Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-gcrypt
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-gcrypt
Commits
2ced4724
Commit
2ced4724
authored
Apr 18, 2017
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Change the data type for the size of the secure memory pool to BYTES.
parent
361f4fe9
Pipeline
#175
skipped
Changes
7
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
26 additions
and
40 deletions
+26
-40
README.rst
README.rst
+9
-8
aes.vtc
src/tests/aes.vtc
+1
-1
disable_secmem.vtc
src/tests/disable_secmem.vtc
+1
-1
init_secmem.vtc
src/tests/init_secmem.vtc
+4
-16
init_usage.vtc
src/tests/init_usage.vtc
+1
-1
vmod_gcrypt.c
src/vmod_gcrypt.c
+2
-6
vmod_gcrypt.vcc
src/vmod_gcrypt.vcc
+8
-7
No files found.
README.rst
View file @
2ced4724
...
...
@@ -26,7 +26,7 @@ import gcrypt [from "path"] ;
::
gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [,
INT
n])
gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [,
BYTES
n])
gcrypt.init(FINISH)
new OBJECT = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding,
...
...
@@ -150,7 +150,7 @@ described below), but if it does:
CONTENTS
========
* VOID init(ENUM {INIT_SECMEM,DISABLE_SECMEM,FINISH},
INT
)
* VOID init(ENUM {INIT_SECMEM,DISABLE_SECMEM,FINISH},
BYTES
)
* symmetric(ENUM {AES,AES128,RIJNDAEL,RIJNDAEL128,AES192,RIJNDAEL192,AES256,RIJNDAEL256}, ENUM {ECB,CFB,CBC,OFB,CTR}, ENUM {PKCS7,ISO7816,X923,NONE}, BLOB, BOOL, BOOL)
* STRING version()
* STRING gcrypt_version()
...
...
@@ -162,7 +162,7 @@ init
::
VOID init(ENUM {INIT_SECMEM,DISABLE_SECMEM,FINISH},
INT
n=1)
VOID init(ENUM {INIT_SECMEM,DISABLE_SECMEM,FINISH},
BYTES
n=1)
Initialize the libgcrypt library, currently to manage the use of
secure memory. The ENUM specifies an operation for initialization.
...
...
@@ -173,11 +173,12 @@ created; details below.
With ``INIT_SECMEM``, you can configure the size of the secure memory
pool to ``n`` bytes (the ``n`` parameter is ignored for the other
ENUMs). Secure memory is enabled by default and set to a default size
(32 KiB in libgcrypt 1.6.3), so you don't have to call ``init()`` with
``INIT_SECMEM`` to use the default.
ENUMs). The data type for ``n`` is BYTES, so the value must be written
with a suffix such as B or KB. Secure memory is enabled by default and
set to a default size (32 KiB in libgcrypt 1.6.3), so you don't have
to call ``init()`` with ``INIT_SECMEM`` to use the default.
Setting ``n`` to 0 with ``INIT_SECMEM`` disables secure memory, and
Setting ``n`` to 0
B
with ``INIT_SECMEM`` disables secure memory, and
hence has the same effect as calling ``init(DISABLE_SECMEM)``. If
secure memory is enabled, libgcrypt imposes a minimum size for the
pool (16 KiB for libgcrypt 1.6.3), so any value of ``n`` that is
...
...
@@ -237,7 +238,7 @@ Examples::
sub vcl_init {
# Enable secure memory and allocate a 64KiB pool.
gcrypt.init(INIT_SECMEM, 6
5536
);
gcrypt.init(INIT_SECMEM, 6
4KB
);
gcrypt.init(FINISH);
}
...
...
src/tests/aes.vtc
View file @
2ced4724
...
...
@@ -8,7 +8,7 @@ varnish v1 -vcl {
backend b { .host = "${bad_ip}"; }
sub vcl_init {
gcrypt.init(INIT_SECMEM, 6
5536
);
gcrypt.init(INIT_SECMEM, 6
4KB
);
gcrypt.init(FINISH);
}
} -start
...
...
src/tests/disable_secmem.vtc
View file @
2ced4724
...
...
@@ -63,7 +63,7 @@ varnish v3 -vcl {
sub vcl_init {
gcrypt.init(INIT_SECMEM);
gcrypt.init(INIT_SECMEM, 0);
gcrypt.init(INIT_SECMEM, 0
B
);
gcrypt.init(FINISH);
new k = blobcode.blob(HEX, "00000000000000000000000000000000");
new aes = gcrypt.symmetric(AES, ECB, key=k.get(), secure=false);
...
...
src/tests/init_secmem.vtc
View file @
2ced4724
...
...
@@ -24,7 +24,7 @@ varnish v2 -vcl {
sub vcl_init {
gcrypt.init(INIT_SECMEM);
gcrypt.init(INIT_SECMEM, 32
768
);
gcrypt.init(INIT_SECMEM, 32
KB
);
gcrypt.init(FINISH);
}
} -start
...
...
@@ -41,7 +41,7 @@ varnish v3 -vcl {
backend b { .host = "${bad_ip}"; }
sub vcl_init {
gcrypt.init(INIT_SECMEM, 0);
gcrypt.init(INIT_SECMEM, 0
B
);
gcrypt.init(FINISH);
}
} -start
...
...
@@ -57,21 +57,9 @@ varnish v3 -errvcl {vmod gcrypt error: secure memory not enabled in aes construc
}
}
# INIT_SECMEM is illegal with bytes < 0.
varnish v3 -stop
varnish v4 -vcl {backend b { .host = "${bad_ip}"; } } -start
varnish v4 -errvcl {INIT_SECMEM number of bytes -1 out of range in gcrypt.init()} {
import gcrypt from "${vmod_topbuild}/src/.libs/libvmod_gcrypt.so";
backend b { .host = "${bad_ip}"; }
sub vcl_init {
gcrypt.init(INIT_SECMEM, -1);
}
}
# Secure memory is enabled by default
varnish v
4
-stop
varnish v
5
-vcl {
varnish v
3
-stop
varnish v
4
-vcl {
import gcrypt from "${vmod_topbuild}/src/.libs/libvmod_gcrypt.so";
import blobcode;
backend b { .host = "${bad_ip}"; }
...
...
src/tests/init_usage.vtc
View file @
2ced4724
...
...
@@ -62,7 +62,7 @@ varnish v1 -vcl {
backend b { .host = "${bad_ip}"; }
sub vcl_init {
gcrypt.init(INIT_SECMEM, 32
768
);
gcrypt.init(INIT_SECMEM, 32
KB
);
gcrypt.init(FINISH);
}
}
...
...
src/vmod_gcrypt.c
View file @
2ced4724
...
...
@@ -170,7 +170,7 @@ event(VRT_CTX, struct vmod_priv *priv, enum vcl_event_e e)
/* Function init */
VCL_VOID
vmod_init
(
VRT_CTX
,
VCL_ENUM
cmd
,
VCL_
INT
n
)
vmod_init
(
VRT_CTX
,
VCL_ENUM
cmd
,
VCL_
BYTES
n
)
{
gcry_error_t
err
=
GPG_ERR_NO_ERROR
;
...
...
@@ -194,11 +194,7 @@ vmod_init(VRT_CTX, VCL_ENUM cmd, VCL_INT n)
return
;
}
if
(
strcmp
(
cmd
,
"INIT_SECMEM"
)
==
0
)
{
if
(
n
<
0
)
{
VERR
(
ctx
,
"INIT_SECMEM number of bytes %d out of range "
"in gcrypt.init()"
,
n
);
return
;
}
assert
(
n
>=
0
);
if
((
err
=
gcry_control
(
GCRYCTL_INIT_SECMEM
,
n
))
!=
GPG_ERR_NO_ERROR
)
VERR
(
ctx
,
"Cannot initialize secure memory to %d bytes "
...
...
src/vmod_gcrypt.vcc
View file @
2ced4724
...
...
@@ -9,7 +9,7 @@ $Module gcrypt 3 access the libgcrypt cryptographic library
::
gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [,
INT
n])
gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [,
BYTES
n])
gcrypt.init(FINISH)
new OBJECT = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding,
...
...
@@ -130,7 +130,7 @@ described below), but if it does:
* A Varnish panic is invoked with the error message from libgcrypt.
$Function VOID init(ENUM {INIT_SECMEM, DISABLE_SECMEM, FINISH},
INT
n=1)
$Function VOID init(ENUM {INIT_SECMEM, DISABLE_SECMEM, FINISH},
BYTES
n=1)
Initialize the libgcrypt library, currently to manage the use of
secure memory. The ENUM specifies an operation for initialization.
...
...
@@ -141,11 +141,12 @@ created; details below.
With ``INIT_SECMEM``, you can configure the size of the secure memory
pool to ``n`` bytes (the ``n`` parameter is ignored for the other
ENUMs). Secure memory is enabled by default and set to a default size
(32 KiB in libgcrypt 1.6.3), so you don't have to call ``init()`` with
``INIT_SECMEM`` to use the default.
ENUMs). The data type for ``n`` is BYTES, so the value must be written
with a suffix such as B or KB. Secure memory is enabled by default and
set to a default size (32 KiB in libgcrypt 1.6.3), so you don't have
to call ``init()`` with ``INIT_SECMEM`` to use the default.
Setting ``n`` to 0 with ``INIT_SECMEM`` disables secure memory, and
Setting ``n`` to 0
B
with ``INIT_SECMEM`` disables secure memory, and
hence has the same effect as calling ``init(DISABLE_SECMEM)``. If
secure memory is enabled, libgcrypt imposes a minimum size for the
pool (16 KiB for libgcrypt 1.6.3), so any value of ``n`` that is
...
...
@@ -205,7 +206,7 @@ Examples::
sub vcl_init {
# Enable secure memory and allocate a 64KiB pool.
gcrypt.init(INIT_SECMEM, 6
5536
);
gcrypt.init(INIT_SECMEM, 6
4KB
);
gcrypt.init(FINISH);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment