summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/GNUmakefile136
-rw-r--r--src/compat52.h160
-rw-r--r--src/openssl.c866
-rw-r--r--src/openssl.ocsp.basic.lua3
-rw-r--r--src/openssl.ocsp.response.lua3
5 files changed, 852 insertions, 316 deletions
diff --git a/src/GNUmakefile b/src/GNUmakefile
index 015a93c..e257ba6 100644
--- a/src/GNUmakefile
+++ b/src/GNUmakefile
@@ -16,66 +16,46 @@ include $(d)/../GNUmakefile
16# 16#
17# C O M P I L A T I O N F L A G S 17# C O M P I L A T I O N F L A G S
18# 18#
19OS_$(d) = $(shell $(d)/../mk/vendor.os) 19CPPFLAGS_$(d) = $(ALL_CPPFLAGS) -DHAVE_CONFIG_H -DCOMPAT53_PREFIX=luaossl
20CC_$(d) = $(shell env CC="$(CC) "$(d)/../mk/vendor.cc) 20CFLAGS_$(d) = $(ALL_CFLAGS)
21LUAPATH_$(d) = $(shell env CC="$(CC)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(<D)/../mk/luapath -krxm3 -I$(DESTDIR)$(includedir) -I/usr/include -I/usr/local/include -P$(DESTDIR)$(bindir) -P$(bindir) -L$(DESTDIR)$(libdir) -L$(libdir) -v$(1) $(2)) 21SOFLAGS_$(d) = $(ALL_SOFLAGS)
22 22LDFLAGS_$(d) = $(ALL_LDFLAGS)
23CPPFLAGS_$(d) = $(CPPFLAGS_$(abspath $(@D)/../..)) -DLUA_COMPAT_APIINTCASTS -DHAVE_CONFIG_H 23LIBS_$(d) = $(ALL_LIBS)
24CFLAGS_$(d) = $(CFLAGS_$(abspath $(@D)/../..))
25LDFLAGS_$(d) = $(LDFLAGS_$(abspath $(@D)/../..))
26SOFLAGS_$(d) = $(SOFLAGS_$(abspath $(@D)/../..))
27
28ifeq ($(CC_$(d)), sunpro)
29CPPFLAGS_$(d) += -DOPENSSL_NO_EC
30endif
31
32LDFLAGS_$(d) += -lssl -lcrypto -lpthread -lm
33
34# NetBSD, FreeBSD, OpenBSD (and presumably descendants) lack any libdl;
35# dlopen, et al are part of libc.
36ifneq ($(patsubst %BSD,BSD,$(OS_$(d))), BSD)
37LDFLAGS_$(d) += -ldl
38endif
39
40 24
41# 25#
42# C O M P I L A T I O N R U L E S 26# C O M P I L A T I O N R U L E S
43# 27#
28OBJS_$(d) = openssl.o ../vendor/compat53/c-api/compat-5.3.o
29
44$(d)/config.h: $(abspath $(d)/..)/config.h 30$(d)/config.h: $(abspath $(d)/..)/config.h
45 $(CP) $< $@ 31 $(CP) $< $@
46 32
47define BUILD_$(d) 33define BUILD_$(d)
48 34
49.SECONDARY: liblua$(1)-openssl openssl$(1) 35$$(d)/$(1)/openssl.so: $$(addprefix $$(d)/$(1)/, $$(OBJS_$(d)))
36 $$(CC) -o $$@ $$^ $$(SOFLAGS_$$(abspath $$(@D)/..)) $$(LDFLAGS_$$(abspath $$(@D)/..)) $$(LIBS_$$(abspath $$(@D)/..))
50 37
51$$(d)/$(1)/openssl.so: $$(d)/$(1)/openssl.o 38$$(d)/$(1)/%.o: $$(d)/%.c $$(d)/../vendor/compat53/c-api/compat-5.3.h $$(d)/config.h
52 $$(CC) -o $$@ $$^ $$(SOFLAGS_$$(abspath $$(@D)/..)) $$(SOFLAGS) $$(LDFLAGS_$$(abspath $$(@D)/..)) $$(LDFLAGS)
53
54$$(d)/$(1)/openssl.o: $$(d)/openssl.c $$(d)/compat52.h $$(d)/config.h
55 test "$$(notdir $$(@D))" = "$$(call LUAPATH_$$(<D), $$(notdir $$(@D)), version)"
56 $$(MKDIR) -p $$(@D) 39 $$(MKDIR) -p $$(@D)
57 $$(CC) $$(CFLAGS_$$(<D)) $$(CFLAGS) $$(call LUAPATH_$$(<D), $$(notdir $$(@D)), cppflags) $$(CPPFLAGS_$$(<D)) $$(CPPFLAGS) -c -o $$@ $$< 40 $$(CC) $$(CFLAGS_$$(<D)) $$(ALL_LUA$(subst .,,$(1))_CPPFLAGS) $$(CPPFLAGS_$$(<D)) -c -o $$@ $$<
41
42.SECONDARY: liblua$(1)-openssl openssl$(1) openssl
58 43
59liblua$(1)-openssl openssl$(1): $$(d)/$(1)/openssl.so 44liblua$(1)-openssl openssl$(1) openssl: $$(d)/$(1)/openssl.so
60 45
61endef # BUILD_$(d) 46endef # BUILD_$(d)
62 47
63$(eval $(call BUILD_$(d),5.1)) 48$(eval $(call BUILD_$(d),5.1))
64
65$(eval $(call BUILD_$(d),5.2)) 49$(eval $(call BUILD_$(d),5.2))
66
67$(eval $(call BUILD_$(d),5.3)) 50$(eval $(call BUILD_$(d),5.3))
68 51
69ifneq "$(filter $(abspath $(d)/..)/%, $(abspath $(firstword $(MAKEFILE_LIST))))" "" 52ifneq "$(filter $(abspath $(d)/..)/%, $(abspath $(firstword $(MAKEFILE_LIST))))" ""
70.SECONDARY: all5.1 all5.2 all 53.SECONDARY: all all5.1 all5.2 all5.3
71 54
72all5.1: liblua5.1-openssl 55all5.1: liblua5.1-openssl
73
74all5.2: liblua5.2-openssl 56all5.2: liblua5.2-openssl
75
76all5.3: liblua5.3-openssl 57all5.3: liblua5.3-openssl
77 58all: $(foreach API,$(strip $(LUA_APIS)),all$(API))
78all: all5.1 all5.2
79 59
80endif 60endif
81 61
@@ -85,13 +65,13 @@ endif
85# 65#
86define INSTALL_$(d) 66define INSTALL_$(d)
87 67
88LUAC$(1)_$(d) = $$(or $$(call LUAPATH_$(d), $(1), luac), true)
89
90MODS$(1)_$(d) = \ 68MODS$(1)_$(d) = \
91 $$(DESTDIR)$(2)/_openssl.so \ 69 $$(DESTDIR)$(2)/_openssl.so \
92 $$(DESTDIR)$(3)/openssl.lua \ 70 $$(DESTDIR)$(3)/openssl.lua \
93 $$(DESTDIR)$(3)/openssl/auxlib.lua \ 71 $$(DESTDIR)$(3)/openssl/auxlib.lua \
94 $$(DESTDIR)$(3)/openssl/bignum.lua \ 72 $$(DESTDIR)$(3)/openssl/bignum.lua \
73 $$(DESTDIR)$(3)/openssl/ocsp/basic.lua \
74 $$(DESTDIR)$(3)/openssl/ocsp/response.lua \
95 $$(DESTDIR)$(3)/openssl/pkey.lua \ 75 $$(DESTDIR)$(3)/openssl/pkey.lua \
96 $$(DESTDIR)$(3)/openssl/pubkey.lua \ 76 $$(DESTDIR)$(3)/openssl/pubkey.lua \
97 $$(DESTDIR)$(3)/openssl/x509.lua \ 77 $$(DESTDIR)$(3)/openssl/x509.lua \
@@ -114,42 +94,34 @@ MODS$(1)_$(d) = \
114 94
115.SECONDARY: liblua$(1)-openssl-install openssl$(1)-install 95.SECONDARY: liblua$(1)-openssl-install openssl$(1)-install
116 96
117$$(DESTDIR)$(2)/_openssl.so: $$(d)/$(1)/openssl.so 97liblua$(1)-openssl-install openssl$(1)-install: $$(MODS$(1)_$$(d))
118 $$(MKDIR) -p $$(@D)
119 $$(CP) -fp $$< $$@
120 98
121$$(DESTDIR)$(3)/openssl.lua: $$(d)/openssl.lua 99$$(DESTDIR)$(2)/_openssl.so: $$(d)/$(1)/openssl.so
122 $$(LUAC$(1)_$(d)) -p $$<
123 $$(MKDIR) -p $$(@D) 100 $$(MKDIR) -p $$(@D)
124 $$(CP) -p $$< $$@ 101 $$(CP) -p $$< $$@
125 102
126$$(DESTDIR)$(3)/openssl/%.lua: $$(d)/openssl.%.lua 103$$(DESTDIR)$(3)/%.lua: $$(d)/%.lua
127 $$(LUAC$(1)_$(d)) -p $$< 104 $$(LUAC$(subst .,,$(1))) -p $$<
128 $$(MKDIR) -p $$(@D) 105 $$(MKDIR) -p $$(@D)
129 $$(CP) -p $$< $$@ 106 $$(CP) -p $$< $$@
130 107
131# pubkey.lua used to be symbolic link to pkey.lua, but that caused packaging 108$$(DESTDIR)$(3)/openssl/%.lua: $$(d)/openssl.%.lua
132# headaches. Now it's a stub, but the cp -p in the inference rule will copy 109 $$(LUAC$(subst .,,$(1))) -p $$<
133# to the target of the symbolic link, so we need a special install rule to
134# clean up the mess.
135$$(DESTDIR)$(3)/openssl/pubkey.lua: $$(d)/openssl.pubkey.lua
136 $$(LUAC$(1)_$(d)) -p $$<
137 $$(MKDIR) -p $$(@D) 110 $$(MKDIR) -p $$(@D)
138 $$(RM) -f $$@
139 $$(CP) -p $$< $$@ 111 $$(CP) -p $$< $$@
140 112
141$$(DESTDIR)$(3)/openssl/x509/%.lua: $$(d)/openssl.x509.%.lua 113$$(DESTDIR)$(3)/openssl/ocsp/%.lua: $$(d)/ocsp.%.lua
142 $$(LUAC$(1)_$(d)) -p $$< 114 $$(LUAC$(subst .,,$(1))) -p $$<
143 $$(MKDIR) -p $$(@D) 115 $$(MKDIR) -p $$(@D)
144 $$(CP) -p $$< $$@ 116 $$(CP) -p $$< $$@
145 117
146$$(DESTDIR)$(3)/openssl/ssl/%.lua: $$(d)/openssl.ssl.%.lua 118$$(DESTDIR)$(3)/openssl/x509/%.lua: $$(d)/x509.%.lua
147 $$(LUAC$(1)_$(d)) -p $$< 119 $$(LUAC$(subst .,,$(1))) -p $$<
148 $$(MKDIR) -p $$(@D) 120 $$(MKDIR) -p $$(@D)
149 $$(CP) -p $$< $$@ 121 $$(CP) -p $$< $$@
150 122
151$$(DESTDIR)$(3)/openssl/ssl/%.lua: $$(d)/openssl.ssl.%.lua 123$$(DESTDIR)$(3)/openssl/ssl/%.lua: $$(d)/ssl.%.lua
152 $$(LUAC$(1)_$(d)) -p $$< 124 $$(LUAC$(subst .,,$(1))) -p $$<
153 $$(MKDIR) -p $$(@D) 125 $$(MKDIR) -p $$(@D)
154 $$(CP) -p $$< $$@ 126 $$(CP) -p $$< $$@
155 127
@@ -159,6 +131,7 @@ liblua$(1)-openssl-install openssl$(1)-install: $$(MODS$(1)_$$(d))
159 131
160liblua$(1)-openssl-uninstall openssl$(1)-uninstall: 132liblua$(1)-openssl-uninstall openssl$(1)-uninstall:
161 $$(RM) -f $$(MODS$(1)_$(d)) 133 $$(RM) -f $$(MODS$(1)_$(d))
134 -$$(RMDIR) $$(DESTDIR)$(3)/openssl/ocsp
162 -$$(RMDIR) $$(DESTDIR)$(3)/openssl/x509 135 -$$(RMDIR) $$(DESTDIR)$(3)/openssl/x509
163 -$$(RMDIR) $$(DESTDIR)$(3)/openssl/ssl 136 -$$(RMDIR) $$(DESTDIR)$(3)/openssl/ssl
164 -$$(RMDIR) $$(DESTDIR)$(3)/openssl 137 -$$(RMDIR) $$(DESTDIR)$(3)/openssl
@@ -166,31 +139,24 @@ liblua$(1)-openssl-uninstall openssl$(1)-uninstall:
166endef # INSTALL_$(d) 139endef # INSTALL_$(d)
167 140
168$(eval $(call INSTALL_$(d),5.1,$$(lua51cpath),$$(lua51path))) 141$(eval $(call INSTALL_$(d),5.1,$$(lua51cpath),$$(lua51path)))
169
170$(eval $(call INSTALL_$(d),5.2,$$(lua52cpath),$$(lua52path))) 142$(eval $(call INSTALL_$(d),5.2,$$(lua52cpath),$$(lua52path)))
171
172$(eval $(call INSTALL_$(d),5.3,$$(lua53cpath),$$(lua53path))) 143$(eval $(call INSTALL_$(d),5.3,$$(lua53cpath),$$(lua53path)))
173 144
174ifneq "$(filter $(abspath $(d)/..)/%, $(abspath $(firstword $(MAKEFILE_LIST))))" "" 145ifneq "$(filter $(abspath $(d)/..)/%, $(abspath $(firstword $(MAKEFILE_LIST))))" ""
146
175.SECONDARY: install5.1 install5.2 install5.3 install 147.SECONDARY: install5.1 install5.2 install5.3 install
176 148
177install5.1: liblua5.1-openssl-install 149install5.1: liblua5.1-openssl-install
178
179install5.2: liblua5.2-openssl-install 150install5.2: liblua5.2-openssl-install
180
181install5.3: liblua5.3-openssl-install 151install5.3: liblua5.3-openssl-install
182 152install: $(foreach API,$(strip $(LUA_APIS)),install$(API))
183install: install5.1 install5.2
184 153
185.PHONY: uninstall5.1 uninstall5.2 uninstall5.3 uninstall 154.PHONY: uninstall5.1 uninstall5.2 uninstall5.3 uninstall
186 155
187uninstall5.1: liblua5.1-openssl-uninstall 156uninstall5.1: liblua5.1-openssl-uninstall
188
189uninstall5.2: liblua5.2-openssl-uninstall 157uninstall5.2: liblua5.2-openssl-uninstall
190
191uninstall5.3: liblua5.3-openssl-uninstall 158uninstall5.3: liblua5.3-openssl-uninstall
192 159uninstall: $(foreach API,$(strip $(LUA_APIS)),uninstall$(API))
193uninstall: uninstall5.1 uninstall5.2
194 160
195endif 161endif
196 162
@@ -201,7 +167,7 @@ endif
201.PHONY: $(d)/clean $(d)/clean~ clean clean~ 167.PHONY: $(d)/clean $(d)/clean~ clean clean~
202 168
203$(d)/clean: 169$(d)/clean:
204 $(RM) -fr $(@D)/*.so $(@D)/*.o $(@D)/*.dSYM $(@D)/5.1 $(@D)/5.2 $(@D)/5.3 170 $(RM) -fr $(@D)/config.h $(@D)/*.dSYM $(@D)/5.1 $(@D)/5.2 $(@D)/5.3
205 171
206$(d)/clean~: $(d)/clean 172$(d)/clean~: $(d)/clean
207 $(RM) -f $(@D)/*~ 173 $(RM) -f $(@D)/*~
@@ -218,27 +184,27 @@ clean~: $(d)/clean~
218 184
219$(d)/help: 185$(d)/help:
220 @echo 186 @echo
221 @echo "ext/ targets:" 187 @echo "src/ targets:"
222 @echo "" 188 @echo ""
223 @echo " all - build all binary targets" 189 @echo " all - build all API targets"
224 @echo "openssl - invokes openssl5.1 and openssl5.2" 190 @echo " all5.1 - build 5.1/openssl.so"
225 @echo "openssl5.1 - build 5.1/openssl.so" 191 @echo " all5.2 - build 5.2/openssl.so"
226 @echo "openssl5.2 - build 5.2/openssl.so" 192 @echo " all5.3 - build 5.3/openssl.so"
227 @echo "openssl5.3 - build 5.3/openssl.so" 193 @echo " install - install all API targets"
228 @echo "install - invokes install5.1 and install5.2" 194 @echo " install5.1 - install openssl Lua 5.1 modules"
229 @echo "install5.1 - install openssl Lua 5.1 modules" 195 @echo " install5.2 - install openssl Lua 5.2 modules"
230 @echo "install5.2 - install openssl Lua 5.2 modules" 196 @echo " install5.3 - install openssl Lua 5.3 modules"
231 @echo "install5.3 - install openssl Lua 5.3 modules" 197 @echo " uninstall - uninstall all API targets"
232 @echo "uninstall - invokes uninstall5.1 and uninstall5.2"
233 @echo "uninstall5.1 - uninstall openssl Lua 5.1 modules" 198 @echo "uninstall5.1 - uninstall openssl Lua 5.1 modules"
234 @echo "uninstall5.2 - uninstall openssl Lua 5.2 modules" 199 @echo "uninstall5.2 - uninstall openssl Lua 5.2 modules"
235 @echo "uninstall5.3 - uninstall openssl Lua 5.3 modules" 200 @echo "uninstall5.3 - uninstall openssl Lua 5.3 modules"
236 @echo " clean - rm binary targets, object files, debugging symbols, etc" 201 @echo " clean - rm binary targets, object files, debugging symbols, etc"
237 @echo " clean~ - clean + rm *~" 202 @echo " clean~ - clean + rm *~"
238 @echo " help - echo this help message" 203 @echo " help - echo this help message"
239 @echo "" 204 @echo ""
240 @echo "Some important Make variables:" 205 @echo "Some important Make variables:"
241 @echo "" 206 @echo ""
207 @echo ' LUA_APIS - default Lua APIs to target ($(LUA_APIS))'
242 @echo " prefix - path to install root ($(value prefix))" 208 @echo " prefix - path to install root ($(value prefix))"
243 @echo ' lua51path - install path for Lua 5.1 modules ($(value lua51path))' 209 @echo ' lua51path - install path for Lua 5.1 modules ($(value lua51path))'
244 @echo 'lua51cpath - install path for Lua 5.1 C modules ($(value lua51cpath))' 210 @echo 'lua51cpath - install path for Lua 5.1 C modules ($(value lua51cpath))'
@@ -247,6 +213,10 @@ $(d)/help:
247 @echo ' lua53path - install path for Lua 5.3 modules ($(value lua53path))' 213 @echo ' lua53path - install path for Lua 5.3 modules ($(value lua53path))'
248 @echo 'lua53cpath - install path for Lua 5.3 C modules ($(value lua53cpath))' 214 @echo 'lua53cpath - install path for Lua 5.3 C modules ($(value lua53cpath))'
249 @echo "" 215 @echo ""
216 @echo 'LUA51_CPPFLAGS - cpp flags for Lua 5.1 headers ($(LUA51_CPPFLAGS))'
217 @echo 'LUA52_CPPFLAGS - cpp flags for Lua 5.2 headers ($(LUA52_CPPFLAGS))'
218 @echo 'LUA53_CPPFLAGS - cpp flags for Lua 5.3 headers ($(LUA53_CPPFLAGS))'
219 @echo ""
250 @echo "(NOTE: all the common GNU-style paths are supported, including" 220 @echo "(NOTE: all the common GNU-style paths are supported, including"
251 @echo "prefix, bindir, libdir, datadir, includedir, and DESTDIR.)" 221 @echo "prefix, bindir, libdir, datadir, includedir, and DESTDIR.)"
252 @echo "" 222 @echo ""
diff --git a/src/compat52.h b/src/compat52.h
deleted file mode 100644
index 0057b3c..0000000
--- a/src/compat52.h
+++ /dev/null
@@ -1,160 +0,0 @@
1/* ==========================================================================
2 * compat52.h - Routines for Lua 5.2 compatibility
3 * --------------------------------------------------------------------------
4 * Copyright (c) 2012 William Ahern
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a
7 * copy of this software and associated documentation files (the
8 * "Software"), to deal in the Software without restriction, including
9 * without limitation the rights to use, copy, modify, merge, publish,
10 * distribute, sublicense, and/or sell copies of the Software, and to permit
11 * persons to whom the Software is furnished to do so, subject to the
12 * following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included
15 * in all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
18 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
20 * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
21 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
22 * OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
23 * USE OR OTHER DEALINGS IN THE SOFTWARE.
24 * ==========================================================================
25 */
26#if LUA_VERSION_NUM < 502
27
28#define LUA_OK 0
29
30
31static void luaL_setmetatable(lua_State *L, const char *tname) {
32 luaL_getmetatable(L, tname);
33 lua_setmetatable(L, -2);
34} /* luaL_setmetatable() */
35
36
37static int lua_absindex(lua_State *L, int idx) {
38 return (idx > 0 || idx <= LUA_REGISTRYINDEX)? idx : lua_gettop(L) + idx + 1;
39} /* lua_absindex() */
40
41
42static void *luaL_testudata(lua_State *L, int arg, const char *tname) {
43 void *p = lua_touserdata(L, arg);
44 int eq;
45
46 if (!p || !lua_getmetatable(L, arg))
47 return 0;
48
49 luaL_getmetatable(L, tname);
50 eq = lua_rawequal(L, -2, -1);
51 lua_pop(L, 2);
52
53 return (eq)? p : 0;
54} /* luaL_testudate() */
55
56
57static void luaL_setfuncs(lua_State *L, const luaL_Reg *l, int nup) {
58 int i, t = lua_absindex(L, -1 - nup);
59
60 for (; l->name; l++) {
61 for (i = 0; i < nup; i++)
62 lua_pushvalue(L, -nup);
63 lua_pushcclosure(L, l->func, nup);
64 lua_setfield(L, t, l->name);
65 }
66
67 lua_pop(L, nup);
68} /* luaL_setfuncs() */
69
70
71#define luaL_newlibtable(L, l) \
72 lua_createtable(L, 0, (sizeof (l) / sizeof *(l)) - 1)
73
74#define luaL_newlib(L, l) \
75 (luaL_newlibtable((L), (l)), luaL_setfuncs((L), (l), 0))
76
77
78static void luaL_requiref(lua_State *L, const char *modname, lua_CFunction openf, int glb) {
79 lua_pushcfunction(L, openf);
80 lua_pushstring(L, modname);
81 lua_call(L, 1, 1);
82
83 lua_getglobal(L, "package");
84 lua_getfield(L, -1, "loaded");
85 lua_pushvalue(L, -3);
86 lua_setfield(L, -2, modname);
87
88 lua_pop(L, 2);
89
90 if (glb) {
91 lua_pushvalue(L, -1);
92 lua_setglobal(L, modname);
93 }
94} /* luaL_requiref() */
95
96
97#define lua_resume(L, from, nargs) lua_resume((L), (nargs))
98
99
100static void lua_rawgetp(lua_State *L, int index, const void *p) {
101 index = lua_absindex(L, index);
102 lua_pushlightuserdata(L, (void *)p);
103 lua_rawget(L, index);
104} /* lua_rawgetp() */
105
106static void lua_rawsetp(lua_State *L, int index, const void *p) {
107 index = lua_absindex(L, index);
108 lua_pushlightuserdata(L, (void *)p);
109 lua_pushvalue(L, -2);
110 lua_rawset(L, index);
111 lua_pop(L, 1);
112} /* lua_rawsetp() */
113
114
115#ifndef LUA_UNSIGNED
116#define LUA_UNSIGNED unsigned
117#endif
118
119typedef LUA_UNSIGNED lua_Unsigned;
120
121
122static void lua_pushunsigned(lua_State *L, lua_Unsigned n) {
123 lua_pushnumber(L, (lua_Number)n);
124} /* lua_pushunsigned() */
125
126static lua_Unsigned luaL_checkunsigned(lua_State *L, int arg) {
127 return (lua_Unsigned)luaL_checknumber(L, arg);
128} /* luaL_checkunsigned() */
129
130
131static lua_Unsigned luaL_optunsigned(lua_State *L, int arg, lua_Unsigned def) {
132 return (lua_Unsigned)luaL_optnumber(L, arg, (lua_Number)def);
133} /* luaL_optunsigned() */
134
135
136#ifndef LUA_FILEHANDLE /* Not defined by earlier LuaJIT releases */
137#define LUA_FILEHANDLE "FILE*"
138#endif
139
140/*
141 * Lua 5.1 userdata is a simple FILE *, while LuaJIT is a struct with the
142 * first member a FILE *, similar to Lua 5.2.
143 */
144typedef struct luaL_Stream {
145 FILE *f;
146} luaL_Stream;
147
148
149#define lua_rawlen(...) lua_objlen(__VA_ARGS__)
150
151
152#define lua_pushstring(...) lua52_pushstring(__VA_ARGS__)
153
154static const char *lua52_pushstring(lua_State *L, const char *s) {
155 (lua_pushstring)(L, s);
156 return lua_tostring(L, -1);
157} /* lua52_pushstring() */
158
159
160#endif /* LUA_VERSION_NUM < 502 */
diff --git a/src/openssl.c b/src/openssl.c
index 8217deb..a3e5637 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -69,14 +69,13 @@
69#include <openssl/hmac.h> 69#include <openssl/hmac.h>
70#include <openssl/rand.h> 70#include <openssl/rand.h>
71#include <openssl/des.h> 71#include <openssl/des.h>
72#include <openssl/ocsp.h>
72 73
73#include <lua.h> 74#include <lua.h>
74#include <lualib.h> 75#include <lualib.h>
75#include <lauxlib.h> 76#include <lauxlib.h>
76 77
77#if LUA_VERSION_NUM < 502 78#include "../vendor/compat53/c-api/compat-5.3.h"
78#include "compat52.h"
79#endif
80 79
81#define GNUC_2VER(M, m, p) (((M) * 10000) + ((m) * 100) + (p)) 80#define GNUC_2VER(M, m, p) (((M) * 10000) + ((m) * 100) + (p))
82#define GNUC_PREREQ(M, m, p) (__GNUC__ > 0 && GNUC_2VER(__GNUC__, __GNUC_MINOR__, __GNUC_PATCHLEVEL__) >= GNUC_2VER((M), (m), (p))) 81#define GNUC_PREREQ(M, m, p) (__GNUC__ > 0 && GNUC_2VER(__GNUC__, __GNUC_MINOR__, __GNUC_PATCHLEVEL__) >= GNUC_2VER((M), (m), (p)))
@@ -270,6 +269,10 @@
270#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB HAVE_SSL_CTX_SET_ALPN_PROTOS 269#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB HAVE_SSL_CTX_SET_ALPN_PROTOS
271#endif 270#endif
272 271
272#ifndef HAVE_SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK
273#define HAVE_SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK OPENSSL_PREREQ(1,0,0)
274#endif
275
273#ifndef HAVE_SSL_CTX_SET1_CERT_STORE 276#ifndef HAVE_SSL_CTX_SET1_CERT_STORE
274#define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || 0) /* backwards compatible with old macro name */ 277#define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || 0) /* backwards compatible with old macro name */
275#endif 278#endif
@@ -282,6 +285,14 @@
282#define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0)) 285#define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0))
283#endif 286#endif
284 287
288#ifndef HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
289#define HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
290#endif
291
292#ifndef HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
293#define HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
294#endif
295
285#ifndef HAVE_SSL_GET0_ALPN_SELECTED 296#ifndef HAVE_SSL_GET0_ALPN_SELECTED
286#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS 297#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS
287#endif 298#endif
@@ -302,6 +313,14 @@
302#define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2) 313#define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2)
303#endif 314#endif
304 315
316#ifndef HAVE_SSL_GET_CLIENT_RANDOM
317#define HAVE_SSL_GET_CLIENT_RANDOM OPENSSL_PREREQ(1,1,0)
318#endif
319
320#ifndef HAVE_SSL_GET_TLSEXT_STATUS_TYPE
321#define HAVE_SSL_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
322#endif
323
305#ifndef HAVE_SSL_UP_REF 324#ifndef HAVE_SSL_UP_REF
306#define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0) 325#define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0)
307#endif 326#endif
@@ -314,6 +333,10 @@
314#define HAVE_SSLV2_SERVER_METHOD (!OPENSSL_PREREQ(1,1,0) && !defined OPENSSL_NO_SSL2) 333#define HAVE_SSLV2_SERVER_METHOD (!OPENSSL_PREREQ(1,1,0) && !defined OPENSSL_NO_SSL2)
315#endif 334#endif
316 335
336#ifndef HAVE_X509_GET_SIGNATURE_NID
337#define HAVE_X509_GET_SIGNATURE_NID OPENSSL_PREREQ(1,0,2)
338#endif
339
317#ifndef HAVE_X509_STORE_REFERENCES 340#ifndef HAVE_X509_STORE_REFERENCES
318#define HAVE_X509_STORE_REFERENCES (!OPENSSL_PREREQ(1,1,0)) 341#define HAVE_X509_STORE_REFERENCES (!OPENSSL_PREREQ(1,1,0))
319#endif 342#endif
@@ -392,6 +415,8 @@
392#define DIGEST_CLASS "EVP_MD_CTX*" 415#define DIGEST_CLASS "EVP_MD_CTX*"
393#define HMAC_CLASS "HMAC_CTX*" 416#define HMAC_CLASS "HMAC_CTX*"
394#define CIPHER_CLASS "EVP_CIPHER_CTX*" 417#define CIPHER_CLASS "EVP_CIPHER_CTX*"
418#define OCSP_RESPONSE_CLASS "OCSP_RESPONSE*"
419#define OCSP_BASICRESP_CLASS "OCSP_BASICRESP*"
395 420
396 421
397#if __GNUC__ 422#if __GNUC__
@@ -669,6 +694,44 @@ static void *loadfield_udata(lua_State *L, int index, const char *k, const char
669} /* loadfield_udata() */ 694} /* loadfield_udata() */
670 695
671 696
697/* Forward declaration */
698static SSL *ssl_push(lua_State *, SSL *);
699
700/* push an ssl object into lua in a way that is safe from OOM
701 * Lua 5.1 does not support normally returning values from lua_cpcall
702 * to return a value, we instead return it via an error object
703 */
704static int ssl_pushsafe_helper(lua_State *L) {
705 ssl_push(L, lua_touserdata(L, 1));
706#if LUA_VERSION_NUM <= 501
707 return lua_error(L);
708#else
709 return 1;
710#endif
711}
712
713static int ssl_pushsafe(lua_State *L, SSL *ssl) {
714 int status;
715#if LUA_VERSION_NUM <= 501
716 status = lua_cpcall(L, ssl_pushsafe_helper, ssl);
717 if (status == LUA_ERRRUN)
718 status = LUA_OK;
719 else if (status == LUA_OK)
720 /* this should be impossible */
721 status = LUA_ERRRUN;
722 else
723 lua_pop(L, 1);
724#else
725 lua_pushcfunction(L, ssl_pushsafe_helper);
726 lua_pushlightuserdata(L, ssl);
727 status = lua_pcall(L, 1, 1, 0);
728 if (status != LUA_OK)
729 lua_pop(L, 1);
730#endif
731 return status;
732}
733
734
672/* 735/*
673 * Auxiliary C routines 736 * Auxiliary C routines
674 * 737 *
@@ -920,7 +983,7 @@ static void auxL_pushinteger(lua_State *L, auxL_Integer i) {
920 } 983 }
921} /* auxL_pushinteger() */ 984} /* auxL_pushinteger() */
922 985
923NOTUSED static void auxL_pushunsigned(lua_State *L, auxL_Unsigned i) { 986static void auxL_pushunsigned(lua_State *L, auxL_Unsigned i) {
924 if (i <= lua_IntegerMax) { 987 if (i <= lua_IntegerMax) {
925 lua_pushinteger(L, i); 988 lua_pushinteger(L, i);
926 } else if (i == (auxL_Unsigned)(lua_Number)i) { 989 } else if (i == (auxL_Unsigned)(lua_Number)i) {
@@ -1571,6 +1634,18 @@ static void compat_RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
1571} /* compat_RSA_set0_key() */ 1634} /* compat_RSA_set0_key() */
1572#endif 1635#endif
1573 1636
1637#if !HAVE_SSL_GET_CLIENT_RANDOM
1638#define SSL_get_client_random(...) compat_SSL_get_client_random(__VA_ARGS__)
1639static size_t compat_SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) {
1640 if (outlen == 0)
1641 return sizeof(ssl->s3->client_random);
1642 if (outlen > sizeof(ssl->s3->client_random))
1643 outlen = sizeof(ssl->s3->client_random);
1644 memcpy(out, ssl->s3->client_random, outlen);
1645 return outlen;
1646}
1647#endif
1648
1574#if !HAVE_SSL_CLIENT_VERSION 1649#if !HAVE_SSL_CLIENT_VERSION
1575#define SSL_client_version(...) compat_SSL_client_version(__VA_ARGS__) 1650#define SSL_client_version(...) compat_SSL_client_version(__VA_ARGS__)
1576 1651
@@ -1627,6 +1702,10 @@ static int compat_SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) {
1627#define X509_get0_ext(crt, i) X509_get_ext((crt), (i)) 1702#define X509_get0_ext(crt, i) X509_get_ext((crt), (i))
1628#endif 1703#endif
1629 1704
1705#if !HAVE_X509_GET_SIGNATURE_NID
1706#define X509_get_signature_nid(crt) OBJ_obj2nid((crt)->sig_alg->algorithm)
1707#endif
1708
1630#if !HAVE_X509_CRL_GET0_EXT 1709#if !HAVE_X509_CRL_GET0_EXT
1631#define X509_CRL_get0_ext(crt, i) X509_CRL_get_ext((crt), (i)) 1710#define X509_CRL_get0_ext(crt, i) X509_CRL_get_ext((crt), (i))
1632#endif 1711#endif
@@ -1914,6 +1993,7 @@ struct ex_data {
1914 1993
1915enum { 1994enum {
1916 EX_SSL_CTX_ALPN_SELECT_CB, 1995 EX_SSL_CTX_ALPN_SELECT_CB,
1996 EX_SSL_CTX_TLSEXT_SERVERNAME_CB,
1917}; 1997};
1918 1998
1919static struct ex_type { 1999static struct ex_type {
@@ -1923,6 +2003,7 @@ static struct ex_type {
1923 int (*set_ex_data)(); 2003 int (*set_ex_data)();
1924} ex_type[] = { 2004} ex_type[] = {
1925 [EX_SSL_CTX_ALPN_SELECT_CB] = { CRYPTO_EX_INDEX_SSL_CTX, -1, &SSL_CTX_get_ex_data, &SSL_CTX_set_ex_data }, 2005 [EX_SSL_CTX_ALPN_SELECT_CB] = { CRYPTO_EX_INDEX_SSL_CTX, -1, &SSL_CTX_get_ex_data, &SSL_CTX_set_ex_data },
2006 [EX_SSL_CTX_TLSEXT_SERVERNAME_CB] = { CRYPTO_EX_INDEX_SSL_CTX, -1, &SSL_CTX_get_ex_data, &SSL_CTX_set_ex_data },
1926}; 2007};
1927 2008
1928#if OPENSSL_PREREQ(1,1,0) 2009#if OPENSSL_PREREQ(1,1,0)
@@ -3074,6 +3155,7 @@ static int pk_new(lua_State *L) {
3074 unsigned exp = 65537; 3155 unsigned exp = 65537;
3075 int curve = NID_X9_62_prime192v1; 3156 int curve = NID_X9_62_prime192v1;
3076 const char *id; 3157 const char *id;
3158 const char *dhparam = NULL;
3077 lua_Number n; 3159 lua_Number n;
3078 3160
3079 if (!lua_istable(L, 1)) 3161 if (!lua_istable(L, 1))
@@ -3115,6 +3197,9 @@ static int pk_new(lua_State *L) {
3115 luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); 3197 luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id));
3116 } 3198 }
3117 3199
3200 /* dhparam field can contain a PEM encoded string. */
3201 loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam);
3202
3118creat: 3203creat:
3119 if (!(*ud = EVP_PKEY_new())) 3204 if (!(*ud = EVP_PKEY_new()))
3120 return auxL_error(L, auxL_EOPENSSL, "pkey.new"); 3205 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -3152,9 +3237,23 @@ creat:
3152 case EVP_PKEY_DH: { 3237 case EVP_PKEY_DH: {
3153 DH *dh; 3238 DH *dh;
3154 3239
3155 if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) 3240 /* DH Parameter Generation can take a long time, therefore we look
3241 * at the "dhparam" field, provided by the user.
3242 * The "dhparam" field takes precedence over "bits"
3243 */
3244 if (dhparam) {
3245 BIO *bio = BIO_new_mem_buf((void*)dhparam, strlen(dhparam));
3246 if (!bio)
3247 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
3248
3249 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
3250 BIO_free(bio);
3251 if (!dh)
3252 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
3253 } else if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))
3156 return auxL_error(L, auxL_EOPENSSL, "pkey.new"); 3254 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
3157 3255
3256
3158 if (!DH_generate_key(dh)) { 3257 if (!DH_generate_key(dh)) {
3159 DH_free(dh); 3258 DH_free(dh);
3160 return auxL_error(L, auxL_EOPENSSL, "pkey.new"); 3259 return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -3420,7 +3519,7 @@ static int pk_decrypt(lua_State *L) {
3420 if (lua_istable(L, 3)) { 3519 if (lua_istable(L, 3)) {
3421 if (base_type == EVP_PKEY_RSA) { 3520 if (base_type == EVP_PKEY_RSA) {
3422 lua_getfield(L, 3, "rsaPadding"); 3521 lua_getfield(L, 3, "rsaPadding");
3423 rsaPadding = luaL_optint(L, -1, rsaPadding); 3522 rsaPadding = luaL_optinteger(L, -1, rsaPadding);
3424 lua_pop(L, 1); 3523 lua_pop(L, 1);
3425 } 3524 }
3426 } 3525 }
@@ -3479,7 +3578,7 @@ static int pk_encrypt(lua_State *L) {
3479 if (lua_istable(L, 3)) { 3578 if (lua_istable(L, 3)) {
3480 if (base_type == EVP_PKEY_RSA) { 3579 if (base_type == EVP_PKEY_RSA) {
3481 lua_getfield(L, 3, "rsaPadding"); 3580 lua_getfield(L, 3, "rsaPadding");
3482 rsaPadding = luaL_optint(L, -1, rsaPadding); 3581 rsaPadding = luaL_optinteger(L, -1, rsaPadding);
3483 lua_pop(L, 1); 3582 lua_pop(L, 1);
3484 } 3583 }
3485 } 3584 }
@@ -4401,7 +4500,7 @@ static int ecg_new(lua_State *L) {
4401 return 1; 4500 return 1;
4402 } 4501 }
4403 case LUA_TNUMBER: { 4502 case LUA_TNUMBER: {
4404 int nid = luaL_checkint(L, 2); 4503 int nid = luaL_checkinteger(L, 2);
4405 4504
4406 if (!ecg_push_by_nid(L, nid)) 4505 if (!ecg_push_by_nid(L, nid))
4407 goto sslerr; 4506 goto sslerr;
@@ -4970,6 +5069,25 @@ static _Bool xe_new_isder(const char *value, _Bool *crit) {
4970 return 0; 5069 return 0;
4971} /* xs_new_isder() */ 5070} /* xs_new_isder() */
4972 5071
5072static CONF* loadconf(lua_State *L, int idx) {
5073 CONF *conf;
5074 size_t len;
5075 const char *cdata = luaL_checklstring(L, idx, &len);
5076 BIO *bio = getbio(L);
5077 if (BIO_write(bio, cdata, len) < 0)
5078 return NULL;
5079
5080 if (!(conf = NCONF_new(NULL)))
5081 return NULL;
5082
5083 if (!NCONF_load_bio(conf, bio, NULL)) {
5084 NCONF_free(conf);
5085 return NULL;
5086 }
5087
5088 return conf;
5089}
5090
4973static int xe_new(lua_State *L) { 5091static int xe_new(lua_State *L) {
4974 const char *name = luaL_checkstring(L, 1); 5092 const char *name = luaL_checkstring(L, 1);
4975 const char *value = luaL_checkstring(L, 2); 5093 const char *value = luaL_checkstring(L, 2);
@@ -4978,42 +5096,87 @@ static int xe_new(lua_State *L) {
4978 CONF *conf = NULL; 5096 CONF *conf = NULL;
4979 X509V3_CTX cbuf = { 0 }, *ctx = NULL; 5097 X509V3_CTX cbuf = { 0 }, *ctx = NULL;
4980 X509_EXTENSION **ud; 5098 X509_EXTENSION **ud;
5099 _Bool crit;
4981 5100
4982 lua_settop(L, 3); 5101 lua_settop(L, 3);
4983 ud = prepsimple(L, X509_EXT_CLASS); 5102 ud = prepsimple(L, X509_EXT_CLASS);
4984 5103
4985 if (!lua_isnil(L, 3)) { 5104 if (xe_new_isder(value, &crit)) {
4986 size_t len; 5105 size_t len;
4987 const char *cdata = luaL_checklstring(L, 3, &len); 5106 const char *cdata = lua_tolstring(L, 3, &len);
4988 _Bool crit; 5107 if (!(obj = OBJ_txt2obj(name, 0)))
5108 goto error;
5109 if (!(oct = ASN1_STRING_new()))
5110 goto error;
5111 if (!ASN1_STRING_set(oct, cdata, len))
5112 goto error;
5113 if (!(*ud = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct)))
5114 goto error;
4989 5115
4990 if (xe_new_isder(value, &crit)) { 5116 ASN1_OBJECT_free(obj);
4991 if (!(obj = OBJ_txt2obj(name, 0))) 5117 ASN1_STRING_free(oct);
4992 goto error; 5118
4993 if (!(oct = ASN1_STRING_new())) 5119 return 1;
4994 goto error; 5120 }
4995 if (!ASN1_STRING_set(oct, cdata, len)) 5121
4996 goto error; 5122 switch (lua_type(L, 3)) {
4997 if (!(*ud = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct))) 5123 case LUA_TNONE:
5124 case LUA_TNIL:
5125 break;
5126 case LUA_TSTRING: {
5127 if (!(conf = loadconf(L, 3)))
5128 goto error;
5129
5130 ctx = &cbuf;
5131 X509V3_set_nconf(ctx, conf);
5132 break;
5133 }
5134 case LUA_TTABLE: {
5135 X509 *issuer = NULL;
5136 X509 *subject = NULL;
5137 X509_REQ *request = NULL;
5138 X509_CRL *crl = NULL;
5139 int flags = 0;
5140
5141 ctx = &cbuf;
5142
5143 if (lua_getfield(L, 3, "db") != LUA_TNIL) {
5144 if (!(conf = loadconf(L, -1)))
4998 goto error; 5145 goto error;
5146 X509V3_set_nconf(ctx, conf);
5147 }
5148 lua_pop(L, 1);
4999 5149
5000 ASN1_OBJECT_free(obj); 5150 if (lua_getfield(L, 3, "issuer") != LUA_TNIL) {
5001 ASN1_STRING_free(oct); 5151 issuer = checksimple(L, -1, X509_CERT_CLASS);
5152 }
5153 lua_pop(L, 1);
5002 5154
5003 return 1; 5155 if (lua_getfield(L, 3, "subject") != LUA_TNIL) {
5156 subject = checksimple(L, -1, X509_CERT_CLASS);
5004 } 5157 }
5158 lua_pop(L, 1);
5005 5159
5006 BIO *bio = getbio(L); 5160 if (lua_getfield(L, 3, "request") != LUA_TNIL) {
5007 if (BIO_puts(bio, cdata) < 0) 5161 request = checksimple(L, -1, X509_CSR_CLASS);
5008 goto error; 5162 }
5163 lua_pop(L, 1);
5009 5164
5010 if (!(conf = NCONF_new(NULL))) 5165 if (lua_getfield(L, 3, "crl") != LUA_TNIL) {
5011 goto error; 5166 crl = checksimple(L, -1, X509_CRL_CLASS);
5012 if (!NCONF_load_bio(conf, bio, NULL)) 5167 }
5013 goto error; 5168 lua_pop(L, 1);
5014 5169
5015 ctx = &cbuf; 5170 if (lua_getfield(L, 3, "flags") != LUA_TNIL) {
5016 X509V3_set_nconf(ctx, conf); 5171 flags = luaL_checkinteger(L, -1);
5172 }
5173 lua_pop(L, 1);
5174
5175 X509V3_set_ctx(ctx, issuer, subject, request, crl, flags);
5176 break;
5177 }
5178 default:
5179 return luaL_argerror(L, 3, "invalid extra parameter (expected string, table or nil)");
5017 } 5180 }
5018 5181
5019 /* 5182 /*
@@ -5257,7 +5420,7 @@ static int xc_getVersion(lua_State *L) {
5257 5420
5258static int xc_setVersion(lua_State *L) { 5421static int xc_setVersion(lua_State *L) {
5259 X509 *crt = checksimple(L, 1, X509_CERT_CLASS); 5422 X509 *crt = checksimple(L, 1, X509_CERT_CLASS);
5260 int version = luaL_checkint(L, 2); 5423 int version = luaL_checkinteger(L, 2);
5261 5424
5262 if (!X509_set_version(crt, version - 1)) 5425 if (!X509_set_version(crt, version - 1))
5263 return luaL_error(L, "x509.cert:setVersion: %d: invalid version", version); 5426 return luaL_error(L, "x509.cert:setVersion: %d: invalid version", version);
@@ -5804,11 +5967,11 @@ static int xc_setBasicConstraint(lua_State *L) {
5804 lua_pop(L, 1); 5967 lua_pop(L, 1);
5805 5968
5806 lua_getfield(L, 2, "pathLen"); 5969 lua_getfield(L, 2, "pathLen");
5807 pathLen = luaL_optint(L, -1, pathLen); 5970 pathLen = luaL_optinteger(L, -1, pathLen);
5808 lua_pop(L, 1); 5971 lua_pop(L, 1);
5809 5972
5810 lua_getfield(L, 2, "pathLenConstraint"); 5973 lua_getfield(L, 2, "pathLenConstraint");
5811 pathLen = luaL_optint(L, -1, pathLen); 5974 pathLen = luaL_optinteger(L, -1, pathLen);
5812 lua_pop(L, 1); 5975 lua_pop(L, 1);
5813 5976
5814 if (!(bs = BASIC_CONSTRAINTS_new())) 5977 if (!(bs = BASIC_CONSTRAINTS_new()))
@@ -5825,7 +5988,7 @@ static int xc_setBasicConstraint(lua_State *L) {
5825 case 1: 5988 case 1:
5826 /* FALL THROUGH */ 5989 /* FALL THROUGH */
5827 case 2: 5990 case 2:
5828 pathLen = luaL_checkint(L, 3); 5991 pathLen = luaL_checkinteger(L, 3);
5829 5992
5830 break; 5993 break;
5831 } 5994 }
@@ -5947,6 +6110,40 @@ static int xc_getExtensionCount(lua_State *L) {
5947} /* xc_getExtensionCount() */ 6110} /* xc_getExtensionCount() */
5948 6111
5949 6112
6113static int sk_openssl_string__gc(lua_State *L) {
6114 STACK_OF(OPENSSL_STRING) **res = lua_touserdata(L, 1);
6115
6116 if (*res) {
6117 sk_OPENSSL_STRING_free(*res);
6118 *res = NULL;
6119 }
6120
6121 return 0;
6122} /* sk_openssl_string__gc() */
6123
6124
6125static int xc_getOCSP(lua_State *L) {
6126 X509 *crt = checksimple(L, 1, X509_CERT_CLASS);
6127 STACK_OF(OPENSSL_STRING) **res = prepsimple(L, NULL, &sk_openssl_string__gc);
6128 int num, i;
6129
6130 *res = X509_get1_ocsp(crt);
6131 if (!*res)
6132 return 0;
6133
6134 num = sk_OPENSSL_STRING_num(*res);
6135 luaL_checkstack(L, num, "too many authorityInfoAccess");
6136 for (i = 0; i < num; i++) {
6137 lua_pushstring(L, sk_OPENSSL_STRING_value(*res, i));
6138 }
6139
6140 sk_OPENSSL_STRING_free(*res);
6141 *res = NULL;
6142
6143 return num;
6144} /* xc_getOCSP */
6145
6146
5950static int xc_isIssuedBy(lua_State *L) { 6147static int xc_isIssuedBy(lua_State *L) {
5951 X509 *crt = checksimple(L, 1, X509_CERT_CLASS); 6148 X509 *crt = checksimple(L, 1, X509_CERT_CLASS);
5952 X509 *issuer = checksimple(L, 2, X509_CERT_CLASS); 6149 X509 *issuer = checksimple(L, 2, X509_CERT_CLASS);
@@ -6029,23 +6226,17 @@ static int xc_getPublicKeyDigest(lua_State *L) {
6029} /* xc_getPublicKeyDigest() */ 6226} /* xc_getPublicKeyDigest() */
6030 6227
6031 6228
6032#if 0
6033/*
6034 * TODO: X509_get_signature_type always seems to return NID_undef. Are we
6035 * using it wrong or is it broken?
6036 */
6037static int xc_getSignatureName(lua_State *L) { 6229static int xc_getSignatureName(lua_State *L) {
6038 X509 *crt = checksimple(L, 1, X509_CERT_CLASS); 6230 X509 *crt = checksimple(L, 1, X509_CERT_CLASS);
6039 int nid; 6231 int nid;
6040 6232
6041 if (NID_undef == (nid = X509_get_signature_type(crt))) 6233 if (NID_undef == (nid = X509_get_signature_nid(crt)))
6042 return 0; 6234 return 0;
6043 6235
6044 auxL_pushnid(L, nid); 6236 auxL_pushnid(L, nid);
6045 6237
6046 return 1; 6238 return 1;
6047} /* xc_getSignatureName() */ 6239} /* xc_getSignatureName() */
6048#endif
6049 6240
6050 6241
6051static int xc_sign(lua_State *L) { 6242static int xc_sign(lua_State *L) {
@@ -6188,13 +6379,12 @@ static const auxL_Reg xc_methods[] = {
6188 { "addExtension", &xc_addExtension }, 6379 { "addExtension", &xc_addExtension },
6189 { "getExtension", &xc_getExtension }, 6380 { "getExtension", &xc_getExtension },
6190 { "getExtensionCount", &xc_getExtensionCount }, 6381 { "getExtensionCount", &xc_getExtensionCount },
6382 { "getOCSP", &xc_getOCSP },
6191 { "isIssuedBy", &xc_isIssuedBy }, 6383 { "isIssuedBy", &xc_isIssuedBy },
6192 { "getPublicKey", &xc_getPublicKey }, 6384 { "getPublicKey", &xc_getPublicKey },
6193 { "setPublicKey", &xc_setPublicKey }, 6385 { "setPublicKey", &xc_setPublicKey },
6194 { "getPublicKeyDigest", &xc_getPublicKeyDigest }, 6386 { "getPublicKeyDigest", &xc_getPublicKeyDigest },
6195#if 0
6196 { "getSignatureName", &xc_getSignatureName }, 6387 { "getSignatureName", &xc_getSignatureName },
6197#endif
6198 { "sign", &xc_sign }, 6388 { "sign", &xc_sign },
6199 { "text", &xc_text }, 6389 { "text", &xc_text },
6200 { "tostring", &xc__tostring }, 6390 { "tostring", &xc__tostring },
@@ -6286,7 +6476,7 @@ static int xr_getVersion(lua_State *L) {
6286 6476
6287static int xr_setVersion(lua_State *L) { 6477static int xr_setVersion(lua_State *L) {
6288 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS); 6478 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
6289 int version = luaL_checkint(L, 2); 6479 int version = luaL_checkinteger(L, 2);
6290 6480
6291 if (!X509_REQ_set_version(csr, version - 1)) 6481 if (!X509_REQ_set_version(csr, version - 1))
6292 return luaL_error(L, "x509.csr:setVersion: %d: invalid version", version); 6482 return luaL_error(L, "x509.csr:setVersion: %d: invalid version", version);
@@ -6591,7 +6781,7 @@ static int xx_getVersion(lua_State *L) {
6591 6781
6592static int xx_setVersion(lua_State *L) { 6782static int xx_setVersion(lua_State *L) {
6593 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); 6783 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6594 int version = luaL_checkint(L, 2); 6784 int version = luaL_checkinteger(L, 2);
6595 6785
6596 if (!X509_CRL_set_version(crl, version - 1)) 6786 if (!X509_CRL_set_version(crl, version - 1))
6597 return luaL_error(L, "x509.crl:setVersion: %d: invalid version", version); 6787 return luaL_error(L, "x509.crl:setVersion: %d: invalid version", version);
@@ -6642,7 +6832,7 @@ static int xx_getNextUpdate(lua_State *L) {
6642 updateby = timeutc(time); 6832 updateby = timeutc(time);
6643 6833
6644 if (isfinite(updateby)) 6834 if (isfinite(updateby))
6645 lua_pushnumber(L, 1); 6835 lua_pushnumber(L, updateby);
6646 else 6836 else
6647 lua_pushnil(L); 6837 lua_pushnil(L);
6648 6838
@@ -6832,6 +7022,19 @@ static int xx_sign(lua_State *L) {
6832} /* xx_sign() */ 7022} /* xx_sign() */
6833 7023
6834 7024
7025static int xx_verify(lua_State *L) {
7026 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
7027 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
7028
7029 if (!X509_CRL_verify(crl, key))
7030 return auxL_error(L, auxL_EOPENSSL, "x509.crl:verify");
7031
7032 lua_pushboolean(L, 1);
7033
7034 return 1;
7035} /* xx_verify() */
7036
7037
6835static int xx_text(lua_State *L) { 7038static int xx_text(lua_State *L) {
6836 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); 7039 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6837 7040
@@ -6901,6 +7104,7 @@ static const auxL_Reg xx_methods[] = {
6901 { "getExtension", &xx_getExtension }, 7104 { "getExtension", &xx_getExtension },
6902 { "getExtensionCount", &xx_getExtensionCount }, 7105 { "getExtensionCount", &xx_getExtensionCount },
6903 { "sign", &xx_sign }, 7106 { "sign", &xx_sign },
7107 { "verify", &xx_verify },
6904 { "text", &xx_text }, 7108 { "text", &xx_text },
6905 { "tostring", &xx__tostring }, 7109 { "tostring", &xx__tostring },
6906 { NULL, NULL }, 7110 { NULL, NULL },
@@ -7180,7 +7384,7 @@ static int xs_verify(lua_State *L) {
7180 X509 *crt = checksimple(L, 2, X509_CERT_CLASS); 7384 X509 *crt = checksimple(L, 2, X509_CERT_CLASS);
7181 STACK_OF(X509) *chain = NULL, **proof; 7385 STACK_OF(X509) *chain = NULL, **proof;
7182 X509_STORE_CTX *ctx = NULL; 7386 X509_STORE_CTX *ctx = NULL;
7183 int nr = 0, ok, why; 7387 int ok, why;
7184 7388
7185 /* pre-allocate space for a successful return */ 7389 /* pre-allocate space for a successful return */
7186 lua_settop(L, 3); 7390 lua_settop(L, 3);
@@ -7215,27 +7419,24 @@ static int xs_verify(lua_State *L) {
7215 case 1: /* verified */ 7419 case 1: /* verified */
7216 if (!(*proof = X509_STORE_CTX_get1_chain(ctx))) 7420 if (!(*proof = X509_STORE_CTX_get1_chain(ctx)))
7217 goto eossl; 7421 goto eossl;
7422 X509_STORE_CTX_free(ctx);
7218 7423
7219 lua_pushboolean(L, 1); 7424 lua_pushboolean(L, 1);
7220 lua_pushvalue(L, -2); 7425 lua_pushvalue(L, -2);
7221 nr = 2;
7222 7426
7223 break; 7427 return 2;
7224 case 0: /* not verified */ 7428 case 0: /* not verified */
7225 why = X509_STORE_CTX_get_error(ctx); 7429 why = X509_STORE_CTX_get_error(ctx);
7430 X509_STORE_CTX_free(ctx);
7226 7431
7227 lua_pushboolean(L, 0); 7432 lua_pushboolean(L, 0);
7228 lua_pushstring(L, X509_verify_cert_error_string(why)); 7433 lua_pushstring(L, X509_verify_cert_error_string(why));
7229 nr = 2;
7230 7434
7231 break; 7435 return 2;
7232 default: 7436 default:
7233 goto eossl; 7437 goto eossl;
7234 } 7438 }
7235 7439
7236 X509_STORE_CTX_free(ctx);
7237
7238 return nr;
7239eossl: 7440eossl:
7240 if (ctx) 7441 if (ctx)
7241 X509_STORE_CTX_free(ctx); 7442 X509_STORE_CTX_free(ctx);
@@ -7428,6 +7629,57 @@ static int p12_interpose(lua_State *L) {
7428} /* p12_interpose() */ 7629} /* p12_interpose() */
7429 7630
7430 7631
7632static int p12_parse(lua_State *L) {
7633 /* parse a p12 binary string and return the parts */
7634 PKCS12 *p12;
7635
7636 /* gather input parameters */
7637 size_t len;
7638 const char *blob = luaL_checklstring(L, 1, &len);
7639 const char *passphrase = luaL_optstring(L, 2, NULL);
7640
7641 /* prepare return values */
7642 EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS);
7643 X509 **ud_cert = prepsimple(L, X509_CERT_CLASS);
7644 STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS);
7645 /* Note: *ud_chain must be initialised to NULL, which prepsimple does. */
7646
7647 /* read PKCS#12 data into OpenSSL memory buffer */
7648 BIO *bio = BIO_new_mem_buf((void*)blob, len);
7649 if (!bio)
7650 return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
7651 p12 = d2i_PKCS12_bio(bio, NULL);
7652 BIO_free(bio);
7653 if (!p12)
7654 return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
7655
7656 /* the p12 pointer holds the data we're interested in */
7657 int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain);
7658 PKCS12_free(p12);
7659 if (!rc)
7660 auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
7661
7662 /* replace the return values by nil if the ud pointers are NULL */
7663 if (*ud_pkey == NULL) {
7664 lua_pushnil(L);
7665 lua_replace(L, -4);
7666 }
7667
7668 if (*ud_cert == NULL) {
7669 lua_pushnil(L);
7670 lua_replace(L, -3);
7671 }
7672
7673 /* other certificates (a chain, STACK_OF(X509) *) */
7674 if (*ud_chain == NULL) {
7675 lua_pop(L, 1);
7676 lua_pushnil(L);
7677 }
7678
7679 return 3;
7680} /* p12_parse() */
7681
7682
7431static int p12__tostring(lua_State *L) { 7683static int p12__tostring(lua_State *L) {
7432 PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS); 7684 PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS);
7433 BIO *bio = getbio(L); 7685 BIO *bio = getbio(L);
@@ -7471,6 +7723,7 @@ static const auxL_Reg p12_metatable[] = {
7471static const auxL_Reg p12_globals[] = { 7723static const auxL_Reg p12_globals[] = {
7472 { "new", &p12_new }, 7724 { "new", &p12_new },
7473 { "interpose", &p12_interpose }, 7725 { "interpose", &p12_interpose },
7726 { "parse", &p12_parse },
7474 { NULL, NULL }, 7727 { NULL, NULL },
7475}; 7728};
7476 7729
@@ -7690,8 +7943,8 @@ static int sx_getParam(lua_State *L) {
7690 7943
7691static int sx_setVerify(lua_State *L) { 7944static int sx_setVerify(lua_State *L) {
7692 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); 7945 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
7693 int mode = luaL_optint(L, 2, -1); 7946 int mode = luaL_optinteger(L, 2, -1);
7694 int depth = luaL_optint(L, 3, -1); 7947 int depth = luaL_optinteger(L, 3, -1);
7695 7948
7696 if (mode != -1) 7949 if (mode != -1)
7697 SSL_CTX_set_verify(ctx, mode, 0); 7950 SSL_CTX_set_verify(ctx, mode, 0);
@@ -7855,9 +8108,8 @@ static int sx_setAlpnProtos(lua_State *L) {
7855} /* sx_setAlpnProtos() */ 8108} /* sx_setAlpnProtos() */
7856#endif 8109#endif
7857 8110
7858#if HAVE_SSL_CTX_SET_ALPN_SELECT_CB
7859static SSL *ssl_push(lua_State *, SSL *);
7860 8111
8112#if HAVE_SSL_CTX_SET_ALPN_SELECT_CB
7861static int sx_setAlpnSelect_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *_ctx) { 8113static int sx_setAlpnSelect_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *_ctx) {
7862 SSL_CTX *ctx = _ctx; 8114 SSL_CTX *ctx = _ctx;
7863 lua_State *L = NULL; 8115 lua_State *L = NULL;
@@ -7875,12 +8127,12 @@ static int sx_setAlpnSelect_cb(SSL *ssl, const unsigned char **out, unsigned cha
7875 8127
7876 otop = lua_gettop(L) - n; 8128 otop = lua_gettop(L) - n;
7877 8129
7878 /* TODO: Install temporary panic handler to catch OOM errors */
7879
7880 /* pass SSL object as 1st argument */ 8130 /* pass SSL object as 1st argument */
7881 ssl_push(L, ssl); 8131 if (ssl_pushsafe(L, ssl))
8132 goto fatal;
7882 lua_insert(L, otop + 3); 8133 lua_insert(L, otop + 3);
7883 8134
8135 /* TODO: Install temporary panic handler to catch OOM errors */
7884 /* pass table of protocol names as 2nd argument */ 8136 /* pass table of protocol names as 2nd argument */
7885 pushprotos(L, in, inlen); 8137 pushprotos(L, in, inlen);
7886 lua_insert(L, otop + 4); 8138 lua_insert(L, otop + 4);
@@ -7952,6 +8204,116 @@ static int sx_setAlpnSelect(lua_State *L) {
7952#endif 8204#endif
7953 8205
7954 8206
8207#if HAVE_SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK
8208static int sx_setHostNameCallback_cb(SSL *ssl, int *ad, void *_ctx) {
8209 SSL_CTX *ctx = _ctx;
8210 lua_State *L = NULL;
8211 size_t n;
8212 int otop, status, ret = SSL_TLSEXT_ERR_ALERT_FATAL;
8213
8214 *ad = SSL_AD_INTERNAL_ERROR;
8215
8216 /* expect at least one value: closure */
8217 if ((n = ex_getdata(&L, EX_SSL_CTX_TLSEXT_SERVERNAME_CB, ctx)) < 1)
8218 return SSL_TLSEXT_ERR_ALERT_FATAL;
8219
8220 otop = lua_gettop(L) - n;
8221
8222 /* pass SSL object as 1st argument */
8223 if (ssl_pushsafe(L, ssl))
8224 goto done;
8225
8226 lua_insert(L, otop + 2);
8227
8228 if (LUA_OK != (status = lua_pcall(L, 1 + (n - 1), 2, 0)))
8229 goto done;
8230
8231 /* callback should return a boolean for OK/NOACK
8232 * or nil + an integer for a controlled error
8233 * everything else will be a fatal internal error
8234 */
8235 if (lua_isboolean(L, -2)) {
8236 ret = lua_toboolean(L, -2) ? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
8237 } else {
8238 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
8239 if (lua_isnil(L, -2) && lua_isinteger(L, -1))
8240 *ad = lua_tointeger(L, -1);
8241 }
8242
8243done:
8244 lua_settop(L, otop);
8245
8246 return ret;
8247} /* sx_setHostNameCallback_cb() */
8248
8249
8250static int sx_setHostNameCallback(lua_State *L) {
8251 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
8252 int error;
8253
8254 luaL_checktype(L, 2, LUA_TFUNCTION);
8255
8256 if ((error = ex_setdata(L, EX_SSL_CTX_TLSEXT_SERVERNAME_CB, ctx, lua_gettop(L) - 1))) {
8257 if (error > 0) {
8258 return luaL_error(L, "unable to set hostname selection callback: %s", aux_strerror(error));
8259 } else if (error == auxL_EOPENSSL && !ERR_peek_error()) {
8260 return luaL_error(L, "unable to set hostname selection callback: Unknown internal error");
8261 } else {
8262 return auxL_error(L, error, "ssl.context:setHostNameCallback");
8263 }
8264 }
8265 SSL_CTX_set_tlsext_servername_callback(ctx, sx_setHostNameCallback_cb);
8266 SSL_CTX_set_tlsext_servername_arg(ctx, ctx);
8267
8268 lua_pushboolean(L, 1);
8269
8270 return 1;
8271} /* sx_setHostNameCallback() */
8272#endif
8273
8274
8275int TLSEXT_STATUSTYPEs[] = { TLSEXT_STATUSTYPE_ocsp };
8276const char *TLSEXT_STATUSTYPEs_names[] = { "ocsp", NULL };
8277#define checkTLSEXT_STATUSTYPE(L, idx) \
8278 (TLSEXT_STATUSTYPEs[luaL_checkoption((L), (idx), NULL, TLSEXT_STATUSTYPEs_names)])
8279
8280
8281#if HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
8282static int sx_setTLSextStatusType(lua_State *L) {
8283 SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
8284 int type = checkTLSEXT_STATUSTYPE(L, 2);
8285
8286 if(!SSL_CTX_set_tlsext_status_type(ctx, type))
8287 return auxL_error(L, auxL_EOPENSSL, "ssl.context:setTLSextStatusType");
8288
8289 lua_pushboolean(L, 1);
8290
8291 return 1;
8292} /* sx_setTLSextStatusType() */
8293#endif
8294
8295
8296#if HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
8297static int sx_getTLSextStatusType(lua_State *L) {
8298 SSL_CTX *ctx = checksimple(L, 1, SSL_CLASS);
8299
8300 int type = SSL_CTX_get_tlsext_status_type(ctx);
8301 switch(type) {
8302 case -1:
8303 lua_pushnil(L);
8304 break;
8305 case TLSEXT_STATUSTYPE_ocsp:
8306 lua_pushliteral(L, "ocsp");
8307 break;
8308 default:
8309 luaL_error(L, "unknown TLS extension %d", type);
8310 }
8311
8312 return 1;
8313} /* sx_getTLSextStatusType() */
8314#endif
8315
8316
7955static int sx__gc(lua_State *L) { 8317static int sx__gc(lua_State *L) {
7956 SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS); 8318 SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS);
7957 8319
@@ -7987,6 +8349,15 @@ static const auxL_Reg sx_methods[] = {
7987#if HAVE_SSL_CTX_SET_ALPN_SELECT_CB 8349#if HAVE_SSL_CTX_SET_ALPN_SELECT_CB
7988 { "setAlpnSelect", &sx_setAlpnSelect }, 8350 { "setAlpnSelect", &sx_setAlpnSelect },
7989#endif 8351#endif
8352#if HAVE_SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK
8353 { "setHostNameCallback", &sx_setHostNameCallback },
8354#endif
8355#if HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
8356 { "setTLSextStatusType", &sx_setTLSextStatusType },
8357#endif
8358#if HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
8359 { "getTLSextStatusType", &sx_getTLSextStatusType },
8360#endif
7990 { NULL, NULL }, 8361 { NULL, NULL },
7991}; 8362};
7992 8363
@@ -8098,6 +8469,18 @@ static int ssl_interpose(lua_State *L) {
8098} /* ssl_interpose() */ 8469} /* ssl_interpose() */
8099 8470
8100 8471
8472static int ssl_setContext(lua_State *L) {
8473 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8474 SSL_CTX *ctx = checksimple(L, 2, SSL_CTX_CLASS);
8475
8476 if (!SSL_set_SSL_CTX(ssl, ctx))
8477 return auxL_error(L, auxL_EOPENSSL, "ssl.setContext");
8478
8479 lua_pushboolean(L, 1);
8480
8481 return 1;
8482} /* ssl_setContext() */
8483
8101static int ssl_setOptions(lua_State *L) { 8484static int ssl_setOptions(lua_State *L) {
8102 SSL *ssl = checksimple(L, 1, SSL_CLASS); 8485 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8103 auxL_Integer options = auxL_checkinteger(L, 2); 8486 auxL_Integer options = auxL_checkinteger(L, 2);
@@ -8159,6 +8542,33 @@ static int ssl_getParam(lua_State *L) {
8159} /* ssl_getParam() */ 8542} /* ssl_getParam() */
8160 8543
8161 8544
8545static int ssl_setVerify(lua_State *L) {
8546 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8547 int mode = luaL_optinteger(L, 2, -1);
8548 int depth = luaL_optinteger(L, 3, -1);
8549
8550 if (mode != -1)
8551 SSL_set_verify(ssl, mode, 0);
8552
8553 if (depth != -1)
8554 SSL_set_verify_depth(ssl, depth);
8555
8556 lua_pushboolean(L, 1);
8557
8558 return 1;
8559} /* ssl_setVerify() */
8560
8561
8562static int ssl_getVerify(lua_State *L) {
8563 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8564
8565 lua_pushinteger(L, SSL_get_verify_mode(ssl));
8566 lua_pushinteger(L, SSL_get_verify_depth(ssl));
8567
8568 return 2;
8569} /* ssl_getVerify() */
8570
8571
8162static int ssl_getVerifyResult(lua_State *L) { 8572static int ssl_getVerifyResult(lua_State *L) {
8163 SSL *ssl = checksimple(L, 1, SSL_CLASS); 8573 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8164 long res = SSL_get_verify_result(ssl); 8574 long res = SSL_get_verify_result(ssl);
@@ -8168,6 +8578,44 @@ static int ssl_getVerifyResult(lua_State *L) {
8168} /* ssl_getVerifyResult() */ 8578} /* ssl_getVerifyResult() */
8169 8579
8170 8580
8581static int ssl_setCertificate(lua_State *L) {
8582 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8583 X509 *crt = X509_dup(checksimple(L, 2, X509_CERT_CLASS));
8584 int ok;
8585
8586 ok = SSL_use_certificate(ssl, crt);
8587 X509_free(crt);
8588
8589 if (!ok)
8590 return auxL_error(L, auxL_EOPENSSL, "ssl:setCertificate");
8591
8592 lua_pushboolean(L, 1);
8593
8594 return 1;
8595} /* ssl_setCertificate() */
8596
8597
8598static int ssl_setPrivateKey(lua_State *L) {
8599 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8600 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
8601 /*
8602 * NOTE: No easy way to dup the key, but a shared reference should
8603 * be okay as keys are less mutable than certificates.
8604 *
8605 * FIXME: SSL_use_PrivateKey will return true even if the
8606 * EVP_PKEY object has no private key. Instead, we'll just get a
8607 * segfault during the SSL handshake. We need to check that a
8608 * private key is actually defined in the object.
8609 */
8610 if (!SSL_use_PrivateKey(ssl, key))
8611 return auxL_error(L, auxL_EOPENSSL, "ssl:setPrivateKey");
8612
8613 lua_pushboolean(L, 1);
8614
8615 return 1;
8616} /* ssl_setPrivateKey() */
8617
8618
8171static int ssl_getPeerCertificate(lua_State *L) { 8619static int ssl_getPeerCertificate(lua_State *L) {
8172 SSL *ssl = checksimple(L, 1, SSL_CLASS); 8620 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8173 X509 **x509 = prepsimple(L, X509_CERT_CLASS); 8621 X509 **x509 = prepsimple(L, X509_CERT_CLASS);
@@ -8284,6 +8732,31 @@ static int ssl_getVersion(lua_State *L) {
8284} /* ssl_getVersion() */ 8732} /* ssl_getVersion() */
8285 8733
8286 8734
8735static int ssl_getClientRandom(lua_State *L) {
8736 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8737 luaL_Buffer B;
8738 size_t len;
8739 unsigned char *out;
8740
8741 len = SSL_get_client_random(ssl, NULL, 0);
8742#if LUA_VERSION_NUM < 502
8743 if (LUAL_BUFFERSIZE < len)
8744 luaL_error(L, "ssl:getClientRandom: LUAL_BUFFERSIZE(%d) < SSL_get_client_random(ssl, NULL, 0)", (int)LUAL_BUFFERSIZE, (int)len);
8745 luaL_buffinit(L, &B);
8746 out = (unsigned char*)luaL_prepbuffer(&B);
8747 len = SSL_get_client_random(ssl, out, len);
8748 luaL_addsize(&B, len);
8749 luaL_pushresult(&B);
8750#else
8751 out = (unsigned char*)luaL_buffinitsize(L, &B, len);
8752 len = SSL_get_client_random(ssl, out, len);
8753 luaL_pushresultsize(&B, len);
8754#endif
8755
8756 return 1;
8757} /* ssl_getClientRandom() */
8758
8759
8287static int ssl_getClientVersion(lua_State *L) { 8760static int ssl_getClientVersion(lua_State *L) {
8288 SSL *ssl = checksimple(L, 1, SSL_CLASS); 8761 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8289 int format = luaL_checkoption(L, 2, "d", (const char *[]){ "d", ".", "f", NULL }); 8762 int format = luaL_checkoption(L, 2, "d", (const char *[]){ "d", ".", "f", NULL });
@@ -8354,6 +8827,87 @@ static int ssl_setAlpnProtos(lua_State *L) {
8354#endif 8827#endif
8355 8828
8356 8829
8830static int ssl_setTLSextStatusType(lua_State *L) {
8831 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8832 int type = checkTLSEXT_STATUSTYPE(L, 2);
8833
8834 if(!SSL_set_tlsext_status_type(ssl, type))
8835 return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusType");
8836
8837 lua_pushboolean(L, 1);
8838
8839 return 1;
8840} /* ssl_setTLSextStatusType() */
8841
8842
8843#if HAVE_SSL_GET_TLSEXT_STATUS_TYPE
8844static int ssl_getTLSextStatusType(lua_State *L) {
8845 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8846
8847 int type = SSL_get_tlsext_status_type(ssl);
8848 switch(type) {
8849 case -1:
8850 lua_pushnil(L);
8851 break;
8852 case TLSEXT_STATUSTYPE_ocsp:
8853 lua_pushliteral(L, "ocsp");
8854 break;
8855 default:
8856 luaL_error(L, "unknown TLS extension %d", type);
8857 }
8858
8859 return 1;
8860} /* ssl_getTLSextStatusType() */
8861#endif
8862
8863
8864static int ssl_setTLSextStatusOCSPResp(lua_State *L) {
8865 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8866 OCSP_RESPONSE *or = testsimple(L, 2, OCSP_RESPONSE_CLASS);
8867
8868 unsigned char *resp = NULL;
8869 long resp_len;
8870
8871 if (or) {
8872 resp_len = i2d_OCSP_RESPONSE(or, &resp);
8873 if (resp_len <= 0)
8874 return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusOCSPResp");
8875 } else {
8876 resp_len = 0;
8877 }
8878
8879 if (!SSL_set_tlsext_status_ocsp_resp(ssl, resp, resp_len))
8880 return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusOCSPResp");
8881
8882 lua_pushboolean(L, 1);
8883
8884 return 1;
8885} /* ssl_setTLSextStatusOCSPResp() */
8886
8887
8888static int ssl_getTLSextStatusOCSPResp(lua_State *L) {
8889 SSL *ssl = checksimple(L, 1, SSL_CLASS);
8890
8891 OCSP_RESPONSE **ud = prepsimple(L, OCSP_RESPONSE_CLASS);
8892 const unsigned char *resp;
8893 long resp_len;
8894
8895 resp_len = SSL_get_tlsext_status_ocsp_resp(ssl, &resp);
8896 if (resp == NULL) {
8897 lua_pushnil(L);
8898 return 1;
8899 }
8900 if (resp_len == -1)
8901 return auxL_error(L, auxL_EOPENSSL, "ssl:getTLSextStatusOCSPResp");
8902
8903 *ud = d2i_OCSP_RESPONSE(NULL, &resp, resp_len);
8904 if(*ud == NULL)
8905 return auxL_error(L, auxL_EOPENSSL, "ssl:getTLSextStatusOCSPResp");
8906
8907 return 1;
8908} /* ssl_getTLSextStatusOCSPResp() */
8909
8910
8357static int ssl__gc(lua_State *L) { 8911static int ssl__gc(lua_State *L) {
8358 SSL **ud = luaL_checkudata(L, 1, SSL_CLASS); 8912 SSL **ud = luaL_checkudata(L, 1, SSL_CLASS);
8359 8913
@@ -8367,12 +8921,17 @@ static int ssl__gc(lua_State *L) {
8367 8921
8368 8922
8369static const auxL_Reg ssl_methods[] = { 8923static const auxL_Reg ssl_methods[] = {
8924 { "setContext", &ssl_setContext },
8370 { "setOptions", &ssl_setOptions }, 8925 { "setOptions", &ssl_setOptions },
8371 { "getOptions", &ssl_getOptions }, 8926 { "getOptions", &ssl_getOptions },
8372 { "clearOptions", &ssl_clearOptions }, 8927 { "clearOptions", &ssl_clearOptions },
8373 { "setParam", &ssl_setParam }, 8928 { "setParam", &ssl_setParam },
8374 { "getParam", &ssl_getParam }, 8929 { "getParam", &ssl_getParam },
8930 { "setVerify", &ssl_setVerify },
8931 { "getVerify", &ssl_getVerify },
8375 { "getVerifyResult", &ssl_getVerifyResult }, 8932 { "getVerifyResult", &ssl_getVerifyResult },
8933 { "setCertificate", &ssl_setCertificate },
8934 { "setPrivateKey", &ssl_setPrivateKey },
8376 { "getPeerCertificate", &ssl_getPeerCertificate }, 8935 { "getPeerCertificate", &ssl_getPeerCertificate },
8377 { "getPeerChain", &ssl_getPeerChain }, 8936 { "getPeerChain", &ssl_getPeerChain },
8378 { "getCipherInfo", &ssl_getCipherInfo }, 8937 { "getCipherInfo", &ssl_getCipherInfo },
@@ -8382,6 +8941,7 @@ static const auxL_Reg ssl_methods[] = {
8382 { "getHostName", &ssl_getHostName }, 8941 { "getHostName", &ssl_getHostName },
8383 { "setHostName", &ssl_setHostName }, 8942 { "setHostName", &ssl_setHostName },
8384 { "getVersion", &ssl_getVersion }, 8943 { "getVersion", &ssl_getVersion },
8944 { "getClientRandom", &ssl_getClientRandom },
8385 { "getClientVersion", &ssl_getClientVersion }, 8945 { "getClientVersion", &ssl_getClientVersion },
8386#if HAVE_SSL_GET0_ALPN_SELECTED 8946#if HAVE_SSL_GET0_ALPN_SELECTED
8387 { "getAlpnSelected", &ssl_getAlpnSelected }, 8947 { "getAlpnSelected", &ssl_getAlpnSelected },
@@ -8389,6 +8949,12 @@ static const auxL_Reg ssl_methods[] = {
8389#if HAVE_SSL_SET_ALPN_PROTOS 8949#if HAVE_SSL_SET_ALPN_PROTOS
8390 { "setAlpnProtos", &ssl_setAlpnProtos }, 8950 { "setAlpnProtos", &ssl_setAlpnProtos },
8391#endif 8951#endif
8952 { "setTLSextStatusType", &ssl_setTLSextStatusType },
8953#if HAVE_SSL_GET_TLSEXT_STATUS_TYPE
8954 { "getTLSextStatusType", &ssl_getTLSextStatusType },
8955#endif
8956 { "setTLSextStatusOCSPResp", &ssl_setTLSextStatusOCSPResp },
8957 { "getTLSextStatusOCSPResp", &ssl_getTLSextStatusOCSPResp },
8392 { NULL, NULL }, 8958 { NULL, NULL },
8393}; 8959};
8394 8960
@@ -9126,6 +9692,166 @@ int luaopen__openssl_cipher(lua_State *L) {
9126 9692
9127 9693
9128/* 9694/*
9695 * OCSP_RESPONSE - openssl.ocsp.response
9696 *
9697 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
9698
9699static int or_tostring(lua_State *L) {
9700 OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS);
9701 BIO *bio = getbio(L);
9702 size_t len;
9703 char *bytes;
9704
9705 if (!OCSP_RESPONSE_print(bio, resp, 0))
9706 return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:tostring");
9707
9708 len = BIO_get_mem_data(bio, &bytes);
9709 lua_pushlstring(L, bytes, len);
9710
9711 return 1;
9712} /* or__tostring() */
9713
9714
9715static int or_toPEM(lua_State *L) {
9716 OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS);
9717 BIO *bio = getbio(L);
9718 size_t len;
9719 char *bytes;
9720
9721 if (!PEM_write_bio_OCSP_RESPONSE(bio, resp))
9722 return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:toPEM");
9723
9724 len = BIO_get_mem_data(bio, &bytes);
9725 lua_pushlstring(L, bytes, len);
9726
9727 return 1;
9728} /* or_toPEM() */
9729
9730
9731static int or_getBasic(lua_State *L) {
9732 OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS);
9733
9734 OCSP_BASICRESP **basic = prepsimple(L, OCSP_BASICRESP_CLASS);
9735
9736 *basic = OCSP_response_get1_basic(resp);
9737 if (!*basic)
9738 return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:getBasic");
9739
9740 return 1;
9741} /* or_getBasic() */
9742
9743
9744static int or__gc(lua_State *L) {
9745 OCSP_RESPONSE **ud = luaL_checkudata(L, 1, OCSP_RESPONSE_CLASS);
9746
9747 if (*ud) {
9748 OCSP_RESPONSE_free(*ud);
9749 *ud = NULL;
9750 }
9751
9752 return 0;
9753} /* or__gc() */
9754
9755static const auxL_Reg or_methods[] = {
9756 { "tostring", &or_tostring },
9757 { "toPEM", &or_toPEM },
9758 { "getBasic", &or_getBasic },
9759 { NULL, NULL },
9760};
9761
9762static const auxL_Reg or_metatable[] = {
9763 { "__tostring", &or_tostring },
9764 { "__gc", &or__gc },
9765 { NULL, NULL },
9766};
9767
9768static const auxL_Reg or_globals[] = {
9769 { NULL, NULL },
9770};
9771
9772int luaopen__openssl_ocsp_response(lua_State *L) {
9773 initall(L);
9774
9775 auxL_newlib(L, or_globals, 0);
9776
9777 return 1;
9778} /* luaopen__openssl_ocsp_response() */
9779
9780
9781/*
9782 * OCSP_BASICRESP - openssl.ocsp.basic
9783 *
9784 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
9785
9786static int ob_verify(lua_State *L) {
9787 OCSP_BASICRESP *basic = checksimple(L, 1, OCSP_BASICRESP_CLASS);
9788 STACK_OF(X509) *certs = testsimple(L, 2, X509_CHAIN_CLASS);
9789 X509_STORE *store = testsimple(L, 3, X509_STORE_CLASS);
9790 unsigned long flags = luaL_optinteger(L, 4, 0);
9791
9792 int res = OCSP_basic_verify(basic, certs, store, flags);
9793 if (res == -1)
9794 return auxL_error(L, auxL_EOPENSSL, "OCSP_BASICRESP:verify");
9795
9796 lua_pushboolean(L, res);
9797 if (res) {
9798 return 1;
9799 } else {
9800 auxL_pusherror(L, auxL_EOPENSSL, NULL);
9801 return 2;
9802 }
9803} /* ob_verify() */
9804
9805
9806static int ob__gc(lua_State *L) {
9807 OCSP_BASICRESP **ud = luaL_checkudata(L, 1, OCSP_BASICRESP_CLASS);
9808
9809 if (*ud) {
9810 OCSP_BASICRESP_free(*ud);
9811 *ud = NULL;
9812 }
9813
9814 return 0;
9815} /* or__gc() */
9816
9817
9818static const auxL_Reg ob_methods[] = {
9819 { "verify", &ob_verify },
9820 { NULL, NULL },
9821};
9822
9823static const auxL_Reg ob_metatable[] = {
9824 { "__gc", &ob__gc },
9825 { NULL, NULL },
9826};
9827
9828static const auxL_Reg ob_globals[] = {
9829 { NULL, NULL },
9830};
9831
9832static const auxL_IntegerReg ob_verify_flags[] = {
9833 { "NOSIGS", OCSP_NOSIGS},
9834 { "NOVERIFY", OCSP_NOVERIFY},
9835 { "NOCHAIN", OCSP_NOCHAIN},
9836 { "NOCHECKS", OCSP_NOCHECKS},
9837 { "NOEXPLICIT", OCSP_NOEXPLICIT},
9838 { "TRUSTOTHER", OCSP_TRUSTOTHER},
9839 { "NOINTERN", OCSP_NOINTERN},
9840 { "TRUSTOTHER", OCSP_TRUSTOTHER},
9841 { NULL, 0 },
9842};
9843
9844int luaopen__openssl_ocsp_basic(lua_State *L) {
9845 initall(L);
9846
9847 auxL_newlib(L, ob_globals, 0);
9848 auxL_setintegers(L, ob_verify_flags);
9849
9850 return 1;
9851} /* luaopen__openssl_ocsp_basic() */
9852
9853
9854/*
9129 * Rand - openssl.rand 9855 * Rand - openssl.rand
9130 * 9856 *
9131 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 9857 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
@@ -9322,7 +10048,7 @@ static int rand_add(lua_State *L) {
9322 10048
9323 10049
9324static int rand_bytes(lua_State *L) { 10050static int rand_bytes(lua_State *L) {
9325 int size = luaL_checkint(L, 1); 10051 int size = luaL_checkinteger(L, 1);
9326 luaL_Buffer B; 10052 luaL_Buffer B;
9327 int count = 0, n; 10053 int count = 0, n;
9328 10054
@@ -9438,11 +10164,7 @@ static int rand_uniform(lua_State *L) {
9438 } else { 10164 } else {
9439 unsigned long long N, m; 10165 unsigned long long N, m;
9440 10166
9441 if (sizeof (lua_Unsigned) >= sizeof r) { 10167 N = auxL_checkunsigned(L, 1);
9442 N = luaL_checkunsigned(L, 1);
9443 } else {
9444 N = luaL_checknumber(L, 1);
9445 }
9446 10168
9447 luaL_argcheck(L, N > 1, 1, lua_pushfstring(L, "[0, %d): interval is empty", (int)N)); 10169 luaL_argcheck(L, N > 1, 1, lua_pushfstring(L, "[0, %d): interval is empty", (int)N));
9448 10170
@@ -9455,11 +10177,7 @@ static int rand_uniform(lua_State *L) {
9455 r = r % N; 10177 r = r % N;
9456 } 10178 }
9457 10179
9458 if (sizeof (lua_Unsigned) >= sizeof r) { 10180 auxL_pushunsigned(L, r);
9459 lua_pushunsigned(L, r);
9460 } else {
9461 lua_pushnumber(L, r);
9462 }
9463 10181
9464 return 1; 10182 return 1;
9465} /* rand_uniform() */ 10183} /* rand_uniform() */
@@ -9690,5 +10408,7 @@ static void initall(lua_State *L) {
9690 auxL_addclass(L, DIGEST_CLASS, md_methods, md_metatable, 0); 10408 auxL_addclass(L, DIGEST_CLASS, md_methods, md_metatable, 0);
9691 auxL_addclass(L, HMAC_CLASS, hmac_methods, hmac_metatable, 0); 10409 auxL_addclass(L, HMAC_CLASS, hmac_methods, hmac_metatable, 0);
9692 auxL_addclass(L, CIPHER_CLASS, cipher_methods, cipher_metatable, 0); 10410 auxL_addclass(L, CIPHER_CLASS, cipher_methods, cipher_metatable, 0);
10411 auxL_addclass(L, OCSP_RESPONSE_CLASS, or_methods, or_metatable, 0);
10412 auxL_addclass(L, OCSP_BASICRESP_CLASS, ob_methods, ob_metatable, 0);
9693} /* initall() */ 10413} /* initall() */
9694 10414
diff --git a/src/openssl.ocsp.basic.lua b/src/openssl.ocsp.basic.lua
new file mode 100644
index 0000000..355faf7
--- /dev/null
+++ b/src/openssl.ocsp.basic.lua
@@ -0,0 +1,3 @@
1local ob = require "_openssl.ocsp.basic"
2
3return ob
diff --git a/src/openssl.ocsp.response.lua b/src/openssl.ocsp.response.lua
new file mode 100644
index 0000000..2226096
--- /dev/null
+++ b/src/openssl.ocsp.response.lua
@@ -0,0 +1,3 @@
1local ocsp_response = require "_openssl.ocsp.response"
2
3return ocsp_response
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-10 20:02:17 +0000