Discover curves dynamically

src/Makefile

@@ -4,7 +4,8 @@ LMOD=ssl.lua
 OBJS= \
  x509.o    \
  context.o \
- ssl.o
+ ssl.o     \
+ ec.o
 
 LIBS=-lssl -lcrypto -lluasocket
 
@@ -55,6 +56,7 @@ clean:
 	cd luasocket && $(MAKE) clean
 	rm -f $(OBJS) $(CMOD)
 
-x509.o: x509.c x509.h config.h
+x509.o: x509.c x509.h compat.h
-context.o: context.c context.h ec.h config.h
+context.o: context.c context.h ec.h compat.h
-ssl.o: ssl.c ssl.h context.h x509.h config.h
+ssl.o: ssl.c ssl.h context.h x509.h compat.h
+ec.o: ec.c ec.h

src/compat.h

@@ -4,8 +4,8 @@
  *
  *--------------------------------------------------------------------------*/
 
-#ifndef LSEC_CONFIG_H
+#ifndef LSEC_COMPAT_H
-#define LSEC_CONFIG_H
+#define LSEC_COMPAT_H
 
 #if defined(_WIN32)
 #define LSEC_API __declspec(dllexport) 

src/context.c

@@ -300,18 +300,6 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
   return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
 }
 
-#ifndef OPENSSL_NO_ECDH
-static EC_KEY *find_ec_key(const char *str)
-{
-  p_ec ptr;
-  for (ptr = curves; ptr->name; ptr++) {
-    if (!strcmp(str, ptr->name))
-      return EC_KEY_new_by_curve_name(ptr->nid);
-  }
-  return NULL;
-}
-#endif
-
 /*------------------------------ Lua Functions -------------------------------*/
 
 /**
@@ -592,7 +580,7 @@ static int set_curve(lua_State *L)
   return 1;
 
 #else /* !defined(SSL_CTRL_SET_CURVES_LIST) */
-  EC_KEY *key = find_ec_key(str);
+  EC_KEY *key = lsec_find_ec_key(L, str);
 
   if (!key) {
     lua_pushboolean(L, 0);
@@ -789,6 +777,8 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
   luaL_newlib(L, meta_index);
   lua_setfield(L, -2, "__index");
 
+  lsec_load_curves(L);
+
   /* Return the module */
   luaL_newlib(L, funcs);
 

src/context.h

@@ -10,7 +10,7 @@
 #include <lua.h>
 #include <openssl/ssl.h>
 
-#include "config.h"
+#include "compat.h"
 
 #define LSEC_MODE_INVALID 0
 #define LSEC_MODE_SERVER  1

src/ec.c

@@ -0,0 +1,57 @@
+#include <openssl/objects.h>
+
+#include "ec.h"
+
+#ifndef OPENSSL_NO_ECDH
+
+EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
+{
+  int nid;
+  lua_pushstring(L, "SSL:EC:CURVES");
+  lua_rawget(L, LUA_REGISTRYINDEX);
+  lua_pushstring(L, str);
+  lua_rawget(L, -2);
+
+  if (!lua_isnumber(L, -1))
+    return NULL;
+
+  nid = (int)lua_tonumber(L, -1);
+  return EC_KEY_new_by_curve_name(nid);
+}
+
+void lsec_load_curves(lua_State *L)
+{
+  size_t i;
+  size_t size;
+  const char *name;
+  EC_builtin_curve *curves = NULL;
+
+  lua_pushstring(L, "SSL:EC:CURVES");
+  lua_newtable(L);
+
+  size = EC_get_builtin_curves(NULL, 0);
+  if (size > 0) {
+    curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
+    EC_get_builtin_curves(curves, size);
+    for (i = 0; i < size; i++) {
+      name = OBJ_nid2sn(curves[i].nid);
+      if (name != NULL) {
+        lua_pushstring(L, name);
+        lua_pushnumber(L, curves[i].nid);
+        lua_rawset(L, -3);
+      }
+    }
+    free(curves);
+  }
+
+  lua_rawset(L,  LUA_REGISTRYINDEX);
+}
+
+#else
+
+void lsec_load_curves(lua_State *L)
+{
+  // do nothing
+}
+
+#endif

src/ec.h

@@ -7,58 +7,14 @@
 #ifndef LSEC_EC_H
 #define LSEC_EC_H
 
-#include <openssl/objects.h>
+#include <lua.h>
 
-typedef struct t_ec_ {
+#ifndef OPENSSL_NO_ECDH
-  char *name;
+#include <openssl/ec.h>
-  int nid;
-} t_ec;
-typedef t_ec* p_ec;
 
-/* Elliptic curves supported */
+EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
-static t_ec curves[] = {
+#endif
-  /* SECG */
+
-  {"secp112r1", NID_secp112r1},
+void lsec_load_curves(lua_State *L);
-  {"secp112r2", NID_secp112r2},
-  {"secp128r1", NID_secp128r1},
-  {"secp128r2", NID_secp128r2},
-  {"secp160k1", NID_secp160k1},
-  {"secp160r1", NID_secp160r1},
-  {"secp160r2", NID_secp160r2},
-  {"secp192k1", NID_secp192k1},
-  {"secp224k1", NID_secp224k1},
-  {"secp224r1", NID_secp224r1},
-  {"secp256k1", NID_secp256k1},
-  {"secp384r1", NID_secp384r1},
-  {"secp521r1", NID_secp521r1},
-  {"sect113r1", NID_sect113r1},
-  {"sect113r2", NID_sect113r2},
-  {"sect131r1", NID_sect131r1},
-  {"sect131r2", NID_sect131r2},
-  {"sect163k1", NID_sect163k1},
-  {"sect163r1", NID_sect163r1},
-  {"sect163r2", NID_sect163r2},
-  {"sect193r1", NID_sect193r1},
-  {"sect193r2", NID_sect193r2},
-  {"sect233k1", NID_sect233k1},
-  {"sect233r1", NID_sect233r1},
-  {"sect239k1", NID_sect239k1},
-  {"sect283k1", NID_sect283k1},
-  {"sect283r1", NID_sect283r1},
-  {"sect409k1", NID_sect409k1},
-  {"sect409r1", NID_sect409r1},
-  {"sect571k1", NID_sect571k1},
-  {"sect571r1", NID_sect571r1},
-  /* ANSI X9.62 */
-  {"prime192v1", NID_X9_62_prime192v1},
-  {"prime192v2", NID_X9_62_prime192v2},
-  {"prime192v3", NID_X9_62_prime192v3},
-  {"prime239v1", NID_X9_62_prime239v1},
-  {"prime239v2", NID_X9_62_prime239v2},
-  {"prime239v3", NID_X9_62_prime239v3},
-  {"prime256v1", NID_X9_62_prime256v1},
-  /* End */
-  {NULL,        0U}
-};
 
 #endif

src/ssl.h

@@ -15,7 +15,7 @@
 #include <luasocket/timeout.h>
 #include <luasocket/socket.h>
 
-#include "config.h"
+#include "compat.h"
 #include "context.h"
 
 #define LSEC_STATE_NEW       1

src/x509.h

@@ -12,7 +12,7 @@
 #include <openssl/x509v3.h>
 #include <lua.h>
 
-#include "config.h"
+#include "compat.h"
 
 /* We do not support UniversalString nor BMPString as ASN.1 String types */
 enum { LSEC_AI5_STRING, LSEC_UTF8_STRING };