1 files changed, 127 insertions, 32 deletions
diff --git a/src/openssl.c b/src/openssl.c
index 823bc23..2fb7367 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -143,6 +143,22 @@
 #define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD
 #endif
+#ifndef HAVE_EVP_CIPHER_CTX_FREE
+#define HAVE_EVP_CIPHER_CTX_FREE OPENSSL_PREREQ(1,1,0)
+#endif
+#ifndef HAVE_EVP_CIPHER_CTX_NEW
+#define HAVE_EVP_CIPHER_CTX_NEW OPENSSL_PREREQ(1,1,0)
+#endif
+#ifndef HAVE_EVP_MD_CTX_FREE
+#define HAVE_EVP_MD_CTX_FREE OPENSSL_PREREQ(1,1,0)
+#endif
+#ifndef HAVE_EVP_MD_CTX_NEW
+#define HAVE_EVP_MD_CTX_NEW OPENSSL_PREREQ(1,1,0)
+#endif
 #ifndef HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID
 #define HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID OPENSSL_PREREQ(0,9,9)
 #endif
@@ -167,6 +183,14 @@
 #define HAVE_GENERAL_NAME_SET0_VALUE OPENSSL_PREREQ(1,1,0)
 #endif
+#ifndef HAVE_HMAC_CTX_FREE
+#define HAVE_HMAC_CTX_FREE OPENSSL_PREREQ(1,1,0)
+#endif
+#ifndef HAVE_HMAC_CTX_NEW
+#define HAVE_HMAC_CTX_NEW OPENSSL_PREREQ(1,1,0)
+#endif
 #ifndef HAVE_I2D_RE_X509_REQ_TBS
 #define HAVE_I2D_RE_X509_REQ_TBS OPENSSL_PREREQ(1,1,0)
 #endif
@@ -243,6 +267,10 @@
 #define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0)
 #endif
+#ifndef HMAC_INIT_EX_INT
+#define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0)
+#endif
 #ifndef STRERROR_R_CHAR_P
 #define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)))
 #endif
@@ -281,9 +309,9 @@
 #define PKCS12_CLASS     "PKCS12*"
 #define SSL_CTX_CLASS    "SSL_CTX*"
 #define SSL_CLASS        "SSL*"
-#define DIGEST_CLASS     "EVP_MD_CTX"     /* not a pointer */
+#define DIGEST_CLASS     "EVP_MD_CTX*"
-#define HMAC_CLASS       "HMAC_CTX"       /* not a pointer */
+#define HMAC_CLASS       "HMAC_CTX*"
-#define CIPHER_CLASS     "EVP_CIPHER_CTX" /* not a pointer */
+#define CIPHER_CLASS     "EVP_CIPHER_CTX*"
 #if __GNUC__
@@ -1248,6 +1276,38 @@ static void compat_DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
 } /* compat_DSA_set0_pqg() */
 #endif
+#if !HAVE_EVP_CIPHER_CTX_FREE
+#define EVP_CIPHER_CTX_free(ctx) compat_EVP_CIPHER_CTX_free((ctx))
+static void compat_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) {
+        EVP_CIPHER_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+} /* compat_EVP_CIPHER_CTX_free() */
+#endif
+#if !HAVE_EVP_CIPHER_CTX_NEW
+#define EVP_CIPHER_CTX_new() compat_EVP_CIPHER_CTX_new()
+static EVP_CIPHER_CTX *compat_EVP_CIPHER_CTX_new(void) {
+        EVP_CIPHER_CTX *ctx;
+        if (!(ctx = OPENSSL_malloc(sizeof *ctx)))
+                return NULL;
+        memset(ctx, 0, sizeof *ctx);
+        EVP_CIPHER_CTX_init(ctx);
+        return ctx;
+} /* compat_EVP_CIPHER_CTX_new() */
+#endif
+#if !HAVE_EVP_MD_CTX_FREE
+#define EVP_MD_CTX_free(md) EVP_MD_CTX_destroy((md))
+#endif
+#if !HAVE_EVP_MD_CTX_NEW
+#define EVP_MD_CTX_new(md) EVP_MD_CTX_create()
+#endif
 #if !HAVE_EVP_PKEY_ID
 #define EVP_PKEY_id(key) ((key)->type)
 #endif
@@ -1381,6 +1441,29 @@ static void GENERAL_NAME_set0_value(GENERAL_NAME *name, int type, void *value) {
 } /* compat_GENERAL_NAME_set0_value() */
 #endif
+#if !HAVE_HMAC_CTX_FREE
+#define HMAC_CTX_free(ctx) compat_HMAC_CTX_free((ctx))
+static void compat_HMAC_CTX_free(HMAC_CTX *ctx) {
+        HMAC_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+} /* compat_HMAC_CTX_free() */
+#endif
+#if !HAVE_HMAC_CTX_NEW
+#define HMAC_CTX_new() compat_HMAC_CTX_new()
+static HMAC_CTX *compat_HMAC_CTX_new(void) {
+        HMAC_CTX *ctx;
+        if (!(ctx = OPENSSL_malloc(sizeof *ctx)))
+                return NULL;
+        memset(ctx, 0, sizeof *ctx);
+        return ctx;
+} /* compat_HMAC_CTX_new() */
+#endif
 #if !HAVE_RSA_GET0_CRT_PARAMS
 #define RSA_get0_crt_params(...) compat_RSA_get0_crt_params(__VA_ARGS__)
@@ -3157,7 +3240,7 @@ static int pk_setPrivateKey(lua_State *L) {
 static int pk_sign(lua_State *L) {
        EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
-        EVP_MD_CTX *md = luaL_checkudata(L, 2, DIGEST_CLASS);
+        EVP_MD_CTX *md = checksimple(L, 2, DIGEST_CLASS);
        luaL_Buffer B;
        unsigned n;
@@ -3181,7 +3264,7 @@ static int pk_verify(lua_State *L) {
        EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
        size_t len;
        const void *sig = luaL_checklstring(L, 2, &len);
-        EVP_MD_CTX *md = luaL_checkudata(L, 3, DIGEST_CLASS);
+        EVP_MD_CTX *md = checksimple(L, 3, DIGEST_CLASS);
        switch (EVP_VerifyFinal(md, sig, len, key)) {
        case 0: /* WRONG */
@@ -7874,13 +7957,10 @@ static const EVP_MD *md_optdigest(lua_State *L, int index) {
 static int md_new(lua_State *L) {
        const EVP_MD *type = md_optdigest(L, 1);
-        EVP_MD_CTX *ctx;
+        EVP_MD_CTX **ctx;
-        ctx = prepudata(L, sizeof *ctx, DIGEST_CLASS, NULL);
-        EVP_MD_CTX_init(ctx);
+        ctx = prepsimple(L, DIGEST_CLASS, NULL);
+        if (!(*ctx = EVP_MD_CTX_new()) || !EVP_DigestInit_ex(*ctx, type, NULL))
-        if (!EVP_DigestInit_ex(ctx, type, NULL))
                return auxL_error(L, auxL_EOPENSSL, "digest.new");
        return 1;
@@ -7908,7 +7988,7 @@ static void md_update_(lua_State *L, EVP_MD_CTX *ctx, int from, int to) {
 static int md_update(lua_State *L) {
-        EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS);
+        EVP_MD_CTX *ctx = checksimple(L, 1, DIGEST_CLASS);
        md_update_(L, ctx, 2, lua_gettop(L));
@@ -7919,7 +7999,7 @@ static int md_update(lua_State *L) {
 static int md_final(lua_State *L) {
-        EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS);
+        EVP_MD_CTX *ctx = checksimple(L, 1, DIGEST_CLASS);
        unsigned char md[EVP_MAX_MD_SIZE];
        unsigned len;
@@ -7935,9 +8015,10 @@ static int md_final(lua_State *L) {
 static int md__gc(lua_State *L) {
-        EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS);
+        EVP_MD_CTX **ctx = luaL_checkudata(L, 1, DIGEST_CLASS);
-        EVP_MD_CTX_cleanup(ctx);
+        EVP_MD_CTX_free(*ctx);
+        *ctx = NULL;
        return 0;
 } /* md__gc() */
@@ -7978,16 +8059,25 @@ static int hmac_new(lua_State *L) {
        const void *key;
        size_t len;
        const EVP_MD *type;
-        HMAC_CTX *ctx;
+        HMAC_CTX **ctx;
        key = luaL_checklstring(L, 1, &len);
        type = md_optdigest(L, 2);
-        ctx = prepudata(L, sizeof *ctx, HMAC_CLASS, NULL);
+        ctx = prepsimple(L, HMAC_CLASS, NULL);
+        if (!(*ctx = HMAC_CTX_new()))
+                goto eossl;
-        HMAC_Init_ex(ctx, key, len, type, NULL);
+#if HMAC_INIT_EX_INT
+        if (!HMAC_Init_ex(*ctx, key, len, type, NULL))
+                goto eossl;
+#else
+        HMAC_Init_ex(*ctx, key, len, type, NULL);
+#endif
        return 1;
+eossl:
+        return auxL_error(L, auxL_EOPENSSL, "hmac.new");
 } /* hmac_new() */
@@ -8011,7 +8101,7 @@ static void hmac_update_(lua_State *L, HMAC_CTX *ctx, int from, int to) {
 static int hmac_update(lua_State *L) {
-        HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS);
+        HMAC_CTX *ctx = checksimple(L, 1, HMAC_CLASS);
        hmac_update_(L, ctx, 2, lua_gettop(L));
@@ -8022,7 +8112,7 @@ static int hmac_update(lua_State *L) {
 static int hmac_final(lua_State *L) {
-        HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS);
+        HMAC_CTX *ctx = checksimple(L, 1, HMAC_CLASS);
        unsigned char hmac[EVP_MAX_MD_SIZE];
        unsigned len;
@@ -8037,9 +8127,10 @@ static int hmac_final(lua_State *L) {
 static int hmac__gc(lua_State *L) {
-        HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS);
+        HMAC_CTX **ctx = luaL_checkudata(L, 1, HMAC_CLASS);
-        HMAC_CTX_cleanup(ctx);
+        HMAC_CTX_free(*ctx);
+        *ctx = NULL;
        return 0;
 } /* hmac__gc() */
@@ -8089,23 +8180,26 @@ static const EVP_CIPHER *cipher_checktype(lua_State *L, int index) {
 static int cipher_new(lua_State *L) {
        const EVP_CIPHER *type;
-        EVP_CIPHER_CTX *ctx;
+        EVP_CIPHER_CTX **ctx;
        unsigned char key[EVP_MAX_KEY_LENGTH] = { 0 };
        type = cipher_checktype(L, 1);
-        ctx = prepudata(L, sizeof *ctx, CIPHER_CLASS, NULL);
+        ctx = prepsimple(L, CIPHER_CLASS, NULL);
-        EVP_CIPHER_CTX_init(ctx);
+        if (!(*ctx = EVP_CIPHER_CTX_new()))
+                goto eossl;
        /*
         * NOTE: For some ciphers like AES calling :update or :final without
         * setting a key causes a SEGV. Set a dummy key here. Same solution
         * as used by Ruby OSSL.
         */
-        if (!EVP_CipherInit_ex(ctx, type, NULL, key, NULL, -1))
+        if (!EVP_CipherInit_ex(*ctx, type, NULL, key, NULL, -1))
-                return auxL_error(L, auxL_EOPENSSL, "cipher.new");
+                goto eossl;
        return 1;
+eossl:
+        return auxL_error(L, auxL_EOPENSSL, "cipher.new");
 } /* cipher_new() */
@@ -8115,7 +8209,7 @@ static int cipher_interpose(lua_State *L) {
 static int cipher_init(lua_State *L, _Bool encrypt) {
-        EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS);
+        EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
        const void *key, *iv;
        size_t n, m;
@@ -8187,7 +8281,7 @@ static _Bool cipher_update_(lua_State *L, EVP_CIPHER_CTX *ctx, luaL_Buffer *B, i
 static int cipher_update(lua_State *L) {
-        EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS);
+        EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
        luaL_Buffer B;
        luaL_buffinit(L, &B);
@@ -8207,7 +8301,7 @@ sslerr:
 static int cipher_final(lua_State *L) {
-        EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS);
+        EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
        luaL_Buffer B;
        size_t block;
        int out;
@@ -8238,9 +8332,10 @@ sslerr:
 static int cipher__gc(lua_State *L) {
-        EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS);
+        EVP_CIPHER_CTX **ctx = luaL_checkudata(L, 1, CIPHER_CLASS);
-        EVP_CIPHER_CTX_cleanup(ctx);
+        EVP_CIPHER_CTX_free(*ctx);
+        *ctx = NULL;
        return 0;
 } /* cipher__gc() */

diff --git a/src/openssl.c b/src/openssl.c index 823bc23..2fb7367 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -143,6 +143,22 @@
143	#define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD	143	#define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD
144	#endif	144	#endif
145		145
		146	#ifndef HAVE_EVP_CIPHER_CTX_FREE
		147	#define HAVE_EVP_CIPHER_CTX_FREE OPENSSL_PREREQ(1,1,0)
		148	#endif
		149
		150	#ifndef HAVE_EVP_CIPHER_CTX_NEW
		151	#define HAVE_EVP_CIPHER_CTX_NEW OPENSSL_PREREQ(1,1,0)
		152	#endif
		153
		154	#ifndef HAVE_EVP_MD_CTX_FREE
		155	#define HAVE_EVP_MD_CTX_FREE OPENSSL_PREREQ(1,1,0)
		156	#endif
		157
		158	#ifndef HAVE_EVP_MD_CTX_NEW
		159	#define HAVE_EVP_MD_CTX_NEW OPENSSL_PREREQ(1,1,0)
		160	#endif
		161
146	#ifndef HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID	162	#ifndef HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID
147	#define HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID OPENSSL_PREREQ(0,9,9)	163	#define HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID OPENSSL_PREREQ(0,9,9)
148	#endif	164	#endif
@@ -167,6 +183,14 @@
167	#define HAVE_GENERAL_NAME_SET0_VALUE OPENSSL_PREREQ(1,1,0)	183	#define HAVE_GENERAL_NAME_SET0_VALUE OPENSSL_PREREQ(1,1,0)
168	#endif	184	#endif
169		185
		186	#ifndef HAVE_HMAC_CTX_FREE
		187	#define HAVE_HMAC_CTX_FREE OPENSSL_PREREQ(1,1,0)
		188	#endif
		189
		190	#ifndef HAVE_HMAC_CTX_NEW
		191	#define HAVE_HMAC_CTX_NEW OPENSSL_PREREQ(1,1,0)
		192	#endif
		193
170	#ifndef HAVE_I2D_RE_X509_REQ_TBS	194	#ifndef HAVE_I2D_RE_X509_REQ_TBS
171	#define HAVE_I2D_RE_X509_REQ_TBS OPENSSL_PREREQ(1,1,0)	195	#define HAVE_I2D_RE_X509_REQ_TBS OPENSSL_PREREQ(1,1,0)
172	#endif	196	#endif
@@ -243,6 +267,10 @@
243	#define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0)	267	#define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0)
244	#endif	268	#endif
245		269
		270	#ifndef HMAC_INIT_EX_INT
		271	#define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0)
		272	#endif
		273
246	#ifndef STRERROR_R_CHAR_P	274	#ifndef STRERROR_R_CHAR_P
247	#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE \|\| !(_POSIX_C_SOURCE >= 200112L \|\| _XOPEN_SOURCE >= 600)))	275	#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE \|\| !(_POSIX_C_SOURCE >= 200112L \|\| _XOPEN_SOURCE >= 600)))
248	#endif	276	#endif
@@ -281,9 +309,9 @@
281	#define PKCS12_CLASS "PKCS12*"	309	#define PKCS12_CLASS "PKCS12*"
282	#define SSL_CTX_CLASS "SSL_CTX*"	310	#define SSL_CTX_CLASS "SSL_CTX*"
283	#define SSL_CLASS "SSL*"	311	#define SSL_CLASS "SSL*"
284	#define DIGEST_CLASS "EVP_MD_CTX" /* not a pointer */	312	#define DIGEST_CLASS "EVP_MD_CTX*"
285	#define HMAC_CLASS "HMAC_CTX" /* not a pointer */	313	#define HMAC_CLASS "HMAC_CTX*"
286	#define CIPHER_CLASS "EVP_CIPHER_CTX" /* not a pointer */	314	#define CIPHER_CLASS "EVP_CIPHER_CTX*"
287		315
288		316
289	#if __GNUC__	317	#if __GNUC__
@@ -1248,6 +1276,38 @@ static void compat_DSA_set0_pqg(DSA d, BIGNUM p, BIGNUM q, BIGNUM g) {
1248	} /* compat_DSA_set0_pqg() */	1276	} /* compat_DSA_set0_pqg() */
1249	#endif	1277	#endif
1250		1278
		1279	#if !HAVE_EVP_CIPHER_CTX_FREE
		1280	#define EVP_CIPHER_CTX_free(ctx) compat_EVP_CIPHER_CTX_free((ctx))
		1281
		1282	static void compat_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) {
		1283	EVP_CIPHER_CTX_cleanup(ctx);
		1284	OPENSSL_free(ctx);
		1285	} /* compat_EVP_CIPHER_CTX_free() */
		1286	#endif
		1287
		1288	#if !HAVE_EVP_CIPHER_CTX_NEW
		1289	#define EVP_CIPHER_CTX_new() compat_EVP_CIPHER_CTX_new()
		1290
		1291	static EVP_CIPHER_CTX *compat_EVP_CIPHER_CTX_new(void) {
		1292	EVP_CIPHER_CTX *ctx;
		1293
		1294	if (!(ctx = OPENSSL_malloc(sizeof *ctx)))
		1295	return NULL;
		1296	memset(ctx, 0, sizeof *ctx);
		1297	EVP_CIPHER_CTX_init(ctx);
		1298
		1299	return ctx;
		1300	} /* compat_EVP_CIPHER_CTX_new() */
		1301	#endif
		1302
		1303	#if !HAVE_EVP_MD_CTX_FREE
		1304	#define EVP_MD_CTX_free(md) EVP_MD_CTX_destroy((md))
		1305	#endif
		1306
		1307	#if !HAVE_EVP_MD_CTX_NEW
		1308	#define EVP_MD_CTX_new(md) EVP_MD_CTX_create()
		1309	#endif
		1310
1251	#if !HAVE_EVP_PKEY_ID	1311	#if !HAVE_EVP_PKEY_ID
1252	#define EVP_PKEY_id(key) ((key)->type)	1312	#define EVP_PKEY_id(key) ((key)->type)
1253	#endif	1313	#endif
@@ -1381,6 +1441,29 @@ static void GENERAL_NAME_set0_value(GENERAL_NAME name, int type, void value) {
1381	} /* compat_GENERAL_NAME_set0_value() */	1441	} /* compat_GENERAL_NAME_set0_value() */
1382	#endif	1442	#endif
1383		1443
		1444	#if !HAVE_HMAC_CTX_FREE
		1445	#define HMAC_CTX_free(ctx) compat_HMAC_CTX_free((ctx))
		1446
		1447	static void compat_HMAC_CTX_free(HMAC_CTX *ctx) {
		1448	HMAC_CTX_cleanup(ctx);
		1449	OPENSSL_free(ctx);
		1450	} /* compat_HMAC_CTX_free() */
		1451	#endif
		1452
		1453	#if !HAVE_HMAC_CTX_NEW
		1454	#define HMAC_CTX_new() compat_HMAC_CTX_new()
		1455
		1456	static HMAC_CTX *compat_HMAC_CTX_new(void) {
		1457	HMAC_CTX *ctx;
		1458
		1459	if (!(ctx = OPENSSL_malloc(sizeof *ctx)))
		1460	return NULL;
		1461	memset(ctx, 0, sizeof *ctx);
		1462
		1463	return ctx;
		1464	} /* compat_HMAC_CTX_new() */
		1465	#endif
		1466
1384	#if !HAVE_RSA_GET0_CRT_PARAMS	1467	#if !HAVE_RSA_GET0_CRT_PARAMS
1385	#define RSA_get0_crt_params(...) compat_RSA_get0_crt_params(__VA_ARGS__)	1468	#define RSA_get0_crt_params(...) compat_RSA_get0_crt_params(__VA_ARGS__)
1386		1469
@@ -3157,7 +3240,7 @@ static int pk_setPrivateKey(lua_State *L) {
3157		3240
3158	static int pk_sign(lua_State *L) {	3241	static int pk_sign(lua_State *L) {
3159	EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);	3242	EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
3160	EVP_MD_CTX *md = luaL_checkudata(L, 2, DIGEST_CLASS);	3243	EVP_MD_CTX *md = checksimple(L, 2, DIGEST_CLASS);
3161	luaL_Buffer B;	3244	luaL_Buffer B;
3162	unsigned n;	3245	unsigned n;
3163		3246
@@ -3181,7 +3264,7 @@ static int pk_verify(lua_State *L) {
3181	EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);	3264	EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
3182	size_t len;	3265	size_t len;
3183	const void *sig = luaL_checklstring(L, 2, &len);	3266	const void *sig = luaL_checklstring(L, 2, &len);
3184	EVP_MD_CTX *md = luaL_checkudata(L, 3, DIGEST_CLASS);	3267	EVP_MD_CTX *md = checksimple(L, 3, DIGEST_CLASS);
3185		3268
3186	switch (EVP_VerifyFinal(md, sig, len, key)) {	3269	switch (EVP_VerifyFinal(md, sig, len, key)) {
3187	case 0: /* WRONG */	3270	case 0: /* WRONG */
@@ -7874,13 +7957,10 @@ static const EVP_MD md_optdigest(lua_State L, int index) {
7874		7957
7875	static int md_new(lua_State *L) {	7958	static int md_new(lua_State *L) {
7876	const EVP_MD *type = md_optdigest(L, 1);	7959	const EVP_MD *type = md_optdigest(L, 1);
7877	EVP_MD_CTX *ctx;	7960	EVP_MD_CTX **ctx;
7878
7879	ctx = prepudata(L, sizeof *ctx, DIGEST_CLASS, NULL);
7880		7961
7881	EVP_MD_CTX_init(ctx);	7962	ctx = prepsimple(L, DIGEST_CLASS, NULL);
7882		7963	if (!(ctx = EVP_MD_CTX_new()) \|\| !EVP_DigestInit_ex(ctx, type, NULL))
7883	if (!EVP_DigestInit_ex(ctx, type, NULL))
7884	return auxL_error(L, auxL_EOPENSSL, "digest.new");	7964	return auxL_error(L, auxL_EOPENSSL, "digest.new");
7885		7965
7886	return 1;	7966	return 1;
@@ -7908,7 +7988,7 @@ static void md_update_(lua_State L, EVP_MD_CTX ctx, int from, int to) {
7908		7988
7909		7989
7910	static int md_update(lua_State *L) {	7990	static int md_update(lua_State *L) {
7911	EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS);	7991	EVP_MD_CTX *ctx = checksimple(L, 1, DIGEST_CLASS);
7912		7992
7913	md_update_(L, ctx, 2, lua_gettop(L));	7993	md_update_(L, ctx, 2, lua_gettop(L));
7914		7994
@@ -7919,7 +7999,7 @@ static int md_update(lua_State *L) {
7919		7999
7920		8000
7921	static int md_final(lua_State *L) {	8001	static int md_final(lua_State *L) {
7922	EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS);	8002	EVP_MD_CTX *ctx = checksimple(L, 1, DIGEST_CLASS);
7923	unsigned char md[EVP_MAX_MD_SIZE];	8003	unsigned char md[EVP_MAX_MD_SIZE];
7924	unsigned len;	8004	unsigned len;
7925		8005
@@ -7935,9 +8015,10 @@ static int md_final(lua_State *L) {
7935		8015
7936		8016
7937	static int md__gc(lua_State *L) {	8017	static int md__gc(lua_State *L) {
7938	EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS);	8018	EVP_MD_CTX **ctx = luaL_checkudata(L, 1, DIGEST_CLASS);
7939		8019
7940	EVP_MD_CTX_cleanup(ctx);	8020	EVP_MD_CTX_free(*ctx);
		8021	*ctx = NULL;
7941		8022
7942	return 0;	8023	return 0;
7943	} /* md__gc() */	8024	} /* md__gc() */
@@ -7978,16 +8059,25 @@ static int hmac_new(lua_State *L) {
7978	const void *key;	8059	const void *key;
7979	size_t len;	8060	size_t len;
7980	const EVP_MD *type;	8061	const EVP_MD *type;
7981	HMAC_CTX *ctx;	8062	HMAC_CTX **ctx;
7982		8063
7983	key = luaL_checklstring(L, 1, &len);	8064	key = luaL_checklstring(L, 1, &len);
7984	type = md_optdigest(L, 2);	8065	type = md_optdigest(L, 2);
7985		8066
7986	ctx = prepudata(L, sizeof *ctx, HMAC_CLASS, NULL);	8067	ctx = prepsimple(L, HMAC_CLASS, NULL);
		8068	if (!(*ctx = HMAC_CTX_new()))
		8069	goto eossl;
7987		8070
7988	HMAC_Init_ex(ctx, key, len, type, NULL);	8071	#if HMAC_INIT_EX_INT
		8072	if (!HMAC_Init_ex(*ctx, key, len, type, NULL))
		8073	goto eossl;
		8074	#else
		8075	HMAC_Init_ex(*ctx, key, len, type, NULL);
		8076	#endif
7989		8077
7990	return 1;	8078	return 1;
		8079	eossl:
		8080	return auxL_error(L, auxL_EOPENSSL, "hmac.new");
7991	} /* hmac_new() */	8081	} /* hmac_new() */
7992		8082
7993		8083
@@ -8011,7 +8101,7 @@ static void hmac_update_(lua_State L, HMAC_CTX ctx, int from, int to) {
8011		8101
8012		8102
8013	static int hmac_update(lua_State *L) {	8103	static int hmac_update(lua_State *L) {
8014	HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS);	8104	HMAC_CTX *ctx = checksimple(L, 1, HMAC_CLASS);
8015		8105
8016	hmac_update_(L, ctx, 2, lua_gettop(L));	8106	hmac_update_(L, ctx, 2, lua_gettop(L));
8017		8107
@@ -8022,7 +8112,7 @@ static int hmac_update(lua_State *L) {
8022		8112
8023		8113
8024	static int hmac_final(lua_State *L) {	8114	static int hmac_final(lua_State *L) {
8025	HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS);	8115	HMAC_CTX *ctx = checksimple(L, 1, HMAC_CLASS);
8026	unsigned char hmac[EVP_MAX_MD_SIZE];	8116	unsigned char hmac[EVP_MAX_MD_SIZE];
8027	unsigned len;	8117	unsigned len;
8028		8118
@@ -8037,9 +8127,10 @@ static int hmac_final(lua_State *L) {
8037		8127
8038		8128
8039	static int hmac__gc(lua_State *L) {	8129	static int hmac__gc(lua_State *L) {
8040	HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS);	8130	HMAC_CTX **ctx = luaL_checkudata(L, 1, HMAC_CLASS);
8041		8131
8042	HMAC_CTX_cleanup(ctx);	8132	HMAC_CTX_free(*ctx);
		8133	*ctx = NULL;
8043		8134
8044	return 0;	8135	return 0;
8045	} /* hmac__gc() */	8136	} /* hmac__gc() */
@@ -8089,23 +8180,26 @@ static const EVP_CIPHER cipher_checktype(lua_State L, int index) {
8089		8180
8090	static int cipher_new(lua_State *L) {	8181	static int cipher_new(lua_State *L) {
8091	const EVP_CIPHER *type;	8182	const EVP_CIPHER *type;
8092	EVP_CIPHER_CTX *ctx;	8183	EVP_CIPHER_CTX **ctx;
8093	unsigned char key[EVP_MAX_KEY_LENGTH] = { 0 };	8184	unsigned char key[EVP_MAX_KEY_LENGTH] = { 0 };
8094		8185
8095	type = cipher_checktype(L, 1);	8186	type = cipher_checktype(L, 1);
8096		8187
8097	ctx = prepudata(L, sizeof *ctx, CIPHER_CLASS, NULL);	8188	ctx = prepsimple(L, CIPHER_CLASS, NULL);
8098	EVP_CIPHER_CTX_init(ctx);	8189	if (!(*ctx = EVP_CIPHER_CTX_new()))
		8190	goto eossl;
8099		8191
8100	/*	8192	/*
8101	* NOTE: For some ciphers like AES calling :update or :final without	8193	* NOTE: For some ciphers like AES calling :update or :final without
8102	* setting a key causes a SEGV. Set a dummy key here. Same solution	8194	* setting a key causes a SEGV. Set a dummy key here. Same solution
8103	* as used by Ruby OSSL.	8195	* as used by Ruby OSSL.
8104	*/	8196	*/
8105	if (!EVP_CipherInit_ex(ctx, type, NULL, key, NULL, -1))	8197	if (!EVP_CipherInit_ex(*ctx, type, NULL, key, NULL, -1))
8106	return auxL_error(L, auxL_EOPENSSL, "cipher.new");	8198	goto eossl;
8107		8199
8108	return 1;	8200	return 1;
		8201	eossl:
		8202	return auxL_error(L, auxL_EOPENSSL, "cipher.new");
8109	} /* cipher_new() */	8203	} /* cipher_new() */
8110		8204
8111		8205
@@ -8115,7 +8209,7 @@ static int cipher_interpose(lua_State *L) {
8115		8209
8116		8210
8117	static int cipher_init(lua_State *L, _Bool encrypt) {	8211	static int cipher_init(lua_State *L, _Bool encrypt) {
8118	EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS);	8212	EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
8119	const void key, iv;	8213	const void key, iv;
8120	size_t n, m;	8214	size_t n, m;
8121		8215
@@ -8187,7 +8281,7 @@ static _Bool cipher_update_(lua_State L, EVP_CIPHER_CTX ctx, luaL_Buffer *B, i
8187		8281
8188		8282
8189	static int cipher_update(lua_State *L) {	8283	static int cipher_update(lua_State *L) {
8190	EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS);	8284	EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
8191	luaL_Buffer B;	8285	luaL_Buffer B;
8192		8286
8193	luaL_buffinit(L, &B);	8287	luaL_buffinit(L, &B);
@@ -8207,7 +8301,7 @@ sslerr:
8207		8301
8208		8302
8209	static int cipher_final(lua_State *L) {	8303	static int cipher_final(lua_State *L) {
8210	EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS);	8304	EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
8211	luaL_Buffer B;	8305	luaL_Buffer B;
8212	size_t block;	8306	size_t block;
8213	int out;	8307	int out;
@@ -8238,9 +8332,10 @@ sslerr:
8238		8332
8239		8333
8240	static int cipher__gc(lua_State *L) {	8334	static int cipher__gc(lua_State *L) {
8241	EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS);	8335	EVP_CIPHER_CTX **ctx = luaL_checkudata(L, 1, CIPHER_CLASS);
8242		8336
8243	EVP_CIPHER_CTX_cleanup(ctx);	8337	EVP_CIPHER_CTX_free(*ctx);
		8338	*ctx = NULL;
8244		8339
8245	return 0;	8340	return 0;
8246	} /* cipher__gc() */	8341	} /* cipher__gc() */