summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/openssl.c397
1 files changed, 339 insertions, 58 deletions
diff --git a/src/openssl.c b/src/openssl.c
index e493ae4..78d79cc 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -83,6 +83,50 @@
83#define LIBRESSL_PREREQ(M, m, p) \ 83#define LIBRESSL_PREREQ(M, m, p) \
84 (LIBRESSL_VERSION_NUMBER >= (((M) << 28) | ((m) << 20) | ((p) << 12))) 84 (LIBRESSL_VERSION_NUMBER >= (((M) << 28) | ((m) << 20) | ((p) << 12)))
85 85
86#ifndef HAVE_DH_GET0_KEY
87#define HAVE_DH_GET0_KEY 0
88#endif
89
90#ifndef HAVE_DH_GET0_PQG
91#define HAVE_DH_GET0_PQG 0
92#endif
93
94#ifndef HAVE_DSA_GET0_KEY
95#define HAVE_DSA_GET0_KEY 0
96#endif
97
98#ifndef HAVE_DSA_GET0_PQG
99#define HAVE_DSA_GET0_PQG 0
100#endif
101
102#ifndef HAVE_EVP_PKEY_ID
103#define HAVE_EVP_PKEY_ID 0
104#endif
105
106#ifndef HAVE_RSA_GET0_CRT_PARAMS
107#define HAVE_RSA_GET0_CRT_PARAMS 0
108#endif
109
110#ifndef HAVE_RSA_GET0_FACTORS
111#define HAVE_RSA_GET0_FACTORS 0
112#endif
113
114#ifndef HAVE_RSA_GET0_KEY
115#define HAVE_RSA_GET0_KEY 0
116#endif
117
118#ifndef HAVE_RSA_SET0_CRT_PARAMS
119#define HAVE_RSA_SET0_CRT_PARAMS 0
120#endif
121
122#ifndef HAVE_RSA_SET0_FACTORS
123#define HAVE_RSA_SET0_FACTORS 0
124#endif
125
126#ifndef HAVE_RSA_SET0_KEY
127#define HAVE_RSA_SET0_KEY 0
128#endif
129
86#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS 130#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
87#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1, 0, 2) || LIBRESSL_PREREQ(2, 1, 3)) 131#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1, 0, 2) || LIBRESSL_PREREQ(2, 1, 3))
88#endif 132#endif
@@ -91,6 +135,14 @@
91#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB HAVE_SSL_CTX_SET_ALPN_PROTOS 135#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB HAVE_SSL_CTX_SET_ALPN_PROTOS
92#endif 136#endif
93 137
138#ifndef HAVE_SSL_CTX_SET1_CERT_STORE
139#define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || 0) /* backwards compatible with old macro name */
140#endif
141
142#ifndef HAVE_SSL_CTX_CERT_STORE
143#define HAVE_SSL_CTX_CERT_STORE 1
144#endif
145
94#ifndef HAVE_SSL_SET_ALPN_PROTOS 146#ifndef HAVE_SSL_SET_ALPN_PROTOS
95#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS 147#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS
96#endif 148#endif
@@ -123,6 +175,10 @@
123#define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD 175#define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD
124#endif 176#endif
125 177
178#ifndef HAVE_X509_STORE_REFERENCES
179#define HAVE_X509_STORE_REFERENCES 1
180#endif
181
126#ifndef STRERROR_R_CHAR_P 182#ifndef STRERROR_R_CHAR_P
127#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600))) 183#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)))
128#endif 184#endif
@@ -488,6 +544,13 @@ static const char *aux_strerror_r(int error, char *dst, size_t lim) {
488 * 544 *
489 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 545 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
490 546
547static void auxS_bn_free_and_set0(BIGNUM **dst, BIGNUM *src) {
548 if (*dst) {
549 BN_clear_free(*dst);
550 }
551 *dst = src;
552} /* auxS_bn_free_and_set0() */
553
491static size_t auxS_nid2sn(void *dst, size_t lim, int nid) { 554static size_t auxS_nid2sn(void *dst, size_t lim, int nid) {
492 const char *sn; 555 const char *sn;
493 556
@@ -1021,11 +1084,111 @@ static struct {
1021 .X509_STORE_free = &X509_STORE_free, 1084 .X509_STORE_free = &X509_STORE_free,
1022}; 1085};
1023 1086
1087#if !HAVE_DH_GET0_KEY
1088#define DH_get0_key(...) compat_DH_get0_key(__VA_ARGS__)
1089
1090static void compat_DH_get0_key(const DH *d, const BIGNUM **pub_key, const BIGNUM **priv_key) {
1091 if (pub_key)
1092 *pub_key = d->pub_key;
1093 if (priv_key)
1094 *priv_key = d->priv_key;
1095} /* compat_DH_get0_key() */
1096#endif
1097
1098#if !HAVE_DH_GET0_PQG
1099#define DH_get0_pqg(...) compat_DH_get0_pqg(__VA_ARGS__)
1100
1101static void compat_DH_get0_pqg(const DH *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
1102 if (p)
1103 *p = d->p;
1104 if (q)
1105 *q = d->q;
1106 if (g)
1107 *g = d->g;
1108} /* compat_DH_get0_pqg() */
1109#endif
1110
1111#if !HAVE_DH_SET0_KEY
1112#define DH_set0_key(...) compat_DH_set0_key(__VA_ARGS__)
1113
1114static void compat_DH_set0_key(DH *d, BIGNUM *pub_key, BIGNUM *priv_key) {
1115 if (pub_key)
1116 auxS_bn_free_and_set0(&d->pub_key, pub_key);
1117 if (priv_key)
1118 auxS_bn_free_and_set0(&d->priv_key, priv_key);
1119} /* compat_DH_set0_key() */
1120#endif
1121
1122#if !HAVE_DH_SET0_PQG
1123#define DH_set0_pqg(...) compat_DH_set0_pqg(__VA_ARGS__)
1124
1125static void compat_DH_set0_pqg(DH *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
1126 if (p)
1127 auxS_bn_free_and_set0(&d->p, p);
1128 if (q)
1129 auxS_bn_free_and_set0(&d->q, q);
1130 if (g)
1131 auxS_bn_free_and_set0(&d->g, g);
1132} /* compat_DH_set0_pqg() */
1133#endif
1134
1135#if !HAVE_DSA_GET0_KEY
1136#define DSA_get0_key(...) compat_DSA_get0_key(__VA_ARGS__)
1137
1138static void compat_DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) {
1139 if (pub_key)
1140 *pub_key = d->pub_key;
1141 if (priv_key)
1142 *priv_key = d->priv_key;
1143} /* compat_DSA_get0_key() */
1144#endif
1145
1146#if !HAVE_DSA_GET0_PQG
1147#define DSA_get0_pqg(...) compat_DSA_get0_pqg(__VA_ARGS__)
1148
1149static void compat_DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
1150 if (p)
1151 *p = d->p;
1152 if (q)
1153 *q = d->q;
1154 if (g)
1155 *g = d->g;
1156} /* compat_DSA_get0_pqg() */
1157#endif
1158
1159#if !HAVE_DSA_SET0_KEY
1160#define DSA_set0_key(...) compat_DSA_set0_key(__VA_ARGS__)
1161
1162static void compat_DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) {
1163 if (pub_key)
1164 auxS_bn_free_and_set0(&d->pub_key, pub_key);
1165 if (priv_key)
1166 auxS_bn_free_and_set0(&d->priv_key, priv_key);
1167} /* compat_DSA_set0_key() */
1168#endif
1169
1170#if !HAVE_DSA_SET0_PQG
1171#define DSA_set0_pqg(...) compat_DSA_set0_pqg(__VA_ARGS__)
1172
1173static void compat_DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
1174 if (p)
1175 auxS_bn_free_and_set0(&d->p, p);
1176 if (q)
1177 auxS_bn_free_and_set0(&d->q, q);
1178 if (g)
1179 auxS_bn_free_and_set0(&d->g, g);
1180} /* compat_DSA_set0_pqg() */
1181#endif
1182
1183#if !HAVE_EVP_PKEY_ID
1184#define EVP_PKEY_id(key) ((key)->type)
1185#endif
1186
1024#if !HAVE_EVP_PKEY_BASE_ID 1187#if !HAVE_EVP_PKEY_BASE_ID
1025#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key)) 1188#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key))
1026 1189
1027static int compat_EVP_PKEY_base_id(EVP_PKEY *key) { 1190static int compat_EVP_PKEY_base_id(EVP_PKEY *key) {
1028 return EVP_PKEY_type(key->type); 1191 return EVP_PKEY_type(EVP_PKEY_id(key));
1029} /* compat_EVP_PKEY_base_id() */ 1192} /* compat_EVP_PKEY_base_id() */
1030#endif 1193#endif
1031 1194
@@ -1065,6 +1228,80 @@ static void *compat_EVP_PKEY_get0(EVP_PKEY *key) {
1065} /* compat_EVP_PKEY_get0() */ 1228} /* compat_EVP_PKEY_get0() */
1066#endif 1229#endif
1067 1230
1231#if !HAVE_RSA_GET0_CRT_PARAMS
1232#define RSA_get0_crt_params(...) compat_RSA_get0_crt_params(__VA_ARGS__)
1233
1234static void compat_RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) {
1235 if (dmp1)
1236 *dmp1 = r->dmp1;
1237 if (dmq1)
1238 *dmq1 = r->dmq1;
1239 if (iqmp)
1240 *iqmp = r->iqmp;
1241} /* compat_RSA_get0_crt_params() */
1242#endif
1243
1244#if !HAVE_RSA_GET0_FACTORS
1245#define RSA_get0_factors(...) compat_RSA_get0_factors(__VA_ARGS__)
1246
1247static void compat_RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
1248 if (p)
1249 *p = r->p;
1250 if (q)
1251 *q = r->q;
1252} /* compat_RSA_get0_factors() */
1253#endif
1254
1255#if !HAVE_RSA_GET0_KEY
1256#define RSA_get0_key(...) compat_RSA_get0_key(__VA_ARGS__)
1257
1258static void compat_RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) {
1259 if (n)
1260 *n = r->n;
1261 if (e)
1262 *e = r->e;
1263 if (d)
1264 *d = r->d;
1265} /* compat_RSA_get0_key() */
1266#endif
1267
1268#if !HAVE_RSA_SET0_CRT_PARAMS
1269#define RSA_set0_crt_params(...) compat_RSA_set0_crt_params(__VA_ARGS__)
1270
1271static void compat_RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
1272 if (dmp1)
1273 auxS_bn_free_and_set0(&r->dmp1, dmp1);
1274 if (dmq1)
1275 auxS_bn_free_and_set0(&r->dmq1, dmq1);
1276 if (iqmp)
1277 auxS_bn_free_and_set0(&r->iqmp, iqmp);
1278} /* compat_RSA_set0_crt_params() */
1279#endif
1280
1281#if !HAVE_RSA_SET0_FACTORS
1282#define RSA_set0_factors(...) compat_RSA_set0_factors(__VA_ARGS__)
1283
1284static void compat_RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
1285 if (p)
1286 auxS_bn_free_and_set0(&r->p, p);
1287 if (q)
1288 auxS_bn_free_and_set0(&r->q, q);
1289} /* compat_RSA_set0_factors() */
1290#endif
1291
1292#if !HAVE_RSA_SET0_KEY
1293#define RSA_set0_key(...) compat_RSA_set0_key(__VA_ARGS__)
1294
1295static void compat_RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
1296 if (n)
1297 auxS_bn_free_and_set0(&r->n, n);
1298 if (e)
1299 auxS_bn_free_and_set0(&r->e, e);
1300 if (d)
1301 auxS_bn_free_and_set0(&r->d, d);
1302} /* compat_RSA_set0_key() */
1303#endif
1304
1068#if !HAVE_X509_GET0_EXT 1305#if !HAVE_X509_GET0_EXT
1069#define X509_get0_ext(crt, i) X509_get_ext((crt), (i)) 1306#define X509_get0_ext(crt, i) X509_get_ext((crt), (i))
1070#endif 1307#endif
@@ -1081,13 +1318,18 @@ static void *compat_EVP_PKEY_get0(EVP_PKEY *key) {
1081#define X509_EXTENSION_get0_data(ext) X509_EXTENSION_get_data((ext)) 1318#define X509_EXTENSION_get0_data(ext) X509_EXTENSION_get_data((ext))
1082#endif 1319#endif
1083 1320
1321#if HAVE_X509_STORE_REFERENCES
1084/* 1322/*
1085 * X509_STORE_free in OpenSSL versions < 1.0.2 doesn't obey reference count 1323 * X509_STORE_free in OpenSSL versions < 1.0.2 doesn't obey reference count
1086 */ 1324 */
1087#define X509_STORE_free(store) \ 1325#define X509_STORE_free(store) \
1088 (compat.X509_STORE_free)((store)) 1326 (compat.X509_STORE_free)((store))
1089 1327
1090static void compat_X509_STORE_free(X509_STORE *store) { 1328/* to support preprocessor detection below */
1329#define compat_X509_STORE_free(store) \
1330 compat_X509_STORE_free((store))
1331
1332static void (compat_X509_STORE_free)(X509_STORE *store) {
1091 int i; 1333 int i;
1092 1334
1093 i = CRYPTO_add(&store->references, -1, CRYPTO_LOCK_X509_STORE); 1335 i = CRYPTO_add(&store->references, -1, CRYPTO_LOCK_X509_STORE);
@@ -1097,12 +1339,21 @@ static void compat_X509_STORE_free(X509_STORE *store) {
1097 1339
1098 (X509_STORE_free)(store); 1340 (X509_STORE_free)(store);
1099} /* compat_X509_STORE_free() */ 1341} /* compat_X509_STORE_free() */
1342#endif
1100 1343
1101#if !HAVE_SSL_CTX_set1_cert_store 1344#if !HAVE_SSL_CTX_SET1_CERT_STORE
1345#if !HAVE_SSL_CTX_CERT_STORE || !HAVE_X509_STORE_REFERENCES
1346#define SSL_CTX_set1_cert_store(ctx, store) \
1347 SSL_CTX_set_cert_store((ctx), (store))
1348#else
1102#define SSL_CTX_set1_cert_store(ctx, store) \ 1349#define SSL_CTX_set1_cert_store(ctx, store) \
1103 compat_SSL_CTX_set1_cert_store((ctx), (store)) 1350 compat_SSL_CTX_set1_cert_store((ctx), (store))
1104 1351
1105static void compat_SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) { 1352/* to support preprocessor detection below */
1353#define compat_SSL_CTX_set1_cert_store(ctx, store) \
1354 compat_SSL_CTX_set1_cert_store((ctx), (store))
1355
1356static void (compat_SSL_CTX_set1_cert_store)(SSL_CTX *ctx, X509_STORE *store) {
1106 int n; 1357 int n;
1107 1358
1108 /* 1359 /*
@@ -1122,6 +1373,9 @@ static void compat_SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1122 CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); 1373 CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
1123} /* compat_SSL_CTX_set1_cert_store() */ 1374} /* compat_SSL_CTX_set1_cert_store() */
1124#endif 1375#endif
1376#endif
1377
1378#if HAVE_SSL_CTX_CERT_STORE
1125 1379
1126static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) { 1380static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
1127 SSL_CTX *ctx = _ctx; 1381 SSL_CTX *ctx = _ctx;
@@ -1132,6 +1386,8 @@ static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX
1132 } 1386 }
1133} /* compat_init_SSL_CTX_onfree() */ 1387} /* compat_init_SSL_CTX_onfree() */
1134 1388
1389#endif
1390
1135/* helper routine to determine if X509_STORE_free obeys reference count */ 1391/* helper routine to determine if X509_STORE_free obeys reference count */
1136static void compat_init_X509_STORE_onfree(void *store, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) { 1392static void compat_init_X509_STORE_onfree(void *store, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
1137 /* unfortunately there's no way to remove a handler */ 1393 /* unfortunately there's no way to remove a handler */
@@ -1161,6 +1417,7 @@ static int compat_init(void) {
1161 if ((error = dl_anchor())) 1417 if ((error = dl_anchor()))
1162 goto epilog; 1418 goto epilog;
1163 1419
1420#if defined compat_X509_STORE_free
1164 /* 1421 /*
1165 * Test if X509_STORE_free obeys reference counts by installing an 1422 * Test if X509_STORE_free obeys reference counts by installing an
1166 * onfree callback. 1423 * onfree callback.
@@ -1210,6 +1467,7 @@ static int compat_init(void) {
1210 1467
1211 compat.flags |= COMPAT_X509_STORE_FREE_BUG; 1468 compat.flags |= COMPAT_X509_STORE_FREE_BUG;
1212 } 1469 }
1470#endif
1213 1471
1214 done = 1; 1472 done = 1;
1215epilog: 1473epilog:
@@ -2640,7 +2898,7 @@ static int pk_interpose(lua_State *L) {
2640 2898
2641static int pk_type(lua_State *L) { 2899static int pk_type(lua_State *L) {
2642 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); 2900 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
2643 int nid = key->type; 2901 int nid = EVP_PKEY_id(key);
2644 2902
2645 auxL_pushnid(L, nid); 2903 auxL_pushnid(L, nid);
2646 2904
@@ -2802,7 +3060,7 @@ static int pk_toPEM(lua_State *L) {
2802#if 0 3060#if 0
2803 case 4: case 5: /* params, Parameters */ 3061 case 4: case 5: /* params, Parameters */
2804 /* EVP_PKEY_base_id not in OS X */ 3062 /* EVP_PKEY_base_id not in OS X */
2805 switch (EVP_PKEY_type(key->type)) { 3063 switch (EVP_PKEY_base_id(key)) {
2806 case EVP_PKEY_RSA: 3064 case EVP_PKEY_RSA:
2807 break; 3065 break;
2808 case EVP_PKEY_DSA: { 3066 case EVP_PKEY_DSA: {
@@ -2845,7 +3103,7 @@ static int pk_toPEM(lua_State *L) {
2845 } 3103 }
2846#endif 3104#endif
2847 default: 3105 default:
2848 return luaL_error(L, "%d: unsupported EVP_PKEY base type", EVP_PKEY_type(key->type)); 3106 return luaL_error(L, "%d: unsupported EVP_PKEY base type", EVP_PKEY_base_id(key));
2849 } 3107 }
2850 3108
2851 lua_pushlstring(L, pem, len); 3109 lua_pushlstring(L, pem, len);
@@ -2961,82 +3219,100 @@ static void pk_pushparam(lua_State *L, void *base_key, enum pk_param which) {
2961 EC_KEY *ec; 3219 EC_KEY *ec;
2962#endif 3220#endif
2963 } key = { base_key }; 3221 } key = { base_key };
3222 const BIGNUM *i;
2964 3223
2965 switch (which) { 3224 switch (which) {
2966 case PK_RSA_N: 3225 case PK_RSA_N:
2967 /* RSA public modulus n */ 3226 /* RSA public modulus n */
2968 bn_dup_nil(L, key.rsa->n); 3227 RSA_get0_key(key.rsa, &i, NULL, NULL);
3228 bn_dup_nil(L, i);
2969 3229
2970 break; 3230 break;
2971 case PK_RSA_E: 3231 case PK_RSA_E:
2972 /* RSA public exponent e */ 3232 /* RSA public exponent e */
2973 bn_dup_nil(L, key.rsa->e); 3233 RSA_get0_key(key.rsa, NULL, &i, NULL);
3234 bn_dup_nil(L, i);
2974 3235
2975 break; 3236 break;
2976 case PK_RSA_D: 3237 case PK_RSA_D:
2977 /* RSA secret exponent d */ 3238 /* RSA secret exponent d */
2978 bn_dup_nil(L, key.rsa->d); 3239 RSA_get0_key(key.rsa, NULL, NULL, &i);
3240 bn_dup_nil(L, i);
2979 3241
2980 break; 3242 break;
2981 case PK_RSA_P: 3243 case PK_RSA_P:
2982 /* RSA secret prime p */ 3244 /* RSA secret prime p */
2983 bn_dup_nil(L, key.rsa->p); 3245 RSA_get0_factors(key.rsa, &i, NULL);
3246 bn_dup_nil(L, i);
2984 3247
2985 break; 3248 break;
2986 case PK_RSA_Q: 3249 case PK_RSA_Q:
2987 /* RSA secret prime q with p < q */ 3250 /* RSA secret prime q with p < q */
2988 bn_dup_nil(L, key.rsa->q); 3251 RSA_get0_factors(key.rsa, NULL, &i);
3252 bn_dup_nil(L, i);
2989 3253
2990 break; 3254 break;
2991 case PK_RSA_DMP1: 3255 case PK_RSA_DMP1:
2992 /* exponent1 */ 3256 /* exponent1 */
2993 bn_dup_nil(L, key.rsa->dmp1); 3257 RSA_get0_crt_params(key.rsa, &i, NULL, NULL);
3258 bn_dup_nil(L, i);
2994 3259
2995 break; 3260 break;
2996 case PK_RSA_DMQ1: 3261 case PK_RSA_DMQ1:
2997 /* exponent2 */ 3262 /* exponent2 */
2998 bn_dup_nil(L, key.rsa->dmq1); 3263 RSA_get0_crt_params(key.rsa, NULL, &i, NULL);
3264 bn_dup_nil(L, i);
2999 3265
3000 break; 3266 break;
3001 case PK_RSA_IQMP: 3267 case PK_RSA_IQMP:
3002 /* coefficient */ 3268 /* coefficient */
3003 bn_dup_nil(L, key.rsa->iqmp); 3269 RSA_get0_crt_params(key.rsa, NULL, NULL, &i);
3270 bn_dup_nil(L, i);
3004 3271
3005 break; 3272 break;
3006 case PK_DSA_P: 3273 case PK_DSA_P:
3007 bn_dup_nil(L, key.dsa->p); 3274 DSA_get0_pqg(key.dsa, &i, NULL, NULL);
3275 bn_dup_nil(L, i);
3008 3276
3009 break; 3277 break;
3010 case PK_DSA_Q: 3278 case PK_DSA_Q:
3011 bn_dup_nil(L, key.dsa->q); 3279 DSA_get0_pqg(key.dsa, NULL, &i, NULL);
3280 bn_dup_nil(L, i);
3012 3281
3013 break; 3282 break;
3014 case PK_DSA_G: 3283 case PK_DSA_G:
3015 bn_dup_nil(L, key.dsa->g); 3284 DSA_get0_pqg(key.dsa, NULL, NULL, &i);
3285 bn_dup_nil(L, i);
3016 3286
3017 break; 3287 break;
3018 case PK_DSA_PUB_KEY: 3288 case PK_DSA_PUB_KEY:
3019 bn_dup_nil(L, key.dsa->pub_key); 3289 DSA_get0_key(key.dsa, &i, NULL);
3290 bn_dup_nil(L, i);
3020 3291
3021 break; 3292 break;
3022 case PK_DSA_PRIV_KEY: 3293 case PK_DSA_PRIV_KEY:
3023 bn_dup_nil(L, key.dsa->priv_key); 3294 DSA_get0_key(key.dsa, NULL, &i);
3295 bn_dup_nil(L, i);
3024 3296
3025 break; 3297 break;
3026 case PK_DH_P: 3298 case PK_DH_P:
3027 bn_dup_nil(L, key.dh->p); 3299 DH_get0_pqg(key.dh, &i, NULL, NULL);
3300 bn_dup_nil(L, i);
3028 3301
3029 break; 3302 break;
3030 case PK_DH_G: 3303 case PK_DH_G:
3031 bn_dup_nil(L, key.dh->g); 3304 DH_get0_pqg(key.dh, NULL, NULL, &i);
3305 bn_dup_nil(L, i);
3032 3306
3033 break; 3307 break;
3034 case PK_DH_PUB_KEY: 3308 case PK_DH_PUB_KEY:
3035 bn_dup_nil(L, key.dh->pub_key); 3309 DH_get0_key(key.dh, &i, NULL);
3310 bn_dup_nil(L, i);
3036 3311
3037 break; 3312 break;
3038 case PK_DH_PRIV_KEY: 3313 case PK_DH_PRIV_KEY:
3039 bn_dup_nil(L, key.dh->priv_key); 3314 DH_get0_key(key.dh, NULL, &i);
3315 bn_dup_nil(L, i);
3040 3316
3041 break; 3317 break;
3042#ifndef OPENSSL_NO_EC 3318#ifndef OPENSSL_NO_EC
@@ -3069,22 +3345,9 @@ static void pk_pushparam(lua_State *L, void *base_key, enum pk_param which) {
3069} /* pk_pushparam() */ 3345} /* pk_pushparam() */
3070 3346
3071 3347
3072static _Bool pk_bn_set_nothrow(BIGNUM **dst, BIGNUM *src) { 3348#define pk_setparam_bn_dup(L, index, dst) do { \
3073 BIGNUM *tmp; 3349 BIGNUM *tmp = checkbig((L), (index)); \
3074 3350 if (!(*dst = BN_dup(tmp))) \
3075 if (!(tmp = BN_dup(src)))
3076 return 0;
3077
3078 if (*dst)
3079 BN_clear_free(*dst);
3080 *dst = tmp;
3081
3082 return 1;
3083} /* pk_bn_set_nothrow() */
3084
3085#define pk_bn_set(L, dst, index) do { \
3086 BIGNUM *n = checkbig((L), (index)); \
3087 if (!pk_bn_set_nothrow((dst), n)) \
3088 goto sslerr; \ 3351 goto sslerr; \
3089} while (0) 3352} while (0)
3090 3353
@@ -3097,74 +3360,92 @@ static void pk_setparam(lua_State *L, void *base_key, enum pk_param which, int i
3097 EC_KEY *ec; 3360 EC_KEY *ec;
3098#endif 3361#endif
3099 } key = { base_key }; 3362 } key = { base_key };
3363 BIGNUM *i;
3100 3364
3101 switch (which) { 3365 switch (which) {
3102 case PK_RSA_N: 3366 case PK_RSA_N:
3103 pk_bn_set(L, &key.rsa->n, index); 3367 pk_setparam_bn_dup(L, index, &i);
3368 RSA_set0_key(key.rsa, i, NULL, NULL);
3104 3369
3105 break; 3370 break;
3106 case PK_RSA_E: 3371 case PK_RSA_E:
3107 pk_bn_set(L, &key.rsa->e, index); 3372 pk_setparam_bn_dup(L, index, &i);
3373 RSA_set0_key(key.rsa, NULL, i, NULL);
3108 3374
3109 break; 3375 break;
3110 case PK_RSA_D: 3376 case PK_RSA_D:
3111 pk_bn_set(L, &key.rsa->d, index); 3377 pk_setparam_bn_dup(L, index, &i);
3378 RSA_set0_key(key.rsa, NULL, NULL, i);
3112 3379
3113 break; 3380 break;
3114 case PK_RSA_P: 3381 case PK_RSA_P:
3115 pk_bn_set(L, &key.rsa->p, index); 3382 pk_setparam_bn_dup(L, index, &i);
3383 RSA_set0_factors(key.rsa, i, NULL);
3116 3384
3117 break; 3385 break;
3118 case PK_RSA_Q: 3386 case PK_RSA_Q:
3119 pk_bn_set(L, &key.rsa->q, index); 3387 pk_setparam_bn_dup(L, index, &i);
3388 RSA_set0_factors(key.rsa, NULL, i);
3120 3389
3121 break; 3390 break;
3122 case PK_RSA_DMP1: 3391 case PK_RSA_DMP1:
3123 pk_bn_set(L, &key.rsa->dmp1, index); 3392 pk_setparam_bn_dup(L, index, &i);
3393 RSA_set0_crt_params(key.rsa, i, NULL, NULL);
3124 3394
3125 break; 3395 break;
3126 case PK_RSA_DMQ1: 3396 case PK_RSA_DMQ1:
3127 pk_bn_set(L, &key.rsa->dmq1, index); 3397 pk_setparam_bn_dup(L, index, &i);
3398 RSA_set0_crt_params(key.rsa, NULL, i, NULL);
3128 3399
3129 break; 3400 break;
3130 case PK_RSA_IQMP: 3401 case PK_RSA_IQMP:
3131 pk_bn_set(L, &key.rsa->iqmp, index); 3402 pk_setparam_bn_dup(L, index, &i);
3403 RSA_set0_crt_params(key.rsa, NULL, NULL, i);
3132 3404
3133 break; 3405 break;
3134 case PK_DSA_P: 3406 case PK_DSA_P:
3135 pk_bn_set(L, &key.dsa->p, index); 3407 pk_setparam_bn_dup(L, index, &i);
3408 DSA_set0_pqg(key.dsa, i, NULL, NULL);
3136 3409
3137 break; 3410 break;
3138 case PK_DSA_Q: 3411 case PK_DSA_Q:
3139 pk_bn_set(L, &key.dsa->q, index); 3412 pk_setparam_bn_dup(L, index, &i);
3413 DSA_set0_pqg(key.dsa, NULL, i, NULL);
3140 3414
3141 break; 3415 break;
3142 case PK_DSA_G: 3416 case PK_DSA_G:
3143 pk_bn_set(L, &key.dsa->g, index); 3417 pk_setparam_bn_dup(L, index, &i);
3418 DSA_set0_pqg(key.dsa, NULL, NULL, i);
3144 3419
3145 break; 3420 break;
3146 case PK_DSA_PUB_KEY: 3421 case PK_DSA_PUB_KEY:
3147 pk_bn_set(L, &key.dsa->pub_key, index); 3422 pk_setparam_bn_dup(L, index, &i);
3423 DSA_set0_key(key.dsa, i, NULL);
3148 3424
3149 break; 3425 break;
3150 case PK_DSA_PRIV_KEY: 3426 case PK_DSA_PRIV_KEY:
3151 pk_bn_set(L, &key.dsa->priv_key, index); 3427 pk_setparam_bn_dup(L, index, &i);
3428 DSA_set0_key(key.dsa, NULL, i);
3152 3429
3153 break; 3430 break;
3154 case PK_DH_P: 3431 case PK_DH_P:
3155 pk_bn_set(L, &key.dh->p, index); 3432 pk_setparam_bn_dup(L, index, &i);
3433 DH_set0_pqg(key.dh, i, NULL, NULL);
3156 3434
3157 break; 3435 break;
3158 case PK_DH_G: 3436 case PK_DH_G:
3159 pk_bn_set(L, &key.dh->g, index); 3437 pk_setparam_bn_dup(L, index, &i);
3438 DH_set0_pqg(key.dh, NULL, NULL, i);
3160 3439
3161 break; 3440 break;
3162 case PK_DH_PUB_KEY: 3441 case PK_DH_PUB_KEY:
3163 pk_bn_set(L, &key.dh->pub_key, index); 3442 pk_setparam_bn_dup(L, index, &i);
3443 DH_set0_key(key.dh, i, NULL);
3164 3444
3165 break; 3445 break;
3166 case PK_DH_PRIV_KEY: 3446 case PK_DH_PRIV_KEY:
3167 pk_bn_set(L, &key.dh->priv_key, index); 3447 pk_setparam_bn_dup(L, index, &i);
3448 DH_set0_key(key.dh, NULL, i);
3168 3449
3169 break; 3450 break;
3170#ifndef OPENSSL_NO_EC 3451#ifndef OPENSSL_NO_EC
@@ -5180,7 +5461,7 @@ static const EVP_MD *xc_signature(lua_State *L, int index, EVP_PKEY *key) {
5180 if ((id = luaL_optstring(L, index, NULL))) 5461 if ((id = luaL_optstring(L, index, NULL)))
5181 return ((md = EVP_get_digestbyname(id)))? md : EVP_md_null(); 5462 return ((md = EVP_get_digestbyname(id)))? md : EVP_md_null();
5182 5463
5183 switch (EVP_PKEY_type(key->type)) { 5464 switch (EVP_PKEY_base_id(key)) {
5184 case EVP_PKEY_RSA: 5465 case EVP_PKEY_RSA:
5185 return EVP_sha1(); 5466 return EVP_sha1();
5186 case EVP_PKEY_DSA: 5467 case EVP_PKEY_DSA:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 16:21:54 +0000