diff options
| author | daurnimator <quae@daurnimator.com> | 2017-04-03 15:53:49 +1000 |
|---|---|---|
| committer | daurnimator <quae@daurnimator.com> | 2017-04-03 15:54:24 +1000 |
| commit | 590d368daeb400515c82b2d99ddcdf14607f9353 (patch) | |
| tree | 02ccfbb791c934f976a21ced2485c10f780d3ac7 /src | |
| parent | f2f0f09caef1925a4ff731a6feed35b8f355b169 (diff) | |
| parent | 3c49837d05b6fad0f1212a27e81e8ffc868eedfb (diff) | |
| download | luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.gz luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.bz2 luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.zip | |
Merge commit '3c49837d05b6fad0f1212a27e81e8ffc868eedfb'
This contains portions of #90
Diffstat (limited to 'src')
| -rw-r--r-- | src/openssl.c | 92 |
1 files changed, 90 insertions, 2 deletions
diff --git a/src/openssl.c b/src/openssl.c index fa7dd79..0ba7825 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
| @@ -3062,6 +3062,7 @@ static int pk_new(lua_State *L) { | |||
| 3062 | unsigned exp = 65537; | 3062 | unsigned exp = 65537; |
| 3063 | int curve = NID_X9_62_prime192v1; | 3063 | int curve = NID_X9_62_prime192v1; |
| 3064 | const char *id; | 3064 | const char *id; |
| 3065 | const char *dhparam = NULL; | ||
| 3065 | lua_Number n; | 3066 | lua_Number n; |
| 3066 | 3067 | ||
| 3067 | if (!lua_istable(L, 1)) | 3068 | if (!lua_istable(L, 1)) |
| @@ -3103,6 +3104,9 @@ static int pk_new(lua_State *L) { | |||
| 3103 | luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); | 3104 | luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); |
| 3104 | } | 3105 | } |
| 3105 | 3106 | ||
| 3107 | /* dhparam field can contain a PEM encoded string. */ | ||
| 3108 | loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam); | ||
| 3109 | |||
| 3106 | creat: | 3110 | creat: |
| 3107 | if (!(*ud = EVP_PKEY_new())) | 3111 | if (!(*ud = EVP_PKEY_new())) |
| 3108 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3112 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
| @@ -3140,9 +3144,23 @@ creat: | |||
| 3140 | case EVP_PKEY_DH: { | 3144 | case EVP_PKEY_DH: { |
| 3141 | DH *dh; | 3145 | DH *dh; |
| 3142 | 3146 | ||
| 3143 | if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) | 3147 | /* DH Parameter Generation can take a long time, therefore we look |
| 3148 | * at the "dhparam" field, provided by the user. | ||
| 3149 | * The "dhparam" field takes precedence over "bits" | ||
| 3150 | */ | ||
| 3151 | if (dhparam) { | ||
| 3152 | BIO *bio = BIO_new_mem_buf((void*)dhparam, strlen(dhparam)); | ||
| 3153 | if (!bio) | ||
| 3154 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | ||
| 3155 | |||
| 3156 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); | ||
| 3157 | BIO_free(bio); | ||
| 3158 | if (!dh) | ||
| 3159 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | ||
| 3160 | } else if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) | ||
| 3144 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3161 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
| 3145 | 3162 | ||
| 3163 | |||
| 3146 | if (!DH_generate_key(dh)) { | 3164 | if (!DH_generate_key(dh)) { |
| 3147 | DH_free(dh); | 3165 | DH_free(dh); |
| 3148 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3166 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
| @@ -6630,7 +6648,7 @@ static int xx_getNextUpdate(lua_State *L) { | |||
| 6630 | updateby = timeutc(time); | 6648 | updateby = timeutc(time); |
| 6631 | 6649 | ||
| 6632 | if (isfinite(updateby)) | 6650 | if (isfinite(updateby)) |
| 6633 | lua_pushnumber(L, 1); | 6651 | lua_pushnumber(L, updateby); |
| 6634 | else | 6652 | else |
| 6635 | lua_pushnil(L); | 6653 | lua_pushnil(L); |
| 6636 | 6654 | ||
| @@ -6820,6 +6838,19 @@ static int xx_sign(lua_State *L) { | |||
| 6820 | } /* xx_sign() */ | 6838 | } /* xx_sign() */ |
| 6821 | 6839 | ||
| 6822 | 6840 | ||
| 6841 | static int xx_verify(lua_State *L) { | ||
| 6842 | X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); | ||
| 6843 | EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); | ||
| 6844 | |||
| 6845 | if (!X509_CRL_verify(crl, key)) | ||
| 6846 | return auxL_error(L, auxL_EOPENSSL, "x509.crl:verify"); | ||
| 6847 | |||
| 6848 | lua_pushboolean(L, 1); | ||
| 6849 | |||
| 6850 | return 1; | ||
| 6851 | } /* xx_verify() */ | ||
| 6852 | |||
| 6853 | |||
| 6823 | static int xx_text(lua_State *L) { | 6854 | static int xx_text(lua_State *L) { |
| 6824 | X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); | 6855 | X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); |
| 6825 | 6856 | ||
| @@ -6889,6 +6920,7 @@ static const auxL_Reg xx_methods[] = { | |||
| 6889 | { "getExtension", &xx_getExtension }, | 6920 | { "getExtension", &xx_getExtension }, |
| 6890 | { "getExtensionCount", &xx_getExtensionCount }, | 6921 | { "getExtensionCount", &xx_getExtensionCount }, |
| 6891 | { "sign", &xx_sign }, | 6922 | { "sign", &xx_sign }, |
| 6923 | { "verify", &xx_verify }, | ||
| 6892 | { "text", &xx_text }, | 6924 | { "text", &xx_text }, |
| 6893 | { "tostring", &xx__tostring }, | 6925 | { "tostring", &xx__tostring }, |
| 6894 | { NULL, NULL }, | 6926 | { NULL, NULL }, |
| @@ -7416,6 +7448,61 @@ static int p12_interpose(lua_State *L) { | |||
| 7416 | } /* p12_interpose() */ | 7448 | } /* p12_interpose() */ |
| 7417 | 7449 | ||
| 7418 | 7450 | ||
| 7451 | static int p12_parse(lua_State *L) { | ||
| 7452 | /* parse a p12 binary string and return the parts */ | ||
| 7453 | |||
| 7454 | EVP_PKEY *pkey; | ||
| 7455 | X509 *cert; | ||
| 7456 | STACK_OF(X509) *ca = NULL; | ||
| 7457 | PKCS12 *p12; | ||
| 7458 | |||
| 7459 | /* gather input parameters */ | ||
| 7460 | size_t len; | ||
| 7461 | const char *blob = luaL_checklstring(L, 1, &len); | ||
| 7462 | const char *passphrase = luaL_optstring(L, 2, NULL); | ||
| 7463 | |||
| 7464 | /* prepare return values */ | ||
| 7465 | EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS); | ||
| 7466 | X509 **ud_cert = prepsimple(L, X509_CERT_CLASS); | ||
| 7467 | STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS); | ||
| 7468 | /* Note: *ud_chain must be initialised to NULL, which prepsimple does. */ | ||
| 7469 | |||
| 7470 | /* read PKCS#12 data into OpenSSL memory buffer */ | ||
| 7471 | BIO *bio = BIO_new_mem_buf((void*)blob, len); | ||
| 7472 | if (!bio) | ||
| 7473 | return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse"); | ||
| 7474 | p12 = d2i_PKCS12_bio(bio, NULL); | ||
| 7475 | BIO_free(bio); | ||
| 7476 | if (!p12) | ||
| 7477 | return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse"); | ||
| 7478 | |||
| 7479 | /* the p12 pointer holds the data we're interested in */ | ||
| 7480 | int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain); | ||
| 7481 | PKCS12_free(p12); | ||
| 7482 | if (!rc) | ||
| 7483 | auxL_error(L, auxL_EOPENSSL, "pkcs12.parse"); | ||
| 7484 | |||
| 7485 | /* replace the return values by nil if the ud pointers are NULL */ | ||
| 7486 | if (*ud_pkey == NULL) { | ||
| 7487 | lua_pushnil(L); | ||
| 7488 | lua_replace(L, -4); | ||
| 7489 | } | ||
| 7490 | |||
| 7491 | if (*ud_cert == NULL) { | ||
| 7492 | lua_pushnil(L); | ||
| 7493 | lua_replace(L, -3); | ||
| 7494 | } | ||
| 7495 | |||
| 7496 | /* other certificates (a chain, STACK_OF(X509) *) */ | ||
| 7497 | if (*ud_chain == NULL) { | ||
| 7498 | lua_pop(L, 1); | ||
| 7499 | lua_pushnil(L); | ||
| 7500 | } | ||
| 7501 | |||
| 7502 | return 3; | ||
| 7503 | } /* p12_parse() */ | ||
| 7504 | |||
| 7505 | |||
| 7419 | static int p12__tostring(lua_State *L) { | 7506 | static int p12__tostring(lua_State *L) { |
| 7420 | PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS); | 7507 | PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS); |
| 7421 | BIO *bio = getbio(L); | 7508 | BIO *bio = getbio(L); |
| @@ -7459,6 +7546,7 @@ static const auxL_Reg p12_metatable[] = { | |||
| 7459 | static const auxL_Reg p12_globals[] = { | 7546 | static const auxL_Reg p12_globals[] = { |
| 7460 | { "new", &p12_new }, | 7547 | { "new", &p12_new }, |
| 7461 | { "interpose", &p12_interpose }, | 7548 | { "interpose", &p12_interpose }, |
| 7549 | { "parse", &p12_parse }, | ||
| 7462 | { NULL, NULL }, | 7550 | { NULL, NULL }, |
| 7463 | }; | 7551 | }; |
| 7464 | 7552 | ||