summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--GNUmakefile3
-rw-r--r--config.h.guess881
-rw-r--r--doc/luaossl.tex8
-rwxr-xr-xexamples/vrfy.sig16
-rwxr-xr-xmk/luapath (renamed from mk/lua.path)538
-rwxr-xr-xregress/00-store-verify.lua19
-rw-r--r--regress/53-csr-extensions.lua168
-rw-r--r--regress/regress.lua161
-rw-r--r--src/GNUmakefile9
-rw-r--r--src/openssl.auxlib.lua21
-rw-r--r--src/openssl.c1004
-rw-r--r--src/openssl.x509.altname.lua3
-rw-r--r--src/openssl.x509.name.lua3
13 files changed, 2462 insertions, 372 deletions
diff --git a/GNUmakefile b/GNUmakefile
index 2955d86..c58686c 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -133,6 +133,9 @@ endif
133# 133#
134include $(d)/src/GNUmakefile 134include $(d)/src/GNUmakefile
135 135
136$(d)/config.h: $(d)/config.h.guess
137 $(CP) $< $@
138
136 139
137# 140#
138# C L E A N R U L E S 141# C L E A N R U L E S
diff --git a/config.h.guess b/config.h.guess
new file mode 100644
index 0000000..9b5fcdc
--- /dev/null
+++ b/config.h.guess
@@ -0,0 +1,881 @@
1/* ==========================================================================
2 * config.h.guess - Preprocessor-based feature detection
3 * --------------------------------------------------------------------------
4 * Copyright (c) 2015-2016 William Ahern
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a
7 * copy of this software and associated documentation files (the
8 * "Software"), to deal in the Software without restriction, including
9 * without limitation the rights to use, copy, modify, merge, publish,
10 * distribute, sublicense, and/or sell copies of the Software, and to permit
11 * persons to whom the Software is furnished to do so, subject to the
12 * following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included
15 * in all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
18 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
20 * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
21 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
22 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
23 * USE OR OTHER DEALINGS IN THE SOFTWARE.
24 * ==========================================================================
25 */
26#ifndef CONFIG_H_GUESS
27#define CONFIG_H_GUESS
28
29/*
30 * A U T O G U E S S V E R S I O N
31 *
32 * Change AG_VENDOR if maintaining a fork.
33 *
34 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
35
36#define AG_VENDOR "william+autoguess@25thandClement.com"
37#define AG_VERSION 20161019L
38
39
40/*
41 * C O M P I L E R V E N D O R / V E R S I O N D E T E C T I O N
42 *
43 * See http://sourceforge.net/p/predef/wiki/Compilers/
44 *
45 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
46
47#define AG_GNUC_2VER(M, m, p) (((M) * 10000) + ((m) * 100) + (p))
48#define AG_GNUC_PREREQ(M, m, p) (__GNUC__ > 0 && AG_GNUC_2VER(__GNUC__, __GNUC_MINOR__, __GNUC_PATCHLEVEL__) >= AG_GNUC_2VER((M), (m), (p)))
49
50#define AG_MSC_2VER(M, m, p) ((((M) + 6) * 10000000) + ((m) * 1000000) + (p))
51#define AG_MSC_PREREQ(M, m, p) (_MSC_VER_FULL > 0 && _MSC_VER_FULL >= AG_MSC_2VER((M), (m), (p)))
52
53#define AG_SUNPRO_PREREQ(M, m, p) (__SUNPRO_C > 0 && __SUNPRO_C >= 0x ## M ## m ## p)
54
55
56/*
57 * C O M P I L E R / L A N G U A G E F E A T U R E D E T E C T I O N
58 *
59 * NOTE: The has_ and test_ macros are separate because if the test
60 * expression uses the preprocessor "defined" operator the operand
61 * identifier may be replaced before the expression is evaluated. Most tests
62 * will only use arithmetic operations, but if this is not possible then the
63 * test must be written inline, for example
64 *
65 * #if has_attribute(x) || (!HAVE_C___HAS_ATTRIBUTE && defined FOO)
66 * #define HAVE___ATTRIBUTE___X
67 * #endif
68 *
69 * NOTE: Solaris Studio 12.4 supports __has_attribute, but we must enclose
70 * it in parentheses because the expansion results in a token sequence that
71 * chokes the compiler: __has_attribute(nonnull) becomes
72 * __has_attribute__ (nonnull), with a literal space between the preprocessor
73 * identifier and the open parenthesis.
74 *
75 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
76
77#if defined __has_attribute
78#define ag_has_attribute(a) __has_attribute(a)
79#define ag_test_attribute(a, E) (ag_has_attribute(a))
80#else
81#define ag_has_attribute(a) 0
82#define ag_test_attribute(a, E) (E)
83#endif
84
85#if defined __has_extension
86#define ag_has_extension(x) __has_extension(x)
87#define ag_test_extension(x, E) (ag_has_extension(x))
88#else
89#define ag_has_extension(x) 0
90#define ag_test_extension(x, E) (E)
91#endif
92
93#if defined __has_include
94#define ag_has_include(p) __has_include(p)
95#define ag_test_include(p, E) (ag_has_include(p))
96#else
97#define ag_has_include(p) 0
98#define ag_test_include(p, E) (E)
99#endif
100
101#if defined __has_builtin
102#define ag_has_builtin(f) __has_builtin(f)
103#define ag_test_builtin(f, E) (ag_has_builtin(f))
104#else
105#define ag_has_builtin(f) 0
106#define ag_test_builtin(f, E) (E)
107#endif
108
109#ifndef HAVE_C___ATTRIBUTE__
110#define HAVE_C___ATTRIBUTE__ (__GNUC__ || AG_SUNPRO_PREREQ(5,9,0))
111#endif
112
113#ifndef HAVE_C___ATTRIBUTE___CONSTRUCTOR
114#define HAVE_C___ATTRIBUTE___CONSTRUCTOR ag_test_attribute(constructor, __GNUC__)
115#endif
116
117#ifndef HAVE_C___ATTRIBUTE___NONNULL
118#define HAVE_C___ATTRIBUTE___NONNULL ag_test_attribute(nonnull, AG_GNUC_PREREQ(3,3,1))
119#endif
120
121#ifndef HAVE_C___ATTRIBUTE___UNUSED
122#define HAVE_C___ATTRIBUTE___UNUSED ag_test_attribute(unused, __GNUC__)
123#endif
124
125#ifndef HAVE_C___ATTRIBUTE___USED
126#define HAVE_C___ATTRIBUTE___USED ag_test_attribute(used, __GNUC__)
127#endif
128
129#ifndef HAVE_C___ATTRIBUTE___VISIBILITY
130#define HAVE_C___ATTRIBUTE___VISIBILITY ag_test_attribute(visibility, __GNUC__)
131#endif
132
133#ifndef HAVE_C___HAS_EXTENSION
134#define HAVE_C___HAS_EXTENSION (defined __has_extension)
135#endif
136
137#ifndef HAVE_C___HAS_INCLUDE
138#define HAVE_C___HAS_INCLUDE (defined __has_include)
139#endif
140
141#ifndef HAVE_C___EXTENSION__
142#define HAVE_C___EXTENSION__ (__GNUC__)
143#endif
144
145#ifndef HAVE_C___TYPEOF
146#define HAVE_C___TYPEOF (_MSC_VER || __GNUC__ || AG_SUNPRO_PREREQ(5,9,0))
147#endif
148
149#ifndef HAVE_C___TYPEOF__
150#define HAVE_C___TYPEOF__ (__GNUC__ || __xlc__ || AG_SUNPRO_PREREQ(5,9,0))
151#endif
152
153#ifndef HAVE_C__GENERIC
154#define HAVE_C__GENERIC ag_test_extension(c_generic_selections, (AG_GNUC_PREREQ(4,9,0) || __STDC_VERSION__ >= 201112L))
155#endif
156
157#ifndef HAVE_C_STATEMENT_EXPRESSION
158#define HAVE_C_STATEMENT_EXPRESSION (__GNUC__ || AG_SUNPRO_PREREQ(5,9,0))
159#endif
160
161#ifndef HAVE_C_TYPEOF
162#define HAVE_C_TYPEOF (__GNUC__ || __xlc__ || AG_SUNPRO_PREREQ(5,9,0))
163#endif
164
165#ifndef HAVE___ATOMIC_FETCH_ADD
166#define HAVE___ATOMIC_FETCH_ADD (defined __ATOMIC_RELAXED)
167#endif
168
169#ifndef HAVE___ATOMIC_FETCH_SUB
170#define HAVE___ATOMIC_FETCH_SUB HAVE___ATOMIC_FETCH_ADD
171#endif
172
173#ifndef HAVE___BUILTIN_CHOOSE_EXPR
174#define HAVE___BUILTIN_CHOOSE_EXPR (AG_GNUC_PREREQ(3,1,1) || __clang__)
175#endif
176
177#ifndef HAVE___BUILTIN_EXPECT
178#define HAVE___BUILTIN_EXPECT ag_test_builtin(__builtin_expect, __GNUC__)
179#endif
180
181#ifndef HAVE___BUILTIN_NAN
182#define HAVE___BUILTIN_NAN ag_test_builtin(__builtin_nan, AG_GNUC_PREREQ(3,3,1))
183#endif
184
185#ifndef HAVE___BUILTIN_TRAP
186#define HAVE___BUILTIN_TRAP ag_test_builtin(__builtin_trap, AG_GNUC_PREREQ(3,3,1))
187#endif
188
189#ifndef HAVE___BUILTIN_TYPES_COMPATIBLE_P
190#define HAVE___BUILTIN_TYPES_COMPATIBLE_P (AG_GNUC_PREREQ(3,1,1) || __clang__)
191#endif
192
193#ifndef HAVE___BUILTIN_UNREACHABLE
194#define HAVE___BUILTIN_UNREACHABLE ag_test_builtin(__builtin_unreachable, AG_GNUC_PREREQ(4,5,0))
195#endif
196
197#ifndef HAVE__STATIC_ASSERT
198#define HAVE__STATIC_ASSERT ag_test_extension(c_static_assert, (AG_GNUC_PREREQ(4,6,0) || __C11FEATURES__ || __STDC_VERSION__ >= 201112L))
199#endif
200
201
202/*
203 * S Y S T E M E X T E N S I O N S
204 *
205 * We must set these before including any headers for feature detection.
206 *
207 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
208
209#if AG_USE_SYSTEM_EXTENSIONS
210
211/* Solaris */
212#ifndef __EXTENSIONS__
213#define __EXTENSIONS__ 1
214#endif
215
216/* AIX */
217#ifndef _ALL_SOURCE
218#define _ALL_SOURCE 1
219#endif
220
221#ifndef _GNU_SOURCE
222#define _GNU_SOURCE 1
223#endif
224
225#ifndef _MINIX
226#define _MINIX 1
227#endif
228
229/* Solaris */
230#ifndef _POSIX_PTHREAD_SEMANTICS
231#define _POSIX_PTHREAD_SEMANTICS 1
232#endif
233
234#endif /* AG_USE_SYSTEM_EXTENSIONS */
235
236#if AG_SYS_LARGEFILE
237
238/* NOTE: BSDs and musl-libc always provide a 64-bit file API */
239
240/* Apple */
241#ifndef _DARWIN_USE_64_BIT_INODE
242#define _DARWIN_USE_64_BIT_INODE 1
243#endif
244
245/* Solaris and glibc (per Large File Summit recommendation) */
246#ifndef _FILE_OFFSET_BITS
247#define _FILE_OFFSET_BITS 64
248#endif
249
250/* AIX */
251#ifndef _LARGE_FILES
252#define _LARGE_FILES 1
253#endif
254
255#endif /* AG_SYS_LARGEFILE */
256
257
258/*
259 * S Y S T E M D E T E C T I O N (S T A G E 0)
260 *
261 * Define HAVE_FOO macros as arithmetic truth values for any predefined
262 * system macros which have truth values solely based on whether they're
263 * defined.
264 *
265 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
266
267/* NOTE: None so far. See stage 3 below. */
268
269
270/*
271 * S Y S T E M D E T E C T I O N (S T A G E 1)
272 *
273 * Include any headers necessary for minimal libc feature checking, defining
274 * any prerequisite feature macros.
275 *
276 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
277
278/*
279 * NOTE: <limits.h> will indirectly include <features.h>, <standards.h>,
280 * <sys/cdefs.h>, <sys/feature_tests.h>, <sys/featuretest.h>, and similar
281 * system headers which define most of what we care about. Among the typical
282 * feature macros, we also get _DTRACE_VERSION.
283 */
284#include <limits.h>
285
286#ifndef AG_MUSL_MAYBE
287#define AG_MUSL_MAYBE (__linux__ && !__GLIBC__ && !__BIONIC__)
288#endif
289
290#ifndef HAVE_SYS_PARAM_H
291#define HAVE_SYS_PARAM_H ag_test_include(<sys/param.h>, !AG_MUSL_MAYBE)
292#endif
293
294/*
295 * NOTE: Conditionally load <sys/param.h> so we don't unnecessarily pollute
296 * the namespace.
297 */
298#if HAVE_SYS_PARAM_H && !__linux__ && !__sun && !_AIX
299#include <sys/param.h> /* __FreeBSD_version __NetBSD_Prereq__ BSD OpenBSD */
300#endif
301
302#include <fcntl.h> /* F_DUPFD_CLOEXEC */
303
304
305/*
306 * S Y S T E M D E T E C T I O N (S T A G E 2)
307 *
308 * Macros which determine libc vendor and version.
309 *
310 * See http://sourceforge.net/p/predef/wiki/Libraries/
311 *
312 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
313
314#define AG_AIX_PREREQ(M, m) (_AIX # M # m)
315
316#if defined __GLIBC_PREREQ && !defined __UCLIBC__
317#define AG_GLIBC_PREREQ(M, m) (__GLIBC_PREREQ(M, m))
318#else
319#define AG_GLIBC_PREREQ(M, m) 0
320#endif
321
322#define AG_FREEBSD_2VER(M, m, p) (((M) * 100000) + ((m) * 1000) + (p))
323#define AG_FREEBSD_PREREQ(M, m, p) (__FreeBSD__ > 0 && __FreeBSD_version >= AG_FREEBSD_2VER((M), (m), (p)))
324
325#define AG_IPHONE_2VER(M, m) (((M) * 10000) + ((m) * 100))
326#if defined __IPHONE_OS_VERSION_MIN_REQUIRED
327#define AG_IPHONE_PREREQ(M, m) (AG_IPHONE_2VER((M), (m)) <= __IPHONE_OS_VERSION_MIN_REQUIRED)
328#else
329#define AG_IPHONE_PREREQ(M, m) 0
330#endif
331
332#if defined __NetBSD_Prereq__
333#define AG_NETBSD_PREREQ(M, m, p) (!__minix && __NetBSD_Prereq__(M, m, p))
334#else
335#define AG_NETBSD_PREREQ(M, m, p) 0
336#endif
337
338#define AG_MACOS_2VER_10_9(M, m, p) (((M) * 100) + ((m) * 10))
339#define AG_MACOS_2VER_10_10(M, m, p) (((M) * 10000) + ((m) * 100) + (p))
340#define AG_MACOS_PREREQ_10_10(M, m, p) (((M) > 10 || ((M) == 10 && (m) >= 10)) && AG_MACOS_2VER_10_10((M), (m), (p)) <= __MAC_OS_X_VERSION_MIN_REQUIRED)
341#define AG_MACOS_PREREQ_10_9(M, m, p) (((M) == 10 && (m) < 10) && AG_MACOS_2VER_10_9((M), (m), (p)) <= __MAC_OS_X_VERSION_MIN_REQUIRED)
342#if defined __MAC_OS_X_VERSION_MIN_REQUIRED
343#define AG_MACOS_PREREQ(M, m, p) (AG_MACOS_PREREQ_10_10((M), (m), (p)) || AG_MACOS_PREREQ_10_9((M), (m), (p)))
344#else
345#define AG_MACOS_PREREQ(M, m, p) 0
346#endif
347
348#define AG_OPENBSD_PREREQ_0_0 (__OpenBSD__)
349#define AG_OPENBSD_PREREQ_5_5 (OpenBSD >= 201405)
350#define AG_OPENBSD_PREREQ_5_7 (OpenBSD >= 201505)
351#define AG_OPENBSD_PREREQ(M, m) (AG_OPENBSD_PREREQ_ ## M ## _ ## m)
352
353#define AG_SUNOS_PREREQ_5_10 (__sun && _DTRACE_VERSION)
354#define AG_SUNOS_PREREQ_5_11 (__sun && F_DUPFD_CLOEXEC)
355#define AG_SUNOS_PREREQ(M, m) (AG_SUNOS_PREREQ_ ## M ## _ ## m)
356
357#define AG_UCLIBC_2VER(M, m, p) (((M) * 10000) + ((m) * 100) + (p))
358#if defined __UCLIBC__
359#define AG_UCLIBC_PREREQ(M, m, p) (AG_UCLIBC_2VER(__UCLIBC_MAJOR__, __UCLIBC_MINOR__, __UCLIBC_SUBLEVEL__) >= AG_UCLIBC_2VER((M), (m), (p)))
360#else
361#define AG_UCLIBC_PREREQ(M, m, p) 0
362#endif
363
364
365/*
366 * S Y S T E M D E T E C T I O N (S T A G E 3)
367 *
368 * Define HAVE_FOO macros as arithmetic truth values for any system macros
369 * which have a truth value solely based on whether they're defined.
370 *
371 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
372
373#ifndef HAVE___EXTENSIONS__
374#ifdef __EXTENSIONS__
375#define HAVE___EXTENSIONS__ 1
376#endif
377#endif
378
379#ifndef HAVE__ALL_SOURCE
380#ifdef _ALL_SOURCE
381#define HAVE__ALL_SOURCE 1
382#endif
383#endif
384
385#ifndef HAVE__GNU_SOURCE
386#ifdef _GNU_SOURCE
387#define HAVE__GNU_SOURCE 1
388#endif
389#endif
390
391#ifndef HAVE__MINIX
392#if defined _MINIX || (defined __minix && defined _NETBSD_SOURCE)
393#define HAVE__MINIX 1
394#endif
395#endif
396
397#ifndef HAVE__POSIX_PTHREAD_SEMANTICS
398#ifdef _POSIX_PTHREAD_SEMANTICS
399#define HAVE__POSIX_PTHREAD_SEMANTICS 1
400#endif
401#endif
402
403#ifndef HAVE__REENTRANT
404#ifdef _REENTRANT
405#define HAVE__REENTRANT 1
406#endif
407#endif
408
409
410/*
411 * H E A D E R D E T E C T I O N
412 *
413 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
414
415#ifndef HAVE_DLFCN_H
416#define HAVE_DLFCN_H ag_test_include(<dlfcn.h>, 1)
417#endif
418
419#ifndef HAVE_IFADDRS_H
420#define HAVE_IFADDRS_H_ (!_AIX && (!__sun || AG_SUNOS_PREREQ(5,11)))
421#define HAVE_IFADDRS_H ag_test_include(<ifaddrs.h>, HAVE_IFADDRS_H_)
422#endif
423
424#ifndef HAVE_INTTYPES_H
425#define HAVE_INTTYPES_H 1
426#endif
427
428#ifndef HAVE_MACH_CLOCK_H
429#define HAVE_MACH_CLOCK_H ag_test_include(<mach/clock.h>, __APPLE__)
430#endif
431
432#ifndef HAVE_MACH_MACH_H
433#define HAVE_MACH_MACH_H ag_test_include(<mach/mach.h>, __APPLE__)
434#endif
435
436#ifndef HAVE_MACH_MACH_TIME_H
437#define HAVE_MACH_MACH_TIME_H ag_test_include(<mach/mach_time.h>, __APPLE__)
438#endif
439
440#ifndef HAVE_MEMORY_H
441#define HAVE_MEMORY_H 1
442#endif
443
444#ifndef HAVE_PORT_H
445#define HAVE_PORT_H ag_test_include(<port.h>, AG_SUNOS_PREREQ(5,10))
446#endif
447
448/* TODO: Maybe test _POSIX_THREADS from <unistd.h>. */
449#ifndef HAVE_PTHREAD_H
450#define HAVE_PTHREAD_H ag_test_include(<pthread.h>, !__minix)
451#endif
452
453#ifndef HAVE_STDINT_H
454#define HAVE_STDINT_H 1
455#endif
456
457#ifndef HAVE_STDLIB_H
458#define HAVE_STDLIB_H 1
459#endif
460
461#ifndef HAVE_STRING_H
462#define HAVE_STRING_H 1
463#endif
464
465#ifndef HAVE_STRINGS_H
466#define HAVE_STRINGS_H 1
467#endif
468
469#ifndef HAVE_SYS_AUXV_H
470#define HAVE_SYS_AUXV_H_ (AG_GLIBC_PREREQ(2,16) || (!AG_GLIBC_PREREQ(0,0) && __linux__) || __sun)
471#define HAVE_SYS_AUXV_H ag_test_include(<sys/auxv.h>, HAVE_SYS_AUXV_H_)
472#endif
473
474#ifndef HAVE_SYS_EPOLL_H
475#define HAVE_SYS_EPOLL_H ag_test_include(<sys/epoll.h>, __linux__)
476#endif
477
478#ifndef HAVE_SYS_EVENT_H
479#define HAVE_SYS_EVENT_H ag_test_include(<sys/event.h>, BSD)
480#endif
481
482#ifndef HAVE_SYS_EVENTFD_H
483#define HAVE_SYS_EVENTFD_H_ (AG_GLIBC_PREREQ(2,8) || (!AG_GLIBC_PREREQ(0,0) && __linux__) || defined EFD_CLOEXEC)
484#define HAVE_SYS_EVENTFD_H ag_test_include(<sys/eventfd.h>, HAVE_SYS_EVENTFD_H_)
485#endif
486
487#ifndef HAVE_SYS_INOTIFY_H
488#define HAVE_SYS_INOTIFY_H ag_test_include(<sys/inotify.h>, __linux__)
489#endif
490
491#ifndef HAVE_SYS_SIGNALFD_H
492#define HAVE_SYS_SIGNALFD_H_ (AG_GLIBC_PREREQ(2,8) || (!AG_GLIBC_PREREQ(0,0) && __linux__) || defined SFD_CLOEXEC)
493#define HAVE_SYS_SIGNALFD_H ag_test_include(<sys/signalfd.h>, HAVE_SYS_SIGNALFD_H_)
494#endif
495
496#ifndef HAVE_SYS_SOCKIO_H
497#define HAVE_SYS_SOCKIO_H ag_test_include(<sys/sockio.h>, (__sun || BSD))
498#endif
499
500#ifndef HAVE_SYS_STAT_H
501#define HAVE_SYS_STAT_H 1
502#endif
503
504#ifndef HAVE_SYS_SYSCALL_H
505#define HAVE_SYS_SYSCALL_H_ (BSD || __linux__ || __sun)
506#define HAVE_SYS_SYSCALL_H ag_test_include(<sys/syscall.h>, HAVE_SYS_SYSCALL_H_)
507#endif
508
509#ifndef HAVE_SYS_SYSCTL_H
510#define HAVE_SYS_SYSCTL_H ag_test_include(<sys/sysctl.h>, (BSD || __GLIBC__))
511#endif
512
513#ifndef HAVE_SYS_TIMERFD_H
514#define HAVE_SYS_TIMERFD_H_ (AG_GLIBC_PREREQ(2,8) || (!AG_GLIBC_PREREQ(0,0) && __linux__) || defined TFD_CLOEXEC)
515#define HAVE_SYS_TIMERFD_H ag_test_include(<sys/timerfd.h>, HAVE_SYS_TIMERFD_H_)
516#endif
517
518#ifndef HAVE_SYS_TYPES_H
519#define HAVE_SYS_TYPES_H 1
520#endif
521
522#ifndef HAVE_UNISTD_H
523#define HAVE_UNISTD_H 1
524#endif
525
526
527/*
528 * T Y P E D E T E C T I O N
529 *
530 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
531
532#ifndef HAVE_CLOCKID_T
533#define HAVE_CLOCKID_T (defined CLOCK_MONOTONIC)
534#endif
535
536#ifndef HAVE_STRUCT_SOCKADDR_SA_LEN
537#define HAVE_STRUCT_SOCKADDR_SA_LEN (!__linux__ && !__sun)
538#endif
539
540#ifndef HAVE_STRUCT_STAT_ST_ATIM
541#define HAVE_STRUCT_STAT_ST_ATIM (defined st_atime && ((!__APPLE__ && (!__NetBSD__ || AG_NETBSD_PREREQ(7,0,0))) || !HAVE_STRUCT_STAT_ST_ATIMESPEC))
542#endif
543
544#ifndef HAVE_STRUCT_STAT_ST_CTIM
545#define HAVE_STRUCT_STAT_ST_CTIM HAVE_STRUCT_STAT_ST_ATIM
546#endif
547
548#ifndef HAVE_STRUCT_STAT_ST_MTIM
549#define HAVE_STRUCT_STAT_ST_MTIM HAVE_STRUCT_STAT_ST_ATIM
550#endif
551
552#ifndef HAVE_STRUCT_STAT_ST_ATIMESPEC
553#define HAVE_STRUCT_STAT_ST_ATIMESPEC (__APPLE__ || defined st_atimespec || defined st_atimensec)
554#endif
555
556#ifndef HAVE_STRUCT_STAT_ST_CTIMESPEC
557#define HAVE_STRUCT_STAT_ST_CTIMESPEC HAVE_STRUCT_STAT_ST_ATIMESPEC
558#endif
559
560#ifndef HAVE_STRUCT_STAT_ST_MTIMESPEC
561#define HAVE_STRUCT_STAT_ST_MTIMESPEC HAVE_STRUCT_STAT_ST_ATIMESPEC
562#endif
563
564#ifndef HAVE_STRUCT_STAT_ST_BLOCKS
565#define HAVE_STRUCT_STAT_ST_BLOCKS 1
566#endif
567
568#ifndef HAVE_STRUCT_STAT_ST_BLKSIZE
569#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
570#endif
571
572#ifndef HAVE_STRUCT_STAT_ST_RDEV
573#define HAVE_STRUCT_STAT_ST_RDEV 1
574#endif
575
576
577/*
578 * D E C L A R A T I O N D E T E C T I O N
579 *
580 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
581
582#ifndef HAVE___DECL_LIBC_ENABLE_SECURE
583#define HAVE___DECL_LIBC_ENABLE_SECURE 0
584#endif
585
586#ifndef HAVE_DECL_CLOCK_GETTIME
587#define HAVE_DECL_CLOCK_GETTIME HAVE_DECL_CLOCK_MONOTONIC
588#endif
589
590#ifndef HAVE_DECL_CLOCK_MONOTONIC
591#define HAVE_DECL_CLOCK_MONOTONIC (defined CLOCK_MONOTONIC)
592#endif
593
594#ifndef HAVE_DECL_CLOCK_REALTIME
595#define HAVE_DECL_CLOCK_REALTIME (defined CLOCK_REALTIME)
596#endif
597
598#ifndef HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME
599#define HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME (__linux__ && HAVE__GNU_SOURCE)
600#endif
601
602#ifndef HAVE_DECL_PTHREAD_MUTEX_ROBUST
603#define HAVE_DECL_PTHREAD_MUTEX_ROBUST (defined PTHREAD_MUTEX_ROBUST || AG_GLIBC_PREREQ(2,12))
604#endif
605
606#ifndef HAVE_DECL_RANDOM_UUID
607#define HAVE_DECL_RANDOM_UUID (HAVE_SYS_SYSCTL_H && defined __linux__) /* RANDOM_UUID is an enum, not macro */
608#endif
609
610#ifndef HAVE_DECL_STRERROR_R
611#define HAVE_DECL_STRERROR_R 1
612#endif
613
614#ifndef HAVE_DECL_SYS_SIGLIST
615#define HAVE_DECL_SYS_SIGLIST (!AG_MUSL_MAYBE && !__sun && !_AIX)
616#endif
617
618#ifndef HAVE_DECL_SYS_GETRANDOM
619#define HAVE_DECL_SYS_GETRANDOM (defined SYS_getrandom)
620#endif
621
622
623/*
624 * V A R I A B L E D E T E C T I O N
625 *
626 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
627
628#ifndef HAVE___LIBC_ENABLE_SECURE
629#define HAVE___LIBC_ENABLE_SECURE AG_GLIBC_PREREQ(2,1) /* added to glibc between 2.0.98 and 2.0.99 */
630#endif
631
632#ifndef HAVE_PROGRAM_INVOCATION_SHORT_NAME
633#define HAVE_PROGRAM_INVOCATION_SHORT_NAME (__linux__)
634#endif
635
636#ifndef HAVE_SYS_SIGLIST
637#define HAVE_SYS_SIGLIST HAVE_DECL_SYS_SIGLIST
638#endif
639
640
641/*
642 * F U N C T I O N D E T E C T I O N
643 *
644 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
645
646#ifndef HAVE_ACCEPT4
647#define HAVE_ACCEPT4 (defined SOCK_CLOEXEC && !__NetBSD__)
648#endif
649
650#ifndef HAVE_ARC4RANDOM
651#define HAVE_ARC4RANDOM \
652 (__APPLE__ || __DragonFly__ || __FreeBSD__ || __NetBSD__ || \
653 __OpenBSD__ || __minix)
654#endif
655
656#ifndef HAVE_ARC4RANDOM_ADDRANDOM
657#define HAVE_ARC4RANDOM_ADDRANDOM (HAVE_ARC4RANDOM && !AG_OPENBSD_PREREQ(5,5))
658#endif
659
660#ifndef HAVE_ARC4RANDOM_BUF
661#define HAVE_ARC4RANDOM_BUF_APPLE_ (!__APPLE__ || AG_MACOS_PREREQ(10,7,0) || AG_IPHONE_PREREQ(4,3))
662#define HAVE_ARC4RANDOM_BUF_NETBSD_ (!__NetBSD__ || AG_NETBSD_PREREQ(6,0,0))
663#define HAVE_ARC4RANDOM_BUF_IFF_ (HAVE_ARC4RANDOM_BUF_APPLE_ && HAVE_ARC4RANDOM_BUF_NETBSD_)
664#define HAVE_ARC4RANDOM_BUF (HAVE_ARC4RANDOM && HAVE_ARC4RANDOM_BUF_IFF_)
665#endif
666
667#ifndef HAVE_ARC4RANDOM_STIR
668#define HAVE_ARC4RANDOM_STIR HAVE_ARC4RANDOM_ADDRANDOM
669#endif
670
671#ifndef HAVE_CLOCK_GETTIME
672#define HAVE_CLOCK_GETTIME (!__APPLE__ || AG_MACOS_PREREQ(10,12,0))
673#endif
674
675#ifndef HAVE_DLADDR
676#define HAVE_DLADDR (HAVE_DLOPEN && !_AIX && ((!__GLIBC__ && !AG_MUSL_MAYBE) || HAVE__GNU_SOURCE))
677#endif
678
679#ifndef HAVE_DLOPEN
680#define HAVE_DLOPEN HAVE_DLFCN_H
681#endif
682
683#ifndef HAVE_DLSYM
684#define HAVE_DLSYM HAVE_DLOPEN
685#endif
686
687#ifndef HAVE_DUP2
688#define HAVE_DUP2 1
689#endif
690
691#ifndef HAVE_DUP3
692#define HAVE_DUP3 (AG_GLIBC_PREREQ(2,9) || AG_FREEBSD_PREREQ(10,0,0) || AG_NETBSD_PREREQ(6,0,0) || AG_UCLIBC_PREREQ(0,9,34) || AG_MUSL_MAYBE || __BIONIC__ || AG_OPENBSD_PREREQ(5,7))
693#endif
694
695#ifndef HAVE_FDOPENDIR
696#define HAVE_FDOPENDIR ( \
697 (!__APPLE__ || AG_MACOS_PREREQ(10,10,0) || AG_IPHONE_PREREQ(8,0)) \
698 && (!__NetBSD__ || AG_NETBSD_PREREQ(6,0,0)) \
699)
700#endif
701
702#ifndef HAVE_EPOLL_CREATE
703#define HAVE_EPOLL_CREATE HAVE_SYS_EPOLL_H
704#endif
705
706#if HAVE_SYS_EPOLL_H
707#include <sys/epoll.h>
708#endif
709
710#ifndef HAVE_EPOLL_CREATE1
711#define HAVE_EPOLL_CREATE1 (HAVE_EPOLL_CREATE && (defined EPOLL_CLOEXEC || AG_GLIBC_PREREQ(2,9)))
712#endif
713
714#ifndef HAVE_EPOLL_CTL
715#define HAVE_EPOLL_CTL HAVE_EPOLL_CREATE
716#endif
717
718#ifndef HAVE_EPOLL_PWAIT
719#define HAVE_EPOLL_PWAIT (HAVE_EPOLL_WAIT && (AG_GLIBC_PREREQ(2,6) || (!AG_GLIBC_PREREQ(0,0) && defined EPOLL_CLOEXEC)))
720#endif
721
722#ifndef HAVE_EPOLL_WAIT
723#define HAVE_EPOLL_WAIT HAVE_EPOLL_CREATE
724#endif
725
726#ifndef HAVE_EVENTFD
727#define HAVE_EVENTFD HAVE_SYS_EVENTFD_H
728#endif
729
730#ifndef HAVE_GETAUXVAL
731#define HAVE_GETAUXVAL (HAVE_SYS_AUXV_H && !__sun)
732#endif
733
734#ifndef HAVE_GETENV_R
735#define HAVE_GETENV_R (AG_NETBSD_PREREQ(4,0,0) || __minix)
736#endif
737
738#ifndef HAVE_GETEXECNAME
739#define HAVE_GETEXECNAME (__sun)
740#endif
741
742#ifndef HAVE_GETIFADDRS
743#define HAVE_GETIFADDRS (HAVE_IFADDRS_H && !__sun)
744#endif
745
746#ifndef HAVE_GETPROGNAME
747#define HAVE_GETPROGNAME (HAVE_ARC4RANDOM || AG_SUNOS_PREREQ(5,11))
748#endif
749
750#ifndef HAVE_INOTIFY_INIT
751#define HAVE_INOTIFY_INIT HAVE_SYS_INOTIFY_H
752#endif
753
754#ifndef HAVE_INOTIFY_INIT1
755#define HAVE_INOTIFY_INIT1 (HAVE_INOTIFY_INIT && defined IN_CLOEXEC)
756#endif
757
758#ifndef HAVE_ISSETUGID
759#define HAVE_ISSETUGID ((!__linux__ || (AG_MUSL_MAYBE && HAVE__GNU_SOURCE)) && !_AIX)
760#endif
761
762#if HAVE_SYS_EVENT_H
763#include <sys/event.h>
764#endif
765
766#ifndef HAVE_KEVENT
767#define HAVE_KEVENT (defined EV_SET)
768#endif
769
770#ifndef HAVE_KQUEUE
771#define HAVE_KQUEUE HAVE_KEVENT
772#endif
773
774#ifndef HAVE_KQUEUE1
775#define HAVE_KQUEUE1 (HAVE_KQUEUE && AG_NETBSD_PREREQ(6,0,0))
776#endif
777
778#ifndef HAVE_OPENAT
779#define HAVE_OPENAT \
780 ((!__APPLE__ || AG_MACOS_PREREQ(10,10,0) || AG_IPHONE_PREREQ(8,0)) \
781 && (!__NetBSD__ || AG_NETBSD_PREREQ(7,0,0)))
782#endif
783
784#ifndef HAVE_PACCEPT
785#define HAVE_PACCEPT AG_NETBSD_PREREQ(6,0,0)
786#endif
787
788#ifndef HAVE_PIPE2
789#define HAVE_PIPE2 (AG_GLIBC_PREREQ(2,9) || AG_FREEBSD_PREREQ(10,0,0) || AG_NETBSD_PREREQ(6,0,0) || AG_UCLIBC_PREREQ(0,9,32) || AG_MUSL_MAYBE || __BIONIC__ || AG_OPENBSD_PREREQ(5,7))
790#endif
791
792#ifndef HAVE_PORT_ALERT
793#define HAVE_PORT_ALERT HAVE_PORT_CREATE
794#endif
795
796#ifndef HAVE_PORT_ASSOCIATE
797#define HAVE_PORT_ASSOCIATE HAVE_PORT_CREATE
798#endif
799
800#ifndef HAVE_PORT_CREATE
801#define HAVE_PORT_CREATE HAVE_PORT_H
802#endif
803
804#ifndef HAVE_PORT_DISSOCIATE
805#define HAVE_PORT_DISSOCIATE HAVE_PORT_CREATE
806#endif
807
808#ifndef HAVE_PORT_GET
809#define HAVE_PORT_GET HAVE_PORT_CREATE
810#endif
811
812#ifndef HAVE_PORT_GETN
813#define HAVE_PORT_GETN HAVE_PORT_CREATE
814#endif
815
816#ifndef HAVE_PORT_SEND
817#define HAVE_PORT_SEND HAVE_PORT_CREATE
818#endif
819
820#ifndef HAVE_PORT_SENDN
821#define HAVE_PORT_SENDN HAVE_PORT_CREATE
822#endif
823
824#ifndef HAVE_POSIX_FADVISE
825#define HAVE_POSIX_FADVISE (defined POSIX_FADV_NORMAL || AG_GLIBC_PREREQ(2,2) || __sun || AG_MUSL_MAYBE || AG_FREEBSD_PREREQ(9,0,0))
826#endif
827
828#ifndef HAVE_POSIX_FALLOCATE
829#define HAVE_POSIX_FALLOCATE (_AIX || AG_FREEBSD_PREREQ(9,0,0) || AG_GLIBC_PREREQ(2,2) || AG_MUSL_MAYBE || AG_NETBSD_PREREQ(7,0,0) || __sun)
830#endif
831
832#ifndef HAVE_SIGNALFD
833#define HAVE_SIGNALFD HAVE_SYS_SIGNALFD_H
834#endif
835
836#ifndef HAVE_SIGTIMEDWAIT
837#define HAVE_SIGTIMEDWAIT (!__APPLE__ && !__OpenBSD__)
838#endif
839
840#ifndef HAVE_SIGWAIT
841#define HAVE_SIGWAIT (!__minix)
842#endif
843
844#ifndef HAVE_STATIC_ASSERT
845#if AG_GLIBC_PREREQ(0,0) && !HAVE__STATIC_ASSERT
846#define HAVE_STATIC_ASSERT 0 /* glibc doesn't check GCC version */
847#else
848#define HAVE_STATIC_ASSERT (defined static_assert)
849#endif
850#endif
851
852#ifndef HAVE_STRERROR_R
853#define HAVE_STRERROR_R 1
854#endif
855
856#ifndef HAVE_SYSCALL
857#define HAVE_SYSCALL HAVE_SYS_SYSCALL_H
858#endif
859
860#ifndef HAVE_SYSCTL
861#define HAVE_SYSCTL HAVE_SYS_SYSCTL_H
862#endif
863
864#ifndef HAVE_TIMERFD_CREATE
865#define HAVE_TIMERFD_CREATE HAVE_SYS_TIMERFD_H
866#endif
867
868#ifndef HAVE_TIMERFD_GETTIME
869#define HAVE_TIMERFD_GETTIME HAVE_TIMERFD_CREATE
870#endif
871
872#ifndef HAVE_TIMERFD_SETTIME
873#define HAVE_TIMERFD_SETTIME HAVE_TIMERFD_CREATE
874#endif
875
876#ifndef STRERROR_R_CHAR_P
877#define STRERROR_R_CHAR_P ((AG_GLIBC_PREREQ(0,0) || AG_UCLIBC_PREREQ(0,0,0)) && (HAVE__GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)))
878#endif
879
880
881#endif /* CONFIG_H_GUESS */
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 433dd03..7db7463 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -597,6 +597,14 @@ Returns the subject distinguished name as an \module{x509.name} object.
597 597
598Sets the subject distinguished name. $name$ should be an \module{x509.name} object. 598Sets the subject distinguished name. $name$ should be an \module{x509.name} object.
599 599
600\subsubsection[\fn{csr:getSubjectAlt}]{\fn{csr:getSubjectAlt()}}
601
602Returns the subject alternative name as an \module{x509.altname} object.
603
604\subsubsection[\fn{csr:setSubjectAlt}]{\fn{csr:setSubjectAlt($name$)}}
605
606Sets the subject alternative names. $name$ should be an \module{x509.altname} object.
607
600\subsubsection[\fn{csr:getPublicKey}]{\fn{csr:getPublicKey()}} 608\subsubsection[\fn{csr:getPublicKey}]{\fn{csr:getPublicKey()}}
601 609
602Returns the public key component as an \module{openssl.pkey} object. 610Returns the public key component as an \module{openssl.pkey} object.
diff --git a/examples/vrfy.sig b/examples/vrfy.sig
index 258490a..84bcfcc 100755
--- a/examples/vrfy.sig
+++ b/examples/vrfy.sig
@@ -14,15 +14,16 @@ local function genkey(type)
14 type = string.upper(type or (not openssl.NO_EC and "EC") or "RSA") 14 type = string.upper(type or (not openssl.NO_EC and "EC") or "RSA")
15 15
16 if type == "RSA" then 16 if type == "RSA" then
17 return pkey.new{ type = "RSA", bits = 1024 }, "sha256" 17 return pkey.new{ type = "RSA", bits = 1024 }
18 elseif type == "DSA" then 18 elseif type == "DSA" then
19 return pkey.new{ type = "DSA", bits = 1024 }, "dss1" 19 return pkey.new{ type = "DSA", bits = 1024 }
20 else 20 else
21 return pkey.new{ type = "EC", curve = "prime192v1" }, "ecdsa-with-SHA1" 21 return pkey.new{ type = "EC", curve = "prime192v1" }
22 end 22 end
23end 23end
24 24
25local key, hash = genkey(keytype) 25local key = genkey(keytype)
26local hash = key:getDefaultDigestName()
26 27
27-- digest our message using an appropriate digest ("ecdsa-with-SHA1" for EC; 28-- digest our message using an appropriate digest ("ecdsa-with-SHA1" for EC;
28-- "dss1" for DSA; and "sha1", "sha256", etc for RSA). 29-- "dss1" for DSA; and "sha1", "sha256", etc for RSA).
@@ -45,6 +46,7 @@ local function tohex(b)
45 return x 46 return x
46end 47end
47 48
48print("okay", pub:verify(sig, data)) 49print("verified", pub:verify(sig, data))
49print("type", pub:type()) 50print("key-type", pub:type())
50print("sig", tohex(sig)) 51print("hash-type", hash)
52print("signature", tohex(sig))
diff --git a/mk/lua.path b/mk/luapath
index 8df41c9..b36da19 100755
--- a/mk/lua.path
+++ b/mk/luapath
@@ -26,10 +26,10 @@
26# Changelog: 26# Changelog:
27# 27#
28# * 2013-08-02 - Published. Derived from an earlier script, lua.path, 28# * 2013-08-02 - Published. Derived from an earlier script, lua.path,
29# written for the cqueues project. 29# written for the cqueues project.
30# 30#
31# * 2013-08-05 - Redirect stdin from /dev/null when probing so we don't 31# * 2013-08-05 - Redirect stdin from /dev/null when probing so we don't
32# freeze if a utility tries to read from stdin. 32# freeze if a utility tries to read from stdin.
33# 33#
34# chdir to a read-only directory by default to try to prevent creation 34# chdir to a read-only directory by default to try to prevent creation
35# of temporary files. These features address the issues of LuaTeX 35# of temporary files. These features address the issues of LuaTeX
@@ -82,9 +82,55 @@
82# hardcode /usr/local/lib/lua/5.1, ordered before the LuaJIT 82# hardcode /usr/local/lib/lua/5.1, ordered before the LuaJIT
83# installation prefix. 83# installation prefix.
84# 84#
85# * 2015-07-14 - Add recursive glob function implemented in shell code
86# and use instead of find(1).
87#
88# * 2016-03-18 - Fix bug in tryluac where a continue statement was used
89# instead of return 0.
90#
91# * 2016-03-25 - Support ${CC} values with trailing flags, which invoke
92# the compiler through env(1), or which otherwise are intended to
93# expand as multiple words.
94#
95# OpenBSD 5.8 sh does not suppress strict errors within an eval
96# invoked from an if condition compound-list. Workaround by changing
97# trylua to return 0 on matching failure, like tryluainclude and
98# tryluac do.
99#
100# Undeprecate ldir and cdir. The names are more intuitive and
101# convenient as evidenced by the fact that I keep using them instead
102# of package.path and package.cpath. Try to maintain backwards
103# compatibility by using a simple heuristic to differentiate lua
104# interpreter glob patterns from preferred install directory
105# string.match expressions.
106#
107# * 2016-10-10 - Fix issue with passing empty CPPFLAGS to ${CC}. /usr/bin/cc
108# in NetBSD 7.0.1 does not tolerate an empty string argument. This
109# exposed a bug in NetBSD's and FreeBSD's /bin/sh, triggered by how we
110# pass CPPFLAGS (see evalmacro and runcc routines, below).
111#
112# Some Ash variants (confirmed /bin/sh in NetBSD 7.0.1 and FreeBSD
113# 10.1) will expand unquoted ${UNSET-} and ${UNSET:-} as an empty
114# string rather than eliding it during argument processing. That is,
115#
116# nargs() { printf "%d\n" "$#"; }
117# nargs ${UNSET} 2 3
118# nargs ${UNSET-} 2 3
119#
120# prints "2" and "3", whereas every other shell tested prints "2" and
121# "2" (confirmed dash in Ubuntu Xenial; bash 4.3 in Ubuntu Xenial;
122# pdksh in FreeBSD 10.1, NetBSD 7.0, OS X 10.1, OpenBSD 6.0; ksh93 in
123# Solaris 11.3 and AIX 7.1; ksh88 in AIX 7.1).
124#
125# A workaround in set -u mode (where unbound variable expansion aborts
126# execution) is to substitute a known empty value. E.g.
127#
128# EMPTY=
129# nargs ${UNSET-$EMPTY}
130#
85# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 131# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
86# 132#
87# Copyright (C) 2012-2015 William Ahern 133# Copyright (C) 2012-2016 William Ahern
88# 134#
89# Permission is hereby granted, free of charge, to any person obtaining a 135# Permission is hereby granted, free of charge, to any person obtaining a
90# copy of this software and associated documentation files (the "Software"), 136# copy of this software and associated documentation files (the "Software"),
@@ -116,10 +162,11 @@ unset IFS # no field splitting surprises
116unset LUA_PATH || true # interferes search for module install directory 162unset LUA_PATH || true # interferes search for module install directory
117unset LUA_CPATH || true 163unset LUA_CPATH || true
118 164
119MYVERSION=20150119 165MYVERSION=20161010
120MYVENDOR="william@25thandClement.com" 166MYVENDOR="william@25thandClement.com"
121 167
122 168
169EMPTY= # empty string for parameter expansion workaround for Ash bug
123DEVRANDOM=/dev/urandom 170DEVRANDOM=/dev/urandom
124SANDBOX="${TMPDIR}/${0##*/}-" 171SANDBOX="${TMPDIR}/${0##*/}-"
125 172
@@ -129,8 +176,7 @@ LDDIRS= # -L directories from LDFLAGS
129LIBDIRS= 176LIBDIRS=
130BINDIRS= 177BINDIRS=
131RECURSE=no 178RECURSE=no
132MAXDEPTH= # full command switch, like "-maxdepth 3", if supported 179MAXDEPTH=5 # maximum recursion depth
133XDEV= # do not cross device boundaries; i.e. "-xdev"
134SHORTEST= # continue searching until shortest pathname found 180SHORTEST= # continue searching until shortest pathname found
135PKGCONFIG= # path to pkg-config, found by `command -v` when -k option invoked 181PKGCONFIG= # path to pkg-config, found by `command -v` when -k option invoked
136GLOB= # -e GLOB expression for lua, luac, ldir, and cdir 182GLOB= # -e GLOB expression for lua, luac, ldir, and cdir
@@ -165,6 +211,27 @@ LUA_VER=
165 211
166 212
167# 213#
214# warn FORMAT [...]
215#
216# Print message to original stderr.
217#
218exec 9>&2
219warn() {
220 printf "%s: %.0s${1}\n" "${0##*/}" "$@" >&9
221}
222
223#
224# panic FORMAT [...]
225#
226# Print message to original stderr, then exit with failure.
227#
228panic() {
229 warn "$@"
230 exit 1
231}
232
233
234#
168# parse CPPFLAGS -I or LDFLAGS -L directories 235# parse CPPFLAGS -I or LDFLAGS -L directories
169# 236#
170xdirs() { 237xdirs() {
@@ -231,6 +298,46 @@ append() {
231} 298}
232 299
233# 300#
301# glob PATTERN [MAXDEPTH] [EXEC-COMMAND] [INTERNAL:GLOB-COUNT]
302#
303glob() {
304 glob_N="${4:-0}"
305
306 IFS=
307 set +f
308 for F in ${1}; do
309 [ -e "${F}" ] || continue
310 if eval "${3:-printf '%s\\n'} \"\${F}\""; then
311 glob_N=$((${glob_N} + 1))
312 fi
313 done
314 set -f
315 unset IFS
316
317 if [ "${2-0}" -gt 0 ]; then
318 glob "${1%/*}/*/${1##*/}" "$((${2} - 1))" "${3:-}" "${glob_N}" || :
319 fi
320
321 [ "${glob_N}" -gt 0 ]
322} # glob
323
324
325#
326# runcc [...]
327#
328# Wrapper for invoking ${CC}. Some build system include flags in ${CC},
329# invoke the compiler through env(1), or employ other hacks.
330#
331# TODO: Optionally handle unescaping of words in a manner similar to how
332# ${CC} would be evaluated from a make rule--typically by being passed
333# through system(3).
334#
335runcc() {
336 (unset IFS; exec ${CC} "$@")
337}
338
339
340#
234# evalmacro PATH MACRO [REGEX] [SUBST] 341# evalmacro PATH MACRO [REGEX] [SUBST]
235# 342#
236# PATH Header identifier--#include <PATH> 343# PATH Header identifier--#include <PATH>
@@ -240,7 +347,7 @@ append() {
240# 347#
241evalmacro() { 348evalmacro() {
242 printf "#include <$1>\n[===[$2]===]\n" \ 349 printf "#include <$1>\n[===[$2]===]\n" \
243 | "${CC:-cc}" ${CPPFLAGS:-} -E - 2>>/dev/null \ 350 | runcc ${CPPFLAGS:-${EMPTY}} -E - 2>>/dev/null \
244 | sed -ne " 351 | sed -ne "
245 s/^.*\\[===\\[ *\\(${3:-.*}\\) *\\]===\\].*$/${4:-\\1}/ 352 s/^.*\\[===\\[ *\\(${3:-.*}\\) *\\]===\\].*$/${4:-\\1}/
246 t Found 353 t Found
@@ -267,7 +374,7 @@ testsym() {
267 # and within [A-T]. 374 # and within [A-T].
268 (nm -Pg ${1} 2>>/dev/null || nm -g 2>>/dev/null) \ 375 (nm -Pg ${1} 2>>/dev/null || nm -g 2>>/dev/null) \
269 | sed -ne '/ [A-T] /p' \ 376 | sed -ne '/ [A-T] /p' \
270 | grep -qE "${2}" 377 | grep -q "${2}"
271} 378}
272 379
273 380
@@ -398,7 +505,9 @@ luapc() {
398findinstalldir() { 505findinstalldir() {
399 V_DIR=$((${LUA_VER} / 100 % 100)).$((${LUA_VER} % 100)) 506 V_DIR=$((${LUA_VER} / 100 % 100)).$((${LUA_VER} % 100))
400 507
401 if [ "${1}" = "package.cpath" ]; then 508 if [ "${1}" = "package.cpath" -o "${1}" = "cdir" ]; then
509 ARRAY="package.cpath"
510
402 DIR="$(luapc --variable INSTALL_CMOD)" 511 DIR="$(luapc --variable INSTALL_CMOD)"
403 [ -n "${DIR}" ] && set -- "$@" "${DIR}" 512 [ -n "${DIR}" ] && set -- "$@" "${DIR}"
404 513
@@ -418,6 +527,8 @@ findinstalldir() {
418 set -- "$@" "${LUA_PATH}/../../lib/lua/${V_DIR}" 527 set -- "$@" "${LUA_PATH}/../../lib/lua/${V_DIR}"
419 set -- "$@" "${LUA_PATH}/../../lib/*/lua/${V_DIR}" # e.g. lib/x86_64-linux-gnu 528 set -- "$@" "${LUA_PATH}/../../lib/*/lua/${V_DIR}" # e.g. lib/x86_64-linux-gnu
420 else 529 else
530 ARRAY="package.path"
531
421 DIR="$(luapc --variable INSTALL_LMOD)" 532 DIR="$(luapc --variable INSTALL_LMOD)"
422 [ -n "${DIR}" ] && set -- "$@" "${DIR}" 533 [ -n "${DIR}" ] && set -- "$@" "${DIR}"
423 534
@@ -429,7 +540,6 @@ findinstalldir() {
429 set -- "$@" "${LUA_PATH}/../../share/lua/${V_DIR}" 540 set -- "$@" "${LUA_PATH}/../../share/lua/${V_DIR}"
430 fi 541 fi
431 542
432 ARRAY="${1}"
433 shift 543 shift
434 544
435 if [ $# -eq 0 ]; then 545 if [ $# -eq 0 ]; then
@@ -576,13 +686,11 @@ findversion() {
576 686
577 if [ $# -gt 0 ]; then 687 if [ $# -gt 0 ]; then
578 for D; do 688 for D; do
579 for F in $(find "${D}" ${MAXDEPTH} ${XDEV} -name lua.h -print 2>>/dev/null); do 689 glob "${D}/lua.h" "${MAXDEPTH}" tryluainclude || :
580 tryluainclude "${F}"
581 690
582 if foundversion; then 691 if foundversion; then
583 return 0 692 return 0
584 fi 693 fi
585 done
586 done 694 done
587 fi 695 fi
588 696
@@ -594,13 +702,11 @@ findversion() {
594 702
595 if [ $# -gt 0 ]; then 703 if [ $# -gt 0 ]; then
596 for D; do 704 for D; do
597 for F in $(find "${D}/." ${MAXDEPTH} ${XDEV} -name lua.h -print 2>>/dev/null); do 705 glob "${D}/lua.h" "${MAXDEPTH}" tryluainclude || :
598 tryluainclude "${F}"
599 706
600 if foundversion; then 707 if foundversion; then
601 return 0 708 return 0
602 fi 709 fi
603 done
604 done 710 done
605 fi 711 fi
606 712
@@ -612,13 +718,11 @@ findversion() {
612 D="${D%/*}/include" 718 D="${D%/*}/include"
613 719
614 if [ -d "${D}" ]; then 720 if [ -d "${D}" ]; then
615 for F in $(find "${D}" ${MAXDEPTH} ${XDEV} -name lua.h -print 2>>/dev/null); do 721 glob "${D}/lua.h" "${MAXDEPTH}" tryluainclude || :
616 tryluainclude "${F}"
617 722
618 if foundversion; then 723 if foundversion; then
619 return 0 724 return 0
620 fi 725 fi
621 done
622 fi 726 fi
623 fi 727 fi
624 728
@@ -631,9 +735,10 @@ findversion() {
631# compatible. 735# compatible.
632# 736#
633trylib() { 737trylib() {
634 if ! testsym "${1}" "lua_newstate"; then 738 testsym "${1}" "lua_newstate" || return 1
635 return 0 739
636 fi 740 # exclude C++
741 [ "${1#*++}" = "${1}" ] || return 1
637 742
638 V=0 743 V=0
639 J=0 744 J=0
@@ -662,16 +767,20 @@ trylib() {
662 if testsym "${1}" "lua_getfenv"; then 767 if testsym "${1}" "lua_getfenv"; then
663 V=501 768 V=501
664 elif testsym "${1}" "lua_yieldk"; then 769 elif testsym "${1}" "lua_yieldk"; then
665 V=502 770 if testsym "${1}" "lua_getctx"; then
771 V=502
772 else
773 V=503
774 fi
666 else 775 else
667 return 0 776 return 1
668 fi 777 fi
669 778
670 [ "$V" -gt 0 -a "$V" -ge "${LIBLUA_VER:-0}" ] || return 0 779 [ "$V" -gt 0 -a "$V" -ge "${LIBLUA_VER:-0}" ] || return 1
671 780
672 [ "$V" -gt "${LIBLUA_VER:-0}" -o "${#D}" -lt "${#LIBLUA_DIR}" -o \( "${JIT_REQ}" = "yes" -a "${LIBJIT_VER:-0}" -lt "${JIT_MAX}" \) ] || return 0 781 [ "$V" -gt "${LIBLUA_VER:-0}" -o "${#D}" -lt "${#LIBLUA_DIR}" -o \( "${JIT_REQ}" = "yes" -a "${LIBJIT_VER:-0}" -lt "${JIT_MAX}" \) ] || return 1
673 782
674 [ "$V" -ge "${API_MIN}" -a "$V" -le "${API_MAX}" ] || return 0 783 [ "$V" -ge "${API_MIN}" -a "$V" -le "${API_MAX}" ] || return 1
675 784
676 785
677 if [ -n "${JIT_REQ}" ]; then 786 if [ -n "${JIT_REQ}" ]; then
@@ -681,12 +790,12 @@ trylib() {
681 fi 790 fi
682 791
683 if [ "${JIT_REQ}" = "skip" ]; then 792 if [ "${JIT_REQ}" = "skip" ]; then
684 [ "${J}" -eq 0 ] || return 0 793 [ "${J}" -eq 0 ] || return 1
685 elif [ "${JIT_REQ}" = "yes" ]; then 794 elif [ "${JIT_REQ}" = "yes" ]; then
686 [ "$J" -ge "${LIBJIT_VER:-0}" ] || return 0 795 [ "$J" -ge "${LIBJIT_VER:-0}" ] || return 1
687 [ "$J" -gt "${LIBJIT_VER:-0}" -o "${#D}" -lt "${#LIBJIT_DIR}" ] || return 0 796 [ "$J" -gt "${LIBJIT_VER:-0}" -o "${#D}" -lt "${#LIBJIT_DIR}" ] || return 1
688 [ "$J" -ge ${JIT_MIN} ] || return 0 797 [ "$J" -ge ${JIT_MIN} ] || return 1
689 [ "$J" -le "${JIT_MAX}" ] || return 0 798 [ "$J" -le "${JIT_MAX}" ] || return 1
690 799
691 LIBJIT_VER="$J" 800 LIBJIT_VER="$J"
692 LIBJIT_DIR="$D" 801 LIBJIT_DIR="$D"
@@ -745,15 +854,17 @@ findlib() {
745 854
746 #printf -- "I=$I K=$K $findlib_L/lib$findlib_l*.*\n" 855 #printf -- "I=$I K=$K $findlib_L/lib$findlib_l*.*\n"
747 856
748 for findlib_R in no ${RECURSE}; do 857 glob "${findlib_L}/lib${findlib_l}*.*" 0 trylib || :
749 for findlib_lib in $(findpath "lib${findlib_l}*.*" ${findlib_R} "${findlib_L}"); do
750 trylib "${findlib_lib}"
751 done
752 858
753 if foundlib; then 859 if foundlib; then
754 return 0 860 return 0;
755 fi 861 fi
756 done 862
863 glob "${findlib_L}/lib${findlib_l}*.*" ${MAXDEPTH} trylib || :
864
865 if foundlib; then
866 return 0;
867 fi
757 868
758 K=$(($K + 1)) 869 K=$(($K + 1))
759 done 870 done
@@ -768,48 +879,73 @@ findlib() {
768 unset IFS 879 unset IFS
769 880
770 for findlib_D; do 881 for findlib_D; do
771 for findlib_R in no ${RECURSE}; do 882 glob "${findlib_D}/liblua*.*" "${MAXDEPTH}" trylib || :
772 for findlib_lib in $(findpath "liblua*.*" ${findlib_R} "${findlib_D}"); do 883
773 trylib "${findlib_lib}" 884 if foundlib; then
774 done 885 return 0
886 fi
887 done
888
889 # if we can find the lua interpreter, use it as a reference for
890 # library locations.
891 if findlua; then
892 findlib_D="${LUA_PATH%/*}"
893 findlib_D="${findlib_D%/*}/lib"
894
895 if [ -d "${findlib_D}" ]; then
896 glob "${findlib_D}/liblua*.*" "${MAXDEPTH}" trylib || :
775 897
776 if foundlib; then 898 if foundlib; then
777 return 0 899 return 0
778 fi 900 fi
779 done 901 fi
780 done 902 fi
903}
904
905
906# check setuid and setgid mode
907safeperm() {
908 [ -f "$1" -a ! -u "$1" -a ! -g "$1" ]
781} 909}
782 910
783 911
784findpath() { 912tryluac() {
785 NAME="$1" 913 tryluac_F="${1}"
786 WHERE="$3"
787 914
788 PRUNE= 915 [ -x "${tryluac_F}" ] && safeperm "${tryluac_F}" || return 0
789 916
790 if [ "${2}" = "no" ]; then 917 tryluac_V="$("${tryluac_F}" -v </dev/null 2>&1 | head -n1 | sed -ne 's/^Lua \([0123456789][0123456789]*\.[0123456789][0123456789]*\).*/\1/p')"
791 PRUNE="-name . -o -type d -prune -o" 918 : ${tryluac_V:=0}
792 fi 919 tryluac_V="$((${tryluac_V%%.*} * 100 + ${tryluac_V##*.} % 100))"
793 920
794 [ ${#WHERE} -gt 0 ] || return 0 921 [ "${tryluac_V}" -gt 0 -a "${tryluac_V}" -ge "${LUAC_VER:-0}" ] || return 0
795 922
796 IFS=: 923 [ "${tryluac_V}" -gt "${LUAC_VER:-0}" -o "${#tryluac_F}" -lt "${#LUAC_PATH}" ] || return 0
797 set -- ${WHERE}
798 unset IFS
799 924
800 if [ $# -gt 0 ]; then 925 [ "${tryluac_V}" -ge "${API_MIN}" -a "${tryluac_V}" -le "${API_MAX}" ] || return 0
801 for findpath_D; do
802 find "${findpath_D}/." ${MAXDEPTH} ${XDEV} ${PRUNE} -name "${NAME}" -print 2>>/dev/null | sed -e 's/\/\.//'
803 done
804 fi
805}
806 926
927 printf "return true" 2>>/dev/null | ${tryluac_F} -p - </dev/null >>/dev/null 2>&1 || return 0
807 928
808# check setuid and setgid mode 929 LUAC_PATH="${tryluac_F}"
809safeperm() { 930 LUAC_VER="${tryluac_V}"
810 [ -f "$1" -a ! -u "$1" -a ! -g "$1" ]
811} 931}
812 932
933#
934# foundluac
935#
936# true if found the best (maximum) possible version, false otherwise
937#
938foundluac() {
939 if [ "${LUAC_VER:-0}" -lt "${API_MAX}" ]; then
940 return 1
941 fi
942
943 if [ "${SHORTEST}" = "yes" ]; then
944 return 1
945 fi
946
947 return 0
948}
813 949
814findluac() { 950findluac() {
815 if [ $# -eq 0 ]; then 951 if [ $# -eq 0 ]; then
@@ -818,36 +954,33 @@ findluac() {
818 unset IFS 954 unset IFS
819 fi 955 fi
820 956
821 while [ $# -gt 0 ]; do 957 for findluac_G; do
822 for F in $(findpath "${1}" no "${PATH}"; findpath "${1}" "${RECURSE}" "${BINDIRS}"); do 958 IFS=:
823 [ -x "$F" ] && safeperm "$F" || continue 959 for findluac_D in ${PATH}; do
824 960 unset IFS
825 V="$("$F" -v </dev/null 2>&1 | head -n1 | sed -ne 's/^Lua \([0123456789][0123456789]*\.[0123456789][0123456789]*\).*/\1/p')"
826 : ${V:=0}
827 V="$((${V%%.*} * 100 + ${V##*.} % 100))"
828
829 [ "${V}" -gt 0 -a "${V}" -ge "${LUAC_VER:-0}" ] || continue
830 961
831 [ "${V}" -gt "${LUAC_VER:-0}" -o "${#F}" -lt "${#LUAC_PATH}" ] || continue 962 glob "${findluac_D}/${findluac_G}" 0 tryluac || :
832 963
833 [ "${V}" -ge "${API_MIN}" -a "${V}" -le "${API_MAX}" ] || continue 964 if foundluac; then
965 return 0
966 fi
967 done
834 968
835 printf "return true" 2>>/dev/null | ${F} -p - </dev/null >>/dev/null 2>&1 || continue 969 IFS=:
970 for findluac_D in ${BINDIRS}; do
971 unset IFS
836 972
837 LUAC_PATH="$F" 973 glob "${findluac_D}/${findluac_G}" "${MAXDEPTH}" tryluac || :
838 LUAC_VER="$V"
839 974
840 [ "${SHORTEST}" = "yes" -o "${LUAC_VER}" -lt "${API_MAX}" ] || break 2 975 if foundluac; then
976 return 0
977 fi
841 done 978 done
842 979
843 shift 980 unset IFS
844 done 981 done
845 982
846 if [ -n "${LUAC_PATH}" -a -n "${LUAC_VER}" ]; then 983 [ "${LUAC_VER:-0}" -gt 0 ] && [ "${#LUAC_PATH}" -gt 0 ]
847 return 0
848 else
849 return 1
850 fi
851} 984}
852 985
853 986
@@ -871,7 +1004,7 @@ isinteger() {
871checkints() { 1004checkints() {
872 while [ $# -gt 0 ]; do 1005 while [ $# -gt 0 ]; do
873 if ! isinteger "${1}"; then 1006 if ! isinteger "${1}"; then
874 printf -- "${0##*/}: ${1}: not a number\n" >&2 1007 warn "%s: not a number" "${1}"
875 return 1 1008 return 1
876 fi 1009 fi
877 1010
@@ -946,6 +1079,54 @@ mmp2num() {
946} 1079}
947 1080
948 1081
1082trylua() {
1083 trylua_F="${1}"
1084 [ -x "${trylua_F}" ] && safeperm "${trylua_F}" || return 0
1085
1086 trylua_V="$("${trylua_F}" -e 'print(string.match(_VERSION, [[[%d.]+]]))' </dev/null 2>>/dev/null | head -n1 | sed -ne 's/^\([0123456789][0123456789]*\.[0123456789][0123456789]*\).*/\1/p')"
1087 : ${trylua_V:=0}
1088 trylua_V="$((${trylua_V%%.*} * 100 + ${trylua_V##*.} % 100))"
1089
1090 [ "${trylua_V}" -gt 0 -a "${trylua_V}" -ge "${LUA_VER:-0}" ] || return 0
1091
1092 [ "${trylua_V}" -gt "${LUA_VER:-0}" -o "${#trylua_F}" -lt "${#LUA_PATH}" ] || return 0
1093
1094 [ "${trylua_V}" -ge "${API_MIN}" -a "${trylua_V}" -le "${API_MAX}" ] || return 0
1095
1096 if [ -n "${JIT_REQ}" ]; then
1097 J="$("${trylua_F}" -v </dev/null 2>&1 | head -n1 | sed -ne 's/^LuaJIT \([0123456789][0123456789]*\.[0123456789][0123456789]*\.[0123456789][0123456789]*\).*/\1/p')"
1098 J="$(jit2num ${J:-0})"
1099
1100 if [ "${JIT_REQ}" = "skip" ]; then
1101 [ "${J}" -eq 0 ] || return 0
1102 elif [ "${JIT_REQ}" = "yes" ]; then
1103 [ "${J}" -gt 0 ] || return 0
1104 [ "${J}" -ge "${JIT_MIN}" ] || return 0
1105 [ "${J}" -le "${JIT_MAX}" ] || return 0
1106 fi
1107 fi
1108
1109 LUA_PATH="${trylua_F}"
1110 LUA_VER="${trylua_V}"
1111}
1112
1113#
1114# foundlua
1115#
1116# true if found the best (maximum) possible version, false otherwise
1117#
1118foundlua() {
1119 if [ "${LUA_VER:-0}" -lt "${API_MAX}" ]; then
1120 return 1
1121 fi
1122
1123 if [ "${SHORTEST}" = "yes" ]; then
1124 return 1
1125 fi
1126
1127 return 0
1128}
1129
949findlua() { 1130findlua() {
950 if [ $# -eq 0 ]; then 1131 if [ $# -eq 0 ]; then
951 IFS=: 1132 IFS=:
@@ -953,52 +1134,38 @@ findlua() {
953 unset IFS 1134 unset IFS
954 fi 1135 fi
955 1136
956 while [ $# -gt 0 ]; do 1137 for findlua_G; do
957 for F in $(findpath "${1}" no "${PATH}"; findpath "${1}" "${RECURSE}" "${BINDIRS}"); do 1138 IFS=:
958 [ -x "$F" ] && safeperm "$F" || continue 1139 for findlua_D in ${PATH}; do
959 1140 unset IFS
960 V="$("$F" -e 'print(string.match(_VERSION, [[[%d.]+]]))' </dev/null 2>>/dev/null | head -n1 | sed -ne 's/^\([0123456789][0123456789]*\.[0123456789][0123456789]*\).*/\1/p')"
961 : ${V:=0}
962 V="$((${V%%.*} * 100 + ${V##*.} % 100))"
963 1141
964 [ "${V}" -gt 0 -a "${V}" -ge "${LUA_VER:-0}" ] || continue 1142 glob "${findlua_D}/${findlua_G}" 0 trylua || :
965 1143
966 [ "${V}" -gt "${LUA_VER:-0}" -o "${#F}" -lt "${#LUA_PATH}" ] || continue 1144 if foundlua; then
1145 return 0
1146 fi
1147 done
967 1148
968 [ "${V}" -ge "${API_MIN}" -a "${V}" -le "${API_MAX}" ] || continue 1149 IFS=:
1150 for findlua_D in ${BINDIRS}; do
1151 unset IFS
969 1152
970 if [ -n "${JIT_REQ}" ]; then 1153 glob "${findlua_D}/${findlua_G}" "${MAXDEPTH}" trylua || :
971 J="$("$F" -v </dev/null 2>&1 | head -n1 | sed -ne 's/^LuaJIT \([0123456789][0123456789]*\.[0123456789][0123456789]*\.[0123456789][0123456789]*\).*/\1/p')"
972 J="$(jit2num ${J:-0})"
973 1154
974 if [ "${JIT_REQ}" = "skip" ]; then 1155 if foundlua; then
975 [ "${J}" -eq 0 ] || continue 1156 return 0
976 elif [ "${JIT_REQ}" = "yes" ]; then
977 [ "${J}" -gt 0 ] || continue
978 [ "${J}" -ge "${JIT_MIN}" ] || continue
979 [ "${J}" -le "${JIT_MAX}" ] || continue
980 fi
981 fi 1157 fi
982
983 LUA_PATH="$F"
984 LUA_VER="$V"
985
986 [ "${SHORTEST}" = "yes" -o "${LUA_VER}" -lt "${API_MAX}" ] || break 2
987 done 1158 done
988 1159
989 shift 1160 unset IFS
990 done 1161 done
991 1162
992 if [ -n "${LUA_PATH}" -a -n "${LUA_VER}" ]; then 1163 [ "${LUA_VER:-0}" -gt 0 ] && [ "${#LUA_PATH}" -gt 0 ]
993 return 0
994 else
995 return 1
996 fi
997} 1164}
998 1165
999 1166
1000ccname() { 1167ccname() {
1001 "${CC}" -E - <<-EOF | awk '/sunpro/||/clang/||/gcc/||/other/{ print $1; exit; }' 1168 runcc -E - <<-EOF | awk '/sunpro/||/clang/||/gcc/||/other/{ print $1; exit; }'
1002 #if defined __SUNPRO_C 1169 #if defined __SUNPRO_C
1003 sunpro 1170 sunpro
1004 #elif defined __clang__ 1171 #elif defined __clang__
@@ -1026,8 +1193,7 @@ usage() {
1026 -e GLOB glob pattern for finding utilities (lua, luac, etc) 1193 -e GLOB glob pattern for finding utilities (lua, luac, etc)
1027 -k query pkg-config if available 1194 -k query pkg-config if available
1028 -r recursively search directories 1195 -r recursively search directories
1029 -m MAXDEPTH limit recursion to MAXDEPTH (only for GNU and BSD find) 1196 -m MAXDEPTH limit recursion to MAXDEPTH
1030 -x do not cross device mounts when recursing
1031 -s find shortest pathname, otherwise print first best match 1197 -s find shortest pathname, otherwise print first best match
1032 -v VERSION require specific Lua version or range 1198 -v VERSION require specific Lua version or range
1033 (e.g. "5.1" or "5.1-5.2") 1199 (e.g. "5.1" or "5.1-5.2")
@@ -1038,8 +1204,10 @@ usage() {
1038 -h print this usage message 1204 -h print this usage message
1039 1205
1040 cppflags print derived additional CPPFLAGS necessary 1206 cppflags print derived additional CPPFLAGS necessary
1207 version print derived Lua API version from cppflags discovery
1041 ldflags print derived additional LDFLAGS necessary (TODO) 1208 ldflags print derived additional LDFLAGS necessary (TODO)
1042 version print derived Lua API version 1209 libs print derived additional LIBS necessary (TODO)
1210 libversion print derived Lua API version from ldflags/libs discovery
1043 luac print path to luac utility ($(printf "${GLOB_LUA}" | tr ':' ' ')) 1211 luac print path to luac utility ($(printf "${GLOB_LUA}" | tr ':' ' '))
1044 lua print path to lua interpreter ($(printf "${GLOB_LUAC}" | tr ':' ' ')) 1212 lua print path to lua interpreter ($(printf "${GLOB_LUAC}" | tr ':' ' '))
1045 package.path print preferred module install path 1213 package.path print preferred module install path
@@ -1114,20 +1282,21 @@ while getopts I:L:P:d:De:krm:xsv:j:JVh OPT; do
1114 RECURSE=yes 1282 RECURSE=yes
1115 ;; 1283 ;;
1116 m) 1284 m)
1117 if [ -n "${OPTARG##[0123456789]}" ]; then 1285 if [ "${#OPTARG}" -eq 0 -o -n "${OPTARG##[0123456789]}" ]; then
1118 printf -- "${0##*/}: ${OPTARG}: invalid maxdepth\n" >&2 1286 panic "%s: invalid maxdepth" "${OPTARG}"
1119 exit 1
1120 fi
1121
1122 if find "${TMPDIR:-/tmp}" -maxdepth ${OPTARG} -prune >>/dev/null 2>&1; then
1123 MAXDEPTH="-maxdepth ${OPTARG}"
1124 else
1125 printf -- "${0##*/}: $(command -v find): -maxdepth unsupported\n" >&2
1126 fi 1287 fi
1127 1288
1289 MAXDEPTH="${OPTARG}"
1128 ;; 1290 ;;
1129 x) 1291 x)
1130 XDEV="-xdev" 1292 #
1293 # NOTE: This option was
1294 #
1295 # -x do not cross device mounts when recursing
1296 #
1297 # but is currently unsupported as our built-in glob function
1298 # does not implement this functionality. Previously this
1299 # option caused -xdev to be added to invocations of find(1).
1131 ;; 1300 ;;
1132 s) 1301 s)
1133 SHORTEST=yes 1302 SHORTEST=yes
@@ -1140,8 +1309,7 @@ while getopts I:L:P:d:De:krm:xsv:j:JVh OPT; do
1140 API_MAX="$(lua2num ${MAX:-99} 99)" 1309 API_MAX="$(lua2num ${MAX:-99} 99)"
1141 1310
1142 if [ "${API_MIN}" -gt "${API_MAX}" ]; then 1311 if [ "${API_MIN}" -gt "${API_MAX}" ]; then
1143 printf -- "${0##*/}: ${OPTARG}: invalid version range\n" >&2 1312 panic "%s: invalid version range" "${OPTARG}"
1144 exit 1
1145 fi 1313 fi
1146 1314
1147 ;; 1315 ;;
@@ -1153,8 +1321,7 @@ while getopts I:L:P:d:De:krm:xsv:j:JVh OPT; do
1153 JIT_MAX="$(jit2num ${MAX:-99} 99 99)" 1321 JIT_MAX="$(jit2num ${MAX:-99} 99 99)"
1154 1322
1155 if [ "${JIT_MIN}" -gt "${JIT_MAX}" ]; then 1323 if [ "${JIT_MIN}" -gt "${JIT_MAX}" ]; then
1156 printf -- "${0##*/}: ${OPTARG}: invalid version range\n" >&2 1324 panic "%s: invalid version range" "${OPTARG}"
1157 exit 1
1158 fi 1325 fi
1159 1326
1160 JIT_REQ=yes 1327 JIT_REQ=yes
@@ -1180,10 +1347,16 @@ done
1180shift $(($OPTIND - 1)) 1347shift $(($OPTIND - 1))
1181 1348
1182 1349
1183for U in "${CC:-cc}" find grep od rm rmdir sed xargs; do 1350[ "${RECURSE}" = "yes" ] || MAXDEPTH=0
1184 if ! command -v "${U}" >>/dev/null 2>&1; then 1351
1185 printf -- "${0##*/}: ${U}: command not found\n" >&2 1352
1186 fi 1353for U in "${CC}" grep od rm rmdir sed xargs; do
1354 ! command -v "${U}" >>/dev/null 2>&1 || continue
1355
1356 # ${CC} might have trailing flags or invoke the compiler through env
1357 ! command -v "${U%% *}" >>/dev/null 2>&1 || continue
1358
1359 warn "%s: command not found" "${U}"
1187done 1360done
1188 1361
1189 1362
@@ -1191,15 +1364,13 @@ if [ -n "${SANDBOX}" ]; then
1191 if [ "${SANDBOX}" = "${SANDBOX%/}" ]; then 1364 if [ "${SANDBOX}" = "${SANDBOX%/}" ]; then
1192 if [ ! -c "${DEVRANDOM}" ]; then 1365 if [ ! -c "${DEVRANDOM}" ]; then
1193 # TODO: expand DEVRANDOM into set of different possibilities to check 1366 # TODO: expand DEVRANDOM into set of different possibilities to check
1194 printf -- "${0##*/}: ${DEVRANDDOM}: no character random device available\n" >&2 1367 panic "%s: no character random device available" "${DEVRANDOM}"
1195 exit 1
1196 fi 1368 fi
1197 1369
1198 TMP="${SANDBOX}$(od -An -N8 -tx1 < ${DEVRANDOM} 2>>/dev/null | tr -d ' ')" 1370 TMP="${SANDBOX}$(od -An -N8 -tx1 < ${DEVRANDOM} 2>>/dev/null | tr -d ' ')"
1199 1371
1200 if [ ${#TMP} -ne $((${#SANDBOX} + 16)) ]; then 1372 if [ ${#TMP} -ne $((${#SANDBOX} + 16)) ]; then
1201 printf -- "${0##*/}: ${SANDBOX}: unable to generate random suffix\n" >&2 1373 panic "%s: unable to generate random suffix" "${SANDBOX}"
1202 exit 1
1203 fi 1374 fi
1204 1375
1205 SANDBOX="${TMP}" 1376 SANDBOX="${TMP}"
@@ -1241,18 +1412,28 @@ cppflags)
1241 [ -z "${API_DIR:-}" ] || printf -- "-I${API_DIR}\n" 1412 [ -z "${API_DIR:-}" ] || printf -- "-I${API_DIR}\n"
1242 1413
1243 ;; 1414 ;;
1415version)
1416 findversion || exit 1
1417
1418 printf "$(((${API_VER} / 100) % 100)).$((($API_VER) % 100))\n"
1419
1420 ;;
1244ldflags) 1421ldflags)
1245 findlib 1422 findlib
1246 1423
1247 [ "${LIBLUA_VER:-0}" -gt 0 ] || exit 1 1424 [ "${LIBLUA_VER:-0}" -gt 0 ] || exit 1
1248 1425
1249 printf -- "-L${LIBLUA_DIR} -l${LIBLUA_LIB}\n" 1426 if [ "${#LIBLUA_DIR}" -gt 0 ]; then
1427 printf -- "-L%s\n" "${LIBLUA_DIR}"
1428 fi
1250 1429
1251 ;; 1430 ;;
1252version) 1431libs)
1253 findversion || exit 1 1432 findlib
1254 1433
1255 printf "$(((${API_VER} / 100) % 100)).$((($API_VER) % 100))\n" 1434 [ "${LIBLUA_VER:-0}" -gt 0 ] || exit 1
1435
1436 printf -- "-l%s\n" "${LIBLUA_LIB}"
1256 1437
1257 ;; 1438 ;;
1258libv*) 1439libv*)
@@ -1288,21 +1469,38 @@ lua)
1288 1469
1289 ;; 1470 ;;
1290ldir|cdir) 1471ldir|cdir)
1291 printf -- "${0##*/}: ${1}: deprecated command\n" >&2 1472 #
1292 MODE="${1}" 1473 # ldir and cdir were deprecated on 2014-12-18. On 2016-03-25 they
1293 shift 1474 # were revived because their names are more intuitive than
1475 # package.path and package.cpath. For now try to support the
1476 # semantics of both by assuming interpreter glob patterns only match
1477 # file names, while preferred install directory string.match
1478 # expressions have directory components.
1479 #
1480 if true; then
1481 MODE="${1}"
1482
1483 # move command to end; rotates to ${1} after loop
1484 set -- "$@" "${1}"
1485 shift
1294 1486
1295 if [ $# -gt 0 ]; then 1487 cdir_I=0
1296 append GLOB $* 1488 cdir_N="$(($# - 1))"
1489 while [ "${cdir_I}" -lt "${cdir_N}" ]; do
1490 if [ "${1#*/}" = "${1}" ]; then
1491 append GLOB "${1}"
1492 warn "%s: passing glob patterns to %s is deprecated" "${1}" "${MODE}"
1493 else
1494 set -- "$@" "${1}"
1495 fi
1496 shift
1497 cdir_I=$((${cdir_I} + 1))
1498 done
1297 fi 1499 fi
1298 1500
1299 findlua || exit 1 1501 findlua || exit 1
1300 1502
1301 if [ "${MODE}" = "cdir" ]; then 1503 findinstalldir "$@" || exit 1
1302 findinstalldir package.cpath
1303 else
1304 findinstalldir package.path
1305 fi
1306 1504
1307 ;; 1505 ;;
1308package.path|package.cpath) 1506package.path|package.cpath)
@@ -1333,9 +1531,9 @@ testsym)
1333 ;; 1531 ;;
1334*) 1532*)
1335 if [ -n "${1:-}" ]; then 1533 if [ -n "${1:-}" ]; then
1336 printf -- "${0##*/}: ${1}: unknown command\n" >&2 1534 warn "%s: unknown command" "${1}"
1337 else 1535 else
1338 printf -- "${0##*/}: no command specified\n" >&2 1536 warn "no command specified"
1339 fi 1537 fi
1340 1538
1341 exit 1 1539 exit 1
diff --git a/regress/00-store-verify.lua b/regress/00-store-verify.lua
new file mode 100755
index 0000000..f45ad7e
--- /dev/null
+++ b/regress/00-store-verify.lua
@@ -0,0 +1,19 @@
1#!/usr/bin/env lua
2
3require"regress".export".*"
4
5local st = store.new()
6
7local ca_key, ca_crt = genkey()
8st:add(ca_crt)
9
10local key, crt = genkey("RSA", ca_key, ca_crt)
11
12local ok, proof_or_reason = st:verify(crt)
13check(ok, "%s", proof_or_reason)
14
15--for _,crt in pairs(proof_or_reason) do
16-- print(crt:text())
17--end
18
19say"OK"
diff --git a/regress/53-csr-extensions.lua b/regress/53-csr-extensions.lua
new file mode 100644
index 0000000..38346da
--- /dev/null
+++ b/regress/53-csr-extensions.lua
@@ -0,0 +1,168 @@
1local auxlib = require"openssl.auxlib"
2local pkey = require "openssl.pkey"
3local x509_csr = require"_openssl.x509.csr"
4local x509_altname = require"openssl.x509.altname"
5local x509_name = require"openssl.x509.name"
6
7local _basename = arg and arg[0] and arg[0]:match"([^/]+)$" or "UNKNOWN"
8
9local function cluck(fmt, ...)
10 io.stderr:write(_basename, ": ", string.format(fmt, ...), "\n")
11end
12
13local function croak(fmt, ...)
14 io.stderr:write(_basename, ": ", string.format(fmt, ...), "\n")
15 os.exit(1)
16end
17
18local function OK()
19 cluck("OK")
20 return true
21end
22
23local _testno = 0
24local function testnames(altnames, expected)
25 local matched = {}
26
27 _testno = _testno + 1
28
29 for type,data in auxlib.pairs(altnames) do
30 local found
31
32 for i,e in ipairs(expected) do
33 if not matched[i] and e.type == type and e.data == data then
34 cluck("expected match #%d.%d found (%s=%s)", _testno, i, type,data)
35
36 matched[i] = true
37 found = true
38 end
39 end
40
41 if not found then
42 return false, string.format("extra name in test #%d (%s=%s)", _testno, type, data)
43 end
44 end
45
46 for i,e in ipairs(expected) do
47 if not matched[i] then
48 return false, string.format("expected match #%d.%d not found (%s=%s)", _testno, i, e.type, e.data)
49 end
50 end
51
52 return true
53end
54
55local function checknames(altnames, expected)
56 local ok, why = testnames(altnames, expected)
57
58 if not ok then
59 croak(why or "UNKNOWN")
60 end
61
62 return true
63end
64
65key = pkey.new({ bits = 4096 })
66
67data = [[
68-----BEGIN CERTIFICATE REQUEST-----
69MIIFQjCCAyoCAQAwUzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1OMRQwEgYDVQQH
70DAtNaW5uZWFwb2xpczEhMB8GA1UECwwYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVk
71MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4sXzE3GQtpFKiuGe389k
72MB0OaGXQxiI/yl6zm9PyYWe5aMpx1THDVhkWXemDVkduEqtLfa8GSNT0ps3BPdTx
73qxNwZ3J9xiVfNZZYO5ZSxs1g32M1lw20wIezLpbQ1ggyt01o9VTQDY6kA+D0G87B
744FtIZxVaXM2z5HVaGYyivxAygDukDsO+RU0NC9mYOfAP4rt/u/xp8LsW0b4aIFqx
75gPcBZj92B+Wi2B4sKSe1m5kMfmh+e8v981hbY7V8FUMebB63iRGF6GU4kjXiMMW6
76gSoc+usq9li8VxjxPngql9pyLqFIa/2gW0c9sKKB2X9tB0nmudjAUrjZjHZEDlNr
77yx15JHhEIT31yP9xGQpy5H+jBldp/shqaV4Alsou9Hn9W71ap7VHOWLrIcaZGKTn
78CVSSYPygn4Rm8Cgwbv5mP6G+SqGHAFqirEysAARUFxsjBLlkNaVFOA38l2cufH8n
791NE/B4iOG/ETvQDR/aKrbyKKo2k/hO941h3J9pwJcCikE0NsRcH6WAm8ifJ0Zd/q
80u8fqI8g9mYPbMWy11+njnfNOVFVhNOmM1/ZM66ac9zgGYncaHu4UzYnvWw75tDbF
81vA+oIJlcxBUtWeTcYRf4xEcRL8IcHEwh1BZq7bgP42Wu+0aBuaa3eYXNBApCNP39
82QmnHlo0iGH2rVeOfcq/wULcCAwEAAaCBqTCBpgYJKoZIhvcNAQkOMYGYMIGVMAkG
83A1UdEwQCMAAwCwYDVR0PBAQDAgXgMHsGA1UdEQR0MHKCE3NlcnZlcjEuZXhhbXBs
84ZS5jb22CEG1haWwuZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNvbYITd3d3LnN1
85Yi5leGFtcGxlLmNvbYIObXguZXhhbXBsZS5jb22CE3N1cHBvcnQuZXhhbXBsZS5j
86b20wDQYJKoZIhvcNAQEFBQADggIBAMiFPtDKVsy4HBhVkHSnbbIl41baaGGFjI/O
87MG8fI7P9jplq5rNZcLxSW2zLzMVuYzCoC+q5roRE5zVVyJlB+5dY0A8e2xKaWVOT
88AB9WvgepPvXDoGNViMBoX/idj3J2BU3e/cX08QWRPjKigwQWQWvUGsZYitGJv+Yv
89/LbIDlxr8Jr+1Txcm1EdXcff6Owlh6Nu59bgCMRdZvABmWfU5ULmUDTJnmc3P9St
90onz07v8ku8/XL7wwOfLJWVSVOk7RONySIJiPfVkgrU3YWiT64JaluDbFEIwnEgJS
9104xL6Pl66bADXCaeG3pZ8ypCs41+4bqFvCnOYma0Sk8fv8hSCWvJfMQI+nQslPJu
92UuGK4C4EEnYvoh/Qs/XEshfrVaNcG0zER3XtsRPAjhZjTPTcRgEjpOI0w3TJAvlN
93LSQV4mXN6E2bcU+cRYvNSgqITwJ7c6wpsONwApIQwFryLsFSCHaIdSLpAZbEPNEW
94UPa3uWXk5lWrBBPPkxyPbt8D3zpzahY4ycYEFKdz8MLdgA7pDalI2XpwgmoUybkw
95AJnsFg7fnFc03R4FsqxCqvbRYj3Bccb8Uhg1zTeXU+7nxjP2yYdT+In16L9SYOsU
964ozEPqnGY9aI11i6C7hBwrUTvHYD6ZSDlylsUXKw/VZXQvS3+C0h6NuRmjBx8jNU
97RG1EyxL4
98-----END CERTIFICATE REQUEST-----
99]]
100
101-- baseline
102do
103 local expected = {
104 { type = "DNS", data = "server1.example.com" },
105 { type = "DNS", data = "mail.example.com" },
106 { type = "DNS", data = "www.example.com" },
107 { type = "DNS", data = "www.sub.example.com" },
108 { type = "DNS", data = "mx.example.com" },
109 { type = "DNS", data = "support.example.com" },
110 }
111
112 checknames((x509_csr.new(data)):getSubjectAlt(), expected)
113end
114
115-- modifying existing altnames
116do
117 local expected = {
118 { type = "DNS", data = "foo.com" },
119 { type = "DNS", data = "*.foo.com" },
120 }
121
122 local csr = x509_csr.new(data)
123 local gn = x509_altname.new()
124 gn:add("DNS", "foo.com")
125 gn:add("DNS", "*.foo.com")
126 csr:setSubjectAlt(gn)
127 csr:setPublicKey(key)
128 csr:sign(key)
129
130 -- check modified object
131 checknames(csr:getSubjectAlt(), expected)
132 -- check after a round-trip through PEM
133 checknames(x509_csr.new(tostring(csr)):getSubjectAlt(), expected)
134end
135
136-- adding altnames where none existed
137do
138 local expected = {
139 name = {
140 { type = "CN", data = "example.com" },
141 },
142 altname = {
143 { type = "DNS", data = "foo.com" },
144 { type = "DNS", data = "*.foo.com" },
145 },
146 }
147
148 local csr = x509_csr.new()
149 local name = x509_name.new()
150 name:add("CN", "example.com")
151 csr:setSubject(name)
152 local gn = x509_altname.new()
153 gn:add("DNS", "foo.com")
154 gn:add("DNS", "*.foo.com")
155 csr:setSubjectAlt(gn)
156 csr:setPublicKey(key)
157 csr:sign(key)
158
159 checknames(csr:getSubject(), expected.name)
160 checknames(csr:getSubjectAlt(), expected.altname)
161
162 local csr1 = x509_csr.new(tostring(csr))
163 checknames(csr1:getSubject(), expected.name)
164 checknames(csr1:getSubjectAlt(), expected.altname)
165end
166
167return OK()
168
diff --git a/regress/regress.lua b/regress/regress.lua
new file mode 100644
index 0000000..8d955ea
--- /dev/null
+++ b/regress/regress.lua
@@ -0,0 +1,161 @@
1local regress = {
2 openssl = require"openssl",
3 pkey = require"openssl.pkey",
4 x509 = require"openssl.x509",
5 name = require"openssl.x509.name",
6 altname = require"openssl.x509.altname",
7 store = require"openssl.x509.store",
8 pack = table.pack or function (...)
9 local t = { ... }
10 t.n = select("#", ...)
11 return t
12 end,
13 unpack = table.unpack or unpack,
14}
15
16local emit_progname = os.getenv"REGRESS_PROGNAME" or "regress"
17local emit_verbose = tonumber(os.getenv"REGRESS_VERBOSE" or 1)
18local emit_info = {}
19local emit_ll = 0
20
21local function emit(fmt, ...)
22 local msg = string.format(fmt, ...)
23
24 for txt, nl in msg:gmatch("([^\n]*)(\n?)") do
25 if emit_ll == 0 and #txt > 0 then
26 io.stderr:write(emit_progname, ": ")
27 emit_ll = #emit_progname + 2
28 end
29
30 io.stderr:write(txt, nl)
31
32 if nl == "\n" then
33 emit_ll = 0
34 else
35 emit_ll = emit_ll + #txt
36 end
37 end
38end -- emit
39
40local function emitln(fmt, ...)
41 if emit_ll > 0 then
42 emit"\n"
43 end
44
45 emit(fmt .. "\n", ...)
46end -- emitln
47
48local function emitinfo()
49 for _, txt in ipairs(emit_info) do
50 emitln("%s", txt)
51 end
52end -- emitinfo
53
54function regress.say(...)
55 emitln(...)
56end -- say
57
58function regress.panic(...)
59 emitinfo()
60 emitln(...)
61 os.exit(1)
62end -- panic
63
64function regress.info(...)
65 if emit_verbose > 1 then
66 emitln(...)
67 else
68 emit_info[#emit_info + 1] = string.format(...)
69
70 if emit_verbose > 0 then
71 if emit_ll > 78 then
72 emit"\n."
73 else
74 emit"."
75 end
76 end
77 end
78end -- info
79
80function regress.check(v, ...)
81 if v then
82 return v, ...
83 else
84 regress.panic(...)
85 end
86end -- check
87
88function regress.export(...)
89 for _, pat in ipairs{ ... } do
90 for k, v in pairs(regress) do
91 if string.match(k, pat) then
92 _G[k] = v
93 end
94 end
95 end
96
97 return regress
98end -- export
99
100local counter = 0
101function regress.genkey(type, ca_key, ca_crt)
102 local pkey = require"openssl.pkey"
103 local x509 = require"openssl.x509"
104 local name = require"openssl.x509.name"
105 local altname = require"openssl.x509.altname"
106 local key
107
108 type = string.upper(type or "RSA")
109
110 if type == "EC" then
111 key = regress.check(pkey.new{ type = "EC", curve = "prime192v1" })
112 else
113 key = regress.check(pkey.new{ type = type, bits = 1024 })
114 end
115
116 local dn = name.new()
117 dn:add("C", "US")
118 dn:add("ST", "California")
119 dn:add("L", "San Francisco")
120 dn:add("O", "Acme, Inc.")
121 dn:add("CN", string.format("acme%d.inc", counter))
122 counter = counter + 1
123
124 local alt = altname.new()
125 alt:add("DNS", "acme.inc")
126 alt:add("DNS", "localhost")
127
128 local crt = x509.new()
129 crt:setVersion(3)
130 crt:setSerial(47)
131 crt:setSubject(dn)
132 crt:setIssuer((ca_crt or crt):getSubject())
133 crt:setSubjectAlt(alt)
134
135 local issued, expires = crt:getLifetime()
136 crt:setLifetime(issued, expires + 60)
137
138 crt:setBasicConstraints{ CA = true, pathLen = 2 }
139 crt:setBasicConstraintsCritical(true)
140
141 crt:setPublicKey(key)
142 crt:sign(ca_key or key)
143
144 return key, crt
145end -- regress.genkey
146
147local function getsubtable(t, name, ...)
148 name = name or false -- cannot be nil
149
150 if not t[name] then
151 t[name] = {}
152 end
153
154 if select('#', ...) > 0 then
155 return getsubtable(t[name], ...)
156 else
157 return t[name]
158 end
159end -- getsubtable
160
161return regress
diff --git a/src/GNUmakefile b/src/GNUmakefile
index 3aff30a..e7cb54d 100644
--- a/src/GNUmakefile
+++ b/src/GNUmakefile
@@ -18,9 +18,9 @@ include $(d)/../GNUmakefile
18# 18#
19OS_$(d) = $(shell $(d)/../mk/vendor.os) 19OS_$(d) = $(shell $(d)/../mk/vendor.os)
20CC_$(d) = $(shell env CC="$(CC) "$(d)/../mk/vendor.cc) 20CC_$(d) = $(shell env CC="$(CC) "$(d)/../mk/vendor.cc)
21LUAPATH_$(d) = $(shell env CC="$(CC)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(<D)/../mk/lua.path -krxm3 -I$(DESTDIR)$(includedir) -I/usr/include -I/usr/local/include -P$(DESTDIR)$(bindir) -P$(bindir) -L$(DESTDIR)$(libdir) -L$(libdir) -v$(1) $(2)) 21LUAPATH_$(d) = $(shell env CC="$(CC)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(<D)/../mk/luapath -krxm3 -I$(DESTDIR)$(includedir) -I/usr/include -I/usr/local/include -P$(DESTDIR)$(bindir) -P$(bindir) -L$(DESTDIR)$(libdir) -L$(libdir) -v$(1) $(2))
22 22
23CPPFLAGS_$(d) = $(CPPFLAGS_$(abspath $(@D)/../..)) -DLUA_COMPAT_APIINTCASTS 23CPPFLAGS_$(d) = $(CPPFLAGS_$(abspath $(@D)/../..)) -DLUA_COMPAT_APIINTCASTS -DHAVE_CONFIG_H
24CFLAGS_$(d) = $(CFLAGS_$(abspath $(@D)/../..)) 24CFLAGS_$(d) = $(CFLAGS_$(abspath $(@D)/../..))
25LDFLAGS_$(d) = $(LDFLAGS_$(abspath $(@D)/../..)) 25LDFLAGS_$(d) = $(LDFLAGS_$(abspath $(@D)/../..))
26SOFLAGS_$(d) = $(SOFLAGS_$(abspath $(@D)/../..)) 26SOFLAGS_$(d) = $(SOFLAGS_$(abspath $(@D)/../..))
@@ -41,6 +41,8 @@ endif
41# 41#
42# C O M P I L A T I O N R U L E S 42# C O M P I L A T I O N R U L E S
43# 43#
44$(d)/config.h: $(abspath $(d)/..)/config.h
45 $(CP) $< $@
44 46
45define BUILD_$(d) 47define BUILD_$(d)
46 48
@@ -49,7 +51,7 @@ define BUILD_$(d)
49$$(d)/$(1)/openssl.so: $$(d)/$(1)/openssl.o 51$$(d)/$(1)/openssl.so: $$(d)/$(1)/openssl.o
50 $$(CC) -o $$@ $$^ $$(SOFLAGS_$$(abspath $$(@D)/..)) $$(SOFLAGS) $$(LDFLAGS_$$(abspath $$(@D)/..)) $$(LDFLAGS) 52 $$(CC) -o $$@ $$^ $$(SOFLAGS_$$(abspath $$(@D)/..)) $$(SOFLAGS) $$(LDFLAGS_$$(abspath $$(@D)/..)) $$(LDFLAGS)
51 53
52$$(d)/$(1)/openssl.o: $$(d)/openssl.c $$(d)/compat52.h 54$$(d)/$(1)/openssl.o: $$(d)/openssl.c $$(d)/compat52.h $$(d)/config.h
53 test "$$(notdir $$(@D))" = "$$(call LUAPATH_$$(<D), $$(notdir $$(@D)), version)" 55 test "$$(notdir $$(@D))" = "$$(call LUAPATH_$$(<D), $$(notdir $$(@D)), version)"
54 $$(MKDIR) -p $$(@D) 56 $$(MKDIR) -p $$(@D)
55 $$(CC) $$(CFLAGS_$$(<D)) $$(CFLAGS) $$(call LUAPATH_$$(<D), $$(notdir $$(@D)), cppflags) $$(CPPFLAGS_$$(<D)) $$(CPPFLAGS) -c -o $$@ $$< 57 $$(CC) $$(CFLAGS_$$(<D)) $$(CFLAGS) $$(call LUAPATH_$$(<D), $$(notdir $$(@D)), cppflags) $$(CPPFLAGS_$$(<D)) $$(CPPFLAGS) -c -o $$@ $$<
@@ -88,6 +90,7 @@ LUAC$(1)_$(d) = $$(or $$(call LUAPATH_$(d), $(1), luac), true)
88MODS$(1)_$(d) = \ 90MODS$(1)_$(d) = \
89 $$(DESTDIR)$(2)/_openssl.so \ 91 $$(DESTDIR)$(2)/_openssl.so \
90 $$(DESTDIR)$(3)/openssl.lua \ 92 $$(DESTDIR)$(3)/openssl.lua \
93 $$(DESTDIR)$(3)/openssl/auxlib.lua \
91 $$(DESTDIR)$(3)/openssl/bignum.lua \ 94 $$(DESTDIR)$(3)/openssl/bignum.lua \
92 $$(DESTDIR)$(3)/openssl/pkey.lua \ 95 $$(DESTDIR)$(3)/openssl/pkey.lua \
93 $$(DESTDIR)$(3)/openssl/pubkey.lua \ 96 $$(DESTDIR)$(3)/openssl/pubkey.lua \
diff --git a/src/openssl.auxlib.lua b/src/openssl.auxlib.lua
new file mode 100644
index 0000000..4f00c25
--- /dev/null
+++ b/src/openssl.auxlib.lua
@@ -0,0 +1,21 @@
1local auxlib = {}
2
3if _VERSION == "Lua 5.1" then
4 local _pairs = pairs
5
6 function auxlib.pairs(t)
7 if type(t) == "userdata" then
8 local mt = getmetatable(t)
9
10 if mt and mt.__pairs then
11 return mt.__pairs(t)
12 else
13 return _pairs(t)
14 end
15 end
16 end
17else
18 auxlib.pairs = pairs
19end
20
21return auxlib
diff --git a/src/openssl.c b/src/openssl.c
index 2275d49..ed7222e 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -23,6 +23,10 @@
23 * USE OR OTHER DEALINGS IN THE SOFTWARE. 23 * USE OR OTHER DEALINGS IN THE SOFTWARE.
24 * ========================================================================== 24 * ==========================================================================
25 */ 25 */
26#if HAVE_CONFIG_H
27#include "config.h"
28#endif
29
26#include <limits.h> /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */ 30#include <limits.h> /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */
27#include <stdint.h> /* uintptr_t */ 31#include <stdint.h> /* uintptr_t */
28#include <string.h> /* memset(3) strerror_r(3) */ 32#include <string.h> /* memset(3) strerror_r(3) */
@@ -79,24 +83,40 @@
79#define LIBRESSL_PREREQ(M, m, p) \ 83#define LIBRESSL_PREREQ(M, m, p) \
80 (LIBRESSL_VERSION_NUMBER >= (((M) << 28) | ((m) << 20) | ((p) << 12))) 84 (LIBRESSL_VERSION_NUMBER >= (((M) << 28) | ((m) << 20) | ((p) << 12)))
81 85
82#ifndef HAVE_DLADDR 86#ifndef HAVE_ASN1_STRING_GET0_DATA
83#define HAVE_DLADDR (!defined _AIX) /* TODO: https://root.cern.ch/drupal/content/aix-and-dladdr */ 87#define HAVE_ASN1_STRING_GET0_DATA OPENSSL_PREREQ(1,1,0)
84#endif 88#endif
85 89
86#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS 90#ifndef HAVE_DH_GET0_KEY
87#define HAVE_SSL_CTX_SET_ALPN_PROTOS OPENSSL_PREREQ(1, 0, 2) 91#define HAVE_DH_GET0_KEY OPENSSL_PREREQ(1,1,0)
88#endif 92#endif
89 93
90#ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB 94#ifndef HAVE_DH_GET0_PQG
91#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB HAVE_SSL_CTX_SET_ALPN_PROTOS 95#define HAVE_DH_GET0_PQG OPENSSL_PREREQ(1,1,0)
92#endif 96#endif
93 97
94#ifndef HAVE_SSL_SET_ALPN_PROTOS 98#ifndef HAVE_DH_SET0_KEY
95#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS 99#define HAVE_DH_SET0_KEY OPENSSL_PREREQ(1,1,0)
96#endif 100#endif
97 101
98#ifndef HAVE_SSL_GET0_ALPN_SELECTED 102#ifndef HAVE_DH_SET0_PQG
99#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS 103#define HAVE_DH_SET0_PQG OPENSSL_PREREQ(1,1,0)
104#endif
105
106#ifndef HAVE_DSA_GET0_KEY
107#define HAVE_DSA_GET0_KEY OPENSSL_PREREQ(1,1,0)
108#endif
109
110#ifndef HAVE_DSA_GET0_PQG
111#define HAVE_DSA_GET0_PQG OPENSSL_PREREQ(1,1,0)
112#endif
113
114#ifndef HAVE_DSA_SET0_KEY
115#define HAVE_DSA_SET0_KEY OPENSSL_PREREQ(1,1,0)
116#endif
117
118#ifndef HAVE_DSA_SET0_PQG
119#define HAVE_DSA_SET0_PQG OPENSSL_PREREQ(1,1,0)
100#endif 120#endif
101 121
102#ifndef HAVE_DTLSV1_CLIENT_METHOD 122#ifndef HAVE_DTLSV1_CLIENT_METHOD
@@ -108,7 +128,7 @@
108#endif 128#endif
109 129
110#ifndef HAVE_DTLS_CLIENT_METHOD 130#ifndef HAVE_DTLS_CLIENT_METHOD
111#define HAVE_DTLS_CLIENT_METHOD (OPENSSL_PREREQ(1, 0, 2) && !defined OPENSSL_NO_DTLS1) 131#define HAVE_DTLS_CLIENT_METHOD (OPENSSL_PREREQ(1,0,2) && !defined OPENSSL_NO_DTLS1)
112#endif 132#endif
113 133
114#ifndef HAVE_DTLS_SERVER_METHOD 134#ifndef HAVE_DTLS_SERVER_METHOD
@@ -116,13 +136,133 @@
116#endif 136#endif
117 137
118#ifndef HAVE_DTLSV1_2_CLIENT_METHOD 138#ifndef HAVE_DTLSV1_2_CLIENT_METHOD
119#define HAVE_DTLSV1_2_CLIENT_METHOD (OPENSSL_PREREQ(1, 0, 2) && !defined OPENSSL_NO_DTLS1) 139#define HAVE_DTLSV1_2_CLIENT_METHOD (OPENSSL_PREREQ(1,0,2) && !defined OPENSSL_NO_DTLS1)
120#endif 140#endif
121 141
122#ifndef HAVE_DTLSV1_2_SERVER_METHOD 142#ifndef HAVE_DTLSV1_2_SERVER_METHOD
123#define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD 143#define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD
124#endif 144#endif
125 145
146#ifndef HAVE_EVP_CIPHER_CTX_FREE
147#define HAVE_EVP_CIPHER_CTX_FREE OPENSSL_PREREQ(1,1,0)
148#endif
149
150#ifndef HAVE_EVP_CIPHER_CTX_NEW
151#define HAVE_EVP_CIPHER_CTX_NEW OPENSSL_PREREQ(1,1,0)
152#endif
153
154#ifndef HAVE_EVP_MD_CTX_FREE
155#define HAVE_EVP_MD_CTX_FREE OPENSSL_PREREQ(1,1,0)
156#endif
157
158#ifndef HAVE_EVP_MD_CTX_NEW
159#define HAVE_EVP_MD_CTX_NEW OPENSSL_PREREQ(1,1,0)
160#endif
161
162#ifndef HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID
163#define HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID OPENSSL_PREREQ(0,9,9)
164#endif
165
166#ifndef HAVE_EVP_PKEY_BASE_ID
167#define HAVE_EVP_PKEY_BASE_ID OPENSSL_PREREQ(1,1,0)
168#endif
169
170#ifndef HAVE_EVP_PKEY_GET0
171#define HAVE_EVP_PKEY_GET0 OPENSSL_PREREQ(1,1,0)
172#endif
173
174#ifndef HAVE_EVP_PKEY_ID
175#define HAVE_EVP_PKEY_ID OPENSSL_PREREQ(1,1,0)
176#endif
177
178#ifndef HAVE_HMAC_CTX_FREE
179#define HAVE_HMAC_CTX_FREE OPENSSL_PREREQ(1,1,0)
180#endif
181
182#ifndef HAVE_HMAC_CTX_NEW
183#define HAVE_HMAC_CTX_NEW OPENSSL_PREREQ(1,1,0)
184#endif
185
186#ifndef HAVE_I2D_RE_X509_REQ_TBS
187#define HAVE_I2D_RE_X509_REQ_TBS OPENSSL_PREREQ(1,1,0)
188#endif
189
190#ifndef HAVE_RSA_GET0_CRT_PARAMS
191#define HAVE_RSA_GET0_CRT_PARAMS OPENSSL_PREREQ(1,1,0)
192#endif
193
194#ifndef HAVE_RSA_GET0_FACTORS
195#define HAVE_RSA_GET0_FACTORS OPENSSL_PREREQ(1,1,0)
196#endif
197
198#ifndef HAVE_RSA_GET0_KEY
199#define HAVE_RSA_GET0_KEY OPENSSL_PREREQ(1,1,0)
200#endif
201
202#ifndef HAVE_RSA_SET0_CRT_PARAMS
203#define HAVE_RSA_SET0_CRT_PARAMS OPENSSL_PREREQ(1,1,0)
204#endif
205
206#ifndef HAVE_RSA_SET0_FACTORS
207#define HAVE_RSA_SET0_FACTORS OPENSSL_PREREQ(1,1,0)
208#endif
209
210#ifndef HAVE_RSA_SET0_KEY
211#define HAVE_RSA_SET0_KEY OPENSSL_PREREQ(1,1,0)
212#endif
213
214#ifndef HAVE_SSL_CLIENT_VERSION
215#define HAVE_SSL_CLIENT_VERSION OPENSSL_PREREQ(1,1,0)
216#endif
217
218#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
219#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3))
220#endif
221
222#ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
223#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB HAVE_SSL_CTX_SET_ALPN_PROTOS
224#endif
225
226#ifndef HAVE_SSL_CTX_SET1_CERT_STORE
227#define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || 0) /* backwards compatible with old macro name */
228#endif
229
230#ifndef HAVE_SSL_CTX_CERT_STORE
231#define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0))
232#endif
233
234#ifndef HAVE_SSL_SET_ALPN_PROTOS
235#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS
236#endif
237
238#ifndef HAVE_SSL_GET0_ALPN_SELECTED
239#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS
240#endif
241
242#ifndef HAVE_SSL_UP_REF
243#define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0)
244#endif
245
246#ifndef HAVE_SSLV2_CLIENT_METHOD
247#define HAVE_SSLV2_CLIENT_METHOD (!OPENSSL_PREREQ(1,1,0) && !defined OPENSSL_NO_SSL2)
248#endif
249
250#ifndef HAVE_SSLV2_SERVER_METHOD
251#define HAVE_SSLV2_SERVER_METHOD (!OPENSSL_PREREQ(1,1,0) && !defined OPENSSL_NO_SSL2)
252#endif
253
254#ifndef HAVE_X509_STORE_REFERENCES
255#define HAVE_X509_STORE_REFERENCES (!OPENSSL_PREREQ(1,1,0))
256#endif
257
258#ifndef HAVE_X509_UP_REF
259#define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0)
260#endif
261
262#ifndef HMAC_INIT_EX_INT
263#define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0)
264#endif
265
126#ifndef STRERROR_R_CHAR_P 266#ifndef STRERROR_R_CHAR_P
127#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600))) 267#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)))
128#endif 268#endif
@@ -161,9 +301,9 @@
161#define PKCS12_CLASS "PKCS12*" 301#define PKCS12_CLASS "PKCS12*"
162#define SSL_CTX_CLASS "SSL_CTX*" 302#define SSL_CTX_CLASS "SSL_CTX*"
163#define SSL_CLASS "SSL*" 303#define SSL_CLASS "SSL*"
164#define DIGEST_CLASS "EVP_MD_CTX" /* not a pointer */ 304#define DIGEST_CLASS "EVP_MD_CTX*"
165#define HMAC_CLASS "HMAC_CTX" /* not a pointer */ 305#define HMAC_CLASS "HMAC_CTX*"
166#define CIPHER_CLASS "EVP_CIPHER_CTX" /* not a pointer */ 306#define CIPHER_CLASS "EVP_CIPHER_CTX*"
167 307
168 308
169#if __GNUC__ 309#if __GNUC__
@@ -488,6 +628,13 @@ static const char *aux_strerror_r(int error, char *dst, size_t lim) {
488 * 628 *
489 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 629 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
490 630
631static void auxS_bn_free_and_set0(BIGNUM **dst, BIGNUM *src) {
632 if (*dst) {
633 BN_clear_free(*dst);
634 }
635 *dst = src;
636} /* auxS_bn_free_and_set0() */
637
491static size_t auxS_nid2sn(void *dst, size_t lim, int nid) { 638static size_t auxS_nid2sn(void *dst, size_t lim, int nid) {
492 const char *sn; 639 const char *sn;
493 640
@@ -1021,14 +1168,173 @@ static struct {
1021 .X509_STORE_free = &X509_STORE_free, 1168 .X509_STORE_free = &X509_STORE_free,
1022}; 1169};
1023 1170
1171#if !HAVE_ASN1_STRING_GET0_DATA
1172#define ASN1_STRING_get0_data(s) ASN1_STRING_data((s))
1173#endif
1174
1175#if !HAVE_DH_GET0_KEY
1176#define DH_get0_key(...) compat_DH_get0_key(__VA_ARGS__)
1177
1178static void compat_DH_get0_key(const DH *d, const BIGNUM **pub_key, const BIGNUM **priv_key) {
1179 if (pub_key)
1180 *pub_key = d->pub_key;
1181 if (priv_key)
1182 *priv_key = d->priv_key;
1183} /* compat_DH_get0_key() */
1184#endif
1185
1186#if !HAVE_DH_GET0_PQG
1187#define DH_get0_pqg(...) compat_DH_get0_pqg(__VA_ARGS__)
1188
1189static void compat_DH_get0_pqg(const DH *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
1190 if (p)
1191 *p = d->p;
1192 if (q)
1193 *q = d->q;
1194 if (g)
1195 *g = d->g;
1196} /* compat_DH_get0_pqg() */
1197#endif
1198
1199#if !HAVE_DH_SET0_KEY
1200#define DH_set0_key(...) compat_DH_set0_key(__VA_ARGS__)
1201
1202static void compat_DH_set0_key(DH *d, BIGNUM *pub_key, BIGNUM *priv_key) {
1203 if (pub_key)
1204 auxS_bn_free_and_set0(&d->pub_key, pub_key);
1205 if (priv_key)
1206 auxS_bn_free_and_set0(&d->priv_key, priv_key);
1207} /* compat_DH_set0_key() */
1208#endif
1209
1210#if !HAVE_DH_SET0_PQG
1211#define DH_set0_pqg(...) compat_DH_set0_pqg(__VA_ARGS__)
1212
1213static void compat_DH_set0_pqg(DH *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
1214 if (p)
1215 auxS_bn_free_and_set0(&d->p, p);
1216 if (q)
1217 auxS_bn_free_and_set0(&d->q, q);
1218 if (g)
1219 auxS_bn_free_and_set0(&d->g, g);
1220} /* compat_DH_set0_pqg() */
1221#endif
1222
1223#if !HAVE_DSA_GET0_KEY
1224#define DSA_get0_key(...) compat_DSA_get0_key(__VA_ARGS__)
1225
1226static void compat_DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) {
1227 if (pub_key)
1228 *pub_key = d->pub_key;
1229 if (priv_key)
1230 *priv_key = d->priv_key;
1231} /* compat_DSA_get0_key() */
1232#endif
1233
1234#if !HAVE_DSA_GET0_PQG
1235#define DSA_get0_pqg(...) compat_DSA_get0_pqg(__VA_ARGS__)
1236
1237static void compat_DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
1238 if (p)
1239 *p = d->p;
1240 if (q)
1241 *q = d->q;
1242 if (g)
1243 *g = d->g;
1244} /* compat_DSA_get0_pqg() */
1245#endif
1246
1247#if !HAVE_DSA_SET0_KEY
1248#define DSA_set0_key(...) compat_DSA_set0_key(__VA_ARGS__)
1249
1250static void compat_DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) {
1251 if (pub_key)
1252 auxS_bn_free_and_set0(&d->pub_key, pub_key);
1253 if (priv_key)
1254 auxS_bn_free_and_set0(&d->priv_key, priv_key);
1255} /* compat_DSA_set0_key() */
1256#endif
1257
1258#if !HAVE_DSA_SET0_PQG
1259#define DSA_set0_pqg(...) compat_DSA_set0_pqg(__VA_ARGS__)
1260
1261static void compat_DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
1262 if (p)
1263 auxS_bn_free_and_set0(&d->p, p);
1264 if (q)
1265 auxS_bn_free_and_set0(&d->q, q);
1266 if (g)
1267 auxS_bn_free_and_set0(&d->g, g);
1268} /* compat_DSA_set0_pqg() */
1269#endif
1270
1271#if !HAVE_EVP_CIPHER_CTX_FREE
1272#define EVP_CIPHER_CTX_free(ctx) compat_EVP_CIPHER_CTX_free((ctx))
1273
1274static void compat_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) {
1275 EVP_CIPHER_CTX_cleanup(ctx);
1276 OPENSSL_free(ctx);
1277} /* compat_EVP_CIPHER_CTX_free() */
1278#endif
1279
1280#if !HAVE_EVP_CIPHER_CTX_NEW
1281#define EVP_CIPHER_CTX_new() compat_EVP_CIPHER_CTX_new()
1282
1283static EVP_CIPHER_CTX *compat_EVP_CIPHER_CTX_new(void) {
1284 EVP_CIPHER_CTX *ctx;
1285
1286 if (!(ctx = OPENSSL_malloc(sizeof *ctx)))
1287 return NULL;
1288 memset(ctx, 0, sizeof *ctx);
1289 EVP_CIPHER_CTX_init(ctx);
1290
1291 return ctx;
1292} /* compat_EVP_CIPHER_CTX_new() */
1293#endif
1294
1295#if !HAVE_EVP_MD_CTX_FREE
1296#define EVP_MD_CTX_free(md) EVP_MD_CTX_destroy((md))
1297#endif
1298
1299#if !HAVE_EVP_MD_CTX_NEW
1300#define EVP_MD_CTX_new(md) EVP_MD_CTX_create()
1301#endif
1302
1303#if !HAVE_EVP_PKEY_ID
1304#define EVP_PKEY_id(key) ((key)->type)
1305#endif
1306
1024#if !HAVE_EVP_PKEY_BASE_ID 1307#if !HAVE_EVP_PKEY_BASE_ID
1025#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key)) 1308#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key))
1026 1309
1027static int compat_EVP_PKEY_base_id(EVP_PKEY *key) { 1310static int compat_EVP_PKEY_base_id(EVP_PKEY *key) {
1028 return EVP_PKEY_type(key->type); 1311 return EVP_PKEY_type(EVP_PKEY_id(key));
1029} /* compat_EVP_PKEY_base_id() */ 1312} /* compat_EVP_PKEY_base_id() */
1030#endif 1313#endif
1031 1314
1315#if !HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID
1316#define EVP_PKEY_get_default_digest_nid(...) \
1317 compat_EVP_PKEY_get_default_digest_nid(__VA_ARGS__)
1318
1319static int compat_EVP_PKEY_get_default_digest_nid(EVP_PKEY *key, int *nid) {
1320 switch (EVP_PKEY_base_id(key)) {
1321 case EVP_PKEY_RSA:
1322 *nid = EVP_MD_nid(EVP_sha1());
1323 break;
1324 case EVP_PKEY_DSA:
1325 *nid = EVP_MD_nid(EVP_dss1());
1326 break;
1327 case EVP_PKEY_EC:
1328 *nid = EVP_MD_nid(EVP_ecdsa());
1329 break;
1330 default:
1331 *nid = EVP_MD_nid(EVP_sha1());
1332 break;
1333 }
1334
1335 return 1;
1336} /* compat_EVP_PKEY_get_default_digest_nid() */
1337#endif
1032 1338
1033#if !HAVE_EVP_PKEY_GET0 1339#if !HAVE_EVP_PKEY_GET0
1034#define EVP_PKEY_get0(key) compat_EVP_PKEY_get0((key)) 1340#define EVP_PKEY_get0(key) compat_EVP_PKEY_get0((key))
@@ -1065,6 +1371,123 @@ static void *compat_EVP_PKEY_get0(EVP_PKEY *key) {
1065} /* compat_EVP_PKEY_get0() */ 1371} /* compat_EVP_PKEY_get0() */
1066#endif 1372#endif
1067 1373
1374#if !HAVE_HMAC_CTX_FREE
1375#define HMAC_CTX_free(ctx) compat_HMAC_CTX_free((ctx))
1376
1377static void compat_HMAC_CTX_free(HMAC_CTX *ctx) {
1378 HMAC_CTX_cleanup(ctx);
1379 OPENSSL_free(ctx);
1380} /* compat_HMAC_CTX_free() */
1381#endif
1382
1383#if !HAVE_HMAC_CTX_NEW
1384#define HMAC_CTX_new() compat_HMAC_CTX_new()
1385
1386static HMAC_CTX *compat_HMAC_CTX_new(void) {
1387 HMAC_CTX *ctx;
1388
1389 if (!(ctx = OPENSSL_malloc(sizeof *ctx)))
1390 return NULL;
1391 memset(ctx, 0, sizeof *ctx);
1392
1393 return ctx;
1394} /* compat_HMAC_CTX_new() */
1395#endif
1396
1397#if !HAVE_RSA_GET0_CRT_PARAMS
1398#define RSA_get0_crt_params(...) compat_RSA_get0_crt_params(__VA_ARGS__)
1399
1400static void compat_RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) {
1401 if (dmp1)
1402 *dmp1 = r->dmp1;
1403 if (dmq1)
1404 *dmq1 = r->dmq1;
1405 if (iqmp)
1406 *iqmp = r->iqmp;
1407} /* compat_RSA_get0_crt_params() */
1408#endif
1409
1410#if !HAVE_RSA_GET0_FACTORS
1411#define RSA_get0_factors(...) compat_RSA_get0_factors(__VA_ARGS__)
1412
1413static void compat_RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
1414 if (p)
1415 *p = r->p;
1416 if (q)
1417 *q = r->q;
1418} /* compat_RSA_get0_factors() */
1419#endif
1420
1421#if !HAVE_RSA_GET0_KEY
1422#define RSA_get0_key(...) compat_RSA_get0_key(__VA_ARGS__)
1423
1424static void compat_RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) {
1425 if (n)
1426 *n = r->n;
1427 if (e)
1428 *e = r->e;
1429 if (d)
1430 *d = r->d;
1431} /* compat_RSA_get0_key() */
1432#endif
1433
1434#if !HAVE_RSA_SET0_CRT_PARAMS
1435#define RSA_set0_crt_params(...) compat_RSA_set0_crt_params(__VA_ARGS__)
1436
1437static void compat_RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
1438 if (dmp1)
1439 auxS_bn_free_and_set0(&r->dmp1, dmp1);
1440 if (dmq1)
1441 auxS_bn_free_and_set0(&r->dmq1, dmq1);
1442 if (iqmp)
1443 auxS_bn_free_and_set0(&r->iqmp, iqmp);
1444} /* compat_RSA_set0_crt_params() */
1445#endif
1446
1447#if !HAVE_RSA_SET0_FACTORS
1448#define RSA_set0_factors(...) compat_RSA_set0_factors(__VA_ARGS__)
1449
1450static void compat_RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
1451 if (p)
1452 auxS_bn_free_and_set0(&r->p, p);
1453 if (q)
1454 auxS_bn_free_and_set0(&r->q, q);
1455} /* compat_RSA_set0_factors() */
1456#endif
1457
1458#if !HAVE_RSA_SET0_KEY
1459#define RSA_set0_key(...) compat_RSA_set0_key(__VA_ARGS__)
1460
1461static void compat_RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
1462 if (n)
1463 auxS_bn_free_and_set0(&r->n, n);
1464 if (e)
1465 auxS_bn_free_and_set0(&r->e, e);
1466 if (d)
1467 auxS_bn_free_and_set0(&r->d, d);
1468} /* compat_RSA_set0_key() */
1469#endif
1470
1471#if !HAVE_SSL_CLIENT_VERSION
1472#define SSL_client_version(...) compat_SSL_client_version(__VA_ARGS__)
1473
1474static int compat_SSL_client_version(const SSL *ssl) {
1475 return ssl->client_version;
1476} /* compat_SSL_client_version() */
1477#endif
1478
1479#if !HAVE_SSL_UP_REF
1480#define SSL_up_ref(...) compat_SSL_up_ref(__VA_ARGS__)
1481
1482static int compat_SSL_up_ref(SSL *ssl) {
1483 /* our caller should already have had a proper reference */
1484 if (CRYPTO_add(&ssl->references, 1, CRYPTO_LOCK_SSL) < 2)
1485 return 0; /* fail */
1486
1487 return 1;
1488} /* compat_SSL_up_ref() */
1489#endif
1490
1068#if !HAVE_X509_GET0_EXT 1491#if !HAVE_X509_GET0_EXT
1069#define X509_get0_ext(crt, i) X509_get_ext((crt), (i)) 1492#define X509_get0_ext(crt, i) X509_get_ext((crt), (i))
1070#endif 1493#endif
@@ -1081,13 +1504,18 @@ static void *compat_EVP_PKEY_get0(EVP_PKEY *key) {
1081#define X509_EXTENSION_get0_data(ext) X509_EXTENSION_get_data((ext)) 1504#define X509_EXTENSION_get0_data(ext) X509_EXTENSION_get_data((ext))
1082#endif 1505#endif
1083 1506
1507#if HAVE_X509_STORE_REFERENCES
1084/* 1508/*
1085 * X509_STORE_free in OpenSSL versions < 1.0.2 doesn't obey reference count 1509 * X509_STORE_free in OpenSSL versions < 1.0.2 doesn't obey reference count
1086 */ 1510 */
1087#define X509_STORE_free(store) \ 1511#define X509_STORE_free(store) \
1088 (compat.X509_STORE_free)((store)) 1512 (compat.X509_STORE_free)((store))
1089 1513
1090static void compat_X509_STORE_free(X509_STORE *store) { 1514/* to support preprocessor detection below */
1515#define compat_X509_STORE_free(store) \
1516 compat_X509_STORE_free((store))
1517
1518static void (compat_X509_STORE_free)(X509_STORE *store) {
1091 int i; 1519 int i;
1092 1520
1093 i = CRYPTO_add(&store->references, -1, CRYPTO_LOCK_X509_STORE); 1521 i = CRYPTO_add(&store->references, -1, CRYPTO_LOCK_X509_STORE);
@@ -1097,12 +1525,21 @@ static void compat_X509_STORE_free(X509_STORE *store) {
1097 1525
1098 (X509_STORE_free)(store); 1526 (X509_STORE_free)(store);
1099} /* compat_X509_STORE_free() */ 1527} /* compat_X509_STORE_free() */
1528#endif
1100 1529
1101#if !HAVE_SSL_CTX_set1_cert_store 1530#if !HAVE_SSL_CTX_SET1_CERT_STORE
1531#if !HAVE_SSL_CTX_CERT_STORE || !HAVE_X509_STORE_REFERENCES
1102#define SSL_CTX_set1_cert_store(ctx, store) \ 1532#define SSL_CTX_set1_cert_store(ctx, store) \
1533 SSL_CTX_set_cert_store((ctx), (store))
1534#else
1535#define SSL_CTX_set1_cert_store(ctx, store) \
1536 compat_SSL_CTX_set1_cert_store((ctx), (store))
1537
1538/* to support preprocessor detection below */
1539#define compat_SSL_CTX_set1_cert_store(ctx, store) \
1103 compat_SSL_CTX_set1_cert_store((ctx), (store)) 1540 compat_SSL_CTX_set1_cert_store((ctx), (store))
1104 1541
1105static void compat_SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) { 1542static void (compat_SSL_CTX_set1_cert_store)(SSL_CTX *ctx, X509_STORE *store) {
1106 int n; 1543 int n;
1107 1544
1108 /* 1545 /*
@@ -1122,6 +1559,9 @@ static void compat_SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1122 CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); 1559 CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
1123} /* compat_SSL_CTX_set1_cert_store() */ 1560} /* compat_SSL_CTX_set1_cert_store() */
1124#endif 1561#endif
1562#endif
1563
1564#if HAVE_SSL_CTX_CERT_STORE
1125 1565
1126static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) { 1566static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
1127 SSL_CTX *ctx = _ctx; 1567 SSL_CTX *ctx = _ctx;
@@ -1132,6 +1572,8 @@ static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX
1132 } 1572 }
1133} /* compat_init_SSL_CTX_onfree() */ 1573} /* compat_init_SSL_CTX_onfree() */
1134 1574
1575#endif
1576
1135/* helper routine to determine if X509_STORE_free obeys reference count */ 1577/* helper routine to determine if X509_STORE_free obeys reference count */
1136static void compat_init_X509_STORE_onfree(void *store, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) { 1578static void compat_init_X509_STORE_onfree(void *store, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
1137 /* unfortunately there's no way to remove a handler */ 1579 /* unfortunately there's no way to remove a handler */
@@ -1142,6 +1584,18 @@ static void compat_init_X509_STORE_onfree(void *store, void *data NOTUSED, CRYPT
1142 compat.tmp.store = NULL; 1584 compat.tmp.store = NULL;
1143} /* compat_init_X509_STORE_onfree() */ 1585} /* compat_init_X509_STORE_onfree() */
1144 1586
1587#if !HAVE_X509_UP_REF
1588#define X509_up_ref(...) compat_X509_up_ref(__VA_ARGS__)
1589
1590static int compat_X509_up_ref(X509 *crt) {
1591 /* our caller should already have had a proper reference */
1592 if (CRYPTO_add(&crt->references, 1, CRYPTO_LOCK_X509) < 2)
1593 return 0; /* fail */
1594
1595 return 1;
1596} /* compat_X509_up_ref() */
1597#endif
1598
1145static int compat_init(void) { 1599static int compat_init(void) {
1146 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; 1600 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
1147 static int store_index = -1, ssl_ctx_index = -1, done; 1601 static int store_index = -1, ssl_ctx_index = -1, done;
@@ -1161,6 +1615,7 @@ static int compat_init(void) {
1161 if ((error = dl_anchor())) 1615 if ((error = dl_anchor()))
1162 goto epilog; 1616 goto epilog;
1163 1617
1618#if defined compat_X509_STORE_free
1164 /* 1619 /*
1165 * Test if X509_STORE_free obeys reference counts by installing an 1620 * Test if X509_STORE_free obeys reference counts by installing an
1166 * onfree callback. 1621 * onfree callback.
@@ -1210,6 +1665,7 @@ static int compat_init(void) {
1210 1665
1211 compat.flags |= COMPAT_X509_STORE_FREE_BUG; 1666 compat.flags |= COMPAT_X509_STORE_FREE_BUG;
1212 } 1667 }
1668#endif
1213 1669
1214 done = 1; 1670 done = 1;
1215epilog: 1671epilog:
@@ -1262,7 +1718,13 @@ static struct ex_type {
1262 [EX_SSL_CTX_ALPN_SELECT_CB] = { CRYPTO_EX_INDEX_SSL_CTX, -1, &SSL_CTX_get_ex_data, &SSL_CTX_set_ex_data }, 1718 [EX_SSL_CTX_ALPN_SELECT_CB] = { CRYPTO_EX_INDEX_SSL_CTX, -1, &SSL_CTX_get_ex_data, &SSL_CTX_set_ex_data },
1263}; 1719};
1264 1720
1265static int ex_ondup(CRYPTO_EX_DATA *to NOTUSED, CRYPTO_EX_DATA *from NOTUSED, void *from_d, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) { 1721#if OPENSSL_PREREQ(1,1,0)
1722typedef const CRYPTO_EX_DATA const_CRYPTO_EX_DATA;
1723#else
1724typedef CRYPTO_EX_DATA const_CRYPTO_EX_DATA;
1725#endif
1726
1727static int ex_ondup(CRYPTO_EX_DATA *to NOTUSED, const_CRYPTO_EX_DATA *from NOTUSED, void *from_d, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
1266 struct ex_data **data = from_d; 1728 struct ex_data **data = from_d;
1267 1729
1268 if (*data) 1730 if (*data)
@@ -1861,13 +2323,13 @@ static BIGNUM *(checkbig)(lua_State *L, int index, _Bool *lvalue) {
1861 if (hex) { 2323 if (hex) {
1862 luaL_argcheck(L, len > 2+(size_t)neg, index, "invalid hex string"); 2324 luaL_argcheck(L, len > 2+(size_t)neg, index, "invalid hex string");
1863 for (i = 2+neg; i < len; i++) { 2325 for (i = 2+neg; i < len; i++) {
1864 if (!isxdigit(str[i])) 2326 if (!isxdigit((unsigned char)str[i]))
1865 luaL_argerror(L, 1, "invalid hex string"); 2327 luaL_argerror(L, 1, "invalid hex string");
1866 } 2328 }
1867 } else { 2329 } else {
1868 luaL_argcheck(L, len > neg, index, "invalid decimal string"); 2330 luaL_argcheck(L, len > neg, index, "invalid decimal string");
1869 for (i = neg; i < len; i++) { 2331 for (i = neg; i < len; i++) {
1870 if (!isdigit(str[i])) 2332 if (!isdigit((unsigned char)str[i]))
1871 luaL_argerror(L, 1, "invalid decimal string"); 2333 luaL_argerror(L, 1, "invalid decimal string");
1872 } 2334 }
1873 } 2335 }
@@ -2644,7 +3106,7 @@ static int pk_interpose(lua_State *L) {
2644 3106
2645static int pk_type(lua_State *L) { 3107static int pk_type(lua_State *L) {
2646 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); 3108 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
2647 int nid = key->type; 3109 int nid = EVP_PKEY_id(key);
2648 3110
2649 auxL_pushnid(L, nid); 3111 auxL_pushnid(L, nid);
2650 3112
@@ -2718,7 +3180,7 @@ static int pk_setPrivateKey(lua_State *L) {
2718 3180
2719static int pk_sign(lua_State *L) { 3181static int pk_sign(lua_State *L) {
2720 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); 3182 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
2721 EVP_MD_CTX *md = luaL_checkudata(L, 2, DIGEST_CLASS); 3183 EVP_MD_CTX *md = checksimple(L, 2, DIGEST_CLASS);
2722 luaL_Buffer B; 3184 luaL_Buffer B;
2723 unsigned n; 3185 unsigned n;
2724 3186
@@ -2742,7 +3204,7 @@ static int pk_verify(lua_State *L) {
2742 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); 3204 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
2743 size_t len; 3205 size_t len;
2744 const void *sig = luaL_checklstring(L, 2, &len); 3206 const void *sig = luaL_checklstring(L, 2, &len);
2745 EVP_MD_CTX *md = luaL_checkudata(L, 3, DIGEST_CLASS); 3207 EVP_MD_CTX *md = checksimple(L, 3, DIGEST_CLASS);
2746 3208
2747 switch (EVP_VerifyFinal(md, sig, len, key)) { 3209 switch (EVP_VerifyFinal(md, sig, len, key)) {
2748 case 0: /* WRONG */ 3210 case 0: /* WRONG */
@@ -2806,7 +3268,7 @@ static int pk_toPEM(lua_State *L) {
2806#if 0 3268#if 0
2807 case 4: case 5: /* params, Parameters */ 3269 case 4: case 5: /* params, Parameters */
2808 /* EVP_PKEY_base_id not in OS X */ 3270 /* EVP_PKEY_base_id not in OS X */
2809 switch (EVP_PKEY_type(key->type)) { 3271 switch (EVP_PKEY_base_id(key)) {
2810 case EVP_PKEY_RSA: 3272 case EVP_PKEY_RSA:
2811 break; 3273 break;
2812 case EVP_PKEY_DSA: { 3274 case EVP_PKEY_DSA: {
@@ -2849,7 +3311,7 @@ static int pk_toPEM(lua_State *L) {
2849 } 3311 }
2850#endif 3312#endif
2851 default: 3313 default:
2852 return luaL_error(L, "%d: unsupported EVP_PKEY base type", EVP_PKEY_type(key->type)); 3314 return luaL_error(L, "%d: unsupported EVP_PKEY base type", EVP_PKEY_base_id(key));
2853 } 3315 }
2854 3316
2855 lua_pushlstring(L, pem, len); 3317 lua_pushlstring(L, pem, len);
@@ -2869,6 +3331,26 @@ static int pk_toPEM(lua_State *L) {
2869} /* pk_toPEM() */ 3331} /* pk_toPEM() */
2870 3332
2871 3333
3334static int pk_getDefaultDigestName(lua_State *L) {
3335 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
3336 int nid;
3337 char txt[256];
3338 size_t len;
3339
3340 if (!(EVP_PKEY_get_default_digest_nid(key, &nid) > 0))
3341 return auxL_error(L, auxL_EOPENSSL, "pkey:getDefaultDigestName");
3342
3343 if (!(len = auxS_nid2txt(txt, sizeof txt, nid)))
3344 return auxL_error(L, auxL_EOPENSSL, "pkey:getDefaultDigestName");
3345 if (len > sizeof txt)
3346 return auxL_error(L, EOVERFLOW, "pkey:getDefaultDigestName");
3347
3348 lua_pushlstring(L, txt, len);
3349
3350 return 1;
3351} /* pk_getDefaultDigestName() */
3352
3353
2872enum pk_param { 3354enum pk_param {
2873#define PK_RSA_OPTLIST { "n", "e", "d", "p", "q", "dmp1", "dmq1", "iqmp", NULL } 3355#define PK_RSA_OPTLIST { "n", "e", "d", "p", "q", "dmp1", "dmq1", "iqmp", NULL }
2874#define PK_RSA_OPTOFFSET PK_RSA_N 3356#define PK_RSA_OPTOFFSET PK_RSA_N
@@ -2965,82 +3447,100 @@ static void pk_pushparam(lua_State *L, void *base_key, enum pk_param which) {
2965 EC_KEY *ec; 3447 EC_KEY *ec;
2966#endif 3448#endif
2967 } key = { base_key }; 3449 } key = { base_key };
3450 const BIGNUM *i;
2968 3451
2969 switch (which) { 3452 switch (which) {
2970 case PK_RSA_N: 3453 case PK_RSA_N:
2971 /* RSA public modulus n */ 3454 /* RSA public modulus n */
2972 bn_dup_nil(L, key.rsa->n); 3455 RSA_get0_key(key.rsa, &i, NULL, NULL);
3456 bn_dup_nil(L, i);
2973 3457
2974 break; 3458 break;
2975 case PK_RSA_E: 3459 case PK_RSA_E:
2976 /* RSA public exponent e */ 3460 /* RSA public exponent e */
2977 bn_dup_nil(L, key.rsa->e); 3461 RSA_get0_key(key.rsa, NULL, &i, NULL);
3462 bn_dup_nil(L, i);
2978 3463
2979 break; 3464 break;
2980 case PK_RSA_D: 3465 case PK_RSA_D:
2981 /* RSA secret exponent d */ 3466 /* RSA secret exponent d */
2982 bn_dup_nil(L, key.rsa->d); 3467 RSA_get0_key(key.rsa, NULL, NULL, &i);
3468 bn_dup_nil(L, i);
2983 3469
2984 break; 3470 break;
2985 case PK_RSA_P: 3471 case PK_RSA_P:
2986 /* RSA secret prime p */ 3472 /* RSA secret prime p */
2987 bn_dup_nil(L, key.rsa->p); 3473 RSA_get0_factors(key.rsa, &i, NULL);
3474 bn_dup_nil(L, i);
2988 3475
2989 break; 3476 break;
2990 case PK_RSA_Q: 3477 case PK_RSA_Q:
2991 /* RSA secret prime q with p < q */ 3478 /* RSA secret prime q with p < q */
2992 bn_dup_nil(L, key.rsa->q); 3479 RSA_get0_factors(key.rsa, NULL, &i);
3480 bn_dup_nil(L, i);
2993 3481
2994 break; 3482 break;
2995 case PK_RSA_DMP1: 3483 case PK_RSA_DMP1:
2996 /* exponent1 */ 3484 /* exponent1 */
2997 bn_dup_nil(L, key.rsa->dmp1); 3485 RSA_get0_crt_params(key.rsa, &i, NULL, NULL);
3486 bn_dup_nil(L, i);
2998 3487
2999 break; 3488 break;
3000 case PK_RSA_DMQ1: 3489 case PK_RSA_DMQ1:
3001 /* exponent2 */ 3490 /* exponent2 */
3002 bn_dup_nil(L, key.rsa->dmq1); 3491 RSA_get0_crt_params(key.rsa, NULL, &i, NULL);
3492 bn_dup_nil(L, i);
3003 3493
3004 break; 3494 break;
3005 case PK_RSA_IQMP: 3495 case PK_RSA_IQMP:
3006 /* coefficient */ 3496 /* coefficient */
3007 bn_dup_nil(L, key.rsa->iqmp); 3497 RSA_get0_crt_params(key.rsa, NULL, NULL, &i);
3498 bn_dup_nil(L, i);
3008 3499
3009 break; 3500 break;
3010 case PK_DSA_P: 3501 case PK_DSA_P:
3011 bn_dup_nil(L, key.dsa->p); 3502 DSA_get0_pqg(key.dsa, &i, NULL, NULL);
3503 bn_dup_nil(L, i);
3012 3504
3013 break; 3505 break;
3014 case PK_DSA_Q: 3506 case PK_DSA_Q:
3015 bn_dup_nil(L, key.dsa->q); 3507 DSA_get0_pqg(key.dsa, NULL, &i, NULL);
3508 bn_dup_nil(L, i);
3016 3509
3017 break; 3510 break;
3018 case PK_DSA_G: 3511 case PK_DSA_G:
3019 bn_dup_nil(L, key.dsa->g); 3512 DSA_get0_pqg(key.dsa, NULL, NULL, &i);
3513 bn_dup_nil(L, i);
3020 3514
3021 break; 3515 break;
3022 case PK_DSA_PUB_KEY: 3516 case PK_DSA_PUB_KEY:
3023 bn_dup_nil(L, key.dsa->pub_key); 3517 DSA_get0_key(key.dsa, &i, NULL);
3518 bn_dup_nil(L, i);
3024 3519
3025 break; 3520 break;
3026 case PK_DSA_PRIV_KEY: 3521 case PK_DSA_PRIV_KEY:
3027 bn_dup_nil(L, key.dsa->priv_key); 3522 DSA_get0_key(key.dsa, NULL, &i);
3523 bn_dup_nil(L, i);
3028 3524
3029 break; 3525 break;
3030 case PK_DH_P: 3526 case PK_DH_P:
3031 bn_dup_nil(L, key.dh->p); 3527 DH_get0_pqg(key.dh, &i, NULL, NULL);
3528 bn_dup_nil(L, i);
3032 3529
3033 break; 3530 break;
3034 case PK_DH_G: 3531 case PK_DH_G:
3035 bn_dup_nil(L, key.dh->g); 3532 DH_get0_pqg(key.dh, NULL, NULL, &i);
3533 bn_dup_nil(L, i);
3036 3534
3037 break; 3535 break;
3038 case PK_DH_PUB_KEY: 3536 case PK_DH_PUB_KEY:
3039 bn_dup_nil(L, key.dh->pub_key); 3537 DH_get0_key(key.dh, &i, NULL);
3538 bn_dup_nil(L, i);
3040 3539
3041 break; 3540 break;
3042 case PK_DH_PRIV_KEY: 3541 case PK_DH_PRIV_KEY:
3043 bn_dup_nil(L, key.dh->priv_key); 3542 DH_get0_key(key.dh, NULL, &i);
3543 bn_dup_nil(L, i);
3044 3544
3045 break; 3545 break;
3046#ifndef OPENSSL_NO_EC 3546#ifndef OPENSSL_NO_EC
@@ -3073,22 +3573,9 @@ static void pk_pushparam(lua_State *L, void *base_key, enum pk_param which) {
3073} /* pk_pushparam() */ 3573} /* pk_pushparam() */
3074 3574
3075 3575
3076static _Bool pk_bn_set_nothrow(BIGNUM **dst, BIGNUM *src) { 3576#define pk_setparam_bn_dup(L, index, dst) do { \
3077 BIGNUM *tmp; 3577 BIGNUM *tmp = checkbig((L), (index)); \
3078 3578 if (!(*dst = BN_dup(tmp))) \
3079 if (!(tmp = BN_dup(src)))
3080 return 0;
3081
3082 if (*dst)
3083 BN_clear_free(*dst);
3084 *dst = tmp;
3085
3086 return 1;
3087} /* pk_bn_set_nothrow() */
3088
3089#define pk_bn_set(L, dst, index) do { \
3090 BIGNUM *n = checkbig((L), (index)); \
3091 if (!pk_bn_set_nothrow((dst), n)) \
3092 goto sslerr; \ 3579 goto sslerr; \
3093} while (0) 3580} while (0)
3094 3581
@@ -3101,74 +3588,92 @@ static void pk_setparam(lua_State *L, void *base_key, enum pk_param which, int i
3101 EC_KEY *ec; 3588 EC_KEY *ec;
3102#endif 3589#endif
3103 } key = { base_key }; 3590 } key = { base_key };
3591 BIGNUM *i;
3104 3592
3105 switch (which) { 3593 switch (which) {
3106 case PK_RSA_N: 3594 case PK_RSA_N:
3107 pk_bn_set(L, &key.rsa->n, index); 3595 pk_setparam_bn_dup(L, index, &i);
3596 RSA_set0_key(key.rsa, i, NULL, NULL);
3108 3597
3109 break; 3598 break;
3110 case PK_RSA_E: 3599 case PK_RSA_E:
3111 pk_bn_set(L, &key.rsa->e, index); 3600 pk_setparam_bn_dup(L, index, &i);
3601 RSA_set0_key(key.rsa, NULL, i, NULL);
3112 3602
3113 break; 3603 break;
3114 case PK_RSA_D: 3604 case PK_RSA_D:
3115 pk_bn_set(L, &key.rsa->d, index); 3605 pk_setparam_bn_dup(L, index, &i);
3606 RSA_set0_key(key.rsa, NULL, NULL, i);
3116 3607
3117 break; 3608 break;
3118 case PK_RSA_P: 3609 case PK_RSA_P:
3119 pk_bn_set(L, &key.rsa->p, index); 3610 pk_setparam_bn_dup(L, index, &i);
3611 RSA_set0_factors(key.rsa, i, NULL);
3120 3612
3121 break; 3613 break;
3122 case PK_RSA_Q: 3614 case PK_RSA_Q:
3123 pk_bn_set(L, &key.rsa->q, index); 3615 pk_setparam_bn_dup(L, index, &i);
3616 RSA_set0_factors(key.rsa, NULL, i);
3124 3617
3125 break; 3618 break;
3126 case PK_RSA_DMP1: 3619 case PK_RSA_DMP1:
3127 pk_bn_set(L, &key.rsa->dmp1, index); 3620 pk_setparam_bn_dup(L, index, &i);
3621 RSA_set0_crt_params(key.rsa, i, NULL, NULL);
3128 3622
3129 break; 3623 break;
3130 case PK_RSA_DMQ1: 3624 case PK_RSA_DMQ1:
3131 pk_bn_set(L, &key.rsa->dmq1, index); 3625 pk_setparam_bn_dup(L, index, &i);
3626 RSA_set0_crt_params(key.rsa, NULL, i, NULL);
3132 3627
3133 break; 3628 break;
3134 case PK_RSA_IQMP: 3629 case PK_RSA_IQMP:
3135 pk_bn_set(L, &key.rsa->iqmp, index); 3630 pk_setparam_bn_dup(L, index, &i);
3631 RSA_set0_crt_params(key.rsa, NULL, NULL, i);
3136 3632
3137 break; 3633 break;
3138 case PK_DSA_P: 3634 case PK_DSA_P:
3139 pk_bn_set(L, &key.dsa->p, index); 3635 pk_setparam_bn_dup(L, index, &i);
3636 DSA_set0_pqg(key.dsa, i, NULL, NULL);
3140 3637
3141 break; 3638 break;
3142 case PK_DSA_Q: 3639 case PK_DSA_Q:
3143 pk_bn_set(L, &key.dsa->q, index); 3640 pk_setparam_bn_dup(L, index, &i);
3641 DSA_set0_pqg(key.dsa, NULL, i, NULL);
3144 3642
3145 break; 3643 break;
3146 case PK_DSA_G: 3644 case PK_DSA_G:
3147 pk_bn_set(L, &key.dsa->g, index); 3645 pk_setparam_bn_dup(L, index, &i);
3646 DSA_set0_pqg(key.dsa, NULL, NULL, i);
3148 3647
3149 break; 3648 break;
3150 case PK_DSA_PUB_KEY: 3649 case PK_DSA_PUB_KEY:
3151 pk_bn_set(L, &key.dsa->pub_key, index); 3650 pk_setparam_bn_dup(L, index, &i);
3651 DSA_set0_key(key.dsa, i, NULL);
3152 3652
3153 break; 3653 break;
3154 case PK_DSA_PRIV_KEY: 3654 case PK_DSA_PRIV_KEY:
3155 pk_bn_set(L, &key.dsa->priv_key, index); 3655 pk_setparam_bn_dup(L, index, &i);
3656 DSA_set0_key(key.dsa, NULL, i);
3156 3657
3157 break; 3658 break;
3158 case PK_DH_P: 3659 case PK_DH_P:
3159 pk_bn_set(L, &key.dh->p, index); 3660 pk_setparam_bn_dup(L, index, &i);
3661 DH_set0_pqg(key.dh, i, NULL, NULL);
3160 3662
3161 break; 3663 break;
3162 case PK_DH_G: 3664 case PK_DH_G:
3163 pk_bn_set(L, &key.dh->g, index); 3665 pk_setparam_bn_dup(L, index, &i);
3666 DH_set0_pqg(key.dh, NULL, NULL, i);
3164 3667
3165 break; 3668 break;
3166 case PK_DH_PUB_KEY: 3669 case PK_DH_PUB_KEY:
3167 pk_bn_set(L, &key.dh->pub_key, index); 3670 pk_setparam_bn_dup(L, index, &i);
3671 DH_set0_key(key.dh, i, NULL);
3168 3672
3169 break; 3673 break;
3170 case PK_DH_PRIV_KEY: 3674 case PK_DH_PRIV_KEY:
3171 pk_bn_set(L, &key.dh->priv_key, index); 3675 pk_setparam_bn_dup(L, index, &i);
3676 DH_set0_key(key.dh, NULL, i);
3172 3677
3173 break; 3678 break;
3174#ifndef OPENSSL_NO_EC 3679#ifndef OPENSSL_NO_EC
@@ -3399,6 +3904,7 @@ static const auxL_Reg pk_methods[] = {
3399 { "setPrivateKey", &pk_setPrivateKey }, 3904 { "setPrivateKey", &pk_setPrivateKey },
3400 { "sign", &pk_sign }, 3905 { "sign", &pk_sign },
3401 { "verify", &pk_verify }, 3906 { "verify", &pk_verify },
3907 { "getDefaultDigestName", &pk_getDefaultDigestName },
3402 { "toPEM", &pk_toPEM }, 3908 { "toPEM", &pk_toPEM },
3403 { "getParameters", &pk_getParameters }, 3909 { "getParameters", &pk_getParameters },
3404 { "setParameters", &pk_setParameters }, 3910 { "setParameters", &pk_setParameters },
@@ -3474,21 +3980,6 @@ static EC_GROUP *ecg_dup_nil(lua_State *L, const EC_GROUP *src) {
3474 return (src)? ecg_dup(L, src) : (lua_pushnil(L), (EC_GROUP *)0); 3980 return (src)? ecg_dup(L, src) : (lua_pushnil(L), (EC_GROUP *)0);
3475} /* ecg_dup_nil() */ 3981} /* ecg_dup_nil() */
3476 3982
3477static EC_GROUP *ecg_new_by_nid(int nid) {
3478 EC_GROUP *group;
3479
3480 if (!(group = EC_GROUP_new_by_curve_name(nid)))
3481 return NULL;
3482
3483 /* flag as named for benefit of __tostring */
3484 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
3485
3486 /* compressed points may be patented */
3487 EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
3488
3489 return group;
3490} /* ecg_new_by_nid() */
3491
3492static EC_GROUP *ecg_push_by_nid(lua_State *L, int nid) { 3983static EC_GROUP *ecg_push_by_nid(lua_State *L, int nid) {
3493 EC_GROUP **group = prepsimple(L, EC_GROUP_CLASS); 3984 EC_GROUP **group = prepsimple(L, EC_GROUP_CLASS);
3494 3985
@@ -3743,7 +4234,7 @@ static int xn_all(lua_State *L) {
3743 lua_setfield(L, -2, "id"); 4234 lua_setfield(L, -2, "id");
3744 4235
3745 len = ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)); 4236 len = ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry));
3746 lua_pushlstring(L, (char *)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), len); 4237 lua_pushlstring(L, (char *)ASN1_STRING_get0_data(X509_NAME_ENTRY_get_data(entry)), len);
3747 4238
3748 lua_setfield(L, -2, "blob"); 4239 lua_setfield(L, -2, "blob");
3749 4240
@@ -3777,7 +4268,7 @@ static int xn__next(lua_State *L) {
3777 lua_pushlstring(L, txt, len); 4268 lua_pushlstring(L, txt, len);
3778 4269
3779 len = ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)); 4270 len = ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry));
3780 lua_pushlstring(L, (char *)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), len); 4271 lua_pushlstring(L, (char *)ASN1_STRING_get0_data(X509_NAME_ENTRY_get_data(entry)), len);
3781 4272
3782 break; 4273 break;
3783 } 4274 }
@@ -3955,7 +4446,7 @@ text:
3955 4446
3956 gen->type = type; 4447 gen->type = type;
3957 4448
3958 if (!(gen->d.ia5 = M_ASN1_IA5STRING_new())) 4449 if (!(gen->d.ia5 = ASN1_STRING_type_new(V_ASN1_IA5STRING)))
3959 goto error; 4450 goto error;
3960 4451
3961 if (!ASN1_STRING_set(gen->d.ia5, (unsigned char *)txt, len)) 4452 if (!ASN1_STRING_set(gen->d.ia5, (unsigned char *)txt, len))
@@ -3976,7 +4467,7 @@ error:
3976 4467
3977 4468
3978#define GN_PUSHSTRING(L, o) \ 4469#define GN_PUSHSTRING(L, o) \
3979 lua_pushlstring((L), (char *)M_ASN1_STRING_data((o)), M_ASN1_STRING_length((o))) 4470 lua_pushlstring((L), (char *)ASN1_STRING_get0_data((o)), ASN1_STRING_length((o)))
3980 4471
3981static int gn__next(lua_State *L) { 4472static int gn__next(lua_State *L) {
3982 GENERAL_NAMES *gens = checksimple(L, lua_upvalueindex(1), X509_GENS_CLASS); 4473 GENERAL_NAMES *gens = checksimple(L, lua_upvalueindex(1), X509_GENS_CLASS);
@@ -4013,8 +4504,8 @@ static int gn__next(lua_State *L) {
4013 4504
4014 break; 4505 break;
4015 case GEN_IPADD: 4506 case GEN_IPADD:
4016 txt = (char *)M_ASN1_STRING_data(name->d.iPAddress); 4507 txt = (char *)ASN1_STRING_get0_data(name->d.iPAddress);
4017 len = M_ASN1_STRING_length(name->d.iPAddress); 4508 len = ASN1_STRING_length(name->d.iPAddress);
4018 4509
4019 switch (len) { 4510 switch (len) {
4020 case 16: 4511 case 16:
@@ -4259,7 +4750,7 @@ static int xe_getLongName(lua_State *L) {
4259static int xe_getData(lua_State *L) { 4750static int xe_getData(lua_State *L) {
4260 ASN1_STRING *data = X509_EXTENSION_get0_data(checksimple(L, 1, X509_EXT_CLASS)); 4751 ASN1_STRING *data = X509_EXTENSION_get0_data(checksimple(L, 1, X509_EXT_CLASS));
4261 4752
4262 lua_pushlstring(L, (char *)ASN1_STRING_data(data), ASN1_STRING_length(data)); 4753 lua_pushlstring(L, (char *)ASN1_STRING_get0_data(data), ASN1_STRING_length(data));
4263 4754
4264 return 1; 4755 return 1;
4265} /* xe_getData() */ 4756} /* xe_getData() */
@@ -4332,6 +4823,7 @@ static const auxL_IntegerReg xe_textopts[] = {
4332 { "ERROR_UNKNOWN", X509V3_EXT_ERROR_UNKNOWN }, 4823 { "ERROR_UNKNOWN", X509V3_EXT_ERROR_UNKNOWN },
4333 { "PARSE_UNKNOWN", X509V3_EXT_PARSE_UNKNOWN }, 4824 { "PARSE_UNKNOWN", X509V3_EXT_PARSE_UNKNOWN },
4334 { "DUMP_UNKNOWN", X509V3_EXT_DUMP_UNKNOWN }, 4825 { "DUMP_UNKNOWN", X509V3_EXT_DUMP_UNKNOWN },
4826 { NULL, 0 },
4335}; 4827};
4336 4828
4337int luaopen__openssl_x509_extension(lua_State *L) { 4829int luaopen__openssl_x509_extension(lua_State *L) {
@@ -4588,7 +5080,7 @@ static double timeutc(ASN1_TIME *time) {
4588 if (!ASN1_TIME_check(time)) 5080 if (!ASN1_TIME_check(time))
4589 return 0; 5081 return 0;
4590 5082
4591 cp = strncpy(buf, (const char *)ASN1_STRING_data((ASN1_STRING *)time), sizeof buf - 1); 5083 cp = strncpy(buf, (const char *)ASN1_STRING_get0_data((ASN1_STRING *)time), sizeof buf - 1);
4592 5084
4593 if (ASN1_STRING_type(time) == V_ASN1_GENERALIZEDTIME) { 5085 if (ASN1_STRING_type(time) == V_ASN1_GENERALIZEDTIME) {
4594 if (!scan(&year, &cp, 4, 1)) 5086 if (!scan(&year, &cp, 4, 1))
@@ -4992,7 +5484,7 @@ static int xc_setBasicConstraint(lua_State *L) {
4992 if (pathLen >= 0) { 5484 if (pathLen >= 0) {
4993 ASN1_INTEGER_free(bs->pathlen); 5485 ASN1_INTEGER_free(bs->pathlen);
4994 5486
4995 if (!(bs->pathlen = M_ASN1_INTEGER_new())) 5487 if (!(bs->pathlen = ASN1_STRING_type_new(V_ASN1_INTEGER)))
4996 goto error; 5488 goto error;
4997 5489
4998 if (!ASN1_INTEGER_set(bs->pathlen, pathLen)) 5490 if (!ASN1_INTEGER_set(bs->pathlen, pathLen))
@@ -5179,20 +5671,21 @@ static int xc_getPublicKeyDigest(lua_State *L) {
5179static const EVP_MD *xc_signature(lua_State *L, int index, EVP_PKEY *key) { 5671static const EVP_MD *xc_signature(lua_State *L, int index, EVP_PKEY *key) {
5180 const char *id; 5672 const char *id;
5181 const EVP_MD *md; 5673 const EVP_MD *md;
5674 int nid;
5182 5675
5183 if ((id = luaL_optstring(L, index, NULL))) 5676 if ((id = luaL_optstring(L, index, NULL))) {
5184 return ((md = EVP_get_digestbyname(id)))? md : EVP_md_null(); 5677 if (!(md = EVP_get_digestbyname(id)))
5185 5678 goto unknown;
5186 switch (EVP_PKEY_type(key->type)) { 5679 } else {
5187 case EVP_PKEY_RSA: 5680 if (!(EVP_PKEY_get_default_digest_nid(key, &nid) > 0))
5188 return EVP_sha1(); 5681 goto unknown;
5189 case EVP_PKEY_DSA: 5682 if (!(md = EVP_get_digestbynid(nid)))
5190 return EVP_dss1(); 5683 goto unknown;
5191 case EVP_PKEY_EC:
5192 return EVP_ecdsa();
5193 default:
5194 return EVP_md_null();
5195 } 5684 }
5685
5686 return md;
5687unknown:
5688 return EVP_sha1();
5196} /* xc_signature() */ 5689} /* xc_signature() */
5197 5690
5198static int xc_sign(lua_State *L) { 5691static int xc_sign(lua_State *L) {
@@ -5491,6 +5984,103 @@ static int xr_setPublicKey(lua_State *L) {
5491} /* xr_setPublicKey() */ 5984} /* xr_setPublicKey() */
5492 5985
5493 5986
5987static int xr_setExtensionByNid(lua_State *L, X509_REQ *csr, int target_nid, void* value) {
5988 STACK_OF(X509_EXTENSION) *sk = NULL;
5989 int has_attrs=0;
5990
5991 /*
5992 * Replace existing if it's there. Extensions are stored in a CSR in
5993 * an interesting way:
5994 *
5995 * They are stored as a list under either (most likely) the
5996 * "official" NID_ext_req or under NID_ms_ext_req which means
5997 * everything is stored under a list in a single "attribute" so we
5998 * can't use X509_REQ_add1_attr or similar.
5999 *
6000 * Instead we have to get the extensions, find and replace the SAN
6001 * if it's in there, then *replace* the extensions in the list of
6002 * attributes. (If we just try to add it the old ones are found
6003 * first and don't take priority.)
6004 */
6005 has_attrs = X509_REQ_get_attr_count(csr);
6006
6007 sk = X509_REQ_get_extensions(csr);
6008 if (!X509V3_add1_i2d(&sk, target_nid, value, 0, X509V3_ADD_REPLACE))
6009 goto error;
6010 if (X509_REQ_add_extensions(csr, sk) == 0)
6011 goto error;
6012 sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
6013 sk = NULL;
6014
6015 /*
6016 * Delete the old extensions attribute, so that the one we just
6017 * added takes priority.
6018 */
6019 if (has_attrs) {
6020 X509_ATTRIBUTE *attr = NULL;
6021 int idx, *pnid;
6022
6023 for (pnid = X509_REQ_get_extension_nids(); *pnid != NID_undef; pnid++) {
6024 idx = X509_REQ_get_attr_by_NID(csr, *pnid, -1);
6025 if (idx == -1)
6026 continue;
6027 if (!(attr = X509_REQ_delete_attr(csr, idx)))
6028 goto error;
6029 X509_ATTRIBUTE_free(attr);
6030 break;
6031 }
6032 if (!attr)
6033 goto error;
6034 }
6035
6036 /*
6037 * We have to mark the encoded form as invalid, otherwise when we
6038 * write it out again it will use the loaded version.
6039 */
6040#if HAVE_I2D_RE_X509_REQ_TBS
6041 (void)i2d_re_X509_REQ_tbs(csr, NULL); /* sets csr->req_info->enc.modified */
6042#else
6043 csr->req_info->enc.modified = 1;
6044#endif
6045
6046 lua_pushboolean(L, 1);
6047
6048 return 1;
6049error:
6050 if (sk)
6051 sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
6052
6053 return auxL_error(L, auxL_EOPENSSL, "x509.csr.setExtensionByNid");
6054} /* xr_setExtensionByNid() */
6055
6056
6057static int xr_setSubjectAlt(lua_State *L) {
6058 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
6059 GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS);
6060
6061 return xr_setExtensionByNid(L, csr, NID_subject_alt_name, gens);
6062} /* xr_setSubjectAlt */
6063
6064
6065static int xr_getSubjectAlt(lua_State *L) {
6066 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
6067 STACK_OF(X509_EXTENSION) *exts;
6068 GENERAL_NAMES *gens;
6069
6070 exts = X509_REQ_get_extensions(csr);
6071 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
6072 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
6073 if (!gens) goto error;
6074
6075 gn_dup(L, gens);
6076
6077 return 1;
6078error:
6079 return 0;
6080} /* xr_getSubjectAlt() */
6081
6082
6083
5494static int xr_sign(lua_State *L) { 6084static int xr_sign(lua_State *L) {
5495 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS); 6085 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
5496 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); 6086 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
@@ -5548,6 +6138,8 @@ static const auxL_Reg xr_methods[] = {
5548 { "setSubject", &xr_setSubject }, 6138 { "setSubject", &xr_setSubject },
5549 { "getPublicKey", &xr_getPublicKey }, 6139 { "getPublicKey", &xr_getPublicKey },
5550 { "setPublicKey", &xr_setPublicKey }, 6140 { "setPublicKey", &xr_setPublicKey },
6141 { "getSubjectAlt", &xr_getSubjectAlt },
6142 { "setSubjectAlt", &xr_setSubjectAlt },
5551 { "sign", &xr_sign }, 6143 { "sign", &xr_sign },
5552 { "tostring", &xr__tostring }, 6144 { "tostring", &xr__tostring },
5553 { NULL, NULL }, 6145 { NULL, NULL },
@@ -6010,7 +6602,7 @@ static void xl_dup(lua_State *L, STACK_OF(X509) *src, _Bool copy) {
6010 for (i = 0; i < n; i++) { 6602 for (i = 0; i < n; i++) {
6011 if (!(crt = sk_X509_value(*dst, i))) 6603 if (!(crt = sk_X509_value(*dst, i)))
6012 continue; 6604 continue;
6013 CRYPTO_add(&crt->references, 1, CRYPTO_LOCK_X509); 6605 X509_up_ref(crt);
6014 } 6606 }
6015 } 6607 }
6016 6608
@@ -6195,8 +6787,8 @@ static int xs_verify(lua_State *L) {
6195 X509_STORE *store = checksimple(L, 1, X509_STORE_CLASS); 6787 X509_STORE *store = checksimple(L, 1, X509_STORE_CLASS);
6196 X509 *crt = checksimple(L, 2, X509_CERT_CLASS); 6788 X509 *crt = checksimple(L, 2, X509_CERT_CLASS);
6197 STACK_OF(X509) *chain = NULL, **proof; 6789 STACK_OF(X509) *chain = NULL, **proof;
6198 X509_STORE_CTX ctx; 6790 X509_STORE_CTX *ctx = NULL;
6199 int ok, why; 6791 int nr = 0, ok, why;
6200 6792
6201 /* pre-allocate space for a successful return */ 6793 /* pre-allocate space for a successful return */
6202 lua_settop(L, 3); 6794 lua_settop(L, 3);
@@ -6207,53 +6799,56 @@ static int xs_verify(lua_State *L) {
6207 int i, n; 6799 int i, n;
6208 6800
6209 if (!(chain = sk_X509_dup(checksimple(L, 3, X509_CHAIN_CLASS)))) 6801 if (!(chain = sk_X509_dup(checksimple(L, 3, X509_CHAIN_CLASS))))
6210 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify"); 6802 goto eossl;
6211 6803
6212 n = sk_X509_num(chain); 6804 n = sk_X509_num(chain);
6213 6805
6214 for (i = 0; i < n; i++) { 6806 for (i = 0; i < n; i++) {
6215 if (!(elm = sk_X509_value(chain, i))) 6807 if (!(elm = sk_X509_value(chain, i)))
6216 continue; 6808 continue;
6217 CRYPTO_add(&elm->references, 1, CRYPTO_LOCK_X509); 6809 X509_up_ref(elm);
6218 } 6810 }
6219 } 6811 }
6220 6812
6221 if (!X509_STORE_CTX_init(&ctx, store, crt, chain)) { 6813 if (!(ctx = X509_STORE_CTX_new()) || !X509_STORE_CTX_init(ctx, store, crt, chain)) {
6222 sk_X509_pop_free(chain, X509_free); 6814 sk_X509_pop_free(chain, X509_free);
6223 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify"); 6815 goto eossl;
6224 } 6816 }
6225 6817
6226 ERR_clear_error(); 6818 ERR_clear_error();
6227 6819
6228 ok = X509_verify_cert(&ctx); 6820 ok = X509_verify_cert(ctx);
6229 6821
6230 switch (ok) { 6822 switch (ok) {
6231 case 1: /* verified */ 6823 case 1: /* verified */
6232 *proof = X509_STORE_CTX_get1_chain(&ctx); 6824 if (!(*proof = X509_STORE_CTX_get1_chain(ctx)))
6233 6825 goto eossl;
6234 X509_STORE_CTX_cleanup(&ctx);
6235
6236 if (!*proof)
6237 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
6238 6826
6239 lua_pushboolean(L, 1); 6827 lua_pushboolean(L, 1);
6240 lua_pushvalue(L, -2); 6828 lua_pushvalue(L, -2);
6829 nr = 2;
6241 6830
6242 return 2; 6831 break;
6243 case 0: /* not verified */ 6832 case 0: /* not verified */
6244 why = X509_STORE_CTX_get_error(&ctx); 6833 why = X509_STORE_CTX_get_error(ctx);
6245
6246 X509_STORE_CTX_cleanup(&ctx);
6247 6834
6248 lua_pushboolean(L, 0); 6835 lua_pushboolean(L, 0);
6249 lua_pushstring(L, X509_verify_cert_error_string(why)); 6836 lua_pushstring(L, X509_verify_cert_error_string(why));
6837 nr = 2;
6250 6838
6251 return 2; 6839 break;
6252 default: 6840 default:
6253 X509_STORE_CTX_cleanup(&ctx); 6841 goto eossl;
6254
6255 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
6256 } 6842 }
6843
6844 X509_STORE_CTX_free(ctx);
6845
6846 return nr;
6847eossl:
6848 if (ctx)
6849 X509_STORE_CTX_free(ctx);
6850
6851 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
6257} /* xs_verify() */ 6852} /* xs_verify() */
6258 6853
6259 6854
@@ -6529,7 +7124,7 @@ static int sx_new(lua_State *L) {
6529 method = (srv)? &SSLv23_server_method : &SSLv23_client_method; 7124 method = (srv)? &SSLv23_server_method : &SSLv23_client_method;
6530 options = SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3; 7125 options = SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
6531 break; 7126 break;
6532#ifndef OPENSSL_NO_SSL2 7127#if HAVE_SSLV2_CLIENT_METHOD && HAVE_SSLV2_SERVER_METHOD
6533 case 2: /* SSLv2 */ 7128 case 2: /* SSLv2 */
6534 method = (srv)? &SSLv2_server_method : &SSLv2_client_method; 7129 method = (srv)? &SSLv2_server_method : &SSLv2_client_method;
6535 break; 7130 break;
@@ -7001,7 +7596,7 @@ int luaopen__openssl_ssl_context(lua_State *L) {
7001static SSL *ssl_push(lua_State *L, SSL *ssl) { 7596static SSL *ssl_push(lua_State *L, SSL *ssl) {
7002 SSL **ud = prepsimple(L, SSL_CLASS); 7597 SSL **ud = prepsimple(L, SSL_CLASS);
7003 7598
7004 CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL); 7599 SSL_up_ref(ssl);
7005 *ud = ssl; 7600 *ud = ssl;
7006 7601
7007 return *ud; 7602 return *ud;
@@ -7152,7 +7747,7 @@ static int ssl_getVersion(lua_State *L) {
7152static int ssl_getClientVersion(lua_State *L) { 7747static int ssl_getClientVersion(lua_State *L) {
7153 SSL *ssl = checksimple(L, 1, SSL_CLASS); 7748 SSL *ssl = checksimple(L, 1, SSL_CLASS);
7154 int format = luaL_checkoption(L, 2, "d", (const char *[]){ "d", ".", "f", NULL }); 7749 int format = luaL_checkoption(L, 2, "d", (const char *[]){ "d", ".", "f", NULL });
7155 int version = ssl->client_version; 7750 int version = SSL_client_version(ssl);
7156 int major, minor; 7751 int major, minor;
7157 7752
7158 switch (format) { 7753 switch (format) {
@@ -7306,13 +7901,10 @@ static const EVP_MD *md_optdigest(lua_State *L, int index) {
7306 7901
7307static int md_new(lua_State *L) { 7902static int md_new(lua_State *L) {
7308 const EVP_MD *type = md_optdigest(L, 1); 7903 const EVP_MD *type = md_optdigest(L, 1);
7309 EVP_MD_CTX *ctx; 7904 EVP_MD_CTX **ctx;
7310
7311 ctx = prepudata(L, sizeof *ctx, DIGEST_CLASS, NULL);
7312
7313 EVP_MD_CTX_init(ctx);
7314 7905
7315 if (!EVP_DigestInit_ex(ctx, type, NULL)) 7906 ctx = prepsimple(L, DIGEST_CLASS, NULL);
7907 if (!(*ctx = EVP_MD_CTX_new()) || !EVP_DigestInit_ex(*ctx, type, NULL))
7316 return auxL_error(L, auxL_EOPENSSL, "digest.new"); 7908 return auxL_error(L, auxL_EOPENSSL, "digest.new");
7317 7909
7318 return 1; 7910 return 1;
@@ -7340,7 +7932,7 @@ static void md_update_(lua_State *L, EVP_MD_CTX *ctx, int from, int to) {
7340 7932
7341 7933
7342static int md_update(lua_State *L) { 7934static int md_update(lua_State *L) {
7343 EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS); 7935 EVP_MD_CTX *ctx = checksimple(L, 1, DIGEST_CLASS);
7344 7936
7345 md_update_(L, ctx, 2, lua_gettop(L)); 7937 md_update_(L, ctx, 2, lua_gettop(L));
7346 7938
@@ -7351,7 +7943,7 @@ static int md_update(lua_State *L) {
7351 7943
7352 7944
7353static int md_final(lua_State *L) { 7945static int md_final(lua_State *L) {
7354 EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS); 7946 EVP_MD_CTX *ctx = checksimple(L, 1, DIGEST_CLASS);
7355 unsigned char md[EVP_MAX_MD_SIZE]; 7947 unsigned char md[EVP_MAX_MD_SIZE];
7356 unsigned len; 7948 unsigned len;
7357 7949
@@ -7367,9 +7959,10 @@ static int md_final(lua_State *L) {
7367 7959
7368 7960
7369static int md__gc(lua_State *L) { 7961static int md__gc(lua_State *L) {
7370 EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS); 7962 EVP_MD_CTX **ctx = luaL_checkudata(L, 1, DIGEST_CLASS);
7371 7963
7372 EVP_MD_CTX_cleanup(ctx); 7964 EVP_MD_CTX_free(*ctx);
7965 *ctx = NULL;
7373 7966
7374 return 0; 7967 return 0;
7375} /* md__gc() */ 7968} /* md__gc() */
@@ -7410,16 +8003,25 @@ static int hmac_new(lua_State *L) {
7410 const void *key; 8003 const void *key;
7411 size_t len; 8004 size_t len;
7412 const EVP_MD *type; 8005 const EVP_MD *type;
7413 HMAC_CTX *ctx; 8006 HMAC_CTX **ctx;
7414 8007
7415 key = luaL_checklstring(L, 1, &len); 8008 key = luaL_checklstring(L, 1, &len);
7416 type = md_optdigest(L, 2); 8009 type = md_optdigest(L, 2);
7417 8010
7418 ctx = prepudata(L, sizeof *ctx, HMAC_CLASS, NULL); 8011 ctx = prepsimple(L, HMAC_CLASS, NULL);
8012 if (!(*ctx = HMAC_CTX_new()))
8013 goto eossl;
7419 8014
7420 HMAC_Init_ex(ctx, key, len, type, NULL); 8015#if HMAC_INIT_EX_INT
8016 if (!HMAC_Init_ex(*ctx, key, len, type, NULL))
8017 goto eossl;
8018#else
8019 HMAC_Init_ex(*ctx, key, len, type, NULL);
8020#endif
7421 8021
7422 return 1; 8022 return 1;
8023eossl:
8024 return auxL_error(L, auxL_EOPENSSL, "hmac.new");
7423} /* hmac_new() */ 8025} /* hmac_new() */
7424 8026
7425 8027
@@ -7443,7 +8045,7 @@ static void hmac_update_(lua_State *L, HMAC_CTX *ctx, int from, int to) {
7443 8045
7444 8046
7445static int hmac_update(lua_State *L) { 8047static int hmac_update(lua_State *L) {
7446 HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS); 8048 HMAC_CTX *ctx = checksimple(L, 1, HMAC_CLASS);
7447 8049
7448 hmac_update_(L, ctx, 2, lua_gettop(L)); 8050 hmac_update_(L, ctx, 2, lua_gettop(L));
7449 8051
@@ -7454,7 +8056,7 @@ static int hmac_update(lua_State *L) {
7454 8056
7455 8057
7456static int hmac_final(lua_State *L) { 8058static int hmac_final(lua_State *L) {
7457 HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS); 8059 HMAC_CTX *ctx = checksimple(L, 1, HMAC_CLASS);
7458 unsigned char hmac[EVP_MAX_MD_SIZE]; 8060 unsigned char hmac[EVP_MAX_MD_SIZE];
7459 unsigned len; 8061 unsigned len;
7460 8062
@@ -7469,9 +8071,10 @@ static int hmac_final(lua_State *L) {
7469 8071
7470 8072
7471static int hmac__gc(lua_State *L) { 8073static int hmac__gc(lua_State *L) {
7472 HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS); 8074 HMAC_CTX **ctx = luaL_checkudata(L, 1, HMAC_CLASS);
7473 8075
7474 HMAC_CTX_cleanup(ctx); 8076 HMAC_CTX_free(*ctx);
8077 *ctx = NULL;
7475 8078
7476 return 0; 8079 return 0;
7477} /* hmac__gc() */ 8080} /* hmac__gc() */
@@ -7521,23 +8124,26 @@ static const EVP_CIPHER *cipher_checktype(lua_State *L, int index) {
7521 8124
7522static int cipher_new(lua_State *L) { 8125static int cipher_new(lua_State *L) {
7523 const EVP_CIPHER *type; 8126 const EVP_CIPHER *type;
7524 EVP_CIPHER_CTX *ctx; 8127 EVP_CIPHER_CTX **ctx;
7525 unsigned char key[EVP_MAX_KEY_LENGTH] = { 0 }; 8128 unsigned char key[EVP_MAX_KEY_LENGTH] = { 0 };
7526 8129
7527 type = cipher_checktype(L, 1); 8130 type = cipher_checktype(L, 1);
7528 8131
7529 ctx = prepudata(L, sizeof *ctx, CIPHER_CLASS, NULL); 8132 ctx = prepsimple(L, CIPHER_CLASS, NULL);
7530 EVP_CIPHER_CTX_init(ctx); 8133 if (!(*ctx = EVP_CIPHER_CTX_new()))
8134 goto eossl;
7531 8135
7532 /* 8136 /*
7533 * NOTE: For some ciphers like AES calling :update or :final without 8137 * NOTE: For some ciphers like AES calling :update or :final without
7534 * setting a key causes a SEGV. Set a dummy key here. Same solution 8138 * setting a key causes a SEGV. Set a dummy key here. Same solution
7535 * as used by Ruby OSSL. 8139 * as used by Ruby OSSL.
7536 */ 8140 */
7537 if (!EVP_CipherInit_ex(ctx, type, NULL, key, NULL, -1)) 8141 if (!EVP_CipherInit_ex(*ctx, type, NULL, key, NULL, -1))
7538 return auxL_error(L, auxL_EOPENSSL, "cipher.new"); 8142 goto eossl;
7539 8143
7540 return 1; 8144 return 1;
8145eossl:
8146 return auxL_error(L, auxL_EOPENSSL, "cipher.new");
7541} /* cipher_new() */ 8147} /* cipher_new() */
7542 8148
7543 8149
@@ -7547,7 +8153,7 @@ static int cipher_interpose(lua_State *L) {
7547 8153
7548 8154
7549static int cipher_init(lua_State *L, _Bool encrypt) { 8155static int cipher_init(lua_State *L, _Bool encrypt) {
7550 EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS); 8156 EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
7551 const void *key, *iv; 8157 const void *key, *iv;
7552 size_t n, m; 8158 size_t n, m;
7553 8159
@@ -7619,7 +8225,7 @@ static _Bool cipher_update_(lua_State *L, EVP_CIPHER_CTX *ctx, luaL_Buffer *B, i
7619 8225
7620 8226
7621static int cipher_update(lua_State *L) { 8227static int cipher_update(lua_State *L) {
7622 EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS); 8228 EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
7623 luaL_Buffer B; 8229 luaL_Buffer B;
7624 8230
7625 luaL_buffinit(L, &B); 8231 luaL_buffinit(L, &B);
@@ -7639,7 +8245,7 @@ sslerr:
7639 8245
7640 8246
7641static int cipher_final(lua_State *L) { 8247static int cipher_final(lua_State *L) {
7642 EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS); 8248 EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
7643 luaL_Buffer B; 8249 luaL_Buffer B;
7644 size_t block; 8250 size_t block;
7645 int out; 8251 int out;
@@ -7670,9 +8276,10 @@ sslerr:
7670 8276
7671 8277
7672static int cipher__gc(lua_State *L) { 8278static int cipher__gc(lua_State *L) {
7673 EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS); 8279 EVP_CIPHER_CTX **ctx = luaL_checkudata(L, 1, CIPHER_CLASS);
7674 8280
7675 EVP_CIPHER_CTX_cleanup(ctx); 8281 EVP_CIPHER_CTX_free(*ctx);
8282 *ctx = NULL;
7676 8283
7677 return 0; 8284 return 0;
7678} /* cipher__gc() */ 8285} /* cipher__gc() */
@@ -7719,49 +8326,61 @@ static struct randL_state *randL_getstate(lua_State *L) {
7719 return lua_touserdata(L, lua_upvalueindex(1)); 8326 return lua_touserdata(L, lua_upvalueindex(1));
7720} /* randL_getstate() */ 8327} /* randL_getstate() */
7721 8328
7722#ifndef HAVE_SYS_SYSCTL_H 8329#if HAVE_SYS_SYSCALL_H
7723#define HAVE_SYS_SYSCTL_H (!defined __sun && !defined _AIX) 8330#include <sys/syscall.h> /* SYS_getrandom syscall(2) */
7724#endif 8331#endif
7725 8332
7726#if HAVE_SYS_SYSCTL_H 8333#if HAVE_SYS_SYSCTL_H
7727#include <sys/sysctl.h> /* CTL_KERN KERN_RANDOM RANDOM_UUID KERN_URND KERN_ARND sysctl(2) */ 8334#include <sys/sysctl.h> /* CTL_KERN KERN_RANDOM RANDOM_UUID sysctl(2) */
7728#endif
7729
7730#ifndef HAVE_RANDOM_UUID
7731#define HAVE_RANDOM_UUID (defined __linux) /* RANDOM_UUID is an enum, not macro */
7732#endif
7733
7734#ifndef HAVE_KERN_URND
7735#define HAVE_KERN_URND (defined KERN_URND)
7736#endif
7737
7738#ifndef HAVE_KERN_ARND
7739#define HAVE_KERN_ARND (defined KERN_ARND)
7740#endif 8335#endif
7741 8336
7742static int randL_stir(struct randL_state *st, unsigned rqstd) { 8337static int randL_stir(struct randL_state *st, unsigned rqstd) {
7743 unsigned count = 0; 8338 unsigned count = 0;
7744 int error; 8339 int error;
7745 unsigned char data[256]; 8340 unsigned char data[256];
7746#if HAVE_RANDOM_UUID || HAVE_KERN_URND || HAVE_KERN_ARND 8341
7747#if HAVE_RANDOM_UUID 8342#if HAVE_ARC4RANDOM_BUF
7748 int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID }; 8343 while (count < rqstd) {
7749#elif HAVE_KERN_URND 8344 size_t n = MIN(rqstd - count, sizeof data);
7750 int mib[] = { CTL_KERN, KERN_URND }; 8345
7751#else 8346 arc4random_buf(data, n);
7752 int mib[] = { CTL_KERN, KERN_ARND }; 8347
8348 RAND_seed(data, n);
8349
8350 count += n;
8351 }
8352#endif
8353
8354#if HAVE_SYSCALL && HAVE_DECL_SYS_GETRANDOM
8355 while (count < rqstd) {
8356 size_t lim = MIN(rqstd - count, sizeof data);
8357 int n;
8358
8359 n = syscall(SYS_getrandom, data, lim, 0);
8360
8361 if (n == -1) {
8362 break;
8363 }
8364
8365 RAND_seed(data, n);
8366
8367 count += n;
8368 }
7753#endif 8369#endif
7754 8370
8371#if HAVE_SYS_SYSCTL_H && HAVE_DECL_RANDOM_UUID
7755 while (count < rqstd) { 8372 while (count < rqstd) {
8373 int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
7756 size_t n = MIN(rqstd - count, sizeof data); 8374 size_t n = MIN(rqstd - count, sizeof data);
7757 8375
7758 if (0 != sysctl(mib, countof(mib), data, &n, (void *)0, 0)) 8376 if (0 != sysctl(mib, countof(mib), data, &n, (void *)0, 0))
7759 break; 8377 break;
7760 8378
7761 RAND_add(data, n, n); 8379 RAND_seed(data, n);
7762 8380
7763 count += n; 8381 count += n;
7764 } 8382 }
8383
7765#endif 8384#endif
7766 8385
7767 if (count < rqstd) { 8386 if (count < rqstd) {
@@ -7792,7 +8411,7 @@ static int randL_stir(struct randL_state *st, unsigned rqstd) {
7792 8411
7793 goto error; 8412 goto error;
7794 default: 8413 default:
7795 RAND_add(data, n, n); 8414 RAND_seed(data, n);
7796 8415
7797 count += n; 8416 count += n;
7798 } 8417 }
@@ -7830,7 +8449,12 @@ error:;
7830#elif defined __sun 8449#elif defined __sun
7831 /* 8450 /*
7832 * NOTE: Linux requires -lrt for clock_gettime, and in any event 8451 * NOTE: Linux requires -lrt for clock_gettime, and in any event
7833 * already has RANDOM_UUID. The BSDs have KERN_URND and KERN_ARND. 8452 * should have RANDOM_UUID or getrandom. (Though, some middle-aged
8453 * kernels might have neither). The BSDs have arc4random which
8454 * should be using KERN_URND, KERN_ARND, and more recently
8455 * getentropy. (Though, again, some older BSD kernels used an
8456 * arc4random implementation that opened /dev/urandom.)
8457 *
7834 * Just do this for Solaris to keep things simple. We've already 8458 * Just do this for Solaris to keep things simple. We've already
7835 * crossed the line of what can be reasonably accomplished on 8459 * crossed the line of what can be reasonably accomplished on
7836 * unreasonable platforms. 8460 * unreasonable platforms.
diff --git a/src/openssl.x509.altname.lua b/src/openssl.x509.altname.lua
index 66f16e7..e8222a0 100644
--- a/src/openssl.x509.altname.lua
+++ b/src/openssl.x509.altname.lua
@@ -1,9 +1,10 @@
1local altname = require"_openssl.x509.altname" 1local altname = require"_openssl.x509.altname"
2local auxlib = require"openssl.auxlib"
2 3
3altname.interpose("__tostring", function (self) 4altname.interpose("__tostring", function (self)
4 local t = { } 5 local t = { }
5 6
6 for k, v in pairs(self) do 7 for k, v in auxlib.pairs(self) do
7 t[#t + 1] = k .. ":" .. v 8 t[#t + 1] = k .. ":" .. v
8 end 9 end
9 10
diff --git a/src/openssl.x509.name.lua b/src/openssl.x509.name.lua
index a531502..f33339a 100644
--- a/src/openssl.x509.name.lua
+++ b/src/openssl.x509.name.lua
@@ -1,9 +1,10 @@
1local name = require"_openssl.x509.name" 1local name = require"_openssl.x509.name"
2local auxlib = require"openssl.auxlib"
2 3
3name.interpose("__tostring", function (self) 4name.interpose("__tostring", function (self)
4 local t = { } 5 local t = { }
5 6
6 for k, v in pairs(self) do 7 for k, v in auxlib.pairs(self) do
7 t[#t + 1] = k .. "=" .. v 8 t[#t + 1] = k .. "=" .. v
8 end 9 end
9 10
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-25 01:19:43 +0000