3 files changed, 89 insertions, 2 deletions
diff --git a/src/openssl.c b/src/openssl.c
index ac053fd..a3e5637 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -253,6 +253,14 @@
 #define HAVE_SSL_CTX_GET0_PARAM OPENSSL_PREREQ(1,0,2)
 #endif
+#ifndef HAVE_SSL_CTX_SET_CURVES_LIST
+#define HAVE_SSL_CTX_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1))
+#endif
+#ifndef HAVE_SSL_CTX_SET_ECDH_AUTO
+#define HAVE_SSL_CTX_SET_ECDH_AUTO ((OPENSSL_PREREQ(1,0,2) && !OPENSSL_PREREQ(1,1,0)) || LIBRESSL_PREREQ(2,1,2))
+#endif
 #ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
 #define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3))
 #endif
@@ -297,6 +305,10 @@
 #define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS
 #endif
+#ifndef HAVE_SSL_SET_CURVES_LIST
+#define HAVE_SSL_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1))
+#endif
 #ifndef HAVE_SSL_SET1_PARAM
 #define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2)
 #endif
@@ -7824,6 +7836,15 @@ static int sx_new(lua_State *L) {
        SSL_CTX_set_options(*ud, options);
+#if HAVE_SSL_CTX_SET_ECDH_AUTO
+        /* OpenSSL 1.0.2 introduced SSL_CTX_set_ecdh_auto to automatically select
+         * from the curves set via SSL_CTX_set1_curves_list. However as of OpenSSL
+         * 1.1.0, the functionality was turned on permanently and the option
+         * removed. */
+        if (!SSL_CTX_set_ecdh_auto(*ud, 1))
+                return auxL_error(L, auxL_EOPENSSL, "ssl.context.new");
+#endif
        return 1;
 } /* sx_new() */
@@ -7999,6 +8020,21 @@ static int sx_setCipherList(lua_State *L) {
 } /* sx_setCipherList() */
+#if HAVE_SSL_CTX_SET_CURVES_LIST
+static int sx_setCurvesList(lua_State *L) {
+        SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+        const char *curves = luaL_checkstring(L, 2);
+        if (!SSL_CTX_set1_curves_list(ctx, curves))
+                return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCurvesList");
+        lua_pushboolean(L, 1);
+        return 1;
+} /* sx_setCurvesList() */
+#endif
 static int sx_setEphemeralKey(lua_State *L) {
        SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
        EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
@@ -8303,6 +8339,9 @@ static const auxL_Reg sx_methods[] = {
        { "setCertificate",   &sx_setCertificate },
        { "setPrivateKey",    &sx_setPrivateKey },
        { "setCipherList",    &sx_setCipherList },
+#if HAVE_SSL_CTX_SET_CURVES_LIST
+        { "setCurvesList",    &sx_setCurvesList },
+#endif
        { "setEphemeralKey",  &sx_setEphemeralKey },
 #if HAVE_SSL_CTX_SET_ALPN_PROTOS
        { "setAlpnProtos",    &sx_setAlpnProtos },
@@ -8627,6 +8666,21 @@ static int ssl_getCipherInfo(lua_State *L) {
 } /* ssl_getCipherInfo() */
+#if HAVE_SSL_SET_CURVES_LIST
+static int ssl_setCurvesList(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CLASS);
+        const char *curves = luaL_checkstring(L, 2);
+        if (!SSL_set1_curves_list(ssl, curves))
+                return auxL_error(L, auxL_EOPENSSL, "ssl:setCurvesList");
+        lua_pushboolean(L, 1);
+        return 1;
+} /* ssl_setCurvesList() */
+#endif
 static int ssl_getHostName(lua_State *L) {
        SSL *ssl = checksimple(L, 1, SSL_CLASS);
        const char *host;
@@ -8881,6 +8935,9 @@ static const auxL_Reg ssl_methods[] = {
        { "getPeerCertificate", &ssl_getPeerCertificate },
        { "getPeerChain",     &ssl_getPeerChain },
        { "getCipherInfo",    &ssl_getCipherInfo },
+#if HAVE_SSL_SET_CURVES_LIST
+        { "setCurvesList",    &ssl_setCurvesList },
+#endif
        { "getHostName",      &ssl_getHostName },
        { "setHostName",      &ssl_setHostName },
        { "getVersion",       &ssl_getVersion },
diff --git a/src/openssl.ssl.context.lua b/src/openssl.ssl.context.lua
index 2098b54..3263fb1 100644
--- a/src/openssl.ssl.context.lua
+++ b/src/openssl.ssl.context.lua
@@ -13,4 +13,18 @@ local setCipherList; setCipherList = ctx.interpose("setCipherList", function (se
        return setCipherList(self, ciphers)
 end)
+-- Allow passing a vararg of curves, or an array
+local setCurvesList = ctx.interpose("setCurvesList", nil)
+if setCurvesList then
+        ctx.interpose("setCurvesList", function (self, curves, ...)
+                if (...) then
+                        local curves_t = pack(curves, ...)
+                        curves = table.concat(curves_t, ":", 1, curves_t.n)
+                elseif type(curves) == "table" then
+                        curves = table.concat(curves, ":")
+                end
+                return setCurvesList(self, curves)
+        end)
+end
 return ctx
diff --git a/src/openssl.ssl.lua b/src/openssl.ssl.lua
index 3c348f6..bf90f29 100644
--- a/src/openssl.ssl.lua
+++ b/src/openssl.ssl.lua
@@ -1,3 +1,19 @@
-local ctx = require"_openssl.ssl"
+local ssl = require"_openssl.ssl"
-return ctx
+local pack = table.pack or function(...) return { n = select("#", ...); ... } end
+-- Allow passing a vararg of curves, or an array
+local setCurvesList = ssl.interpose("setCurvesList", nil)
+if setCurvesList then
+        ssl.interpose("setCurvesList", function (self, curves, ...)
+                if (...) then
+                        local curves_t = pack(curves, ...)
+                        curves = table.concat(curves_t, ":", 1, curves_t.n)
+                elseif type(curves) == "table" then
+                        curves = table.concat(curves, ":")
+                end
+                return setCurvesList(self, curves)
+        end)
+end
+return ssl

diff --git a/src/openssl.c b/src/openssl.c index ac053fd..a3e5637 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -253,6 +253,14 @@
253	#define HAVE_SSL_CTX_GET0_PARAM OPENSSL_PREREQ(1,0,2)	253	#define HAVE_SSL_CTX_GET0_PARAM OPENSSL_PREREQ(1,0,2)
254	#endif	254	#endif
255		255
		256	#ifndef HAVE_SSL_CTX_SET_CURVES_LIST
		257	#define HAVE_SSL_CTX_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) \|\| LIBRESSL_PREREQ(2,5,1))
		258	#endif
		259
		260	#ifndef HAVE_SSL_CTX_SET_ECDH_AUTO
		261	#define HAVE_SSL_CTX_SET_ECDH_AUTO ((OPENSSL_PREREQ(1,0,2) && !OPENSSL_PREREQ(1,1,0)) \|\| LIBRESSL_PREREQ(2,1,2))
		262	#endif
		263
256	#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS	264	#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
257	#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) \|\| LIBRESSL_PREREQ(2,1,3))	265	#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) \|\| LIBRESSL_PREREQ(2,1,3))
258	#endif	266	#endif
@@ -297,6 +305,10 @@
297	#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS	305	#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS
298	#endif	306	#endif
299		307
		308	#ifndef HAVE_SSL_SET_CURVES_LIST
		309	#define HAVE_SSL_SET_CURVES_LIST (OPENSSL_PREREQ(1,0,2) \|\| LIBRESSL_PREREQ(2,5,1))
		310	#endif
		311
300	#ifndef HAVE_SSL_SET1_PARAM	312	#ifndef HAVE_SSL_SET1_PARAM
301	#define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2)	313	#define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2)
302	#endif	314	#endif
@@ -7824,6 +7836,15 @@ static int sx_new(lua_State *L) {
7824		7836
7825	SSL_CTX_set_options(*ud, options);	7837	SSL_CTX_set_options(*ud, options);
7826		7838
		7839	#if HAVE_SSL_CTX_SET_ECDH_AUTO
		7840	/* OpenSSL 1.0.2 introduced SSL_CTX_set_ecdh_auto to automatically select
		7841	* from the curves set via SSL_CTX_set1_curves_list. However as of OpenSSL
		7842	* 1.1.0, the functionality was turned on permanently and the option
		7843	* removed. */
		7844	if (!SSL_CTX_set_ecdh_auto(*ud, 1))
		7845	return auxL_error(L, auxL_EOPENSSL, "ssl.context.new");
		7846	#endif
		7847
7827	return 1;	7848	return 1;
7828	} /* sx_new() */	7849	} /* sx_new() */
7829		7850
@@ -7999,6 +8020,21 @@ static int sx_setCipherList(lua_State *L) {
7999	} /* sx_setCipherList() */	8020	} /* sx_setCipherList() */
8000		8021
8001		8022
		8023	#if HAVE_SSL_CTX_SET_CURVES_LIST
		8024	static int sx_setCurvesList(lua_State *L) {
		8025	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
		8026	const char *curves = luaL_checkstring(L, 2);
		8027
		8028	if (!SSL_CTX_set1_curves_list(ctx, curves))
		8029	return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCurvesList");
		8030
		8031	lua_pushboolean(L, 1);
		8032
		8033	return 1;
		8034	} /* sx_setCurvesList() */
		8035	#endif
		8036
		8037
8002	static int sx_setEphemeralKey(lua_State *L) {	8038	static int sx_setEphemeralKey(lua_State *L) {
8003	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);	8039	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
8004	EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);	8040	EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
@@ -8303,6 +8339,9 @@ static const auxL_Reg sx_methods[] = {
8303	{ "setCertificate", &sx_setCertificate },	8339	{ "setCertificate", &sx_setCertificate },
8304	{ "setPrivateKey", &sx_setPrivateKey },	8340	{ "setPrivateKey", &sx_setPrivateKey },
8305	{ "setCipherList", &sx_setCipherList },	8341	{ "setCipherList", &sx_setCipherList },
		8342	#if HAVE_SSL_CTX_SET_CURVES_LIST
		8343	{ "setCurvesList", &sx_setCurvesList },
		8344	#endif
8306	{ "setEphemeralKey", &sx_setEphemeralKey },	8345	{ "setEphemeralKey", &sx_setEphemeralKey },
8307	#if HAVE_SSL_CTX_SET_ALPN_PROTOS	8346	#if HAVE_SSL_CTX_SET_ALPN_PROTOS
8308	{ "setAlpnProtos", &sx_setAlpnProtos },	8347	{ "setAlpnProtos", &sx_setAlpnProtos },
@@ -8627,6 +8666,21 @@ static int ssl_getCipherInfo(lua_State *L) {
8627	} /* ssl_getCipherInfo() */	8666	} /* ssl_getCipherInfo() */
8628		8667
8629		8668
		8669	#if HAVE_SSL_SET_CURVES_LIST
		8670	static int ssl_setCurvesList(lua_State *L) {
		8671	SSL *ssl = checksimple(L, 1, SSL_CLASS);
		8672	const char *curves = luaL_checkstring(L, 2);
		8673
		8674	if (!SSL_set1_curves_list(ssl, curves))
		8675	return auxL_error(L, auxL_EOPENSSL, "ssl:setCurvesList");
		8676
		8677	lua_pushboolean(L, 1);
		8678
		8679	return 1;
		8680	} /* ssl_setCurvesList() */
		8681	#endif
		8682
		8683
8630	static int ssl_getHostName(lua_State *L) {	8684	static int ssl_getHostName(lua_State *L) {
8631	SSL *ssl = checksimple(L, 1, SSL_CLASS);	8685	SSL *ssl = checksimple(L, 1, SSL_CLASS);
8632	const char *host;	8686	const char *host;
@@ -8881,6 +8935,9 @@ static const auxL_Reg ssl_methods[] = {
8881	{ "getPeerCertificate", &ssl_getPeerCertificate },	8935	{ "getPeerCertificate", &ssl_getPeerCertificate },
8882	{ "getPeerChain", &ssl_getPeerChain },	8936	{ "getPeerChain", &ssl_getPeerChain },
8883	{ "getCipherInfo", &ssl_getCipherInfo },	8937	{ "getCipherInfo", &ssl_getCipherInfo },
		8938	#if HAVE_SSL_SET_CURVES_LIST
		8939	{ "setCurvesList", &ssl_setCurvesList },
		8940	#endif
8884	{ "getHostName", &ssl_getHostName },	8941	{ "getHostName", &ssl_getHostName },
8885	{ "setHostName", &ssl_setHostName },	8942	{ "setHostName", &ssl_setHostName },
8886	{ "getVersion", &ssl_getVersion },	8943	{ "getVersion", &ssl_getVersion },


diff --git a/src/openssl.ssl.context.lua b/src/openssl.ssl.context.lua index 2098b54..3263fb1 100644 --- a/src/openssl.ssl.context.lua +++ b/src/openssl.ssl.context.lua
@@ -13,4 +13,18 @@ local setCipherList; setCipherList = ctx.interpose("setCipherList", function (se
13	return setCipherList(self, ciphers)	13	return setCipherList(self, ciphers)
14	end)	14	end)
15		15
		16	-- Allow passing a vararg of curves, or an array
		17	local setCurvesList = ctx.interpose("setCurvesList", nil)
		18	if setCurvesList then
		19	ctx.interpose("setCurvesList", function (self, curves, ...)
		20	if (...) then
		21	local curves_t = pack(curves, ...)
		22	curves = table.concat(curves_t, ":", 1, curves_t.n)
		23	elseif type(curves) == "table" then
		24	curves = table.concat(curves, ":")
		25	end
		26	return setCurvesList(self, curves)
		27	end)
		28	end
		29
16	return ctx	30	return ctx


diff --git a/src/openssl.ssl.lua b/src/openssl.ssl.lua index 3c348f6..bf90f29 100644 --- a/src/openssl.ssl.lua +++ b/src/openssl.ssl.lua
@@ -1,3 +1,19 @@
1	local ctx = require"_openssl.ssl"	1	local ssl = require"_openssl.ssl"
2		2
3	return ctx	3	local pack = table.pack or function(...) return { n = select("#", ...); ... } end
		4
		5	-- Allow passing a vararg of curves, or an array
		6	local setCurvesList = ssl.interpose("setCurvesList", nil)
		7	if setCurvesList then
		8	ssl.interpose("setCurvesList", function (self, curves, ...)
		9	if (...) then
		10	local curves_t = pack(curves, ...)
		11	curves = table.concat(curves_t, ":", 1, curves_t.n)
		12	elseif type(curves) == "table" then
		13	curves = table.concat(curves, ":")
		14	end
		15	return setCurvesList(self, curves)
		16	end)
		17	end
		18
		19	return ssl