Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement std.sha256 #607

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,9 @@ OD ?= od

OPT ?= -O3

CXXFLAGS ?= -g $(OPT) -Wall -Wextra -Woverloaded-virtual -pedantic -std=c++0x -fPIC -Iinclude -Ithird_party/md5 -Ithird_party/json
CXXFLAGS ?= -g $(OPT) -Wall -Wextra -Woverloaded-virtual -pedantic -std=c++0x -fPIC -Iinclude -Ithird_party/json
CFLAGS ?= -g $(OPT) -Wall -Wextra -pedantic -std=c99 -fPIC -Iinclude
MAKEDEPENDFLAGS ?= -Iinclude -Ithird_party/md5 -Ithird_party/json
MAKEDEPENDFLAGS ?= -Iinclude -Ithird_party/json
EMCXXFLAGS = $(CXXFLAGS) -g0 -Os --memory-init-file 0 -s DISABLE_EXCEPTION_CATCHING=0 -s OUTLINING_LIMIT=10000 -s RESERVED_FUNCTION_POINTERS=20
EMCFLAGS = $(CFLAGS) --memory-init-file 0 -s DISABLE_EXCEPTION_CATCHING=0
LDFLAGS ?=
Expand All @@ -52,7 +52,7 @@ LIB_SRC = \
core/static_analysis.cpp \
core/string_utils.cpp \
core/vm.cpp \
third_party/md5/md5.cpp
hash/hash.cpp

LIB_OBJ = $(LIB_SRC:.cpp=.o)

Expand Down Expand Up @@ -83,10 +83,10 @@ ALL_HEADERS = \
core/string_utils.h \
core/vm.h \
core/std.jsonnet.h \
hash/hash.h \
include/libjsonnet.h \
include/libjsonnet_fmt.h \
include/libjsonnet++.h \
third_party/md5/md5.h \
third_party/json/json.hpp

default: jsonnet
Expand Down
26 changes: 11 additions & 15 deletions WORKSPACE
Original file line number Diff line number Diff line change
@@ -1,35 +1,31 @@
workspace(name = "jsonnet")

# This local_repository looks silly but it makes io_bazel_rules_jsonnet use
# _this_ jsonnet, not another downloaded copy.
local_repository(
name = "jsonnet",
path = ".",
)
load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")

git_repository(
name = "io_bazel_rules_jsonnet",
commit = "09ec18db5b9ad3129810f5f0ccc86363a8bfb6be",
remote = "https://github.com/bazelbuild/rules_jsonnet.git",
)

new_git_repository(
git_repository(
name = "com_google_googletest",
remote = "https://github.com/google/googletest.git",

# If updating googletest version, also update CMakeLists.txt.in.
tag = "release-1.8.0",
build_file = "gmock.BUILD",
tag = "release-1.8.1",
)

bind(
name = "googletest",
actual = "@com_google_googletest//:googletest_no_main",
git_repository(
name = "boringssl",
commit = "b8a5219531146b0907a72da8e62f331bb0d673c5",
remote = "https://boringssl.googlesource.com/boringssl",
)

bind(
name = "googletest_main",
actual = "@com_google_googletest//:googletest",
git_repository(
name = "com_google_absl",
commit = "2a62fbdedf64673f7c858bc6487bd15bcd2ca180",
remote = "https://github.com/abseil/abseil-cpp.git",
)

load("//tools/build_defs:python_repo.bzl", "python_interpreter")
Expand Down
29 changes: 22 additions & 7 deletions core/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,15 @@ cc_library(
"unicode.h",
"vm.h",
],
includes = ["."],
linkopts = ["-lm"],
deps = [
":hash",
"//include:libjsonnet",
"//include:libjsonnet_fmt",
"//stdlib:std",
"//third_party/json:json",
"//third_party/md5:libmd5",
"//third_party/json",
],
linkopts = ["-lm"],
includes = ["."],
)

cc_test(
Expand All @@ -45,7 +45,7 @@ cc_test(
deps = [
":libjsonnet",
# Note: On Ubuntu, apt-get install libgtest-dev google-mock
"//external:googletest_main",
"@com_google_googletest//:gtest_main",
],
)

Expand All @@ -54,7 +54,7 @@ cc_test(
srcs = ["parser_test.cpp"],
deps = [
":libjsonnet",
"//external:googletest_main",
"@com_google_googletest//:gtest_main",
],
)

Expand All @@ -63,6 +63,21 @@ cc_test(
srcs = ["libjsonnet_test.cpp"],
deps = [
":libjsonnet",
"//external:googletest_main",
"@com_google_googletest//:gtest_main",
],
)

cc_library(
name = "hash",
srcs = [
"hash.cpp",
],
hdrs = [
"hash.h",
],
visibility = ["//visibility:private"],
deps = [
"@boringssl//:crypto",
"@com_google_absl//absl/strings",
],
)
3 changes: 2 additions & 1 deletion core/desugarer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ struct BuiltinDecl {
std::vector<UString> params;
};

static unsigned long max_builtin = 37;
static unsigned long max_builtin = 38;
BuiltinDecl jsonnet_builtin_decl(unsigned long builtin)
{
switch (builtin) {
Expand Down Expand Up @@ -76,6 +76,7 @@ BuiltinDecl jsonnet_builtin_decl(unsigned long builtin)
case 35: return {U"parseJson", {U"str"}};
case 36: return {U"encodeUTF8", {U"str"}};
case 37: return {U"decodeUTF8", {U"arr"}};
case 38: return {U"sha256", {U"str"}};
default:
std::cerr << "INTERNAL ERROR: Unrecognized builtin function: " << builtin << std::endl;
std::abort();
Expand Down
35 changes: 35 additions & 0 deletions core/hash.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#include "core/hash.h"

#include "absl/strings/escaping.h"
#include "openssl/bio.h"
#include "openssl/digest.h"

namespace jsonnet {
namespace hash {

namespace {

std::string digest(const std::string& input, const EVP_MD* alg)
{
uint8_t digest[EVP_MAX_MD_SIZE];
unsigned int digest_length = 0;
if (EVP_Digest(input.data(), input.size(), digest, &digest_length, alg, nullptr) != 1) {
return "";
}
return absl::BytesToHexString(
std::string(reinterpret_cast<const char*>(digest), digest_length));
}
} // namespace

std::string Sha256(const std::string& input)
{
return digest(input, EVP_sha256());
}

std::string Md5(const std::string& input)
{
return digest(input, EVP_md5());
}

} // namespace hash
} // namespace jsonnet
13 changes: 13 additions & 0 deletions core/hash.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#pragma once

#include <string>

namespace jsonnet {
namespace hash {

std::string Sha256(const std::string& input);

std::string Md5(const std::string& input);

} // namespace hash
} // namespace jsonnet
25 changes: 23 additions & 2 deletions core/vm.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,10 @@ limitations under the License.
#include <set>
#include <string>

#include "core/hash.h"
#include "desugarer.h"
#include "json.h"
#include "json.hpp"
#include "md5.h"
#include "parser.h"
#include "state.h"
#include "static_analysis.h"
Expand Down Expand Up @@ -869,7 +869,12 @@ class Interpreter {
builtins["extVar"] = &Interpreter::builtinExtVar;
builtins["primitiveEquals"] = &Interpreter::builtinPrimitiveEquals;
builtins["native"] = &Interpreter::builtinNative;
#ifndef DISABLE_INSECURE_HASH
builtins["md5"] = &Interpreter::builtinMd5;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason to leave the old one at all? Why not just always use OpenSSL version if we depend on it anyway?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Backwards compatibility. We don't want to force people to redeploy their entire infrastructure because they were using md5 to generate unique names for things.

#else
builtins["md5"] = &Interpreter::builtinMd5Disabled;
#endif
builtins["sha256"] = &Interpreter::builtinSha256;
builtins["trace"] = &Interpreter::builtinTrace;
builtins["splitLimit"] = &Interpreter::builtinSplitLimit;
builtins["substr"] = &Interpreter::builtinSubstr;
Expand Down Expand Up @@ -1310,7 +1315,23 @@ class Interpreter {

std::string value = encode_utf8(static_cast<HeapString *>(args[0].v.h)->value);

scratch = makeString(decode_utf8(md5(value)));
scratch = makeString(decode_utf8(jsonnet::hash::Md5(value)));
return nullptr;
}

const AST *builtinMd5Disabled(const LocationRange &loc, const std::vector<Value> &args)
{
throw makeError(
loc, "std.md5 was disabled at compile time because it is insecure. Use std.sha256.");
}

const AST *builtinSha256(const LocationRange &loc, const std::vector<Value> &args)
{
validateBuiltinArgs(loc, "sha255", args, {Value::STRING});

std::string value = encode_utf8(static_cast<HeapString *>(args[0].v.h)->value);

scratch = makeString(decode_utf8(jsonnet::hash::Sha256(value)));
return nullptr;
}

Expand Down
2 changes: 1 addition & 1 deletion cpp/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ cc_test(
data = ["//cpp/testdata"],
deps = [
":libjsonnet++",
"//external:googletest_main",
"@com_google_googletest//:gtest_main",
],
)
Loading