diff options
| -rw-r--r-- | doc/luaossl.tex | 5 | ||||
| -rw-r--r-- | src/openssl.c | 20 |
2 files changed, 24 insertions, 1 deletions
diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 7db7463..86f117d 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex | |||
| @@ -286,8 +286,13 @@ field & type:default & description\\\hline | |||
| 286 | 286 | ||
| 287 | .exp & number:65537 & RSA or Diffie-Hellman exponent \\ | 287 | .exp & number:65537 & RSA or Diffie-Hellman exponent \\ |
| 288 | 288 | ||
| 289 | .dhparam & string & PEM encoded string with precomputed DH parameters \\ | ||
| 290 | |||
| 289 | .curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve | 291 | .curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve |
| 290 | \end{ctabular} | 292 | \end{ctabular} |
| 293 | |||
| 294 | The DH parameters ``dhparam'' will be generated on the fly, ``bits'' wide. This is a slow process, and especially for larger sizes, you would precompute those; for example: ``openssl dhparam -2 -out dh-2048.pem -outform PEM 2048''. Using the field ``dhparam'' overrides the ``bits'' field. | ||
| 295 | |||
| 291 | \subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}} | 296 | \subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}} |
| 292 | 297 | ||
| 293 | Add or interpose a pkey class method. Returns the previous method, if any. | 298 | Add or interpose a pkey class method. Returns the previous method, if any. |
diff --git a/src/openssl.c b/src/openssl.c index fa7dd79..8fd51d3 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
| @@ -3062,6 +3062,7 @@ static int pk_new(lua_State *L) { | |||
| 3062 | unsigned exp = 65537; | 3062 | unsigned exp = 65537; |
| 3063 | int curve = NID_X9_62_prime192v1; | 3063 | int curve = NID_X9_62_prime192v1; |
| 3064 | const char *id; | 3064 | const char *id; |
| 3065 | const char *dhparam = NULL; | ||
| 3065 | lua_Number n; | 3066 | lua_Number n; |
| 3066 | 3067 | ||
| 3067 | if (!lua_istable(L, 1)) | 3068 | if (!lua_istable(L, 1)) |
| @@ -3103,6 +3104,9 @@ static int pk_new(lua_State *L) { | |||
| 3103 | luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); | 3104 | luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); |
| 3104 | } | 3105 | } |
| 3105 | 3106 | ||
| 3107 | /* dhparam field can contain a PEM encoded string. */ | ||
| 3108 | loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam); | ||
| 3109 | |||
| 3106 | creat: | 3110 | creat: |
| 3107 | if (!(*ud = EVP_PKEY_new())) | 3111 | if (!(*ud = EVP_PKEY_new())) |
| 3108 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3112 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
| @@ -3140,9 +3144,23 @@ creat: | |||
| 3140 | case EVP_PKEY_DH: { | 3144 | case EVP_PKEY_DH: { |
| 3141 | DH *dh; | 3145 | DH *dh; |
| 3142 | 3146 | ||
| 3143 | if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) | 3147 | /* DH Parameter Generation can take a long time, therefore we look |
| 3148 | * at the "dhparam" field, provided by the user. | ||
| 3149 | * The "dhparam" field takes precedence over "bits" | ||
| 3150 | */ | ||
| 3151 | if (dhparam) { | ||
| 3152 | BIO *bio = BIO_new_mem_buf((void*)dhparam, strlen(dhparam)); | ||
| 3153 | if (!bio) | ||
| 3154 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | ||
| 3155 | |||
| 3156 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); | ||
| 3157 | BIO_free(bio); | ||
| 3158 | if (!dh) | ||
| 3159 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | ||
| 3160 | } else if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) | ||
| 3144 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3161 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
| 3145 | 3162 | ||
| 3163 | |||
| 3146 | if (!DH_generate_key(dh)) { | 3164 | if (!DH_generate_key(dh)) { |
| 3147 | DH_free(dh); | 3165 | DH_free(dh); |
| 3148 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3166 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |