From 908fc346d20b88ba6ad2236faa2fe78582f5c1e9 Mon Sep 17 00:00:00 2001 From: Bruno Silvestre Date: Sun, 2 Sep 2012 11:33:59 -0300 Subject: [PATCH] LuaSec 0.4.1 --- CHANGELOG | 7 +++ INSTALL | 2 +- LICENSE | 4 +- src/buffer.c | 2 +- src/context.c | 51 +--------------- src/context.h | 4 +- src/https.lua | 8 +-- src/options.h | 163 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/ssl.c | 7 ++- src/ssl.h | 4 +- src/ssl.lua | 8 +-- 11 files changed, 194 insertions(+), 66 deletions(-) create mode 100644 src/options.h diff --git a/CHANGELOG b/CHANGELOG index 9dfe692..4b4867e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,11 @@ -------------------------------------------------------------------------------- +LuaSec 0.4.1 +------------ +- SSL options updated --- based on OpenSSL 1.0.0d. +- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available. + (thanks Prosody project) + +--------------------------------------------------------------------------------- LuaSec 0.4 ------------ - Add option 'no_ticket' (included in OpenSSL 0.9.8f). diff --git a/INSTALL b/INSTALL index faa0436..b65aa7e 100644 --- a/INSTALL +++ b/INSTALL @@ -1,4 +1,4 @@ -LuaSec 0.4 +LuaSec 0.4.1 ------------ * On Linux, BSD, and Mac OS X: diff --git a/LICENSE b/LICENSE index 07b8826..ec56917 100644 --- a/LICENSE +++ b/LICENSE @@ -1,5 +1,5 @@ -LuaSec 0.4 license -Copyright (C) 2006-2009 Bruno Silvestre, PUC-Rio +LuaSec 0.4.1 license +Copyright (C) 2006-2011 Bruno Silvestre, PUC-Rio Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/src/buffer.c b/src/buffer.c index 673fd6f..8e755be 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -195,7 +195,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) { pos = 0; while (pos < count && data[pos] != '\n') { /* we ignore all \r's */ - if (data[pos] != '\r') luaL_putchar(b, data[pos]); + if (data[pos] != '\r') luaL_addchar(b, data[pos]); pos++; } if (pos < count) { /* found '\n' */ diff --git a/src/context.c b/src/context.c index 416b504..53e3d3a 100644 --- a/src/context.c +++ b/src/context.c @@ -1,6 +1,6 @@ /*-------------------------------------------------------------------------- - * LuaSec 0.4 - * Copyright (C) 2006-2009 Bruno Silvestre + * LuaSec 0.4.1 + * Copyright (C) 2006-2011 Bruno Silvestre * *--------------------------------------------------------------------------*/ @@ -12,52 +12,7 @@ #include #include "context.h" - -struct ssl_option_s { - const char *name; - unsigned long code; -}; -typedef struct ssl_option_s ssl_option_t; - - -static ssl_option_t ssl_options[] = { - /* OpenSSL 0.9.7 and 0.9.8 */ - {"all", SSL_OP_ALL}, - {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE}, - {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS}, - {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA}, - {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG}, - {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG}, - {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER}, - {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG}, - {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING}, - {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG}, - {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG}, - {"no_session_resumption_on_renegotiation", - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION}, - {"no_sslv2", SSL_OP_NO_SSLv2}, - {"no_sslv3", SSL_OP_NO_SSLv3}, - {"no_tlsv1", SSL_OP_NO_TLSv1}, - {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1}, - {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2}, - {"single_dh_use", SSL_OP_SINGLE_DH_USE}, - {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG}, - {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG}, - {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG}, - {"tls_d5_bug", SSL_OP_TLS_D5_BUG}, - {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG}, - /* OpenSSL 0.9.8 only */ -#if OPENSSL_VERSION_NUMBER > 0x00908000L - {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE}, - {"no_query_mtu", SSL_OP_NO_QUERY_MTU}, - {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE}, -#endif - /* OpenSSL 0.9.8f and above */ -#if defined(SSL_OP_NO_TICKET) - {"no_ticket", SSL_OP_NO_TICKET}, -#endif - {NULL, 0L} -}; +#include "options.h" /*--------------------------- Auxiliary Functions ----------------------------*/ diff --git a/src/context.h b/src/context.h index 93470bd..902311a 100644 --- a/src/context.h +++ b/src/context.h @@ -2,8 +2,8 @@ #define __CONTEXT_H__ /*-------------------------------------------------------------------------- - * LuaSec 0.4 - * Copyright (C) 2006-2009 Bruno Silvestre + * LuaSec 0.4.1 + * Copyright (C) 2006-2011 Bruno Silvestre * *--------------------------------------------------------------------------*/ diff --git a/src/https.lua b/src/https.lua index 19c19fe..00a7e5b 100644 --- a/src/https.lua +++ b/src/https.lua @@ -1,6 +1,6 @@ ---------------------------------------------------------------------------- --- LuaSec 0.4 --- Copyright (C) 2009 PUC-Rio +-- LuaSec 0.4.1 +-- Copyright (C) 2009-2011 PUC-Rio -- -- Author: Pablo Musa -- Author: Tomas Guisasola @@ -22,8 +22,8 @@ local getmetatable = getmetatable module("ssl.https") -_VERSION = "0.4" -_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2009 PUC-Rio" +_VERSION = "0.4.1" +_COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2009-2011 PUC-Rio" -- Default settings PORT = 443 diff --git a/src/options.h b/src/options.h new file mode 100644 index 0000000..c260d46 --- /dev/null +++ b/src/options.h @@ -0,0 +1,163 @@ +/*-------------------------------------------------------------------------- + * LuaSec 0.4.1 + * Copyright (C) 2006-2011 Bruno Silvestre + * + *--------------------------------------------------------------------------*/ + +struct ssl_option_s { + const char *name; + unsigned long code; +}; +typedef struct ssl_option_s ssl_option_t; + +/* +-- Supported SSL options and script in Lua 5.1 to generate the file. +-- Ugly, but easier to maintain. + +local options = [[ +SSL_OP_ALL +SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION +SSL_OP_CIPHER_SERVER_PREFERENCE +SSL_OP_CISCO_ANYCONNECT +SSL_OP_COOKIE_EXCHANGE +SSL_OP_CRYPTOPRO_TLSEXT_BUG +SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS +SSL_OP_EPHEMERAL_RSA +SSL_OP_LEGACY_SERVER_CONNECT +SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER +SSL_OP_MICROSOFT_SESS_ID_BUG +SSL_OP_MSIE_SSLV2_RSA_PADDING +SSL_OP_NETSCAPE_CA_DN_BUG +SSL_OP_NETSCAPE_CHALLENGE_BUG +SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG +SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG +SSL_OP_NO_COMPRESSION +SSL_OP_NO_QUERY_MTU +SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION +SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_NO_TICKET +SSL_OP_NO_TLSv1 +SSL_OP_PKCS1_CHECK_1 +SSL_OP_PKCS1_CHECK_2 +SSL_OP_SINGLE_DH_USE +SSL_OP_SINGLE_ECDH_USE +SSL_OP_SSLEAY_080_CLIENT_DH_BUG +SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG +SSL_OP_TLS_BLOCK_PADDING_BUG +SSL_OP_TLS_D5_BUG +SSL_OP_TLS_ROLLBACK_BUG +]] + +print([[static ssl_option_t ssl_options[] = {]]) + +for option in string.gmatch(options, "(%S+)") do + local name = string.lower(string.sub(option, 8)) + print(string.format([[#if defined(%s)]], option)) + print(string.format([[ {"%s", %s},]], name, option)) + print([[#endif]]) +end + +print([[ {NULL, 0L}]]) +print([[};]]) +*/ + +static ssl_option_t ssl_options[] = { +#if defined(SSL_OP_ALL) + {"all", SSL_OP_ALL}, +#endif +#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) + {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION}, +#endif +#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE) + {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE}, +#endif +#if defined(SSL_OP_CISCO_ANYCONNECT) + {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT}, +#endif +#if defined(SSL_OP_COOKIE_EXCHANGE) + {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE}, +#endif +#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG) + {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG}, +#endif +#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) + {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS}, +#endif +#if defined(SSL_OP_EPHEMERAL_RSA) + {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA}, +#endif +#if defined(SSL_OP_LEGACY_SERVER_CONNECT) + {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT}, +#endif +#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) + {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER}, +#endif +#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG) + {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG}, +#endif +#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING) + {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING}, +#endif +#if defined(SSL_OP_NETSCAPE_CA_DN_BUG) + {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG}, +#endif +#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG) + {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG}, +#endif +#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) + {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG}, +#endif +#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) + {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG}, +#endif +#if defined(SSL_OP_NO_COMPRESSION) + {"no_compression", SSL_OP_NO_COMPRESSION}, +#endif +#if defined(SSL_OP_NO_QUERY_MTU) + {"no_query_mtu", SSL_OP_NO_QUERY_MTU}, +#endif +#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION) + {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION}, +#endif +#if defined(SSL_OP_NO_SSLv2) + {"no_sslv2", SSL_OP_NO_SSLv2}, +#endif +#if defined(SSL_OP_NO_SSLv3) + {"no_sslv3", SSL_OP_NO_SSLv3}, +#endif +#if defined(SSL_OP_NO_TICKET) + {"no_ticket", SSL_OP_NO_TICKET}, +#endif +#if defined(SSL_OP_NO_TLSv1) + {"no_tlsv1", SSL_OP_NO_TLSv1}, +#endif +#if defined(SSL_OP_PKCS1_CHECK_1) + {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1}, +#endif +#if defined(SSL_OP_PKCS1_CHECK_2) + {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2}, +#endif +#if defined(SSL_OP_SINGLE_DH_USE) + {"single_dh_use", SSL_OP_SINGLE_DH_USE}, +#endif +#if defined(SSL_OP_SINGLE_ECDH_USE) + {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE}, +#endif +#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG) + {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG}, +#endif +#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG) + {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG}, +#endif +#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG) + {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG}, +#endif +#if defined(SSL_OP_TLS_D5_BUG) + {"tls_d5_bug", SSL_OP_TLS_D5_BUG}, +#endif +#if defined(SSL_OP_TLS_ROLLBACK_BUG) + {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG}, +#endif + {NULL, 0L} +}; diff --git a/src/ssl.c b/src/ssl.c index 4058c97..bb5bbc7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1,6 +1,6 @@ /*-------------------------------------------------------------------------- - * LuaSec 0.4 - * Copyright (C) 2006-2009 Bruno Silvestre + * LuaSec 0.4.1 + * Copyright (C) 2006-2011 Bruno Silvestre * *--------------------------------------------------------------------------*/ @@ -220,6 +220,9 @@ static int meth_create(lua_State *L) SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID); SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +#if defined(SSL_MODE_RELEASE_BUFFERS) + SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS); +#endif if (mode == MD_CTX_SERVER) SSL_set_accept_state(ssl->ssl); else diff --git a/src/ssl.h b/src/ssl.h index d504f71..a3e4d25 100644 --- a/src/ssl.h +++ b/src/ssl.h @@ -2,8 +2,8 @@ #define __SSL_H__ /*-------------------------------------------------------------------------- - * LuaSec 0.4 - * Copyright (C) 2006-2009 Bruno Silvestre + * LuaSec 0.4.1 + * Copyright (C) 2006-2011 Bruno Silvestre * *--------------------------------------------------------------------------*/ diff --git a/src/ssl.lua b/src/ssl.lua index 18a07b3..0170bc8 100644 --- a/src/ssl.lua +++ b/src/ssl.lua @@ -1,6 +1,6 @@ ------------------------------------------------------------------------------ --- LuaSec 0.4 --- Copyright (C) 2006-2009 Bruno Silvestre +-- LuaSec 0.4.1 +-- Copyright (C) 2006-2011 Bruno Silvestre -- ------------------------------------------------------------------------------ @@ -10,8 +10,8 @@ require("ssl.core") require("ssl.context") -_VERSION = "0.4" -_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. +_VERSION = "0.4.1" +_COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2006-2011 Bruno Silvestre\n" .. "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab" -- Export functions