From 4903e2f2c1f70aab8cdf9b28cffdea4028282379 Mon Sep 17 00:00:00 2001 From: Bruno Silvestre Date: Wed, 9 Oct 2019 14:49:58 -0300 Subject: [PATCH] Export 'config' table (#149) Avoid duplicating variable 'ssl_options'. --- INSTALL | 4 +- luasec-0.8-1.rockspec | 4 +- luasec.vcxproj | 3 +- src/Makefile | 4 +- src/config.c | 4 +- src/context.c | 4 +- src/options.c | 167 ++++++++++++++++++++++++++++++++++++++++++ src/options.h | 159 ++-------------------------------------- src/options.lua | 26 +++---- src/ssl.lua | 1 + 10 files changed, 197 insertions(+), 179 deletions(-) create mode 100644 src/options.c diff --git a/INSTALL b/INSTALL index 0ab0e9f..db18fd0 100644 --- a/INSTALL +++ b/INSTALL @@ -3,12 +3,12 @@ LuaSec 0.8 * OpenSSL options: - By default, LuaSec 0.8 includes options for OpenSSL 1.1.0g. + By default, LuaSec 0.8 includes options for OpenSSL 1.1.1. If you need to generate the options for a different version of OpenSSL: $ cd src - $ lua options.lua -g /usr/include/openssl/ssl.h > options.h + $ lua options.lua -g /usr/include/openssl/ssl.h > options.c -------------------------------------------------------------------------------- diff --git a/luasec-0.8-1.rockspec b/luasec-0.8-1.rockspec index 34ea93e..2a52494 100644 --- a/luasec-0.8-1.rockspec +++ b/luasec-0.8-1.rockspec @@ -58,7 +58,7 @@ build = { "ssl", "crypto" }, sources = { - "src/config.c", "src/ec.c", + "src/options.c", "src/config.c", "src/ec.c", "src/x509.c", "src/context.c", "src/ssl.c", "src/luasocket/buffer.c", "src/luasocket/io.c", "src/luasocket/timeout.c", "src/luasocket/usocket.c" @@ -93,7 +93,7 @@ build = { "$(OPENSSL_INCDIR)", "src/", "src/luasocket" }, sources = { - "src/config.c", "src/ec.c", + "src/options.c", "src/config.c", "src/ec.c", "src/x509.c", "src/context.c", "src/ssl.c", "src/luasocket/buffer.c", "src/luasocket/io.c", "src/luasocket/timeout.c", "src/luasocket/wsocket.c" diff --git a/luasec.vcxproj b/luasec.vcxproj index 557f83b..10b936a 100644 --- a/luasec.vcxproj +++ b/luasec.vcxproj @@ -107,6 +107,7 @@ + @@ -127,4 +128,4 @@ - \ No newline at end of file + diff --git a/src/Makefile b/src/Makefile index 9be2f14..5f22936 100644 --- a/src/Makefile +++ b/src/Makefile @@ -2,6 +2,7 @@ CMOD=ssl.so LMOD=ssl.lua OBJS= \ + options.o \ x509.o \ context.o \ ssl.o \ @@ -57,8 +58,9 @@ clean: cd luasocket && $(MAKE) clean rm -f $(OBJS) $(CMOD) +options.o: options.h options.c ec.o: ec.c ec.h x509.o: x509.c x509.h compat.h -context.o: context.c context.h ec.h compat.h +context.o: context.c context.h ec.h compat.h options.h ssl.o: ssl.c ssl.h context.h x509.h compat.h config.o: config.c ec.h options.h compat.h diff --git a/src/config.c b/src/config.c index 9ba3806..aeb2c95 100644 --- a/src/config.c +++ b/src/config.c @@ -14,14 +14,14 @@ */ LSEC_API int luaopen_ssl_config(lua_State *L) { - ssl_option_t *opt; + lsec_ssl_option_t *opt; lua_newtable(L); // Options lua_pushstring(L, "options"); lua_newtable(L); - for (opt = ssl_options; opt->name; opt++) { + for (opt = lsec_get_ssl_options(); opt->name; opt++) { lua_pushstring(L, opt->name); lua_pushboolean(L, 1); lua_rawset(L, -3); diff --git a/src/context.c b/src/context.c index 43b30c3..ce7d33b 100644 --- a/src/context.c +++ b/src/context.c @@ -50,8 +50,8 @@ static p_context testctx(lua_State *L, int idx) */ static int set_option_flag(const char *opt, unsigned long *flag) { - ssl_option_t *p; - for (p = ssl_options; p->name; p++) { + lsec_ssl_option_t *p; + for (p = lsec_get_ssl_options(); p->name; p++) { if (!strcmp(opt, p->name)) { *flag |= p->code; return 1; diff --git a/src/options.c b/src/options.c new file mode 100644 index 0000000..95a76df --- /dev/null +++ b/src/options.c @@ -0,0 +1,167 @@ +/*-------------------------------------------------------------------------- + * LuaSec 0.8 + * + * Copyright (C) 2006-2019 Bruno Silvestre + * + *--------------------------------------------------------------------------*/ + +#include + +#include "options.h" + +/* If you need to generate these options again, see options.lua */ + + +/* + OpenSSL version: OpenSSL 1.1.1 +*/ + +static lsec_ssl_option_t ssl_options[] = { +#if defined(SSL_OP_ALL) + {"all", SSL_OP_ALL}, +#endif +#if defined(SSL_OP_ALLOW_NO_DHE_KEX) + {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX}, +#endif +#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION}, +#endif +#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE) + {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE}, +#endif +#if defined(SSL_OP_CISCO_ANYCONNECT) + {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT}, +#endif +#if defined(SSL_OP_COOKIE_EXCHANGE) + {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE}, +#endif +#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG) + {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG}, +#endif +#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) + {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS}, +#endif +#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT) + {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT}, +#endif +#if defined(SSL_OP_EPHEMERAL_RSA) + {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA}, +#endif +#if defined(SSL_OP_LEGACY_SERVER_CONNECT) + {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT}, +#endif +#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) + {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER}, +#endif +#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG) + {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG}, +#endif +#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING) + {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING}, +#endif +#if defined(SSL_OP_NETSCAPE_CA_DN_BUG) + {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG}, +#endif +#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG) + {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG}, +#endif +#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) + {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG}, +#endif +#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) + {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG}, +#endif +#if defined(SSL_OP_NO_ANTI_REPLAY) + {"no_anti_replay", SSL_OP_NO_ANTI_REPLAY}, +#endif +#if defined(SSL_OP_NO_COMPRESSION) + {"no_compression", SSL_OP_NO_COMPRESSION}, +#endif +#if defined(SSL_OP_NO_DTLS_MASK) + {"no_dtls_mask", SSL_OP_NO_DTLS_MASK}, +#endif +#if defined(SSL_OP_NO_DTLSv1) + {"no_dtlsv1", SSL_OP_NO_DTLSv1}, +#endif +#if defined(SSL_OP_NO_DTLSv1_2) + {"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2}, +#endif +#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC) + {"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC}, +#endif +#if defined(SSL_OP_NO_QUERY_MTU) + {"no_query_mtu", SSL_OP_NO_QUERY_MTU}, +#endif +#if defined(SSL_OP_NO_RENEGOTIATION) + {"no_renegotiation", SSL_OP_NO_RENEGOTIATION}, +#endif +#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) + {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION}, +#endif +#if defined(SSL_OP_NO_SSL_MASK) + {"no_ssl_mask", SSL_OP_NO_SSL_MASK}, +#endif +#if defined(SSL_OP_NO_SSLv2) + {"no_sslv2", SSL_OP_NO_SSLv2}, +#endif +#if defined(SSL_OP_NO_SSLv3) + {"no_sslv3", SSL_OP_NO_SSLv3}, +#endif +#if defined(SSL_OP_NO_TICKET) + {"no_ticket", SSL_OP_NO_TICKET}, +#endif +#if defined(SSL_OP_NO_TLSv1) + {"no_tlsv1", SSL_OP_NO_TLSv1}, +#endif +#if defined(SSL_OP_NO_TLSv1_1) + {"no_tlsv1_1", SSL_OP_NO_TLSv1_1}, +#endif +#if defined(SSL_OP_NO_TLSv1_2) + {"no_tlsv1_2", SSL_OP_NO_TLSv1_2}, +#endif +#if defined(SSL_OP_NO_TLSv1_3) + {"no_tlsv1_3", SSL_OP_NO_TLSv1_3}, +#endif +#if defined(SSL_OP_PKCS1_CHECK_1) + {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1}, +#endif +#if defined(SSL_OP_PKCS1_CHECK_2) + {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2}, +#endif +#if defined(SSL_OP_PRIORITIZE_CHACHA) + {"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA}, +#endif +#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG) + {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG}, +#endif +#if defined(SSL_OP_SINGLE_DH_USE) + {"single_dh_use", SSL_OP_SINGLE_DH_USE}, +#endif +#if defined(SSL_OP_SINGLE_ECDH_USE) + {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE}, +#endif +#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG) + {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG}, +#endif +#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG) + {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG}, +#endif +#if defined(SSL_OP_TLSEXT_PADDING) + {"tlsext_padding", SSL_OP_TLSEXT_PADDING}, +#endif +#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG) + {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG}, +#endif +#if defined(SSL_OP_TLS_D5_BUG) + {"tls_d5_bug", SSL_OP_TLS_D5_BUG}, +#endif +#if defined(SSL_OP_TLS_ROLLBACK_BUG) + {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG}, +#endif + {NULL, 0L} +}; + +LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() { + return ssl_options; +} + diff --git a/src/options.h b/src/options.h index 12029a5..6569f3f 100644 --- a/src/options.h +++ b/src/options.h @@ -8,164 +8,15 @@ * *--------------------------------------------------------------------------*/ -#include +#include "compat.h" -/* If you need to generate these options again, see options.lua */ - -/* - OpenSSL version: OpenSSL 1.1.1b -*/ - -struct ssl_option_s { +struct lsec_ssl_option_s { const char *name; unsigned long code; }; -typedef struct ssl_option_s ssl_option_t; -static ssl_option_t ssl_options[] = { -#if defined(SSL_OP_ALL) - {"all", SSL_OP_ALL}, -#endif -#if defined(SSL_OP_ALLOW_NO_DHE_KEX) - {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX}, -#endif -#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) - {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION}, -#endif -#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE) - {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE}, -#endif -#if defined(SSL_OP_CISCO_ANYCONNECT) - {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT}, -#endif -#if defined(SSL_OP_COOKIE_EXCHANGE) - {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE}, -#endif -#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG) - {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG}, -#endif -#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) - {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS}, -#endif -#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT) - {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT}, -#endif -#if defined(SSL_OP_EPHEMERAL_RSA) - {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA}, -#endif -#if defined(SSL_OP_LEGACY_SERVER_CONNECT) - {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT}, -#endif -#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER}, -#endif -#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG) - {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG}, -#endif -#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING) - {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING}, -#endif -#if defined(SSL_OP_NETSCAPE_CA_DN_BUG) - {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG}, -#endif -#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG) - {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG}, -#endif -#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) - {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG}, -#endif -#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) - {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG}, -#endif -#if defined(SSL_OP_NO_ANTI_REPLAY) - {"no_anti_replay", SSL_OP_NO_ANTI_REPLAY}, -#endif -#if defined(SSL_OP_NO_COMPRESSION) - {"no_compression", SSL_OP_NO_COMPRESSION}, -#endif -#if defined(SSL_OP_NO_DTLS_MASK) - {"no_dtls_mask", SSL_OP_NO_DTLS_MASK}, -#endif -#if defined(SSL_OP_NO_DTLSv1) - {"no_dtlsv1", SSL_OP_NO_DTLSv1}, -#endif -#if defined(SSL_OP_NO_DTLSv1_2) - {"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2}, -#endif -#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC) - {"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC}, -#endif -#if defined(SSL_OP_NO_QUERY_MTU) - {"no_query_mtu", SSL_OP_NO_QUERY_MTU}, -#endif -#if defined(SSL_OP_NO_RENEGOTIATION) - {"no_renegotiation", SSL_OP_NO_RENEGOTIATION}, -#endif -#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) - {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION}, -#endif -#if defined(SSL_OP_NO_SSL_MASK) - {"no_ssl_mask", SSL_OP_NO_SSL_MASK}, -#endif -#if defined(SSL_OP_NO_SSLv2) - {"no_sslv2", SSL_OP_NO_SSLv2}, -#endif -#if defined(SSL_OP_NO_SSLv3) - {"no_sslv3", SSL_OP_NO_SSLv3}, -#endif -#if defined(SSL_OP_NO_TICKET) - {"no_ticket", SSL_OP_NO_TICKET}, -#endif -#if defined(SSL_OP_NO_TLSv1) - {"no_tlsv1", SSL_OP_NO_TLSv1}, -#endif -#if defined(SSL_OP_NO_TLSv1_1) - {"no_tlsv1_1", SSL_OP_NO_TLSv1_1}, -#endif -#if defined(SSL_OP_NO_TLSv1_2) - {"no_tlsv1_2", SSL_OP_NO_TLSv1_2}, -#endif -#if defined(SSL_OP_NO_TLSv1_3) - {"no_tlsv1_3", SSL_OP_NO_TLSv1_3}, -#endif -#if defined(SSL_OP_PKCS1_CHECK_1) - {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1}, -#endif -#if defined(SSL_OP_PKCS1_CHECK_2) - {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2}, -#endif -#if defined(SSL_OP_PRIORITIZE_CHACHA) - {"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA}, -#endif -#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG) - {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG}, -#endif -#if defined(SSL_OP_SINGLE_DH_USE) - {"single_dh_use", SSL_OP_SINGLE_DH_USE}, -#endif -#if defined(SSL_OP_SINGLE_ECDH_USE) - {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE}, -#endif -#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG) - {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG}, -#endif -#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG) - {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG}, -#endif -#if defined(SSL_OP_TLSEXT_PADDING) - {"tlsext_padding", SSL_OP_TLSEXT_PADDING}, -#endif -#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG) - {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG}, -#endif -#if defined(SSL_OP_TLS_D5_BUG) - {"tls_d5_bug", SSL_OP_TLS_D5_BUG}, -#endif -#if defined(SSL_OP_TLS_ROLLBACK_BUG) - {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG}, -#endif - {NULL, 0L} -}; +typedef struct lsec_ssl_option_s lsec_ssl_option_t; + +LSEC_API lsec_ssl_option_t* lsec_get_ssl_options(); #endif - diff --git a/src/options.lua b/src/options.lua index cc0ab70..4b2e5bb 100644 --- a/src/options.lua +++ b/src/options.lua @@ -1,10 +1,10 @@ local function usage() print("Usage:") print("* Generate options of your system:") - print(" lua options.lua -g /path/to/ssl.h [version] > options.h") + print(" lua options.lua -g /path/to/ssl.h [version] > options.c") print("* Examples:") - print(" lua options.lua -g /usr/include/openssl/ssl.h > options.h\n") - print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.h\n") + print(" lua options.lua -g /usr/include/openssl/ssl.h > options.c\n") + print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.c\n") print("* List options of your system:") print(" lua options.lua -l /path/to/ssl.h\n") @@ -17,9 +17,6 @@ end local function generate(options, version) print([[ -#ifndef LSEC_OPTIONS_H -#define LSEC_OPTIONS_H - /*-------------------------------------------------------------------------- * LuaSec 0.8 * @@ -29,22 +26,19 @@ local function generate(options, version) #include +#include "options.h" + /* If you need to generate these options again, see options.lua */ + ]]) + printf([[ /* OpenSSL version: %s */ ]], version) - print([[ -struct ssl_option_s { - const char *name; - unsigned long code; -}; -typedef struct ssl_option_s ssl_option_t; -]]) - print([[static ssl_option_t ssl_options[] = {]]) + print([[static lsec_ssl_option_t ssl_options[] = {]]) for k, option in ipairs(options) do local name = string.lower(string.sub(option, 8)) @@ -56,7 +50,9 @@ typedef struct ssl_option_s ssl_option_t; print([[ }; -#endif +LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() { + return ssl_options; +} ]]) end diff --git a/src/ssl.lua b/src/ssl.lua index fedb4ff..66cd0fa 100644 --- a/src/ssl.lua +++ b/src/ssl.lua @@ -273,6 +273,7 @@ core.setmethod("info", info) local _M = { _VERSION = "0.8", _COPYRIGHT = core.copyright(), + config = config, loadcertificate = x509.load, newcontext = newcontext, wrap = wrap,