librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Squashed 'src/deps/src/lua-resty-string/' content from commit b192878f6 

git-subtree-dir: src/deps/src/lua-resty-string
git-subtree-split: b192878f6ed31b0af237935bbc5a8110a3c2256c
This commit is contained in:
Théophile Diot 2023-06-30 15:38:58 -04:00
commit 3038a0b027
28 changed files with 2950 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
*.t linguist-language=Text

6
.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
*.swp
*.swo
*~
go
t/servroot/
reindex

68
.travis.yml Normal file
View File

@ -0,0 +1,68 @@
sudo: required
dist: trusty
os: linux
language: c
compiler:
- gcc
cache:
directories:
- download-cache
env:
global:
- JOBS=3
- NGX_BUILD_JOBS=$JOBS
- LUAJIT_PREFIX=/opt/luajit21
- LUAJIT_LIB=$LUAJIT_PREFIX/lib
- LUAJIT_INC=$LUAJIT_PREFIX/include/luajit-2.1
- LUA_INCLUDE_DIR=$LUAJIT_INC
- LUA_CMODULE_DIR=/lib
- OPENSSL_PREFIX=/opt/ssl
- OPENSSL_LIB=$OPENSSL_PREFIX/lib
- OPENSSL_INC=$OPENSSL_PREFIX/include
- LD_LIBRARY_PATH=$LUAJIT_LIB:$LD_LIBRARY_PATH
- TEST_NGINX_SLEEP=0.006
matrix:
- NGINX_VERSION=1.19.9 OPENSSL_VER=1.1.0l
- NGINX_VERSION=1.19.9 OPENSSL_VER=1.1.1k
install:
- if [ ! -d download-cache ]; then mkdir download-cache; fi
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -O download-cache/openssl-$OPENSSL_VER.tar.gz https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz; fi
- sudo apt-get install -qq -y cpanminus axel
- sudo cpanm --notest Test::Nginx > build.log 2>&1 || (cat build.log && exit 1)
- wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
- git clone https://github.com/openresty/openresty.git ../openresty
- git clone https://github.com/openresty/nginx-devel-utils.git
- git clone https://github.com/simpl/ngx_devel_kit.git ../ndk-nginx-module
- git clone https://github.com/openresty/lua-nginx-module.git ../lua-nginx-module
- git clone https://github.com/openresty/lua-resty-core.git ../lua-resty-core
- git clone https://github.com/openresty/lua-resty-lrucache.git ../lua-resty-lrucache
- git clone https://github.com/openresty/no-pool-nginx.git ../no-pool-nginx
- git clone -b v2.1-agentzh https://github.com/openresty/luajit2.git
- git clone https://github.com/openresty/mockeagain.git
script:
- cd luajit2/
- make -j$JOBS CCDEBUG=-g Q= PREFIX=$LUAJIT_PREFIX CC=$CC XCFLAGS='-DLUA_USE_APICHECK -DLUA_USE_ASSERT' > build.log 2>&1 || (cat build.log && exit 1)
- sudo make install PREFIX=$LUAJIT_PREFIX > build.log 2>&1 || (cat build.log && exit 1)
- cd ..
- tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
- cd openssl-$OPENSSL_VER/
- ./config shared --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat build.log && exit 1)
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1)
- cd ../mockeagain/ && make CC=$CC -j$JOBS && cd ..
- export PATH=$PWD/work/nginx/sbin:$PWD/nginx-devel-utils:$PATH
- export LD_PRELOAD=$PWD/mockeagain/mockeagain.so
- export LD_LIBRARY_PATH=$PWD/mockeagain:$LD_LIBRARY_PATH
- export TEST_NGINX_RESOLVER=8.8.4.4
- export NGX_BUILD_CC=$CC
- ngx-build $NGINX_VERSION --with-ipv6 --with-http_realip_module --with-http_ssl_module --with-cc-opt="-I$OPENSSL_INC" --with-ld-opt="-L$OPENSSL_LIB -Wl,-rpath,$OPENSSL_LIB" --add-module=../ndk-nginx-module --add-module=../lua-nginx-module --with-debug > build.log 2>&1 || (cat build.log && exit 1)
- nginx -V
- ldd `which nginx`|grep -E 'luajit|ssl|pcre'
- prove -r t

18
Makefile Normal file
View File

@ -0,0 +1,18 @@
OPENRESTY_PREFIX=/usr/local/openresty
PREFIX ?= /usr/local
LUA_INCLUDE_DIR ?= $(PREFIX)/include
LUA_LIB_DIR ?= $(PREFIX)/lib/lua/$(LUA_VERSION)
INSTALL ?= install
.PHONY: all test install
all: ;
install: all
$(INSTALL) -d $(DESTDIR)/$(LUA_LIB_DIR)/resty
$(INSTALL) lib/resty/*.lua $(DESTDIR)/$(LUA_LIB_DIR)/resty
test: all
PATH=$(OPENRESTY_PREFIX)/nginx/sbin:$$PATH prove -I../test-nginx/lib -r t

223
README.markdown Normal file
View File

@ -0,0 +1,223 @@
Name
====
lua-resty-string - String utilities and common hash functions for ngx_lua and LuaJIT
Table of Contents
=================
* [Name](#name)
* [Status](#status)
* [Description](#description)
* [Synopsis](#synopsis)
* [Author](#author)
* [Copyright and License](#copyright-and-license)
* [See Also](#see-also)
Status
======
This library is considered experimental and still under active development.
The API is still in flux and may change without notice.
Description
===========
This library requires an nginx build with OpenSSL,
the [ngx_lua module](http://wiki.nginx.org/HttpLuaModule), and [LuaJIT 2.0](http://luajit.org/luajit.html).
Synopsis
========
```lua
# nginx.conf:
lua_package_path "/path/to/lua-resty-string/lib/?.lua;;";
server {
location = /test {
content_by_lua_file conf/test.lua;
}
}
-- conf/test.lua:
local resty_sha1 = require "resty.sha1"
local sha1 = resty_sha1:new()
if not sha1 then
ngx.say("failed to create the sha1 object")
return
end
local ok = sha1:update("hello, ")
if not ok then
ngx.say("failed to add data")
return
end
ok = sha1:update("world")
if not ok then
ngx.say("failed to add data")
return
end
local digest = sha1:final() -- binary digest
local str = require "resty.string"
ngx.say("sha1: ", str.to_hex(digest))
-- output: "sha1: b7e23ec29af22b0b4e41da31e868d57226121c84"
local resty_md5 = require "resty.md5"
local md5 = resty_md5:new()
if not md5 then
ngx.say("failed to create md5 object")
return
end
local ok = md5:update("hel")
if not ok then
ngx.say("failed to add data")
return
end
-- md5:update() with an optional "len" parameter
ok = md5:update("loxxx", 2)
if not ok then
ngx.say("failed to add data")
return
end
local digest = md5:final()
local str = require "resty.string"
ngx.say("md5: ", str.to_hex(digest))
-- yield "md5: 5d41402abc4b2a76b9719d911017c592"
local resty_sha224 = require "resty.sha224"
local str = require "resty.string"
local sha224 = resty_sha224:new()
ngx.say(sha224:update("hello"))
local digest = sha224:final()
ngx.say("sha224: ", str.to_hex(digest))
local resty_sha256 = require "resty.sha256"
local str = require "resty.string"
local sha256 = resty_sha256:new()
ngx.say(sha256:update("hello"))
local digest = sha256:final()
ngx.say("sha256: ", str.to_hex(digest))
local resty_sha512 = require "resty.sha512"
local str = require "resty.string"
local sha512 = resty_sha512:new()
ngx.say(sha512:update("hello"))
local digest = sha512:final()
ngx.say("sha512: ", str.to_hex(digest))
local resty_sha384 = require "resty.sha384"
local str = require "resty.string"
local sha384 = resty_sha384:new()
ngx.say(sha384:update("hel"))
ngx.say(sha384:update("lo"))
local digest = sha384:final()
ngx.say("sha384: ", str.to_hex(digest))
local resty_random = require "resty.random"
local str = require "resty.string"
local random = resty_random.bytes(16)
-- generate 16 bytes of pseudo-random data
ngx.say("pseudo-random: ", str.to_hex(random))
local resty_random = require "resty.random"
local str = require "resty.string"
local strong_random = resty_random.bytes(16,true)
-- attempt to generate 16 bytes of
-- cryptographically strong random data
while strong_random == nil do
strong_random = resty_random.bytes(16,true)
end
ngx.say("random: ", str.to_hex(strong_random))
local aes = require "resty.aes"
local str = require "resty.string"
local aes_128_cbc_md5 = aes:new("AKeyForAES")
-- the default cipher is AES 128 CBC with 1 round of MD5
-- for the key and a nil salt
local encrypted = aes_128_cbc_md5:encrypt("Secret message!")
ngx.say("AES 128 CBC (MD5) Encrypted HEX: ", str.to_hex(encrypted))
ngx.say("AES 128 CBC (MD5) Decrypted: ", aes_128_cbc_md5:decrypt(encrypted))
local aes = require "resty.aes"
local str = require "resty.string"
local aes_256_cbc_sha512x5 = aes:new("AKeyForAES-256-CBC",
"MySalt!!", aes.cipher(256,"cbc"), aes.hash.sha512, 5)
-- AES 256 CBC with 5 rounds of SHA-512 for the key
-- and a salt of "MySalt!!"
-- Note: salt can be either nil or exactly 8 characters long
local encrypted = aes_256_cbc_sha512x5:encrypt("Really secret message!")
ngx.say("AES 256 CBC (SHA-512, salted) Encrypted HEX: ", str.to_hex(encrypted))
ngx.say("AES 256 CBC (SHA-512, salted) Decrypted: ",
aes_256_cbc_sha512x5:decrypt(encrypted))
local aes = require "resty.aes"
local str = require "resty.string"
local aes_128_cbc_with_iv = assert(aes:new("1234567890123456",
nil, aes.cipher(128,"cbc"), {iv="1234567890123456"}))
-- AES 128 CBC with IV and no SALT
local encrypted = aes_128_cbc_with_iv:encrypt("Really secret message!")
ngx.say("AES 128 CBC (WITH IV) Encrypted HEX: ", str.to_hex(encrypted))
ngx.say("AES 128 CBC (WITH IV) Decrypted: ",
aes_128_cbc_with_iv:decrypt(encrypted))
local aes = require "resty.aes"
local str = require "resty.string"
local enable_padding = false
local aes_256_cbc_with_padding = aes:new(
key, nil, aes.cipher(256,"cbc"), {iv = string.sub(key, 1, 16)}, nil,
nil, enable_padding)
-- AES-256 CBC (custom keygen, user padding with block_size=32)
local text = "hello"
local block_size = 32
local pad = block_size - #text % 32
local text_paded = text .. string.rep(string.char(pad), pad)
local encrypted = aes_256_cbc_with_padding:encrypt(text_paded)
ngx.say("AES-256 CBC (custom keygen, user padding with block_size=32) HEX: ",
str.to_hex(encrypted))
```
[Back to TOC](#table-of-contents)
Author
======
Yichun "agentzh" Zhang (章亦春) <agentzh@gmail.com>
[Back to TOC](#table-of-contents)
Copyright and License
=====================
This module is licensed under the BSD license.
Copyright (C) 2012-2018, by Yichun "agentzh" Zhang (章亦春) <agentzh@gmail.com>, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[Back to TOC](#table-of-contents)
See Also
========
* the ngx_lua module: http://wiki.nginx.org/HttpLuaModule
[Back to TOC](#table-of-contents)

10
dist.ini Normal file
View File

@ -0,0 +1,10 @@
name=lua-resty-string
abstract=String utilities and common hash functions for ngx_lua and LuaJIT
author=Yichun "agentzh" Zhang (agentzh)
is_original=yes
license=2bsd
lib_dir=lib
doc_dir=lib
repo_link=https://github.com/openresty/lua-resty-string
main_module=lib/resty/string.lua
requires=luajit >= 2.1.0

315
lib/resty/aes.lua Normal file
View File

@ -0,0 +1,315 @@
-- Copyright (C) by Yichun Zhang (agentzh)
--local asn1 = require "resty.asn1"
local ffi = require "ffi"
local ffi_new = ffi.new
local ffi_gc = ffi.gc
local ffi_str = ffi.string
local ffi_copy = ffi.copy
local C = ffi.C
local setmetatable = setmetatable
--local error = error
local type = type
local _M = { _VERSION = '0.14' }
local mt = { __index = _M }
local EVP_CTRL_AEAD_SET_IVLEN = 0x09
local EVP_CTRL_AEAD_GET_TAG = 0x10
local EVP_CTRL_AEAD_SET_TAG = 0x11
ffi.cdef[[
typedef struct engine_st ENGINE;
typedef struct evp_cipher_st EVP_CIPHER;
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
typedef struct env_md_ctx_st EVP_MD_CTX;
typedef struct env_md_st EVP_MD;
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_sha224(void);
const EVP_MD *EVP_sha256(void);
const EVP_MD *EVP_sha384(void);
const EVP_MD *EVP_sha512(void);
const EVP_CIPHER *EVP_aes_128_ecb(void);
const EVP_CIPHER *EVP_aes_128_cbc(void);
const EVP_CIPHER *EVP_aes_128_cfb1(void);
const EVP_CIPHER *EVP_aes_128_cfb8(void);
const EVP_CIPHER *EVP_aes_128_cfb128(void);
const EVP_CIPHER *EVP_aes_128_ofb(void);
const EVP_CIPHER *EVP_aes_128_ctr(void);
const EVP_CIPHER *EVP_aes_192_ecb(void);
const EVP_CIPHER *EVP_aes_192_cbc(void);
const EVP_CIPHER *EVP_aes_192_cfb1(void);
const EVP_CIPHER *EVP_aes_192_cfb8(void);
const EVP_CIPHER *EVP_aes_192_cfb128(void);
const EVP_CIPHER *EVP_aes_192_ofb(void);
const EVP_CIPHER *EVP_aes_192_ctr(void);
const EVP_CIPHER *EVP_aes_256_ecb(void);
const EVP_CIPHER *EVP_aes_256_cbc(void);
const EVP_CIPHER *EVP_aes_256_cfb1(void);
const EVP_CIPHER *EVP_aes_256_cfb8(void);
const EVP_CIPHER *EVP_aes_256_cfb128(void);
const EVP_CIPHER *EVP_aes_256_ofb(void);
const EVP_CIPHER *EVP_aes_128_gcm(void);
const EVP_CIPHER *EVP_aes_192_gcm(void);
const EVP_CIPHER *EVP_aes_256_gcm(void);
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new();
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int padding);
int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
ENGINE *impl, unsigned char *key, const unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
ENGINE *impl, unsigned char *key, const unsigned char *iv);
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl);
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
const unsigned char *salt, const unsigned char *data, int datal,
int count, unsigned char *key,unsigned char *iv);
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
]]
local hash
hash = {
md5 = C.EVP_md5(),
sha1 = C.EVP_sha1(),
sha224 = C.EVP_sha224(),
sha256 = C.EVP_sha256(),
sha384 = C.EVP_sha384(),
sha512 = C.EVP_sha512()
}
_M.hash = hash
local EVP_MAX_BLOCK_LENGTH = 32
local cipher
cipher = function (size, _cipher)
local _size = size or 128
local _cipher = _cipher or "cbc"
local func = "EVP_aes_" .. _size .. "_" .. _cipher
if C[func] then
return { size=_size, cipher=_cipher, method=C[func]()}
else
return nil
end
end
_M.cipher = cipher
function _M.new(self, key, salt, _cipher, _hash, hash_rounds, iv_len, enable_padding)
local encrypt_ctx = C.EVP_CIPHER_CTX_new()
if encrypt_ctx == nil then
return nil, "no memory"
end
ffi_gc(encrypt_ctx, C.EVP_CIPHER_CTX_free)
local decrypt_ctx = C.EVP_CIPHER_CTX_new()
if decrypt_ctx == nil then
return nil, "no memory"
end
ffi_gc(decrypt_ctx, C.EVP_CIPHER_CTX_free)
local _cipher = _cipher or cipher()
local _hash = _hash or hash.md5
local hash_rounds = hash_rounds or 1
local _cipherLength = _cipher.size/8
local gen_key = ffi_new("unsigned char[?]",_cipherLength)
local gen_iv = ffi_new("unsigned char[?]",_cipherLength)
iv_len = iv_len or _cipherLength
-- enable padding by default
local padding = (enable_padding == nil or enable_padding) and 1 or 0
if type(_hash) == "table" then
if not _hash.iv then
return nil, "iv is needed"
end
--[[ Depending on the encryption algorithm, the length of iv will be
different. For detailed, please refer to
https://www.openssl.org/docs/man1.1.0/man3/EVP_CIPHER_CTX_ctrl.html
]]
iv_len = #_hash.iv
if iv_len > _cipherLength then
return nil, "bad iv length"
end
if _hash.method then
local tmp_key = _hash.method(key)
if #tmp_key ~= _cipherLength then
return nil, "bad key length"
end
ffi_copy(gen_key, tmp_key, _cipherLength)
elseif #key ~= _cipherLength then
return nil, "bad key length"
else
ffi_copy(gen_key, key, _cipherLength)
end
ffi_copy(gen_iv, _hash.iv, iv_len)
else
if salt and #salt ~= 8 then
return nil, "salt must be 8 characters or nil"
end
if C.EVP_BytesToKey(_cipher.method, _hash, salt, key, #key,
hash_rounds, gen_key, gen_iv)
~= _cipherLength
then
return nil, "failed to generate key and iv"
end
end
if C.EVP_EncryptInit_ex(encrypt_ctx, _cipher.method, nil,
nil, nil) == 0 or
C.EVP_DecryptInit_ex(decrypt_ctx, _cipher.method, nil,
nil, nil) == 0 then
return nil, "failed to init ctx"
end
local cipher_name = _cipher.cipher
if cipher_name == "gcm"
or cipher_name == "ccm"
or cipher_name == "ocb" then
if C.EVP_CIPHER_CTX_ctrl(encrypt_ctx, EVP_CTRL_AEAD_SET_IVLEN,
iv_len, nil) == 0 or
C.EVP_CIPHER_CTX_ctrl(decrypt_ctx, EVP_CTRL_AEAD_SET_IVLEN,
iv_len, nil) == 0 then
return nil, "failed to set IV length"
end
end
if C.EVP_CIPHER_CTX_set_padding(encrypt_ctx, padding) == 0 then
return nil, "failed to set padding for encrypt context"
end
if C.EVP_CIPHER_CTX_set_padding(decrypt_ctx, padding) == 0 then
return nil, "failed to set padding for decrypt context"
end
return setmetatable({
_encrypt_ctx = encrypt_ctx,
_decrypt_ctx = decrypt_ctx,
_cipher = _cipher.cipher,
_key = gen_key,
_iv = gen_iv
}, mt)
end
function _M.encrypt(self, s)
local typ = type(self)
if typ ~= "table" then
error("bad argument #1 self: table expected, got " .. typ, 2)
end
local s_len = #s
local max_len = s_len + 2 * EVP_MAX_BLOCK_LENGTH
local buf = ffi_new("unsigned char[?]", max_len)
local out_len = ffi_new("int[1]")
local tmp_len = ffi_new("int[1]")
local ctx = self._encrypt_ctx
if C.EVP_EncryptInit_ex(ctx, nil, nil, self._key, self._iv) == 0 then
return nil, "EVP_EncryptInit_ex failed"
end
if C.EVP_EncryptUpdate(ctx, buf, out_len, s, s_len) == 0 then
return nil, "EVP_EncryptUpdate failed"
end
if self._cipher == "gcm" then
local encrypt_data = ffi_str(buf, out_len[0])
if C.EVP_EncryptFinal_ex(ctx, buf, out_len) == 0 then
return nil, "EVP_DecryptFinal_ex failed"
end
-- FIXME: For OCB mode the taglen must either be 16
-- or the value previously set via EVP_CTRL_OCB_SET_TAGLEN.
-- so we should extend this api in the future
C.EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, buf);
local tag = ffi_str(buf, 16)
return {encrypt_data, tag}
end
if C.EVP_EncryptFinal_ex(ctx, buf + out_len[0], tmp_len) == 0 then
return nil, "EVP_EncryptFinal_ex failed"
end
return ffi_str(buf, out_len[0] + tmp_len[0])
end
function _M.decrypt(self, s, tag)
local typ = type(self)
if typ ~= "table" then
error("bad argument #1 self: table expected, got " .. typ, 2)
end
local s_len = #s
local max_len = s_len + 2 * EVP_MAX_BLOCK_LENGTH
local buf = ffi_new("unsigned char[?]", max_len)
local out_len = ffi_new("int[1]")
local tmp_len = ffi_new("int[1]")
local ctx = self._decrypt_ctx
if C.EVP_DecryptInit_ex(ctx, nil, nil, self._key, self._iv) == 0 then
return nil, "EVP_DecryptInit_ex failed"
end
if C.EVP_DecryptUpdate(ctx, buf, out_len, s, s_len) == 0 then
return nil, "EVP_DecryptUpdate failed"
end
if self._cipher == "gcm" then
local plain_txt = ffi_str(buf, out_len[0])
if tag ~= nil then
local tag_buf = ffi_new("unsigned char[?]", 16)
ffi.copy(tag_buf, tag, 16)
C.EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, tag_buf);
end
if C.EVP_DecryptFinal_ex(ctx, buf + out_len[0], tmp_len) == 0 then
return nil, "EVP_DecryptFinal_ex failed"
end
return plain_txt
end
if C.EVP_DecryptFinal_ex(ctx, buf + out_len[0], tmp_len) == 0 then
return nil, "EVP_DecryptFinal_ex failed"
end
return ffi_str(buf, out_len[0] + tmp_len[0])
end
return _M

72
lib/resty/md5.lua Normal file
View File

@ -0,0 +1,72 @@
-- Copyright (C) by Yichun Zhang (agentzh)
local ffi = require "ffi"
local ffi_new = ffi.new
local ffi_str = ffi.string
local C = ffi.C
local setmetatable = setmetatable
--local error = error
local _M = { _VERSION = '0.14' }
local mt = { __index = _M }
ffi.cdef[[
typedef unsigned long MD5_LONG ;
enum {
MD5_CBLOCK = 64,
MD5_LBLOCK = MD5_CBLOCK/4
};
typedef struct MD5state_st
{
MD5_LONG A,B,C,D;
MD5_LONG Nl,Nh;
MD5_LONG data[MD5_LBLOCK];
unsigned int num;
} MD5_CTX;
int MD5_Init(MD5_CTX *c);
int MD5_Update(MD5_CTX *c, const void *data, size_t len);
int MD5_Final(unsigned char *md, MD5_CTX *c);
]]
local buf = ffi_new("char[16]")
local ctx_ptr_type = ffi.typeof("MD5_CTX[1]")
function _M.new(self)
local ctx = ffi_new(ctx_ptr_type)
if C.MD5_Init(ctx) == 0 then
return nil
end
return setmetatable({ _ctx = ctx }, mt)
end
function _M.update(self, s, len)
return C.MD5_Update(self._ctx, s, len or #s) == 1
end
function _M.final(self)
if C.MD5_Final(buf, self._ctx) == 1 then
return ffi_str(buf, 16)
end
return nil
end
function _M.reset(self)
return C.MD5_Init(self._ctx) == 1
end
return _M

36
lib/resty/random.lua Normal file
View File

@ -0,0 +1,36 @@
-- Copyright (C) by Yichun Zhang (agentzh)
local ffi = require "ffi"
local ffi_new = ffi.new
local ffi_str = ffi.string
local C = ffi.C
--local setmetatable = setmetatable
--local error = error
local _M = { _VERSION = '0.14' }
ffi.cdef[[
int RAND_bytes(unsigned char *buf, int num);
int RAND_pseudo_bytes(unsigned char *buf, int num);
]]
function _M.bytes(len, strong)
local buf = ffi_new("char[?]", len)
if strong then
if C.RAND_bytes(buf, len) == 0 then
return nil
end
else
C.RAND_pseudo_bytes(buf,len)
end
return ffi_str(buf, len)
end
return _M

19
lib/resty/sha.lua Normal file
View File

@ -0,0 +1,19 @@
-- Copyright (C) by Yichun Zhang (agentzh)
local ffi = require "ffi"
local _M = { _VERSION = '0.14' }
ffi.cdef[[
typedef unsigned long SHA_LONG;
typedef unsigned long long SHA_LONG64;
enum {
SHA_LBLOCK = 16
};
]];
return _M

69
lib/resty/sha1.lua Normal file
View File

@ -0,0 +1,69 @@
-- Copyright (C) by Yichun Zhang (agentzh)
require "resty.sha"
local ffi = require "ffi"
local ffi_new = ffi.new
local ffi_str = ffi.string
local C = ffi.C
local setmetatable = setmetatable
--local error = error
local _M = { _VERSION = '0.14' }
local mt = { __index = _M }
ffi.cdef[[
typedef struct SHAstate_st
{
SHA_LONG h0,h1,h2,h3,h4;
SHA_LONG Nl,Nh;
SHA_LONG data[SHA_LBLOCK];
unsigned int num;
} SHA_CTX;
int SHA1_Init(SHA_CTX *c);
int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
int SHA1_Final(unsigned char *md, SHA_CTX *c);
]]
local digest_len = 20
local buf = ffi_new("char[?]", digest_len)
local ctx_ptr_type = ffi.typeof("SHA_CTX[1]")
function _M.new(self)
local ctx = ffi_new(ctx_ptr_type)
if C.SHA1_Init(ctx) == 0 then
return nil
end
return setmetatable({ _ctx = ctx }, mt)
end
function _M.update(self, s)
return C.SHA1_Update(self._ctx, s, #s) == 1
end
function _M.final(self)
if C.SHA1_Final(buf, self._ctx) == 1 then
return ffi_str(buf, digest_len)
end
return nil
end
function _M.reset(self)
return C.SHA1_Init(self._ctx) == 1
end
return _M

60
lib/resty/sha224.lua Normal file
View File

@ -0,0 +1,60 @@
-- Copyright (C) by Yichun Zhang (agentzh)
require "resty.sha256"
local ffi = require "ffi"
local ffi_new = ffi.new
local ffi_str = ffi.string
local C = ffi.C
local setmetatable = setmetatable
--local error = error
local _M = { _VERSION = '0.14' }
local mt = { __index = _M }
ffi.cdef[[
int SHA224_Init(SHA256_CTX *c);
int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA224_Final(unsigned char *md, SHA256_CTX *c);
]]
local digest_len = 28
local buf = ffi_new("char[?]", digest_len)
local ctx_ptr_type = ffi.typeof("SHA256_CTX[1]")
function _M.new(self)
local ctx = ffi_new(ctx_ptr_type)
if C.SHA224_Init(ctx) == 0 then
return nil
end
return setmetatable({ _ctx = ctx }, mt)
end
function _M.update(self, s)
return C.SHA224_Update(self._ctx, s, #s) == 1
end
function _M.final(self)
if C.SHA224_Final(buf, self._ctx) == 1 then
return ffi_str(buf, digest_len)
end
return nil
end
function _M.reset(self)
return C.SHA224_Init(self._ctx) == 1
end
return _M

69
lib/resty/sha256.lua Normal file
View File

@ -0,0 +1,69 @@
-- Copyright (C) by Yichun Zhang (agentzh)
require "resty.sha"
local ffi = require "ffi"
local ffi_new = ffi.new
local ffi_str = ffi.string
local C = ffi.C
local setmetatable = setmetatable
--local error = error
local _M = { _VERSION = '0.14' }
local mt = { __index = _M }
ffi.cdef[[
typedef struct SHA256state_st
{
SHA_LONG h[8];
SHA_LONG Nl,Nh;
SHA_LONG data[SHA_LBLOCK];
unsigned int num,md_len;
} SHA256_CTX;
int SHA256_Init(SHA256_CTX *c);
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
int SHA256_Final(unsigned char *md, SHA256_CTX *c);
]]
local digest_len = 32
local buf = ffi_new("char[?]", digest_len)
local ctx_ptr_type = ffi.typeof("SHA256_CTX[1]")
function _M.new(self)
local ctx = ffi_new(ctx_ptr_type)
if C.SHA256_Init(ctx) == 0 then
return nil
end
return setmetatable({ _ctx = ctx }, mt)
end
function _M.update(self, s)
return C.SHA256_Update(self._ctx, s, #s) == 1
end
function _M.final(self)
if C.SHA256_Final(buf, self._ctx) == 1 then
return ffi_str(buf, digest_len)
end
return nil
end
function _M.reset(self)
return C.SHA256_Init(self._ctx) == 1
end
return _M

60
lib/resty/sha384.lua Normal file
View File

@ -0,0 +1,60 @@
-- Copyright (C) by Yichun Zhang (agentzh)
require "resty.sha512"
local ffi = require "ffi"
local ffi_new = ffi.new
local ffi_str = ffi.string
local C = ffi.C
local setmetatable = setmetatable
--local error = error
local _M = { _VERSION = '0.14' }
local mt = { __index = _M }
ffi.cdef[[
int SHA384_Init(SHA512_CTX *c);
int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA384_Final(unsigned char *md, SHA512_CTX *c);
]]
local digest_len = 48
local buf = ffi_new("char[?]", digest_len)
local ctx_ptr_type = ffi.typeof("SHA512_CTX[1]")
function _M.new(self)
local ctx = ffi_new(ctx_ptr_type)
if C.SHA384_Init(ctx) == 0 then
return nil
end
return setmetatable({ _ctx = ctx }, mt)
end
function _M.update(self, s)
return C.SHA384_Update(self._ctx, s, #s) == 1
end
function _M.final(self)
if C.SHA384_Final(buf, self._ctx) == 1 then
return ffi_str(buf, digest_len)
end
return nil
end
function _M.reset(self)
return C.SHA384_Init(self._ctx) == 1
end
return _M

75
lib/resty/sha512.lua Normal file
View File

@ -0,0 +1,75 @@
-- Copyright (C) by Yichun Zhang (agentzh)
require "resty.sha"
local ffi = require "ffi"
local ffi_new = ffi.new
local ffi_str = ffi.string
local C = ffi.C
local setmetatable = setmetatable
--local error = error
local _M = { _VERSION = '0.14' }
local mt = { __index = _M }
ffi.cdef[[
enum {
SHA512_CBLOCK = SHA_LBLOCK*8
};
typedef struct SHA512state_st
{
SHA_LONG64 h[8];
SHA_LONG64 Nl,Nh;
union {
SHA_LONG64 d[SHA_LBLOCK];
unsigned char p[SHA512_CBLOCK];
} u;
unsigned int num,md_len;
} SHA512_CTX;
int SHA512_Init(SHA512_CTX *c);
int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA512_Final(unsigned char *md, SHA512_CTX *c);
]]
local digest_len = 64
local buf = ffi_new("char[?]", digest_len)
local ctx_ptr_type = ffi.typeof("SHA512_CTX[1]")
function _M.new(self)
local ctx = ffi_new(ctx_ptr_type)
if C.SHA512_Init(ctx) == 0 then
return nil
end
return setmetatable({ _ctx = ctx }, mt)
end
function _M.update(self, s)
return C.SHA512_Update(self._ctx, s, #s) == 1
end
function _M.final(self)
if C.SHA512_Final(buf, self._ctx) == 1 then
return ffi_str(buf, digest_len)
end
return nil
end
function _M.reset(self)
return C.SHA512_Init(self._ctx) == 1
end
return _M

46
lib/resty/string.lua Normal file
View File

@ -0,0 +1,46 @@
-- Copyright (C) by Yichun Zhang (agentzh)
local ffi = require "ffi"
local ffi_new = ffi.new
local ffi_str = ffi.string
local C = ffi.C
--local setmetatable = setmetatable
--local error = error
local tonumber = tonumber
local _M = { _VERSION = '0.14' }
ffi.cdef[[
typedef unsigned char u_char;
u_char * ngx_hex_dump(u_char *dst, const u_char *src, size_t len);
intptr_t ngx_atoi(const unsigned char *line, size_t n);
]]
local str_type = ffi.typeof("uint8_t[?]")
local BUF_MAX_LEN = 1024
local hex_buf = ffi_new(str_type, BUF_MAX_LEN)
function _M.to_hex(s)
local len = #s
local buf_len = len * 2
local buf
if buf_len <= BUF_MAX_LEN then
buf = hex_buf
else
buf = ffi_new(str_type, buf_len)
end
C.ngx_hex_dump(buf, s, len)
return ffi_str(buf, buf_len)
end
function _M.atoi(s)
return tonumber(C.ngx_atoi(s, #s))
end
return _M

563
t/aes.t Normal file
View File

@ -0,0 +1,563 @@
# vi:ft=
use Test::Nginx::Socket::Lua;
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
#log_level 'warn';
run_tests();
__DATA__
=== TEST 1: AES default hello
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new("secret")
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-128 CBC MD5: ", str.to_hex(encrypted))
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == "hello")
';
}
--- request
GET /t
--- response_body
AES-128 CBC MD5: 7b47a4dbb11e2cddb2f3740c9e3a552b
true
--- no_error_log
[error]
=== TEST 2: AES empty key hello
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new("")
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-128 (empty key) CBC MD5: ", str.to_hex(encrypted))
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == "hello")
';
}
--- request
GET /t
--- response_body
AES-128 (empty key) CBC MD5: 6cb1a35bf9d66e92c9dec684fc329746
true
--- no_error_log
[error]
=== TEST 3: AES 8-byte salt
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new("secret","WhatSalt")
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-128 (salted) CBC MD5: ", str.to_hex(encrypted))
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == "hello")
';
}
--- request
GET /t
--- response_body
AES-128 (salted) CBC MD5: f72db89f8e19326d8da4928be106705c
true
--- no_error_log
[error]
=== TEST 4: AES oversized or too short salt
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local res, err = aes:new("secret","Oversized!")
ngx.say(res, ", ", err)
res, err = aes:new("secret","abc")
ngx.say(res, ", ", err)
';
}
--- request
GET /t
--- response_body
nil, salt must be 8 characters or nil
nil, salt must be 8 characters or nil
--- no_error_log
[error]
=== TEST 5: AES-256 ECB SHA1 no salt
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new("secret",nil,
aes.cipher(256,"ecb"),aes.hash.sha1)
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-256 ECB SHA1: ", str.to_hex(encrypted))
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == "hello")
';
}
--- request
GET /t
--- response_body
AES-256 ECB SHA1: 927148b31f0e89696a222489403f540d
true
--- no_error_log
[error]
=== TEST 6: AES-256 ECB SHA1x5 no salt
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new("secret",nil,
aes.cipher(256,"ecb"),aes.hash.sha1,5)
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-256 ECB SHA1: ", str.to_hex(encrypted))
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == "hello")
';
}
--- request
GET /t
--- response_body
AES-256 ECB SHA1: d1a9b6e59b8980e783df223889563bee
true
--- no_error_log
[error]
=== TEST 7: AES-128 CBC custom keygen
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new("Xr4ilOzQ4PCOq3aQ0qbuaQ==",nil,
aes.cipher(128,"cbc"),
{iv = ngx.decode_base64("Jq5cyFTja2vfyjZoSN6muw=="),
method = ngx.decode_base64})
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-128 CBC (custom keygen) MD5: ", str.to_hex(encrypted))
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == "hello")
local aes_check = aes:new("secret")
local encrypted_check = aes_check:encrypt("hello")
ngx.say(encrypted_check == encrypted)
';
}
--- request
GET /t
--- response_body
AES-128 CBC (custom keygen) MD5: 7b47a4dbb11e2cddb2f3740c9e3a552b
true
true
--- no_error_log
[error]
=== TEST 8: AES-128 CBC custom keygen (without method)
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new(ngx.decode_base64("Xr4ilOzQ4PCOq3aQ0qbuaQ=="),nil,
aes.cipher(128,"cbc"),
{iv = ngx.decode_base64("Jq5cyFTja2vfyjZoSN6muw==")})
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-128 CBC (custom keygen) MD5: ", str.to_hex(encrypted))
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == "hello")
local aes_check = aes:new("secret")
local encrypted_check = aes_check:encrypt("hello")
ngx.say(encrypted_check == encrypted)
';
}
--- request
GET /t
--- response_body
AES-128 CBC (custom keygen) MD5: 7b47a4dbb11e2cddb2f3740c9e3a552b
true
true
--- no_error_log
[error]
=== TEST 9: AES-128 CBC custom keygen (without method, bad key len)
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default, err = aes:new("hel", nil, aes.cipher(128,"cbc"),
{iv = ngx.decode_base64("Jq5cyFTja2vfyjZoSN6muw==")})
if not aes_default then
ngx.say("failed to new: ", err)
return
end
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-128 CBC (custom keygen) MD5: ", str.to_hex(encrypted))
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == "hello")
local aes_check = aes:new("secret")
local encrypted_check = aes_check:encrypt("hello")
ngx.say(encrypted_check == encrypted)
';
}
--- request
GET /t
--- response_body
failed to new: bad key length
--- no_error_log
[error]
=== TEST 10: AES-128 CBC custom keygen (without method, bad iv)
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default, err = aes:new(
ngx.decode_base64("Xr4ilOzQ4PCOq3aQ0qbuaQ=="),
nil,
aes.cipher(128,"cbc"),
{iv = "helloworld&helloworld"}
)
if not aes_default then
ngx.say("failed to new: ", err)
return
end
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-128 CBC (custom keygen) MD5: ", str.to_hex(encrypted))
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == "hello")
local aes_check = aes:new("secret")
local encrypted_check = aes_check:encrypt("hello")
ngx.say(encrypted_check == encrypted)
';
}
--- request
GET /t
--- response_body
failed to new: bad iv length
--- no_error_log
[error]
=== TEST 11: AES-256 GCM sha256 no salt
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua_block {
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new("secret",nil,
aes.cipher(256,"gcm"), aes.hash.sha256, 1, 12)
local encrypted = aes_default:encrypt("hello")
ngx.say("AES-256 GCM: ", str.to_hex(encrypted[1]),
" tag: ", str.to_hex(encrypted[2]))
local decrypted, err = aes_default:decrypt(encrypted[1], encrypted[2])
ngx.say(decrypted == "hello")
}
}
--- request
GET /t
--- response_body
AES-256 GCM: 4acef84443 tag: bcecc29fb0d8b5c895e21f6ea89681a2
true
--- no_error_log
[error]
=== TEST 12: AES-256 GCM with iv
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua_block {
local function from_hex(s)
return (s:gsub('..', function (cc)
return string.char(tonumber(cc, 16))
end))
end
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new(
from_hex("40A4510F290AD8182AF4B0260C655F8511E5B46BCA20EA191D8BC7B4D99CE95F"),
nil,
aes.cipher(256,"gcm"),
{iv = from_hex("f31a8c01e125e4720481be05")})
local encrypted = aes_default:encrypt("13770713710")
ngx.say("AES-256 GCM: ", str.to_hex(encrypted[1]),
" tag: ", str.to_hex(encrypted[2]))
local decrypted, err = aes_default:decrypt(encrypted[1], encrypted[2])
ngx.say(decrypted == "13770713710")
}
}
--- request
GET /t
--- response_body
AES-256 GCM: 755eccf6aa0cd51d55ad0c tag: 9a61f5a3cc3089bbe7de00a3dd484a1d
true
--- no_error_log
[error]
=== TEST 13: AES-256 GCM sha256 no salt
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua_block {
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new("secret",nil,
aes.cipher(256,"gcm"), aes.hash.sha256, 1, 12)
local encrypted = aes_default.encrypt("hello")
}
}
--- request
GET /t
--- error_code: 500
--- response_body eval
qr/500 Internal Server Error/
--- error_log eval
qr/\[error\] .*? lua entry thread aborted: runtime error: content_by_lua\(nginx.conf:\d+\):6: bad argument #1 self: table expected, got string/ms
=== TEST 14: AES-256 GCM sha256 no salt
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua_block {
local aes = require "resty.aes"
local str = require "resty.string"
local aes_default = aes:new("secret",nil,
aes.cipher(256,"gcm"), aes.hash.sha256, 1, 12)
local encrypted = aes_default.encrypt("hello")
local decrypted, err = aes_default.decrypt(encrypted[1], encrypted[2])
}
}
--- request
GET /t
--- error_code: 500
--- response_body eval
qr/500 Internal Server Error/
--- error_log eval
qr/\[error\] .*? lua entry thread aborted: runtime error: content_by_lua\(nginx.conf:\d+\):6: bad argument #1 self: table expected, got string/ms
=== TEST 15: AES-256 CBC, user padding string + disable padding for aes object
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua_block {
local aes = require "resty.aes"
local str = require "resty.string"
local key = ngx.decode_base64("abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG=")
local text = "hello"
local block_size = 32
local pad = block_size - #text % block_size
ngx.say("pad: ", pad)
local text_padded = text .. string.rep(string.char(pad), pad)
local aes_256_cbc_without_padding, err = aes:new(
key, nil, aes.cipher(256,"cbc"), {iv = string.sub(key, 1, 16)},
nil, nil, false
)
if not aes_256_cbc_without_padding then
ngx.log(ngx.WARN, err)
return
end
local encrypted_without_aes_padding, err = aes_256_cbc_without_padding:encrypt(text_padded)
if not encrypted_without_aes_padding then
ngx.log(ngx.ERR, err)
end
ngx.say("AES-256 CBC (custom keygen, user padding with block_size=32, disable padding) HEX: ",
str.to_hex(encrypted_without_aes_padding),
", len: ", string.len(encrypted_without_aes_padding))
local decrypted = aes_256_cbc_without_padding:decrypt(encrypted_without_aes_padding)
local pad = string.byte(string.sub(decrypted, #decrypted))
ngx.say("pad: ", pad)
local decrypted_text = string.sub(decrypted, 1, #decrypted - pad)
ngx.say(decrypted_text == "hello")
}
}
--- request
GET /t
--- response_body
pad: 27
AES-256 CBC (custom keygen, user padding with block_size=32, disable padding) HEX: eebf8ca13072beede75c595a11b7fb0beffb7ccfb03f72d08456b555610172d1, len: 32
pad: 27
true
--- no_error_log
[error]
=== TEST 16: AES-256 CBC, user padding string + enable padding (default) for aes object, encrypted string will be longer due to auto padding
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua_block {
local aes = require "resty.aes"
local str = require "resty.string"
local key = ngx.decode_base64("abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG=")
local text = "hello"
local block_size = 32
local pad = block_size - #text % block_size
ngx.say("pad: ", pad)
local text_padded = text .. string.rep(string.char(pad), pad)
local aes_256_cbc_with_padding, err = aes:new(
key, nil, aes.cipher(256,"cbc"), {iv = string.sub(key, 1, 16)},
nil, nil, true
)
if not aes_256_cbc_with_padding then
ngx.log(ngx.ERR, err)
return
end
local encrypted_with_aes_padding, err = aes_256_cbc_with_padding:encrypt(text_padded)
if not encrypted_with_aes_padding then
ngx.log(ngx.ERR, err)
end
-- padding will always be added, so `len = text_padded + padding_block_size`
ngx.say("AES-256 CBC (custom keygen, user padding with block_size=32, enable padding) HEX: ",
str.to_hex(encrypted_with_aes_padding),
", len: ", string.len(encrypted_with_aes_padding))
local decrypted = aes_256_cbc_with_padding:decrypt(encrypted_with_aes_padding)
local pad = string.byte(string.sub(decrypted, #decrypted))
ngx.say("pad: ", pad)
local decrypted_text = string.sub(decrypted, 1, #decrypted - pad)
ngx.say(decrypted_text == "hello")
}
}
--- request
GET /t
--- response_body
pad: 27
AES-256 CBC (custom keygen, user padding with block_size=32, enable padding) HEX: eebf8ca13072beede75c595a11b7fb0beffb7ccfb03f72d08456b555610172d15c54a6a02e960ce527a28c8551adfdff, len: 48
pad: 27
true
--- no_error_log
[error]
=== TEST 17: AES-256 CBC, string without user padding + disable padding for aes object
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua_block {
local aes = require "resty.aes"
local str = require "resty.string"
local key = ngx.decode_base64("abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG=")
local text = "hello"
local aes_256_cbc_without_padding, err = aes:new(
key, nil, aes.cipher(256,"cbc"), {iv = string.sub(key, 1, 16)},
nil, nil, false
)
if not aes_256_cbc_without_padding then
ngx.log(ngx.WARN, err)
return
end
local encrypted_unpadded_text, err = aes_256_cbc_without_padding:encrypt(text)
if not encrypted_unpadded_text then
ngx.say("ERROR: unpadded text: ", err)
end
local aes_256_cbc_with_padding, err = aes:new(
key, nil, aes.cipher(256,"cbc"), {iv = string.sub(key, 1, 16)},
nil, nil, true
)
if not aes_256_cbc_with_padding then
ngx.log(ngx.ERR, err)
return
end
local encrypted_text, err = aes_256_cbc_with_padding:encrypt(text)
if not encrypted_text then
ngx.log(ngx.ERR, err)
return
end
ngx.say("AES-256 CBC (custom keygen, without user padding, enable padding) HEX: ",
str.to_hex(encrypted_text),
", len: ", string.len(encrypted_text))
local decrypted = aes_256_cbc_with_padding:decrypt(encrypted_text)
ngx.say(decrypted == "hello")
}
}
--- request
GET /t
--- response_body
ERROR: unpadded text: EVP_EncryptFinal_ex failed
AES-256 CBC (custom keygen, without user padding, enable padding) HEX: 794617717c15d28cc729b983cb9d2257, len: 16
true
--- no_error_log
[error]

40
t/aes_allocation.t Normal file
View File

@ -0,0 +1,40 @@
# vi:ft=
use Test::Nginx::Socket::Lua;
repeat_each(200);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
#log_level 'warn';
run_tests();
__DATA__
=== TEST 1: AES buffer allocation test
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
local str = require "resty.string"
local rnd = require "resty.random"
local aes_default = aes:new("secretsecretsecr", nil, aes.cipher(128, "ecb"))
local data = rnd.bytes(math.random(4096, 16384))
local encrypted = aes_default:encrypt(data)
local decrypted = aes_default:decrypt(encrypted)
ngx.say(decrypted == data)
';
}
--- request
GET /t
--- response_body
true
--- no_error_log
[error]

34
t/atoi.t Normal file
View File

@ -0,0 +1,34 @@
# vi:ft=
use Test::Nginx::Socket::Lua;
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
no_long_string();
run_tests();
__DATA__
=== TEST 1: atoi
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local str = require "resty.string"
ngx.say(1 + str.atoi("32"))
';
}
--- request
GET /t
--- response_body
33
--- no_error_log
[error]

124
t/md5.t Normal file
View File

@ -0,0 +1,124 @@
# vi:ft=
use Test::Nginx::Socket::Lua;
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
no_long_string();
run_tests();
__DATA__
=== TEST 1: hello MD5
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_md5 = require "resty.md5"
local str = require "resty.string"
local md5 = resty_md5:new()
ngx.say(md5:update("hello"))
local digest = md5:final()
ngx.say(digest == ngx.md5_bin("hello"))
ngx.say("md5: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
md5: 5d41402abc4b2a76b9719d911017c592
--- no_error_log
[error]
=== TEST 2: MD5 incremental
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_md5 = require "resty.md5"
local str = require "resty.string"
local md5 = resty_md5:new()
ngx.say(md5:update("hel"))
ngx.say(md5:update("lo"))
local digest = md5:final()
ngx.say("md5: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
md5: 5d41402abc4b2a76b9719d911017c592
--- no_error_log
[error]
=== TEST 3: MD5 empty string
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_md5 = require "resty.md5"
local str = require "resty.string"
local md5 = resty_md5:new()
ngx.say(md5:update(""))
local digest = md5:final()
ngx.say(digest == ngx.md5_bin(""))
ngx.say("md5: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
md5: d41d8cd98f00b204e9800998ecf8427e
--- no_error_log
[error]
=== TEST 4: MD5 update with len parameter
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_md5 = require "resty.md5"
local str = require "resty.string"
local md5 = resty_md5:new()
ngx.say(md5:update("hello", 3))
local digest = md5:final()
ngx.say(digest == ngx.md5_bin("hel"))
md5 = resty_md5:new()
ngx.say(md5:update("hello", 3))
ngx.say(md5:update("loxxx", 2))
digest = md5:final()
ngx.say(digest == ngx.md5_bin("hello"))
ngx.say("md5: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
true
true
true
md5: 5d41402abc4b2a76b9719d911017c592
--- no_error_log
[error]

56
t/random.t Normal file
View File

@ -0,0 +1,56 @@
# vi:ft=
use Test::Nginx::Socket::Lua;
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
no_long_string();
run_tests();
__DATA__
=== TEST 1: pseudo random bytes
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local rand = require "resty.random"
local str = require "resty.string"
local s = rand.bytes(5)
ngx.say("res: ", str.to_hex(s))
';
}
--- request
GET /t
--- response_body_like
^res: [a-f0-9]{10}$
--- no_error_log
[error]
=== TEST 2: strong random bytes
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local rand = require "resty.random"
local str = require "resty.string"
local s = rand.bytes(5, true)
ngx.say("res: ", str.to_hex(s))
';
}
--- request
GET /t
--- response_body_like
^res: [a-f0-9]{10}$
--- no_error_log
[error]

92
t/sha1.t Normal file
View File

@ -0,0 +1,92 @@
# vi:ft=
use Test::Nginx::Socket::Lua;
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
#lua_code_cache off;
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
no_long_string();
run_tests();
__DATA__
=== TEST 1: hello SHA-1
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha1 = require "resty.sha1"
local str = require "resty.string"
local sha1 = resty_sha1:new()
ngx.say(sha1:update("hello"))
local digest = sha1:final()
ngx.say(digest == ngx.sha1_bin("hello"))
ngx.say("sha1: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
sha1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
--- no_error_log
[error]
=== TEST 2: SHA-1 incremental
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha1 = require "resty.sha1"
local str = require "resty.string"
local sha1 = resty_sha1:new()
ngx.say(sha1:update("hel"))
ngx.say(sha1:update("lo"))
local digest = sha1:final()
ngx.say("sha1: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
sha1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
--- no_error_log
[error]
=== TEST 3: SHA-1 empty string
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha1 = require "resty.sha1"
local str = require "resty.string"
local sha1 = resty_sha1:new()
ngx.say(sha1:update(""))
local digest = sha1:final()
ngx.say(digest == ngx.sha1_bin(""))
ngx.say("sha1: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709
--- no_error_log
[error]

140
t/sha224.t Normal file
View File

@ -0,0 +1,140 @@
# vi:ft=
use Test::Nginx::Socket::Lua;
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
#lua_code_cache off;
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
no_long_string();
run_tests();
__DATA__
=== TEST 1: hello SHA-224
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha224 = require "resty.sha224"
local str = require "resty.string"
local sha224 = resty_sha224:new()
ngx.say(sha224:update("hello"))
local digest = sha224:final()
ngx.say("sha224: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
sha224: ea09ae9cc6768c50fcee903ed054556e5bfc8347907f12598aa24193
--- no_error_log
[error]
=== TEST 2: SHA-224 incremental
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha224 = require "resty.sha224"
local str = require "resty.string"
local sha224 = resty_sha224:new()
ngx.say(sha224:update("hel"))
ngx.say(sha224:update("lo"))
local digest = sha224:final()
ngx.say("sha224: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
sha224: ea09ae9cc6768c50fcee903ed054556e5bfc8347907f12598aa24193
--- no_error_log
[error]
=== TEST 3: SHA-224 empty string
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha224 = require "resty.sha224"
local str = require "resty.string"
local sha224 = resty_sha224:new()
ngx.say(sha224:update(""))
local digest = sha224:final()
ngx.say("sha224: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
sha224: d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f
--- no_error_log
[error]
=== TEST 4: hello (SHA-1 + SHA-224 + SHA-256 + SHA-512 at the same time)
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha224 = require "resty.sha224"
local resty_sha256 = require "resty.sha256"
local resty_sha1 = require "resty.sha1"
local resty_sha512 = require "resty.sha512"
local str = require "resty.string"
local sha224 = resty_sha224:new()
local sha256 = resty_sha256:new()
local sha1 = resty_sha1:new()
local sha512 = resty_sha512:new()
ngx.say(sha224:update("hello"))
ngx.say(sha256:update("hello"))
ngx.say(sha1:update("hello"))
ngx.say(sha512:update("hello"))
local digest = sha224:final()
ngx.say("sha224: ", str.to_hex(digest))
digest = sha256:final()
ngx.say("sha256: ", str.to_hex(digest))
digest = sha1:final()
ngx.say("sha1: ", str.to_hex(digest))
digest = sha512:final()
ngx.say("sha512: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
true
true
sha224: ea09ae9cc6768c50fcee903ed054556e5bfc8347907f12598aa24193
sha256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
sha1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d
sha512: 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043
--- no_error_log
[error]

88
t/sha256.t Normal file
View File

@ -0,0 +1,88 @@
# vi:ft=
use Test::Nginx::Socket::Lua;
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
#lua_code_cache off;
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
no_long_string();
run_tests();
__DATA__
=== TEST 1: hello SHA-256
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha256 = require "resty.sha256"
local str = require "resty.string"
local sha256 = resty_sha256:new()
ngx.say(sha256:update("hello"))
local digest = sha256:final()
ngx.say("sha256: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
sha256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
--- no_error_log
[error]
=== TEST 2: SHA-256 incremental
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha256 = require "resty.sha256"
local str = require "resty.string"
local sha256 = resty_sha256:new()
ngx.say(sha256:update("hel"))
ngx.say(sha256:update("lo"))
local digest = sha256:final()
ngx.say("sha256: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
sha256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
--- no_error_log
[error]
=== TEST 3: SHA-256 empty string
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha256 = require "resty.sha256"
local str = require "resty.string"
local sha256 = resty_sha256:new()
ngx.say(sha256:update(""))
local digest = sha256:final()
ngx.say("sha256: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
--- no_error_log
[error]

88
t/sha384.t Normal file
View File

@ -0,0 +1,88 @@
# vi:ft=
use Test::Nginx::Socket;
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
#lua_code_cache off;
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
no_long_string();
run_tests();
__DATA__
=== TEST 1: hello SHA-384
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha384 = require "resty.sha384"
local str = require "resty.string"
local sha384 = resty_sha384:new()
ngx.say(sha384:update("hello"))
local digest = sha384:final()
ngx.say("sha384: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
sha384: 59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f
--- no_error_log
[error]
=== TEST 2: SHA-384 incremental
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha384 = require "resty.sha384"
local str = require "resty.string"
local sha384 = resty_sha384:new()
ngx.say(sha384:update("hel"))
ngx.say(sha384:update("lo"))
local digest = sha384:final()
ngx.say("sha384: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
sha384: 59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f
--- no_error_log
[error]
=== TEST 3: SHA-384 empty string
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha384 = require "resty.sha384"
local str = require "resty.string"
local sha384 = resty_sha384:new()
ngx.say(sha384:update(""))
local digest = sha384:final()
ngx.say("sha384: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
sha384: 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
--- no_error_log
[error]

88
t/sha512.t Normal file
View File

@ -0,0 +1,88 @@
# vi:ft=
use Test::Nginx::Socket::Lua;
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
our $HttpConfig = <<'_EOC_';
#lua_code_cache off;
lua_package_path 'lib/?.lua;;';
lua_package_cpath 'lib/?.so;;';
_EOC_
no_long_string();
run_tests();
__DATA__
=== TEST 1: hello SHA-512
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha512 = require "resty.sha512"
local str = require "resty.string"
local sha512 = resty_sha512:new()
ngx.say(sha512:update("hello"))
local digest = sha512:final()
ngx.say("sha512: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
sha512: 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043
--- no_error_log
[error]
=== TEST 2: SHA-512 incremental
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha512 = require "resty.sha512"
local str = require "resty.string"
local sha512 = resty_sha512:new()
ngx.say(sha512:update("hel"))
ngx.say(sha512:update("lo"))
local digest = sha512:final()
ngx.say("sha512: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
true
sha512: 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043
--- no_error_log
[error]
=== TEST 3: SHA-512 empty string
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local resty_sha512 = require "resty.sha512"
local str = require "resty.string"
local sha512 = resty_sha512:new()
ngx.say(sha512:update(""))
local digest = sha512:final()
ngx.say("sha512: ", str.to_hex(digest))
';
}
--- request
GET /t
--- response_body
true
sha512: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
--- no_error_log
[error]

111
t/version.t Normal file
View File

@ -0,0 +1,111 @@
# vim:set ft= ts=4 sw=4 et:
use Test::Nginx::Socket::Lua;
use Cwd qw(cwd);
repeat_each(2);
plan tests => repeat_each() * (3 * blocks());
my $pwd = cwd();
our $HttpConfig = qq{
lua_package_path "$pwd/lib/?.lua;;";
};
$ENV{TEST_NGINX_RESOLVER} = '8.8.8.8';
no_long_string();
#no_diff();
run_tests();
__DATA__
=== TEST 1: sha1 version
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local sha1 = require "resty.sha1"
ngx.say(sha1._VERSION)
';
}
--- request
GET /t
--- response_body_like chop
^\d+\.\d+$
--- no_error_log
[error]
=== TEST 2: md5 version
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local md5 = require "resty.md5"
ngx.say(md5._VERSION)
';
}
--- request
GET /t
--- response_body_like chop
^\d+\.\d+$
--- no_error_log
[error]
=== TEST 3: resty.string version
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local str = require "resty.string"
ngx.say(str._VERSION)
';
}
--- request
GET /t
--- response_body_like chop
^\d+\.\d+$
--- no_error_log
[error]
=== TEST 4: resty.random version
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local rand = require "resty.random"
ngx.say(rand._VERSION)
';
}
--- request
GET /t
--- response_body_like chop
^\d+\.\d+$
--- no_error_log
[error]
=== TEST 5: resty.aes version
--- http_config eval: $::HttpConfig
--- config
location /t {
content_by_lua '
local aes = require "resty.aes"
ngx.say(aes._VERSION)
';
}
--- request
GET /t
--- response_body_like chop
^\d+\.\d+$
--- no_error_log
[error]

379
valgrind.suppress Normal file
View File

@ -0,0 +1,379 @@
{
<insert_a_suppression_name_here>
Memcheck:Param
write(buf)
fun:__write_nocancel
fun:ngx_log_error_core
fun:ngx_resolver_read_response
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:ngx_sprintf_num
fun:ngx_vslprintf
fun:ngx_log_error_core
fun:ngx_resolver_read_response
fun:ngx_epoll_process_events
fun:ngx_process_events_and_timers
fun:ngx_single_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Addr1
fun:ngx_vslprintf
fun:ngx_snprintf
fun:ngx_sock_ntop
fun:ngx_event_accept
}
{
<insert_a_suppression_name_here>
Memcheck:Param
write(buf)
fun:__write_nocancel
fun:ngx_log_error_core
fun:ngx_resolver_read_response
fun:ngx_event_process_posted
fun:ngx_process_events_and_timers
fun:ngx_single_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:ngx_sprintf_num
fun:ngx_vslprintf
fun:ngx_log_error_core
fun:ngx_resolver_read_response
fun:ngx_event_process_posted
fun:ngx_process_events_and_timers
fun:ngx_single_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
obj:*
}
{
<insert_a_suppression_name_here>
exp-sgcheck:SorG
fun:ngx_http_lua_ndk_set_var_get
}
{
<insert_a_suppression_name_here>
exp-sgcheck:SorG
fun:ngx_http_variables_init_vars
fun:ngx_http_block
}
{
<insert_a_suppression_name_here>
exp-sgcheck:SorG
fun:ngx_conf_parse
}
{
<insert_a_suppression_name_here>
exp-sgcheck:SorG
fun:ngx_vslprintf
fun:ngx_log_error_core
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_calloc
fun:ngx_event_process_init
}
{
<insert_a_suppression_name_here>
Memcheck:Param
epoll_ctl(event)
fun:epoll_ctl
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_event_process_init
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:ngx_conf_flush_files
fun:ngx_single_process_cycle
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:memcpy
fun:ngx_vslprintf
fun:ngx_log_error_core
fun:ngx_http_charset_header_filter
}
{
<insert_a_suppression_name_here>
Memcheck:Param
socketcall.setsockopt(optval)
fun:setsockopt
fun:drizzle_state_connect
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_pool_cleanup_add
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:ngx_conf_flush_files
fun:ngx_single_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_array_push
fun:ngx_http_get_variable_index
fun:ngx_http_memc_add_variable
fun:ngx_http_memc_init
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_event_process_init
fun:ngx_single_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_crc32_table_init
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_event_process_init
fun:ngx_worker_process_init
fun:ngx_worker_process_cycle
fun:ngx_spawn_process
fun:ngx_start_worker_processes
fun:ngx_master_process_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_pcalloc
fun:ngx_hash_init
fun:ngx_http_variables_init_vars
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_pcalloc
fun:ngx_http_upstream_drizzle_create_srv_conf
fun:ngx_http_upstream
fun:ngx_conf_parse
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_pcalloc
fun:ngx_hash_keys_array_init
fun:ngx_http_variables_add_core_vars
fun:ngx_http_core_preconfiguration
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_array_push
fun:ngx_hash_add_key
fun:ngx_http_add_variable
fun:ngx_http_echo_add_variables
fun:ngx_http_echo_handler_init
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_pcalloc
fun:ngx_http_upstream_drizzle_create_srv_conf
fun:ngx_http_core_server
fun:ngx_conf_parse
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_pcalloc
fun:ngx_http_upstream_drizzle_create_srv_conf
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_array_push
fun:ngx_hash_add_key
fun:ngx_http_variables_add_core_vars
fun:ngx_http_core_preconfiguration
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_pcalloc
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_hash_init
fun:ngx_http_upstream_init_main_conf
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_pcalloc
fun:ngx_http_drizzle_keepalive_init
fun:ngx_http_upstream_drizzle_init
fun:ngx_http_upstream_init_main_conf
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
fun:malloc
fun:ngx_alloc
fun:ngx_palloc_large
fun:ngx_palloc
fun:ngx_hash_init
fun:ngx_http_variables_init_vars
fun:ngx_http_block
fun:ngx_conf_parse
fun:ngx_init_cycle
fun:main
}
{
<insert_a_suppression_name_here>
Memcheck:Cond
fun:index
fun:expand_dynamic_string_token
fun:_dl_map_object
fun:map_doit
fun:_dl_catch_error
fun:do_preload
fun:dl_main
fun:_dl_sysdep_start
fun:_dl_start
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:ngx_alloc
fun:ngx_set_environment
fun:ngx_single_process_cycle
}
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:ngx_alloc
fun:ngx_set_environment
fun:ngx_worker_process_init
fun:ngx_worker_process_cycle
}