mirror of
https://github.com/bunkerity/bunkerweb
synced 2026-05-24 09:28:37 +00:00
Squashed 'src/deps/src/lua-resty-string/' changes from b192878f6e..7be2e1d907
7be2e1d907 bumped version to 0.16. 081d2fae41 feat: add AAD support in aes gcm 86aada55c4 change: make random.bytes cryptographically strong by default. 6f1bc21d86 tests: update nginx to 1.25.3. e6b80ac31d tests: upgrade nginx to 1.25.1. 775576d0e5 tests: fixed test failures caused by using non-perlbrew cpanm in travis. 78e5020229 travis-ci: bumped the NGINX core to 1.21.4. (#89) 1cc2f59417 tests: Certificate of Let's Encrypt expired, travis won't update the certificate in the image of trusty. (#87) git-subtree-dir: src/deps/src/lua-resty-string git-subtree-split: 7be2e1d907744f965af115819cca9e6580f2e760
This commit is contained in:
Théophile Diot
parent
3038a0b027
commit
c9f6a2ede2
12 changed files with 61 additions and 17 deletions
13
.travis.yml
13
.travis.yml
|
|
@ -1,5 +1,9 @@
|
|||
sudo: required
|
||||
dist: trusty
|
||||
dist: focal
|
||||
|
||||
branches:
|
||||
only:
|
||||
- "master"
|
||||
|
||||
os: linux
|
||||
|
||||
|
|
@ -27,14 +31,13 @@ env:
|
|||
- LD_LIBRARY_PATH=$LUAJIT_LIB:$LD_LIBRARY_PATH
|
||||
- TEST_NGINX_SLEEP=0.006
|
||||
matrix:
|
||||
- NGINX_VERSION=1.19.9 OPENSSL_VER=1.1.0l
|
||||
- NGINX_VERSION=1.19.9 OPENSSL_VER=1.1.1k
|
||||
- NGINX_VERSION=1.27.0 OPENSSL_VER=1.1.1w
|
||||
|
||||
install:
|
||||
- if [ ! -d download-cache ]; then mkdir download-cache; fi
|
||||
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -O download-cache/openssl-$OPENSSL_VER.tar.gz https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz; fi
|
||||
- sudo apt-get install -qq -y cpanminus axel
|
||||
- sudo cpanm --notest Test::Nginx > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- sudo apt-get install -qq -y axel
|
||||
- cpanm --sudo --notest Test::Nginx > build.log 2>&1 || (cat build.log && exit 1)
|
||||
- wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
|
||||
- git clone https://github.com/openresty/openresty.git ../openresty
|
||||
- git clone https://github.com/openresty/nginx-devel-utils.git
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ local setmetatable = setmetatable
|
|||
local type = type
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
local mt = { __index = _M }
|
||||
|
||||
|
|
@ -224,7 +224,7 @@ function _M.new(self, key, salt, _cipher, _hash, hash_rounds, iv_len, enable_pad
|
|||
end
|
||||
|
||||
|
||||
function _M.encrypt(self, s)
|
||||
function _M.encrypt(self, s, aad)
|
||||
local typ = type(self)
|
||||
if typ ~= "table" then
|
||||
error("bad argument #1 self: table expected, got " .. typ, 2)
|
||||
|
|
@ -241,6 +241,12 @@ function _M.encrypt(self, s)
|
|||
return nil, "EVP_EncryptInit_ex failed"
|
||||
end
|
||||
|
||||
if self._cipher == "gcm" and aad ~= nil then
|
||||
if C.EVP_EncryptUpdate(ctx, nil, tmp_len, aad, #aad) == 0 then
|
||||
return nil, "C.EVP_EncryptUpdate failed"
|
||||
end
|
||||
end
|
||||
|
||||
if C.EVP_EncryptUpdate(ctx, buf, out_len, s, s_len) == 0 then
|
||||
return nil, "EVP_EncryptUpdate failed"
|
||||
end
|
||||
|
|
@ -267,7 +273,7 @@ function _M.encrypt(self, s)
|
|||
end
|
||||
|
||||
|
||||
function _M.decrypt(self, s, tag)
|
||||
function _M.decrypt(self, s, tag, aad)
|
||||
local typ = type(self)
|
||||
if typ ~= "table" then
|
||||
error("bad argument #1 self: table expected, got " .. typ, 2)
|
||||
|
|
@ -284,6 +290,12 @@ function _M.decrypt(self, s, tag)
|
|||
return nil, "EVP_DecryptInit_ex failed"
|
||||
end
|
||||
|
||||
if self._cipher == "gcm" and aad ~= nil then
|
||||
if C.EVP_DecryptUpdate(ctx, nil, tmp_len, aad, #aad) == 0 then
|
||||
return nil, "C.EVP_DecryptUpdate failed"
|
||||
end
|
||||
end
|
||||
|
||||
if C.EVP_DecryptUpdate(ctx, buf, out_len, s, s_len) == 0 then
|
||||
return nil, "EVP_DecryptUpdate failed"
|
||||
end
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ local setmetatable = setmetatable
|
|||
--local error = error
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
local mt = { __index = _M }
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ local C = ffi.C
|
|||
--local error = error
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
|
||||
ffi.cdef[[
|
||||
|
|
@ -19,6 +19,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
|
|||
|
||||
|
||||
function _M.bytes(len, strong)
|
||||
if strong == nil then
|
||||
strong = true
|
||||
end
|
||||
local buf = ffi_new("char[?]", len)
|
||||
if strong then
|
||||
if C.RAND_bytes(buf, len) == 0 then
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
local ffi = require "ffi"
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
|
||||
ffi.cdef[[
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ local setmetatable = setmetatable
|
|||
--local error = error
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
|
||||
local mt = { __index = _M }
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ local setmetatable = setmetatable
|
|||
--local error = error
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
|
||||
local mt = { __index = _M }
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ local setmetatable = setmetatable
|
|||
--local error = error
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
|
||||
local mt = { __index = _M }
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ local setmetatable = setmetatable
|
|||
--local error = error
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
|
||||
local mt = { __index = _M }
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ local setmetatable = setmetatable
|
|||
--local error = error
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
|
||||
local mt = { __index = _M }
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ local C = ffi.C
|
|||
local tonumber = tonumber
|
||||
|
||||
|
||||
local _M = { _VERSION = '0.14' }
|
||||
local _M = { _VERSION = '0.16' }
|
||||
|
||||
|
||||
ffi.cdef[[
|
||||
|
|
|
|||
26
t/aes.t
26
t/aes.t
|
|
@ -561,3 +561,29 @@ AES-256 CBC (custom keygen, without user padding, enable padding) HEX: 794617717
|
|||
true
|
||||
--- no_error_log
|
||||
[error]
|
||||
|
||||
|
||||
|
||||
=== TEST 18: AES-256 GCM sha256 no salt with AAD
|
||||
--- http_config eval: $::HttpConfig
|
||||
--- config
|
||||
location /t {
|
||||
content_by_lua_block {
|
||||
local aes = require "resty.aes"
|
||||
local str = require "resty.string"
|
||||
local aes_default = aes:new("secret",nil,
|
||||
aes.cipher(256,"gcm"), aes.hash.sha256, 1, 12)
|
||||
local encrypted = aes_default:encrypt("hello", "aad")
|
||||
ngx.say("AES-256 GCM: ", str.to_hex(encrypted[1]),
|
||||
" tag: ", str.to_hex(encrypted[2]))
|
||||
local decrypted, err = aes_default:decrypt(encrypted[1], encrypted[2], "aad")
|
||||
ngx.say(decrypted == "hello")
|
||||
}
|
||||
}
|
||||
--- request
|
||||
GET /t
|
||||
--- response_body
|
||||
AES-256 GCM: 4acef84443 tag: 46f4f3ca65395568407e15768b7526d9
|
||||
true
|
||||
--- no_error_log
|
||||
[error]
|
||||
|
|
|
|||
Loading…
Reference in a new issue