From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 709232C955 for ; Tue, 7 May 2019 16:54:03 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7p6adymHozjP for ; Tue, 7 May 2019 16:54:03 -0400 (EDT) Received: from smtpng2.m.smailru.net (smtpng2.m.smailru.net [94.100.179.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id E83D82C9DE for ; Tue, 7 May 2019 16:54:02 -0400 (EDT) From: Vladislav Shpilevoy Subject: [tarantool-patches] [PATCH v3 1/4] crypto: move crypto business into a separate library Date: Tue, 7 May 2019 23:53:56 +0300 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-Help: List-Unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-Subscribe: List-Owner: List-post: List-Archive: To: tarantool-patches@freelists.org Cc: kostja@tarantool.org, georgy@tarantool.org Crypto in Tarantool core was implemented and used very poorly uintil now. It was just a one tiny file with one-line wrappers around OpenSSL API. Despite being small and simple, it provided a poweful interface to the Lua land used by Lua 'crypto' public and documented module. Now the time comes when OpenSSL crypto features are wanted on lower level and with richer API, in core library SWIM written in C. This patch moves crypto wrappers into a separate library in src/lib, and drops some methods from the header file because they are never used from C, and needed for exporting only. Needed for #3234 --- src/CMakeLists.txt | 3 +- src/lib/CMakeLists.txt | 1 + src/lib/crypto/CMakeLists.txt | 5 ++ src/lib/crypto/crypto.c | 103 +++++++++++++++++++++++++++++++ src/{lua => lib/crypto}/crypto.h | 18 ++---- src/lua/crypto.c | 73 ---------------------- 6 files changed, 114 insertions(+), 89 deletions(-) create mode 100644 src/lib/crypto/CMakeLists.txt create mode 100644 src/lib/crypto/crypto.c rename src/{lua => lib/crypto}/crypto.h (73%) delete mode 100644 src/lua/crypto.c diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 7c2395517..2cbbf0dcd 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -111,7 +111,6 @@ set (server_sources lua/socket.c lua/pickle.c lua/fio.c - lua/crypto.c lua/httpc.c lua/utf8.c lua/info.c @@ -163,7 +162,7 @@ endif() set_source_files_compile_flags(${server_sources}) add_library(server STATIC ${server_sources}) target_link_libraries(server core coll http_parser bit uri uuid swim swim_udp - swim_ev) + swim_ev crypto) # Rule of thumb: if exporting a symbol from a static library, list the # library here. diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index b7179d04f..b306634e7 100644 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -10,6 +10,7 @@ add_subdirectory(http_parser) add_subdirectory(core) add_subdirectory(uuid) add_subdirectory(coll) +add_subdirectory(crypto) add_subdirectory(swim) if(ENABLE_BUNDLED_MSGPUCK) add_subdirectory(msgpuck EXCLUDE_FROM_ALL) diff --git a/src/lib/crypto/CMakeLists.txt b/src/lib/crypto/CMakeLists.txt new file mode 100644 index 000000000..7e2c6e1d3 --- /dev/null +++ b/src/lib/crypto/CMakeLists.txt @@ -0,0 +1,5 @@ +set(lib_sources crypto.c) + +set_source_files_compile_flags(${lib_sources}) +add_library(crypto STATIC ${lib_sources}) +target_link_libraries(crypto ${OPENSSL_LIBRARIES}) diff --git a/src/lib/crypto/crypto.c b/src/lib/crypto/crypto.c new file mode 100644 index 000000000..28dbc71dd --- /dev/null +++ b/src/lib/crypto/crypto.c @@ -0,0 +1,103 @@ +/* + * Copyright 2010-2019, Tarantool AUTHORS, please see AUTHORS file. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * 1. Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#include "crypto.h" +#include +#include +#include +#include +#include + +int +tnt_openssl_init(void) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + OpenSSL_add_all_digests(); + OpenSSL_add_all_ciphers(); + ERR_load_crypto_strings(); +#else + OPENSSL_init_crypto(0, NULL); + OPENSSL_init_ssl(0, NULL); +#endif + return 0; +} + +int tnt_EVP_CIPHER_key_length(const EVP_CIPHER *cipher) +{ + return EVP_CIPHER_key_length(cipher); +} + +int tnt_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) +{ + return EVP_CIPHER_iv_length(cipher); +} + +EVP_MD_CTX *tnt_EVP_MD_CTX_new(void) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + return EVP_MD_CTX_create(); +#else + return EVP_MD_CTX_new(); +#endif +}; + +void tnt_EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + return EVP_MD_CTX_destroy(ctx); +#else + return EVP_MD_CTX_free(ctx); +#endif +} + +HMAC_CTX *tnt_HMAC_CTX_new(void) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX)); + if(!ctx){ + return NULL; + } + HMAC_CTX_init(ctx); + return ctx; +#else + return HMAC_CTX_new(); +#endif + +} + +void tnt_HMAC_CTX_free(HMAC_CTX *ctx) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + HMAC_cleanup(ctx); /* Remove key from memory */ + OPENSSL_free(ctx); +#else + HMAC_CTX_free(ctx); +#endif +} diff --git a/src/lua/crypto.h b/src/lib/crypto/crypto.h similarity index 73% rename from src/lua/crypto.h rename to src/lib/crypto/crypto.h index 9808db1e5..9026db322 100644 --- a/src/lua/crypto.h +++ b/src/lib/crypto/crypto.h @@ -1,7 +1,7 @@ -#ifndef INCLUDES_TARANTOOL_LUA_CRYPTO_H -#define INCLUDES_TARANTOOL_LUA_CRYPTO_H +#ifndef TARANTOOL_LIB_CRYPTO_H_INCLUDED +#define TARANTOOL_LIB_CRYPTO_H_INCLUDED /* - * Copyright 2010-2015, Tarantool AUTHORS, please see AUTHORS file. + * Copyright 2010-2019, Tarantool AUTHORS, please see AUTHORS file. * * Redistribution and use in source and binary forms, with or * without modification, are permitted provided that the following @@ -31,24 +31,14 @@ * SUCH DAMAGE. */ -#include -#include - #if defined(__cplusplus) extern "C" { #endif -int tnt_EVP_CIPHER_key_length(const EVP_CIPHER *cipher); -int tnt_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); int tnt_openssl_init(); -EVP_MD_CTX *tnt_EVP_MD_CTX_new(void); -void tnt_EVP_MD_CTX_free(EVP_MD_CTX *ctx); - -HMAC_CTX *tnt_HMAC_CTX_new(void); -void tnt_HMAC_CTX_free(HMAC_CTX *ctx); #if defined(__cplusplus) } #endif -#endif /* INCLUDES_TARANTOOL_LUA_CRYPTO_H */ +#endif /* TARANTOOL_LIB_CRYPTO_H_INCLUDED */ diff --git a/src/lua/crypto.c b/src/lua/crypto.c deleted file mode 100644 index 80adaca78..000000000 --- a/src/lua/crypto.c +++ /dev/null @@ -1,73 +0,0 @@ -#include -#include -#include -#include - -/* Helper function for openssl init */ -int tnt_openssl_init() -{ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - OpenSSL_add_all_digests(); - OpenSSL_add_all_ciphers(); - ERR_load_crypto_strings(); -#else - OPENSSL_init_crypto(0, NULL); - OPENSSL_init_ssl(0, NULL); -#endif - return 0; -} - -/* Helper functions for tarantool crypto api */ - -int tnt_EVP_CIPHER_key_length(const EVP_CIPHER *cipher) -{ - return EVP_CIPHER_key_length(cipher); -} - -int tnt_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) -{ - return EVP_CIPHER_iv_length(cipher); -} - -EVP_MD_CTX *tnt_EVP_MD_CTX_new(void) -{ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - return EVP_MD_CTX_create(); -#else - return EVP_MD_CTX_new(); -#endif -}; - -void tnt_EVP_MD_CTX_free(EVP_MD_CTX *ctx) -{ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - return EVP_MD_CTX_destroy(ctx); -#else - return EVP_MD_CTX_free(ctx); -#endif -} - -HMAC_CTX *tnt_HMAC_CTX_new(void) -{ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX)); - if(!ctx){ - return NULL; - } - HMAC_CTX_init(ctx); - return ctx; -#else - return HMAC_CTX_new(); -#endif - -} - -void tnt_HMAC_CTX_free(HMAC_CTX *ctx) -{ -#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - HMAC_cleanup(ctx); /* Remove key from memory */ - OPENSSL_free(ctx); -#else - HMAC_CTX_free(ctx); -#endif -} -- 2.20.1 (Apple Git-117)