From: Konstantin Osipov <kostja@tarantool.org>
To: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Cc: tarantool-patches@freelists.org
Subject: [tarantool-patches] Re: [PATCH v2 2/3] crypto: make exported methods conform code style
Date: Mon, 29 Apr 2019 15:23:54 +0300 [thread overview]
Message-ID: <20190429122354.GA25624@atlas> (raw)
In-Reply-To: <5766d0cc958ef0c0e269098d614e073700073038.1556535949.git.v.shpilevoy@tarantool.org>
* Vladislav Shpilevoy <v.shpilevoy@tarantool.org> [19/04/29 14:09]:
Please solicit a code review from the owner of htis code, Georgy.
Thanks!
> Tarantool has a strict rule for naming methods of libraries - use
> the library name as a prefix. For crypto lib methods it should be
> 'crypto_', not 'tnt_'.
> ---
> extra/exports | 13 ++++++-------
> src/lib/crypto/crypto.c | 31 +++++++++++++++++++++---------
> src/lib/crypto/crypto.h | 6 +++++-
> src/lua/crypto.lua | 42 ++++++++++++++++++++---------------------
> src/main.cc | 3 +++
> 5 files changed, 56 insertions(+), 39 deletions(-)
>
> diff --git a/extra/exports b/extra/exports
> index 21fa9bf00..6fabc4d92 100644
> --- a/extra/exports
> +++ b/extra/exports
> @@ -77,13 +77,12 @@ space_run_triggers
> space_bsize
> box_schema_version
>
> -tnt_openssl_init
> -tnt_EVP_CIPHER_key_length
> -tnt_EVP_CIPHER_iv_length
> -tnt_EVP_MD_CTX_new
> -tnt_EVP_MD_CTX_free
> -tnt_HMAC_CTX_new
> -tnt_HMAC_CTX_free
> +crypto_EVP_CIPHER_key_length
> +crypto_EVP_CIPHER_iv_length
> +crypto_EVP_MD_CTX_new
> +crypto_EVP_MD_CTX_free
> +crypto_HMAC_CTX_new
> +crypto_HMAC_CTX_free
>
> # Module API
>
> diff --git a/src/lib/crypto/crypto.c b/src/lib/crypto/crypto.c
> index 28dbc71dd..4b192ba2d 100644
> --- a/src/lib/crypto/crypto.c
> +++ b/src/lib/crypto/crypto.c
> @@ -35,8 +35,8 @@
> #include <openssl/ssl.h>
> #include <openssl/hmac.h>
>
> -int
> -tnt_openssl_init(void)
> +void
> +crypto_init(void)
> {
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> OpenSSL_add_all_digests();
> @@ -46,20 +46,30 @@ tnt_openssl_init(void)
> OPENSSL_init_crypto(0, NULL);
> OPENSSL_init_ssl(0, NULL);
> #endif
> - return 0;
> }
>
> -int tnt_EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
> +void
> +crypto_free(void)
> +{
> +#ifdef OPENSSL_cleanup
> + OPENSSL_cleanup();
> +#endif
> +}
> +
> +int
> +crypto_EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
> {
> return EVP_CIPHER_key_length(cipher);
> }
>
> -int tnt_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
> +int
> +crypto_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
> {
> return EVP_CIPHER_iv_length(cipher);
> }
>
> -EVP_MD_CTX *tnt_EVP_MD_CTX_new(void)
> +EVP_MD_CTX *
> +crypto_EVP_MD_CTX_new(void)
> {
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> return EVP_MD_CTX_create();
> @@ -68,7 +78,8 @@ EVP_MD_CTX *tnt_EVP_MD_CTX_new(void)
> #endif
> };
>
> -void tnt_EVP_MD_CTX_free(EVP_MD_CTX *ctx)
> +void
> +crypto_EVP_MD_CTX_free(EVP_MD_CTX *ctx)
> {
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> return EVP_MD_CTX_destroy(ctx);
> @@ -77,7 +88,8 @@ void tnt_EVP_MD_CTX_free(EVP_MD_CTX *ctx)
> #endif
> }
>
> -HMAC_CTX *tnt_HMAC_CTX_new(void)
> +HMAC_CTX *
> +crypto_HMAC_CTX_new(void)
> {
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX));
> @@ -92,7 +104,8 @@ HMAC_CTX *tnt_HMAC_CTX_new(void)
>
> }
>
> -void tnt_HMAC_CTX_free(HMAC_CTX *ctx)
> +void
> +crypto_HMAC_CTX_free(HMAC_CTX *ctx)
> {
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> HMAC_cleanup(ctx); /* Remove key from memory */
> diff --git a/src/lib/crypto/crypto.h b/src/lib/crypto/crypto.h
> index 9026db322..bc807e1a2 100644
> --- a/src/lib/crypto/crypto.h
> +++ b/src/lib/crypto/crypto.h
> @@ -35,7 +35,11 @@
> extern "C" {
> #endif
>
> -int tnt_openssl_init();
> +void
> +crypto_init(void);
> +
> +void
> +crypto_free(void);
>
> #if defined(__cplusplus)
> }
> diff --git a/src/lua/crypto.lua b/src/lua/crypto.lua
> index e76370517..30504b1de 100644
> --- a/src/lua/crypto.lua
> +++ b/src/lua/crypto.lua
> @@ -4,7 +4,6 @@ local ffi = require('ffi')
> local buffer = require('buffer')
>
> ffi.cdef[[
> - int tnt_openssl_init(void);
> /* from openssl/err.h */
> unsigned long ERR_get_error(void);
> char *ERR_error_string(unsigned long e, char *buf);
> @@ -14,16 +13,16 @@ ffi.cdef[[
>
> typedef struct {} EVP_MD_CTX;
> typedef struct {} EVP_MD;
> - EVP_MD_CTX *tnt_EVP_MD_CTX_new(void);
> - void tnt_EVP_MD_CTX_free(EVP_MD_CTX *ctx);
> + EVP_MD_CTX *crypto_EVP_MD_CTX_new(void);
> + void crypto_EVP_MD_CTX_free(EVP_MD_CTX *ctx);
> int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
> int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
> int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
> const EVP_MD *EVP_get_digestbyname(const char *name);
>
> typedef struct {} HMAC_CTX;
> - HMAC_CTX *tnt_HMAC_CTX_new(void);
> - void tnt_HMAC_CTX_free(HMAC_CTX *ctx);
> + HMAC_CTX *crypto_HMAC_CTX_new(void);
> + void crypto_HMAC_CTX_free(HMAC_CTX *ctx);
> int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
> const EVP_MD *md, ENGINE *impl);
> int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
> @@ -40,17 +39,14 @@ ffi.cdef[[
> int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
> const unsigned char *in, int inl);
> int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
> - int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *ctx);
>
> - int tnt_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
> - int tnt_EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
> + int crypto_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
> + int crypto_EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
>
> int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
> const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
> ]]
>
> -ffi.C.tnt_openssl_init();
> -
> local function openssl_err_str()
> return ffi.string(ffi.C.ERR_error_string(ffi.C.ERR_get_error(), nil))
> end
> @@ -70,11 +66,11 @@ end
> local digest_mt = {}
>
> local function digest_gc(ctx)
> - ffi.C.tnt_EVP_MD_CTX_free(ctx)
> + ffi.C.crypto_EVP_MD_CTX_free(ctx)
> end
>
> local function digest_new(digest)
> - local ctx = ffi.C.tnt_EVP_MD_CTX_new()
> + local ctx = ffi.C.crypto_EVP_MD_CTX_new()
> if ctx == nil then
> return error('Can\'t create digest ctx: ' .. openssl_err_str())
> end
> @@ -121,7 +117,7 @@ local function digest_final(self)
> end
>
> local function digest_free(self)
> - ffi.C.tnt_EVP_MD_CTX_free(self.ctx)
> + ffi.C.crypto_EVP_MD_CTX_free(self.ctx)
> ffi.gc(self.ctx, nil)
> self.ctx = nil
> self.initialized = false
> @@ -141,14 +137,14 @@ local hmacs = digests
> local hmac_mt = {}
>
> local function hmac_gc(ctx)
> - ffi.C.tnt_HMAC_CTX_free(ctx)
> + ffi.C.crypto_HMAC_CTX_free(ctx)
> end
>
> local function hmac_new(digest, key)
> if key == nil then
> return error('Key should be specified for HMAC operations')
> end
> - local ctx = ffi.C.tnt_HMAC_CTX_new()
> + local ctx = ffi.C.crypto_HMAC_CTX_new()
> if ctx == nil then
> return error('Can\'t create HMAC ctx: ' .. openssl_err_str())
> end
> @@ -195,7 +191,7 @@ local function hmac_final(self)
> end
>
> local function hmac_free(self)
> - ffi.C.tnt_HMAC_CTX_free(self.ctx)
> + ffi.C.crypto_HMAC_CTX_free(self.ctx)
> ffi.gc(self.ctx, nil)
> self.ctx = nil
> self.initialized = false
> @@ -234,13 +230,15 @@ local function cipher_gc(ctx)
> end
>
> local function cipher_new(cipher, key, iv, direction)
> - if key == nil or key:len() ~= ffi.C.tnt_EVP_CIPHER_key_length(cipher) then
> - return error('Key length should be equal to cipher key length ('
> - .. tostring(ffi.C.tnt_EVP_CIPHER_key_length(cipher)) .. ' bytes)')
> + local needed_len = ffi.C.crypto_EVP_CIPHER_key_length(cipher)
> + if key == nil or key:len() ~= needed_len then
> + return error('Key length should be equal to cipher key length ('..
> + tostring(needed_len)..' bytes)')
> end
> - if iv == nil or iv:len() ~= ffi.C.tnt_EVP_CIPHER_iv_length(cipher) then
> - return error('Initial vector length should be equal to cipher iv length ('
> - .. tostring(ffi.C.tnt_EVP_CIPHER_iv_length(cipher)) .. ' bytes)')
> + needed_len = ffi.C.crypto_EVP_CIPHER_iv_length(cipher)
> + if iv == nil or iv:len() ~= needed_len then
> + return error('Initial vector length should be equal to cipher iv '..
> + 'length ('..tostring(needed_len)..' bytes)')
> end
> local ctx = ffi.C.EVP_CIPHER_CTX_new()
> if ctx == nil then
> diff --git a/src/main.cc b/src/main.cc
> index 5ded83223..606c64c13 100644
> --- a/src/main.cc
> +++ b/src/main.cc
> @@ -75,6 +75,7 @@
> #include "box/lua/init.h" /* box_lua_init() */
> #include "box/session.h"
> #include "systemd.h"
> +#include "crypto/crypto.h"
>
> static pid_t master_pid = getpid();
> static struct pidfh *pid_file_handle;
> @@ -621,6 +622,7 @@ tarantool_free(void)
> memory_free();
> random_free();
> #endif
> + crypto_free();
> coll_free();
> systemd_free();
> say_logger_free();
> @@ -780,6 +782,7 @@ main(int argc, char **argv)
> signal_init();
> cbus_init();
> coll_init();
> + crypto_init();
> tarantool_lua_init(tarantool_bin, main_argc, main_argv);
>
> start_time = ev_monotonic_time();
> --
> 2.20.1 (Apple Git-117)
>
--
Konstantin Osipov, Moscow, Russia, +7 903 626 22 32
next prev parent reply other threads:[~2019-04-29 12:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-29 11:07 [tarantool-patches] [PATCH v2 0/3] swim encryption preparation Vladislav Shpilevoy
2019-04-29 11:07 ` [tarantool-patches] [PATCH v2 1/3] crypto: move crypto business into a separate library Vladislav Shpilevoy
2019-04-29 11:07 ` [tarantool-patches] [PATCH v2 2/3] crypto: make exported methods conform code style Vladislav Shpilevoy
2019-04-29 12:23 ` Konstantin Osipov [this message]
2019-04-29 11:07 ` [tarantool-patches] [PATCH v2 3/3] crypto: implement crypto codec API and AES 128 encryption Vladislav Shpilevoy
2019-04-29 12:24 ` [tarantool-patches] " Konstantin Osipov
2019-04-29 12:29 ` [tarantool-patches] Re: [PATCH v2 0/3] swim encryption preparation Vladislav Shpilevoy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190429122354.GA25624@atlas \
--to=kostja@tarantool.org \
--cc=tarantool-patches@freelists.org \
--cc=v.shpilevoy@tarantool.org \
--subject='[tarantool-patches] Re: [PATCH v2 2/3] crypto: make exported methods conform code style' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox