Discover curves dynamically

This commit is contained in:
Bruno Silvestre 2017-06-16 21:03:10 -03:00
parent 5299803bef
commit fc757e1fd0
8 changed files with 79 additions and 74 deletions

View File

@ -2,9 +2,10 @@ CMOD=ssl.so
LMOD=ssl.lua
OBJS= \
x509.o \
x509.o \
context.o \
ssl.o
ssl.o \
ec.o
LIBS=-lssl -lcrypto -lluasocket
@ -55,6 +56,7 @@ clean:
cd luasocket && $(MAKE) clean
rm -f $(OBJS) $(CMOD)
x509.o: x509.c x509.h config.h
context.o: context.c context.h ec.h config.h
ssl.o: ssl.c ssl.h context.h x509.h config.h
x509.o: x509.c x509.h compat.h
context.o: context.c context.h ec.h compat.h
ssl.o: ssl.c ssl.h context.h x509.h compat.h
ec.o: ec.c ec.h

View File

@ -4,8 +4,8 @@
*
*--------------------------------------------------------------------------*/
#ifndef LSEC_CONFIG_H
#define LSEC_CONFIG_H
#ifndef LSEC_COMPAT_H
#define LSEC_COMPAT_H
#if defined(_WIN32)
#define LSEC_API __declspec(dllexport)

View File

@ -300,18 +300,6 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
}
#ifndef OPENSSL_NO_ECDH
static EC_KEY *find_ec_key(const char *str)
{
p_ec ptr;
for (ptr = curves; ptr->name; ptr++) {
if (!strcmp(str, ptr->name))
return EC_KEY_new_by_curve_name(ptr->nid);
}
return NULL;
}
#endif
/*------------------------------ Lua Functions -------------------------------*/
/**
@ -592,7 +580,7 @@ static int set_curve(lua_State *L)
return 1;
#else /* !defined(SSL_CTRL_SET_CURVES_LIST) */
EC_KEY *key = find_ec_key(str);
EC_KEY *key = lsec_find_ec_key(L, str);
if (!key) {
lua_pushboolean(L, 0);
@ -789,6 +777,8 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
luaL_newlib(L, meta_index);
lua_setfield(L, -2, "__index");
lsec_load_curves(L);
/* Return the module */
luaL_newlib(L, funcs);

View File

@ -10,7 +10,7 @@
#include <lua.h>
#include <openssl/ssl.h>
#include "config.h"
#include "compat.h"
#define LSEC_MODE_INVALID 0
#define LSEC_MODE_SERVER 1

57
src/ec.c Normal file
View File

@ -0,0 +1,57 @@
#include <openssl/objects.h>
#include "ec.h"
#ifndef OPENSSL_NO_ECDH
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
{
int nid;
lua_pushstring(L, "SSL:EC:CURVES");
lua_rawget(L, LUA_REGISTRYINDEX);
lua_pushstring(L, str);
lua_rawget(L, -2);
if (!lua_isnumber(L, -1))
return NULL;
nid = (int)lua_tonumber(L, -1);
return EC_KEY_new_by_curve_name(nid);
}
void lsec_load_curves(lua_State *L)
{
size_t i;
size_t size;
const char *name;
EC_builtin_curve *curves = NULL;
lua_pushstring(L, "SSL:EC:CURVES");
lua_newtable(L);
size = EC_get_builtin_curves(NULL, 0);
if (size > 0) {
curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
EC_get_builtin_curves(curves, size);
for (i = 0; i < size; i++) {
name = OBJ_nid2sn(curves[i].nid);
if (name != NULL) {
lua_pushstring(L, name);
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
}
}
free(curves);
}
lua_rawset(L, LUA_REGISTRYINDEX);
}
#else
void lsec_load_curves(lua_State *L)
{
// do nothing
}
#endif

View File

@ -7,58 +7,14 @@
#ifndef LSEC_EC_H
#define LSEC_EC_H
#include <openssl/objects.h>
#include <lua.h>
typedef struct t_ec_ {
char *name;
int nid;
} t_ec;
typedef t_ec* p_ec;
#ifndef OPENSSL_NO_ECDH
#include <openssl/ec.h>
/* Elliptic curves supported */
static t_ec curves[] = {
/* SECG */
{"secp112r1", NID_secp112r1},
{"secp112r2", NID_secp112r2},
{"secp128r1", NID_secp128r1},
{"secp128r2", NID_secp128r2},
{"secp160k1", NID_secp160k1},
{"secp160r1", NID_secp160r1},
{"secp160r2", NID_secp160r2},
{"secp192k1", NID_secp192k1},
{"secp224k1", NID_secp224k1},
{"secp224r1", NID_secp224r1},
{"secp256k1", NID_secp256k1},
{"secp384r1", NID_secp384r1},
{"secp521r1", NID_secp521r1},
{"sect113r1", NID_sect113r1},
{"sect113r2", NID_sect113r2},
{"sect131r1", NID_sect131r1},
{"sect131r2", NID_sect131r2},
{"sect163k1", NID_sect163k1},
{"sect163r1", NID_sect163r1},
{"sect163r2", NID_sect163r2},
{"sect193r1", NID_sect193r1},
{"sect193r2", NID_sect193r2},
{"sect233k1", NID_sect233k1},
{"sect233r1", NID_sect233r1},
{"sect239k1", NID_sect239k1},
{"sect283k1", NID_sect283k1},
{"sect283r1", NID_sect283r1},
{"sect409k1", NID_sect409k1},
{"sect409r1", NID_sect409r1},
{"sect571k1", NID_sect571k1},
{"sect571r1", NID_sect571r1},
/* ANSI X9.62 */
{"prime192v1", NID_X9_62_prime192v1},
{"prime192v2", NID_X9_62_prime192v2},
{"prime192v3", NID_X9_62_prime192v3},
{"prime239v1", NID_X9_62_prime239v1},
{"prime239v2", NID_X9_62_prime239v2},
{"prime239v3", NID_X9_62_prime239v3},
{"prime256v1", NID_X9_62_prime256v1},
/* End */
{NULL, 0U}
};
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
#endif
void lsec_load_curves(lua_State *L);
#endif

View File

@ -15,7 +15,7 @@
#include <luasocket/timeout.h>
#include <luasocket/socket.h>
#include "config.h"
#include "compat.h"
#include "context.h"
#define LSEC_STATE_NEW 1

View File

@ -12,7 +12,7 @@
#include <openssl/x509v3.h>
#include <lua.h>
#include "config.h"
#include "compat.h"
/* We do not support UniversalString nor BMPString as ASN.1 String types */
enum { LSEC_AI5_STRING, LSEC_UTF8_STRING };