mirror of
https://github.com/brunoos/luasec.git
synced 2024-12-26 20:48:22 +01:00
Discover curves dynamically
This commit is contained in:
parent
5299803bef
commit
fc757e1fd0
12
src/Makefile
12
src/Makefile
@ -2,9 +2,10 @@ CMOD=ssl.so
|
||||
LMOD=ssl.lua
|
||||
|
||||
OBJS= \
|
||||
x509.o \
|
||||
x509.o \
|
||||
context.o \
|
||||
ssl.o
|
||||
ssl.o \
|
||||
ec.o
|
||||
|
||||
LIBS=-lssl -lcrypto -lluasocket
|
||||
|
||||
@ -55,6 +56,7 @@ clean:
|
||||
cd luasocket && $(MAKE) clean
|
||||
rm -f $(OBJS) $(CMOD)
|
||||
|
||||
x509.o: x509.c x509.h config.h
|
||||
context.o: context.c context.h ec.h config.h
|
||||
ssl.o: ssl.c ssl.h context.h x509.h config.h
|
||||
x509.o: x509.c x509.h compat.h
|
||||
context.o: context.c context.h ec.h compat.h
|
||||
ssl.o: ssl.c ssl.h context.h x509.h compat.h
|
||||
ec.o: ec.c ec.h
|
||||
|
@ -4,8 +4,8 @@
|
||||
*
|
||||
*--------------------------------------------------------------------------*/
|
||||
|
||||
#ifndef LSEC_CONFIG_H
|
||||
#define LSEC_CONFIG_H
|
||||
#ifndef LSEC_COMPAT_H
|
||||
#define LSEC_COMPAT_H
|
||||
|
||||
#if defined(_WIN32)
|
||||
#define LSEC_API __declspec(dllexport)
|
@ -300,18 +300,6 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||
return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
|
||||
}
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
static EC_KEY *find_ec_key(const char *str)
|
||||
{
|
||||
p_ec ptr;
|
||||
for (ptr = curves; ptr->name; ptr++) {
|
||||
if (!strcmp(str, ptr->name))
|
||||
return EC_KEY_new_by_curve_name(ptr->nid);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*------------------------------ Lua Functions -------------------------------*/
|
||||
|
||||
/**
|
||||
@ -592,7 +580,7 @@ static int set_curve(lua_State *L)
|
||||
return 1;
|
||||
|
||||
#else /* !defined(SSL_CTRL_SET_CURVES_LIST) */
|
||||
EC_KEY *key = find_ec_key(str);
|
||||
EC_KEY *key = lsec_find_ec_key(L, str);
|
||||
|
||||
if (!key) {
|
||||
lua_pushboolean(L, 0);
|
||||
@ -789,6 +777,8 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
|
||||
luaL_newlib(L, meta_index);
|
||||
lua_setfield(L, -2, "__index");
|
||||
|
||||
lsec_load_curves(L);
|
||||
|
||||
/* Return the module */
|
||||
luaL_newlib(L, funcs);
|
||||
|
||||
|
@ -10,7 +10,7 @@
|
||||
#include <lua.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#include "config.h"
|
||||
#include "compat.h"
|
||||
|
||||
#define LSEC_MODE_INVALID 0
|
||||
#define LSEC_MODE_SERVER 1
|
||||
|
57
src/ec.c
Normal file
57
src/ec.c
Normal file
@ -0,0 +1,57 @@
|
||||
#include <openssl/objects.h>
|
||||
|
||||
#include "ec.h"
|
||||
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
|
||||
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
|
||||
{
|
||||
int nid;
|
||||
lua_pushstring(L, "SSL:EC:CURVES");
|
||||
lua_rawget(L, LUA_REGISTRYINDEX);
|
||||
lua_pushstring(L, str);
|
||||
lua_rawget(L, -2);
|
||||
|
||||
if (!lua_isnumber(L, -1))
|
||||
return NULL;
|
||||
|
||||
nid = (int)lua_tonumber(L, -1);
|
||||
return EC_KEY_new_by_curve_name(nid);
|
||||
}
|
||||
|
||||
void lsec_load_curves(lua_State *L)
|
||||
{
|
||||
size_t i;
|
||||
size_t size;
|
||||
const char *name;
|
||||
EC_builtin_curve *curves = NULL;
|
||||
|
||||
lua_pushstring(L, "SSL:EC:CURVES");
|
||||
lua_newtable(L);
|
||||
|
||||
size = EC_get_builtin_curves(NULL, 0);
|
||||
if (size > 0) {
|
||||
curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
|
||||
EC_get_builtin_curves(curves, size);
|
||||
for (i = 0; i < size; i++) {
|
||||
name = OBJ_nid2sn(curves[i].nid);
|
||||
if (name != NULL) {
|
||||
lua_pushstring(L, name);
|
||||
lua_pushnumber(L, curves[i].nid);
|
||||
lua_rawset(L, -3);
|
||||
}
|
||||
}
|
||||
free(curves);
|
||||
}
|
||||
|
||||
lua_rawset(L, LUA_REGISTRYINDEX);
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
void lsec_load_curves(lua_State *L)
|
||||
{
|
||||
// do nothing
|
||||
}
|
||||
|
||||
#endif
|
58
src/ec.h
58
src/ec.h
@ -7,58 +7,14 @@
|
||||
#ifndef LSEC_EC_H
|
||||
#define LSEC_EC_H
|
||||
|
||||
#include <openssl/objects.h>
|
||||
#include <lua.h>
|
||||
|
||||
typedef struct t_ec_ {
|
||||
char *name;
|
||||
int nid;
|
||||
} t_ec;
|
||||
typedef t_ec* p_ec;
|
||||
#ifndef OPENSSL_NO_ECDH
|
||||
#include <openssl/ec.h>
|
||||
|
||||
/* Elliptic curves supported */
|
||||
static t_ec curves[] = {
|
||||
/* SECG */
|
||||
{"secp112r1", NID_secp112r1},
|
||||
{"secp112r2", NID_secp112r2},
|
||||
{"secp128r1", NID_secp128r1},
|
||||
{"secp128r2", NID_secp128r2},
|
||||
{"secp160k1", NID_secp160k1},
|
||||
{"secp160r1", NID_secp160r1},
|
||||
{"secp160r2", NID_secp160r2},
|
||||
{"secp192k1", NID_secp192k1},
|
||||
{"secp224k1", NID_secp224k1},
|
||||
{"secp224r1", NID_secp224r1},
|
||||
{"secp256k1", NID_secp256k1},
|
||||
{"secp384r1", NID_secp384r1},
|
||||
{"secp521r1", NID_secp521r1},
|
||||
{"sect113r1", NID_sect113r1},
|
||||
{"sect113r2", NID_sect113r2},
|
||||
{"sect131r1", NID_sect131r1},
|
||||
{"sect131r2", NID_sect131r2},
|
||||
{"sect163k1", NID_sect163k1},
|
||||
{"sect163r1", NID_sect163r1},
|
||||
{"sect163r2", NID_sect163r2},
|
||||
{"sect193r1", NID_sect193r1},
|
||||
{"sect193r2", NID_sect193r2},
|
||||
{"sect233k1", NID_sect233k1},
|
||||
{"sect233r1", NID_sect233r1},
|
||||
{"sect239k1", NID_sect239k1},
|
||||
{"sect283k1", NID_sect283k1},
|
||||
{"sect283r1", NID_sect283r1},
|
||||
{"sect409k1", NID_sect409k1},
|
||||
{"sect409r1", NID_sect409r1},
|
||||
{"sect571k1", NID_sect571k1},
|
||||
{"sect571r1", NID_sect571r1},
|
||||
/* ANSI X9.62 */
|
||||
{"prime192v1", NID_X9_62_prime192v1},
|
||||
{"prime192v2", NID_X9_62_prime192v2},
|
||||
{"prime192v3", NID_X9_62_prime192v3},
|
||||
{"prime239v1", NID_X9_62_prime239v1},
|
||||
{"prime239v2", NID_X9_62_prime239v2},
|
||||
{"prime239v3", NID_X9_62_prime239v3},
|
||||
{"prime256v1", NID_X9_62_prime256v1},
|
||||
/* End */
|
||||
{NULL, 0U}
|
||||
};
|
||||
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
|
||||
#endif
|
||||
|
||||
void lsec_load_curves(lua_State *L);
|
||||
|
||||
#endif
|
||||
|
@ -15,7 +15,7 @@
|
||||
#include <luasocket/timeout.h>
|
||||
#include <luasocket/socket.h>
|
||||
|
||||
#include "config.h"
|
||||
#include "compat.h"
|
||||
#include "context.h"
|
||||
|
||||
#define LSEC_STATE_NEW 1
|
||||
|
@ -12,7 +12,7 @@
|
||||
#include <openssl/x509v3.h>
|
||||
#include <lua.h>
|
||||
|
||||
#include "config.h"
|
||||
#include "compat.h"
|
||||
|
||||
/* We do not support UniversalString nor BMPString as ASN.1 String types */
|
||||
enum { LSEC_AI5_STRING, LSEC_UTF8_STRING };
|
||||
|
Loading…
Reference in New Issue
Block a user