From 7963580d72a358975133f86f01de2d2eab08ba38 Mon Sep 17 00:00:00 2001 From: xXx-caillou-xXx Date: Fri, 13 Jul 2018 10:36:50 +0200 Subject: Massively optimize how rules are handled This commit does a lot of things: - Use hashtables instead of lists to store the rules - Rules that can be applied at launch time won't be tried at runtime - Improve feedback when writing nonsensical rules - Make intensive use of `zend_string` instead of `char*`--- src/sp_crypt.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'src/sp_crypt.c') diff --git a/src/sp_crypt.c b/src/sp_crypt.c index 6a46d06..d3588b4 100644 --- a/src/sp_crypt.c +++ b/src/sp_crypt.c @@ -7,10 +7,13 @@ ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) void generate_key(unsigned char *key) { PHP_SHA256_CTX ctx; const char *user_agent = getenv("HTTP_USER_AGENT"); - const char *env_var = - getenv(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); - const char *encryption_key = + const zend_string *env_var_zend = + SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var; + const zend_string *encryption_key_zend = SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key; + const char *env_var = (env_var_zend ? getenv(ZSTR_VAL(env_var_zend)) : NULL); + const char *encryption_key = + (encryption_key_zend ? ZSTR_VAL(encryption_key_zend) : NULL); assert(32 == crypto_secretbox_KEYBYTES); // 32 is the size of a SHA256. assert(encryption_key); // Encryption key can't be NULL @@ -24,10 +27,12 @@ void generate_key(unsigned char *key) { if (env_var) { PHP_SHA256Update(&ctx, (unsigned char *)env_var, strlen(env_var)); } else { - sp_log_err("cookie_encryption", - "The environment variable '%s'" - "is empty, cookies are weakly encrypted.", - SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); + sp_log_err( + "cookie_encryption", + "The environment variable '%s'" + "is empty, cookies are weakly encrypted.", + ZSTR_VAL( + SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)); } if (encryption_key) { @@ -119,8 +124,9 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { ** form `base64(nonce | encrypted_data)` (with `|` being the concatenation ** operation). */ -zend_string *encrypt_zval(char *data, unsigned long long data_len) { - const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1; +zend_string *encrypt_zval(zend_string *data) { + const size_t encrypted_msg_len = + crypto_secretbox_ZEROBYTES + ZSTR_LEN(data) + 1; // FIXME : We know that this len is too long const size_t emsg_and_nonce_len = encrypted_msg_len + crypto_secretbox_NONCEBYTES; @@ -137,7 +143,8 @@ zend_string *encrypt_zval(char *data, unsigned long long data_len) { /* tweetnacl's API requires the message to be padded with crypto_secretbox_ZEROBYTES zeroes. */ - memcpy(data_to_encrypt + crypto_secretbox_ZEROBYTES, data, data_len); + memcpy(data_to_encrypt + crypto_secretbox_ZEROBYTES, ZSTR_VAL(data), + ZSTR_LEN(data)); assert(sizeof(zend_long) <= crypto_secretbox_NONCEBYTES); @@ -149,4 +156,4 @@ zend_string *encrypt_zval(char *data, unsigned long long data_len) { zend_string *z = php_base64_encode(encrypted_data, emsg_and_nonce_len); return z; -} \ No newline at end of file +} -- cgit v1.3