Merge commit '3c49837d05b6fad0f1212a27e81e8ffc868eedfb'

This contains portions of #90
author: daurnimator <quae@daurnimator.com> 2017-04-03 15:53:49 +1000
committer: daurnimator <quae@daurnimator.com> 2017-04-03 15:54:24 +1000
commit: 590d368daeb400515c82b2d99ddcdf14607f9353 (patch)
tree: 02ccfbb791c934f976a21ced2485c10f780d3ac7
parent: f2f0f09caef1925a4ff731a6feed35b8f355b169 (diff)
parent: 3c49837d05b6fad0f1212a27e81e8ffc868eedfb (diff)
download: luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.gz
luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.bz2
luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.zip
3 files changed, 103 insertions, 2 deletions
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf
index 6a20f27..b015a6a 100644
--- a/doc/luaossl.pdf
+++ b/doc/luaossl.pdf
Binary files differ
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 7db7463..0675e62 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -286,8 +286,13 @@ field & type:default & description\\\hline
 .exp & number:65537 & RSA or Diffie-Hellman exponent \\
+.dhparam & string & PEM encoded string with precomputed DH parameters \\
 .curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve
 \end{ctabular}
+The DH parameters ``dhparam'' will be generated on the fly, ``bits'' wide. This is a slow process, and especially for larger sizes, you would precompute those; for example: ``openssl dhparam -2 -out dh-2048.pem -outform PEM 2048''. Using the field ``dhparam'' overrides the ``bits'' field.
 \subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}}
 Add or interpose a pkey class method. Returns the previous method, if any.
@@ -688,6 +693,10 @@ Returns the integer count of the number of extensions.
 Signs the instance CRL using the \module{openssl.pkey} $key$.
+\subsubsection[\fn{crl:verify}]{\fn{crl:verify($publickey$)}}
+Verifies the instance CRL using a public key.
 \subsubsection[\fn{crl:text}]{\fn{crl:text()}}
 Returns a human-readable textual representation of the instance CRL.
@@ -763,6 +772,10 @@ Add or interpose a store class method. Returns the previous method, if any.
 Returns a PKCS \#12 binary encoded string.
+\subsubsection[\fn{pkcs12.parse}]{\fn{pkcs12.parse($bag$[, $passphrase$])}}
+Parses a PKCS\#12 bag, presented as a binary string $bag$. The second parameter $passphrase$ is the passphrase required to decrypt the PKCS\#12 bag. The function returns three items; namely the key, certificate and the CA chain, as their respective objects. If an item is absent, it will be substituted with nil.
 \end{Module}
diff --git a/src/openssl.c b/src/openssl.c
index fa7dd79..0ba7825 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -3062,6 +3062,7 @@ static int pk_new(lua_State *L) {
                unsigned exp = 65537;
                int curve = NID_X9_62_prime192v1;
                const char *id;
+                const char *dhparam = NULL;
                lua_Number n;
                if (!lua_istable(L, 1))
@@ -3103,6 +3104,9 @@ static int pk_new(lua_State *L) {
                                luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id));
                }
+                /* dhparam field can contain a PEM encoded string. */
+                loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam);
 creat:
                if (!(*ud = EVP_PKEY_new()))
                        return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -3140,9 +3144,23 @@ creat:
                case EVP_PKEY_DH: {
                        DH *dh;
-                        if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))
+                        /* DH Parameter Generation can take a long time, therefore we look
+                         * at the "dhparam" field, provided by the user.
+                         * The "dhparam" field takes precedence over "bits"
+                         */
+                        if (dhparam) {
+                                BIO *bio = BIO_new_mem_buf((void*)dhparam, strlen(dhparam));
+                                if (!bio)
+                                        return auxL_error(L, auxL_EOPENSSL, "pkey.new");
+                                dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+                                BIO_free(bio);
+                                if (!dh)
+                                        return auxL_error(L, auxL_EOPENSSL, "pkey.new");
+                        } else if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))
                                return auxL_error(L, auxL_EOPENSSL, "pkey.new");
                        if (!DH_generate_key(dh)) {
                                DH_free(dh);
                                return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -6630,7 +6648,7 @@ static int xx_getNextUpdate(lua_State *L) {
                updateby = timeutc(time);
        if (isfinite(updateby))
-                lua_pushnumber(L, 1);
+                lua_pushnumber(L, updateby);
        else
                lua_pushnil(L);
@@ -6820,6 +6838,19 @@ static int xx_sign(lua_State *L) {
 } /* xx_sign() */
+static int xx_verify(lua_State *L) {
+        X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
+        EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
+        if (!X509_CRL_verify(crl, key))
+                return auxL_error(L, auxL_EOPENSSL, "x509.crl:verify");
+        lua_pushboolean(L, 1);
+        return 1;
+} /* xx_verify() */
 static int xx_text(lua_State *L) {
        X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
@@ -6889,6 +6920,7 @@ static const auxL_Reg xx_methods[] = {
        { "getExtension",   &xx_getExtension },
        { "getExtensionCount", &xx_getExtensionCount },
        { "sign",           &xx_sign },
+        { "verify",         &xx_verify },
        { "text",           &xx_text },
        { "tostring",       &xx__tostring },
        { NULL,             NULL },
@@ -7416,6 +7448,61 @@ static int p12_interpose(lua_State *L) {
 } /* p12_interpose() */
+static int p12_parse(lua_State *L) {
+        /* parse a p12 binary string and return the parts */
+        EVP_PKEY *pkey;
+        X509 *cert;
+        STACK_OF(X509) *ca = NULL;
+        PKCS12 *p12;
+        /* gather input parameters */
+        size_t len;
+        const char *blob = luaL_checklstring(L, 1, &len);
+        const char *passphrase = luaL_optstring(L, 2, NULL);
+        /* prepare return values */
+        EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS);
+        X509 **ud_cert = prepsimple(L, X509_CERT_CLASS);
+        STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS);
+        /* Note: *ud_chain must be initialised to NULL, which prepsimple does. */
+        /* read PKCS#12 data into OpenSSL memory buffer */
+        BIO *bio = BIO_new_mem_buf((void*)blob, len);
+        if (!bio)
+                return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
+        p12 = d2i_PKCS12_bio(bio, NULL);
+        BIO_free(bio);
+        if (!p12)
+                return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
+        /* the p12 pointer holds the data we're interested in */
+        int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain);
+        PKCS12_free(p12);
+        if (!rc)
+                auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
+        /* replace the return values by nil if the ud pointers are NULL */
+        if (*ud_pkey == NULL) {
+                lua_pushnil(L);
+                lua_replace(L, -4);
+        }
+        if (*ud_cert == NULL) {
+                lua_pushnil(L);
+                lua_replace(L, -3);
+        }
+        /* other certificates (a chain, STACK_OF(X509) *) */
+        if (*ud_chain == NULL) {
+                lua_pop(L, 1);
+                lua_pushnil(L);
+        }
+        return 3;
+} /* p12_parse() */
 static int p12__tostring(lua_State *L) {
        PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS);
        BIO *bio = getbio(L);
@@ -7459,6 +7546,7 @@ static const auxL_Reg p12_metatable[] = {
 static const auxL_Reg p12_globals[] = {
        { "new",       &p12_new },
        { "interpose", &p12_interpose },
+        { "parse",     &p12_parse },
        { NULL,        NULL },
 };
author	daurnimator <quae@daurnimator.com>	2017-04-03 15:53:49 +1000
committer	daurnimator <quae@daurnimator.com>	2017-04-03 15:54:24 +1000
commit	590d368daeb400515c82b2d99ddcdf14607f9353 (patch)
tree	02ccfbb791c934f976a21ced2485c10f780d3ac7
parent	f2f0f09caef1925a4ff731a6feed35b8f355b169 (diff)
parent	3c49837d05b6fad0f1212a27e81e8ffc868eedfb (diff)
download	luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.gz luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.bz2 luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.zip

diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf index 6a20f27..b015a6a 100644 --- a/doc/luaossl.pdf +++ b/doc/luaossl.pdf
Binary files differ


diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 7db7463..0675e62 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex
@@ -286,8 +286,13 @@ field & type:default & description\\\hline
286		286
287	.exp & number:65537 & RSA or Diffie-Hellman exponent \\	287	.exp & number:65537 & RSA or Diffie-Hellman exponent \\
288		288
		289	.dhparam & string & PEM encoded string with precomputed DH parameters \\
		290
289	.curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve	291	.curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve
290	\end{ctabular}	292	\end{ctabular}
		293
		294	The DH parameters ``dhparam'' will be generated on the fly, ``bits'' wide. This is a slow process, and especially for larger sizes, you would precompute those; for example: ``openssl dhparam -2 -out dh-2048.pem -outform PEM 2048''. Using the field ``dhparam'' overrides the ``bits'' field.
		295
291	\subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}}	296	\subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}}
292		297
293	Add or interpose a pkey class method. Returns the previous method, if any.	298	Add or interpose a pkey class method. Returns the previous method, if any.
@@ -688,6 +693,10 @@ Returns the integer count of the number of extensions.
688		693
689	Signs the instance CRL using the \module{openssl.pkey} $key$.	694	Signs the instance CRL using the \module{openssl.pkey} $key$.
690		695
		696	\subsubsection[\fn{crl:verify}]{\fn{crl:verify($publickey$)}}
		697
		698	Verifies the instance CRL using a public key.
		699
691	\subsubsection[\fn{crl:text}]{\fn{crl:text()}}	700	\subsubsection[\fn{crl:text}]{\fn{crl:text()}}
692		701
693	Returns a human-readable textual representation of the instance CRL.	702	Returns a human-readable textual representation of the instance CRL.
@@ -763,6 +772,10 @@ Add or interpose a store class method. Returns the previous method, if any.
763		772
764	Returns a PKCS \#12 binary encoded string.	773	Returns a PKCS \#12 binary encoded string.
765		774
		775	\subsubsection[\fn{pkcs12.parse}]{\fn{pkcs12.parse($bag$[, $passphrase$])}}
		776
		777	Parses a PKCS\#12 bag, presented as a binary string $bag$. The second parameter $passphrase$ is the passphrase required to decrypt the PKCS\#12 bag. The function returns three items; namely the key, certificate and the CA chain, as their respective objects. If an item is absent, it will be substituted with nil.
		778
766	\end{Module}	779	\end{Module}
767		780
768		781


diff --git a/src/openssl.c b/src/openssl.c index fa7dd79..0ba7825 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -3062,6 +3062,7 @@ static int pk_new(lua_State *L) {
3062	unsigned exp = 65537;	3062	unsigned exp = 65537;
3063	int curve = NID_X9_62_prime192v1;	3063	int curve = NID_X9_62_prime192v1;
3064	const char *id;	3064	const char *id;
		3065	const char *dhparam = NULL;
3065	lua_Number n;	3066	lua_Number n;
3066		3067
3067	if (!lua_istable(L, 1))	3068	if (!lua_istable(L, 1))
@@ -3103,6 +3104,9 @@ static int pk_new(lua_State *L) {
3103	luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id));	3104	luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id));
3104	}	3105	}
3105		3106
		3107	/* dhparam field can contain a PEM encoded string. */
		3108	loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam);
		3109
3106	creat:	3110	creat:
3107	if (!(*ud = EVP_PKEY_new()))	3111	if (!(*ud = EVP_PKEY_new()))
3108	return auxL_error(L, auxL_EOPENSSL, "pkey.new");	3112	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -3140,9 +3144,23 @@ creat:
3140	case EVP_PKEY_DH: {	3144	case EVP_PKEY_DH: {
3141	DH *dh;	3145	DH *dh;
3142		3146
3143	if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))	3147	/* DH Parameter Generation can take a long time, therefore we look
		3148	* at the "dhparam" field, provided by the user.
		3149	* The "dhparam" field takes precedence over "bits"
		3150	*/
		3151	if (dhparam) {
		3152	BIO bio = BIO_new_mem_buf((void)dhparam, strlen(dhparam));
		3153	if (!bio)
		3154	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
		3155
		3156	dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
		3157	BIO_free(bio);
		3158	if (!dh)
		3159	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
		3160	} else if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))
3144	return auxL_error(L, auxL_EOPENSSL, "pkey.new");	3161	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
3145		3162
		3163
3146	if (!DH_generate_key(dh)) {	3164	if (!DH_generate_key(dh)) {
3147	DH_free(dh);	3165	DH_free(dh);
3148	return auxL_error(L, auxL_EOPENSSL, "pkey.new");	3166	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -6630,7 +6648,7 @@ static int xx_getNextUpdate(lua_State *L) {
6630	updateby = timeutc(time);	6648	updateby = timeutc(time);
6631		6649
6632	if (isfinite(updateby))	6650	if (isfinite(updateby))
6633	lua_pushnumber(L, 1);	6651	lua_pushnumber(L, updateby);
6634	else	6652	else
6635	lua_pushnil(L);	6653	lua_pushnil(L);
6636		6654
@@ -6820,6 +6838,19 @@ static int xx_sign(lua_State *L) {
6820	} /* xx_sign() */	6838	} /* xx_sign() */
6821		6839
6822		6840
		6841	static int xx_verify(lua_State *L) {
		6842	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
		6843	EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
		6844
		6845	if (!X509_CRL_verify(crl, key))
		6846	return auxL_error(L, auxL_EOPENSSL, "x509.crl:verify");
		6847
		6848	lua_pushboolean(L, 1);
		6849
		6850	return 1;
		6851	} /* xx_verify() */
		6852
		6853
6823	static int xx_text(lua_State *L) {	6854	static int xx_text(lua_State *L) {
6824	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);	6855	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6825		6856
@@ -6889,6 +6920,7 @@ static const auxL_Reg xx_methods[] = {
6889	{ "getExtension", &xx_getExtension },	6920	{ "getExtension", &xx_getExtension },
6890	{ "getExtensionCount", &xx_getExtensionCount },	6921	{ "getExtensionCount", &xx_getExtensionCount },
6891	{ "sign", &xx_sign },	6922	{ "sign", &xx_sign },
		6923	{ "verify", &xx_verify },
6892	{ "text", &xx_text },	6924	{ "text", &xx_text },
6893	{ "tostring", &xx__tostring },	6925	{ "tostring", &xx__tostring },
6894	{ NULL, NULL },	6926	{ NULL, NULL },
@@ -7416,6 +7448,61 @@ static int p12_interpose(lua_State *L) {
7416	} /* p12_interpose() */	7448	} /* p12_interpose() */
7417		7449
7418		7450
		7451	static int p12_parse(lua_State *L) {
		7452	/* parse a p12 binary string and return the parts */
		7453
		7454	EVP_PKEY *pkey;
		7455	X509 *cert;
		7456	STACK_OF(X509) *ca = NULL;
		7457	PKCS12 *p12;
		7458
		7459	/* gather input parameters */
		7460	size_t len;
		7461	const char *blob = luaL_checklstring(L, 1, &len);
		7462	const char *passphrase = luaL_optstring(L, 2, NULL);
		7463
		7464	/* prepare return values */
		7465	EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS);
		7466	X509 **ud_cert = prepsimple(L, X509_CERT_CLASS);
		7467	STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS);
		7468	/* Note: ud_chain must be initialised to NULL, which prepsimple does. /
		7469
		7470	/* read PKCS#12 data into OpenSSL memory buffer */
		7471	BIO bio = BIO_new_mem_buf((void)blob, len);
		7472	if (!bio)
		7473	return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
		7474	p12 = d2i_PKCS12_bio(bio, NULL);
		7475	BIO_free(bio);
		7476	if (!p12)
		7477	return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
		7478
		7479	/* the p12 pointer holds the data we're interested in */
		7480	int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain);
		7481	PKCS12_free(p12);
		7482	if (!rc)
		7483	auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
		7484
		7485	/* replace the return values by nil if the ud pointers are NULL */
		7486	if (*ud_pkey == NULL) {
		7487	lua_pushnil(L);
		7488	lua_replace(L, -4);
		7489	}
		7490
		7491	if (*ud_cert == NULL) {
		7492	lua_pushnil(L);
		7493	lua_replace(L, -3);
		7494	}
		7495
		7496	/* other certificates (a chain, STACK_OF(X509) ) /
		7497	if (*ud_chain == NULL) {
		7498	lua_pop(L, 1);
		7499	lua_pushnil(L);
		7500	}
		7501
		7502	return 3;
		7503	} /* p12_parse() */
		7504
		7505
7419	static int p12__tostring(lua_State *L) {	7506	static int p12__tostring(lua_State *L) {
7420	PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS);	7507	PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS);
7421	BIO *bio = getbio(L);	7508	BIO *bio = getbio(L);
@@ -7459,6 +7546,7 @@ static const auxL_Reg p12_metatable[] = {
7459	static const auxL_Reg p12_globals[] = {	7546	static const auxL_Reg p12_globals[] = {
7460	{ "new", &p12_new },	7547	{ "new", &p12_new },
7461	{ "interpose", &p12_interpose },	7548	{ "interpose", &p12_interpose },
		7549	{ "parse", &p12_parse },
7462	{ NULL, NULL },	7550	{ NULL, NULL },
7463	};	7551	};
7464		7552