Permalink
Browse files

various coding style fixes in Jeremy Wohl's patch for cryptographical…

…ly strong random string functions in github pull request #10.
  • Loading branch information...
1 parent c11f17f commit 5441a7ea3e45b2555d7ec5046b1a991b7129d7c8 @agentzh agentzh committed May 10, 2012
Showing with 60 additions and 20 deletions.
  1. +2 −0 .gitignore
  2. +13 −0 src/ngx_http_set_misc_module.c
  3. +30 −18 src/ngx_http_set_secure_random.c
  4. +15 −2 t/secure-random.t
View
2 .gitignore
@@ -61,3 +61,5 @@ src/module.h
work/
src/random.[ch]
build1[01]
+analyze
+src/rotate.[ch]
View
13 src/ngx_http_set_misc_module.c
@@ -52,13 +52,15 @@ static ndk_set_var_t ngx_http_set_misc_set_decode_hex_filter = {
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_set_encode_hex_filter = {
NDK_SET_VAR_VALUE,
ngx_http_set_misc_set_encode_hex,
1,
NULL
};
+
#if NGX_OPENSSL
static ndk_set_var_t ngx_http_set_misc_set_hmac_sha1_filter = {
NDK_SET_VAR_MULTI_VALUE,
@@ -68,6 +70,7 @@ static ndk_set_var_t ngx_http_set_misc_set_hmac_sha1_filter = {
};
#endif
+
#ifndef NGX_HTTP_SET_HASH
static ndk_set_var_t ngx_http_set_misc_set_md5_filter = {
NDK_SET_VAR_VALUE,
@@ -95,41 +98,47 @@ static ndk_set_var_t ngx_http_set_misc_unescape_uri_filter = {
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_escape_uri_filter = {
NDK_SET_VAR_VALUE,
ngx_http_set_misc_escape_uri,
1,
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_decode_base32_filter = {
NDK_SET_VAR_VALUE,
ngx_http_set_misc_decode_base32,
1,
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_quote_sql_str_filter = {
NDK_SET_VAR_VALUE,
ngx_http_set_misc_quote_sql_str,
1,
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_quote_pgsql_str_filter = {
NDK_SET_VAR_VALUE,
ngx_http_set_misc_quote_pgsql_str,
1,
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_quote_json_str_filter = {
NDK_SET_VAR_VALUE,
ngx_http_set_misc_quote_json_str,
1,
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_encode_base32_filter = {
NDK_SET_VAR_VALUE,
ngx_http_set_misc_encode_base32,
@@ -145,27 +154,31 @@ static ndk_set_var_t ngx_http_set_misc_local_today_filter = {
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_set_random_filter = {
NDK_SET_VAR_MULTI_VALUE,
ngx_http_set_misc_set_random,
2,
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_set_secure_random_alphanum_filter = {
NDK_SET_VAR_VALUE,
ngx_http_set_misc_set_secure_random_alphanum,
1,
NULL
};
+
static ndk_set_var_t ngx_http_set_misc_set_secure_random_lcalpha_filter = {
NDK_SET_VAR_VALUE,
ngx_http_set_misc_set_secure_random_lcalpha,
1,
NULL
};
+
static ngx_command_t ngx_http_set_misc_commands[] = {
{ ngx_string ("set_encode_base64"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF
View
48 src/ngx_http_set_secure_random.c
@@ -7,14 +7,18 @@
#include "ngx_http_set_secure_random.h"
#include <stdlib.h>
-const int MAX_RANDOM_STRING = 64;
-const int ALPHANUM = 1;
-const int LCALPHA = 2;
+enum {
+ MAX_RANDOM_STRING = 64,
+ ALPHANUM = 1,
+ LCALPHA = 2
+};
+
ngx_int_t
-ngx_http_set_misc_set_secure_random_common(int alphabet_type, ngx_http_request_t *r,
- ngx_str_t *res, ngx_http_variable_value_t *v);
+ngx_http_set_misc_set_secure_random_common(int alphabet_type,
+ ngx_http_request_t *r, ngx_str_t *res, ngx_http_variable_value_t *v);
+
ngx_int_t
ngx_http_set_misc_set_secure_random_alphanum(ngx_http_request_t *r,
@@ -23,50 +27,57 @@ ngx_http_set_misc_set_secure_random_alphanum(ngx_http_request_t *r,
return ngx_http_set_misc_set_secure_random_common(ALPHANUM, r, res, v);
}
+
ngx_int_t
ngx_http_set_misc_set_secure_random_lcalpha(ngx_http_request_t *r,
ngx_str_t *res, ngx_http_variable_value_t *v)
{
return ngx_http_set_misc_set_secure_random_common(LCALPHA, r, res, v);
}
+
ngx_int_t
-ngx_http_set_misc_set_secure_random_common(int alphabet_type, ngx_http_request_t *r,
- ngx_str_t *res, ngx_http_variable_value_t *v)
+ngx_http_set_misc_set_secure_random_common(int alphabet_type,
+ ngx_http_request_t *r, ngx_str_t *res, ngx_http_variable_value_t *v)
{
- static u_char alphabet[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+ static u_char alphabet[] = "abcdefghijklmnopqrstuvwxyz"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+
u_char entropy[MAX_RANDOM_STRING];
u_char output[MAX_RANDOM_STRING];
- ngx_int_t length, fd, i;
+ ngx_int_t length, i;
+ ngx_fd_t fd;
ssize_t n;
-
length = ngx_atoi(v->data, v->len);
+
if (length == NGX_ERROR || length < 1 || length > MAX_RANDOM_STRING) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"set_random: bad \"length\" argument: %v", v);
return NGX_ERROR;
}
fd = ngx_open_file("/dev/urandom", NGX_FILE_RDONLY, NGX_FILE_OPEN, 0);
- if (fd == -1) {
+ if (fd == NGX_INVALID_FILE) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "set_secure_random: could not open /dev/urandom");
+ "set_secure_random: could not open /dev/urandom");
return NGX_ERROR;
}
-
+
n = ngx_read_fd(fd, entropy, length);
if (n != length) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "set_secure_random: could not read all %d byte(s) from /dev/urandom", length);
+ "set_secure_random: could not read all %i byte(s) from "
+ "/dev/urandom", length);
return NGX_ERROR;
}
-
+
ngx_close_file(fd);
-
+
for (i = 0; i < length; i++) {
if (alphabet_type == LCALPHA) {
output[i] = entropy[i] % 26 + 'a';
+
} else {
output[i] = alphabet[ entropy[i] % (sizeof alphabet - 1) ];
}
@@ -78,13 +89,14 @@ ngx_http_set_misc_set_secure_random_common(int alphabet_type, ngx_http_request_t
}
ngx_memcpy(res->data, output, length);
-
+
res->len = length;
- /* Set all required params */
+ /* set all required params */
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
return NGX_OK;
}
+
View
17 t/secure-random.t
@@ -1,8 +1,8 @@
-# vi:filetype=perl
+# vi:filetype=
use Test::Nginx::Socket;
-repeat_each(100);
+repeat_each(2);
plan tests => repeat_each() * 2 * blocks();
@@ -25,6 +25,8 @@ __DATA__
GET /alphanum
--- response_body_like: ^[a-zA-Z0-9]{32}$
+
+
=== TEST 2: a 16-character alphanum
--- config
location /alphanum {
@@ -36,6 +38,8 @@ __DATA__
GET /alphanum
--- response_body_like: ^[a-zA-Z0-9]{16}$
+
+
=== TEST 3: a 1-character alphanum
--- config
location /alphanum {
@@ -47,6 +51,8 @@ __DATA__
GET /alphanum
--- response_body_like: ^[a-zA-Z0-9]{1}$
+
+
=== TEST 4: length less than <= 0 should fail
--- config
location /alphanum {
@@ -59,6 +65,8 @@ __DATA__
--- response_body_like: 500 Internal Server Error
--- error_code: 500
+
+
=== TEST 5: length less than <= 0 should fail
--- config
location /alphanum {
@@ -71,6 +79,8 @@ __DATA__
--- response_body_like: 500 Internal Server Error
--- error_code: 500
+
+
=== TEST 6: non-numeric length should fail
--- config
location /alphanum {
@@ -83,6 +93,8 @@ __DATA__
--- response_body_like: 500 Internal Server Error
--- error_code: 500
+
+
=== TEST 7: a 16-character lcalpha
--- config
location /lcalpha {
@@ -93,3 +105,4 @@ __DATA__
--- request
GET /lcalpha
--- response_body_like: ^[a-z]{16}$
+

0 comments on commit 5441a7e

Please sign in to comment.