summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordaurnimator <quae@daurnimator.com>2017-04-03 15:53:49 +1000
committerdaurnimator <quae@daurnimator.com>2017-04-03 15:54:24 +1000
commit590d368daeb400515c82b2d99ddcdf14607f9353 (patch)
tree02ccfbb791c934f976a21ced2485c10f780d3ac7
parentf2f0f09caef1925a4ff731a6feed35b8f355b169 (diff)
parent3c49837d05b6fad0f1212a27e81e8ffc868eedfb (diff)
downloadluaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.gz
luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.bz2
luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.zip
Merge commit '3c49837d05b6fad0f1212a27e81e8ffc868eedfb'
This contains portions of #90
-rw-r--r--doc/luaossl.pdfbin289975 -> 268918 bytes
-rw-r--r--doc/luaossl.tex13
-rw-r--r--src/openssl.c92
3 files changed, 103 insertions, 2 deletions
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf
index 6a20f27..b015a6a 100644
--- a/doc/luaossl.pdf
+++ b/doc/luaossl.pdf
Binary files differ
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 7db7463..0675e62 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -286,8 +286,13 @@ field & type:default & description\\\hline
286 286
287.exp & number:65537 & RSA or Diffie-Hellman exponent \\ 287.exp & number:65537 & RSA or Diffie-Hellman exponent \\
288 288
289.dhparam & string & PEM encoded string with precomputed DH parameters \\
290
289.curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve 291.curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve
290\end{ctabular} 292\end{ctabular}
293
294The DH parameters ``dhparam'' will be generated on the fly, ``bits'' wide. This is a slow process, and especially for larger sizes, you would precompute those; for example: ``openssl dhparam -2 -out dh-2048.pem -outform PEM 2048''. Using the field ``dhparam'' overrides the ``bits'' field.
295
291\subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}} 296\subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}}
292 297
293Add or interpose a pkey class method. Returns the previous method, if any. 298Add or interpose a pkey class method. Returns the previous method, if any.
@@ -688,6 +693,10 @@ Returns the integer count of the number of extensions.
688 693
689Signs the instance CRL using the \module{openssl.pkey} $key$. 694Signs the instance CRL using the \module{openssl.pkey} $key$.
690 695
696\subsubsection[\fn{crl:verify}]{\fn{crl:verify($publickey$)}}
697
698Verifies the instance CRL using a public key.
699
691\subsubsection[\fn{crl:text}]{\fn{crl:text()}} 700\subsubsection[\fn{crl:text}]{\fn{crl:text()}}
692 701
693Returns a human-readable textual representation of the instance CRL. 702Returns a human-readable textual representation of the instance CRL.
@@ -763,6 +772,10 @@ Add or interpose a store class method. Returns the previous method, if any.
763 772
764Returns a PKCS \#12 binary encoded string. 773Returns a PKCS \#12 binary encoded string.
765 774
775\subsubsection[\fn{pkcs12.parse}]{\fn{pkcs12.parse($bag$[, $passphrase$])}}
776
777Parses a PKCS\#12 bag, presented as a binary string $bag$. The second parameter $passphrase$ is the passphrase required to decrypt the PKCS\#12 bag. The function returns three items; namely the key, certificate and the CA chain, as their respective objects. If an item is absent, it will be substituted with nil.
778
766\end{Module} 779\end{Module}
767 780
768 781
diff --git a/src/openssl.c b/src/openssl.c
index fa7dd79..0ba7825 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -3062,6 +3062,7 @@ static int pk_new(lua_State *L) {
3062 unsigned exp = 65537; 3062 unsigned exp = 65537;
3063 int curve = NID_X9_62_prime192v1; 3063 int curve = NID_X9_62_prime192v1;
3064 const char *id; 3064 const char *id;
3065 const char *dhparam = NULL;
3065 lua_Number n; 3066 lua_Number n;
3066 3067
3067 if (!lua_istable(L, 1)) 3068 if (!lua_istable(L, 1))
@@ -3103,6 +3104,9 @@ static int pk_new(lua_State *L) {
3103 luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); 3104 luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id));
3104 } 3105 }
3105 3106
3107 /* dhparam field can contain a PEM encoded string. */
3108 loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam);
3109
3106creat: 3110creat:
3107 if (!(*ud = EVP_PKEY_new())) 3111 if (!(*ud = EVP_PKEY_new()))
3108 return auxL_error(L, auxL_EOPENSSL, "pkey.new"); 3112 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -3140,9 +3144,23 @@ creat:
3140 case EVP_PKEY_DH: { 3144 case EVP_PKEY_DH: {
3141 DH *dh; 3145 DH *dh;
3142 3146
3143 if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) 3147 /* DH Parameter Generation can take a long time, therefore we look
3148 * at the "dhparam" field, provided by the user.
3149 * The "dhparam" field takes precedence over "bits"
3150 */
3151 if (dhparam) {
3152 BIO *bio = BIO_new_mem_buf((void*)dhparam, strlen(dhparam));
3153 if (!bio)
3154 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
3155
3156 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
3157 BIO_free(bio);
3158 if (!dh)
3159 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
3160 } else if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))
3144 return auxL_error(L, auxL_EOPENSSL, "pkey.new"); 3161 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
3145 3162
3163
3146 if (!DH_generate_key(dh)) { 3164 if (!DH_generate_key(dh)) {
3147 DH_free(dh); 3165 DH_free(dh);
3148 return auxL_error(L, auxL_EOPENSSL, "pkey.new"); 3166 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -6630,7 +6648,7 @@ static int xx_getNextUpdate(lua_State *L) {
6630 updateby = timeutc(time); 6648 updateby = timeutc(time);
6631 6649
6632 if (isfinite(updateby)) 6650 if (isfinite(updateby))
6633 lua_pushnumber(L, 1); 6651 lua_pushnumber(L, updateby);
6634 else 6652 else
6635 lua_pushnil(L); 6653 lua_pushnil(L);
6636 6654
@@ -6820,6 +6838,19 @@ static int xx_sign(lua_State *L) {
6820} /* xx_sign() */ 6838} /* xx_sign() */
6821 6839
6822 6840
6841static int xx_verify(lua_State *L) {
6842 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6843 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
6844
6845 if (!X509_CRL_verify(crl, key))
6846 return auxL_error(L, auxL_EOPENSSL, "x509.crl:verify");
6847
6848 lua_pushboolean(L, 1);
6849
6850 return 1;
6851} /* xx_verify() */
6852
6853
6823static int xx_text(lua_State *L) { 6854static int xx_text(lua_State *L) {
6824 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); 6855 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6825 6856
@@ -6889,6 +6920,7 @@ static const auxL_Reg xx_methods[] = {
6889 { "getExtension", &xx_getExtension }, 6920 { "getExtension", &xx_getExtension },
6890 { "getExtensionCount", &xx_getExtensionCount }, 6921 { "getExtensionCount", &xx_getExtensionCount },
6891 { "sign", &xx_sign }, 6922 { "sign", &xx_sign },
6923 { "verify", &xx_verify },
6892 { "text", &xx_text }, 6924 { "text", &xx_text },
6893 { "tostring", &xx__tostring }, 6925 { "tostring", &xx__tostring },
6894 { NULL, NULL }, 6926 { NULL, NULL },
@@ -7416,6 +7448,61 @@ static int p12_interpose(lua_State *L) {
7416} /* p12_interpose() */ 7448} /* p12_interpose() */
7417 7449
7418 7450
7451static int p12_parse(lua_State *L) {
7452 /* parse a p12 binary string and return the parts */
7453
7454 EVP_PKEY *pkey;
7455 X509 *cert;
7456 STACK_OF(X509) *ca = NULL;
7457 PKCS12 *p12;
7458
7459 /* gather input parameters */
7460 size_t len;
7461 const char *blob = luaL_checklstring(L, 1, &len);
7462 const char *passphrase = luaL_optstring(L, 2, NULL);
7463
7464 /* prepare return values */
7465 EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS);
7466 X509 **ud_cert = prepsimple(L, X509_CERT_CLASS);
7467 STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS);
7468 /* Note: *ud_chain must be initialised to NULL, which prepsimple does. */
7469
7470 /* read PKCS#12 data into OpenSSL memory buffer */
7471 BIO *bio = BIO_new_mem_buf((void*)blob, len);
7472 if (!bio)
7473 return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
7474 p12 = d2i_PKCS12_bio(bio, NULL);
7475 BIO_free(bio);
7476 if (!p12)
7477 return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
7478
7479 /* the p12 pointer holds the data we're interested in */
7480 int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain);
7481 PKCS12_free(p12);
7482 if (!rc)
7483 auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
7484
7485 /* replace the return values by nil if the ud pointers are NULL */
7486 if (*ud_pkey == NULL) {
7487 lua_pushnil(L);
7488 lua_replace(L, -4);
7489 }
7490
7491 if (*ud_cert == NULL) {
7492 lua_pushnil(L);
7493 lua_replace(L, -3);
7494 }
7495
7496 /* other certificates (a chain, STACK_OF(X509) *) */
7497 if (*ud_chain == NULL) {
7498 lua_pop(L, 1);
7499 lua_pushnil(L);
7500 }
7501
7502 return 3;
7503} /* p12_parse() */
7504
7505
7419static int p12__tostring(lua_State *L) { 7506static int p12__tostring(lua_State *L) {
7420 PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS); 7507 PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS);
7421 BIO *bio = getbio(L); 7508 BIO *bio = getbio(L);
@@ -7459,6 +7546,7 @@ static const auxL_Reg p12_metatable[] = {
7459static const auxL_Reg p12_globals[] = { 7546static const auxL_Reg p12_globals[] = {
7460 { "new", &p12_new }, 7547 { "new", &p12_new },
7461 { "interpose", &p12_interpose }, 7548 { "interpose", &p12_interpose },
7549 { "parse", &p12_parse },
7462 { NULL, NULL }, 7550 { NULL, NULL },
7463}; 7551};
7464 7552