1 files changed, 90 insertions, 2 deletions
diff --git a/src/openssl.c b/src/openssl.c
index a11e6ae..bd62996 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -3060,6 +3060,7 @@ static int pk_new(lua_State *L) {
                unsigned exp = 65537;
                int curve = NID_X9_62_prime192v1;
                const char *id;
+                const char *dhparam = NULL;
                lua_Number n;
                if (!lua_istable(L, 1))
@@ -3101,6 +3102,9 @@ static int pk_new(lua_State *L) {
                                luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id));
                }
+                /* dhparam field can contain a PEM encoded string. */
+                loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam);
 creat:
                if (!(*ud = EVP_PKEY_new()))
                        return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -3138,9 +3142,23 @@ creat:
                case EVP_PKEY_DH: {
                        DH *dh;
-                        if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))
+                        /* DH Parameter Generation can take a long time, therefore we look
+                         * at the "dhparam" field, provided by the user.
+                         * The "dhparam" field takes precedence over "bits"
+                         */
+                        if (dhparam) {
+                                BIO *bio = BIO_new_mem_buf((void*)dhparam, strlen(dhparam));
+                                if (!bio)
+                                        return auxL_error(L, auxL_EOPENSSL, "pkey.new");
+                                dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+                                BIO_free(bio);
+                                if (!dh)
+                                        return auxL_error(L, auxL_EOPENSSL, "pkey.new");
+                        } else if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))
                                return auxL_error(L, auxL_EOPENSSL, "pkey.new");
                        if (!DH_generate_key(dh)) {
                                DH_free(dh);
                                return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -6692,7 +6710,7 @@ static int xx_getNextUpdate(lua_State *L) {
                updateby = timeutc(time);
        if (isfinite(updateby))
-                lua_pushnumber(L, 1);
+                lua_pushnumber(L, updateby);
        else
                lua_pushnil(L);
@@ -6882,6 +6900,19 @@ static int xx_sign(lua_State *L) {
 } /* xx_sign() */
+static int xx_verify(lua_State *L) {
+        X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
+        EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
+        if (!X509_CRL_verify(crl, key))
+                return auxL_error(L, auxL_EOPENSSL, "x509.crl:verify");
+        lua_pushboolean(L, 1);
+        return 1;
+} /* xx_verify() */
 static int xx_text(lua_State *L) {
        X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
@@ -6951,6 +6982,7 @@ static const auxL_Reg xx_methods[] = {
        { "getExtension",   &xx_getExtension },
        { "getExtensionCount", &xx_getExtensionCount },
        { "sign",           &xx_sign },
+        { "verify",         &xx_verify },
        { "text",           &xx_text },
        { "tostring",       &xx__tostring },
        { NULL,             NULL },
@@ -7478,6 +7510,61 @@ static int p12_interpose(lua_State *L) {
 } /* p12_interpose() */
+static int p12_parse(lua_State *L) {
+        /* parse a p12 binary string and return the parts */
+        EVP_PKEY *pkey;
+        X509 *cert;
+        STACK_OF(X509) *ca = NULL;
+        PKCS12 *p12;
+        /* gather input parameters */
+        size_t len;
+        const char *blob = luaL_checklstring(L, 1, &len);
+        const char *passphrase = luaL_optstring(L, 2, NULL);
+        /* prepare return values */
+        EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS);
+        X509 **ud_cert = prepsimple(L, X509_CERT_CLASS);
+        STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS);
+        /* Note: *ud_chain must be initialised to NULL, which prepsimple does. */
+        /* read PKCS#12 data into OpenSSL memory buffer */
+        BIO *bio = BIO_new_mem_buf((void*)blob, len);
+        if (!bio)
+                return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
+        p12 = d2i_PKCS12_bio(bio, NULL);
+        BIO_free(bio);
+        if (!p12)
+                return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
+        /* the p12 pointer holds the data we're interested in */
+        int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain);
+        PKCS12_free(p12);
+        if (!rc)
+                auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
+        /* replace the return values by nil if the ud pointers are NULL */
+        if (*ud_pkey == NULL) {
+                lua_pushnil(L);
+                lua_replace(L, -4);
+        }
+        if (*ud_cert == NULL) {
+                lua_pushnil(L);
+                lua_replace(L, -3);
+        }
+        /* other certificates (a chain, STACK_OF(X509) *) */
+        if (*ud_chain == NULL) {
+                lua_pop(L, 1);
+                lua_pushnil(L);
+        }
+        return 3;
+} /* p12_parse() */
 static int p12__tostring(lua_State *L) {
        PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS);
        BIO *bio = getbio(L);
@@ -7521,6 +7608,7 @@ static const auxL_Reg p12_metatable[] = {
 static const auxL_Reg p12_globals[] = {
        { "new",       &p12_new },
        { "interpose", &p12_interpose },
+        { "parse",     &p12_parse },
        { NULL,        NULL },
 };

diff --git a/src/openssl.c b/src/openssl.c index a11e6ae..bd62996 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -3060,6 +3060,7 @@ static int pk_new(lua_State *L) {
3060	unsigned exp = 65537;	3060	unsigned exp = 65537;
3061	int curve = NID_X9_62_prime192v1;	3061	int curve = NID_X9_62_prime192v1;
3062	const char *id;	3062	const char *id;
		3063	const char *dhparam = NULL;
3063	lua_Number n;	3064	lua_Number n;
3064		3065
3065	if (!lua_istable(L, 1))	3066	if (!lua_istable(L, 1))
@@ -3101,6 +3102,9 @@ static int pk_new(lua_State *L) {
3101	luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id));	3102	luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id));
3102	}	3103	}
3103		3104
		3105	/* dhparam field can contain a PEM encoded string. */
		3106	loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam);
		3107
3104	creat:	3108	creat:
3105	if (!(*ud = EVP_PKEY_new()))	3109	if (!(*ud = EVP_PKEY_new()))
3106	return auxL_error(L, auxL_EOPENSSL, "pkey.new");	3110	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -3138,9 +3142,23 @@ creat:
3138	case EVP_PKEY_DH: {	3142	case EVP_PKEY_DH: {
3139	DH *dh;	3143	DH *dh;
3140		3144
3141	if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))	3145	/* DH Parameter Generation can take a long time, therefore we look
		3146	* at the "dhparam" field, provided by the user.
		3147	* The "dhparam" field takes precedence over "bits"
		3148	*/
		3149	if (dhparam) {
		3150	BIO bio = BIO_new_mem_buf((void)dhparam, strlen(dhparam));
		3151	if (!bio)
		3152	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
		3153
		3154	dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
		3155	BIO_free(bio);
		3156	if (!dh)
		3157	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
		3158	} else if (!(dh = DH_generate_parameters(bits, exp, 0, 0)))
3142	return auxL_error(L, auxL_EOPENSSL, "pkey.new");	3159	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
3143		3160
		3161
3144	if (!DH_generate_key(dh)) {	3162	if (!DH_generate_key(dh)) {
3145	DH_free(dh);	3163	DH_free(dh);
3146	return auxL_error(L, auxL_EOPENSSL, "pkey.new");	3164	return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -6692,7 +6710,7 @@ static int xx_getNextUpdate(lua_State *L) {
6692	updateby = timeutc(time);	6710	updateby = timeutc(time);
6693		6711
6694	if (isfinite(updateby))	6712	if (isfinite(updateby))
6695	lua_pushnumber(L, 1);	6713	lua_pushnumber(L, updateby);
6696	else	6714	else
6697	lua_pushnil(L);	6715	lua_pushnil(L);
6698		6716
@@ -6882,6 +6900,19 @@ static int xx_sign(lua_State *L) {
6882	} /* xx_sign() */	6900	} /* xx_sign() */
6883		6901
6884		6902
		6903	static int xx_verify(lua_State *L) {
		6904	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
		6905	EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
		6906
		6907	if (!X509_CRL_verify(crl, key))
		6908	return auxL_error(L, auxL_EOPENSSL, "x509.crl:verify");
		6909
		6910	lua_pushboolean(L, 1);
		6911
		6912	return 1;
		6913	} /* xx_verify() */
		6914
		6915
6885	static int xx_text(lua_State *L) {	6916	static int xx_text(lua_State *L) {
6886	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);	6917	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6887		6918
@@ -6951,6 +6982,7 @@ static const auxL_Reg xx_methods[] = {
6951	{ "getExtension", &xx_getExtension },	6982	{ "getExtension", &xx_getExtension },
6952	{ "getExtensionCount", &xx_getExtensionCount },	6983	{ "getExtensionCount", &xx_getExtensionCount },
6953	{ "sign", &xx_sign },	6984	{ "sign", &xx_sign },
		6985	{ "verify", &xx_verify },
6954	{ "text", &xx_text },	6986	{ "text", &xx_text },
6955	{ "tostring", &xx__tostring },	6987	{ "tostring", &xx__tostring },
6956	{ NULL, NULL },	6988	{ NULL, NULL },
@@ -7478,6 +7510,61 @@ static int p12_interpose(lua_State *L) {
7478	} /* p12_interpose() */	7510	} /* p12_interpose() */
7479		7511
7480		7512
		7513	static int p12_parse(lua_State *L) {
		7514	/* parse a p12 binary string and return the parts */
		7515
		7516	EVP_PKEY *pkey;
		7517	X509 *cert;
		7518	STACK_OF(X509) *ca = NULL;
		7519	PKCS12 *p12;
		7520
		7521	/* gather input parameters */
		7522	size_t len;
		7523	const char *blob = luaL_checklstring(L, 1, &len);
		7524	const char *passphrase = luaL_optstring(L, 2, NULL);
		7525
		7526	/* prepare return values */
		7527	EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS);
		7528	X509 **ud_cert = prepsimple(L, X509_CERT_CLASS);
		7529	STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS);
		7530	/* Note: ud_chain must be initialised to NULL, which prepsimple does. /
		7531
		7532	/* read PKCS#12 data into OpenSSL memory buffer */
		7533	BIO bio = BIO_new_mem_buf((void)blob, len);
		7534	if (!bio)
		7535	return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
		7536	p12 = d2i_PKCS12_bio(bio, NULL);
		7537	BIO_free(bio);
		7538	if (!p12)
		7539	return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
		7540
		7541	/* the p12 pointer holds the data we're interested in */
		7542	int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain);
		7543	PKCS12_free(p12);
		7544	if (!rc)
		7545	auxL_error(L, auxL_EOPENSSL, "pkcs12.parse");
		7546
		7547	/* replace the return values by nil if the ud pointers are NULL */
		7548	if (*ud_pkey == NULL) {
		7549	lua_pushnil(L);
		7550	lua_replace(L, -4);
		7551	}
		7552
		7553	if (*ud_cert == NULL) {
		7554	lua_pushnil(L);
		7555	lua_replace(L, -3);
		7556	}
		7557
		7558	/* other certificates (a chain, STACK_OF(X509) ) /
		7559	if (*ud_chain == NULL) {
		7560	lua_pop(L, 1);
		7561	lua_pushnil(L);
		7562	}
		7563
		7564	return 3;
		7565	} /* p12_parse() */
		7566
		7567
7481	static int p12__tostring(lua_State *L) {	7568	static int p12__tostring(lua_State *L) {
7482	PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS);	7569	PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS);
7483	BIO *bio = getbio(L);	7570	BIO *bio = getbio(L);
@@ -7521,6 +7608,7 @@ static const auxL_Reg p12_metatable[] = {
7521	static const auxL_Reg p12_globals[] = {	7608	static const auxL_Reg p12_globals[] = {
7522	{ "new", &p12_new },	7609	{ "new", &p12_new },
7523	{ "interpose", &p12_interpose },	7610	{ "interpose", &p12_interpose },
		7611	{ "parse", &p12_parse },
7524	{ NULL, NULL },	7612	{ NULL, NULL },
7525	};	7613	};
7526		7614