Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-gcrypt
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-gcrypt
Commits
2ced4724
Commit
2ced4724
authored
Apr 18, 2017
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Change the data type for the size of the secure memory pool to BYTES.
parent
361f4fe9
Pipeline
#175
skipped
Changes
7
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
26 additions
and
40 deletions
+26
-40
README.rst
README.rst
+9
-8
aes.vtc
src/tests/aes.vtc
+1
-1
disable_secmem.vtc
src/tests/disable_secmem.vtc
+1
-1
init_secmem.vtc
src/tests/init_secmem.vtc
+4
-16
init_usage.vtc
src/tests/init_usage.vtc
+1
-1
vmod_gcrypt.c
src/vmod_gcrypt.c
+2
-6
vmod_gcrypt.vcc
src/vmod_gcrypt.vcc
+8
-7
No files found.
README.rst
View file @
2ced4724
...
@@ -26,7 +26,7 @@ import gcrypt [from "path"] ;
...
@@ -26,7 +26,7 @@ import gcrypt [from "path"] ;
::
::
gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [,
INT
n])
gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [,
BYTES
n])
gcrypt.init(FINISH)
gcrypt.init(FINISH)
new OBJECT = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding,
new OBJECT = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding,
...
@@ -150,7 +150,7 @@ described below), but if it does:
...
@@ -150,7 +150,7 @@ described below), but if it does:
CONTENTS
CONTENTS
========
========
* VOID init(ENUM {INIT_SECMEM,DISABLE_SECMEM,FINISH},
INT
)
* VOID init(ENUM {INIT_SECMEM,DISABLE_SECMEM,FINISH},
BYTES
)
* symmetric(ENUM {AES,AES128,RIJNDAEL,RIJNDAEL128,AES192,RIJNDAEL192,AES256,RIJNDAEL256}, ENUM {ECB,CFB,CBC,OFB,CTR}, ENUM {PKCS7,ISO7816,X923,NONE}, BLOB, BOOL, BOOL)
* symmetric(ENUM {AES,AES128,RIJNDAEL,RIJNDAEL128,AES192,RIJNDAEL192,AES256,RIJNDAEL256}, ENUM {ECB,CFB,CBC,OFB,CTR}, ENUM {PKCS7,ISO7816,X923,NONE}, BLOB, BOOL, BOOL)
* STRING version()
* STRING version()
* STRING gcrypt_version()
* STRING gcrypt_version()
...
@@ -162,7 +162,7 @@ init
...
@@ -162,7 +162,7 @@ init
::
::
VOID init(ENUM {INIT_SECMEM,DISABLE_SECMEM,FINISH},
INT
n=1)
VOID init(ENUM {INIT_SECMEM,DISABLE_SECMEM,FINISH},
BYTES
n=1)
Initialize the libgcrypt library, currently to manage the use of
Initialize the libgcrypt library, currently to manage the use of
secure memory. The ENUM specifies an operation for initialization.
secure memory. The ENUM specifies an operation for initialization.
...
@@ -173,11 +173,12 @@ created; details below.
...
@@ -173,11 +173,12 @@ created; details below.
With ``INIT_SECMEM``, you can configure the size of the secure memory
With ``INIT_SECMEM``, you can configure the size of the secure memory
pool to ``n`` bytes (the ``n`` parameter is ignored for the other
pool to ``n`` bytes (the ``n`` parameter is ignored for the other
ENUMs). Secure memory is enabled by default and set to a default size
ENUMs). The data type for ``n`` is BYTES, so the value must be written
(32 KiB in libgcrypt 1.6.3), so you don't have to call ``init()`` with
with a suffix such as B or KB. Secure memory is enabled by default and
``INIT_SECMEM`` to use the default.
set to a default size (32 KiB in libgcrypt 1.6.3), so you don't have
to call ``init()`` with ``INIT_SECMEM`` to use the default.
Setting ``n`` to 0 with ``INIT_SECMEM`` disables secure memory, and
Setting ``n`` to 0
B
with ``INIT_SECMEM`` disables secure memory, and
hence has the same effect as calling ``init(DISABLE_SECMEM)``. If
hence has the same effect as calling ``init(DISABLE_SECMEM)``. If
secure memory is enabled, libgcrypt imposes a minimum size for the
secure memory is enabled, libgcrypt imposes a minimum size for the
pool (16 KiB for libgcrypt 1.6.3), so any value of ``n`` that is
pool (16 KiB for libgcrypt 1.6.3), so any value of ``n`` that is
...
@@ -237,7 +238,7 @@ Examples::
...
@@ -237,7 +238,7 @@ Examples::
sub vcl_init {
sub vcl_init {
# Enable secure memory and allocate a 64KiB pool.
# Enable secure memory and allocate a 64KiB pool.
gcrypt.init(INIT_SECMEM, 6
5536
);
gcrypt.init(INIT_SECMEM, 6
4KB
);
gcrypt.init(FINISH);
gcrypt.init(FINISH);
}
}
...
...
src/tests/aes.vtc
View file @
2ced4724
...
@@ -8,7 +8,7 @@ varnish v1 -vcl {
...
@@ -8,7 +8,7 @@ varnish v1 -vcl {
backend b { .host = "${bad_ip}"; }
backend b { .host = "${bad_ip}"; }
sub vcl_init {
sub vcl_init {
gcrypt.init(INIT_SECMEM, 6
5536
);
gcrypt.init(INIT_SECMEM, 6
4KB
);
gcrypt.init(FINISH);
gcrypt.init(FINISH);
}
}
} -start
} -start
...
...
src/tests/disable_secmem.vtc
View file @
2ced4724
...
@@ -63,7 +63,7 @@ varnish v3 -vcl {
...
@@ -63,7 +63,7 @@ varnish v3 -vcl {
sub vcl_init {
sub vcl_init {
gcrypt.init(INIT_SECMEM);
gcrypt.init(INIT_SECMEM);
gcrypt.init(INIT_SECMEM, 0);
gcrypt.init(INIT_SECMEM, 0
B
);
gcrypt.init(FINISH);
gcrypt.init(FINISH);
new k = blobcode.blob(HEX, "00000000000000000000000000000000");
new k = blobcode.blob(HEX, "00000000000000000000000000000000");
new aes = gcrypt.symmetric(AES, ECB, key=k.get(), secure=false);
new aes = gcrypt.symmetric(AES, ECB, key=k.get(), secure=false);
...
...
src/tests/init_secmem.vtc
View file @
2ced4724
...
@@ -24,7 +24,7 @@ varnish v2 -vcl {
...
@@ -24,7 +24,7 @@ varnish v2 -vcl {
sub vcl_init {
sub vcl_init {
gcrypt.init(INIT_SECMEM);
gcrypt.init(INIT_SECMEM);
gcrypt.init(INIT_SECMEM, 32
768
);
gcrypt.init(INIT_SECMEM, 32
KB
);
gcrypt.init(FINISH);
gcrypt.init(FINISH);
}
}
} -start
} -start
...
@@ -41,7 +41,7 @@ varnish v3 -vcl {
...
@@ -41,7 +41,7 @@ varnish v3 -vcl {
backend b { .host = "${bad_ip}"; }
backend b { .host = "${bad_ip}"; }
sub vcl_init {
sub vcl_init {
gcrypt.init(INIT_SECMEM, 0);
gcrypt.init(INIT_SECMEM, 0
B
);
gcrypt.init(FINISH);
gcrypt.init(FINISH);
}
}
} -start
} -start
...
@@ -57,21 +57,9 @@ varnish v3 -errvcl {vmod gcrypt error: secure memory not enabled in aes construc
...
@@ -57,21 +57,9 @@ varnish v3 -errvcl {vmod gcrypt error: secure memory not enabled in aes construc
}
}
}
}
# INIT_SECMEM is illegal with bytes < 0.
varnish v3 -stop
varnish v4 -vcl {backend b { .host = "${bad_ip}"; } } -start
varnish v4 -errvcl {INIT_SECMEM number of bytes -1 out of range in gcrypt.init()} {
import gcrypt from "${vmod_topbuild}/src/.libs/libvmod_gcrypt.so";
backend b { .host = "${bad_ip}"; }
sub vcl_init {
gcrypt.init(INIT_SECMEM, -1);
}
}
# Secure memory is enabled by default
# Secure memory is enabled by default
varnish v
4
-stop
varnish v
3
-stop
varnish v
5
-vcl {
varnish v
4
-vcl {
import gcrypt from "${vmod_topbuild}/src/.libs/libvmod_gcrypt.so";
import gcrypt from "${vmod_topbuild}/src/.libs/libvmod_gcrypt.so";
import blobcode;
import blobcode;
backend b { .host = "${bad_ip}"; }
backend b { .host = "${bad_ip}"; }
...
...
src/tests/init_usage.vtc
View file @
2ced4724
...
@@ -62,7 +62,7 @@ varnish v1 -vcl {
...
@@ -62,7 +62,7 @@ varnish v1 -vcl {
backend b { .host = "${bad_ip}"; }
backend b { .host = "${bad_ip}"; }
sub vcl_init {
sub vcl_init {
gcrypt.init(INIT_SECMEM, 32
768
);
gcrypt.init(INIT_SECMEM, 32
KB
);
gcrypt.init(FINISH);
gcrypt.init(FINISH);
}
}
}
}
...
...
src/vmod_gcrypt.c
View file @
2ced4724
...
@@ -170,7 +170,7 @@ event(VRT_CTX, struct vmod_priv *priv, enum vcl_event_e e)
...
@@ -170,7 +170,7 @@ event(VRT_CTX, struct vmod_priv *priv, enum vcl_event_e e)
/* Function init */
/* Function init */
VCL_VOID
VCL_VOID
vmod_init
(
VRT_CTX
,
VCL_ENUM
cmd
,
VCL_
INT
n
)
vmod_init
(
VRT_CTX
,
VCL_ENUM
cmd
,
VCL_
BYTES
n
)
{
{
gcry_error_t
err
=
GPG_ERR_NO_ERROR
;
gcry_error_t
err
=
GPG_ERR_NO_ERROR
;
...
@@ -194,11 +194,7 @@ vmod_init(VRT_CTX, VCL_ENUM cmd, VCL_INT n)
...
@@ -194,11 +194,7 @@ vmod_init(VRT_CTX, VCL_ENUM cmd, VCL_INT n)
return
;
return
;
}
}
if
(
strcmp
(
cmd
,
"INIT_SECMEM"
)
==
0
)
{
if
(
strcmp
(
cmd
,
"INIT_SECMEM"
)
==
0
)
{
if
(
n
<
0
)
{
assert
(
n
>=
0
);
VERR
(
ctx
,
"INIT_SECMEM number of bytes %d out of range "
"in gcrypt.init()"
,
n
);
return
;
}
if
((
err
=
gcry_control
(
GCRYCTL_INIT_SECMEM
,
n
))
if
((
err
=
gcry_control
(
GCRYCTL_INIT_SECMEM
,
n
))
!=
GPG_ERR_NO_ERROR
)
!=
GPG_ERR_NO_ERROR
)
VERR
(
ctx
,
"Cannot initialize secure memory to %d bytes "
VERR
(
ctx
,
"Cannot initialize secure memory to %d bytes "
...
...
src/vmod_gcrypt.vcc
View file @
2ced4724
...
@@ -9,7 +9,7 @@ $Module gcrypt 3 access the libgcrypt cryptographic library
...
@@ -9,7 +9,7 @@ $Module gcrypt 3 access the libgcrypt cryptographic library
::
::
gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [,
INT
n])
gcrypt.init(ENUM {INIT_SECMEM, DISABLE_SECMEM} [,
BYTES
n])
gcrypt.init(FINISH)
gcrypt.init(FINISH)
new OBJECT = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding,
new OBJECT = gcrypt.symmetric(ENUM cipher, ENUM mode, ENUM padding,
...
@@ -130,7 +130,7 @@ described below), but if it does:
...
@@ -130,7 +130,7 @@ described below), but if it does:
* A Varnish panic is invoked with the error message from libgcrypt.
* A Varnish panic is invoked with the error message from libgcrypt.
$Function VOID init(ENUM {INIT_SECMEM, DISABLE_SECMEM, FINISH},
INT
n=1)
$Function VOID init(ENUM {INIT_SECMEM, DISABLE_SECMEM, FINISH},
BYTES
n=1)
Initialize the libgcrypt library, currently to manage the use of
Initialize the libgcrypt library, currently to manage the use of
secure memory. The ENUM specifies an operation for initialization.
secure memory. The ENUM specifies an operation for initialization.
...
@@ -141,11 +141,12 @@ created; details below.
...
@@ -141,11 +141,12 @@ created; details below.
With ``INIT_SECMEM``, you can configure the size of the secure memory
With ``INIT_SECMEM``, you can configure the size of the secure memory
pool to ``n`` bytes (the ``n`` parameter is ignored for the other
pool to ``n`` bytes (the ``n`` parameter is ignored for the other
ENUMs). Secure memory is enabled by default and set to a default size
ENUMs). The data type for ``n`` is BYTES, so the value must be written
(32 KiB in libgcrypt 1.6.3), so you don't have to call ``init()`` with
with a suffix such as B or KB. Secure memory is enabled by default and
``INIT_SECMEM`` to use the default.
set to a default size (32 KiB in libgcrypt 1.6.3), so you don't have
to call ``init()`` with ``INIT_SECMEM`` to use the default.
Setting ``n`` to 0 with ``INIT_SECMEM`` disables secure memory, and
Setting ``n`` to 0
B
with ``INIT_SECMEM`` disables secure memory, and
hence has the same effect as calling ``init(DISABLE_SECMEM)``. If
hence has the same effect as calling ``init(DISABLE_SECMEM)``. If
secure memory is enabled, libgcrypt imposes a minimum size for the
secure memory is enabled, libgcrypt imposes a minimum size for the
pool (16 KiB for libgcrypt 1.6.3), so any value of ``n`` that is
pool (16 KiB for libgcrypt 1.6.3), so any value of ``n`` that is
...
@@ -205,7 +206,7 @@ Examples::
...
@@ -205,7 +206,7 @@ Examples::
sub vcl_init {
sub vcl_init {
# Enable secure memory and allocate a 64KiB pool.
# Enable secure memory and allocate a 64KiB pool.
gcrypt.init(INIT_SECMEM, 6
5536
);
gcrypt.init(INIT_SECMEM, 6
4KB
);
gcrypt.init(FINISH);
gcrypt.init(FINISH);
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment