From fc757e1fd05eda125685a2fd059021a06c94200a Mon Sep 17 00:00:00 2001
From: Bruno Silvestre <brunoos@inf.ufg.br>
Date: Fri, 16 Jun 2017 21:03:10 -0300
Subject: [PATCH] Discover curves dynamically

---
 src/Makefile               | 12 ++++----
 src/{config.h => compat.h} |  4 +--
 src/context.c              | 16 ++---------
 src/context.h              |  2 +-
 src/ec.c                   | 57 +++++++++++++++++++++++++++++++++++++
 src/ec.h                   | 58 +++++---------------------------------
 src/ssl.h                  |  2 +-
 src/x509.h                 |  2 +-
 8 files changed, 79 insertions(+), 74 deletions(-)
 rename src/{config.h => compat.h} (93%)
 create mode 100644 src/ec.c

diff --git a/src/Makefile b/src/Makefile
index 31ebb6d..920dda6 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -2,9 +2,10 @@ CMOD=ssl.so
 LMOD=ssl.lua
 
 OBJS= \
- x509.o \
+ x509.o    \
  context.o \
- ssl.o
+ ssl.o     \
+ ec.o
 
 LIBS=-lssl -lcrypto -lluasocket
 
@@ -55,6 +56,7 @@ clean:
 	cd luasocket && $(MAKE) clean
 	rm -f $(OBJS) $(CMOD)
 
-x509.o: x509.c x509.h config.h
-context.o: context.c context.h ec.h config.h
-ssl.o: ssl.c ssl.h context.h x509.h config.h
+x509.o: x509.c x509.h compat.h
+context.o: context.c context.h ec.h compat.h
+ssl.o: ssl.c ssl.h context.h x509.h compat.h
+ec.o: ec.c ec.h
diff --git a/src/config.h b/src/compat.h
similarity index 93%
rename from src/config.h
rename to src/compat.h
index 535a85e..e3b6f3b 100644
--- a/src/config.h
+++ b/src/compat.h
@@ -4,8 +4,8 @@
  *
  *--------------------------------------------------------------------------*/
 
-#ifndef LSEC_CONFIG_H
-#define LSEC_CONFIG_H
+#ifndef LSEC_COMPAT_H
+#define LSEC_COMPAT_H
 
 #if defined(_WIN32)
 #define LSEC_API __declspec(dllexport) 
diff --git a/src/context.c b/src/context.c
index 043bebf..88229ab 100644
--- a/src/context.c
+++ b/src/context.c
@@ -300,18 +300,6 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
   return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
 }
 
-#ifndef OPENSSL_NO_ECDH
-static EC_KEY *find_ec_key(const char *str)
-{
-  p_ec ptr;
-  for (ptr = curves; ptr->name; ptr++) {
-    if (!strcmp(str, ptr->name))
-      return EC_KEY_new_by_curve_name(ptr->nid);
-  }
-  return NULL;
-}
-#endif
-
 /*------------------------------ Lua Functions -------------------------------*/
 
 /**
@@ -592,7 +580,7 @@ static int set_curve(lua_State *L)
   return 1;
 
 #else /* !defined(SSL_CTRL_SET_CURVES_LIST) */
-  EC_KEY *key = find_ec_key(str);
+  EC_KEY *key = lsec_find_ec_key(L, str);
 
   if (!key) {
     lua_pushboolean(L, 0);
@@ -789,6 +777,8 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
   luaL_newlib(L, meta_index);
   lua_setfield(L, -2, "__index");
 
+  lsec_load_curves(L);
+
   /* Return the module */
   luaL_newlib(L, funcs);
 
diff --git a/src/context.h b/src/context.h
index 4b92ffe..d440f2c 100644
--- a/src/context.h
+++ b/src/context.h
@@ -10,7 +10,7 @@
 #include <lua.h>
 #include <openssl/ssl.h>
 
-#include "config.h"
+#include "compat.h"
 
 #define LSEC_MODE_INVALID 0
 #define LSEC_MODE_SERVER  1
diff --git a/src/ec.c b/src/ec.c
new file mode 100644
index 0000000..3f53494
--- /dev/null
+++ b/src/ec.c
@@ -0,0 +1,57 @@
+#include <openssl/objects.h>
+
+#include "ec.h"
+
+#ifndef OPENSSL_NO_ECDH
+
+EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
+{
+  int nid;
+  lua_pushstring(L, "SSL:EC:CURVES");
+  lua_rawget(L, LUA_REGISTRYINDEX);
+  lua_pushstring(L, str);
+  lua_rawget(L, -2);
+
+  if (!lua_isnumber(L, -1))
+    return NULL;
+
+  nid = (int)lua_tonumber(L, -1);
+  return EC_KEY_new_by_curve_name(nid);
+}
+
+void lsec_load_curves(lua_State *L)
+{
+  size_t i;
+  size_t size;
+  const char *name;
+  EC_builtin_curve *curves = NULL;
+
+  lua_pushstring(L, "SSL:EC:CURVES");
+  lua_newtable(L);
+
+  size = EC_get_builtin_curves(NULL, 0);
+  if (size > 0) {
+    curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
+    EC_get_builtin_curves(curves, size);
+    for (i = 0; i < size; i++) {
+      name = OBJ_nid2sn(curves[i].nid);
+      if (name != NULL) {
+        lua_pushstring(L, name);
+        lua_pushnumber(L, curves[i].nid);
+        lua_rawset(L, -3);
+      }
+    }
+    free(curves);
+  }
+
+  lua_rawset(L,  LUA_REGISTRYINDEX);
+}
+
+#else
+
+void lsec_load_curves(lua_State *L)
+{
+  // do nothing
+}
+
+#endif
diff --git a/src/ec.h b/src/ec.h
index ea9c7ee..6453adb 100644
--- a/src/ec.h
+++ b/src/ec.h
@@ -7,58 +7,14 @@
 #ifndef LSEC_EC_H
 #define LSEC_EC_H
 
-#include <openssl/objects.h>
+#include <lua.h>
 
-typedef struct t_ec_ {
-  char *name;
-  int nid;
-} t_ec;
-typedef t_ec* p_ec;
+#ifndef OPENSSL_NO_ECDH
+#include <openssl/ec.h>
 
-/* Elliptic curves supported */
-static t_ec curves[] = {
-  /* SECG */
-  {"secp112r1", NID_secp112r1},
-  {"secp112r2", NID_secp112r2},
-  {"secp128r1", NID_secp128r1},
-  {"secp128r2", NID_secp128r2},
-  {"secp160k1", NID_secp160k1},
-  {"secp160r1", NID_secp160r1},
-  {"secp160r2", NID_secp160r2},
-  {"secp192k1", NID_secp192k1},
-  {"secp224k1", NID_secp224k1},
-  {"secp224r1", NID_secp224r1},
-  {"secp256k1", NID_secp256k1},
-  {"secp384r1", NID_secp384r1},
-  {"secp521r1", NID_secp521r1},
-  {"sect113r1", NID_sect113r1},
-  {"sect113r2", NID_sect113r2},
-  {"sect131r1", NID_sect131r1},
-  {"sect131r2", NID_sect131r2},
-  {"sect163k1", NID_sect163k1},
-  {"sect163r1", NID_sect163r1},
-  {"sect163r2", NID_sect163r2},
-  {"sect193r1", NID_sect193r1},
-  {"sect193r2", NID_sect193r2},
-  {"sect233k1", NID_sect233k1},
-  {"sect233r1", NID_sect233r1},
-  {"sect239k1", NID_sect239k1},
-  {"sect283k1", NID_sect283k1},
-  {"sect283r1", NID_sect283r1},
-  {"sect409k1", NID_sect409k1},
-  {"sect409r1", NID_sect409r1},
-  {"sect571k1", NID_sect571k1},
-  {"sect571r1", NID_sect571r1},
-  /* ANSI X9.62 */
-  {"prime192v1", NID_X9_62_prime192v1},
-  {"prime192v2", NID_X9_62_prime192v2},
-  {"prime192v3", NID_X9_62_prime192v3},
-  {"prime239v1", NID_X9_62_prime239v1},
-  {"prime239v2", NID_X9_62_prime239v2},
-  {"prime239v3", NID_X9_62_prime239v3},
-  {"prime256v1", NID_X9_62_prime256v1},
-  /* End */
-  {NULL,        0U}
-};
+EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
+#endif
+
+void lsec_load_curves(lua_State *L);
 
 #endif
diff --git a/src/ssl.h b/src/ssl.h
index fb0ebdc..12a2a03 100644
--- a/src/ssl.h
+++ b/src/ssl.h
@@ -15,7 +15,7 @@
 #include <luasocket/timeout.h>
 #include <luasocket/socket.h>
 
-#include "config.h"
+#include "compat.h"
 #include "context.h"
 
 #define LSEC_STATE_NEW       1
diff --git a/src/x509.h b/src/x509.h
index cced0e5..302ab1c 100644
--- a/src/x509.h
+++ b/src/x509.h
@@ -12,7 +12,7 @@
 #include <openssl/x509v3.h>
 #include <lua.h>
 
-#include "config.h"
+#include "compat.h"
 
 /* We do not support UniversalString nor BMPString as ASN.1 String types */
 enum { LSEC_AI5_STRING, LSEC_UTF8_STRING };