From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 590D92E6C1 for ; Wed, 15 May 2019 03:58:18 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RVEZ7yGro5D for ; Wed, 15 May 2019 03:58:18 -0400 (EDT) Received: from smtp49.i.mail.ru (smtp49.i.mail.ru [94.100.177.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 862962E69C for ; Wed, 15 May 2019 03:58:17 -0400 (EDT) Received: by smtp49.i.mail.ru with esmtpa (envelope-from ) id 1hQonn-0003N4-7x for tarantool-patches@freelists.org; Wed, 15 May 2019 10:58:15 +0300 From: =?utf-8?B?0JPQtdC+0YDQs9C40Lkg0JrQuNGA0LjRh9C10L3QutC+?= Subject: [tarantool-patches] Re: [PATCH v3 1/4] crypto: move crypto business into a separate library Date: Wed, 15 May 2019 10:58:11 +0300 Message-ID: <6766611.kXgapHsYaP@home.lan> In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3974663.RAYFvBjpkO"; micalg="pgp-sha256"; protocol="application/pgp-signature" Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-Help: List-Unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-Subscribe: List-Owner: List-post: List-Archive: To: tarantool-patches@freelists.org --nextPart3974663.RAYFvBjpkO Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" LGTM On Tuesday, May 7, 2019 11:53:56 PM MSK Vladislav Shpilevoy wrote: > Crypto in Tarantool core was implemented and used very poorly > uintil now. It was just a one tiny file with one-line wrappers > around OpenSSL API. Despite being small and simple, it provided a > poweful interface to the Lua land used by Lua 'crypto' public and > documented module. > > Now the time comes when OpenSSL crypto features are wanted on > lower level and with richer API, in core library SWIM written > in C. This patch moves crypto wrappers into a separate library > in src/lib, and drops some methods from the header file because > they are never used from C, and needed for exporting only. > > Needed for #3234 > --- > src/CMakeLists.txt | 3 +- > src/lib/CMakeLists.txt | 1 + > src/lib/crypto/CMakeLists.txt | 5 ++ > src/lib/crypto/crypto.c | 103 +++++++++++++++++++++++++++++++ > src/{lua => lib/crypto}/crypto.h | 18 ++---- > src/lua/crypto.c | 73 ---------------------- > 6 files changed, 114 insertions(+), 89 deletions(-) > create mode 100644 src/lib/crypto/CMakeLists.txt > create mode 100644 src/lib/crypto/crypto.c > rename src/{lua => lib/crypto}/crypto.h (73%) > delete mode 100644 src/lua/crypto.c > > diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt > index 7c2395517..2cbbf0dcd 100644 > --- a/src/CMakeLists.txt > +++ b/src/CMakeLists.txt > @@ -111,7 +111,6 @@ set (server_sources > lua/socket.c > lua/pickle.c > lua/fio.c > - lua/crypto.c > lua/httpc.c > lua/utf8.c > lua/info.c > @@ -163,7 +162,7 @@ endif() > set_source_files_compile_flags(${server_sources}) > add_library(server STATIC ${server_sources}) > target_link_libraries(server core coll http_parser bit uri uuid swim > swim_udp - swim_ev) > + swim_ev crypto) > > # Rule of thumb: if exporting a symbol from a static library, list the > # library here. > diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt > index b7179d04f..b306634e7 100644 > --- a/src/lib/CMakeLists.txt > +++ b/src/lib/CMakeLists.txt > @@ -10,6 +10,7 @@ add_subdirectory(http_parser) > add_subdirectory(core) > add_subdirectory(uuid) > add_subdirectory(coll) > +add_subdirectory(crypto) > add_subdirectory(swim) > if(ENABLE_BUNDLED_MSGPUCK) > add_subdirectory(msgpuck EXCLUDE_FROM_ALL) > diff --git a/src/lib/crypto/CMakeLists.txt b/src/lib/crypto/CMakeLists.txt > new file mode 100644 > index 000000000..7e2c6e1d3 > --- /dev/null > +++ b/src/lib/crypto/CMakeLists.txt > @@ -0,0 +1,5 @@ > +set(lib_sources crypto.c) > + > +set_source_files_compile_flags(${lib_sources}) > +add_library(crypto STATIC ${lib_sources}) > +target_link_libraries(crypto ${OPENSSL_LIBRARIES}) > diff --git a/src/lib/crypto/crypto.c b/src/lib/crypto/crypto.c > new file mode 100644 > index 000000000..28dbc71dd > --- /dev/null > +++ b/src/lib/crypto/crypto.c > @@ -0,0 +1,103 @@ > +/* > + * Copyright 2010-2019, Tarantool AUTHORS, please see AUTHORS file. > + * > + * Redistribution and use in source and binary forms, with or > + * without modification, are permitted provided that the following > + * conditions are met: > + * > + * 1. Redistributions of source code must retain the above > + * copyright notice, this list of conditions and the > + * following disclaimer. > + * > + * 2. Redistributions in binary form must reproduce the above > + * copyright notice, this list of conditions and the following > + * disclaimer in the documentation and/or other materials > + * provided with the distribution. > + * > + * THIS SOFTWARE IS PROVIDED BY ``AS IS'' AND > + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED > + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR > + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL > + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, > + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL > + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF > + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT > + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF > + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > + * SUCH DAMAGE. > + */ > +#include "crypto.h" > +#include > +#include > +#include > +#include > +#include > + > +int > +tnt_openssl_init(void) > +{ > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) + OpenSSL_add_all_digests(); > + OpenSSL_add_all_ciphers(); > + ERR_load_crypto_strings(); > +#else > + OPENSSL_init_crypto(0, NULL); > + OPENSSL_init_ssl(0, NULL); > +#endif > + return 0; > +} > + > +int tnt_EVP_CIPHER_key_length(const EVP_CIPHER *cipher) > +{ > + return EVP_CIPHER_key_length(cipher); > +} > + > +int tnt_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) > +{ > + return EVP_CIPHER_iv_length(cipher); > +} > + > +EVP_MD_CTX *tnt_EVP_MD_CTX_new(void) > +{ > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) + return EVP_MD_CTX_create(); > +#else > + return EVP_MD_CTX_new(); > +#endif > +}; > + > +void tnt_EVP_MD_CTX_free(EVP_MD_CTX *ctx) > +{ > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) + return EVP_MD_CTX_destroy(ctx); > +#else > + return EVP_MD_CTX_free(ctx); > +#endif > +} > + > +HMAC_CTX *tnt_HMAC_CTX_new(void) > +{ > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) + HMAC_CTX *ctx = (HMAC_CTX > *)OPENSSL_malloc(sizeof(HMAC_CTX)); > + if(!ctx){ > + return NULL; > + } > + HMAC_CTX_init(ctx); > + return ctx; > +#else > + return HMAC_CTX_new(); > +#endif > + > +} > + > +void tnt_HMAC_CTX_free(HMAC_CTX *ctx) > +{ > +#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) + HMAC_cleanup(ctx); /* Remove key from > memory */ > + OPENSSL_free(ctx); > +#else > + HMAC_CTX_free(ctx); > +#endif > +} > diff --git a/src/lua/crypto.h b/src/lib/crypto/crypto.h > similarity index 73% > rename from src/lua/crypto.h > rename to src/lib/crypto/crypto.h > index 9808db1e5..9026db322 100644 > --- a/src/lua/crypto.h > +++ b/src/lib/crypto/crypto.h > @@ -1,7 +1,7 @@ > -#ifndef INCLUDES_TARANTOOL_LUA_CRYPTO_H > -#define INCLUDES_TARANTOOL_LUA_CRYPTO_H > +#ifndef TARANTOOL_LIB_CRYPTO_H_INCLUDED > +#define TARANTOOL_LIB_CRYPTO_H_INCLUDED > /* > - * Copyright 2010-2015, Tarantool AUTHORS, please see AUTHORS file. > + * Copyright 2010-2019, Tarantool AUTHORS, please see AUTHORS file. > * > * Redistribution and use in source and binary forms, with or > * without modification, are permitted provided that the following > @@ -31,24 +31,14 @@ > * SUCH DAMAGE. > */ > > -#include > -#include > - > #if defined(__cplusplus) > extern "C" { > #endif > > -int tnt_EVP_CIPHER_key_length(const EVP_CIPHER *cipher); > -int tnt_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); > int tnt_openssl_init(); > -EVP_MD_CTX *tnt_EVP_MD_CTX_new(void); > -void tnt_EVP_MD_CTX_free(EVP_MD_CTX *ctx); > - > -HMAC_CTX *tnt_HMAC_CTX_new(void); > -void tnt_HMAC_CTX_free(HMAC_CTX *ctx); > > #if defined(__cplusplus) > } > #endif > > -#endif /* INCLUDES_TARANTOOL_LUA_CRYPTO_H */ > +#endif /* TARANTOOL_LIB_CRYPTO_H_INCLUDED */ > diff --git a/src/lua/crypto.c b/src/lua/crypto.c > deleted file mode 100644 > index 80adaca78..000000000 > --- a/src/lua/crypto.c > +++ /dev/null > @@ -1,73 +0,0 @@ > -#include > -#include > -#include > -#include > - > -/* Helper function for openssl init */ > -int tnt_openssl_init() > -{ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) - OpenSSL_add_all_digests(); > - OpenSSL_add_all_ciphers(); > - ERR_load_crypto_strings(); > -#else > - OPENSSL_init_crypto(0, NULL); > - OPENSSL_init_ssl(0, NULL); > -#endif > - return 0; > -} > - > -/* Helper functions for tarantool crypto api */ > - > -int tnt_EVP_CIPHER_key_length(const EVP_CIPHER *cipher) > -{ > - return EVP_CIPHER_key_length(cipher); > -} > - > -int tnt_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) > -{ > - return EVP_CIPHER_iv_length(cipher); > -} > - > -EVP_MD_CTX *tnt_EVP_MD_CTX_new(void) > -{ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) - return EVP_MD_CTX_create(); > -#else > - return EVP_MD_CTX_new(); > -#endif > -}; > - > -void tnt_EVP_MD_CTX_free(EVP_MD_CTX *ctx) > -{ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) - return EVP_MD_CTX_destroy(ctx); > -#else > - return EVP_MD_CTX_free(ctx); > -#endif > -} > - > -HMAC_CTX *tnt_HMAC_CTX_new(void) > -{ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) - HMAC_CTX *ctx = (HMAC_CTX > *)OPENSSL_malloc(sizeof(HMAC_CTX)); > - if(!ctx){ > - return NULL; > - } > - HMAC_CTX_init(ctx); > - return ctx; > -#else > - return HMAC_CTX_new(); > -#endif > - > -} > - > -void tnt_HMAC_CTX_free(HMAC_CTX *ctx) > -{ > -#if OPENSSL_VERSION_NUMBER < 0x10100000L || > defined(LIBRESSL_VERSION_NUMBER) - HMAC_cleanup(ctx); /* Remove key from > memory */ > - OPENSSL_free(ctx); > -#else > - HMAC_CTX_free(ctx); > -#endif > -} --nextPart3974663.RAYFvBjpkO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEFB+nbqWGnp59Rk9ZFSyY70x8X3sFAlzbxpMACgkQFSyY70x8 X3tBywgAqEEgCnr57635VQjYjT917qHOIQbDxMcT2hwFFUntcrWFqKZN7k0I3Fty 2EKl2nsDaI2O9aZ2mUv2Rl2/CN3qcUCxkvue78/LR+1b8Kg9pdVvxpKA7evDA7+8 LrboDyi5DLnBjA7/jKKgv4lU5cMO9if00VH/NRuCEcPtomB1CPjnPFyk8cOQLjB4 ZpWNFXNMc83Rg796zIqlCgoOWD3l1pff6pcqBYnk8jdf32Cfeg23+QrLRohndGhL oxv0azSddyXA/NUAX9U/43r5JwFK1xACjPy92jDS4tnE+wXQiTOsJRFEWRwyBlB6 pafCbOXAeWT8A+NTMWU5x+qric91Hg== =84dk -----END PGP SIGNATURE----- --nextPart3974663.RAYFvBjpkO--