diff options
| author | William Ahern <william@25thandclement.com> | 2016-10-29 16:58:34 -0700 |
|---|---|---|
| committer | William Ahern <william@25thandclement.com> | 2016-10-29 16:58:34 -0700 |
| commit | 38e4043d735f406c81173322f30e2a37d97101f5 (patch) | |
| tree | 1c81611454c2756a8786bd22f528b12bbf3a49be | |
| parent | 8aa467e04b93b62fef6a1b225944d82f00ff2168 (diff) | |
| download | luaossl-38e4043d735f406c81173322f30e2a37d97101f5.tar.gz luaossl-38e4043d735f406c81173322f30e2a37d97101f5.tar.bz2 luaossl-38e4043d735f406c81173322f30e2a37d97101f5.zip | |
add and use pkey:getDefaultDigestName because the old digest type names used in examples/vrfy.sig are not accepted by OpenSSL 1.1
Diffstat (limited to '')
| -rwxr-xr-x | examples/vrfy.sig | 17 | ||||
| -rw-r--r-- | src/openssl.c | 37 |
2 files changed, 38 insertions, 16 deletions
diff --git a/examples/vrfy.sig b/examples/vrfy.sig index 258490a..f6cc927 100755 --- a/examples/vrfy.sig +++ b/examples/vrfy.sig | |||
| @@ -13,16 +13,18 @@ local digest = require"openssl.digest" | |||
| 13 | local function genkey(type) | 13 | local function genkey(type) |
| 14 | type = string.upper(type or (not openssl.NO_EC and "EC") or "RSA") | 14 | type = string.upper(type or (not openssl.NO_EC and "EC") or "RSA") |
| 15 | 15 | ||
| 16 | local key | ||
| 16 | if type == "RSA" then | 17 | if type == "RSA" then |
| 17 | return pkey.new{ type = "RSA", bits = 1024 }, "sha256" | 18 | return pkey.new{ type = "RSA", bits = 1024 } |
| 18 | elseif type == "DSA" then | 19 | elseif type == "DSA" then |
| 19 | return pkey.new{ type = "DSA", bits = 1024 }, "dss1" | 20 | return pkey.new{ type = "DSA", bits = 1024 } |
| 20 | else | 21 | else |
| 21 | return pkey.new{ type = "EC", curve = "prime192v1" }, "ecdsa-with-SHA1" | 22 | return pkey.new{ type = "EC", curve = "prime192v1" } |
| 22 | end | 23 | end |
| 23 | end | 24 | end |
| 24 | 25 | ||
| 25 | local key, hash = genkey(keytype) | 26 | local key = genkey(keytype) |
| 27 | local hash = key:getDefaultDigestName() | ||
| 26 | 28 | ||
| 27 | -- digest our message using an appropriate digest ("ecdsa-with-SHA1" for EC; | 29 | -- digest our message using an appropriate digest ("ecdsa-with-SHA1" for EC; |
| 28 | -- "dss1" for DSA; and "sha1", "sha256", etc for RSA). | 30 | -- "dss1" for DSA; and "sha1", "sha256", etc for RSA). |
| @@ -45,6 +47,7 @@ local function tohex(b) | |||
| 45 | return x | 47 | return x |
| 46 | end | 48 | end |
| 47 | 49 | ||
| 48 | print("okay", pub:verify(sig, data)) | 50 | print("verified", pub:verify(sig, data)) |
| 49 | print("type", pub:type()) | 51 | print("key-type", pub:type()) |
| 50 | print("sig", tohex(sig)) | 52 | print("hash-type", hash) |
| 53 | print("signature", tohex(sig)) | ||
diff --git a/src/openssl.c b/src/openssl.c index 2fb7367..88c34d8 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
| @@ -1336,7 +1336,7 @@ static int compat_EVP_PKEY_get_default_digest_nid(EVP_PKEY *key, int *nid) { | |||
| 1336 | *nid = EVP_MD_nid(EVP_ecdsa()); | 1336 | *nid = EVP_MD_nid(EVP_ecdsa()); |
| 1337 | break; | 1337 | break; |
| 1338 | default: | 1338 | default: |
| 1339 | *nid = EVP_MD_nid(EVP_md_null()); | 1339 | *nid = EVP_MD_nid(EVP_sha1()); |
| 1340 | break; | 1340 | break; |
| 1341 | } | 1341 | } |
| 1342 | 1342 | ||
| @@ -3391,6 +3391,26 @@ static int pk_toPEM(lua_State *L) { | |||
| 3391 | } /* pk_toPEM() */ | 3391 | } /* pk_toPEM() */ |
| 3392 | 3392 | ||
| 3393 | 3393 | ||
| 3394 | static int pk_getDefaultDigestName(lua_State *L) { | ||
| 3395 | EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); | ||
| 3396 | int nid; | ||
| 3397 | char txt[256]; | ||
| 3398 | size_t len; | ||
| 3399 | |||
| 3400 | if (!(EVP_PKEY_get_default_digest_nid(key, &nid) > 0)) | ||
| 3401 | return auxL_error(L, auxL_EOPENSSL, "pkey:getDefaultDigestName"); | ||
| 3402 | |||
| 3403 | if (!(len = auxS_nid2txt(txt, sizeof txt, nid))) | ||
| 3404 | return auxL_error(L, auxL_EOPENSSL, "pkey:getDefaultDigestName"); | ||
| 3405 | if (len > sizeof txt) | ||
| 3406 | return auxL_error(L, EOVERFLOW, "pkey:getDefaultDigestName"); | ||
| 3407 | |||
| 3408 | lua_pushlstring(L, txt, len); | ||
| 3409 | |||
| 3410 | return 1; | ||
| 3411 | } /* pk_getDefaultDigestName() */ | ||
| 3412 | |||
| 3413 | |||
| 3394 | enum pk_param { | 3414 | enum pk_param { |
| 3395 | #define PK_RSA_OPTLIST { "n", "e", "d", "p", "q", "dmp1", "dmq1", "iqmp", NULL } | 3415 | #define PK_RSA_OPTLIST { "n", "e", "d", "p", "q", "dmp1", "dmq1", "iqmp", NULL } |
| 3396 | #define PK_RSA_OPTOFFSET PK_RSA_N | 3416 | #define PK_RSA_OPTOFFSET PK_RSA_N |
| @@ -3944,6 +3964,7 @@ static const auxL_Reg pk_methods[] = { | |||
| 3944 | { "setPrivateKey", &pk_setPrivateKey }, | 3964 | { "setPrivateKey", &pk_setPrivateKey }, |
| 3945 | { "sign", &pk_sign }, | 3965 | { "sign", &pk_sign }, |
| 3946 | { "verify", &pk_verify }, | 3966 | { "verify", &pk_verify }, |
| 3967 | { "getDefaultDigestName", &pk_getDefaultDigestName }, | ||
| 3947 | { "toPEM", &pk_toPEM }, | 3968 | { "toPEM", &pk_toPEM }, |
| 3948 | { "getParameters", &pk_getParameters }, | 3969 | { "getParameters", &pk_getParameters }, |
| 3949 | { "setParameters", &pk_setParameters }, | 3970 | { "setParameters", &pk_setParameters }, |
| @@ -5730,18 +5751,16 @@ static const EVP_MD *xc_signature(lua_State *L, int index, EVP_PKEY *key) { | |||
| 5730 | if ((id = luaL_optstring(L, index, NULL))) { | 5751 | if ((id = luaL_optstring(L, index, NULL))) { |
| 5731 | if (!(md = EVP_get_digestbyname(id))) | 5752 | if (!(md = EVP_get_digestbyname(id))) |
| 5732 | goto unknown; | 5753 | goto unknown; |
| 5733 | 5754 | } else { | |
| 5734 | return md; | 5755 | if (!(EVP_PKEY_get_default_digest_nid(key, &nid) > 0)) |
| 5756 | goto unknown; | ||
| 5757 | if (!(md = EVP_get_digestbynid(nid))) | ||
| 5758 | goto unknown; | ||
| 5735 | } | 5759 | } |
| 5736 | 5760 | ||
| 5737 | if (!(EVP_PKEY_get_default_digest_nid(key, &nid) > 0)) | ||
| 5738 | goto unknown; | ||
| 5739 | if (!(md = EVP_get_digestbynid(nid))) | ||
| 5740 | goto unknown; | ||
| 5741 | |||
| 5742 | return md; | 5761 | return md; |
| 5743 | unknown: | 5762 | unknown: |
| 5744 | return EVP_md_null(); | 5763 | return EVP_sha1(); |
| 5745 | } /* xc_signature() */ | 5764 | } /* xc_signature() */ |
| 5746 | 5765 | ||
| 5747 | static int xc_sign(lua_State *L) { | 5766 | static int xc_sign(lua_State *L) { |