summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/GNUmakefile9
-rw-r--r--src/openssl.auxlib.lua21
-rw-r--r--src/openssl.c1004
-rw-r--r--src/openssl.x509.altname.lua3
-rw-r--r--src/openssl.x509.name.lua3
5 files changed, 845 insertions, 195 deletions
diff --git a/src/GNUmakefile b/src/GNUmakefile
index 3aff30a..e7cb54d 100644
--- a/src/GNUmakefile
+++ b/src/GNUmakefile
@@ -18,9 +18,9 @@ include $(d)/../GNUmakefile
18# 18#
19OS_$(d) = $(shell $(d)/../mk/vendor.os) 19OS_$(d) = $(shell $(d)/../mk/vendor.os)
20CC_$(d) = $(shell env CC="$(CC) "$(d)/../mk/vendor.cc) 20CC_$(d) = $(shell env CC="$(CC) "$(d)/../mk/vendor.cc)
21LUAPATH_$(d) = $(shell env CC="$(CC)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(<D)/../mk/lua.path -krxm3 -I$(DESTDIR)$(includedir) -I/usr/include -I/usr/local/include -P$(DESTDIR)$(bindir) -P$(bindir) -L$(DESTDIR)$(libdir) -L$(libdir) -v$(1) $(2)) 21LUAPATH_$(d) = $(shell env CC="$(CC)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" $(<D)/../mk/luapath -krxm3 -I$(DESTDIR)$(includedir) -I/usr/include -I/usr/local/include -P$(DESTDIR)$(bindir) -P$(bindir) -L$(DESTDIR)$(libdir) -L$(libdir) -v$(1) $(2))
22 22
23CPPFLAGS_$(d) = $(CPPFLAGS_$(abspath $(@D)/../..)) -DLUA_COMPAT_APIINTCASTS 23CPPFLAGS_$(d) = $(CPPFLAGS_$(abspath $(@D)/../..)) -DLUA_COMPAT_APIINTCASTS -DHAVE_CONFIG_H
24CFLAGS_$(d) = $(CFLAGS_$(abspath $(@D)/../..)) 24CFLAGS_$(d) = $(CFLAGS_$(abspath $(@D)/../..))
25LDFLAGS_$(d) = $(LDFLAGS_$(abspath $(@D)/../..)) 25LDFLAGS_$(d) = $(LDFLAGS_$(abspath $(@D)/../..))
26SOFLAGS_$(d) = $(SOFLAGS_$(abspath $(@D)/../..)) 26SOFLAGS_$(d) = $(SOFLAGS_$(abspath $(@D)/../..))
@@ -41,6 +41,8 @@ endif
41# 41#
42# C O M P I L A T I O N R U L E S 42# C O M P I L A T I O N R U L E S
43# 43#
44$(d)/config.h: $(abspath $(d)/..)/config.h
45 $(CP) $< $@
44 46
45define BUILD_$(d) 47define BUILD_$(d)
46 48
@@ -49,7 +51,7 @@ define BUILD_$(d)
49$$(d)/$(1)/openssl.so: $$(d)/$(1)/openssl.o 51$$(d)/$(1)/openssl.so: $$(d)/$(1)/openssl.o
50 $$(CC) -o $$@ $$^ $$(SOFLAGS_$$(abspath $$(@D)/..)) $$(SOFLAGS) $$(LDFLAGS_$$(abspath $$(@D)/..)) $$(LDFLAGS) 52 $$(CC) -o $$@ $$^ $$(SOFLAGS_$$(abspath $$(@D)/..)) $$(SOFLAGS) $$(LDFLAGS_$$(abspath $$(@D)/..)) $$(LDFLAGS)
51 53
52$$(d)/$(1)/openssl.o: $$(d)/openssl.c $$(d)/compat52.h 54$$(d)/$(1)/openssl.o: $$(d)/openssl.c $$(d)/compat52.h $$(d)/config.h
53 test "$$(notdir $$(@D))" = "$$(call LUAPATH_$$(<D), $$(notdir $$(@D)), version)" 55 test "$$(notdir $$(@D))" = "$$(call LUAPATH_$$(<D), $$(notdir $$(@D)), version)"
54 $$(MKDIR) -p $$(@D) 56 $$(MKDIR) -p $$(@D)
55 $$(CC) $$(CFLAGS_$$(<D)) $$(CFLAGS) $$(call LUAPATH_$$(<D), $$(notdir $$(@D)), cppflags) $$(CPPFLAGS_$$(<D)) $$(CPPFLAGS) -c -o $$@ $$< 57 $$(CC) $$(CFLAGS_$$(<D)) $$(CFLAGS) $$(call LUAPATH_$$(<D), $$(notdir $$(@D)), cppflags) $$(CPPFLAGS_$$(<D)) $$(CPPFLAGS) -c -o $$@ $$<
@@ -88,6 +90,7 @@ LUAC$(1)_$(d) = $$(or $$(call LUAPATH_$(d), $(1), luac), true)
88MODS$(1)_$(d) = \ 90MODS$(1)_$(d) = \
89 $$(DESTDIR)$(2)/_openssl.so \ 91 $$(DESTDIR)$(2)/_openssl.so \
90 $$(DESTDIR)$(3)/openssl.lua \ 92 $$(DESTDIR)$(3)/openssl.lua \
93 $$(DESTDIR)$(3)/openssl/auxlib.lua \
91 $$(DESTDIR)$(3)/openssl/bignum.lua \ 94 $$(DESTDIR)$(3)/openssl/bignum.lua \
92 $$(DESTDIR)$(3)/openssl/pkey.lua \ 95 $$(DESTDIR)$(3)/openssl/pkey.lua \
93 $$(DESTDIR)$(3)/openssl/pubkey.lua \ 96 $$(DESTDIR)$(3)/openssl/pubkey.lua \
diff --git a/src/openssl.auxlib.lua b/src/openssl.auxlib.lua
new file mode 100644
index 0000000..4f00c25
--- /dev/null
+++ b/src/openssl.auxlib.lua
@@ -0,0 +1,21 @@
1local auxlib = {}
2
3if _VERSION == "Lua 5.1" then
4 local _pairs = pairs
5
6 function auxlib.pairs(t)
7 if type(t) == "userdata" then
8 local mt = getmetatable(t)
9
10 if mt and mt.__pairs then
11 return mt.__pairs(t)
12 else
13 return _pairs(t)
14 end
15 end
16 end
17else
18 auxlib.pairs = pairs
19end
20
21return auxlib
diff --git a/src/openssl.c b/src/openssl.c
index 2275d49..ed7222e 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -23,6 +23,10 @@
23 * USE OR OTHER DEALINGS IN THE SOFTWARE. 23 * USE OR OTHER DEALINGS IN THE SOFTWARE.
24 * ========================================================================== 24 * ==========================================================================
25 */ 25 */
26#if HAVE_CONFIG_H
27#include "config.h"
28#endif
29
26#include <limits.h> /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */ 30#include <limits.h> /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */
27#include <stdint.h> /* uintptr_t */ 31#include <stdint.h> /* uintptr_t */
28#include <string.h> /* memset(3) strerror_r(3) */ 32#include <string.h> /* memset(3) strerror_r(3) */
@@ -79,24 +83,40 @@
79#define LIBRESSL_PREREQ(M, m, p) \ 83#define LIBRESSL_PREREQ(M, m, p) \
80 (LIBRESSL_VERSION_NUMBER >= (((M) << 28) | ((m) << 20) | ((p) << 12))) 84 (LIBRESSL_VERSION_NUMBER >= (((M) << 28) | ((m) << 20) | ((p) << 12)))
81 85
82#ifndef HAVE_DLADDR 86#ifndef HAVE_ASN1_STRING_GET0_DATA
83#define HAVE_DLADDR (!defined _AIX) /* TODO: https://root.cern.ch/drupal/content/aix-and-dladdr */ 87#define HAVE_ASN1_STRING_GET0_DATA OPENSSL_PREREQ(1,1,0)
84#endif 88#endif
85 89
86#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS 90#ifndef HAVE_DH_GET0_KEY
87#define HAVE_SSL_CTX_SET_ALPN_PROTOS OPENSSL_PREREQ(1, 0, 2) 91#define HAVE_DH_GET0_KEY OPENSSL_PREREQ(1,1,0)
88#endif 92#endif
89 93
90#ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB 94#ifndef HAVE_DH_GET0_PQG
91#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB HAVE_SSL_CTX_SET_ALPN_PROTOS 95#define HAVE_DH_GET0_PQG OPENSSL_PREREQ(1,1,0)
92#endif 96#endif
93 97
94#ifndef HAVE_SSL_SET_ALPN_PROTOS 98#ifndef HAVE_DH_SET0_KEY
95#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS 99#define HAVE_DH_SET0_KEY OPENSSL_PREREQ(1,1,0)
96#endif 100#endif
97 101
98#ifndef HAVE_SSL_GET0_ALPN_SELECTED 102#ifndef HAVE_DH_SET0_PQG
99#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS 103#define HAVE_DH_SET0_PQG OPENSSL_PREREQ(1,1,0)
104#endif
105
106#ifndef HAVE_DSA_GET0_KEY
107#define HAVE_DSA_GET0_KEY OPENSSL_PREREQ(1,1,0)
108#endif
109
110#ifndef HAVE_DSA_GET0_PQG
111#define HAVE_DSA_GET0_PQG OPENSSL_PREREQ(1,1,0)
112#endif
113
114#ifndef HAVE_DSA_SET0_KEY
115#define HAVE_DSA_SET0_KEY OPENSSL_PREREQ(1,1,0)
116#endif
117
118#ifndef HAVE_DSA_SET0_PQG
119#define HAVE_DSA_SET0_PQG OPENSSL_PREREQ(1,1,0)
100#endif 120#endif
101 121
102#ifndef HAVE_DTLSV1_CLIENT_METHOD 122#ifndef HAVE_DTLSV1_CLIENT_METHOD
@@ -108,7 +128,7 @@
108#endif 128#endif
109 129
110#ifndef HAVE_DTLS_CLIENT_METHOD 130#ifndef HAVE_DTLS_CLIENT_METHOD
111#define HAVE_DTLS_CLIENT_METHOD (OPENSSL_PREREQ(1, 0, 2) && !defined OPENSSL_NO_DTLS1) 131#define HAVE_DTLS_CLIENT_METHOD (OPENSSL_PREREQ(1,0,2) && !defined OPENSSL_NO_DTLS1)
112#endif 132#endif
113 133
114#ifndef HAVE_DTLS_SERVER_METHOD 134#ifndef HAVE_DTLS_SERVER_METHOD
@@ -116,13 +136,133 @@
116#endif 136#endif
117 137
118#ifndef HAVE_DTLSV1_2_CLIENT_METHOD 138#ifndef HAVE_DTLSV1_2_CLIENT_METHOD
119#define HAVE_DTLSV1_2_CLIENT_METHOD (OPENSSL_PREREQ(1, 0, 2) && !defined OPENSSL_NO_DTLS1) 139#define HAVE_DTLSV1_2_CLIENT_METHOD (OPENSSL_PREREQ(1,0,2) && !defined OPENSSL_NO_DTLS1)
120#endif 140#endif
121 141
122#ifndef HAVE_DTLSV1_2_SERVER_METHOD 142#ifndef HAVE_DTLSV1_2_SERVER_METHOD
123#define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD 143#define HAVE_DTLSV1_2_SERVER_METHOD HAVE_DTLSV1_2_CLIENT_METHOD
124#endif 144#endif
125 145
146#ifndef HAVE_EVP_CIPHER_CTX_FREE
147#define HAVE_EVP_CIPHER_CTX_FREE OPENSSL_PREREQ(1,1,0)
148#endif
149
150#ifndef HAVE_EVP_CIPHER_CTX_NEW
151#define HAVE_EVP_CIPHER_CTX_NEW OPENSSL_PREREQ(1,1,0)
152#endif
153
154#ifndef HAVE_EVP_MD_CTX_FREE
155#define HAVE_EVP_MD_CTX_FREE OPENSSL_PREREQ(1,1,0)
156#endif
157
158#ifndef HAVE_EVP_MD_CTX_NEW
159#define HAVE_EVP_MD_CTX_NEW OPENSSL_PREREQ(1,1,0)
160#endif
161
162#ifndef HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID
163#define HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID OPENSSL_PREREQ(0,9,9)
164#endif
165
166#ifndef HAVE_EVP_PKEY_BASE_ID
167#define HAVE_EVP_PKEY_BASE_ID OPENSSL_PREREQ(1,1,0)
168#endif
169
170#ifndef HAVE_EVP_PKEY_GET0
171#define HAVE_EVP_PKEY_GET0 OPENSSL_PREREQ(1,1,0)
172#endif
173
174#ifndef HAVE_EVP_PKEY_ID
175#define HAVE_EVP_PKEY_ID OPENSSL_PREREQ(1,1,0)
176#endif
177
178#ifndef HAVE_HMAC_CTX_FREE
179#define HAVE_HMAC_CTX_FREE OPENSSL_PREREQ(1,1,0)
180#endif
181
182#ifndef HAVE_HMAC_CTX_NEW
183#define HAVE_HMAC_CTX_NEW OPENSSL_PREREQ(1,1,0)
184#endif
185
186#ifndef HAVE_I2D_RE_X509_REQ_TBS
187#define HAVE_I2D_RE_X509_REQ_TBS OPENSSL_PREREQ(1,1,0)
188#endif
189
190#ifndef HAVE_RSA_GET0_CRT_PARAMS
191#define HAVE_RSA_GET0_CRT_PARAMS OPENSSL_PREREQ(1,1,0)
192#endif
193
194#ifndef HAVE_RSA_GET0_FACTORS
195#define HAVE_RSA_GET0_FACTORS OPENSSL_PREREQ(1,1,0)
196#endif
197
198#ifndef HAVE_RSA_GET0_KEY
199#define HAVE_RSA_GET0_KEY OPENSSL_PREREQ(1,1,0)
200#endif
201
202#ifndef HAVE_RSA_SET0_CRT_PARAMS
203#define HAVE_RSA_SET0_CRT_PARAMS OPENSSL_PREREQ(1,1,0)
204#endif
205
206#ifndef HAVE_RSA_SET0_FACTORS
207#define HAVE_RSA_SET0_FACTORS OPENSSL_PREREQ(1,1,0)
208#endif
209
210#ifndef HAVE_RSA_SET0_KEY
211#define HAVE_RSA_SET0_KEY OPENSSL_PREREQ(1,1,0)
212#endif
213
214#ifndef HAVE_SSL_CLIENT_VERSION
215#define HAVE_SSL_CLIENT_VERSION OPENSSL_PREREQ(1,1,0)
216#endif
217
218#ifndef HAVE_SSL_CTX_SET_ALPN_PROTOS
219#define HAVE_SSL_CTX_SET_ALPN_PROTOS (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,1,3))
220#endif
221
222#ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB
223#define HAVE_SSL_CTX_SET_ALPN_SELECT_CB HAVE_SSL_CTX_SET_ALPN_PROTOS
224#endif
225
226#ifndef HAVE_SSL_CTX_SET1_CERT_STORE
227#define HAVE_SSL_CTX_SET1_CERT_STORE (HAVE_SSL_CTX_set1_cert_store || 0) /* backwards compatible with old macro name */
228#endif
229
230#ifndef HAVE_SSL_CTX_CERT_STORE
231#define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0))
232#endif
233
234#ifndef HAVE_SSL_SET_ALPN_PROTOS
235#define HAVE_SSL_SET_ALPN_PROTOS HAVE_SSL_CTX_SET_ALPN_PROTOS
236#endif
237
238#ifndef HAVE_SSL_GET0_ALPN_SELECTED
239#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS
240#endif
241
242#ifndef HAVE_SSL_UP_REF
243#define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0)
244#endif
245
246#ifndef HAVE_SSLV2_CLIENT_METHOD
247#define HAVE_SSLV2_CLIENT_METHOD (!OPENSSL_PREREQ(1,1,0) && !defined OPENSSL_NO_SSL2)
248#endif
249
250#ifndef HAVE_SSLV2_SERVER_METHOD
251#define HAVE_SSLV2_SERVER_METHOD (!OPENSSL_PREREQ(1,1,0) && !defined OPENSSL_NO_SSL2)
252#endif
253
254#ifndef HAVE_X509_STORE_REFERENCES
255#define HAVE_X509_STORE_REFERENCES (!OPENSSL_PREREQ(1,1,0))
256#endif
257
258#ifndef HAVE_X509_UP_REF
259#define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0)
260#endif
261
262#ifndef HMAC_INIT_EX_INT
263#define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0)
264#endif
265
126#ifndef STRERROR_R_CHAR_P 266#ifndef STRERROR_R_CHAR_P
127#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600))) 267#define STRERROR_R_CHAR_P (defined __GLIBC__ && (_GNU_SOURCE || !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600)))
128#endif 268#endif
@@ -161,9 +301,9 @@
161#define PKCS12_CLASS "PKCS12*" 301#define PKCS12_CLASS "PKCS12*"
162#define SSL_CTX_CLASS "SSL_CTX*" 302#define SSL_CTX_CLASS "SSL_CTX*"
163#define SSL_CLASS "SSL*" 303#define SSL_CLASS "SSL*"
164#define DIGEST_CLASS "EVP_MD_CTX" /* not a pointer */ 304#define DIGEST_CLASS "EVP_MD_CTX*"
165#define HMAC_CLASS "HMAC_CTX" /* not a pointer */ 305#define HMAC_CLASS "HMAC_CTX*"
166#define CIPHER_CLASS "EVP_CIPHER_CTX" /* not a pointer */ 306#define CIPHER_CLASS "EVP_CIPHER_CTX*"
167 307
168 308
169#if __GNUC__ 309#if __GNUC__
@@ -488,6 +628,13 @@ static const char *aux_strerror_r(int error, char *dst, size_t lim) {
488 * 628 *
489 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ 629 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
490 630
631static void auxS_bn_free_and_set0(BIGNUM **dst, BIGNUM *src) {
632 if (*dst) {
633 BN_clear_free(*dst);
634 }
635 *dst = src;
636} /* auxS_bn_free_and_set0() */
637
491static size_t auxS_nid2sn(void *dst, size_t lim, int nid) { 638static size_t auxS_nid2sn(void *dst, size_t lim, int nid) {
492 const char *sn; 639 const char *sn;
493 640
@@ -1021,14 +1168,173 @@ static struct {
1021 .X509_STORE_free = &X509_STORE_free, 1168 .X509_STORE_free = &X509_STORE_free,
1022}; 1169};
1023 1170
1171#if !HAVE_ASN1_STRING_GET0_DATA
1172#define ASN1_STRING_get0_data(s) ASN1_STRING_data((s))
1173#endif
1174
1175#if !HAVE_DH_GET0_KEY
1176#define DH_get0_key(...) compat_DH_get0_key(__VA_ARGS__)
1177
1178static void compat_DH_get0_key(const DH *d, const BIGNUM **pub_key, const BIGNUM **priv_key) {
1179 if (pub_key)
1180 *pub_key = d->pub_key;
1181 if (priv_key)
1182 *priv_key = d->priv_key;
1183} /* compat_DH_get0_key() */
1184#endif
1185
1186#if !HAVE_DH_GET0_PQG
1187#define DH_get0_pqg(...) compat_DH_get0_pqg(__VA_ARGS__)
1188
1189static void compat_DH_get0_pqg(const DH *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
1190 if (p)
1191 *p = d->p;
1192 if (q)
1193 *q = d->q;
1194 if (g)
1195 *g = d->g;
1196} /* compat_DH_get0_pqg() */
1197#endif
1198
1199#if !HAVE_DH_SET0_KEY
1200#define DH_set0_key(...) compat_DH_set0_key(__VA_ARGS__)
1201
1202static void compat_DH_set0_key(DH *d, BIGNUM *pub_key, BIGNUM *priv_key) {
1203 if (pub_key)
1204 auxS_bn_free_and_set0(&d->pub_key, pub_key);
1205 if (priv_key)
1206 auxS_bn_free_and_set0(&d->priv_key, priv_key);
1207} /* compat_DH_set0_key() */
1208#endif
1209
1210#if !HAVE_DH_SET0_PQG
1211#define DH_set0_pqg(...) compat_DH_set0_pqg(__VA_ARGS__)
1212
1213static void compat_DH_set0_pqg(DH *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
1214 if (p)
1215 auxS_bn_free_and_set0(&d->p, p);
1216 if (q)
1217 auxS_bn_free_and_set0(&d->q, q);
1218 if (g)
1219 auxS_bn_free_and_set0(&d->g, g);
1220} /* compat_DH_set0_pqg() */
1221#endif
1222
1223#if !HAVE_DSA_GET0_KEY
1224#define DSA_get0_key(...) compat_DSA_get0_key(__VA_ARGS__)
1225
1226static void compat_DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) {
1227 if (pub_key)
1228 *pub_key = d->pub_key;
1229 if (priv_key)
1230 *priv_key = d->priv_key;
1231} /* compat_DSA_get0_key() */
1232#endif
1233
1234#if !HAVE_DSA_GET0_PQG
1235#define DSA_get0_pqg(...) compat_DSA_get0_pqg(__VA_ARGS__)
1236
1237static void compat_DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) {
1238 if (p)
1239 *p = d->p;
1240 if (q)
1241 *q = d->q;
1242 if (g)
1243 *g = d->g;
1244} /* compat_DSA_get0_pqg() */
1245#endif
1246
1247#if !HAVE_DSA_SET0_KEY
1248#define DSA_set0_key(...) compat_DSA_set0_key(__VA_ARGS__)
1249
1250static void compat_DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) {
1251 if (pub_key)
1252 auxS_bn_free_and_set0(&d->pub_key, pub_key);
1253 if (priv_key)
1254 auxS_bn_free_and_set0(&d->priv_key, priv_key);
1255} /* compat_DSA_set0_key() */
1256#endif
1257
1258#if !HAVE_DSA_SET0_PQG
1259#define DSA_set0_pqg(...) compat_DSA_set0_pqg(__VA_ARGS__)
1260
1261static void compat_DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
1262 if (p)
1263 auxS_bn_free_and_set0(&d->p, p);
1264 if (q)
1265 auxS_bn_free_and_set0(&d->q, q);
1266 if (g)
1267 auxS_bn_free_and_set0(&d->g, g);
1268} /* compat_DSA_set0_pqg() */
1269#endif
1270
1271#if !HAVE_EVP_CIPHER_CTX_FREE
1272#define EVP_CIPHER_CTX_free(ctx) compat_EVP_CIPHER_CTX_free((ctx))
1273
1274static void compat_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) {
1275 EVP_CIPHER_CTX_cleanup(ctx);
1276 OPENSSL_free(ctx);
1277} /* compat_EVP_CIPHER_CTX_free() */
1278#endif
1279
1280#if !HAVE_EVP_CIPHER_CTX_NEW
1281#define EVP_CIPHER_CTX_new() compat_EVP_CIPHER_CTX_new()
1282
1283static EVP_CIPHER_CTX *compat_EVP_CIPHER_CTX_new(void) {
1284 EVP_CIPHER_CTX *ctx;
1285
1286 if (!(ctx = OPENSSL_malloc(sizeof *ctx)))
1287 return NULL;
1288 memset(ctx, 0, sizeof *ctx);
1289 EVP_CIPHER_CTX_init(ctx);
1290
1291 return ctx;
1292} /* compat_EVP_CIPHER_CTX_new() */
1293#endif
1294
1295#if !HAVE_EVP_MD_CTX_FREE
1296#define EVP_MD_CTX_free(md) EVP_MD_CTX_destroy((md))
1297#endif
1298
1299#if !HAVE_EVP_MD_CTX_NEW
1300#define EVP_MD_CTX_new(md) EVP_MD_CTX_create()
1301#endif
1302
1303#if !HAVE_EVP_PKEY_ID
1304#define EVP_PKEY_id(key) ((key)->type)
1305#endif
1306
1024#if !HAVE_EVP_PKEY_BASE_ID 1307#if !HAVE_EVP_PKEY_BASE_ID
1025#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key)) 1308#define EVP_PKEY_base_id(key) compat_EVP_PKEY_base_id((key))
1026 1309
1027static int compat_EVP_PKEY_base_id(EVP_PKEY *key) { 1310static int compat_EVP_PKEY_base_id(EVP_PKEY *key) {
1028 return EVP_PKEY_type(key->type); 1311 return EVP_PKEY_type(EVP_PKEY_id(key));
1029} /* compat_EVP_PKEY_base_id() */ 1312} /* compat_EVP_PKEY_base_id() */
1030#endif 1313#endif
1031 1314
1315#if !HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID
1316#define EVP_PKEY_get_default_digest_nid(...) \
1317 compat_EVP_PKEY_get_default_digest_nid(__VA_ARGS__)
1318
1319static int compat_EVP_PKEY_get_default_digest_nid(EVP_PKEY *key, int *nid) {
1320 switch (EVP_PKEY_base_id(key)) {
1321 case EVP_PKEY_RSA:
1322 *nid = EVP_MD_nid(EVP_sha1());
1323 break;
1324 case EVP_PKEY_DSA:
1325 *nid = EVP_MD_nid(EVP_dss1());
1326 break;
1327 case EVP_PKEY_EC:
1328 *nid = EVP_MD_nid(EVP_ecdsa());
1329 break;
1330 default:
1331 *nid = EVP_MD_nid(EVP_sha1());
1332 break;
1333 }
1334
1335 return 1;
1336} /* compat_EVP_PKEY_get_default_digest_nid() */
1337#endif
1032 1338
1033#if !HAVE_EVP_PKEY_GET0 1339#if !HAVE_EVP_PKEY_GET0
1034#define EVP_PKEY_get0(key) compat_EVP_PKEY_get0((key)) 1340#define EVP_PKEY_get0(key) compat_EVP_PKEY_get0((key))
@@ -1065,6 +1371,123 @@ static void *compat_EVP_PKEY_get0(EVP_PKEY *key) {
1065} /* compat_EVP_PKEY_get0() */ 1371} /* compat_EVP_PKEY_get0() */
1066#endif 1372#endif
1067 1373
1374#if !HAVE_HMAC_CTX_FREE
1375#define HMAC_CTX_free(ctx) compat_HMAC_CTX_free((ctx))
1376
1377static void compat_HMAC_CTX_free(HMAC_CTX *ctx) {
1378 HMAC_CTX_cleanup(ctx);
1379 OPENSSL_free(ctx);
1380} /* compat_HMAC_CTX_free() */
1381#endif
1382
1383#if !HAVE_HMAC_CTX_NEW
1384#define HMAC_CTX_new() compat_HMAC_CTX_new()
1385
1386static HMAC_CTX *compat_HMAC_CTX_new(void) {
1387 HMAC_CTX *ctx;
1388
1389 if (!(ctx = OPENSSL_malloc(sizeof *ctx)))
1390 return NULL;
1391 memset(ctx, 0, sizeof *ctx);
1392
1393 return ctx;
1394} /* compat_HMAC_CTX_new() */
1395#endif
1396
1397#if !HAVE_RSA_GET0_CRT_PARAMS
1398#define RSA_get0_crt_params(...) compat_RSA_get0_crt_params(__VA_ARGS__)
1399
1400static void compat_RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp) {
1401 if (dmp1)
1402 *dmp1 = r->dmp1;
1403 if (dmq1)
1404 *dmq1 = r->dmq1;
1405 if (iqmp)
1406 *iqmp = r->iqmp;
1407} /* compat_RSA_get0_crt_params() */
1408#endif
1409
1410#if !HAVE_RSA_GET0_FACTORS
1411#define RSA_get0_factors(...) compat_RSA_get0_factors(__VA_ARGS__)
1412
1413static void compat_RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) {
1414 if (p)
1415 *p = r->p;
1416 if (q)
1417 *q = r->q;
1418} /* compat_RSA_get0_factors() */
1419#endif
1420
1421#if !HAVE_RSA_GET0_KEY
1422#define RSA_get0_key(...) compat_RSA_get0_key(__VA_ARGS__)
1423
1424static void compat_RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) {
1425 if (n)
1426 *n = r->n;
1427 if (e)
1428 *e = r->e;
1429 if (d)
1430 *d = r->d;
1431} /* compat_RSA_get0_key() */
1432#endif
1433
1434#if !HAVE_RSA_SET0_CRT_PARAMS
1435#define RSA_set0_crt_params(...) compat_RSA_set0_crt_params(__VA_ARGS__)
1436
1437static void compat_RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) {
1438 if (dmp1)
1439 auxS_bn_free_and_set0(&r->dmp1, dmp1);
1440 if (dmq1)
1441 auxS_bn_free_and_set0(&r->dmq1, dmq1);
1442 if (iqmp)
1443 auxS_bn_free_and_set0(&r->iqmp, iqmp);
1444} /* compat_RSA_set0_crt_params() */
1445#endif
1446
1447#if !HAVE_RSA_SET0_FACTORS
1448#define RSA_set0_factors(...) compat_RSA_set0_factors(__VA_ARGS__)
1449
1450static void compat_RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) {
1451 if (p)
1452 auxS_bn_free_and_set0(&r->p, p);
1453 if (q)
1454 auxS_bn_free_and_set0(&r->q, q);
1455} /* compat_RSA_set0_factors() */
1456#endif
1457
1458#if !HAVE_RSA_SET0_KEY
1459#define RSA_set0_key(...) compat_RSA_set0_key(__VA_ARGS__)
1460
1461static void compat_RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
1462 if (n)
1463 auxS_bn_free_and_set0(&r->n, n);
1464 if (e)
1465 auxS_bn_free_and_set0(&r->e, e);
1466 if (d)
1467 auxS_bn_free_and_set0(&r->d, d);
1468} /* compat_RSA_set0_key() */
1469#endif
1470
1471#if !HAVE_SSL_CLIENT_VERSION
1472#define SSL_client_version(...) compat_SSL_client_version(__VA_ARGS__)
1473
1474static int compat_SSL_client_version(const SSL *ssl) {
1475 return ssl->client_version;
1476} /* compat_SSL_client_version() */
1477#endif
1478
1479#if !HAVE_SSL_UP_REF
1480#define SSL_up_ref(...) compat_SSL_up_ref(__VA_ARGS__)
1481
1482static int compat_SSL_up_ref(SSL *ssl) {
1483 /* our caller should already have had a proper reference */
1484 if (CRYPTO_add(&ssl->references, 1, CRYPTO_LOCK_SSL) < 2)
1485 return 0; /* fail */
1486
1487 return 1;
1488} /* compat_SSL_up_ref() */
1489#endif
1490
1068#if !HAVE_X509_GET0_EXT 1491#if !HAVE_X509_GET0_EXT
1069#define X509_get0_ext(crt, i) X509_get_ext((crt), (i)) 1492#define X509_get0_ext(crt, i) X509_get_ext((crt), (i))
1070#endif 1493#endif
@@ -1081,13 +1504,18 @@ static void *compat_EVP_PKEY_get0(EVP_PKEY *key) {
1081#define X509_EXTENSION_get0_data(ext) X509_EXTENSION_get_data((ext)) 1504#define X509_EXTENSION_get0_data(ext) X509_EXTENSION_get_data((ext))
1082#endif 1505#endif
1083 1506
1507#if HAVE_X509_STORE_REFERENCES
1084/* 1508/*
1085 * X509_STORE_free in OpenSSL versions < 1.0.2 doesn't obey reference count 1509 * X509_STORE_free in OpenSSL versions < 1.0.2 doesn't obey reference count
1086 */ 1510 */
1087#define X509_STORE_free(store) \ 1511#define X509_STORE_free(store) \
1088 (compat.X509_STORE_free)((store)) 1512 (compat.X509_STORE_free)((store))
1089 1513
1090static void compat_X509_STORE_free(X509_STORE *store) { 1514/* to support preprocessor detection below */
1515#define compat_X509_STORE_free(store) \
1516 compat_X509_STORE_free((store))
1517
1518static void (compat_X509_STORE_free)(X509_STORE *store) {
1091 int i; 1519 int i;
1092 1520
1093 i = CRYPTO_add(&store->references, -1, CRYPTO_LOCK_X509_STORE); 1521 i = CRYPTO_add(&store->references, -1, CRYPTO_LOCK_X509_STORE);
@@ -1097,12 +1525,21 @@ static void compat_X509_STORE_free(X509_STORE *store) {
1097 1525
1098 (X509_STORE_free)(store); 1526 (X509_STORE_free)(store);
1099} /* compat_X509_STORE_free() */ 1527} /* compat_X509_STORE_free() */
1528#endif
1100 1529
1101#if !HAVE_SSL_CTX_set1_cert_store 1530#if !HAVE_SSL_CTX_SET1_CERT_STORE
1531#if !HAVE_SSL_CTX_CERT_STORE || !HAVE_X509_STORE_REFERENCES
1102#define SSL_CTX_set1_cert_store(ctx, store) \ 1532#define SSL_CTX_set1_cert_store(ctx, store) \
1533 SSL_CTX_set_cert_store((ctx), (store))
1534#else
1535#define SSL_CTX_set1_cert_store(ctx, store) \
1536 compat_SSL_CTX_set1_cert_store((ctx), (store))
1537
1538/* to support preprocessor detection below */
1539#define compat_SSL_CTX_set1_cert_store(ctx, store) \
1103 compat_SSL_CTX_set1_cert_store((ctx), (store)) 1540 compat_SSL_CTX_set1_cert_store((ctx), (store))
1104 1541
1105static void compat_SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) { 1542static void (compat_SSL_CTX_set1_cert_store)(SSL_CTX *ctx, X509_STORE *store) {
1106 int n; 1543 int n;
1107 1544
1108 /* 1545 /*
@@ -1122,6 +1559,9 @@ static void compat_SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) {
1122 CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); 1559 CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
1123} /* compat_SSL_CTX_set1_cert_store() */ 1560} /* compat_SSL_CTX_set1_cert_store() */
1124#endif 1561#endif
1562#endif
1563
1564#if HAVE_SSL_CTX_CERT_STORE
1125 1565
1126static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) { 1566static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
1127 SSL_CTX *ctx = _ctx; 1567 SSL_CTX *ctx = _ctx;
@@ -1132,6 +1572,8 @@ static void compat_init_SSL_CTX_onfree(void *_ctx, void *data NOTUSED, CRYPTO_EX
1132 } 1572 }
1133} /* compat_init_SSL_CTX_onfree() */ 1573} /* compat_init_SSL_CTX_onfree() */
1134 1574
1575#endif
1576
1135/* helper routine to determine if X509_STORE_free obeys reference count */ 1577/* helper routine to determine if X509_STORE_free obeys reference count */
1136static void compat_init_X509_STORE_onfree(void *store, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) { 1578static void compat_init_X509_STORE_onfree(void *store, void *data NOTUSED, CRYPTO_EX_DATA *ad NOTUSED, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
1137 /* unfortunately there's no way to remove a handler */ 1579 /* unfortunately there's no way to remove a handler */
@@ -1142,6 +1584,18 @@ static void compat_init_X509_STORE_onfree(void *store, void *data NOTUSED, CRYPT
1142 compat.tmp.store = NULL; 1584 compat.tmp.store = NULL;
1143} /* compat_init_X509_STORE_onfree() */ 1585} /* compat_init_X509_STORE_onfree() */
1144 1586
1587#if !HAVE_X509_UP_REF
1588#define X509_up_ref(...) compat_X509_up_ref(__VA_ARGS__)
1589
1590static int compat_X509_up_ref(X509 *crt) {
1591 /* our caller should already have had a proper reference */
1592 if (CRYPTO_add(&crt->references, 1, CRYPTO_LOCK_X509) < 2)
1593 return 0; /* fail */
1594
1595 return 1;
1596} /* compat_X509_up_ref() */
1597#endif
1598
1145static int compat_init(void) { 1599static int compat_init(void) {
1146 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; 1600 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
1147 static int store_index = -1, ssl_ctx_index = -1, done; 1601 static int store_index = -1, ssl_ctx_index = -1, done;
@@ -1161,6 +1615,7 @@ static int compat_init(void) {
1161 if ((error = dl_anchor())) 1615 if ((error = dl_anchor()))
1162 goto epilog; 1616 goto epilog;
1163 1617
1618#if defined compat_X509_STORE_free
1164 /* 1619 /*
1165 * Test if X509_STORE_free obeys reference counts by installing an 1620 * Test if X509_STORE_free obeys reference counts by installing an
1166 * onfree callback. 1621 * onfree callback.
@@ -1210,6 +1665,7 @@ static int compat_init(void) {
1210 1665
1211 compat.flags |= COMPAT_X509_STORE_FREE_BUG; 1666 compat.flags |= COMPAT_X509_STORE_FREE_BUG;
1212 } 1667 }
1668#endif
1213 1669
1214 done = 1; 1670 done = 1;
1215epilog: 1671epilog:
@@ -1262,7 +1718,13 @@ static struct ex_type {
1262 [EX_SSL_CTX_ALPN_SELECT_CB] = { CRYPTO_EX_INDEX_SSL_CTX, -1, &SSL_CTX_get_ex_data, &SSL_CTX_set_ex_data }, 1718 [EX_SSL_CTX_ALPN_SELECT_CB] = { CRYPTO_EX_INDEX_SSL_CTX, -1, &SSL_CTX_get_ex_data, &SSL_CTX_set_ex_data },
1263}; 1719};
1264 1720
1265static int ex_ondup(CRYPTO_EX_DATA *to NOTUSED, CRYPTO_EX_DATA *from NOTUSED, void *from_d, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) { 1721#if OPENSSL_PREREQ(1,1,0)
1722typedef const CRYPTO_EX_DATA const_CRYPTO_EX_DATA;
1723#else
1724typedef CRYPTO_EX_DATA const_CRYPTO_EX_DATA;
1725#endif
1726
1727static int ex_ondup(CRYPTO_EX_DATA *to NOTUSED, const_CRYPTO_EX_DATA *from NOTUSED, void *from_d, int idx NOTUSED, long argl NOTUSED, void *argp NOTUSED) {
1266 struct ex_data **data = from_d; 1728 struct ex_data **data = from_d;
1267 1729
1268 if (*data) 1730 if (*data)
@@ -1861,13 +2323,13 @@ static BIGNUM *(checkbig)(lua_State *L, int index, _Bool *lvalue) {
1861 if (hex) { 2323 if (hex) {
1862 luaL_argcheck(L, len > 2+(size_t)neg, index, "invalid hex string"); 2324 luaL_argcheck(L, len > 2+(size_t)neg, index, "invalid hex string");
1863 for (i = 2+neg; i < len; i++) { 2325 for (i = 2+neg; i < len; i++) {
1864 if (!isxdigit(str[i])) 2326 if (!isxdigit((unsigned char)str[i]))
1865 luaL_argerror(L, 1, "invalid hex string"); 2327 luaL_argerror(L, 1, "invalid hex string");
1866 } 2328 }
1867 } else { 2329 } else {
1868 luaL_argcheck(L, len > neg, index, "invalid decimal string"); 2330 luaL_argcheck(L, len > neg, index, "invalid decimal string");
1869 for (i = neg; i < len; i++) { 2331 for (i = neg; i < len; i++) {
1870 if (!isdigit(str[i])) 2332 if (!isdigit((unsigned char)str[i]))
1871 luaL_argerror(L, 1, "invalid decimal string"); 2333 luaL_argerror(L, 1, "invalid decimal string");
1872 } 2334 }
1873 } 2335 }
@@ -2644,7 +3106,7 @@ static int pk_interpose(lua_State *L) {
2644 3106
2645static int pk_type(lua_State *L) { 3107static int pk_type(lua_State *L) {
2646 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); 3108 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
2647 int nid = key->type; 3109 int nid = EVP_PKEY_id(key);
2648 3110
2649 auxL_pushnid(L, nid); 3111 auxL_pushnid(L, nid);
2650 3112
@@ -2718,7 +3180,7 @@ static int pk_setPrivateKey(lua_State *L) {
2718 3180
2719static int pk_sign(lua_State *L) { 3181static int pk_sign(lua_State *L) {
2720 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); 3182 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
2721 EVP_MD_CTX *md = luaL_checkudata(L, 2, DIGEST_CLASS); 3183 EVP_MD_CTX *md = checksimple(L, 2, DIGEST_CLASS);
2722 luaL_Buffer B; 3184 luaL_Buffer B;
2723 unsigned n; 3185 unsigned n;
2724 3186
@@ -2742,7 +3204,7 @@ static int pk_verify(lua_State *L) {
2742 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); 3204 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
2743 size_t len; 3205 size_t len;
2744 const void *sig = luaL_checklstring(L, 2, &len); 3206 const void *sig = luaL_checklstring(L, 2, &len);
2745 EVP_MD_CTX *md = luaL_checkudata(L, 3, DIGEST_CLASS); 3207 EVP_MD_CTX *md = checksimple(L, 3, DIGEST_CLASS);
2746 3208
2747 switch (EVP_VerifyFinal(md, sig, len, key)) { 3209 switch (EVP_VerifyFinal(md, sig, len, key)) {
2748 case 0: /* WRONG */ 3210 case 0: /* WRONG */
@@ -2806,7 +3268,7 @@ static int pk_toPEM(lua_State *L) {
2806#if 0 3268#if 0
2807 case 4: case 5: /* params, Parameters */ 3269 case 4: case 5: /* params, Parameters */
2808 /* EVP_PKEY_base_id not in OS X */ 3270 /* EVP_PKEY_base_id not in OS X */
2809 switch (EVP_PKEY_type(key->type)) { 3271 switch (EVP_PKEY_base_id(key)) {
2810 case EVP_PKEY_RSA: 3272 case EVP_PKEY_RSA:
2811 break; 3273 break;
2812 case EVP_PKEY_DSA: { 3274 case EVP_PKEY_DSA: {
@@ -2849,7 +3311,7 @@ static int pk_toPEM(lua_State *L) {
2849 } 3311 }
2850#endif 3312#endif
2851 default: 3313 default:
2852 return luaL_error(L, "%d: unsupported EVP_PKEY base type", EVP_PKEY_type(key->type)); 3314 return luaL_error(L, "%d: unsupported EVP_PKEY base type", EVP_PKEY_base_id(key));
2853 } 3315 }
2854 3316
2855 lua_pushlstring(L, pem, len); 3317 lua_pushlstring(L, pem, len);
@@ -2869,6 +3331,26 @@ static int pk_toPEM(lua_State *L) {
2869} /* pk_toPEM() */ 3331} /* pk_toPEM() */
2870 3332
2871 3333
3334static int pk_getDefaultDigestName(lua_State *L) {
3335 EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
3336 int nid;
3337 char txt[256];
3338 size_t len;
3339
3340 if (!(EVP_PKEY_get_default_digest_nid(key, &nid) > 0))
3341 return auxL_error(L, auxL_EOPENSSL, "pkey:getDefaultDigestName");
3342
3343 if (!(len = auxS_nid2txt(txt, sizeof txt, nid)))
3344 return auxL_error(L, auxL_EOPENSSL, "pkey:getDefaultDigestName");
3345 if (len > sizeof txt)
3346 return auxL_error(L, EOVERFLOW, "pkey:getDefaultDigestName");
3347
3348 lua_pushlstring(L, txt, len);
3349
3350 return 1;
3351} /* pk_getDefaultDigestName() */
3352
3353
2872enum pk_param { 3354enum pk_param {
2873#define PK_RSA_OPTLIST { "n", "e", "d", "p", "q", "dmp1", "dmq1", "iqmp", NULL } 3355#define PK_RSA_OPTLIST { "n", "e", "d", "p", "q", "dmp1", "dmq1", "iqmp", NULL }
2874#define PK_RSA_OPTOFFSET PK_RSA_N 3356#define PK_RSA_OPTOFFSET PK_RSA_N
@@ -2965,82 +3447,100 @@ static void pk_pushparam(lua_State *L, void *base_key, enum pk_param which) {
2965 EC_KEY *ec; 3447 EC_KEY *ec;
2966#endif 3448#endif
2967 } key = { base_key }; 3449 } key = { base_key };
3450 const BIGNUM *i;
2968 3451
2969 switch (which) { 3452 switch (which) {
2970 case PK_RSA_N: 3453 case PK_RSA_N:
2971 /* RSA public modulus n */ 3454 /* RSA public modulus n */
2972 bn_dup_nil(L, key.rsa->n); 3455 RSA_get0_key(key.rsa, &i, NULL, NULL);
3456 bn_dup_nil(L, i);
2973 3457
2974 break; 3458 break;
2975 case PK_RSA_E: 3459 case PK_RSA_E:
2976 /* RSA public exponent e */ 3460 /* RSA public exponent e */
2977 bn_dup_nil(L, key.rsa->e); 3461 RSA_get0_key(key.rsa, NULL, &i, NULL);
3462 bn_dup_nil(L, i);
2978 3463
2979 break; 3464 break;
2980 case PK_RSA_D: 3465 case PK_RSA_D:
2981 /* RSA secret exponent d */ 3466 /* RSA secret exponent d */
2982 bn_dup_nil(L, key.rsa->d); 3467 RSA_get0_key(key.rsa, NULL, NULL, &i);
3468 bn_dup_nil(L, i);
2983 3469
2984 break; 3470 break;
2985 case PK_RSA_P: 3471 case PK_RSA_P:
2986 /* RSA secret prime p */ 3472 /* RSA secret prime p */
2987 bn_dup_nil(L, key.rsa->p); 3473 RSA_get0_factors(key.rsa, &i, NULL);
3474 bn_dup_nil(L, i);
2988 3475
2989 break; 3476 break;
2990 case PK_RSA_Q: 3477 case PK_RSA_Q:
2991 /* RSA secret prime q with p < q */ 3478 /* RSA secret prime q with p < q */
2992 bn_dup_nil(L, key.rsa->q); 3479 RSA_get0_factors(key.rsa, NULL, &i);
3480 bn_dup_nil(L, i);
2993 3481
2994 break; 3482 break;
2995 case PK_RSA_DMP1: 3483 case PK_RSA_DMP1:
2996 /* exponent1 */ 3484 /* exponent1 */
2997 bn_dup_nil(L, key.rsa->dmp1); 3485 RSA_get0_crt_params(key.rsa, &i, NULL, NULL);
3486 bn_dup_nil(L, i);
2998 3487
2999 break; 3488 break;
3000 case PK_RSA_DMQ1: 3489 case PK_RSA_DMQ1:
3001 /* exponent2 */ 3490 /* exponent2 */
3002 bn_dup_nil(L, key.rsa->dmq1); 3491 RSA_get0_crt_params(key.rsa, NULL, &i, NULL);
3492 bn_dup_nil(L, i);
3003 3493
3004 break; 3494 break;
3005 case PK_RSA_IQMP: 3495 case PK_RSA_IQMP:
3006 /* coefficient */ 3496 /* coefficient */
3007 bn_dup_nil(L, key.rsa->iqmp); 3497 RSA_get0_crt_params(key.rsa, NULL, NULL, &i);
3498 bn_dup_nil(L, i);
3008 3499
3009 break; 3500 break;
3010 case PK_DSA_P: 3501 case PK_DSA_P:
3011 bn_dup_nil(L, key.dsa->p); 3502 DSA_get0_pqg(key.dsa, &i, NULL, NULL);
3503 bn_dup_nil(L, i);
3012 3504
3013 break; 3505 break;
3014 case PK_DSA_Q: 3506 case PK_DSA_Q:
3015 bn_dup_nil(L, key.dsa->q); 3507 DSA_get0_pqg(key.dsa, NULL, &i, NULL);
3508 bn_dup_nil(L, i);
3016 3509
3017 break; 3510 break;
3018 case PK_DSA_G: 3511 case PK_DSA_G:
3019 bn_dup_nil(L, key.dsa->g); 3512 DSA_get0_pqg(key.dsa, NULL, NULL, &i);
3513 bn_dup_nil(L, i);
3020 3514
3021 break; 3515 break;
3022 case PK_DSA_PUB_KEY: 3516 case PK_DSA_PUB_KEY:
3023 bn_dup_nil(L, key.dsa->pub_key); 3517 DSA_get0_key(key.dsa, &i, NULL);
3518 bn_dup_nil(L, i);
3024 3519
3025 break; 3520 break;
3026 case PK_DSA_PRIV_KEY: 3521 case PK_DSA_PRIV_KEY:
3027 bn_dup_nil(L, key.dsa->priv_key); 3522 DSA_get0_key(key.dsa, NULL, &i);
3523 bn_dup_nil(L, i);
3028 3524
3029 break; 3525 break;
3030 case PK_DH_P: 3526 case PK_DH_P:
3031 bn_dup_nil(L, key.dh->p); 3527 DH_get0_pqg(key.dh, &i, NULL, NULL);
3528 bn_dup_nil(L, i);
3032 3529
3033 break; 3530 break;
3034 case PK_DH_G: 3531 case PK_DH_G:
3035 bn_dup_nil(L, key.dh->g); 3532 DH_get0_pqg(key.dh, NULL, NULL, &i);
3533 bn_dup_nil(L, i);
3036 3534
3037 break; 3535 break;
3038 case PK_DH_PUB_KEY: 3536 case PK_DH_PUB_KEY:
3039 bn_dup_nil(L, key.dh->pub_key); 3537 DH_get0_key(key.dh, &i, NULL);
3538 bn_dup_nil(L, i);
3040 3539
3041 break; 3540 break;
3042 case PK_DH_PRIV_KEY: 3541 case PK_DH_PRIV_KEY:
3043 bn_dup_nil(L, key.dh->priv_key); 3542 DH_get0_key(key.dh, NULL, &i);
3543 bn_dup_nil(L, i);
3044 3544
3045 break; 3545 break;
3046#ifndef OPENSSL_NO_EC 3546#ifndef OPENSSL_NO_EC
@@ -3073,22 +3573,9 @@ static void pk_pushparam(lua_State *L, void *base_key, enum pk_param which) {
3073} /* pk_pushparam() */ 3573} /* pk_pushparam() */
3074 3574
3075 3575
3076static _Bool pk_bn_set_nothrow(BIGNUM **dst, BIGNUM *src) { 3576#define pk_setparam_bn_dup(L, index, dst) do { \
3077 BIGNUM *tmp; 3577 BIGNUM *tmp = checkbig((L), (index)); \
3078 3578 if (!(*dst = BN_dup(tmp))) \
3079 if (!(tmp = BN_dup(src)))
3080 return 0;
3081
3082 if (*dst)
3083 BN_clear_free(*dst);
3084 *dst = tmp;
3085
3086 return 1;
3087} /* pk_bn_set_nothrow() */
3088
3089#define pk_bn_set(L, dst, index) do { \
3090 BIGNUM *n = checkbig((L), (index)); \
3091 if (!pk_bn_set_nothrow((dst), n)) \
3092 goto sslerr; \ 3579 goto sslerr; \
3093} while (0) 3580} while (0)
3094 3581
@@ -3101,74 +3588,92 @@ static void pk_setparam(lua_State *L, void *base_key, enum pk_param which, int i
3101 EC_KEY *ec; 3588 EC_KEY *ec;
3102#endif 3589#endif
3103 } key = { base_key }; 3590 } key = { base_key };
3591 BIGNUM *i;
3104 3592
3105 switch (which) { 3593 switch (which) {
3106 case PK_RSA_N: 3594 case PK_RSA_N:
3107 pk_bn_set(L, &key.rsa->n, index); 3595 pk_setparam_bn_dup(L, index, &i);
3596 RSA_set0_key(key.rsa, i, NULL, NULL);
3108 3597
3109 break; 3598 break;
3110 case PK_RSA_E: 3599 case PK_RSA_E:
3111 pk_bn_set(L, &key.rsa->e, index); 3600 pk_setparam_bn_dup(L, index, &i);
3601 RSA_set0_key(key.rsa, NULL, i, NULL);
3112 3602
3113 break; 3603 break;
3114 case PK_RSA_D: 3604 case PK_RSA_D:
3115 pk_bn_set(L, &key.rsa->d, index); 3605 pk_setparam_bn_dup(L, index, &i);
3606 RSA_set0_key(key.rsa, NULL, NULL, i);
3116 3607
3117 break; 3608 break;
3118 case PK_RSA_P: 3609 case PK_RSA_P:
3119 pk_bn_set(L, &key.rsa->p, index); 3610 pk_setparam_bn_dup(L, index, &i);
3611 RSA_set0_factors(key.rsa, i, NULL);
3120 3612
3121 break; 3613 break;
3122 case PK_RSA_Q: 3614 case PK_RSA_Q:
3123 pk_bn_set(L, &key.rsa->q, index); 3615 pk_setparam_bn_dup(L, index, &i);
3616 RSA_set0_factors(key.rsa, NULL, i);
3124 3617
3125 break; 3618 break;
3126 case PK_RSA_DMP1: 3619 case PK_RSA_DMP1:
3127 pk_bn_set(L, &key.rsa->dmp1, index); 3620 pk_setparam_bn_dup(L, index, &i);
3621 RSA_set0_crt_params(key.rsa, i, NULL, NULL);
3128 3622
3129 break; 3623 break;
3130 case PK_RSA_DMQ1: 3624 case PK_RSA_DMQ1:
3131 pk_bn_set(L, &key.rsa->dmq1, index); 3625 pk_setparam_bn_dup(L, index, &i);
3626 RSA_set0_crt_params(key.rsa, NULL, i, NULL);
3132 3627
3133 break; 3628 break;
3134 case PK_RSA_IQMP: 3629 case PK_RSA_IQMP:
3135 pk_bn_set(L, &key.rsa->iqmp, index); 3630 pk_setparam_bn_dup(L, index, &i);
3631 RSA_set0_crt_params(key.rsa, NULL, NULL, i);
3136 3632
3137 break; 3633 break;
3138 case PK_DSA_P: 3634 case PK_DSA_P:
3139 pk_bn_set(L, &key.dsa->p, index); 3635 pk_setparam_bn_dup(L, index, &i);
3636 DSA_set0_pqg(key.dsa, i, NULL, NULL);
3140 3637
3141 break; 3638 break;
3142 case PK_DSA_Q: 3639 case PK_DSA_Q:
3143 pk_bn_set(L, &key.dsa->q, index); 3640 pk_setparam_bn_dup(L, index, &i);
3641 DSA_set0_pqg(key.dsa, NULL, i, NULL);
3144 3642
3145 break; 3643 break;
3146 case PK_DSA_G: 3644 case PK_DSA_G:
3147 pk_bn_set(L, &key.dsa->g, index); 3645 pk_setparam_bn_dup(L, index, &i);
3646 DSA_set0_pqg(key.dsa, NULL, NULL, i);
3148 3647
3149 break; 3648 break;
3150 case PK_DSA_PUB_KEY: 3649 case PK_DSA_PUB_KEY:
3151 pk_bn_set(L, &key.dsa->pub_key, index); 3650 pk_setparam_bn_dup(L, index, &i);
3651 DSA_set0_key(key.dsa, i, NULL);
3152 3652
3153 break; 3653 break;
3154 case PK_DSA_PRIV_KEY: 3654 case PK_DSA_PRIV_KEY:
3155 pk_bn_set(L, &key.dsa->priv_key, index); 3655 pk_setparam_bn_dup(L, index, &i);
3656 DSA_set0_key(key.dsa, NULL, i);
3156 3657
3157 break; 3658 break;
3158 case PK_DH_P: 3659 case PK_DH_P:
3159 pk_bn_set(L, &key.dh->p, index); 3660 pk_setparam_bn_dup(L, index, &i);
3661 DH_set0_pqg(key.dh, i, NULL, NULL);
3160 3662
3161 break; 3663 break;
3162 case PK_DH_G: 3664 case PK_DH_G:
3163 pk_bn_set(L, &key.dh->g, index); 3665 pk_setparam_bn_dup(L, index, &i);
3666 DH_set0_pqg(key.dh, NULL, NULL, i);
3164 3667
3165 break; 3668 break;
3166 case PK_DH_PUB_KEY: 3669 case PK_DH_PUB_KEY:
3167 pk_bn_set(L, &key.dh->pub_key, index); 3670 pk_setparam_bn_dup(L, index, &i);
3671 DH_set0_key(key.dh, i, NULL);
3168 3672
3169 break; 3673 break;
3170 case PK_DH_PRIV_KEY: 3674 case PK_DH_PRIV_KEY:
3171 pk_bn_set(L, &key.dh->priv_key, index); 3675 pk_setparam_bn_dup(L, index, &i);
3676 DH_set0_key(key.dh, NULL, i);
3172 3677
3173 break; 3678 break;
3174#ifndef OPENSSL_NO_EC 3679#ifndef OPENSSL_NO_EC
@@ -3399,6 +3904,7 @@ static const auxL_Reg pk_methods[] = {
3399 { "setPrivateKey", &pk_setPrivateKey }, 3904 { "setPrivateKey", &pk_setPrivateKey },
3400 { "sign", &pk_sign }, 3905 { "sign", &pk_sign },
3401 { "verify", &pk_verify }, 3906 { "verify", &pk_verify },
3907 { "getDefaultDigestName", &pk_getDefaultDigestName },
3402 { "toPEM", &pk_toPEM }, 3908 { "toPEM", &pk_toPEM },
3403 { "getParameters", &pk_getParameters }, 3909 { "getParameters", &pk_getParameters },
3404 { "setParameters", &pk_setParameters }, 3910 { "setParameters", &pk_setParameters },
@@ -3474,21 +3980,6 @@ static EC_GROUP *ecg_dup_nil(lua_State *L, const EC_GROUP *src) {
3474 return (src)? ecg_dup(L, src) : (lua_pushnil(L), (EC_GROUP *)0); 3980 return (src)? ecg_dup(L, src) : (lua_pushnil(L), (EC_GROUP *)0);
3475} /* ecg_dup_nil() */ 3981} /* ecg_dup_nil() */
3476 3982
3477static EC_GROUP *ecg_new_by_nid(int nid) {
3478 EC_GROUP *group;
3479
3480 if (!(group = EC_GROUP_new_by_curve_name(nid)))
3481 return NULL;
3482
3483 /* flag as named for benefit of __tostring */
3484 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
3485
3486 /* compressed points may be patented */
3487 EC_GROUP_set_point_conversion_form(group, POINT_CONVERSION_UNCOMPRESSED);
3488
3489 return group;
3490} /* ecg_new_by_nid() */
3491
3492static EC_GROUP *ecg_push_by_nid(lua_State *L, int nid) { 3983static EC_GROUP *ecg_push_by_nid(lua_State *L, int nid) {
3493 EC_GROUP **group = prepsimple(L, EC_GROUP_CLASS); 3984 EC_GROUP **group = prepsimple(L, EC_GROUP_CLASS);
3494 3985
@@ -3743,7 +4234,7 @@ static int xn_all(lua_State *L) {
3743 lua_setfield(L, -2, "id"); 4234 lua_setfield(L, -2, "id");
3744 4235
3745 len = ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)); 4236 len = ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry));
3746 lua_pushlstring(L, (char *)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), len); 4237 lua_pushlstring(L, (char *)ASN1_STRING_get0_data(X509_NAME_ENTRY_get_data(entry)), len);
3747 4238
3748 lua_setfield(L, -2, "blob"); 4239 lua_setfield(L, -2, "blob");
3749 4240
@@ -3777,7 +4268,7 @@ static int xn__next(lua_State *L) {
3777 lua_pushlstring(L, txt, len); 4268 lua_pushlstring(L, txt, len);
3778 4269
3779 len = ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)); 4270 len = ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry));
3780 lua_pushlstring(L, (char *)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), len); 4271 lua_pushlstring(L, (char *)ASN1_STRING_get0_data(X509_NAME_ENTRY_get_data(entry)), len);
3781 4272
3782 break; 4273 break;
3783 } 4274 }
@@ -3955,7 +4446,7 @@ text:
3955 4446
3956 gen->type = type; 4447 gen->type = type;
3957 4448
3958 if (!(gen->d.ia5 = M_ASN1_IA5STRING_new())) 4449 if (!(gen->d.ia5 = ASN1_STRING_type_new(V_ASN1_IA5STRING)))
3959 goto error; 4450 goto error;
3960 4451
3961 if (!ASN1_STRING_set(gen->d.ia5, (unsigned char *)txt, len)) 4452 if (!ASN1_STRING_set(gen->d.ia5, (unsigned char *)txt, len))
@@ -3976,7 +4467,7 @@ error:
3976 4467
3977 4468
3978#define GN_PUSHSTRING(L, o) \ 4469#define GN_PUSHSTRING(L, o) \
3979 lua_pushlstring((L), (char *)M_ASN1_STRING_data((o)), M_ASN1_STRING_length((o))) 4470 lua_pushlstring((L), (char *)ASN1_STRING_get0_data((o)), ASN1_STRING_length((o)))
3980 4471
3981static int gn__next(lua_State *L) { 4472static int gn__next(lua_State *L) {
3982 GENERAL_NAMES *gens = checksimple(L, lua_upvalueindex(1), X509_GENS_CLASS); 4473 GENERAL_NAMES *gens = checksimple(L, lua_upvalueindex(1), X509_GENS_CLASS);
@@ -4013,8 +4504,8 @@ static int gn__next(lua_State *L) {
4013 4504
4014 break; 4505 break;
4015 case GEN_IPADD: 4506 case GEN_IPADD:
4016 txt = (char *)M_ASN1_STRING_data(name->d.iPAddress); 4507 txt = (char *)ASN1_STRING_get0_data(name->d.iPAddress);
4017 len = M_ASN1_STRING_length(name->d.iPAddress); 4508 len = ASN1_STRING_length(name->d.iPAddress);
4018 4509
4019 switch (len) { 4510 switch (len) {
4020 case 16: 4511 case 16:
@@ -4259,7 +4750,7 @@ static int xe_getLongName(lua_State *L) {
4259static int xe_getData(lua_State *L) { 4750static int xe_getData(lua_State *L) {
4260 ASN1_STRING *data = X509_EXTENSION_get0_data(checksimple(L, 1, X509_EXT_CLASS)); 4751 ASN1_STRING *data = X509_EXTENSION_get0_data(checksimple(L, 1, X509_EXT_CLASS));
4261 4752
4262 lua_pushlstring(L, (char *)ASN1_STRING_data(data), ASN1_STRING_length(data)); 4753 lua_pushlstring(L, (char *)ASN1_STRING_get0_data(data), ASN1_STRING_length(data));
4263 4754
4264 return 1; 4755 return 1;
4265} /* xe_getData() */ 4756} /* xe_getData() */
@@ -4332,6 +4823,7 @@ static const auxL_IntegerReg xe_textopts[] = {
4332 { "ERROR_UNKNOWN", X509V3_EXT_ERROR_UNKNOWN }, 4823 { "ERROR_UNKNOWN", X509V3_EXT_ERROR_UNKNOWN },
4333 { "PARSE_UNKNOWN", X509V3_EXT_PARSE_UNKNOWN }, 4824 { "PARSE_UNKNOWN", X509V3_EXT_PARSE_UNKNOWN },
4334 { "DUMP_UNKNOWN", X509V3_EXT_DUMP_UNKNOWN }, 4825 { "DUMP_UNKNOWN", X509V3_EXT_DUMP_UNKNOWN },
4826 { NULL, 0 },
4335}; 4827};
4336 4828
4337int luaopen__openssl_x509_extension(lua_State *L) { 4829int luaopen__openssl_x509_extension(lua_State *L) {
@@ -4588,7 +5080,7 @@ static double timeutc(ASN1_TIME *time) {
4588 if (!ASN1_TIME_check(time)) 5080 if (!ASN1_TIME_check(time))
4589 return 0; 5081 return 0;
4590 5082
4591 cp = strncpy(buf, (const char *)ASN1_STRING_data((ASN1_STRING *)time), sizeof buf - 1); 5083 cp = strncpy(buf, (const char *)ASN1_STRING_get0_data((ASN1_STRING *)time), sizeof buf - 1);
4592 5084
4593 if (ASN1_STRING_type(time) == V_ASN1_GENERALIZEDTIME) { 5085 if (ASN1_STRING_type(time) == V_ASN1_GENERALIZEDTIME) {
4594 if (!scan(&year, &cp, 4, 1)) 5086 if (!scan(&year, &cp, 4, 1))
@@ -4992,7 +5484,7 @@ static int xc_setBasicConstraint(lua_State *L) {
4992 if (pathLen >= 0) { 5484 if (pathLen >= 0) {
4993 ASN1_INTEGER_free(bs->pathlen); 5485 ASN1_INTEGER_free(bs->pathlen);
4994 5486
4995 if (!(bs->pathlen = M_ASN1_INTEGER_new())) 5487 if (!(bs->pathlen = ASN1_STRING_type_new(V_ASN1_INTEGER)))
4996 goto error; 5488 goto error;
4997 5489
4998 if (!ASN1_INTEGER_set(bs->pathlen, pathLen)) 5490 if (!ASN1_INTEGER_set(bs->pathlen, pathLen))
@@ -5179,20 +5671,21 @@ static int xc_getPublicKeyDigest(lua_State *L) {
5179static const EVP_MD *xc_signature(lua_State *L, int index, EVP_PKEY *key) { 5671static const EVP_MD *xc_signature(lua_State *L, int index, EVP_PKEY *key) {
5180 const char *id; 5672 const char *id;
5181 const EVP_MD *md; 5673 const EVP_MD *md;
5674 int nid;
5182 5675
5183 if ((id = luaL_optstring(L, index, NULL))) 5676 if ((id = luaL_optstring(L, index, NULL))) {
5184 return ((md = EVP_get_digestbyname(id)))? md : EVP_md_null(); 5677 if (!(md = EVP_get_digestbyname(id)))
5185 5678 goto unknown;
5186 switch (EVP_PKEY_type(key->type)) { 5679 } else {
5187 case EVP_PKEY_RSA: 5680 if (!(EVP_PKEY_get_default_digest_nid(key, &nid) > 0))
5188 return EVP_sha1(); 5681 goto unknown;
5189 case EVP_PKEY_DSA: 5682 if (!(md = EVP_get_digestbynid(nid)))
5190 return EVP_dss1(); 5683 goto unknown;
5191 case EVP_PKEY_EC:
5192 return EVP_ecdsa();
5193 default:
5194 return EVP_md_null();
5195 } 5684 }
5685
5686 return md;
5687unknown:
5688 return EVP_sha1();
5196} /* xc_signature() */ 5689} /* xc_signature() */
5197 5690
5198static int xc_sign(lua_State *L) { 5691static int xc_sign(lua_State *L) {
@@ -5491,6 +5984,103 @@ static int xr_setPublicKey(lua_State *L) {
5491} /* xr_setPublicKey() */ 5984} /* xr_setPublicKey() */
5492 5985
5493 5986
5987static int xr_setExtensionByNid(lua_State *L, X509_REQ *csr, int target_nid, void* value) {
5988 STACK_OF(X509_EXTENSION) *sk = NULL;
5989 int has_attrs=0;
5990
5991 /*
5992 * Replace existing if it's there. Extensions are stored in a CSR in
5993 * an interesting way:
5994 *
5995 * They are stored as a list under either (most likely) the
5996 * "official" NID_ext_req or under NID_ms_ext_req which means
5997 * everything is stored under a list in a single "attribute" so we
5998 * can't use X509_REQ_add1_attr or similar.
5999 *
6000 * Instead we have to get the extensions, find and replace the SAN
6001 * if it's in there, then *replace* the extensions in the list of
6002 * attributes. (If we just try to add it the old ones are found
6003 * first and don't take priority.)
6004 */
6005 has_attrs = X509_REQ_get_attr_count(csr);
6006
6007 sk = X509_REQ_get_extensions(csr);
6008 if (!X509V3_add1_i2d(&sk, target_nid, value, 0, X509V3_ADD_REPLACE))
6009 goto error;
6010 if (X509_REQ_add_extensions(csr, sk) == 0)
6011 goto error;
6012 sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
6013 sk = NULL;
6014
6015 /*
6016 * Delete the old extensions attribute, so that the one we just
6017 * added takes priority.
6018 */
6019 if (has_attrs) {
6020 X509_ATTRIBUTE *attr = NULL;
6021 int idx, *pnid;
6022
6023 for (pnid = X509_REQ_get_extension_nids(); *pnid != NID_undef; pnid++) {
6024 idx = X509_REQ_get_attr_by_NID(csr, *pnid, -1);
6025 if (idx == -1)
6026 continue;
6027 if (!(attr = X509_REQ_delete_attr(csr, idx)))
6028 goto error;
6029 X509_ATTRIBUTE_free(attr);
6030 break;
6031 }
6032 if (!attr)
6033 goto error;
6034 }
6035
6036 /*
6037 * We have to mark the encoded form as invalid, otherwise when we
6038 * write it out again it will use the loaded version.
6039 */
6040#if HAVE_I2D_RE_X509_REQ_TBS
6041 (void)i2d_re_X509_REQ_tbs(csr, NULL); /* sets csr->req_info->enc.modified */
6042#else
6043 csr->req_info->enc.modified = 1;
6044#endif
6045
6046 lua_pushboolean(L, 1);
6047
6048 return 1;
6049error:
6050 if (sk)
6051 sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
6052
6053 return auxL_error(L, auxL_EOPENSSL, "x509.csr.setExtensionByNid");
6054} /* xr_setExtensionByNid() */
6055
6056
6057static int xr_setSubjectAlt(lua_State *L) {
6058 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
6059 GENERAL_NAMES *gens = checksimple(L, 2, X509_GENS_CLASS);
6060
6061 return xr_setExtensionByNid(L, csr, NID_subject_alt_name, gens);
6062} /* xr_setSubjectAlt */
6063
6064
6065static int xr_getSubjectAlt(lua_State *L) {
6066 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
6067 STACK_OF(X509_EXTENSION) *exts;
6068 GENERAL_NAMES *gens;
6069
6070 exts = X509_REQ_get_extensions(csr);
6071 gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
6072 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
6073 if (!gens) goto error;
6074
6075 gn_dup(L, gens);
6076
6077 return 1;
6078error:
6079 return 0;
6080} /* xr_getSubjectAlt() */
6081
6082
6083
5494static int xr_sign(lua_State *L) { 6084static int xr_sign(lua_State *L) {
5495 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS); 6085 X509_REQ *csr = checksimple(L, 1, X509_CSR_CLASS);
5496 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); 6086 EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS);
@@ -5548,6 +6138,8 @@ static const auxL_Reg xr_methods[] = {
5548 { "setSubject", &xr_setSubject }, 6138 { "setSubject", &xr_setSubject },
5549 { "getPublicKey", &xr_getPublicKey }, 6139 { "getPublicKey", &xr_getPublicKey },
5550 { "setPublicKey", &xr_setPublicKey }, 6140 { "setPublicKey", &xr_setPublicKey },
6141 { "getSubjectAlt", &xr_getSubjectAlt },
6142 { "setSubjectAlt", &xr_setSubjectAlt },
5551 { "sign", &xr_sign }, 6143 { "sign", &xr_sign },
5552 { "tostring", &xr__tostring }, 6144 { "tostring", &xr__tostring },
5553 { NULL, NULL }, 6145 { NULL, NULL },
@@ -6010,7 +6602,7 @@ static void xl_dup(lua_State *L, STACK_OF(X509) *src, _Bool copy) {
6010 for (i = 0; i < n; i++) { 6602 for (i = 0; i < n; i++) {
6011 if (!(crt = sk_X509_value(*dst, i))) 6603 if (!(crt = sk_X509_value(*dst, i)))
6012 continue; 6604 continue;
6013 CRYPTO_add(&crt->references, 1, CRYPTO_LOCK_X509); 6605 X509_up_ref(crt);
6014 } 6606 }
6015 } 6607 }
6016 6608
@@ -6195,8 +6787,8 @@ static int xs_verify(lua_State *L) {
6195 X509_STORE *store = checksimple(L, 1, X509_STORE_CLASS); 6787 X509_STORE *store = checksimple(L, 1, X509_STORE_CLASS);
6196 X509 *crt = checksimple(L, 2, X509_CERT_CLASS); 6788 X509 *crt = checksimple(L, 2, X509_CERT_CLASS);
6197 STACK_OF(X509) *chain = NULL, **proof; 6789 STACK_OF(X509) *chain = NULL, **proof;
6198 X509_STORE_CTX ctx; 6790 X509_STORE_CTX *ctx = NULL;
6199 int ok, why; 6791 int nr = 0, ok, why;
6200 6792
6201 /* pre-allocate space for a successful return */ 6793 /* pre-allocate space for a successful return */
6202 lua_settop(L, 3); 6794 lua_settop(L, 3);
@@ -6207,53 +6799,56 @@ static int xs_verify(lua_State *L) {
6207 int i, n; 6799 int i, n;
6208 6800
6209 if (!(chain = sk_X509_dup(checksimple(L, 3, X509_CHAIN_CLASS)))) 6801 if (!(chain = sk_X509_dup(checksimple(L, 3, X509_CHAIN_CLASS))))
6210 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify"); 6802 goto eossl;
6211 6803
6212 n = sk_X509_num(chain); 6804 n = sk_X509_num(chain);
6213 6805
6214 for (i = 0; i < n; i++) { 6806 for (i = 0; i < n; i++) {
6215 if (!(elm = sk_X509_value(chain, i))) 6807 if (!(elm = sk_X509_value(chain, i)))
6216 continue; 6808 continue;
6217 CRYPTO_add(&elm->references, 1, CRYPTO_LOCK_X509); 6809 X509_up_ref(elm);
6218 } 6810 }
6219 } 6811 }
6220 6812
6221 if (!X509_STORE_CTX_init(&ctx, store, crt, chain)) { 6813 if (!(ctx = X509_STORE_CTX_new()) || !X509_STORE_CTX_init(ctx, store, crt, chain)) {
6222 sk_X509_pop_free(chain, X509_free); 6814 sk_X509_pop_free(chain, X509_free);
6223 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify"); 6815 goto eossl;
6224 } 6816 }
6225 6817
6226 ERR_clear_error(); 6818 ERR_clear_error();
6227 6819
6228 ok = X509_verify_cert(&ctx); 6820 ok = X509_verify_cert(ctx);
6229 6821
6230 switch (ok) { 6822 switch (ok) {
6231 case 1: /* verified */ 6823 case 1: /* verified */
6232 *proof = X509_STORE_CTX_get1_chain(&ctx); 6824 if (!(*proof = X509_STORE_CTX_get1_chain(ctx)))
6233 6825 goto eossl;
6234 X509_STORE_CTX_cleanup(&ctx);
6235
6236 if (!*proof)
6237 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
6238 6826
6239 lua_pushboolean(L, 1); 6827 lua_pushboolean(L, 1);
6240 lua_pushvalue(L, -2); 6828 lua_pushvalue(L, -2);
6829 nr = 2;
6241 6830
6242 return 2; 6831 break;
6243 case 0: /* not verified */ 6832 case 0: /* not verified */
6244 why = X509_STORE_CTX_get_error(&ctx); 6833 why = X509_STORE_CTX_get_error(ctx);
6245
6246 X509_STORE_CTX_cleanup(&ctx);
6247 6834
6248 lua_pushboolean(L, 0); 6835 lua_pushboolean(L, 0);
6249 lua_pushstring(L, X509_verify_cert_error_string(why)); 6836 lua_pushstring(L, X509_verify_cert_error_string(why));
6837 nr = 2;
6250 6838
6251 return 2; 6839 break;
6252 default: 6840 default:
6253 X509_STORE_CTX_cleanup(&ctx); 6841 goto eossl;
6254
6255 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
6256 } 6842 }
6843
6844 X509_STORE_CTX_free(ctx);
6845
6846 return nr;
6847eossl:
6848 if (ctx)
6849 X509_STORE_CTX_free(ctx);
6850
6851 return auxL_error(L, auxL_EOPENSSL, "x509.store:verify");
6257} /* xs_verify() */ 6852} /* xs_verify() */
6258 6853
6259 6854
@@ -6529,7 +7124,7 @@ static int sx_new(lua_State *L) {
6529 method = (srv)? &SSLv23_server_method : &SSLv23_client_method; 7124 method = (srv)? &SSLv23_server_method : &SSLv23_client_method;
6530 options = SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3; 7125 options = SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3;
6531 break; 7126 break;
6532#ifndef OPENSSL_NO_SSL2 7127#if HAVE_SSLV2_CLIENT_METHOD && HAVE_SSLV2_SERVER_METHOD
6533 case 2: /* SSLv2 */ 7128 case 2: /* SSLv2 */
6534 method = (srv)? &SSLv2_server_method : &SSLv2_client_method; 7129 method = (srv)? &SSLv2_server_method : &SSLv2_client_method;
6535 break; 7130 break;
@@ -7001,7 +7596,7 @@ int luaopen__openssl_ssl_context(lua_State *L) {
7001static SSL *ssl_push(lua_State *L, SSL *ssl) { 7596static SSL *ssl_push(lua_State *L, SSL *ssl) {
7002 SSL **ud = prepsimple(L, SSL_CLASS); 7597 SSL **ud = prepsimple(L, SSL_CLASS);
7003 7598
7004 CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL); 7599 SSL_up_ref(ssl);
7005 *ud = ssl; 7600 *ud = ssl;
7006 7601
7007 return *ud; 7602 return *ud;
@@ -7152,7 +7747,7 @@ static int ssl_getVersion(lua_State *L) {
7152static int ssl_getClientVersion(lua_State *L) { 7747static int ssl_getClientVersion(lua_State *L) {
7153 SSL *ssl = checksimple(L, 1, SSL_CLASS); 7748 SSL *ssl = checksimple(L, 1, SSL_CLASS);
7154 int format = luaL_checkoption(L, 2, "d", (const char *[]){ "d", ".", "f", NULL }); 7749 int format = luaL_checkoption(L, 2, "d", (const char *[]){ "d", ".", "f", NULL });
7155 int version = ssl->client_version; 7750 int version = SSL_client_version(ssl);
7156 int major, minor; 7751 int major, minor;
7157 7752
7158 switch (format) { 7753 switch (format) {
@@ -7306,13 +7901,10 @@ static const EVP_MD *md_optdigest(lua_State *L, int index) {
7306 7901
7307static int md_new(lua_State *L) { 7902static int md_new(lua_State *L) {
7308 const EVP_MD *type = md_optdigest(L, 1); 7903 const EVP_MD *type = md_optdigest(L, 1);
7309 EVP_MD_CTX *ctx; 7904 EVP_MD_CTX **ctx;
7310
7311 ctx = prepudata(L, sizeof *ctx, DIGEST_CLASS, NULL);
7312
7313 EVP_MD_CTX_init(ctx);
7314 7905
7315 if (!EVP_DigestInit_ex(ctx, type, NULL)) 7906 ctx = prepsimple(L, DIGEST_CLASS, NULL);
7907 if (!(*ctx = EVP_MD_CTX_new()) || !EVP_DigestInit_ex(*ctx, type, NULL))
7316 return auxL_error(L, auxL_EOPENSSL, "digest.new"); 7908 return auxL_error(L, auxL_EOPENSSL, "digest.new");
7317 7909
7318 return 1; 7910 return 1;
@@ -7340,7 +7932,7 @@ static void md_update_(lua_State *L, EVP_MD_CTX *ctx, int from, int to) {
7340 7932
7341 7933
7342static int md_update(lua_State *L) { 7934static int md_update(lua_State *L) {
7343 EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS); 7935 EVP_MD_CTX *ctx = checksimple(L, 1, DIGEST_CLASS);
7344 7936
7345 md_update_(L, ctx, 2, lua_gettop(L)); 7937 md_update_(L, ctx, 2, lua_gettop(L));
7346 7938
@@ -7351,7 +7943,7 @@ static int md_update(lua_State *L) {
7351 7943
7352 7944
7353static int md_final(lua_State *L) { 7945static int md_final(lua_State *L) {
7354 EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS); 7946 EVP_MD_CTX *ctx = checksimple(L, 1, DIGEST_CLASS);
7355 unsigned char md[EVP_MAX_MD_SIZE]; 7947 unsigned char md[EVP_MAX_MD_SIZE];
7356 unsigned len; 7948 unsigned len;
7357 7949
@@ -7367,9 +7959,10 @@ static int md_final(lua_State *L) {
7367 7959
7368 7960
7369static int md__gc(lua_State *L) { 7961static int md__gc(lua_State *L) {
7370 EVP_MD_CTX *ctx = luaL_checkudata(L, 1, DIGEST_CLASS); 7962 EVP_MD_CTX **ctx = luaL_checkudata(L, 1, DIGEST_CLASS);
7371 7963
7372 EVP_MD_CTX_cleanup(ctx); 7964 EVP_MD_CTX_free(*ctx);
7965 *ctx = NULL;
7373 7966
7374 return 0; 7967 return 0;
7375} /* md__gc() */ 7968} /* md__gc() */
@@ -7410,16 +8003,25 @@ static int hmac_new(lua_State *L) {
7410 const void *key; 8003 const void *key;
7411 size_t len; 8004 size_t len;
7412 const EVP_MD *type; 8005 const EVP_MD *type;
7413 HMAC_CTX *ctx; 8006 HMAC_CTX **ctx;
7414 8007
7415 key = luaL_checklstring(L, 1, &len); 8008 key = luaL_checklstring(L, 1, &len);
7416 type = md_optdigest(L, 2); 8009 type = md_optdigest(L, 2);
7417 8010
7418 ctx = prepudata(L, sizeof *ctx, HMAC_CLASS, NULL); 8011 ctx = prepsimple(L, HMAC_CLASS, NULL);
8012 if (!(*ctx = HMAC_CTX_new()))
8013 goto eossl;
7419 8014
7420 HMAC_Init_ex(ctx, key, len, type, NULL); 8015#if HMAC_INIT_EX_INT
8016 if (!HMAC_Init_ex(*ctx, key, len, type, NULL))
8017 goto eossl;
8018#else
8019 HMAC_Init_ex(*ctx, key, len, type, NULL);
8020#endif
7421 8021
7422 return 1; 8022 return 1;
8023eossl:
8024 return auxL_error(L, auxL_EOPENSSL, "hmac.new");
7423} /* hmac_new() */ 8025} /* hmac_new() */
7424 8026
7425 8027
@@ -7443,7 +8045,7 @@ static void hmac_update_(lua_State *L, HMAC_CTX *ctx, int from, int to) {
7443 8045
7444 8046
7445static int hmac_update(lua_State *L) { 8047static int hmac_update(lua_State *L) {
7446 HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS); 8048 HMAC_CTX *ctx = checksimple(L, 1, HMAC_CLASS);
7447 8049
7448 hmac_update_(L, ctx, 2, lua_gettop(L)); 8050 hmac_update_(L, ctx, 2, lua_gettop(L));
7449 8051
@@ -7454,7 +8056,7 @@ static int hmac_update(lua_State *L) {
7454 8056
7455 8057
7456static int hmac_final(lua_State *L) { 8058static int hmac_final(lua_State *L) {
7457 HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS); 8059 HMAC_CTX *ctx = checksimple(L, 1, HMAC_CLASS);
7458 unsigned char hmac[EVP_MAX_MD_SIZE]; 8060 unsigned char hmac[EVP_MAX_MD_SIZE];
7459 unsigned len; 8061 unsigned len;
7460 8062
@@ -7469,9 +8071,10 @@ static int hmac_final(lua_State *L) {
7469 8071
7470 8072
7471static int hmac__gc(lua_State *L) { 8073static int hmac__gc(lua_State *L) {
7472 HMAC_CTX *ctx = luaL_checkudata(L, 1, HMAC_CLASS); 8074 HMAC_CTX **ctx = luaL_checkudata(L, 1, HMAC_CLASS);
7473 8075
7474 HMAC_CTX_cleanup(ctx); 8076 HMAC_CTX_free(*ctx);
8077 *ctx = NULL;
7475 8078
7476 return 0; 8079 return 0;
7477} /* hmac__gc() */ 8080} /* hmac__gc() */
@@ -7521,23 +8124,26 @@ static const EVP_CIPHER *cipher_checktype(lua_State *L, int index) {
7521 8124
7522static int cipher_new(lua_State *L) { 8125static int cipher_new(lua_State *L) {
7523 const EVP_CIPHER *type; 8126 const EVP_CIPHER *type;
7524 EVP_CIPHER_CTX *ctx; 8127 EVP_CIPHER_CTX **ctx;
7525 unsigned char key[EVP_MAX_KEY_LENGTH] = { 0 }; 8128 unsigned char key[EVP_MAX_KEY_LENGTH] = { 0 };
7526 8129
7527 type = cipher_checktype(L, 1); 8130 type = cipher_checktype(L, 1);
7528 8131
7529 ctx = prepudata(L, sizeof *ctx, CIPHER_CLASS, NULL); 8132 ctx = prepsimple(L, CIPHER_CLASS, NULL);
7530 EVP_CIPHER_CTX_init(ctx); 8133 if (!(*ctx = EVP_CIPHER_CTX_new()))
8134 goto eossl;
7531 8135
7532 /* 8136 /*
7533 * NOTE: For some ciphers like AES calling :update or :final without 8137 * NOTE: For some ciphers like AES calling :update or :final without
7534 * setting a key causes a SEGV. Set a dummy key here. Same solution 8138 * setting a key causes a SEGV. Set a dummy key here. Same solution
7535 * as used by Ruby OSSL. 8139 * as used by Ruby OSSL.
7536 */ 8140 */
7537 if (!EVP_CipherInit_ex(ctx, type, NULL, key, NULL, -1)) 8141 if (!EVP_CipherInit_ex(*ctx, type, NULL, key, NULL, -1))
7538 return auxL_error(L, auxL_EOPENSSL, "cipher.new"); 8142 goto eossl;
7539 8143
7540 return 1; 8144 return 1;
8145eossl:
8146 return auxL_error(L, auxL_EOPENSSL, "cipher.new");
7541} /* cipher_new() */ 8147} /* cipher_new() */
7542 8148
7543 8149
@@ -7547,7 +8153,7 @@ static int cipher_interpose(lua_State *L) {
7547 8153
7548 8154
7549static int cipher_init(lua_State *L, _Bool encrypt) { 8155static int cipher_init(lua_State *L, _Bool encrypt) {
7550 EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS); 8156 EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
7551 const void *key, *iv; 8157 const void *key, *iv;
7552 size_t n, m; 8158 size_t n, m;
7553 8159
@@ -7619,7 +8225,7 @@ static _Bool cipher_update_(lua_State *L, EVP_CIPHER_CTX *ctx, luaL_Buffer *B, i
7619 8225
7620 8226
7621static int cipher_update(lua_State *L) { 8227static int cipher_update(lua_State *L) {
7622 EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS); 8228 EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
7623 luaL_Buffer B; 8229 luaL_Buffer B;
7624 8230
7625 luaL_buffinit(L, &B); 8231 luaL_buffinit(L, &B);
@@ -7639,7 +8245,7 @@ sslerr:
7639 8245
7640 8246
7641static int cipher_final(lua_State *L) { 8247static int cipher_final(lua_State *L) {
7642 EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS); 8248 EVP_CIPHER_CTX *ctx = checksimple(L, 1, CIPHER_CLASS);
7643 luaL_Buffer B; 8249 luaL_Buffer B;
7644 size_t block; 8250 size_t block;
7645 int out; 8251 int out;
@@ -7670,9 +8276,10 @@ sslerr:
7670 8276
7671 8277
7672static int cipher__gc(lua_State *L) { 8278static int cipher__gc(lua_State *L) {
7673 EVP_CIPHER_CTX *ctx = luaL_checkudata(L, 1, CIPHER_CLASS); 8279 EVP_CIPHER_CTX **ctx = luaL_checkudata(L, 1, CIPHER_CLASS);
7674 8280
7675 EVP_CIPHER_CTX_cleanup(ctx); 8281 EVP_CIPHER_CTX_free(*ctx);
8282 *ctx = NULL;
7676 8283
7677 return 0; 8284 return 0;
7678} /* cipher__gc() */ 8285} /* cipher__gc() */
@@ -7719,49 +8326,61 @@ static struct randL_state *randL_getstate(lua_State *L) {
7719 return lua_touserdata(L, lua_upvalueindex(1)); 8326 return lua_touserdata(L, lua_upvalueindex(1));
7720} /* randL_getstate() */ 8327} /* randL_getstate() */
7721 8328
7722#ifndef HAVE_SYS_SYSCTL_H 8329#if HAVE_SYS_SYSCALL_H
7723#define HAVE_SYS_SYSCTL_H (!defined __sun && !defined _AIX) 8330#include <sys/syscall.h> /* SYS_getrandom syscall(2) */
7724#endif 8331#endif
7725 8332
7726#if HAVE_SYS_SYSCTL_H 8333#if HAVE_SYS_SYSCTL_H
7727#include <sys/sysctl.h> /* CTL_KERN KERN_RANDOM RANDOM_UUID KERN_URND KERN_ARND sysctl(2) */ 8334#include <sys/sysctl.h> /* CTL_KERN KERN_RANDOM RANDOM_UUID sysctl(2) */
7728#endif
7729
7730#ifndef HAVE_RANDOM_UUID
7731#define HAVE_RANDOM_UUID (defined __linux) /* RANDOM_UUID is an enum, not macro */
7732#endif
7733
7734#ifndef HAVE_KERN_URND
7735#define HAVE_KERN_URND (defined KERN_URND)
7736#endif
7737
7738#ifndef HAVE_KERN_ARND
7739#define HAVE_KERN_ARND (defined KERN_ARND)
7740#endif 8335#endif
7741 8336
7742static int randL_stir(struct randL_state *st, unsigned rqstd) { 8337static int randL_stir(struct randL_state *st, unsigned rqstd) {
7743 unsigned count = 0; 8338 unsigned count = 0;
7744 int error; 8339 int error;
7745 unsigned char data[256]; 8340 unsigned char data[256];
7746#if HAVE_RANDOM_UUID || HAVE_KERN_URND || HAVE_KERN_ARND 8341
7747#if HAVE_RANDOM_UUID 8342#if HAVE_ARC4RANDOM_BUF
7748 int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID }; 8343 while (count < rqstd) {
7749#elif HAVE_KERN_URND 8344 size_t n = MIN(rqstd - count, sizeof data);
7750 int mib[] = { CTL_KERN, KERN_URND }; 8345
7751#else 8346 arc4random_buf(data, n);
7752 int mib[] = { CTL_KERN, KERN_ARND }; 8347
8348 RAND_seed(data, n);
8349
8350 count += n;
8351 }
8352#endif
8353
8354#if HAVE_SYSCALL && HAVE_DECL_SYS_GETRANDOM
8355 while (count < rqstd) {
8356 size_t lim = MIN(rqstd - count, sizeof data);
8357 int n;
8358
8359 n = syscall(SYS_getrandom, data, lim, 0);
8360
8361 if (n == -1) {
8362 break;
8363 }
8364
8365 RAND_seed(data, n);
8366
8367 count += n;
8368 }
7753#endif 8369#endif
7754 8370
8371#if HAVE_SYS_SYSCTL_H && HAVE_DECL_RANDOM_UUID
7755 while (count < rqstd) { 8372 while (count < rqstd) {
8373 int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
7756 size_t n = MIN(rqstd - count, sizeof data); 8374 size_t n = MIN(rqstd - count, sizeof data);
7757 8375
7758 if (0 != sysctl(mib, countof(mib), data, &n, (void *)0, 0)) 8376 if (0 != sysctl(mib, countof(mib), data, &n, (void *)0, 0))
7759 break; 8377 break;
7760 8378
7761 RAND_add(data, n, n); 8379 RAND_seed(data, n);
7762 8380
7763 count += n; 8381 count += n;
7764 } 8382 }
8383
7765#endif 8384#endif
7766 8385
7767 if (count < rqstd) { 8386 if (count < rqstd) {
@@ -7792,7 +8411,7 @@ static int randL_stir(struct randL_state *st, unsigned rqstd) {
7792 8411
7793 goto error; 8412 goto error;
7794 default: 8413 default:
7795 RAND_add(data, n, n); 8414 RAND_seed(data, n);
7796 8415
7797 count += n; 8416 count += n;
7798 } 8417 }
@@ -7830,7 +8449,12 @@ error:;
7830#elif defined __sun 8449#elif defined __sun
7831 /* 8450 /*
7832 * NOTE: Linux requires -lrt for clock_gettime, and in any event 8451 * NOTE: Linux requires -lrt for clock_gettime, and in any event
7833 * already has RANDOM_UUID. The BSDs have KERN_URND and KERN_ARND. 8452 * should have RANDOM_UUID or getrandom. (Though, some middle-aged
8453 * kernels might have neither). The BSDs have arc4random which
8454 * should be using KERN_URND, KERN_ARND, and more recently
8455 * getentropy. (Though, again, some older BSD kernels used an
8456 * arc4random implementation that opened /dev/urandom.)
8457 *
7834 * Just do this for Solaris to keep things simple. We've already 8458 * Just do this for Solaris to keep things simple. We've already
7835 * crossed the line of what can be reasonably accomplished on 8459 * crossed the line of what can be reasonably accomplished on
7836 * unreasonable platforms. 8460 * unreasonable platforms.
diff --git a/src/openssl.x509.altname.lua b/src/openssl.x509.altname.lua
index 66f16e7..e8222a0 100644
--- a/src/openssl.x509.altname.lua
+++ b/src/openssl.x509.altname.lua
@@ -1,9 +1,10 @@
1local altname = require"_openssl.x509.altname" 1local altname = require"_openssl.x509.altname"
2local auxlib = require"openssl.auxlib"
2 3
3altname.interpose("__tostring", function (self) 4altname.interpose("__tostring", function (self)
4 local t = { } 5 local t = { }
5 6
6 for k, v in pairs(self) do 7 for k, v in auxlib.pairs(self) do
7 t[#t + 1] = k .. ":" .. v 8 t[#t + 1] = k .. ":" .. v
8 end 9 end
9 10
diff --git a/src/openssl.x509.name.lua b/src/openssl.x509.name.lua
index a531502..f33339a 100644
--- a/src/openssl.x509.name.lua
+++ b/src/openssl.x509.name.lua
@@ -1,9 +1,10 @@
1local name = require"_openssl.x509.name" 1local name = require"_openssl.x509.name"
2local auxlib = require"openssl.auxlib"
2 3
3name.interpose("__tostring", function (self) 4name.interpose("__tostring", function (self)
4 local t = { } 5 local t = { }
5 6
6 for k, v in pairs(self) do 7 for k, v in auxlib.pairs(self) do
7 t[#t + 1] = k .. "=" .. v 8 t[#t + 1] = k .. "=" .. v
8 end 9 end
9 10
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-16 17:48:00 +0000