1 files changed, 97 insertions, 9 deletions
diff --git a/src/openssl.c b/src/openssl.c
index 4a290a9..03f3f8d 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -465,6 +465,48 @@ static void lib_setintegers(lua_State *L, const integer_Reg *l) {
 } /* lib_setintegers() */
+#if !HAVE_EVP_PKEY_base_id
+#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key))
+static int compat_EVP_PKEY_base_id(EVP_PKEY *key) {
+        return EVP_PKEY_type(key->type);
+} /* compat_EVP_PKEY_base_id() */
+#endif
+#if !HAVE_EVP_PKEY_get0
+#define EVP_PKEY_get0(key) compat_EVP_PKEY_get0((key))
+static void *compat_EVP_PKEY_get0(EVP_PKEY *key) {
+        void *ptr = NULL;
+        switch (EVP_PKEY_base_id(key)) {
+        case EVP_PKEY_RSA:
+                if ((ptr = EVP_PKEY_get1_RSA(key)))
+                        RSA_free(ptr);
+                break;
+        case EVP_PKEY_DSA:
+                if ((ptr = EVP_PKEY_get1_DSA(key)))
+                        DSA_free(ptr);
+                break;
+        case EVP_PKEY_DH:
+                if ((ptr = EVP_PKEY_get1_DH(key)))
+                        DH_free(ptr);
+                break;
+        case EVP_PKEY_EC:
+                if ((ptr = EVP_PKEY_get1_EC_KEY(key)))
+                        EC_KEY_free(ptr);
+                break;
+        default:
+                break;
+        }
+        return ptr;
+} /* compat_EVP_PKEY_get0() */
+#endif
 static void initall(lua_State *L);
@@ -4134,6 +4176,51 @@ static int sx_setCipherList(lua_State *L) {
 } /* sx_setCipherList() */
+static int sx_setEphemeralKey(lua_State *L) {
+        SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+        EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
+        void *tmp;
+        /*
+         * NOTE: SSL_CTX_set_tmp duplicates the keys, so we don't need to
+         * worry about lifetimes. EVP_PKEY_get0 doesn't increment the
+         * reference count.
+         */
+        switch (EVP_PKEY_base_id(key)) {
+        case EVP_PKEY_RSA:
+                if (!(tmp = EVP_PKEY_get0(key)))
+                        return throwssl(L, "ssl.context:setEphemeralKey");
+                if (!SSL_CTX_set_tmp_rsa(ctx, tmp))
+                        return throwssl(L, "ssl.context:setEphemeralKey");
+                break;
+        case EVP_PKEY_DH:
+                if (!(tmp = EVP_PKEY_get0(key)))
+                        return throwssl(L, "ssl.context:setEphemeralKey");
+                if (!SSL_CTX_set_tmp_dh(ctx, tmp))
+                        return throwssl(L, "ssl.context:setEphemeralKey");
+                break;
+        case EVP_PKEY_EC:
+                if (!(tmp = EVP_PKEY_get0(key)))
+                        return throwssl(L, "ssl.context:setEphemeralKey");
+                if (!SSL_CTX_set_tmp_ecdh(ctx, tmp))
+                        return throwssl(L, "ssl.context:setEphemeralKey");
+                break;
+        default:
+                return luaL_error(L, "%d: unsupported EVP base type", EVP_PKEY_base_id(key));
+        } /* switch() */
+        lua_pushboolean(L, 1);
+        return 1;
+} /* sx_setEphemeralKey() */
 static int sx__gc(lua_State *L) {
        SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS);
@@ -4145,15 +4232,16 @@ static int sx__gc(lua_State *L) {
 static const luaL_Reg sx_methods[] = {
-        { "setOptions",     &sx_setOptions },
+        { "setOptions",       &sx_setOptions },
-        { "getOptions",     &sx_getOptions },
+        { "getOptions",       &sx_getOptions },
-        { "clearOptions",   &sx_clearOptions },
+        { "clearOptions",     &sx_clearOptions },
-        { "setStore",       &sx_setStore },
+        { "setStore",         &sx_setStore },
-        { "setVerify",      &sx_setVerify },
+        { "setVerify",        &sx_setVerify },
-        { "getVerify",      &sx_getVerify },
+        { "getVerify",        &sx_getVerify },
-        { "setCertificate", &sx_setCertificate },
+        { "setCertificate",   &sx_setCertificate },
-        { "setPrivateKey",  &sx_setPrivateKey },
+        { "setPrivateKey",    &sx_setPrivateKey },
-        { "setCipherList",  &sx_setCipherList },
+        { "setCipherList",    &sx_setCipherList },
+        { "setEphemeralKey",  &sx_setEphemeralKey },
        { NULL, NULL },
 };

diff --git a/src/openssl.c b/src/openssl.c index 4a290a9..03f3f8d 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -465,6 +465,48 @@ static void lib_setintegers(lua_State L, const integer_Reg l) {
465	} /* lib_setintegers() */	465	} /* lib_setintegers() */
466		466
467		467
		468
		469	#if !HAVE_EVP_PKEY_base_id
		470	#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key))
		471
		472	static int compat_EVP_PKEY_base_id(EVP_PKEY *key) {
		473	return EVP_PKEY_type(key->type);
		474	} /* compat_EVP_PKEY_base_id() */
		475	#endif
		476
		477
		478	#if !HAVE_EVP_PKEY_get0
		479	#define EVP_PKEY_get0(key) compat_EVP_PKEY_get0((key))
		480
		481	static void compat_EVP_PKEY_get0(EVP_PKEY key) {
		482	void *ptr = NULL;
		483
		484	switch (EVP_PKEY_base_id(key)) {
		485	case EVP_PKEY_RSA:
		486	if ((ptr = EVP_PKEY_get1_RSA(key)))
		487	RSA_free(ptr);
		488	break;
		489	case EVP_PKEY_DSA:
		490	if ((ptr = EVP_PKEY_get1_DSA(key)))
		491	DSA_free(ptr);
		492	break;
		493	case EVP_PKEY_DH:
		494	if ((ptr = EVP_PKEY_get1_DH(key)))
		495	DH_free(ptr);
		496	break;
		497	case EVP_PKEY_EC:
		498	if ((ptr = EVP_PKEY_get1_EC_KEY(key)))
		499	EC_KEY_free(ptr);
		500	break;
		501	default:
		502	break;
		503	}
		504
		505	return ptr;
		506	} /* compat_EVP_PKEY_get0() */
		507	#endif
		508
		509
468	static void initall(lua_State *L);	510	static void initall(lua_State *L);
469		511
470		512
@@ -4134,6 +4176,51 @@ static int sx_setCipherList(lua_State *L) {
4134	} /* sx_setCipherList() */	4176	} /* sx_setCipherList() */
4135		4177
4136		4178
		4179	static int sx_setEphemeralKey(lua_State *L) {
		4180	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
		4181	EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
		4182	void *tmp;
		4183
		4184	/*
		4185	* NOTE: SSL_CTX_set_tmp duplicates the keys, so we don't need to
		4186	* worry about lifetimes. EVP_PKEY_get0 doesn't increment the
		4187	* reference count.
		4188	*/
		4189	switch (EVP_PKEY_base_id(key)) {
		4190	case EVP_PKEY_RSA:
		4191	if (!(tmp = EVP_PKEY_get0(key)))
		4192	return throwssl(L, "ssl.context:setEphemeralKey");
		4193
		4194	if (!SSL_CTX_set_tmp_rsa(ctx, tmp))
		4195	return throwssl(L, "ssl.context:setEphemeralKey");
		4196
		4197	break;
		4198	case EVP_PKEY_DH:
		4199	if (!(tmp = EVP_PKEY_get0(key)))
		4200	return throwssl(L, "ssl.context:setEphemeralKey");
		4201
		4202	if (!SSL_CTX_set_tmp_dh(ctx, tmp))
		4203	return throwssl(L, "ssl.context:setEphemeralKey");
		4204
		4205	break;
		4206	case EVP_PKEY_EC:
		4207	if (!(tmp = EVP_PKEY_get0(key)))
		4208	return throwssl(L, "ssl.context:setEphemeralKey");
		4209
		4210	if (!SSL_CTX_set_tmp_ecdh(ctx, tmp))
		4211	return throwssl(L, "ssl.context:setEphemeralKey");
		4212
		4213	break;
		4214	default:
		4215	return luaL_error(L, "%d: unsupported EVP base type", EVP_PKEY_base_id(key));
		4216	} /* switch() */
		4217
		4218	lua_pushboolean(L, 1);
		4219
		4220	return 1;
		4221	} /* sx_setEphemeralKey() */
		4222
		4223
4137	static int sx__gc(lua_State *L) {	4224	static int sx__gc(lua_State *L) {
4138	SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS);	4225	SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS);
4139		4226
@@ -4145,15 +4232,16 @@ static int sx__gc(lua_State *L) {
4145		4232
4146		4233
4147	static const luaL_Reg sx_methods[] = {	4234	static const luaL_Reg sx_methods[] = {
4148	{ "setOptions", &sx_setOptions },	4235	{ "setOptions", &sx_setOptions },
4149	{ "getOptions", &sx_getOptions },	4236	{ "getOptions", &sx_getOptions },
4150	{ "clearOptions", &sx_clearOptions },	4237	{ "clearOptions", &sx_clearOptions },
4151	{ "setStore", &sx_setStore },	4238	{ "setStore", &sx_setStore },
4152	{ "setVerify", &sx_setVerify },	4239	{ "setVerify", &sx_setVerify },
4153	{ "getVerify", &sx_getVerify },	4240	{ "getVerify", &sx_getVerify },
4154	{ "setCertificate", &sx_setCertificate },	4241	{ "setCertificate", &sx_setCertificate },
4155	{ "setPrivateKey", &sx_setPrivateKey },	4242	{ "setPrivateKey", &sx_setPrivateKey },
4156	{ "setCipherList", &sx_setCipherList },	4243	{ "setCipherList", &sx_setCipherList },
		4244	{ "setEphemeralKey", &sx_setEphemeralKey },
4157	{ NULL, NULL },	4245	{ NULL, NULL },
4158	};	4246	};
4159		4247