diff options
author | daurnimator <quae@daurnimator.com> | 2017-04-03 15:53:49 +1000 |
---|---|---|
committer | daurnimator <quae@daurnimator.com> | 2017-04-03 15:54:24 +1000 |
commit | 590d368daeb400515c82b2d99ddcdf14607f9353 (patch) | |
tree | 02ccfbb791c934f976a21ced2485c10f780d3ac7 | |
parent | f2f0f09caef1925a4ff731a6feed35b8f355b169 (diff) | |
parent | 3c49837d05b6fad0f1212a27e81e8ffc868eedfb (diff) | |
download | luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.gz luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.bz2 luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.zip |
Merge commit '3c49837d05b6fad0f1212a27e81e8ffc868eedfb'
This contains portions of #90
-rw-r--r-- | doc/luaossl.pdf | bin | 289975 -> 268918 bytes | |||
-rw-r--r-- | doc/luaossl.tex | 13 | ||||
-rw-r--r-- | src/openssl.c | 92 |
3 files changed, 103 insertions, 2 deletions
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf index 6a20f27..b015a6a 100644 --- a/doc/luaossl.pdf +++ b/doc/luaossl.pdf | |||
Binary files differ | |||
diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 7db7463..0675e62 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex | |||
@@ -286,8 +286,13 @@ field & type:default & description\\\hline | |||
286 | 286 | ||
287 | .exp & number:65537 & RSA or Diffie-Hellman exponent \\ | 287 | .exp & number:65537 & RSA or Diffie-Hellman exponent \\ |
288 | 288 | ||
289 | .dhparam & string & PEM encoded string with precomputed DH parameters \\ | ||
290 | |||
289 | .curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve | 291 | .curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve |
290 | \end{ctabular} | 292 | \end{ctabular} |
293 | |||
294 | The DH parameters ``dhparam'' will be generated on the fly, ``bits'' wide. This is a slow process, and especially for larger sizes, you would precompute those; for example: ``openssl dhparam -2 -out dh-2048.pem -outform PEM 2048''. Using the field ``dhparam'' overrides the ``bits'' field. | ||
295 | |||
291 | \subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}} | 296 | \subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}} |
292 | 297 | ||
293 | Add or interpose a pkey class method. Returns the previous method, if any. | 298 | Add or interpose a pkey class method. Returns the previous method, if any. |
@@ -688,6 +693,10 @@ Returns the integer count of the number of extensions. | |||
688 | 693 | ||
689 | Signs the instance CRL using the \module{openssl.pkey} $key$. | 694 | Signs the instance CRL using the \module{openssl.pkey} $key$. |
690 | 695 | ||
696 | \subsubsection[\fn{crl:verify}]{\fn{crl:verify($publickey$)}} | ||
697 | |||
698 | Verifies the instance CRL using a public key. | ||
699 | |||
691 | \subsubsection[\fn{crl:text}]{\fn{crl:text()}} | 700 | \subsubsection[\fn{crl:text}]{\fn{crl:text()}} |
692 | 701 | ||
693 | Returns a human-readable textual representation of the instance CRL. | 702 | Returns a human-readable textual representation of the instance CRL. |
@@ -763,6 +772,10 @@ Add or interpose a store class method. Returns the previous method, if any. | |||
763 | 772 | ||
764 | Returns a PKCS \#12 binary encoded string. | 773 | Returns a PKCS \#12 binary encoded string. |
765 | 774 | ||
775 | \subsubsection[\fn{pkcs12.parse}]{\fn{pkcs12.parse($bag$[, $passphrase$])}} | ||
776 | |||
777 | Parses a PKCS\#12 bag, presented as a binary string $bag$. The second parameter $passphrase$ is the passphrase required to decrypt the PKCS\#12 bag. The function returns three items; namely the key, certificate and the CA chain, as their respective objects. If an item is absent, it will be substituted with nil. | ||
778 | |||
766 | \end{Module} | 779 | \end{Module} |
767 | 780 | ||
768 | 781 | ||
diff --git a/src/openssl.c b/src/openssl.c index fa7dd79..0ba7825 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
@@ -3062,6 +3062,7 @@ static int pk_new(lua_State *L) { | |||
3062 | unsigned exp = 65537; | 3062 | unsigned exp = 65537; |
3063 | int curve = NID_X9_62_prime192v1; | 3063 | int curve = NID_X9_62_prime192v1; |
3064 | const char *id; | 3064 | const char *id; |
3065 | const char *dhparam = NULL; | ||
3065 | lua_Number n; | 3066 | lua_Number n; |
3066 | 3067 | ||
3067 | if (!lua_istable(L, 1)) | 3068 | if (!lua_istable(L, 1)) |
@@ -3103,6 +3104,9 @@ static int pk_new(lua_State *L) { | |||
3103 | luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); | 3104 | luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); |
3104 | } | 3105 | } |
3105 | 3106 | ||
3107 | /* dhparam field can contain a PEM encoded string. */ | ||
3108 | loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam); | ||
3109 | |||
3106 | creat: | 3110 | creat: |
3107 | if (!(*ud = EVP_PKEY_new())) | 3111 | if (!(*ud = EVP_PKEY_new())) |
3108 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3112 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
@@ -3140,9 +3144,23 @@ creat: | |||
3140 | case EVP_PKEY_DH: { | 3144 | case EVP_PKEY_DH: { |
3141 | DH *dh; | 3145 | DH *dh; |
3142 | 3146 | ||
3143 | if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) | 3147 | /* DH Parameter Generation can take a long time, therefore we look |
3148 | * at the "dhparam" field, provided by the user. | ||
3149 | * The "dhparam" field takes precedence over "bits" | ||
3150 | */ | ||
3151 | if (dhparam) { | ||
3152 | BIO *bio = BIO_new_mem_buf((void*)dhparam, strlen(dhparam)); | ||
3153 | if (!bio) | ||
3154 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | ||
3155 | |||
3156 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); | ||
3157 | BIO_free(bio); | ||
3158 | if (!dh) | ||
3159 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | ||
3160 | } else if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) | ||
3144 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3161 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
3145 | 3162 | ||
3163 | |||
3146 | if (!DH_generate_key(dh)) { | 3164 | if (!DH_generate_key(dh)) { |
3147 | DH_free(dh); | 3165 | DH_free(dh); |
3148 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3166 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
@@ -6630,7 +6648,7 @@ static int xx_getNextUpdate(lua_State *L) { | |||
6630 | updateby = timeutc(time); | 6648 | updateby = timeutc(time); |
6631 | 6649 | ||
6632 | if (isfinite(updateby)) | 6650 | if (isfinite(updateby)) |
6633 | lua_pushnumber(L, 1); | 6651 | lua_pushnumber(L, updateby); |
6634 | else | 6652 | else |
6635 | lua_pushnil(L); | 6653 | lua_pushnil(L); |
6636 | 6654 | ||
@@ -6820,6 +6838,19 @@ static int xx_sign(lua_State *L) { | |||
6820 | } /* xx_sign() */ | 6838 | } /* xx_sign() */ |
6821 | 6839 | ||
6822 | 6840 | ||
6841 | static int xx_verify(lua_State *L) { | ||
6842 | X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); | ||
6843 | EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); | ||
6844 | |||
6845 | if (!X509_CRL_verify(crl, key)) | ||
6846 | return auxL_error(L, auxL_EOPENSSL, "x509.crl:verify"); | ||
6847 | |||
6848 | lua_pushboolean(L, 1); | ||
6849 | |||
6850 | return 1; | ||
6851 | } /* xx_verify() */ | ||
6852 | |||
6853 | |||
6823 | static int xx_text(lua_State *L) { | 6854 | static int xx_text(lua_State *L) { |
6824 | X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); | 6855 | X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); |
6825 | 6856 | ||
@@ -6889,6 +6920,7 @@ static const auxL_Reg xx_methods[] = { | |||
6889 | { "getExtension", &xx_getExtension }, | 6920 | { "getExtension", &xx_getExtension }, |
6890 | { "getExtensionCount", &xx_getExtensionCount }, | 6921 | { "getExtensionCount", &xx_getExtensionCount }, |
6891 | { "sign", &xx_sign }, | 6922 | { "sign", &xx_sign }, |
6923 | { "verify", &xx_verify }, | ||
6892 | { "text", &xx_text }, | 6924 | { "text", &xx_text }, |
6893 | { "tostring", &xx__tostring }, | 6925 | { "tostring", &xx__tostring }, |
6894 | { NULL, NULL }, | 6926 | { NULL, NULL }, |
@@ -7416,6 +7448,61 @@ static int p12_interpose(lua_State *L) { | |||
7416 | } /* p12_interpose() */ | 7448 | } /* p12_interpose() */ |
7417 | 7449 | ||
7418 | 7450 | ||
7451 | static int p12_parse(lua_State *L) { | ||
7452 | /* parse a p12 binary string and return the parts */ | ||
7453 | |||
7454 | EVP_PKEY *pkey; | ||
7455 | X509 *cert; | ||
7456 | STACK_OF(X509) *ca = NULL; | ||
7457 | PKCS12 *p12; | ||
7458 | |||
7459 | /* gather input parameters */ | ||
7460 | size_t len; | ||
7461 | const char *blob = luaL_checklstring(L, 1, &len); | ||
7462 | const char *passphrase = luaL_optstring(L, 2, NULL); | ||
7463 | |||
7464 | /* prepare return values */ | ||
7465 | EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS); | ||
7466 | X509 **ud_cert = prepsimple(L, X509_CERT_CLASS); | ||
7467 | STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS); | ||
7468 | /* Note: *ud_chain must be initialised to NULL, which prepsimple does. */ | ||
7469 | |||
7470 | /* read PKCS#12 data into OpenSSL memory buffer */ | ||
7471 | BIO *bio = BIO_new_mem_buf((void*)blob, len); | ||
7472 | if (!bio) | ||
7473 | return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse"); | ||
7474 | p12 = d2i_PKCS12_bio(bio, NULL); | ||
7475 | BIO_free(bio); | ||
7476 | if (!p12) | ||
7477 | return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse"); | ||
7478 | |||
7479 | /* the p12 pointer holds the data we're interested in */ | ||
7480 | int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain); | ||
7481 | PKCS12_free(p12); | ||
7482 | if (!rc) | ||
7483 | auxL_error(L, auxL_EOPENSSL, "pkcs12.parse"); | ||
7484 | |||
7485 | /* replace the return values by nil if the ud pointers are NULL */ | ||
7486 | if (*ud_pkey == NULL) { | ||
7487 | lua_pushnil(L); | ||
7488 | lua_replace(L, -4); | ||
7489 | } | ||
7490 | |||
7491 | if (*ud_cert == NULL) { | ||
7492 | lua_pushnil(L); | ||
7493 | lua_replace(L, -3); | ||
7494 | } | ||
7495 | |||
7496 | /* other certificates (a chain, STACK_OF(X509) *) */ | ||
7497 | if (*ud_chain == NULL) { | ||
7498 | lua_pop(L, 1); | ||
7499 | lua_pushnil(L); | ||
7500 | } | ||
7501 | |||
7502 | return 3; | ||
7503 | } /* p12_parse() */ | ||
7504 | |||
7505 | |||
7419 | static int p12__tostring(lua_State *L) { | 7506 | static int p12__tostring(lua_State *L) { |
7420 | PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS); | 7507 | PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS); |
7421 | BIO *bio = getbio(L); | 7508 | BIO *bio = getbio(L); |
@@ -7459,6 +7546,7 @@ static const auxL_Reg p12_metatable[] = { | |||
7459 | static const auxL_Reg p12_globals[] = { | 7546 | static const auxL_Reg p12_globals[] = { |
7460 | { "new", &p12_new }, | 7547 | { "new", &p12_new }, |
7461 | { "interpose", &p12_interpose }, | 7548 | { "interpose", &p12_interpose }, |
7549 | { "parse", &p12_parse }, | ||
7462 | { NULL, NULL }, | 7550 | { NULL, NULL }, |
7463 | }; | 7551 | }; |
7464 | 7552 | ||