summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/openssl.c1202
1 files changed, 914 insertions, 288 deletions
diff --git a/src/openssl.c b/src/openssl.c
index c1b5436..5331501 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -1,7 +1,7 @@
1/* ========================================================================== 1/* ==========================================================================
2 * openssl.c - Lua OpenSSL 2 * openssl.c - Lua OpenSSL
3 * -------------------------------------------------------------------------- 3 * --------------------------------------------------------------------------
4 * Copyright (c) 2012-2014 William Ahern 4 * Copyright (c) 2012-2015 William Ahern
5 * 5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a 6 * Permission is hereby granted, free of charge, to any person obtaining a
7 * copy of this software and associated documentation files (the 7 * copy of this software and associated documentation files (the
@@ -23,9 +23,6 @@
23 * USE OR OTHER DEALINGS IN THE SOFTWARE. 23 * USE OR OTHER DEALINGS IN THE SOFTWARE.
24 * ========================================================================== 24 * ==========================================================================
25 */ 25 */
26#ifndef LUAOSSL_H
27#define LUAOSSL_H
28
29#include <limits.h> /* INT_MAX INT_MIN UCHAR_MAX */ 26#include <limits.h> /* INT_MAX INT_MIN UCHAR_MAX */
30#include <stdint.h> /* uintptr_t */ 27#include <stdint.h> /* uintptr_t */
31#include <string.h> /* memset(3) strerror_r(3) */ 28#include <string.h> /* memset(3) strerror_r(3) */
@@ -33,7 +30,8 @@
33#include <math.h> /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */ 30#include <math.h> /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */
34#include <time.h> /* struct tm time_t strptime(3) time(2) */ 31#include <time.h> /* struct tm time_t strptime(3) time(2) */
35#include <ctype.h> /* tolower(3) */ 32#include <ctype.h> /* tolower(3) */
36#include <errno.h> /* ENOMEM errno */ 33#include <errno.h> /* ENOMEM ENOTSUP EOVERFLOW errno */
34#include <assert.h> /* assert */
37 35
38#include <sys/types.h> /* ssize_t pid_t */ 36#include <sys/types.h> /* ssize_t pid_t */
39#if !defined __sun && !defined _AIX 37#if !defined __sun && !defined _AIX
@@ -44,16 +42,11 @@
44#include <sys/socket.h> /* AF_INET AF_INET6 */ 42#include <sys/socket.h> /* AF_INET AF_INET6 */
45#include <sys/resource.h> /* RUSAGE_SELF struct rusage getrusage(2) */ 43#include <sys/resource.h> /* RUSAGE_SELF struct rusage getrusage(2) */
46#include <sys/utsname.h> /* struct utsname uname(3) */ 44#include <sys/utsname.h> /* struct utsname uname(3) */
47
48#include <fcntl.h> /* O_RDONLY O_CLOEXEC open(2) */ 45#include <fcntl.h> /* O_RDONLY O_CLOEXEC open(2) */
49
50#include <unistd.h> /* close(2) getpid(2) */ 46#include <unistd.h> /* close(2) getpid(2) */
51
52#include <netinet/in.h> /* struct in_addr struct in6_addr */ 47#include <netinet/in.h> /* struct in_addr struct in6_addr */
53#include <arpa/inet.h> /* inet_pton(3) */ 48#include <arpa/inet.h> /* inet_pton(3) */
54
55#include <pthread.h> /* pthread_mutex_init(3) pthread_mutex_lock(3) pthread_mutex_unlock(3) */ 49#include <pthread.h> /* pthread_mutex_init(3) pthread_mutex_lock(3) pthread_mutex_unlock(3) */
56
57#include <dlfcn.h> /* dladdr(3) dlopen(3) */ 50#include <dlfcn.h> /* dladdr(3) dlopen(3) */
58 51
59#if __APPLE__ 52#if __APPLE__
@@ -83,10 +76,18 @@
83#include "compat52.h" 76#include "compat52.h"
84#endif 77#endif
85 78
79#ifndef HAVE_DLADDR
80#define HAVE_DLADDR (!defined _AIX) /* TODO: https://root.cern.ch/drupal/content/aix-and-dladdr */
81#endif
82
86#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS 83#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
87#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_VERSION_NUMBER >= 0x1000200fL) 84#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_VERSION_NUMBER >= 0x1000200fL)
88#endif 85#endif
89 86
87#ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
88#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB HAVE_SSL_CTX_SET_ALPN_PROTOS
89#endif
90
90#ifndef HAVE_SSL_SET_ALPN_PROTOS 91#ifndef HAVE_SSL_SET_ALPN_PROTOS
91#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS 92#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS
92#endif 93#endif
@@ -99,6 +100,25 @@
99#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600))) 100#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)))
100#endif 101#endif
101 102
103#ifndef LIST_HEAD
104#define LIST_HEAD(name, type) struct name { struct type *lh_first; }
105#define LIST_ENTRY(type) struct { struct type *le_next, **le_prev; }
106#define LIST_INIT(head) do { LIST_FIRST((head)) = NULL; } while (0)
107#define LIST_FIRST(head) ((head)->lh_first)
108#define LIST_NEXT(elm, field) ((elm)->field.le_next)
109#define LIST_REMOVE(elm, field) do { \
110 if (LIST_NEXT((elm), field) != NULL) \
111 LIST_NEXT((elm), field)->field.le_prev = (elm)->field.le_prev; \
112 *(elm)->field.le_prev = LIST_NEXT((elm), field); \
113} while (0)
114#define LIST_INSERT_HEAD(head, elm, field) do { \
115 if ((LIST_NEXT((elm), field) = LIST_FIRST((head))) != NULL) \
116 LIST_FIRST((head))->field.le_prev = &LIST_NEXT((elm), field); \
117 LIST_FIRST((head)) = (elm); \
118 (elm)->field.le_prev = &LIST_FIRST((head)); \
119} while (0)
120#endif
121
102#define BIGNUM_CLASS "BIGNUM*" 122#define BIGNUM_CLASS "BIGNUM*"
103#define PKEY_CLASS "EVP_PKEY*" 123#define PKEY_CLASS "EVP_PKEY*"
104#define X509_NAME_CLASS "X509_NAME*" 124#define X509_NAME_CLASS "X509_NAME*"
@@ -176,35 +196,6 @@ static const char *xitoa(char *dst, size_t lim, long i) {
176} /* xitoa() */ 196} /* xitoa() */
177 197
178 198
179#define xstrerror(error) xstrerror_r((error), (char[256]){ 0 }, 256)
180
181static const char *xstrerror_r(int error, char *dst, size_t lim) {
182 static const char unknown[] = "Unknown error: ";
183 size_t n;
184
185#if STRERROR_R_CHAR_P
186 char *rv = strerror_r(error, dst, lim);
187
188 if (rv != NULL)
189 return dst;
190#else
191 int rv = strerror_r(error, dst, lim);
192
193 if (0 == rv)
194 return dst;
195#endif
196
197 /*
198 * glibc snprintf can fail on memory pressure, so format our number
199 * manually.
200 */
201 n = MIN(sizeof unknown - 1, lim);
202 memcpy(dst, unknown, n);
203
204 return xitoa(&dst[n], lim - n, error);
205} /* xstrerror_r() */
206
207
208static void *prepudata(lua_State *L, size_t size, const char *tname, int (*gc)(lua_State *)) { 199static void *prepudata(lua_State *L, size_t size, const char *tname, int (*gc)(lua_State *)) {
209 void *p = memset(lua_newuserdata(L, size), 0, size); 200 void *p = memset(lua_newuserdata(L, size), 0, size);
210 201
@@ -258,40 +249,6 @@ static void *testsimple(lua_State *L, int index, const char *tname) {
258} /* testsimple() */ 249} /* testsimple() */
259 250
260 251
261static const char *pusherror(lua_State *L, const char *fun) {
262 unsigned long code;
263 const char *path, *file;
264 int line;
265 char txt[256];
266
267 if (!ERR_peek_error())
268 return lua_pushstring(L, "oops: no OpenSSL errors set");
269
270 code = ERR_get_error_line(&path, &line);
271
272 if ((file = strrchr(path, '/')))
273 ++file;
274 else
275 file = path;
276
277 ERR_clear_error();
278
279 ERR_error_string_n(code, txt, sizeof txt);
280
281 if (fun)
282 return lua_pushfstring(L, "%s: %s:%d:%s", fun, file, line, txt);
283 else
284 return lua_pushfstring(L, "%s:%d:%s", file, line, txt);
285} /* pusherror() */
286
287
288static int throwssl(lua_State *L, const char *fun) {
289 pusherror(L, fun);
290
291 return lua_error(L);
292} /* throwssl() */
293
294
295static int interpose(lua_State *L, const char *mt) { 252static int interpose(lua_State *L, const char *mt) {
296 luaL_getmetatable(L, mt); 253 luaL_getmetatable(L, mt);
297 254
@@ -401,6 +358,24 @@ static void checkprotos(luaL_Buffer *B, lua_State *L, int index) {
401 } 358 }
402} /* checkprotos() */ 359} /* checkprotos() */
403 360
361static void pushprotos(lua_State *L, const unsigned char *p, size_t n) {
362 const unsigned char *pe = &p[n];
363 int i = 0;
364
365 lua_newtable(L);
366
367 while (p < pe) {
368 n = *p++;
369
370 if ((size_t)(pe - p) < n)
371 luaL_error(L, "corrupt ALPN protocol list (%zu > %zu)", n, (size_t)(pe - p));
372
373 lua_pushlstring(L, (const void *)p, n);
374 lua_rawseti(L, -2, ++i);
375 p += n;
376 }
377} /* pushprotos() */
378
404 379
405static _Bool getfield(lua_State *L, int index, const char *k) { 380static _Bool getfield(lua_State *L, int index, const char *k) {
406 lua_getfield(L, index, k); 381 lua_getfield(L, index, k);
@@ -472,6 +447,69 @@ static const char *pushnid(lua_State *L, int nid) {
472 447
473 448
474/* 449/*
450 * Auxiliary C routines
451 *
452 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
453
454#define aux_strerror(error) aux_strerror_r((error), (char[256]){ 0 }, 256)
455
456static const char *aux_strerror_r(int error, char *dst, size_t lim) {
457 static const char unknown[] = "Unknown error: ";
458 size_t n;
459
460#if STRERROR_R_CHAR_P
461 char *rv = strerror_r(error, dst, lim);
462
463 if (rv != NULL)
464 return dst;
465#else
466 int rv = strerror_r(error, dst, lim);
467
468 if (0 == rv)
469 return dst;
470#endif
471
472 /*
473 * glibc snprintf can fail on memory pressure, so format our number
474 * manually.
475 */
476 n = MIN(sizeof unknown - 1, lim);
477 memcpy(dst, unknown, n);
478
479 return xitoa(&dst[n], lim - n, error);
480} /* aux_strerror_r() */
481
482
483/*
484 * Auxiliary Lua API routines
485 *
486 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
487
488typedef int auxref_t;
489typedef int auxtype_t;
490
491static void auxL_unref(lua_State *L, auxref_t *ref) {
492 luaL_unref(L, LUA_REGISTRYINDEX, *ref);
493 *ref = LUA_NOREF;
494} /* auxL_unref() */
495
496static void auxL_ref(lua_State *L, int index, auxref_t *ref) {
497 auxL_unref(L, ref);
498 lua_pushvalue(L, index);
499 *ref = luaL_ref(L, LUA_REGISTRYINDEX);
500} /* auxL_ref() */
501
502static auxtype_t auxL_getref(lua_State *L, auxref_t ref) {
503 if (ref == LUA_NOREF || ref == LUA_REFNIL) {
504 lua_pushnil(L);
505 } else {
506 lua_rawgeti(L, LUA_REGISTRYINDEX, ref);
507 }
508
509 return lua_type(L, -1);
510} /* auxL_getref() */
511
512/*
475 * Lua 5.3 distinguishes integers and numbers, and by default uses 64-bit 513 * Lua 5.3 distinguishes integers and numbers, and by default uses 64-bit
476 * integers. The following routines try to preserve this distinction and 514 * integers. The following routines try to preserve this distinction and
477 * where possible detect range issues. 515 * where possible detect range issues.
@@ -480,14 +518,13 @@ static const char *pushnid(lua_State *L, int nid) {
480 * sizeof lua_Integer <= sizeof long long. Which is a safe bet where OpenSSL 518 * sizeof lua_Integer <= sizeof long long. Which is a safe bet where OpenSSL
481 * is typically used. 519 * is typically used.
482 */ 520 */
483#define lib_Integer long long 521#define auxL_Integer long long
484#define lib_Unsigned unsigned long long 522#define auxL_Unsigned unsigned long long
485 523
486#define lua_IntegerMax ((1ULL << (sizeof (lua_Integer) * 8 - 1)) - 1) 524#define lua_IntegerMax ((1ULL << (sizeof (lua_Integer) * 8 - 1)) - 1)
487#define lua_IntegerMin (-lua_IntegerMax - 1) 525#define lua_IntegerMin (-lua_IntegerMax - 1)
488 526
489 527static void auxL_pushinteger(lua_State *L, auxL_Integer i) {
490static void lib_pushinteger(lua_State *L, lib_Integer i) {
491 /* 528 /*
492 * TODO: Check value explicitly, but will need to silence compiler 529 * TODO: Check value explicitly, but will need to silence compiler
493 * diagnostics about useless comparisons. 530 * diagnostics about useless comparisons.
@@ -498,43 +535,148 @@ static void lib_pushinteger(lua_State *L, lib_Integer i) {
498 /* TODO: Check overflow. */ 535 /* TODO: Check overflow. */
499 lua_pushnumber(L, i); 536 lua_pushnumber(L, i);
500 } 537 }
501} /* lib_pushinteger() */ 538} /* auxL_pushinteger() */
502
503 539
504NOTUSED static void lib_pushunsigned(lua_State *L, lib_Unsigned i) { 540NOTUSED static void auxL_pushunsigned(lua_State *L, auxL_Unsigned i) {
505 if (i <= lua_IntegerMax) { 541 if (i <= lua_IntegerMax) {
506 lua_pushinteger(L, i); 542 lua_pushinteger(L, i);
507 } else if (i == (lib_Unsigned)(lua_Number)i) { 543 } else if (i == (auxL_Unsigned)(lua_Number)i) {
508 lua_pushnumber(L, i); 544 lua_pushnumber(L, i);
509 } else { 545 } else {
510 luaL_error(L, "unsigned integer value not representable as lua_Integer or lua_Number"); 546 luaL_error(L, "unsigned integer value not representable as lua_Integer or lua_Number");
511 } 547 }
512} /* lib_pushunsigned() */ 548} /* auxL_pushunsigned() */
513 549
514 550static auxL_Integer auxL_checkinteger(lua_State *L, int index) {
515static lib_Integer lib_checkinteger(lua_State *L, int index) { 551 if (sizeof (lua_Integer) >= sizeof (auxL_Integer)) {
516 if (sizeof (lua_Integer) >= sizeof (lib_Integer)) {
517 return luaL_checkinteger(L, index); 552 return luaL_checkinteger(L, index);
518 } else { 553 } else {
519 /* TODO: Check overflow. */ 554 /* TODO: Check overflow. */
520 return (lib_Integer)luaL_checknumber(L, index); 555 return (auxL_Integer)luaL_checknumber(L, index);
521 } 556 }
522} /* lib_checkinteger() */ 557} /* auxL_checkinteger() */
523
524 558
525typedef struct { 559typedef struct {
526 const char *name; 560 const char *name;
527 lib_Integer value; 561 auxL_Integer value;
528} integer_Reg; 562} auxL_IntegerReg;
529 563
530static void lib_setintegers(lua_State *L, const integer_Reg *l) { 564static void auxL_setintegers(lua_State *L, const auxL_IntegerReg *l) {
531 for (; l->name; l++) { 565 for (; l->name; l++) {
532 lib_pushinteger(L, l->value); 566 auxL_pushinteger(L, l->value);
533 lua_setfield(L, -2, l->name); 567 lua_setfield(L, -2, l->name);
534 } 568 }
535} /* lib_setintegers() */ 569} /* auxL_setintegers() */
570
571#define auxL_EDYLD -2
572#define auxL_EOPENSSL -1
573
574static const char *auxL_pusherror(lua_State *L, int error, const char *fun) {
575 if (error == auxL_EOPENSSL) {
576 unsigned long code;
577 const char *path, *file;
578 int line;
579 char txt[256];
580
581 if (!ERR_peek_error())
582 return lua_pushstring(L, "oops: no OpenSSL errors set");
583
584 code = ERR_get_error_line(&path, &line);
585
586 if ((file = strrchr(path, '/'))) {
587 ++file;
588 } else {
589 file = path;
590 }
591
592 ERR_clear_error();
593
594 ERR_error_string_n(code, txt, sizeof txt);
595
596 if (fun) {
597 return lua_pushfstring(L, "%s: %s:%d:%s", fun, file, line, txt);
598 } else {
599 return lua_pushfstring(L, "%s:%d:%s", file, line, txt);
600 }
601 } else if (error == auxL_EDYLD) {
602 const char *const fmt = (fun)? "%s: %s" : "%.0s%s";
603
604 return lua_pushfstring(L, fmt, (fun)? fun : "", dlerror());
605 } else {
606 const char *const fmt = (fun)? "%s: %s" : "%.0s%s";
607
608 return lua_pushfstring(L, fmt, (fun)? fun : "", aux_strerror(error));
609 }
610} /* auxL_pusherror() */
611
612static int auxL_error(lua_State *L, int error, const char *fun) {
613 auxL_pusherror(L, error, fun);
614
615 return lua_error(L);
616} /* auxL_error() */
617
618
619/*
620 * dl - dynamically loaded module management
621 *
622 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
623
624/*
625 * Prevent loader from unlinking us if we've registered a callback with
626 * OpenSSL by taking another reference to ourselves.
627 */
628static int dl_anchor(void) {
629#if HAVE_DLADDR
630 extern int luaopen__openssl(lua_State *);
631 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
632 static void *anchor;
633 Dl_info info;
634 int error = 0;
635
636 if ((error = pthread_mutex_lock(&mutex)))
637 return error;
638
639 if (anchor)
640 goto epilog;
641
642 if (!dladdr((void *)&luaopen__openssl, &info))
643 goto dlerr;
644
645 if (!(anchor = dlopen(info.dli_fname, RTLD_NOW|RTLD_LOCAL)))
646 goto dlerr;
647epilog:
648 (void)pthread_mutex_unlock(&mutex);
649
650 return error;
651dlerr:
652 error = auxL_EDYLD;
653
654 goto epilog;
655#else
656 return 0;//ENOTSUP;
657#endif
658} /* dl_anchor() */
659
660
661/*
662 * compat - OpenSSL API compatibility and bug workarounds
663 *
664 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
665
666#define COMPAT_X509_STORE_FREE_BUG 0x01
667
668static struct {
669 int flags;
536 670
671 void (*X509_STORE_free)(X509_STORE *);
537 672
673 struct {
674 X509_STORE *store;
675 } tmp;
676} compat = {
677 .flags = 0,
678 .X509_STORE_free = &X509_STORE_free,
679};
538 680
539#if !HAVE_EVP_PKEY_base_id 681#if !HAVE_EVP_PKEY_base_id
540#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key)) 682#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key))
@@ -580,11 +722,397 @@ static void *compat_EVP_PKEY_get0(EVP_PKEY *key) {
580} /* compat_EVP_PKEY_get0() */ 722} /* compat_EVP_PKEY_get0() */
581#endif 723#endif
582 724
725/*
726 * X509_STORE_free in OpenSSL versions < 1.0.2 doesn't obey reference count
727 */
728#define X509_STORE_free(store) \
729 (compat.X509_STORE_free)((store))
730
731static void compat_X509_STORE_free(X509_STORE *store) {
732 int i;
733
734 i = CRYPTO_add(&store->references, -1, CRYPTO_LOCK_X509_STORE);
735
736 if (i > 0)
737 return;
738
739 (X509_STORE_free)(store);
740} /* compat_X509_STORE_free() */
741
742#if !HAVE_SSL_CTX_set1_cert_store
743#define SSL_CTX_set1_cert_store(ctx, store) \
744 compat_SSL_CTX_set1_cert_store((ctx), (store))
745
746static void compat_SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) {
747 int n;
748
749 /*
750 * This isn't thead-safe, but using X509_STORE or SSL_CTX objects
751 * from different threads isn't safe generally.
752 */
753 if (ctx->cert_store) {
754 X509_STORE_free(ctx->cert_store);
755 ctx->cert_store = NULL;
756 }
757
758 n = store->references;
759
760 SSL_CTX_set_cert_store(ctx, store);
761
762 if (n == store->references)
763 CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
764} /* compat_SSL_CTX_set1_cert_store() */
765#endif
766
767static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
768 SSL_CTX *ctx = _ctx;
769
770 if (ctx->cert_store) {
771 X509_STORE_free(ctx->cert_store);
772 ctx->cert_store = NULL;
773 }
774} /* compat_init_SSL_CTX_onfree() */
775
776/* helper routine to determine if X509_STORE_free obeys reference count */
777static void compat_init_X509_STORE_onfree(void *store, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
778 /* unfortunately there's no way to remove a handler */
779 if (store != compat.tmp.store)
780 return;
781
782 /* signal that we were freed by nulling our reference */
783 compat.tmp.store = NULL;
784} /* compat_init_X509_STORE_onfree() */
785
786static int compat_init(void) {
787 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
788 static int store_index = -1, ssl_ctx_index = -1, done;
789 X509_STORE *store;
790 int error = 0;
791
792 if ((error = pthread_mutex_lock(&mutex)))
793 return error;
794
795 if (done)
796 goto epilog;
797
798 /*
799 * We need to unconditionally install at least one external
800 * application data callback. Because these can never be
801 * uninstalled, we can never be unloaded.
802 */
803 if ((error = dl_anchor()))
804 goto epilog;
805
806 /*
807 * Test if X509_STORE_free obeys reference counts by installing an
808 * onfree callback.
809 */
810 if (store_index == -1
811 && -1 == (store_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, 0, NULL, NULL, NULL, &compat_init_X509_STORE_onfree)))
812 goto sslerr;
813
814 if (!(compat.tmp.store = X509_STORE_new()))
815 goto sslerr;
816
817 CRYPTO_add(&compat.tmp.store->references, 1, CRYPTO_LOCK_X509_STORE);
818 X509_STORE_free(compat.tmp.store);
819
820 if (compat.tmp.store) {
821 /*
822 * Because our onfree callback didn't execute, we assume
823 * X509_STORE_free obeys reference counts. Alternatively,
824 * our callback might not have executed for some other
825 * reason. We assert the truth of our assumption by checking
826 * again after calling X509_STORE_free once more.
827 */
828 X509_STORE_free(compat.tmp.store);
829 assert(compat.tmp.store == NULL);
830 compat.tmp.store = NULL; /* in case assertions disabled */
831 } else {
832 /*
833 * Because our onfree callback was invoked, X509_STORE_free
834 * appears not to obey reference counts. Use our fixed
835 * version in our own code.
836 */
837 compat.X509_STORE_free = &compat_X509_STORE_free;
838
839 /*
840 * Ensure that our fixed version is called on SSL_CTX
841 * destruction.
842 *
843 * NB: We depend on the coincidental order of operations in
844 * SSL_CTX_free that user data destruction occurs before
845 * free'ing the cert_store member. Ruby's OpenSSL bindings
846 * also depend on this order as we both use the onfree
847 * callback to clear the member.
848 */
849 if (ssl_ctx_index == -1
850 && -1 == (ssl_ctx_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, 0, NULL, NULL, NULL, &compat_init_SSL_CTX_onfree)))
851 goto sslerr;
852
853 compat.flags |= COMPAT_X509_STORE_FREE_BUG;
854 }
855
856 done = 1;
857epilog:
858 if (compat.tmp.store) {
859 X509_STORE_free(compat.tmp.store);
860 compat.tmp.store = NULL;
861 }
862
863 (void)pthread_mutex_unlock(&mutex);
864
865 return error;
866sslerr:
867 error = auxL_EOPENSSL;
868
869 goto epilog;
870} /* compat_init() */
871
872
873/*
874 * External Application Data Hooks
875 *
876 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
877
878struct ex_state {
879 lua_State *L;
880 LIST_HEAD(, ex_data) data;
881}; /* struct ex_state */
882
883#ifndef EX_DATA_MAXARGS
884#define EX_DATA_MAXARGS 8
885#endif
886
887struct ex_data {
888 struct ex_state *state;
889 int refs;
890 auxref_t arg[EX_DATA_MAXARGS];
891 LIST_ENTRY(ex_data) le;
892}; /* struct ex_data */
893
894enum {
895 EX_SSL_CTX_ALPN_SELECT_CB,
896};
897
898static struct ex_type {
899 int class_index; /* OpenSSL object type identifier */
900 int index; /* OpenSSL-allocated external data identifier */
901 void *(*get_ex_data)();
902 int (*set_ex_data)();
903} ex_type[] = {
904 [EX_SSL_CTX_ALPN_SELECT_CB] = { CRYPTO_EX_INDEX_SSL_CTX, -1, &SSL_CTX_get_ex_data, &SSL_CTX_set_ex_data },
905};
906
907static int ex_ondup(CRYPTO_EX_DATA *to NOTUSED, CRYPTO_EX_DATA *from NOTUSED, void *from_d, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
908 struct ex_data **data = from_d;
909
910 if (*data)
911 (*data)->refs++;
912
913 return 1;
914} /* ex_ondup() */
915
916static void ex_onfree(void *parent NOTUSED, void *_data, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
917 struct ex_data *data = _data;
918
919 if (!data || --data->refs > 0)
920 return;
921
922 if (data->state) {
923 int i;
924
925 for (i = 0; i < (int)countof(data->arg); i++) {
926 auxL_unref(data->state->L, &data->arg[i]);
927 }
928
929 LIST_REMOVE(data, le);
930 }
931
932 free(data);
933} /* ex_onfree() */
934
935static int ex_init(void) {
936 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
937 static int done;
938 struct ex_type *type;
939 int error = 0;
940
941 if ((error = pthread_mutex_lock(&mutex)))
942 return error;
943
944 if (done)
945 goto epilog;
946
947 /*
948 * Our callbacks can never be uninstalled, so ensure we're never
949 * unloaded.
950 */
951 if ((error = dl_anchor()))
952 goto epilog;
953
954 for (type = ex_type; type < endof(ex_type); type++) {
955 if (type->index != -1)
956 continue;
957
958 if (-1 == (type->index = CRYPTO_get_ex_new_index(type->class_index, 0, NULL, NULL, &ex_ondup, &ex_onfree)))
959 goto sslerr;
960 };
961
962 done = 1;
963epilog:
964 (void)pthread_mutex_unlock(&mutex);
965
966 return error;
967sslerr:
968 error = auxL_EOPENSSL;
969
970 goto epilog;
971} /* ex_init() */
972
973static int ex__gc(lua_State *L) {
974 struct ex_state *state = lua_touserdata(L, 1);
975 struct ex_data *data;
976
977 if (!state)
978 return 0;
979
980 /* invalidate back references to Lua state */
981 for (data = LIST_FIRST(&state->data); data; data = LIST_NEXT(data, le)) {
982 data->state = NULL;
983 }
984
985 return 0;
986} /* ex__gc() */
987
988static void ex_newstate(lua_State *L) {
989 struct ex_state *state;
990 struct lua_State *thr;
991
992 state = prepudata(L, sizeof *state, NULL, &ex__gc);
993 LIST_INIT(&state->data);
994
995 /*
996 * XXX: Don't reuse mainthread because if an error occurs in a
997 * callback Lua might longjmp across the OpenSSL call stack.
998 * Instead, we'll install our own panic handlers.
999 */
1000#if defined LUA_RIDX_MAINTHREAD
1001 lua_rawgeti(L, LUA_REGISTRYINDEX, LUA_RIDX_MAINTHREAD);
1002 state->L = lua_tothread(L, -1);
1003 lua_pop(L, 1);
1004#else
1005 lua_pushvalue(L, -1);
1006 thr = lua_newthread(L);
1007 lua_settable(L, LUA_REGISTRYINDEX);
1008 state->L = thr;
1009#endif
1010
1011 lua_pushcfunction(L, &ex__gc);
1012 lua_pushvalue(L, -2);
1013 lua_settable(L, LUA_REGISTRYINDEX);
1014
1015 lua_pop(L, 1);
1016} /* ex_newstate() */
1017
1018static struct ex_state *ex_getstate(lua_State *L) {
1019 struct ex_state *state;
1020
1021 lua_pushcfunction(L, &ex__gc);
1022 lua_gettable(L, LUA_REGISTRYINDEX);
1023
1024 luaL_checktype(L, -1, LUA_TUSERDATA);
1025 state = lua_touserdata(L, -1);
1026 lua_pop(L, 1);
1027
1028 return state;
1029} /* ex_getstate() */
1030
1031static size_t ex_getdata(lua_State **L, int _type, void *obj) {
1032 struct ex_type *type = &ex_type[_type];
1033 struct ex_data *data;
1034 size_t i;
1035
1036 if (!(data = type->get_ex_data(obj, type->index)))
1037 return 0;
1038 if (!data->state)
1039 return 0;
1040
1041 if (!*L)
1042 *L = data->state->L;
1043
1044 if (!lua_checkstack(*L, countof(data->arg)))
1045 return 0;
1046
1047 for (i = 0; i < countof(data->arg) && data->arg[i] != LUA_NOREF; i++) {
1048 lua_rawgeti(*L, LUA_REGISTRYINDEX, data->arg[i]);
1049 }
1050
1051 return i;
1052} /* ex_getdata() */
1053
1054/* returns 0 on success, otherwise error (>0 == errno, -1 == OpenSSL error) */
1055static int ex_setdata(lua_State *L, int _type, void *obj, size_t n) {
1056 struct ex_type *type = &ex_type[_type];
1057 struct ex_state *state;
1058 struct ex_data *data;
1059 size_t i, j;
1060
1061 if (n > countof(data->arg))
1062 return EOVERFLOW;
1063
1064 if ((data = type->get_ex_data(obj, type->index)) && data->state) {
1065 for (i = 0; i < countof(data->arg); i++) {
1066 auxL_unref(L, &data->arg[i]);
1067 }
1068 } else {
1069 state = ex_getstate(L);
1070
1071 if (!(data = malloc(sizeof *data)))
1072 return errno;
1073
1074 if (!type->set_ex_data(obj, type->index, data))
1075 return auxL_EOPENSSL;
1076
1077 data->state = state;
1078 data->refs = 1;
1079 for (i = 0; i < countof(data->arg); i++)
1080 data->arg[i] = LUA_NOREF;
1081 LIST_INSERT_HEAD(&state->data, data, le);
1082 }
1083
1084 for (i = n, j = 0; i > 0 && j < countof(data->arg); i--, j++) {
1085 auxL_ref(L, -(int)i, &data->arg[j]);
1086 }
1087
1088 lua_pop(L, n);
1089
1090 return 0;
1091} /* ex_setdata() */
583 1092
584static void initall(lua_State *L); 1093static void initall(lua_State *L);
585 1094
586 1095
587/* 1096/*
1097 * compat - Lua OpenSSL
1098 *
1099 * Bindings to our internal feature detection, compatability, and workaround
1100 * code.
1101 *
1102 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
1103
1104int luaopen__openssl_compat(lua_State *L) {
1105 initall(L);
1106
1107 lua_newtable(L);
1108 lua_pushboolean(L, !!(compat.flags & COMPAT_X509_STORE_FREE_BUG));
1109 lua_setfield(L, -2, "X509_STORE_FREE_BUG");
1110
1111 return 1;
1112} /* luaopen__openssl_compat() */
1113
1114
1115/*
588 * OPENSSL - openssl 1116 * OPENSSL - openssl
589 * 1117 *
590 * Miscellaneous global interfaces. 1118 * Miscellaneous global interfaces.
@@ -743,7 +1271,7 @@ int luaopen__openssl(lua_State *L) {
743 } 1271 }
744 } 1272 }
745 1273
746 lib_pushinteger(L, OPENSSL_VERSION_NUMBER); 1274 auxL_pushinteger(L, OPENSSL_VERSION_NUMBER);
747 lua_setfield(L, -2, "VERSION_NUMBER"); 1275 lua_setfield(L, -2, "VERSION_NUMBER");
748 1276
749 lua_pushstring(L, OPENSSL_VERSION_TEXT); 1277 lua_pushstring(L, OPENSSL_VERSION_TEXT);
@@ -768,7 +1296,7 @@ static BIGNUM *bn_push(lua_State *L) {
768 BIGNUM **ud = prepsimple(L, BIGNUM_CLASS); 1296 BIGNUM **ud = prepsimple(L, BIGNUM_CLASS);
769 1297
770 if (!(*ud = BN_new())) 1298 if (!(*ud = BN_new()))
771 throwssl(L, "bignum.new"); 1299 auxL_error(L, auxL_EOPENSSL, "bignum.new");
772 1300
773 return *ud; 1301 return *ud;
774} /* bn_push() */ 1302} /* bn_push() */
@@ -886,7 +1414,7 @@ static BIGNUM *(checkbig)(lua_State *L, int index, _Bool *lvalue) {
886 bn = prepsimple(L, BIGNUM_CLASS); 1414 bn = prepsimple(L, BIGNUM_CLASS);
887 1415
888 if (!BN_dec2bn(bn, dec)) 1416 if (!BN_dec2bn(bn, dec))
889 throwssl(L, "bignum"); 1417 auxL_error(L, auxL_EOPENSSL, "bignum");
890 1418
891 lua_replace(L, index); 1419 lua_replace(L, index);
892 1420
@@ -897,7 +1425,7 @@ static BIGNUM *(checkbig)(lua_State *L, int index, _Bool *lvalue) {
897 bn = prepsimple(L, BIGNUM_CLASS); 1425 bn = prepsimple(L, BIGNUM_CLASS);
898 1426
899 if (!f2bn(bn, lua_tonumber(L, index))) 1427 if (!f2bn(bn, lua_tonumber(L, index)))
900 throwssl(L, "bignum"); 1428 auxL_error(L, auxL_EOPENSSL, "bignum");
901 1429
902 lua_replace(L, index); 1430 lua_replace(L, index);
903 1431
@@ -955,7 +1483,7 @@ static BN_CTX *getctx(lua_State *L) {
955 ctx = prepsimple(L, NULL, &ctx__gc); 1483 ctx = prepsimple(L, NULL, &ctx__gc);
956 1484
957 if (!(*ctx = BN_CTX_new())) 1485 if (!(*ctx = BN_CTX_new()))
958 throwssl(L, "bignum"); 1486 auxL_error(L, auxL_EOPENSSL, "bignum");
959 1487
960 lua_pushcfunction(L, &ctx__gc); 1488 lua_pushcfunction(L, &ctx__gc);
961 lua_pushvalue(L, -2); 1489 lua_pushvalue(L, -2);
@@ -975,7 +1503,7 @@ static int bn__add(lua_State *L) {
975 bn_prepops(L, &r, &a, &b, 1); 1503 bn_prepops(L, &r, &a, &b, 1);
976 1504
977 if (!BN_add(r, a, b)) 1505 if (!BN_add(r, a, b))
978 return throwssl(L, "bignum:__add"); 1506 return auxL_error(L, auxL_EOPENSSL, "bignum:__add");
979 1507
980 return 1; 1508 return 1;
981} /* bn__add() */ 1509} /* bn__add() */
@@ -987,7 +1515,7 @@ static int bn__sub(lua_State *L) {
987 bn_prepops(L, &r, &a, &b, 0); 1515 bn_prepops(L, &r, &a, &b, 0);
988 1516
989 if (!BN_sub(r, a, b)) 1517 if (!BN_sub(r, a, b))
990 return throwssl(L, "bignum:__sub"); 1518 return auxL_error(L, auxL_EOPENSSL, "bignum:__sub");
991 1519
992 return 1; 1520 return 1;
993} /* bn__sub() */ 1521} /* bn__sub() */
@@ -999,7 +1527,7 @@ static int bn__mul(lua_State *L) {
999 bn_prepops(L, &r, &a, &b, 1); 1527 bn_prepops(L, &r, &a, &b, 1);
1000 1528
1001 if (!BN_mul(r, a, b, getctx(L))) 1529 if (!BN_mul(r, a, b, getctx(L)))
1002 return throwssl(L, "bignum:__mul"); 1530 return auxL_error(L, auxL_EOPENSSL, "bignum:__mul");
1003 1531
1004 return 1; 1532 return 1;
1005} /* bn__mul() */ 1533} /* bn__mul() */
@@ -1012,7 +1540,7 @@ static int bn__div(lua_State *L) {
1012 bn_prepops(L, &r, &a, &b, 0); 1540 bn_prepops(L, &r, &a, &b, 0);
1013 1541
1014 if (!BN_div(r, NULL, a, b, getctx(L))) 1542 if (!BN_div(r, NULL, a, b, getctx(L)))
1015 return throwssl(L, "bignum:__div"); 1543 return auxL_error(L, auxL_EOPENSSL, "bignum:__div");
1016 1544
1017 return 1; 1545 return 1;
1018} /* bn__div() */ 1546} /* bn__div() */
@@ -1025,7 +1553,7 @@ static int bn__mod(lua_State *L) {
1025 bn_prepops(L, &r, &a, &b, 0); 1553 bn_prepops(L, &r, &a, &b, 0);
1026 1554
1027 if (!BN_mod(r, a, b, getctx(L))) 1555 if (!BN_mod(r, a, b, getctx(L)))
1028 return throwssl(L, "bignum:__mod"); 1556 return auxL_error(L, auxL_EOPENSSL, "bignum:__mod");
1029 1557
1030 return 1; 1558 return 1;
1031} /* bn__mod() */ 1559} /* bn__mod() */
@@ -1038,7 +1566,7 @@ static int bn__pow(lua_State *L) {
1038 bn_prepops(L, &r, &a, &b, 0); 1566 bn_prepops(L, &r, &a, &b, 0);
1039 1567
1040 if (!BN_exp(r, a, b, getctx(L))) 1568 if (!BN_exp(r, a, b, getctx(L)))
1041 return throwssl(L, "bignum:__pow"); 1569 return auxL_error(L, auxL_EOPENSSL, "bignum:__pow");
1042 1570
1043 return 1; 1571 return 1;
1044} /* bn__pow() */ 1572} /* bn__pow() */
@@ -1102,7 +1630,7 @@ static int bn__tostring(lua_State *L) {
1102 char *txt; 1630 char *txt;
1103 1631
1104 if (!(txt = BN_bn2dec(bn))) 1632 if (!(txt = BN_bn2dec(bn)))
1105 return throwssl(L, "bignum:__tostring"); 1633 return auxL_error(L, auxL_EOPENSSL, "bignum:__tostring");
1106 1634
1107 lua_pushstring(L, txt); 1635 lua_pushstring(L, txt);
1108 1636
@@ -1174,7 +1702,7 @@ static BIO *getbio(lua_State *L) {
1174 bio = prepsimple(L, NULL, &bio__gc); 1702 bio = prepsimple(L, NULL, &bio__gc);
1175 1703
1176 if (!(*bio = BIO_new(BIO_s_mem()))) 1704 if (!(*bio = BIO_new(BIO_s_mem())))
1177 throwssl(L, "BIO_new"); 1705 auxL_error(L, auxL_EOPENSSL, "BIO_new");
1178 1706
1179 lua_pushcfunction(L, &bio__gc); 1707 lua_pushcfunction(L, &bio__gc);
1180 lua_pushvalue(L, -2); 1708 lua_pushvalue(L, -2);
@@ -1247,14 +1775,14 @@ static int pk_new(lua_State *L) {
1247 1775
1248creat: 1776creat:
1249 if (!(*ud = EVP_PKEY_new())) 1777 if (!(*ud = EVP_PKEY_new()))
1250 return throwssl(L, "pkey.new"); 1778 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1251 1779
1252 switch (EVP_PKEY_type(type)) { 1780 switch (EVP_PKEY_type(type)) {
1253 case EVP_PKEY_RSA: { 1781 case EVP_PKEY_RSA: {
1254 RSA *rsa; 1782 RSA *rsa;
1255 1783
1256 if (!(rsa = RSA_generate_key(bits, exp, 0, 0))) 1784 if (!(rsa = RSA_generate_key(bits, exp, 0, 0)))
1257 return throwssl(L, "pkey.new"); 1785 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1258 1786
1259 EVP_PKEY_set1_RSA(*ud, rsa); 1787 EVP_PKEY_set1_RSA(*ud, rsa);
1260 1788
@@ -1266,11 +1794,11 @@ creat:
1266 DSA *dsa; 1794 DSA *dsa;
1267 1795
1268 if (!(dsa = DSA_generate_parameters(bits, 0, 0, 0, 0, 0, 0))) 1796 if (!(dsa = DSA_generate_parameters(bits, 0, 0, 0, 0, 0, 0)))
1269 return throwssl(L, "pkey.new"); 1797 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1270 1798
1271 if (!DSA_generate_key(dsa)) { 1799 if (!DSA_generate_key(dsa)) {
1272 DSA_free(dsa); 1800 DSA_free(dsa);
1273 return throwssl(L, "pkey.new"); 1801 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1274 } 1802 }
1275 1803
1276 EVP_PKEY_set1_DSA(*ud, dsa); 1804 EVP_PKEY_set1_DSA(*ud, dsa);
@@ -1283,11 +1811,11 @@ creat:
1283 DH *dh; 1811 DH *dh;
1284 1812
1285 if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) 1813 if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))
1286 return throwssl(L, "pkey.new"); 1814 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1287 1815
1288 if (!DH_generate_key(dh)) { 1816 if (!DH_generate_key(dh)) {
1289 DH_free(dh); 1817 DH_free(dh);
1290 return throwssl(L, "pkey.new"); 1818 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1291 } 1819 }
1292 1820
1293 EVP_PKEY_set1_DH(*ud, dh); 1821 EVP_PKEY_set1_DH(*ud, dh);
@@ -1302,7 +1830,7 @@ creat:
1302 EC_KEY *key; 1830 EC_KEY *key;
1303 1831
1304 if (!(grp = EC_GROUP_new_by_curve_name(curve))) 1832 if (!(grp = EC_GROUP_new_by_curve_name(curve)))
1305 return throwssl(L, "pkey.new"); 1833 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1306 1834
1307 EC_GROUP_set_asn1_flag(grp, OPENSSL_EC_NAMED_CURVE); 1835 EC_GROUP_set_asn1_flag(grp, OPENSSL_EC_NAMED_CURVE);
1308 1836
@@ -1311,7 +1839,7 @@ creat:
1311 1839
1312 if (!(key = EC_KEY_new())) { 1840 if (!(key = EC_KEY_new())) {
1313 EC_GROUP_free(grp); 1841 EC_GROUP_free(grp);
1314 return throwssl(L, "pkey.new"); 1842 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1315 } 1843 }
1316 1844
1317 EC_KEY_set_group(key, grp); 1845 EC_KEY_set_group(key, grp);
@@ -1320,7 +1848,7 @@ creat:
1320 1848
1321 if (!EC_KEY_generate_key(key)) { 1849 if (!EC_KEY_generate_key(key)) {
1322 EC_KEY_free(key); 1850 EC_KEY_free(key);
1323 return throwssl(L, "pkey.new"); 1851 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1324 } 1852 }
1325 1853
1326 EVP_PKEY_set1_EC_KEY(*ud, key); 1854 EVP_PKEY_set1_EC_KEY(*ud, key);
@@ -1356,7 +1884,7 @@ creat:
1356 data = luaL_checklstring(L, 1, &len); 1884 data = luaL_checklstring(L, 1, &len);
1357 1885
1358 if (!(bio = BIO_new_mem_buf((void *)data, len))) 1886 if (!(bio = BIO_new_mem_buf((void *)data, len)))
1359 return throwssl(L, "pkey.new"); 1887 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1360 1888
1361 if (type == X509_PEM || type == X509_ANY) { 1889 if (type == X509_PEM || type == X509_ANY) {
1362 if (!prvtonly && !pub) { 1890 if (!prvtonly && !pub) {
@@ -1430,7 +1958,7 @@ done:
1430 1958
1431 if (!*ud) { 1959 if (!*ud) {
1432 if (goterr) 1960 if (goterr)
1433 return throwssl(L, "pkey.new"); 1961 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1434 1962
1435 /* we should never get here */ 1963 /* we should never get here */
1436 return luaL_error(L, "failed to load key for some unexpected reason"); 1964 return luaL_error(L, "failed to load key for some unexpected reason");
@@ -1472,7 +2000,7 @@ static int pk_setPublicKey(lua_State *L) {
1472 type = optencoding(L, 3, "*", X509_ANY|X509_PEM|X509_DER); 2000 type = optencoding(L, 3, "*", X509_ANY|X509_PEM|X509_DER);
1473 2001
1474 if (!(bio = BIO_new_mem_buf((void *)data, len))) 2002 if (!(bio = BIO_new_mem_buf((void *)data, len)))
1475 return throwssl(L, "pkey.new"); 2003 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1476 2004
1477 if (type == X509_ANY || type == X509_PEM) { 2005 if (type == X509_ANY || type == X509_PEM) {
1478 ok = !!PEM_read_bio_PUBKEY(bio, key, 0, ""); 2006 ok = !!PEM_read_bio_PUBKEY(bio, key, 0, "");
@@ -1485,7 +2013,7 @@ static int pk_setPublicKey(lua_State *L) {
1485 BIO_free(bio); 2013 BIO_free(bio);
1486 2014
1487 if (!ok) 2015 if (!ok)
1488 return throwssl(L, "pkey.new"); 2016 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1489 2017
1490 lua_pushboolean(L, 1); 2018 lua_pushboolean(L, 1);
1491 2019
@@ -1504,7 +2032,7 @@ static int pk_setPrivateKey(lua_State *L) {
1504 type = optencoding(L, 3, "*", X509_ANY|X509_PEM|X509_DER); 2032 type = optencoding(L, 3, "*", X509_ANY|X509_PEM|X509_DER);
1505 2033
1506 if (!(bio = BIO_new_mem_buf((void *)data, len))) 2034 if (!(bio = BIO_new_mem_buf((void *)data, len)))
1507 return throwssl(L, "pkey.new"); 2035 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1508 2036
1509 if (type == X509_ANY || type == X509_PEM) { 2037 if (type == X509_ANY || type == X509_PEM) {
1510 ok = !!PEM_read_bio_PrivateKey(bio, key, 0, ""); 2038 ok = !!PEM_read_bio_PrivateKey(bio, key, 0, "");
@@ -1517,7 +2045,7 @@ static int pk_setPrivateKey(lua_State *L) {
1517 BIO_free(bio); 2045 BIO_free(bio);
1518 2046
1519 if (!ok) 2047 if (!ok)
1520 return throwssl(L, "pkey.new"); 2048 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
1521 2049
1522 lua_pushboolean(L, 1); 2050 lua_pushboolean(L, 1);
1523 2051
@@ -1538,7 +2066,7 @@ static int pk_sign(lua_State *L) {
1538 n = LUAL_BUFFERSIZE; 2066 n = LUAL_BUFFERSIZE;
1539 2067
1540 if (!EVP_SignFinal(md, (void *)luaL_prepbuffer(&B), &n, key)) 2068 if (!EVP_SignFinal(md, (void *)luaL_prepbuffer(&B), &n, key))
1541 return throwssl(L, "pkey:sign"); 2069 return auxL_error(L, auxL_EOPENSSL, "pkey:sign");
1542 2070
1543 luaL_addsize(&B, n); 2071 luaL_addsize(&B, n);
1544 luaL_pushresult(&B); 2072 luaL_pushresult(&B);
@@ -1564,7 +2092,7 @@ static int pk_verify(lua_State *L) {
1564 2092
1565 break; 2093 break;
1566 default: 2094 default:
1567 return throwssl(L, "pkey:verify"); 2095 return auxL_error(L, auxL_EOPENSSL, "pkey:verify");
1568 } 2096 }
1569 2097
1570 return 1; 2098 return 1;
@@ -1596,7 +2124,7 @@ static int pk_toPEM(lua_State *L) {
1596 switch (checkoption(L, i, NULL, opts)) { 2124 switch (checkoption(L, i, NULL, opts)) {
1597 case 0: case 1: /* public, PublicKey */ 2125 case 0: case 1: /* public, PublicKey */
1598 if (!PEM_write_bio_PUBKEY(bio, key)) 2126 if (!PEM_write_bio_PUBKEY(bio, key))
1599 return throwssl(L, "pkey:__tostring"); 2127 return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring");
1600 2128
1601 len = BIO_get_mem_data(bio, &pem); 2129 len = BIO_get_mem_data(bio, &pem);
1602 lua_pushlstring(L, pem, len); 2130 lua_pushlstring(L, pem, len);
@@ -1605,7 +2133,7 @@ static int pk_toPEM(lua_State *L) {
1605 break; 2133 break;
1606 case 2: case 3: /* private, PrivateKey */ 2134 case 2: case 3: /* private, PrivateKey */
1607 if (!PEM_write_bio_PrivateKey(bio, key, 0, 0, 0, 0, 0)) 2135 if (!PEM_write_bio_PrivateKey(bio, key, 0, 0, 0, 0, 0))
1608 return throwssl(L, "pkey:__tostring"); 2136 return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring");
1609 2137
1610 len = BIO_get_mem_data(bio, &pem); 2138 len = BIO_get_mem_data(bio, &pem);
1611 lua_pushlstring(L, pem, len); 2139 lua_pushlstring(L, pem, len);
@@ -1625,7 +2153,7 @@ static int pk_toPEM(lua_State *L) {
1625 DSA_free(dsa); 2153 DSA_free(dsa);
1626 2154
1627 if (!ok) 2155 if (!ok)
1628 return throwssl(L, "pkey:__tostring"); 2156 return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring");
1629 2157
1630 break; 2158 break;
1631 } 2159 }
@@ -1637,7 +2165,7 @@ static int pk_toPEM(lua_State *L) {
1637 DH_free(dh); 2165 DH_free(dh);
1638 2166
1639 if (!ok) 2167 if (!ok)
1640 return throwssl(L, "pkey:__tostring"); 2168 return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring");
1641 2169
1642 break; 2170 break;
1643 } 2171 }
@@ -1651,7 +2179,7 @@ static int pk_toPEM(lua_State *L) {
1651 EC_KEY_free(ec); 2179 EC_KEY_free(ec);
1652 2180
1653 if (!ok) 2181 if (!ok)
1654 return throwssl(L, "pkey:__tostring"); 2182 return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring");
1655 2183
1656 break; 2184 break;
1657 } 2185 }
@@ -1688,11 +2216,11 @@ static int pk__tostring(lua_State *L) {
1688 switch (type) { 2216 switch (type) {
1689 case X509_PEM: 2217 case X509_PEM:
1690 if (!PEM_write_bio_PUBKEY(bio, key)) 2218 if (!PEM_write_bio_PUBKEY(bio, key))
1691 return throwssl(L, "pkey:__tostring"); 2219 return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring");
1692 break; 2220 break;
1693 case X509_DER: 2221 case X509_DER:
1694 if (!i2d_PUBKEY_bio(bio, key)) 2222 if (!i2d_PUBKEY_bio(bio, key))
1695 return throwssl(L, "pkey:__tostring"); 2223 return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring");
1696 break; 2224 break;
1697 } /* switch() */ 2225 } /* switch() */
1698 2226
@@ -1765,7 +2293,7 @@ static X509_NAME *xn_dup(lua_State *L, X509_NAME *name) {
1765 X509_NAME **ud = prepsimple(L, X509_NAME_CLASS); 2293 X509_NAME **ud = prepsimple(L, X509_NAME_CLASS);
1766 2294
1767 if (!(*ud = X509_NAME_dup(name))) 2295 if (!(*ud = X509_NAME_dup(name)))
1768 throwssl(L, "x509.name.dup"); 2296 auxL_error(L, auxL_EOPENSSL, "x509.name.dup");
1769 2297
1770 return *ud; 2298 return *ud;
1771} /* xn_dup() */ 2299} /* xn_dup() */
@@ -1775,7 +2303,7 @@ static int xn_new(lua_State *L) {
1775 X509_NAME **ud = prepsimple(L, X509_NAME_CLASS); 2303 X509_NAME **ud = prepsimple(L, X509_NAME_CLASS);
1776 2304
1777 if (!(*ud = X509_NAME_new())) 2305 if (!(*ud = X509_NAME_new()))
1778 return throwssl(L, "x509.name.new"); 2306 return auxL_error(L, auxL_EOPENSSL, "x509.name.new");
1779 2307
1780 return 1; 2308 return 1;
1781} /* xn_new() */ 2309} /* xn_new() */
@@ -1802,7 +2330,7 @@ static int xn_add(lua_State *L) {
1802 ASN1_OBJECT_free(obj); 2330 ASN1_OBJECT_free(obj);
1803 2331
1804 if (!ok) 2332 if (!ok)
1805 return throwssl(L, "x509.name:add"); 2333 return auxL_error(L, auxL_EOPENSSL, "x509.name:add");
1806 2334
1807 lua_pushvalue(L, 1); 2335 lua_pushvalue(L, 1);
1808 2336
@@ -1831,7 +2359,7 @@ static int xn_all(lua_State *L) {
1831 nid = OBJ_obj2nid(obj); 2359 nid = OBJ_obj2nid(obj);
1832 2360
1833 if (0 > (len = OBJ_obj2txt(txt, sizeof txt, obj, 1))) 2361 if (0 > (len = OBJ_obj2txt(txt, sizeof txt, obj, 1)))
1834 return throwssl(L, "x509.name:all"); 2362 return auxL_error(L, auxL_EOPENSSL, "x509.name:all");
1835 2363
1836 lua_pushlstring(L, txt, len); 2364 lua_pushlstring(L, txt, len);
1837 2365
@@ -1885,7 +2413,7 @@ static int xn__next(lua_State *L) {
1885 lua_pushstring(L, id); 2413 lua_pushstring(L, id);
1886 } else { 2414 } else {
1887 if (0 > (len = OBJ_obj2txt(txt, sizeof txt, obj, 1))) 2415 if (0 > (len = OBJ_obj2txt(txt, sizeof txt, obj, 1)))
1888 return throwssl(L, "x509.name:__pairs"); 2416 return auxL_error(L, auxL_EOPENSSL, "x509.name:__pairs");
1889 2417
1890 lua_pushlstring(L, txt, len); 2418 lua_pushlstring(L, txt, len);
1891 } 2419 }
@@ -1975,7 +2503,7 @@ static GENERAL_NAMES *gn_dup(lua_State *L, GENERAL_NAMES *gens) {
1975 GENERAL_NAMES **ud = prepsimple(L, X509_GENS_CLASS); 2503 GENERAL_NAMES **ud = prepsimple(L, X509_GENS_CLASS);
1976 2504
1977 if (!(*ud = sk_GENERAL_NAME_dup(gens))) 2505 if (!(*ud = sk_GENERAL_NAME_dup(gens)))
1978 throwssl(L, "x509.altname.dup"); 2506 auxL_error(L, auxL_EOPENSSL, "x509.altname.dup");
1979 2507
1980 return *ud; 2508 return *ud;
1981} /* gn_dup() */ 2509} /* gn_dup() */
@@ -1985,7 +2513,7 @@ static int gn_new(lua_State *L) {
1985 GENERAL_NAMES **ud = prepsimple(L, X509_GENS_CLASS); 2513 GENERAL_NAMES **ud = prepsimple(L, X509_GENS_CLASS);
1986 2514
1987 if (!(*ud = sk_GENERAL_NAME_new_null())) 2515 if (!(*ud = sk_GENERAL_NAME_new_null()))
1988 return throwssl(L, "x509.altname.new"); 2516 return auxL_error(L, auxL_EOPENSSL, "x509.altname.new");
1989 2517
1990 return 1; 2518 return 1;
1991} /* gn_new() */ 2519} /* gn_new() */
@@ -2085,7 +2613,7 @@ text:
2085error: 2613error:
2086 GENERAL_NAME_free(gen); 2614 GENERAL_NAME_free(gen);
2087 2615
2088 return throwssl(L, "x509.altname:add"); 2616 return auxL_error(L, auxL_EOPENSSL, "x509.altname:add");
2089} /* gn_add() */ 2617} /* gn_add() */
2090 2618
2091 2619
@@ -2272,7 +2800,7 @@ error:
2272 if (conf) 2800 if (conf)
2273 NCONF_free(conf); 2801 NCONF_free(conf);
2274 2802
2275 return throwssl(L, "x509.extension.new"); 2803 return auxL_error(L, auxL_EOPENSSL, "x509.extension.new");
2276} /* xe_new() */ 2804} /* xe_new() */
2277 2805
2278 2806
@@ -2338,7 +2866,7 @@ static int xc_new(lua_State *L) {
2338 int ok = 0; 2866 int ok = 0;
2339 2867
2340 if (!(tmp = BIO_new_mem_buf((char *)data, len))) 2868 if (!(tmp = BIO_new_mem_buf((char *)data, len)))
2341 return throwssl(L, "x509.cert.new"); 2869 return auxL_error(L, auxL_EOPENSSL, "x509.cert.new");
2342 2870
2343 if (type == X509_PEM || type == X509_ANY) { 2871 if (type == X509_PEM || type == X509_ANY) {
2344 ok = !!(*ud = PEM_read_bio_X509(tmp, NULL, 0, "")); /* no password */ 2872 ok = !!(*ud = PEM_read_bio_X509(tmp, NULL, 0, "")); /* no password */
@@ -2351,10 +2879,10 @@ static int xc_new(lua_State *L) {
2351 BIO_free(tmp); 2879 BIO_free(tmp);
2352 2880
2353 if (!ok) 2881 if (!ok)
2354 return throwssl(L, "x509.cert.new"); 2882 return auxL_error(L, auxL_EOPENSSL, "x509.cert.new");
2355 } else { 2883 } else {
2356 if (!(*ud = X509_new())) 2884 if (!(*ud = X509_new()))
2357 return throwssl(L, "x509.cert.new"); 2885 return auxL_error(L, auxL_EOPENSSL, "x509.cert.new");
2358 2886
2359 X509_gmtime_adj(X509_get_notBefore(*ud), 0); 2887 X509_gmtime_adj(X509_get_notBefore(*ud), 0);
2360 X509_gmtime_adj(X509_get_notAfter(*ud), 0); 2888 X509_gmtime_adj(X509_get_notAfter(*ud), 0);
@@ -2398,7 +2926,7 @@ static int xc_getSerial(lua_State *L) {
2398 2926
2399 if ((i = X509_get_serialNumber(crt))) { 2927 if ((i = X509_get_serialNumber(crt))) {
2400 if (!ASN1_INTEGER_to_BN(i, serial)) 2928 if (!ASN1_INTEGER_to_BN(i, serial))
2401 return throwssl(L, "x509.cert:getSerial"); 2929 return auxL_error(L, auxL_EOPENSSL, "x509.cert:getSerial");
2402 } 2930 }
2403 2931
2404 return 1; 2932 return 1;
@@ -2423,7 +2951,7 @@ static int xc_setSerial(lua_State *L) {
2423error: 2951error:
2424 ASN1_INTEGER_free(serial); 2952 ASN1_INTEGER_free(serial);
2425 2953
2426 return throwssl(L, "x509.cert:setSerial"); 2954 return auxL_error(L, auxL_EOPENSSL, "x509.cert:setSerial");
2427} /* xc_setSerial() */ 2955} /* xc_setSerial() */
2428 2956
2429 2957
@@ -2447,7 +2975,7 @@ static int xc_digest(lua_State *L) {
2447 BIGNUM *bn = bn_push(L); 2975 BIGNUM *bn = bn_push(L);
2448 2976
2449 if (!BN_bin2bn(md, len, bn)) 2977 if (!BN_bin2bn(md, len, bn))
2450 return throwssl(L, "x509.cert:digest"); 2978 return auxL_error(L, auxL_EOPENSSL, "x509.cert:digest");
2451 2979
2452 break; 2980 break;
2453 } 2981 }
@@ -2666,11 +3194,11 @@ static int xc_setLifetime(lua_State *L) {
2666 ut = lua_tonumber(L, 2); 3194 ut = lua_tonumber(L, 2);
2667 3195
2668 if (!ASN1_TIME_set(X509_get_notBefore(crt), ut)) 3196 if (!ASN1_TIME_set(X509_get_notBefore(crt), ut))
2669 return throwssl(L, "x509.cert:setLifetime"); 3197 return auxL_error(L, auxL_EOPENSSL, "x509.cert:setLifetime");
2670#if 0 3198#if 0
2671 } else if ((dt = luaL_optstring(L, 2, 0))) { 3199 } else if ((dt = luaL_optstring(L, 2, 0))) {
2672 if (!ASN1_TIME_set_string(X509_get_notBefore(crt), dt)) 3200 if (!ASN1_TIME_set_string(X509_get_notBefore(crt), dt))
2673 return throwssl(L, "x509.cert:setLifetime"); 3201 return auxL_error(L, auxL_EOPENSSL, "x509.cert:setLifetime");
2674#endif 3202#endif
2675 } 3203 }
2676 3204
@@ -2678,11 +3206,11 @@ static int xc_setLifetime(lua_State *L) {
2678 ut = lua_tonumber(L, 3); 3206 ut = lua_tonumber(L, 3);
2679 3207
2680 if (!ASN1_TIME_set(X509_get_notAfter(crt), ut)) 3208 if (!ASN1_TIME_set(X509_get_notAfter(crt), ut))
2681 return throwssl(L, "x509.cert:setLifetime"); 3209 return auxL_error(L, auxL_EOPENSSL, "x509.cert:setLifetime");
2682#if 0 3210#if 0
2683 } else if ((dt = luaL_optstring(L, 3, 0))) { 3211 } else if ((dt = luaL_optstring(L, 3, 0))) {
2684 if (!ASN1_TIME_set_string(X509_get_notAfter(crt), dt)) 3212 if (!ASN1_TIME_set_string(X509_get_notAfter(crt), dt))
2685 return throwssl(L, "x509.cert:setLifetime"); 3213 return auxL_error(L, auxL_EOPENSSL, "x509.cert:setLifetime");
2686#endif 3214#endif
2687 } 3215 }
2688 3216
@@ -2710,7 +3238,7 @@ static int xc_setIssuer(lua_State *L) {
2710 X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS); 3238 X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS);
2711 3239
2712 if (!X509_set_issuer_name(crt, name)) 3240 if (!X509_set_issuer_name(crt, name))
2713 return throwssl(L, "x509.cert:setIssuer"); 3241 return auxL_error(L, auxL_EOPENSSL, "x509.cert:setIssuer");
2714 3242
2715 lua_pushboolean(L, 1); 3243 lua_pushboolean(L, 1);
2716 3244
@@ -2736,7 +3264,7 @@ static int xc_setSubject(lua_State *L) {
2736 X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS); 3264 X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS);
2737 3265
2738 if (!X509_set_subject_name(crt, name)) 3266 if (!X509_set_subject_name(crt, name))
2739 return throwssl(L, "x509.cert:setSubject"); 3267 return auxL_error(L, auxL_EOPENSSL, "x509.cert:setSubject");
2740 3268
2741 lua_pushboolean(L, 1); 3269 lua_pushboolean(L, 1);
2742 3270
@@ -2784,7 +3312,7 @@ static int xc_setIssuerAlt(lua_State *L) {
2784 GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS); 3312 GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS);
2785 3313
2786 if (!X509_add1_ext_i2d(crt, NID_issuer_alt_name, gens, 0, X509V3_ADD_REPLACE)) 3314 if (!X509_add1_ext_i2d(crt, NID_issuer_alt_name, gens, 0, X509V3_ADD_REPLACE))
2787 return throwssl(L, "x509.altname:setIssuerAlt"); 3315 return auxL_error(L, auxL_EOPENSSL, "x509.altname:setIssuerAlt");
2788 3316
2789 lua_pushboolean(L, 1); 3317 lua_pushboolean(L, 1);
2790 3318
@@ -2810,7 +3338,7 @@ static int xc_setSubjectAlt(lua_State *L) {
2810 GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS); 3338 GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS);
2811 3339
2812 if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, X509V3_ADD_REPLACE)) 3340 if (!X509_add1_ext_i2d(crt, NID_subject_alt_name, gens, 0, X509V3_ADD_REPLACE))
2813 return throwssl(L, "x509.altname:setSubjectAlt"); 3341 return auxL_error(L, auxL_EOPENSSL, "x509.altname:setSubjectAlt");
2814 3342
2815 lua_pushboolean(L, 1); 3343 lua_pushboolean(L, 1);
2816 3344
@@ -2986,7 +3514,7 @@ static int xc_setBasicConstraint(lua_State *L) {
2986error: 3514error:
2987 BASIC_CONSTRAINTS_free(bs); 3515 BASIC_CONSTRAINTS_free(bs);
2988 3516
2989 return throwssl(L, "x509.cert:setBasicConstraint"); 3517 return auxL_error(L, auxL_EOPENSSL, "x509.cert:setBasicConstraint");
2990} /* xc_setBasicConstraint() */ 3518} /* xc_setBasicConstraint() */
2991 3519
2992 3520
@@ -3016,7 +3544,7 @@ static int xc_addExtension(lua_State *L) {
3016 X509_EXTENSION *ext = checksimple(L, 2, X509_EXT_CLASS); 3544 X509_EXTENSION *ext = checksimple(L, 2, X509_EXT_CLASS);
3017 3545
3018 if (!X509_add_ext(crt, ext, -1)) 3546 if (!X509_add_ext(crt, ext, -1))
3019 return throwssl(L, "x509.cert:addExtension"); 3547 return auxL_error(L, auxL_EOPENSSL, "x509.cert:addExtension");
3020 3548
3021 lua_pushboolean(L, 1); 3549 lua_pushboolean(L, 1);
3022 3550
@@ -3066,7 +3594,7 @@ static int xc_getPublicKey(lua_State *L) {
3066 EVP_PKEY **key = prepsimple(L, PKEY_CLASS); 3594 EVP_PKEY **key = prepsimple(L, PKEY_CLASS);
3067 3595
3068 if (!(*key = X509_get_pubkey(crt))) 3596 if (!(*key = X509_get_pubkey(crt)))
3069 return throwssl(L, "x509.cert:getPublicKey"); 3597 return auxL_error(L, auxL_EOPENSSL, "x509.cert:getPublicKey");
3070 3598
3071 return 1; 3599 return 1;
3072} /* xc_getPublicKey() */ 3600} /* xc_getPublicKey() */
@@ -3077,7 +3605,7 @@ static int xc_setPublicKey(lua_State *L) {
3077 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); 3605 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
3078 3606
3079 if (!X509_set_pubkey(crt, key)) 3607 if (!X509_set_pubkey(crt, key))
3080 return throwssl(L, "x509.cert:setPublicKey"); 3608 return auxL_error(L, auxL_EOPENSSL, "x509.cert:setPublicKey");
3081 3609
3082 lua_pushboolean(L, 1); 3610 lua_pushboolean(L, 1);
3083 3611
@@ -3109,7 +3637,7 @@ static int xc_sign(lua_State *L) {
3109 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); 3637 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
3110 3638
3111 if (!X509_sign(crt, key, xc_signature(L, 3, key))) 3639 if (!X509_sign(crt, key, xc_signature(L, 3, key)))
3112 return throwssl(L, "x509.cert:sign"); 3640 return auxL_error(L, auxL_EOPENSSL, "x509.cert:sign");
3113 3641
3114 lua_pushboolean(L, 1); 3642 lua_pushboolean(L, 1);
3115 3643
@@ -3167,7 +3695,7 @@ static int xc_text(lua_State *L) {
3167 } 3695 }
3168 3696
3169 if (!X509_print_ex(bio, crt, 0, flags)) 3697 if (!X509_print_ex(bio, crt, 0, flags))
3170 return throwssl(L, "x509.cert:text"); 3698 return auxL_error(L, auxL_EOPENSSL, "x509.cert:text");
3171 3699
3172 len = BIO_get_mem_data(bio, &data); 3700 len = BIO_get_mem_data(bio, &data);
3173 3701
@@ -3187,11 +3715,11 @@ static int xc__tostring(lua_State *L) {
3187 switch (type) { 3715 switch (type) {
3188 case X509_PEM: 3716 case X509_PEM:
3189 if (!PEM_write_bio_X509(bio, crt)) 3717 if (!PEM_write_bio_X509(bio, crt))
3190 return throwssl(L, "x509.cert:__tostring"); 3718 return auxL_error(L, auxL_EOPENSSL, "x509.cert:__tostring");
3191 break; 3719 break;
3192 case X509_DER: 3720 case X509_DER:
3193 if (!i2d_X509_bio(bio, crt)) 3721 if (!i2d_X509_bio(bio, crt))
3194 return throwssl(L, "x509.cert:__tostring"); 3722 return auxL_error(L, auxL_EOPENSSL, "x509.cert:__tostring");
3195 break; 3723 break;
3196 } /* switch() */ 3724 } /* switch() */
3197 3725
@@ -3290,14 +3818,14 @@ static int xr_new(lua_State *L) {
3290 3818
3291 if ((crt = testsimple(L, 1, X509_CERT_CLASS))) { 3819 if ((crt = testsimple(L, 1, X509_CERT_CLASS))) {
3292 if (!(*ud = X509_to_X509_REQ(crt, 0, 0))) 3820 if (!(*ud = X509_to_X509_REQ(crt, 0, 0)))
3293 return throwssl(L, "x509.csr.new"); 3821 return auxL_error(L, auxL_EOPENSSL, "x509.csr.new");
3294 } else if ((data = luaL_optlstring(L, 1, NULL, &len))) { 3822 } else if ((data = luaL_optlstring(L, 1, NULL, &len))) {
3295 int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER); 3823 int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER);
3296 BIO *tmp; 3824 BIO *tmp;
3297 int ok = 0; 3825 int ok = 0;
3298 3826
3299 if (!(tmp = BIO_new_mem_buf((char *)data, len))) 3827 if (!(tmp = BIO_new_mem_buf((char *)data, len)))
3300 return throwssl(L, "x509.csr.new"); 3828 return auxL_error(L, auxL_EOPENSSL, "x509.csr.new");
3301 3829
3302 if (type == X509_PEM || type == X509_ANY) { 3830 if (type == X509_PEM || type == X509_ANY) {
3303 ok = !!(*ud = PEM_read_bio_X509_REQ(tmp, NULL, 0, "")); /* no password */ 3831 ok = !!(*ud = PEM_read_bio_X509_REQ(tmp, NULL, 0, "")); /* no password */
@@ -3310,10 +3838,10 @@ static int xr_new(lua_State *L) {
3310 BIO_free(tmp); 3838 BIO_free(tmp);
3311 3839
3312 if (!ok) 3840 if (!ok)
3313 return throwssl(L, "x509.csr.new"); 3841 return auxL_error(L, auxL_EOPENSSL, "x509.csr.new");
3314 } else { 3842 } else {
3315 if (!(*ud = X509_REQ_new())) 3843 if (!(*ud = X509_REQ_new()))
3316 return throwssl(L, "x509.csr.new"); 3844 return auxL_error(L, auxL_EOPENSSL, "x509.csr.new");
3317 } 3845 }
3318 3846
3319 return 1; 3847 return 1;
@@ -3365,7 +3893,7 @@ static int xr_setSubject(lua_State *L) {
3365 X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS); 3893 X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS);
3366 3894
3367 if (!X509_REQ_set_subject_name(csr, name)) 3895 if (!X509_REQ_set_subject_name(csr, name))
3368 return throwssl(L, "x509.csr:setSubject"); 3896 return auxL_error(L, auxL_EOPENSSL, "x509.csr:setSubject");
3369 3897
3370 lua_pushboolean(L, 1); 3898 lua_pushboolean(L, 1);
3371 3899
@@ -3378,7 +3906,7 @@ static int xr_getPublicKey(lua_State *L) {
3378 EVP_PKEY **key = prepsimple(L, PKEY_CLASS); 3906 EVP_PKEY **key = prepsimple(L, PKEY_CLASS);
3379 3907
3380 if (!(*key = X509_REQ_get_pubkey(csr))) 3908 if (!(*key = X509_REQ_get_pubkey(csr)))
3381 return throwssl(L, "x509.cert:getPublicKey"); 3909 return auxL_error(L, auxL_EOPENSSL, "x509.cert:getPublicKey");
3382 3910
3383 return 1; 3911 return 1;
3384} /* xr_getPublicKey() */ 3912} /* xr_getPublicKey() */
@@ -3389,7 +3917,7 @@ static int xr_setPublicKey(lua_State *L) {
3389 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); 3917 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
3390 3918
3391 if (!X509_REQ_set_pubkey(csr, key)) 3919 if (!X509_REQ_set_pubkey(csr, key))
3392 return throwssl(L, "x509.csr:setPublicKey"); 3920 return auxL_error(L, auxL_EOPENSSL, "x509.csr:setPublicKey");
3393 3921
3394 lua_pushboolean(L, 1); 3922 lua_pushboolean(L, 1);
3395 3923
@@ -3402,7 +3930,7 @@ static int xr_sign(lua_State *L) {
3402 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); 3930 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
3403 3931
3404 if (!X509_REQ_sign(csr, key, xc_signature(L, 3, key))) 3932 if (!X509_REQ_sign(csr, key, xc_signature(L, 3, key)))
3405 return throwssl(L, "x509.csr:sign"); 3933 return auxL_error(L, auxL_EOPENSSL, "x509.csr:sign");
3406 3934
3407 lua_pushboolean(L, 1); 3935 lua_pushboolean(L, 1);
3408 3936
@@ -3420,11 +3948,11 @@ static int xr__tostring(lua_State *L) {
3420 switch (type) { 3948 switch (type) {
3421 case X509_PEM: 3949 case X509_PEM:
3422 if (!PEM_write_bio_X509_REQ(bio, csr)) 3950 if (!PEM_write_bio_X509_REQ(bio, csr))
3423 return throwssl(L, "x509.csr:__tostring"); 3951 return auxL_error(L, auxL_EOPENSSL, "x509.csr:__tostring");
3424 break; 3952 break;
3425 case X509_DER: 3953 case X509_DER:
3426 if (!i2d_X509_REQ_bio(bio, csr)) 3954 if (!i2d_X509_REQ_bio(bio, csr))
3427 return throwssl(L, "x509.csr:__tostring"); 3955 return auxL_error(L, auxL_EOPENSSL, "x509.csr:__tostring");
3428 break; 3956 break;
3429 } /* switch() */ 3957 } /* switch() */
3430 3958
@@ -3501,7 +4029,7 @@ static int xx_new(lua_State *L) {
3501 int ok = 0; 4029 int ok = 0;
3502 4030
3503 if (!(tmp = BIO_new_mem_buf((char *)data, len))) 4031 if (!(tmp = BIO_new_mem_buf((char *)data, len)))
3504 return throwssl(L, "x509.crl.new"); 4032 return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
3505 4033
3506 if (type == X509_PEM || type == X509_ANY) { 4034 if (type == X509_PEM || type == X509_ANY) {
3507 ok = !!(*ud = PEM_read_bio_X509_CRL(tmp, NULL, 0, "")); /* no password */ 4035 ok = !!(*ud = PEM_read_bio_X509_CRL(tmp, NULL, 0, "")); /* no password */
@@ -3514,10 +4042,10 @@ static int xx_new(lua_State *L) {
3514 BIO_free(tmp); 4042 BIO_free(tmp);
3515 4043
3516 if (!ok) 4044 if (!ok)
3517 return throwssl(L, "x509.crl.new"); 4045 return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
3518 } else { 4046 } else {
3519 if (!(*ud = X509_CRL_new())) 4047 if (!(*ud = X509_CRL_new()))
3520 return throwssl(L, "x509.crl.new"); 4048 return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
3521 4049
3522 X509_gmtime_adj(X509_CRL_get_lastUpdate(*ud), 0); 4050 X509_gmtime_adj(X509_CRL_get_lastUpdate(*ud), 0);
3523 } 4051 }
@@ -3577,7 +4105,7 @@ static int xx_setLastUpdate(lua_State *L) {
3577 4105
3578 /* lastUpdate always present */ 4106 /* lastUpdate always present */
3579 if (!ASN1_TIME_set(X509_CRL_get_lastUpdate(crl), updated)) 4107 if (!ASN1_TIME_set(X509_CRL_get_lastUpdate(crl), updated))
3580 return throwssl(L, "x509.crl:setLastUpdate"); 4108 return auxL_error(L, auxL_EOPENSSL, "x509.crl:setLastUpdate");
3581 4109
3582 lua_pushboolean(L, 1); 4110 lua_pushboolean(L, 1);
3583 4111
@@ -3630,7 +4158,7 @@ error:
3630 if (time) 4158 if (time)
3631 ASN1_TIME_free(time); 4159 ASN1_TIME_free(time);
3632 4160
3633 return throwssl(L, "x509.crl:setNextUpdate"); 4161 return auxL_error(L, auxL_EOPENSSL, "x509.crl:setNextUpdate");
3634} /* xx_setNextUpdate() */ 4162} /* xx_setNextUpdate() */
3635 4163
3636 4164
@@ -3652,7 +4180,7 @@ static int xx_setIssuer(lua_State *L) {
3652 X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS); 4180 X509_NAME *name = checksimple(L, 2, X509_NAME_CLASS);
3653 4181
3654 if (!X509_CRL_set_issuer_name(crl, name)) 4182 if (!X509_CRL_set_issuer_name(crl, name))
3655 return throwssl(L, "x509.crl:setIssuer"); 4183 return auxL_error(L, auxL_EOPENSSL, "x509.crl:setIssuer");
3656 4184
3657 lua_pushboolean(L, 1); 4185 lua_pushboolean(L, 1);
3658 4186
@@ -3706,7 +4234,7 @@ error:
3706 if (rev) 4234 if (rev)
3707 X509_REVOKED_free(rev); 4235 X509_REVOKED_free(rev);
3708 4236
3709 return throwssl(L, "x509.crl:add"); 4237 return auxL_error(L, auxL_EOPENSSL, "x509.crl:add");
3710} /* xx_add() */ 4238} /* xx_add() */
3711 4239
3712 4240
@@ -3715,7 +4243,7 @@ static int xx_sign(lua_State *L) {
3715 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); 4243 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
3716 4244
3717 if (!X509_CRL_sign(crl, key, xc_signature(L, 3, key))) 4245 if (!X509_CRL_sign(crl, key, xc_signature(L, 3, key)))
3718 return throwssl(L, "x509.crl:sign"); 4246 return auxL_error(L, auxL_EOPENSSL, "x509.crl:sign");
3719 4247
3720 lua_pushboolean(L, 1); 4248 lua_pushboolean(L, 1);
3721 4249
@@ -3731,7 +4259,7 @@ static int xx_text(lua_State *L) {
3731 long len; 4259 long len;
3732 4260
3733 if (!X509_CRL_print(bio, crl)) 4261 if (!X509_CRL_print(bio, crl))
3734 return throwssl(L, "x509.crl:text"); 4262 return auxL_error(L, auxL_EOPENSSL, "x509.crl:text");
3735 4263
3736 len = BIO_get_mem_data(bio, &data); 4264 len = BIO_get_mem_data(bio, &data);
3737 4265
@@ -3751,11 +4279,11 @@ static int xx__tostring(lua_State *L) {
3751 switch (type) { 4279 switch (type) {
3752 case X509_PEM: 4280 case X509_PEM:
3753 if (!PEM_write_bio_X509_CRL(bio, crl)) 4281 if (!PEM_write_bio_X509_CRL(bio, crl))
3754 return throwssl(L, "x509.crl:__tostring"); 4282 return auxL_error(L, auxL_EOPENSSL, "x509.crl:__tostring");
3755 break; 4283 break;
3756 case X509_DER: 4284 case X509_DER:
3757 if (!i2d_X509_CRL_bio(bio, crl)) 4285 if (!i2d_X509_CRL_bio(bio, crl))
3758 return throwssl(L, "x509.crl:__tostring"); 4286 return auxL_error(L, auxL_EOPENSSL, "x509.crl:__tostring");
3759 break; 4287 break;
3760 } /* switch() */ 4288 } /* switch() */
3761 4289
@@ -3859,7 +4387,7 @@ static void xl_dup(lua_State *L, STACK_OF(X509) *src, _Bool copy) {
3859 4387
3860 return; 4388 return;
3861error: 4389error:
3862 throwssl(L, "sk_X509_dup"); 4390 auxL_error(L, auxL_EOPENSSL, "sk_X509_dup");
3863} /* xl_dup() */ 4391} /* xl_dup() */
3864 4392
3865 4393
@@ -3867,7 +4395,7 @@ static int xl_new(lua_State *L) {
3867 STACK_OF(X509) **chain = prepsimple(L, X509_CHAIN_CLASS); 4395 STACK_OF(X509) **chain = prepsimple(L, X509_CHAIN_CLASS);
3868 4396
3869 if (!(*chain = sk_X509_new_null())) 4397 if (!(*chain = sk_X509_new_null()))
3870 return throwssl(L, "x509.chain.new"); 4398 return auxL_error(L, auxL_EOPENSSL, "x509.chain.new");
3871 4399
3872 return 1; 4400 return 1;
3873} /* xl_new() */ 4401} /* xl_new() */
@@ -3884,11 +4412,11 @@ static int xl_add(lua_State *L) {
3884 X509 *dup; 4412 X509 *dup;
3885 4413
3886 if (!(dup = X509_dup(crt))) 4414 if (!(dup = X509_dup(crt)))
3887 return throwssl(L, "x509.chain:add"); 4415 return auxL_error(L, auxL_EOPENSSL, "x509.chain:add");
3888 4416
3889 if (!sk_X509_push(chain, dup)) { 4417 if (!sk_X509_push(chain, dup)) {
3890 X509_free(dup); 4418 X509_free(dup);
3891 return throwssl(L, "x509.chain:add"); 4419 return auxL_error(L, auxL_EOPENSSL, "x509.chain:add");
3892 } 4420 }
3893 4421
3894 lua_pushvalue(L, 1); 4422 lua_pushvalue(L, 1);
@@ -3915,7 +4443,7 @@ static int xl__next(lua_State *L) {
3915 ret = prepsimple(L, X509_CERT_CLASS); 4443 ret = prepsimple(L, X509_CERT_CLASS);
3916 4444
3917 if (!(*ret = X509_dup(crt))) 4445 if (!(*ret = X509_dup(crt)))
3918 return throwssl(L, "x509.chain:__next"); 4446 return auxL_error(L, auxL_EOPENSSL, "x509.chain:__next");
3919 4447
3920 break; 4448 break;
3921 } 4449 }
@@ -3983,7 +4511,7 @@ static int xs_new(lua_State *L) {
3983 X509_STORE **ud = prepsimple(L, X509_STORE_CLASS); 4511 X509_STORE **ud = prepsimple(L, X509_STORE_CLASS);
3984 4512
3985 if (!(*ud = X509_STORE_new())) 4513 if (!(*ud = X509_STORE_new()))
3986 return throwssl(L, "x509.store"); 4514 return auxL_error(L, auxL_EOPENSSL, "x509.store");
3987 4515
3988 return 1; 4516 return 1;
3989} /* xs_new() */ 4517} /* xs_new() */
@@ -4004,11 +4532,11 @@ static int xs_add(lua_State *L) {
4004 X509 *dup; 4532 X509 *dup;
4005 4533
4006 if (!(dup = X509_dup(crt))) 4534 if (!(dup = X509_dup(crt)))
4007 return throwssl(L, "x509.store:add"); 4535 return auxL_error(L, auxL_EOPENSSL, "x509.store:add");
4008 4536
4009 if (!X509_STORE_add_cert(store, dup)) { 4537 if (!X509_STORE_add_cert(store, dup)) {
4010 X509_free(dup); 4538 X509_free(dup);
4011 return throwssl(L, "x509.store:add"); 4539 return auxL_error(L, auxL_EOPENSSL, "x509.store:add");
4012 } 4540 }
4013 } else { 4541 } else {
4014 const char *path = luaL_checkstring(L, i); 4542 const char *path = luaL_checkstring(L, i);
@@ -4016,7 +4544,7 @@ static int xs_add(lua_State *L) {
4016 int ok; 4544 int ok;
4017 4545
4018 if (0 != stat(path, &st)) 4546 if (0 != stat(path, &st))
4019 return luaL_error(L, "%s: %s", path, xstrerror(errno)); 4547 return luaL_error(L, "%s: %s", path, aux_strerror(errno));
4020 4548
4021 if (S_ISDIR(st.st_mode)) 4549 if (S_ISDIR(st.st_mode))
4022 ok = X509_STORE_load_locations(store, NULL, path); 4550 ok = X509_STORE_load_locations(store, NULL, path);
@@ -4024,7 +4552,7 @@ static int xs_add(lua_State *L) {
4024 ok = X509_STORE_load_locations(store, path, NULL); 4552 ok = X509_STORE_load_locations(store, path, NULL);
4025 4553
4026 if (!ok) 4554 if (!ok)
4027 return throwssl(L, "x509.store:add"); 4555 return auxL_error(L, auxL_EOPENSSL, "x509.store:add");
4028 } 4556 }
4029 } 4557 }
4030 4558
@@ -4050,7 +4578,7 @@ static int xs_verify(lua_State *L) {
4050 int i, n; 4578 int i, n;
4051 4579
4052 if (!(chain = sk_X509_dup(checksimple(L, 3, X509_CHAIN_CLASS)))) 4580 if (!(chain = sk_X509_dup(checksimple(L, 3, X509_CHAIN_CLASS))))
4053 return throwssl(L, "x509.store:verify"); 4581 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
4054 4582
4055 n = sk_X509_num(chain); 4583 n = sk_X509_num(chain);
4056 4584
@@ -4063,7 +4591,7 @@ static int xs_verify(lua_State *L) {
4063 4591
4064 if (!X509_STORE_CTX_init(&ctx, store, crt, chain)) { 4592 if (!X509_STORE_CTX_init(&ctx, store, crt, chain)) {
4065 sk_X509_pop_free(chain, X509_free); 4593 sk_X509_pop_free(chain, X509_free);
4066 return throwssl(L, "x509.store:verify"); 4594 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
4067 } 4595 }
4068 4596
4069 ERR_clear_error(); 4597 ERR_clear_error();
@@ -4077,7 +4605,7 @@ static int xs_verify(lua_State *L) {
4077 X509_STORE_CTX_cleanup(&ctx); 4605 X509_STORE_CTX_cleanup(&ctx);
4078 4606
4079 if (!*proof) 4607 if (!*proof)
4080 return throwssl(L, "x509.store:verify"); 4608 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
4081 4609
4082 lua_pushboolean(L, 1); 4610 lua_pushboolean(L, 1);
4083 lua_pushvalue(L, -2); 4611 lua_pushvalue(L, -2);
@@ -4095,7 +4623,7 @@ static int xs_verify(lua_State *L) {
4095 default: 4623 default:
4096 X509_STORE_CTX_cleanup(&ctx); 4624 X509_STORE_CTX_cleanup(&ctx);
4097 4625
4098 return throwssl(L, "x509.store:verify"); 4626 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
4099 } 4627 }
4100} /* xs_verify() */ 4628} /* xs_verify() */
4101 4629
@@ -4153,7 +4681,7 @@ static int stx_new(lua_State *L) {
4153 STACK_OF(X509) *chain; 4681 STACK_OF(X509) *chain;
4154 4682
4155 if (!(*ud = X509_STORE_CTX_new())) 4683 if (!(*ud = X509_STORE_CTX_new()))
4156 return throwssl(L, "x509.store.context"); 4684 return auxL_error(L, auxL_EOPENSSL, "x509.store.context");
4157 4685
4158 return 1; 4686 return 1;
4159} /* stx_new() */ 4687} /* stx_new() */
@@ -4265,7 +4793,7 @@ error:
4265 if (no_kcert) 4793 if (no_kcert)
4266 luaL_argerror(L, 1, lua_pushfstring(L, "certificate matching the key not found")); 4794 luaL_argerror(L, 1, lua_pushfstring(L, "certificate matching the key not found"));
4267 4795
4268 return throwssl(L, "pkcs12.new"); 4796 return auxL_error(L, auxL_EOPENSSL, "pkcs12.new");
4269} /* p12_new() */ 4797} /* p12_new() */
4270 4798
4271 4799
@@ -4281,7 +4809,7 @@ static int p12__tostring(lua_State *L) {
4281 long len; 4809 long len;
4282 4810
4283 if (!i2d_PKCS12_bio(bio, p12)) 4811 if (!i2d_PKCS12_bio(bio, p12))
4284 return throwssl(L, "pkcs12:__tostring"); 4812 return auxL_error(L, auxL_EOPENSSL, "pkcs12:__tostring");
4285 4813
4286 len = BIO_get_mem_data(bio, &data); 4814 len = BIO_get_mem_data(bio, &data);
4287 4815
@@ -4402,7 +4930,7 @@ static int sx_new(lua_State *L) {
4402 ud = prepsimple(L, SSL_CTX_CLASS); 4930 ud = prepsimple(L, SSL_CTX_CLASS);
4403 4931
4404 if (!(*ud = SSL_CTX_new(method()))) 4932 if (!(*ud = SSL_CTX_new(method())))
4405 return throwssl(L, "ssl.context.new"); 4933 return auxL_error(L, auxL_EOPENSSL, "ssl.context.new");
4406 4934
4407 SSL_CTX_set_options(*ud, options); 4935 SSL_CTX_set_options(*ud, options);
4408 4936
@@ -4417,9 +4945,9 @@ static int sx_interpose(lua_State *L) {
4417 4945
4418static int sx_setOptions(lua_State *L) { 4946static int sx_setOptions(lua_State *L) {
4419 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); 4947 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
4420 lib_Integer options = lib_checkinteger(L, 2); 4948 auxL_Integer options = auxL_checkinteger(L, 2);
4421 4949
4422 lib_pushinteger(L, SSL_CTX_set_options(ctx, options)); 4950 auxL_pushinteger(L, SSL_CTX_set_options(ctx, options));
4423 4951
4424 return 1; 4952 return 1;
4425} /* sx_setOptions() */ 4953} /* sx_setOptions() */
@@ -4428,7 +4956,7 @@ static int sx_setOptions(lua_State *L) {
4428static int sx_getOptions(lua_State *L) { 4956static int sx_getOptions(lua_State *L) {
4429 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); 4957 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
4430 4958
4431 lib_pushinteger(L, SSL_CTX_get_options(ctx)); 4959 auxL_pushinteger(L, SSL_CTX_get_options(ctx));
4432 4960
4433 return 1; 4961 return 1;
4434} /* sx_getOptions() */ 4962} /* sx_getOptions() */
@@ -4436,9 +4964,9 @@ static int sx_getOptions(lua_State *L) {
4436 4964
4437static int sx_clearOptions(lua_State *L) { 4965static int sx_clearOptions(lua_State *L) {
4438 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); 4966 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
4439 lib_Integer options = lib_checkinteger(L, 2); 4967 auxL_Integer options = auxL_checkinteger(L, 2);
4440 4968
4441 lib_pushinteger(L, SSL_CTX_clear_options(ctx, options)); 4969 auxL_pushinteger(L, SSL_CTX_clear_options(ctx, options));
4442 4970
4443 return 1; 4971 return 1;
4444} /* sx_clearOptions() */ 4972} /* sx_clearOptions() */
@@ -4448,8 +4976,7 @@ static int sx_setStore(lua_State *L) {
4448 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); 4976 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
4449 X509_STORE *store = checksimple(L, 2, X509_STORE_CLASS); 4977 X509_STORE *store = checksimple(L, 2, X509_STORE_CLASS);
4450 4978
4451 SSL_CTX_set_cert_store(ctx, store); 4979 SSL_CTX_set1_cert_store(ctx, store);
4452 CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
4453 4980
4454 lua_pushboolean(L, 1); 4981 lua_pushboolean(L, 1);
4455 4982
@@ -4493,7 +5020,7 @@ static int sx_setCertificate(lua_State *L) {
4493 X509_free(crt); 5020 X509_free(crt);
4494 5021
4495 if (!ok) 5022 if (!ok)
4496 return throwssl(L, "ssl.context:setCertificate"); 5023 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCertificate");
4497 5024
4498 lua_pushboolean(L, 1); 5025 lua_pushboolean(L, 1);
4499 5026
@@ -4515,7 +5042,7 @@ static int sx_setPrivateKey(lua_State *L) {
4515 * private key is actually defined in the object. 5042 * private key is actually defined in the object.
4516 */ 5043 */
4517 if (!SSL_CTX_use_PrivateKey(ctx, key)) 5044 if (!SSL_CTX_use_PrivateKey(ctx, key))
4518 return throwssl(L, "ssl.context:setPrivateKey"); 5045 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setPrivateKey");
4519 5046
4520 lua_pushboolean(L, 1); 5047 lua_pushboolean(L, 1);
4521 5048
@@ -4528,7 +5055,7 @@ static int sx_setCipherList(lua_State *L) {
4528 const char *ciphers = luaL_checkstring(L, 2); 5055 const char *ciphers = luaL_checkstring(L, 2);
4529 5056
4530 if (!SSL_CTX_set_cipher_list(ctx, ciphers)) 5057 if (!SSL_CTX_set_cipher_list(ctx, ciphers))
4531 return throwssl(L, "ssl.context:setCipherList"); 5058 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCipherList");
4532 5059
4533 lua_pushboolean(L, 1); 5060 lua_pushboolean(L, 1);
4534 5061
@@ -4549,26 +5076,26 @@ static int sx_setEphemeralKey(lua_State *L) {
4549 switch (EVP_PKEY_base_id(key)) { 5076 switch (EVP_PKEY_base_id(key)) {
4550 case EVP_PKEY_RSA: 5077 case EVP_PKEY_RSA:
4551 if (!(tmp = EVP_PKEY_get0(key))) 5078 if (!(tmp = EVP_PKEY_get0(key)))
4552 return throwssl(L, "ssl.context:setEphemeralKey"); 5079 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setEphemeralKey");
4553 5080
4554 if (!SSL_CTX_set_tmp_rsa(ctx, tmp)) 5081 if (!SSL_CTX_set_tmp_rsa(ctx, tmp))
4555 return throwssl(L, "ssl.context:setEphemeralKey"); 5082 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setEphemeralKey");
4556 5083
4557 break; 5084 break;
4558 case EVP_PKEY_DH: 5085 case EVP_PKEY_DH:
4559 if (!(tmp = EVP_PKEY_get0(key))) 5086 if (!(tmp = EVP_PKEY_get0(key)))
4560 return throwssl(L, "ssl.context:setEphemeralKey"); 5087 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setEphemeralKey");
4561 5088
4562 if (!SSL_CTX_set_tmp_dh(ctx, tmp)) 5089 if (!SSL_CTX_set_tmp_dh(ctx, tmp))
4563 return throwssl(L, "ssl.context:setEphemeralKey"); 5090 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setEphemeralKey");
4564 5091
4565 break; 5092 break;
4566 case EVP_PKEY_EC: 5093 case EVP_PKEY_EC:
4567 if (!(tmp = EVP_PKEY_get0(key))) 5094 if (!(tmp = EVP_PKEY_get0(key)))
4568 return throwssl(L, "ssl.context:setEphemeralKey"); 5095 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setEphemeralKey");
4569 5096
4570 if (!SSL_CTX_set_tmp_ecdh(ctx, tmp)) 5097 if (!SSL_CTX_set_tmp_ecdh(ctx, tmp))
4571 return throwssl(L, "ssl.context:setEphemeralKey"); 5098 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setEphemeralKey");
4572 5099
4573 break; 5100 break;
4574 default: 5101 default:
@@ -4597,9 +5124,9 @@ static int sx_setAlpnProtos(lua_State *L) {
4597 ERR_clear_error(); 5124 ERR_clear_error();
4598 if (0 != SSL_CTX_set_alpn_protos(ctx, (const unsigned char*)tmp, len)) { 5125 if (0 != SSL_CTX_set_alpn_protos(ctx, (const unsigned char*)tmp, len)) {
4599 if (!ERR_peek_error()) { 5126 if (!ERR_peek_error()) {
4600 return luaL_error(L, "unable to set ALPN protocols: %s", xstrerror(ENOMEM)); 5127 return luaL_error(L, "unable to set ALPN protocols: %s", aux_strerror(ENOMEM));
4601 } else { 5128 } else {
4602 return throwssl(L, "ssl.context:setAlpnProtos"); 5129 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setAlpnProtos");
4603 } 5130 }
4604 } 5131 }
4605 5132
@@ -4609,6 +5136,103 @@ static int sx_setAlpnProtos(lua_State *L) {
4609} /* sx_setAlpnProtos() */ 5136} /* sx_setAlpnProtos() */
4610#endif 5137#endif
4611 5138
5139#if HAVE_SSL_CTX_SET_ALPN_SELECT_CB
5140static SSL *ssl_push(lua_State *, SSL *);
5141
5142static int sx_setAlpnSelect_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *_ctx) {
5143 SSL_CTX *ctx = _ctx;
5144 lua_State *L = NULL;
5145 size_t n, protolen, tmpsiz;
5146 int otop, status;
5147 const void *proto;
5148 void *tmpbuf;
5149
5150 *out = NULL;
5151 *outlen = 0;
5152
5153 /* expect at least two values: return buffer and closure */
5154 if ((n = ex_getdata(&L, EX_SSL_CTX_ALPN_SELECT_CB, ctx)) < 2)
5155 return SSL_TLSEXT_ERR_ALERT_FATAL;
5156
5157 otop = lua_gettop(L) - n;
5158
5159 /* TODO: Install temporary panic handler to catch OOM errors */
5160
5161 /* pass SSL object as 1st argument */
5162 ssl_push(L, ssl);
5163 lua_insert(L, otop + 3);
5164
5165 /* pass table of protocol names as 2nd argument */
5166 pushprotos(L, in, inlen);
5167 lua_insert(L, otop + 4);
5168
5169 if (LUA_OK != (status = lua_pcall(L, 2 + (n - 2), 1, 0)))
5170 goto fatal;
5171
5172 /* did we get a string result? */
5173 if (!(proto = lua_tolstring(L, -1, &protolen)))
5174 goto noack;
5175
5176 /* will it fit in our return buffer? */
5177 if (!(tmpbuf = lua_touserdata(L, otop + 1)))
5178 goto fatal;
5179
5180 tmpsiz = lua_rawlen(L, otop + 1);
5181
5182 if (protolen > tmpsiz)
5183 goto fatal;
5184
5185 memcpy(tmpbuf, proto, protolen);
5186
5187 /*
5188 * NB: Our return buffer is anchored using the luaL_ref API, so even
5189 * once we pop the stack it will remain valid.
5190 */
5191 *out = tmpbuf;
5192 *outlen = protolen;
5193
5194 lua_settop(L, otop);
5195
5196 return SSL_TLSEXT_ERR_OK;
5197fatal:
5198 lua_settop(L, otop);
5199
5200 return SSL_TLSEXT_ERR_ALERT_FATAL;
5201noack:
5202 lua_settop(L, otop);
5203
5204 return SSL_TLSEXT_ERR_NOACK;
5205} /* sx_setAlpnSelect_cb() */
5206
5207static int sx_setAlpnSelect(lua_State *L) {
5208 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
5209 struct ex_data *data;
5210 int error;
5211
5212 luaL_checktype(L, 2, LUA_TFUNCTION);
5213
5214 /* allocate space to store the selected protocol in our callback */
5215 lua_newuserdata(L, UCHAR_MAX);
5216 lua_insert(L, 2);
5217
5218 if ((error = ex_setdata(L, EX_SSL_CTX_ALPN_SELECT_CB, ctx, lua_gettop(L) - 1))) {
5219 if (error > 0) {
5220 return luaL_error(L, "unable to set ALPN protocol selection callback: %s", aux_strerror(error));
5221 } else if (error == auxL_EOPENSSL && !ERR_peek_error()) {
5222 return luaL_error(L, "unable to set ALPN protocol selection callback: Unknown internal error");
5223 } else {
5224 return auxL_error(L, error, "ssl.context:setAlpnSelect");
5225 }
5226 }
5227
5228 SSL_CTX_set_alpn_select_cb(ctx, &sx_setAlpnSelect_cb, ctx);
5229
5230 lua_pushboolean(L, 1);
5231
5232 return 1;
5233} /* sx_setAlpnSelect() */
5234#endif
5235
4612 5236
4613static int sx__gc(lua_State *L) { 5237static int sx__gc(lua_State *L) {
4614 SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS); 5238 SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS);
@@ -4636,6 +5260,9 @@ static const luaL_Reg sx_methods[] = {
4636#if HAVE_SSL_CTX_SET_ALPN_PROTOS 5260#if HAVE_SSL_CTX_SET_ALPN_PROTOS
4637 { "setAlpnProtos", &sx_setAlpnProtos }, 5261 { "setAlpnProtos", &sx_setAlpnProtos },
4638#endif 5262#endif
5263#if HAVE_SSL_CTX_SET_ALPN_SELECT_CB
5264 { "setAlpnSelect", &sx_setAlpnSelect },
5265#endif
4639 { NULL, NULL }, 5266 { NULL, NULL },
4640}; 5267};
4641 5268
@@ -4650,7 +5277,7 @@ static const luaL_Reg sx_globals[] = {
4650 { NULL, NULL }, 5277 { NULL, NULL },
4651}; 5278};
4652 5279
4653static const integer_Reg sx_verify[] = { 5280static const auxL_IntegerReg sx_verify[] = {
4654 { "VERIFY_NONE", SSL_VERIFY_NONE }, 5281 { "VERIFY_NONE", SSL_VERIFY_NONE },
4655 { "VERIFY_PEER", SSL_VERIFY_PEER }, 5282 { "VERIFY_PEER", SSL_VERIFY_PEER },
4656 { "VERIFY_FAIL_IF_NO_PEER_CERT", SSL_VERIFY_FAIL_IF_NO_PEER_CERT }, 5283 { "VERIFY_FAIL_IF_NO_PEER_CERT", SSL_VERIFY_FAIL_IF_NO_PEER_CERT },
@@ -4658,7 +5285,7 @@ static const integer_Reg sx_verify[] = {
4658 { NULL, 0 }, 5285 { NULL, 0 },
4659}; 5286};
4660 5287
4661static const integer_Reg sx_option[] = { 5288static const auxL_IntegerReg sx_option[] = {
4662 { "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG }, 5289 { "OP_MICROSOFT_SESS_ID_BUG", SSL_OP_MICROSOFT_SESS_ID_BUG },
4663 { "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG }, 5290 { "OP_NETSCAPE_CHALLENGE_BUG", SSL_OP_NETSCAPE_CHALLENGE_BUG },
4664 { "OP_LEGACY_SERVER_CONNECT", SSL_OP_LEGACY_SERVER_CONNECT }, 5291 { "OP_LEGACY_SERVER_CONNECT", SSL_OP_LEGACY_SERVER_CONNECT },
@@ -4708,8 +5335,8 @@ int luaopen__openssl_ssl_context(lua_State *L) {
4708 initall(L); 5335 initall(L);
4709 5336
4710 luaL_newlib(L, sx_globals); 5337 luaL_newlib(L, sx_globals);
4711 lib_setintegers(L, sx_verify); 5338 auxL_setintegers(L, sx_verify);
4712 lib_setintegers(L, sx_option); 5339 auxL_setintegers(L, sx_option);
4713 5340
4714 return 1; 5341 return 1;
4715} /* luaopen__openssl_ssl_context() */ 5342} /* luaopen__openssl_ssl_context() */
@@ -4720,6 +5347,15 @@ int luaopen__openssl_ssl_context(lua_State *L) {
4720 * 5347 *
4721 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 5348 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
4722 5349
5350static SSL *ssl_push(lua_State *L, SSL *ssl) {
5351 SSL **ud = prepsimple(L, SSL_CLASS);
5352
5353 CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL);
5354 *ud = ssl;
5355
5356 return *ud;
5357} /* ssl_push() */
5358
4723static int ssl_new(lua_State *L) { 5359static int ssl_new(lua_State *L) {
4724 lua_pushnil(L); 5360 lua_pushnil(L);
4725 5361
@@ -4734,9 +5370,9 @@ static int ssl_interpose(lua_State *L) {
4734 5370
4735static int ssl_setOptions(lua_State *L) { 5371static int ssl_setOptions(lua_State *L) {
4736 SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS); 5372 SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS);
4737 lib_Integer options = lib_checkinteger(L, 2); 5373 auxL_Integer options = auxL_checkinteger(L, 2);
4738 5374
4739 lib_pushinteger(L, SSL_set_options(ssl, options)); 5375 auxL_pushinteger(L, SSL_set_options(ssl, options));
4740 5376
4741 return 1; 5377 return 1;
4742} /* ssl_setOptions() */ 5378} /* ssl_setOptions() */
@@ -4745,7 +5381,7 @@ static int ssl_setOptions(lua_State *L) {
4745static int ssl_getOptions(lua_State *L) { 5381static int ssl_getOptions(lua_State *L) {
4746 SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS); 5382 SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS);
4747 5383
4748 lib_pushinteger(L, SSL_get_options(ssl)); 5384 auxL_pushinteger(L, SSL_get_options(ssl));
4749 5385
4750 return 1; 5386 return 1;
4751} /* ssl_getOptions() */ 5387} /* ssl_getOptions() */
@@ -4753,9 +5389,9 @@ static int ssl_getOptions(lua_State *L) {
4753 5389
4754static int ssl_clearOptions(lua_State *L) { 5390static int ssl_clearOptions(lua_State *L) {
4755 SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS); 5391 SSL *ssl = checksimple(L, 1, SSL_CTX_CLASS);
4756 lib_Integer options = lib_checkinteger(L, 2); 5392 auxL_Integer options = auxL_checkinteger(L, 2);
4757 5393
4758 lib_pushinteger(L, SSL_clear_options(ssl, options)); 5394 auxL_pushinteger(L, SSL_clear_options(ssl, options));
4759 5395
4760 return 1; 5396 return 1;
4761} /* ssl_clearOptions() */ 5397} /* ssl_clearOptions() */
@@ -4829,7 +5465,7 @@ static int ssl_setHostName(lua_State *L) {
4829 const char *host = luaL_checkstring(L, 2); 5465 const char *host = luaL_checkstring(L, 2);
4830 5466
4831 if (!SSL_set_tlsext_host_name(ssl, host)) 5467 if (!SSL_set_tlsext_host_name(ssl, host))
4832 return throwssl(L, "ssl:setHostName"); 5468 return auxL_error(L, auxL_EOPENSSL, "ssl:setHostName");
4833 5469
4834 lua_pushboolean(L, 1); 5470 lua_pushboolean(L, 1);
4835 5471
@@ -4919,9 +5555,9 @@ static int ssl_setAlpnProtos(lua_State *L) {
4919 ERR_clear_error(); 5555 ERR_clear_error();
4920 if (0 != SSL_set_alpn_protos(ssl, (const unsigned char*)tmp, len)) { 5556 if (0 != SSL_set_alpn_protos(ssl, (const unsigned char*)tmp, len)) {
4921 if (!ERR_peek_error()) { 5557 if (!ERR_peek_error()) {
4922 return luaL_error(L, "unable to set ALPN protocols: %s", xstrerror(ENOMEM)); 5558 return luaL_error(L, "unable to set ALPN protocols: %s", aux_strerror(ENOMEM));
4923 } else { 5559 } else {
4924 return throwssl(L, "ssl:setAlpnProtos"); 5560 return auxL_error(L, auxL_EOPENSSL, "ssl:setAlpnProtos");
4925 } 5561 }
4926 } 5562 }
4927 5563
@@ -4975,7 +5611,7 @@ static const luaL_Reg ssl_globals[] = {
4975 { NULL, NULL }, 5611 { NULL, NULL },
4976}; 5612};
4977 5613
4978static const integer_Reg ssl_version[] = { 5614static const auxL_IntegerReg ssl_version[] = {
4979 { "SSL2_VERSION", SSL2_VERSION }, 5615 { "SSL2_VERSION", SSL2_VERSION },
4980 { "SSL3_VERSION", SSL3_VERSION }, 5616 { "SSL3_VERSION", SSL3_VERSION },
4981 { "TLS1_VERSION", TLS1_VERSION }, 5617 { "TLS1_VERSION", TLS1_VERSION },
@@ -4993,9 +5629,9 @@ int luaopen__openssl_ssl(lua_State *L) {
4993 initall(L); 5629 initall(L);
4994 5630
4995 luaL_newlib(L, ssl_globals); 5631 luaL_newlib(L, ssl_globals);
4996 lib_setintegers(L, ssl_version); 5632 auxL_setintegers(L, ssl_version);
4997 lib_setintegers(L, sx_verify); 5633 auxL_setintegers(L, sx_verify);
4998 lib_setintegers(L, sx_option); 5634 auxL_setintegers(L, sx_option);
4999 5635
5000 return 1; 5636 return 1;
5001} /* luaopen__openssl_ssl() */ 5637} /* luaopen__openssl_ssl() */
@@ -5026,7 +5662,7 @@ static int md_new(lua_State *L) {
5026 EVP_MD_CTX_init(ctx); 5662 EVP_MD_CTX_init(ctx);
5027 5663
5028 if (!EVP_DigestInit_ex(ctx, type, NULL)) 5664 if (!EVP_DigestInit_ex(ctx, type, NULL))
5029 return throwssl(L, "digest.new"); 5665 return auxL_error(L, auxL_EOPENSSL, "digest.new");
5030 5666
5031 return 1; 5667 return 1;
5032} /* md_new() */ 5668} /* md_new() */
@@ -5047,7 +5683,7 @@ static void md_update_(lua_State *L, EVP_MD_CTX *ctx, int from, int to) {
5047 p = luaL_checklstring(L, i, &n); 5683 p = luaL_checklstring(L, i, &n);
5048 5684
5049 if (!EVP_DigestUpdate(ctx, p, n)) 5685 if (!EVP_DigestUpdate(ctx, p, n))
5050 throwssl(L, "digest:update"); 5686 auxL_error(L, auxL_EOPENSSL, "digest:update");
5051 } 5687 }
5052} /* md_update_() */ 5688} /* md_update_() */
5053 5689
@@ -5072,7 +5708,7 @@ static int md_final(lua_State *L) {
5072 md_update_(L, ctx, 2, lua_gettop(L)); 5708 md_update_(L, ctx, 2, lua_gettop(L));
5073 5709
5074 if (!EVP_DigestFinal_ex(ctx, md, &len)) 5710 if (!EVP_DigestFinal_ex(ctx, md, &len))
5075 return throwssl(L, "digest:final"); 5711 return auxL_error(L, auxL_EOPENSSL, "digest:final");
5076 5712
5077 lua_pushlstring(L, (char *)md, len); 5713 lua_pushlstring(L, (char *)md, len);
5078 5714
@@ -5243,7 +5879,7 @@ static int cipher_new(lua_State *L) {
5243 EVP_CIPHER_CTX_init(ctx); 5879 EVP_CIPHER_CTX_init(ctx);
5244 5880
5245 if (!EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, -1)) 5881 if (!EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, -1))
5246 return throwssl(L, "cipher.new"); 5882 return auxL_error(L, auxL_EOPENSSL, "cipher.new");
5247 5883
5248 return 1; 5884 return 1;
5249} /* cipher_new() */ 5885} /* cipher_new() */
@@ -5281,7 +5917,7 @@ static int cipher_init(lua_State *L, _Bool encrypt) {
5281 5917
5282 return 1; 5918 return 1;
5283sslerr: 5919sslerr:
5284 return throwssl(L, (encrypt)? "cipher:encrypt" : "cipher:decrypt"); 5920 return auxL_error(L, auxL_EOPENSSL, (encrypt)? "cipher:encrypt" : "cipher:decrypt");
5285} /* cipher_init() */ 5921} /* cipher_init() */
5286 5922
5287 5923
@@ -5340,7 +5976,7 @@ static int cipher_update(lua_State *L) {
5340 return 1; 5976 return 1;
5341sslerr: 5977sslerr:
5342 lua_pushnil(L); 5978 lua_pushnil(L);
5343 pusherror(L, NULL); 5979 auxL_pusherror(L, auxL_EOPENSSL, NULL);
5344 5980
5345 return 2; 5981 return 2;
5346} /* cipher_update() */ 5982} /* cipher_update() */
@@ -5371,7 +6007,7 @@ static int cipher_final(lua_State *L) {
5371 return 1; 6007 return 1;
5372sslerr: 6008sslerr:
5373 lua_pushnil(L); 6009 lua_pushnil(L);
5374 pusherror(L, NULL); 6010 auxL_pusherror(L, auxL_EOPENSSL, NULL);
5375 6011
5376 return 2; 6012 return 2;
5377} /* cipher_final() */ 6013} /* cipher_final() */
@@ -5558,7 +6194,7 @@ static int rand_stir(lua_State *L) {
5558 6194
5559 if (error) { 6195 if (error) {
5560 lua_pushboolean(L, 0); 6196 lua_pushboolean(L, 0);
5561 lua_pushstring(L, xstrerror(error)); 6197 lua_pushstring(L, aux_strerror(error));
5562 lua_pushinteger(L, error); 6198 lua_pushinteger(L, error);
5563 6199
5564 return 3; 6200 return 3;
@@ -5599,7 +6235,7 @@ static int rand_bytes(lua_State *L) {
5599 n = MIN((size - count), LUAL_BUFFERSIZE); 6235 n = MIN((size - count), LUAL_BUFFERSIZE);
5600 6236
5601 if (!RAND_bytes((void *)luaL_prepbuffer(&B), n)) 6237 if (!RAND_bytes((void *)luaL_prepbuffer(&B), n))
5602 return throwssl(L, "rand.bytes"); 6238 return auxL_error(L, auxL_EOPENSSL, "rand.bytes");
5603 6239
5604 luaL_addsize(&B, n); 6240 luaL_addsize(&B, n);
5605 count += n; 6241 count += n;
@@ -5622,7 +6258,7 @@ static unsigned long long rand_llu(lua_State *L) {
5622 unsigned long long llu; 6258 unsigned long long llu;
5623 6259
5624 if (!RAND_bytes((void *)&llu, sizeof llu)) 6260 if (!RAND_bytes((void *)&llu, sizeof llu))
5625 throwssl(L, "rand.uniform"); 6261 auxL_error(L, auxL_EOPENSSL, "rand.uniform");
5626 6262
5627 return llu; 6263 return llu;
5628} /* rand_llu() */ 6264} /* rand_llu() */
@@ -5802,18 +6438,11 @@ int luaopen__openssl_des(lua_State *L) {
5802 * 6438 *
5803 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 6439 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
5804 6440
5805#ifndef HAVE_DLADDR
5806#define HAVE_DLADDR (!defined _AIX)
5807#endif
5808
5809static struct { 6441static struct {
5810 pthread_mutex_t *lock; 6442 pthread_mutex_t *lock;
5811 int nlock; 6443 int nlock;
5812
5813 void *dlref;
5814} mt_state; 6444} mt_state;
5815 6445
5816
5817static void mt_lock(int mode, int type, const char *file NOTUSED, int line NOTUSED) { 6446static void mt_lock(int mode, int type, const char *file NOTUSED, int line NOTUSED) {
5818 if (mode & CRYPTO_LOCK) 6447 if (mode & CRYPTO_LOCK)
5819 pthread_mutex_lock(&mt_state.lock[type]); 6448 pthread_mutex_lock(&mt_state.lock[type]);
@@ -5821,7 +6450,6 @@ static void mt_lock(int mode, int type, const char *file NOTUSED, int line NOTUS
5821 pthread_mutex_unlock(&mt_state.lock[type]); 6450 pthread_mutex_unlock(&mt_state.lock[type]);
5822} /* mt_lock() */ 6451} /* mt_lock() */
5823 6452
5824
5825/* 6453/*
5826 * Sources include Google and especially the Wine Project. See get_unix_tid 6454 * Sources include Google and especially the Wine Project. See get_unix_tid
5827 * at http://source.winehq.org/git/wine.git/?a=blob;f=dlls/ntdll/server.c. 6455 * at http://source.winehq.org/git/wine.git/?a=blob;f=dlls/ntdll/server.c.
@@ -5847,19 +6475,23 @@ static unsigned long mt_gettid(void) {
5847 return _lwp_self(); 6475 return _lwp_self();
5848#else 6476#else
5849 /* 6477 /*
5850 * pthread_t is an integer on Solaris and Linux, and a unique pointer 6478 * pthread_t is an integer on Solaris and Linux, an unsigned integer
5851 * on OpenBSD. 6479 * on AIX, and a unique pointer on OpenBSD.
5852 */ 6480 */
5853 return (unsigned long)pthread_self(); 6481 return (unsigned long)pthread_self();
5854#endif 6482#endif
5855} /* mt_gettid() */ 6483} /* mt_gettid() */
5856 6484
5857
5858static int mt_init(void) { 6485static int mt_init(void) {
5859 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; 6486 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
5860 int bound = 0, error = 0; 6487 static int done, bound;
6488 int error = 0;
5861 6489
5862 pthread_mutex_lock(&mutex); 6490 if ((error = pthread_mutex_lock(&mutex)))
6491 return error;
6492
6493 if (done)
6494 goto epilog;
5863 6495
5864 if (!CRYPTO_get_locking_callback()) { 6496 if (!CRYPTO_get_locking_callback()) {
5865 if (!mt_state.lock) { 6497 if (!mt_state.lock) {
@@ -5869,11 +6501,20 @@ static int mt_init(void) {
5869 6501
5870 if (!(mt_state.lock = malloc(mt_state.nlock * sizeof *mt_state.lock))) { 6502 if (!(mt_state.lock = malloc(mt_state.nlock * sizeof *mt_state.lock))) {
5871 error = errno; 6503 error = errno;
5872 goto leave; 6504 goto epilog;
5873 } 6505 }
5874 6506
5875 for (i = 0; i < mt_state.nlock; i++) { 6507 for (i = 0; i < mt_state.nlock; i++) {
5876 pthread_mutex_init(&mt_state.lock[i], NULL); 6508 if ((error = pthread_mutex_init(&mt_state.lock[i], NULL))) {
6509 while (i > 0) {
6510 pthread_mutex_destroy(&mt_state.lock[--i]);
6511 }
6512
6513 free(mt_state.lock);
6514 mt_state.lock = NULL;
6515
6516 goto epilog;
6517 }
5877 } 6518 }
5878 } 6519 }
5879 6520
@@ -5886,27 +6527,11 @@ static int mt_init(void) {
5886 bound = 1; 6527 bound = 1;
5887 } 6528 }
5888 6529
5889 /* 6530 if (bound && (error = dl_anchor()))
5890 * Prevent loader from unlinking us if we've registered a callback 6531 goto epilog;
5891 * with OpenSSL by taking another reference to ourselves.
5892 */
5893#if HAVE_DLADDR
5894 if (bound && !mt_state.dlref) {
5895 Dl_info info;
5896
5897 if (!dladdr((void *)&luaopen__openssl_rand, &info)) {
5898 error = -1;
5899 goto leave;
5900 }
5901
5902 if (!(mt_state.dlref = dlopen(info.dli_fname, RTLD_NOW|RTLD_LOCAL))) {
5903 error = -1;
5904 goto leave;
5905 }
5906 }
5907#endif
5908 6532
5909leave: 6533 done = 1;
6534epilog:
5910 pthread_mutex_unlock(&mutex); 6535 pthread_mutex_unlock(&mutex);
5911 6536
5912 return error; 6537 return error;
@@ -5918,13 +6543,8 @@ static void initall(lua_State *L) {
5918 static int initssl; 6543 static int initssl;
5919 int error; 6544 int error;
5920 6545
5921 if ((error = mt_init())) { 6546 if ((error = mt_init()))
5922 if (error == -1) { 6547 auxL_error(L, error, "openssl.init");
5923 luaL_error(L, "openssl.init: %s", dlerror());
5924 } else {
5925 luaL_error(L, "openssl.init: %s", xstrerror(error));
5926 }
5927 }
5928 6548
5929 pthread_mutex_lock(&mutex); 6549 pthread_mutex_lock(&mutex);
5930 6550
@@ -5944,6 +6564,14 @@ static void initall(lua_State *L) {
5944 6564
5945 pthread_mutex_unlock(&mutex); 6565 pthread_mutex_unlock(&mutex);
5946 6566
6567 if ((error = compat_init()))
6568 auxL_error(L, error, "openssl.init");
6569
6570 if ((error = ex_init()))
6571 auxL_error(L, error, "openssl.init");
6572
6573 ex_newstate(L);
6574
5947 addclass(L, BIGNUM_CLASS, bn_methods, bn_metatable); 6575 addclass(L, BIGNUM_CLASS, bn_methods, bn_metatable);
5948 addclass(L, PKEY_CLASS, pk_methods, pk_metatable); 6576 addclass(L, PKEY_CLASS, pk_methods, pk_metatable);
5949 addclass(L, X509_NAME_CLASS, xn_methods, xn_metatable); 6577 addclass(L, X509_NAME_CLASS, xn_methods, xn_metatable);
@@ -5962,5 +6590,3 @@ static void initall(lua_State *L) {
5962 addclass(L, CIPHER_CLASS, cipher_methods, cipher_metatable); 6590 addclass(L, CIPHER_CLASS, cipher_methods, cipher_metatable);
5963} /* initall() */ 6591} /* initall() */
5964 6592
5965
5966#endif /* LUAOSSL_H */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 20:03:57 +0000