL) {
 		VERR(ctx, "key is NULL in %s constructor", vcl_name);
 		return;
 	}
@@ -352,7 +352,7 @@ vmod_symmetric__init(VRT_CTX, struct vmod_gcrypt_symmetric **symmetricp,
 		     vcl_name, gcry_strsource(err), gcry_strerror(err));
 		return;
 	}
-	err = gcry_cipher_setkey(hd, key->blob, key->len);
+	err = gcry_cipher_setkey(hd, key->priv, key->len);
 	gcry_cipher_close(hd);
 	if (err != GPG_ERR_NO_ERROR) {
 		VERR(ctx, "Cannot set key in %s constructor: %s/%s",
@@ -385,7 +385,7 @@ vmod_symmetric__init(VRT_CTX, struct vmod_gcrypt_symmetric **symmetricp,
 		VERRNOMEM(ctx, "copying key in %s constructor", vcl_name);
 		return;
 	}
-	memcpy(symmetric->key, key->blob, key->len);
+	memcpy(symmetric->key, key->priv, key->len);
 	symmetric->vcl_name = strdup(vcl_name);
 	if (symmetric->vcl_name == NULL) {
 		VERRNOMEM(ctx, "copying object name in %s constructor",
@@ -466,8 +466,8 @@ get_symmetric_hd(VRT_CTX,
 }
 VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
-    struct VPFX(gcrypt_symmetric) *symmetric,
+    struct vmod_gcrypt_symmetric *symmetric,
-    struct VARGS(symmetric_encrypt)* args)
+    struct vmod_symmetric_encrypt_arg *args)
 {
 	VCL_BLOB plainblob = args->plaintext, iv = NULL, ctr = NULL;
 	size_t len, blocklen;
@@ -480,7 +480,7 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	CHECK_OBJ_NOTNULL(symmetric, VMOD_GCRYPT_SYMMETRIC_MAGIC);
-	if (plainblob == NULL || plainblob->blob == NULL) {
+	if (plainblob == NULL || plainblob->priv == NULL) {
 		VERR(ctx, "Plaintext BLOB is NULL in %s.encrypt()",
 		     symmetric->vcl_name);
 		return NULL;
@@ -495,7 +495,7 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 	blocklen = gcry_cipher_get_algo_blklen(symmetric->algo);
 	AN(blocklen);
 	if (symmetric->padding != NONE) {
-		plaintext = (padf[symmetric->padding])(ctx->ws, plainblob->blob,
+		plaintext = (padf[symmetric->padding])(ctx->ws, plainblob->priv,
 						       plainblob->len, blocklen,
 						       &len);
 		if (plaintext == NULL) {
@@ -505,7 +505,7 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 		}
 	}
 	else {
-		plaintext = plainblob->blob;
+		plaintext = plainblob->priv;
 		len = plainblob->len;
 	}
 	if ((ciphertext = WS_Alloc(ctx->ws, len)) == NULL) {
@@ -524,9 +524,9 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 			goto fail;
 		}
 		/* A NULL iv of length 0 is permitted. */
-		if (iv->blob == NULL)
+		if (iv->priv == NULL)
 			assert(iv->len == 0);
-		if ((err = gcry_cipher_setiv(*hd, iv->blob, iv->len))
+		if ((err = gcry_cipher_setiv(*hd, iv->priv, iv->len))
 		    != GPG_ERR_NO_ERROR) {
 			VERR(ctx, "Cannot set initialization vector in "
 			     "%s.encrypt(): %s/%s", symmetric->vcl_name,
@@ -535,12 +535,12 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 		}
 	}
 	if (need_ctr[symmetric->mode]) {
-		if (ctr == NULL || ctr->blob == NULL) {
+		if (ctr == NULL || ctr->priv == NULL) {
 			VERR(ctx, "Required counter vector is NULL in "
 			     "%s.encrypt()", symmetric->vcl_name);
 			goto fail;
 		}
-		if ((err = gcry_cipher_setctr(*hd, ctr->blob, ctr->len))
+		if ((err = gcry_cipher_setctr(*hd, ctr->priv, ctr->len))
 		    != GPG_ERR_NO_ERROR) {
 			VERR(ctx, "Cannot set counter vector in %s.encrypt(): "
 			     "%s/%s", symmetric->vcl_name, gcry_strsource(err),
@@ -556,8 +556,7 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 		goto fail;
 	}
-	b = VRT_blob(ctx, "xgcrypt.encrypt()", ciphertext, len,
+	b = VRT_blob(ctx, "xgcrypt.encrypt()", ciphertext, len);
-	    BLOB_VMOD_GCRYPT_TYPE);
 	if (b == NULL)
 		goto fail;
@@ -570,12 +569,12 @@ VCL_BLOB vmod_symmetric_encrypt(VRT_CTX,
 }
 VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
-    struct VPFX(gcrypt_symmetric) *symmetric,
+    struct vmod_gcrypt_symmetric *symmetric,
-    struct VARGS(symmetric_decrypt) *args)
+    struct vmod_symmetric_decrypt_arg *args)
 {
 	VCL_BLOB ciphertext = args->ciphertext, iv = NULL, ctr = NULL;
 	uintptr_t snap;
-	struct vrt_blob *plaintext;
+	struct vmod_priv *plaintext;
 	void *plain;
 	gcry_error_t err = GPG_ERR_NO_ERROR;
 	gcry_cipher_hd_t *hd;
@@ -583,7 +582,7 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	CHECK_OBJ_NOTNULL(symmetric, VMOD_GCRYPT_SYMMETRIC_MAGIC);
-	if (ciphertext == NULL || ciphertext->blob == NULL) {
+	if (ciphertext == NULL || ciphertext->priv == NULL) {
 		VERR(ctx, "Ciphertext BLOB is NULL in %s.decrypt()",
 		     symmetric->vcl_name);
 		return NULL;
@@ -606,7 +605,7 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 		WS_Reset(ctx->ws, snap);
 		return NULL;
 	}
-	plaintext->blob = plain = WS_Reservation(ctx->ws);
+	plaintext->priv = plain = WS_Front(ctx->ws);
 	hd = get_symmetric_hd(ctx, symmetric, "decrypt");
 	if (hd == NULL)
@@ -618,9 +617,9 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 			goto fail;
 		}
 		/* A NULL iv of length 0 is permitted. */
-		if (iv->blob == NULL)
+		if (iv->priv == NULL)
 			assert(iv->len == 0);
-		if ((err = gcry_cipher_setiv(*hd, iv->blob, iv->len))
+		if ((err = gcry_cipher_setiv(*hd, iv->priv, iv->len))
 		    != GPG_ERR_NO_ERROR) {
 			VERR(ctx, "Cannot set initialization vector in "
 			     "%s.decrypt(): %s/%s", symmetric->vcl_name,
@@ -629,12 +628,12 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 		}
 	}
 	if (need_ctr[symmetric->mode]) {
-		if (ctr == NULL || ctr->blob == NULL) {
+		if (ctr == NULL || ctr->priv == NULL) {
 			VERR(ctx, "Required counter vector is NULL in "
 			     "%s.decrypt()", symmetric->vcl_name);
 			goto fail;
 		}
-		if ((err = gcry_cipher_setctr(*hd, ctr->blob, ctr->len))
+		if ((err = gcry_cipher_setctr(*hd, ctr->priv, ctr->len))
 		    != GPG_ERR_NO_ERROR) {
 			VERR(ctx, "Cannot set counter vector in %s.decrypt(): "
 			     "%s/%s", symmetric->vcl_name, gcry_strsource(err),
@@ -643,7 +642,7 @@ VCL_BLOB vmod_symmetric_decrypt(VRT_CTX,
 		}
 	}
 	if ((err = gcry_cipher_decrypt(*hd, plain, ciphertext->len,
-				       ciphertext->blob, ciphertext->len))
+				       ciphertext->priv, ciphertext->len))
 	    != GPG_ERR_NO_ERROR) {
 		VERR(ctx, "in %s.decrypt(): %s/%s", symmetric->vcl_name,
 		     gcry_strsource(err), gcry_strerror(err));
@@ -698,12 +697,12 @@ get_rnd(VCL_ENUM const restrict qualitys, void * restrict p, size_t n)
 }
 VCL_BLOB
-vmod_random(VRT_CTX, struct VARGS(random)*args)
+vmod_random(VRT_CTX, struct vmod_random_arg *args)
 {
 	struct vmod_priv *rnd_task = args->arg1;
 	VCL_ENUM qualitys = NULL;
 	VCL_BYTES n = args->n;
-	struct vrt_blob *rnd_blob;
+	struct vmod_priv *rnd_blob;
 	uintptr_t snap;
 	void *rnd;
@@ -744,7 +743,7 @@ vmod_random(VRT_CTX, struct VARGS(random)*args)
 	}
 	get_rnd(qualitys, rnd, n);
-	rnd_blob->blob = rnd;
+	rnd_blob->priv = rnd;
 	rnd_blob->len = n;
 	rnd_task->priv = rnd_blob;
@@ -938,14 +937,14 @@ VCL_VOID
 vmod_wipe(VRT_CTX, VCL_BLOB b)
 {
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
-	if (b == NULL || b->len == 0 || b->blob == NULL) {
+	if (b == NULL || b->len == 0 || b->priv == NULL) {
 		ERR(ctx, "empty blob in gcrypt.wipe()");
 		return;
 	}
-	wipe(b->blob, b->len, 0xff);
+	wipe(b->priv, b->len, 0xff);
-	wipe(b->blob, b->len, 0xaa);
+	wipe(b->priv, b->len, 0xaa);
-	wipe(b->blob, b->len, 0x55);
+	wipe(b->priv, b->len, 0x55);
-	wipe(b->blob, b->len, 0x00);
+	wipe(b->priv, b->len, 0x00);
 }
 /* Function fileread */
@@ -984,7 +983,7 @@ filedata_free(void *p)
 VCL_BLOB
 vmod_fileread(VRT_CTX, struct vmod_priv *task, VCL_STRING path)
 {
-	struct vrt_blob *b;
+	struct vmod_priv *b;
 	struct filedata_head *fhead;
 	struct filedata *fdata;
 	struct stat st, fst;
@@ -1099,7 +1098,7 @@ vmod_fileread(VRT_CTX, struct vmod_priv *task, VCL_STRING path)
 	fdata->contents = contents;
 	fdata->len = st.st_size;
 	VSLIST_INSERT_HEAD(fhead, fdata, list);
-	b->blob = contents;
+	b->priv = contents;
 	b->len = st.st_size;
 	return b;