47 Commits

Author SHA1 Message Date
3a5a3f6959 Release LuaSec 0.7.2 2019-10-10 08:33:01 -03:00
3c1af04dfa Fix unexported 'ssl.config' table (#149)
Avoid duplicating variable 'ssl_options'.
2019-10-10 08:27:22 -03:00
866e55f1ee Update version number: 0.7 -> 0.7.1 2019-08-16 10:01:43 -03:00
8dafea410f Fix memory leak 2019-08-16 09:48:53 -03:00
de63f21f63 Change version number to 0.7 2018-06-27 10:36:26 -03:00
fbbaa866c3 Missing defines in rockspec 2017-12-21 12:33:47 -02:00
bd87aafaaf Using https instead of git protocol 2017-10-28 10:44:51 -02:00
be3c6d67e0 Make luaL_testudata() compat function visible for all files 2017-10-28 09:53:28 -02:00
2f562e1399 Put an error check back 2017-10-28 09:31:40 -02:00
7934e58b4b Merge pull request #99 from daurnimator/luaossl-integration
Allow passing a luaossl context for socket creation/wrapping
2017-10-28 09:23:07 -02:00
3a8d6e71c4 Removing some VC files 2017-10-11 20:42:54 -03:00
3d170e9f9d Add new source files to VC project, new libs name 2017-10-11 20:29:15 -03:00
ea6a65de84 Rockspec for LuaSec 0.7alpha 2017-09-26 18:24:16 -03:00
0d01b53461 Version number to 0.7alpha 2017-09-26 18:22:49 -03:00
8762441cd2 Add popular aliases for commonly used curves 2017-09-26 17:43:00 -03:00
60f02f7701 LuaJIT 2.1.0 added luaL_newlib() as extension 2017-09-26 17:39:32 -03:00
fe1fb0b350 Adding 'curveslist' parameter
LuaSec will try to set 'curveslist' parameter first.
If the parameter is not present or not supported, LuaSec will
try 'curve' parameter.
2017-08-04 17:00:12 -03:00
db42a5084a Export configuration (protocols, options, curves, algorithms, capabilities) 2017-06-16 22:53:59 -03:00
0b99832ec7 Export configuration (protocols, options, curves, algorithms, capabilities) 2017-06-16 22:50:27 -03:00
fc757e1fd0 Discover curves dynamically 2017-06-16 21:03:10 -03:00
64f11f515d Add example of luaossl integration
Based on 'info' sample
2017-04-04 13:07:48 +10:00
e90a264c93 Allow passing luaossl objects to meth_create() 2017-04-04 13:06:12 +10:00
5299803bef Merge pull request #77 from kekstee/master
Make CC and LD configurable
2017-03-31 15:11:17 -03:00
9c41eaf09a Merge pull request #74 from ka7/spelling
spelling fixes, as seen on lintian.debian.org
2017-03-31 14:50:19 -03:00
31b7a4744b Merge pull request #63 from gleydsonsoares/tweak-OPENSSL_NO_COMP
simplify OPENSSL_NO_COMP guard
2017-03-31 14:48:19 -03:00
d9e7c5d466 Merge pull request #92 from robert-scheck/utf8
Convert CHANGELOG from ISO-8859-1 to UTF-8
2017-03-31 14:46:22 -03:00
6b82fa6104 LuaRocks workaround 2017-03-31 14:40:09 -03:00
9f6d623ccb proper socket invalidation #70 2017-03-31 14:32:35 -03:00
67a2133e7d Merge pull request #47 from wmark/curve-negotiation
Add TLS curve negotiation. (closes #42)
2017-03-31 14:14:54 -03:00
622ef3d6a6 Enable curve negotiation with #ifdef SSL_CTX_set1_curves_list
One of currently three definitions in the wild that indicate support for
SSL_CTX_set1_curves_list().
2017-02-26 00:16:25 +01:00
231563682a Add support for the new curve selection API.
Signed-off-by: W-Mark Kubacki <wmark@hurrikane.de>
2017-02-26 00:16:24 +01:00
3ec117667d Convert CHANGELOG from ISO-8859-1 to UTF-8 2017-02-18 13:26:40 +01:00
98f8872743 Merge pull request #89 from greatwolf/sni_host
Fix for sni host issue #88 and #44. Thanks to @TomasB
2016-12-22 16:21:40 -02:00
77b88e0b0d Fix for sni host issue #88 and #44. Thanks to @TomasB 2016-12-15 16:46:59 -08:00
4889830d53 Compatibility with OpenSSL 1.1.0
Defining macros X509_up_ref() and SSL_is_server to use the same
API of OpenSSL 1.1.0.
2016-09-14 17:47:09 -03:00
80a527d630 Use EVP_PKEY_base_id() to recover the key's type 2016-09-13 13:30:44 -03:00
53db804b9d Use X509_EXTENSION_get_object() to get the 'object' field from extension 2016-09-13 13:22:25 -03:00
22e6652d88 ASN1_STRING_data() is deprecated in OpenSSL 1.1.0
ASN1_STRING_get0_data() must be used instead.
2016-09-13 13:09:18 -03:00
6bb007b75f Make CC and LD configurable 2016-08-13 23:24:11 +02:00
3cfdb878dd Merge pull request #76 from msva/patch-1
Return of DESTDIR support
2016-08-03 15:10:06 -03:00
4101af103e Return the number of data read and remove a useless line. 2016-08-03 14:56:07 -03:00
9efa963e35 Merge pull request #73 from perry-clarke/master
Fix crash after dohandshake() fails (need some adjusts yet)
2016-08-03 14:53:53 -03:00
4aa9ec3b60 Return of DESTDIR support 2016-07-24 02:01:21 +07:00
d45c03a1ad spelling fixes, as seen on lintian.debian.org 2016-07-11 21:57:50 +02:00
0f4eaf06e4 Merge pull request #1 from perry-clarke/perry-clarke-patch-1
Fix crash related to incorrect buffer size
2016-05-03 16:45:06 -07:00
5a98bb6adb Fix crash related to incorrect buffer size
The number of bytes received by ssl_recv() is being passed to luaL_addlstring() (in recvall()) but it was being left either uninitialized or being set to an error code.  The crashing case I found was when the state was not LSEC_STATE_CONNECTED (e.g. when dohandshake() has failed) and ssl_recv() returned immediately without setting "got".
2016-05-03 16:37:47 -07:00
27fbd70424 tweak OPENSSL_NO_COMP 2015-11-20 13:22:00 -03:00
41 changed files with 880 additions and 739 deletions

View File

@ -1,3 +1,32 @@
--------------------------------------------------------------------------------
LuaSec 0.7.2
---------------
This version includes:
* Fix unexported 'ssl.config' table
--------------------------------------------------------------------------------
LuaSec 0.7.1
---------------
This version includes:
* Fix general_name leak in cert:extensions()
--------------------------------------------------------------------------------
LuaSec 0.7
---------------
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
Documentation: https://github.com/brunoos/luasec/wiki
This version includes:
* Add support to OpenSSL 1.1.0
* Add support to elliptic curves list
* Add ssl.config that exports some OpenSSL information
* Add integration with luaossl
--------------------------------------------------------------------------------
LuaSec 0.6
------------
@ -35,7 +64,6 @@ This version includes:
--------------------------------------------------------------------------------
LuaSec 0.5
------------
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
@ -109,7 +137,7 @@ LuaSec 0.3
--------------------------------------------------------------------------------
LuaSec 0.2.1
------------
- 'key' and 'certificate' configurations become optional. (thanks Ren<EFBFBD> Rebe)
- 'key' and 'certificate' configurations become optional. (thanks René Rebe)
- Add '_VERSION' variable to module.
--------------------------------------------------------------------------------

View File

@ -1,14 +1,14 @@
LuaSec 0.6
LuaSec 0.7.2
------------
* OpenSSL options:
By default, LuaSec 0.6 includes options for OpenSSL 1.0.2f.
By default, this version includes options for OpenSSL 1.1.1.
If you need to generate the options for a different version of OpenSSL:
$ cd src
$ lua options.lua -g /usr/include/openssl/ssl.h > options.h
$ lua options.lua -g /usr/include/openssl/ssl.h > options.c
--------------------------------------------------------------------------------

View File

@ -1,5 +1,5 @@
LuaSec 0.6 license
Copyright (C) 2006-2015 Bruno Silvestre, UFG
LuaSec 0.7.2 license
Copyright (C) 2006-2019 Bruno Silvestre, UFG
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the

View File

@ -1,36 +1,6 @@
LuaSec 0.6
==========
LuaSec 0.7.2
===============
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
Documentation: https://github.com/brunoos/luasec/wiki
This version includes:
* Lua 5.2 and 5.3 compatibility
* Context module:
- Add ctx:checkkey()
* SSL module:
- Add conn:sni() and conn:getsniname()
* Context options:
- Add "any" protocol ("sslv23" is deprecated)
* HTTPS module:
- Using "any" protocol without SSLv2/SSLv3, by default
* X509 module:
- Human readable IP address
- Add cert:issued()
- Add cert:pubkey()
* Some bug fixes
********************************************************************************
PS: 10th anniversary! Thanks to everyone who collaborate with LuaSec.
********************************************************************************

View File

@ -1,8 +1,8 @@
package = "LuaSec"
version = "0.6-1"
version = "0.7.2-1"
source = {
url = "git://github.com/brunoos/luasec.git",
tag = "luasec-0.6"
url = "https://github.com/brunoos/luasec/archive/luasec-0.7.2.tar.gz",
dir = "luasec-luasec-0.7.2"
}
description = {
summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
@ -45,6 +45,9 @@ build = {
},
modules = {
ssl = {
defines = {
"WITH_LUASOCKET", "LUASOCKET_DEBUG",
},
incdirs = {
"$(OPENSSL_INCDIR)", "src/", "src/luasocket",
},
@ -55,6 +58,7 @@ build = {
"ssl", "crypto"
},
sources = {
"src/options.c", "src/config.c", "src/ec.c",
"src/x509.c", "src/context.c", "src/ssl.c",
"src/luasocket/buffer.c", "src/luasocket/io.c",
"src/luasocket/timeout.c", "src/luasocket/usocket.c"
@ -75,6 +79,7 @@ build = {
ssl = {
defines = {
"WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)",
"WITH_LUASOCKET", "LUASOCKET_DEBUG",
"LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300"
},
libdirs = {
@ -82,32 +87,18 @@ build = {
"$(OPENSSL_BINDIR)",
},
libraries = {
"libeay32", "ssleay32", "ws2_32"
"libssl32MD", "libcrypto32MD", "ws2_32"
},
incdirs = {
"$(OPENSSL_INCDIR)", "src/", "src/luasocket"
},
sources = {
"src/options.c", "src/config.c", "src/ec.c",
"src/x509.c", "src/context.c", "src/ssl.c",
"src/luasocket/buffer.c", "src/luasocket/io.c",
"src/luasocket/timeout.c", "src/luasocket/wsocket.c"
}
}
},
patches = {
["luarocks_vs_compiler.patch"] = [[
--- a/src/ssl.c.orig
+++ b/src/ssl.c
@@ -844,3 +844,8 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
return 1;
}
+
+#if defined(_MSC_VER)
+/* Empty implementation to allow building with LuaRocks and MS compilers */
+LSEC_API int luaopen_ssl(lua_State *L) { return 0; }
+#endif
]]
}
}
}

Binary file not shown.

View File

@ -1,253 +0,0 @@
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9,00"
Name="luasec"
ProjectGUID="{A629932F-8819-4C0B-8835-CBF1FEED6376}"
Keyword="Win32Proj"
TargetFrameworkVersion="131072"
>
<Platforms>
<Platform
Name="Win32"
/>
</Platforms>
<ToolFiles>
</ToolFiles>
<Configurations>
<Configuration
Name="Debug|Win32"
OutputDirectory="Debug"
IntermediateDirectory="Debug"
ConfigurationType="2"
InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="3"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="4"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="ws2_32.lib libeay32MDd.lib ssleay32MDd.lib lua5.1.lib"
OutputFile="$(OutDir)/ssl.dll"
LinkIncremental="2"
AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
GenerateDebugInformation="true"
ProgramDatabaseFile="$(OutDir)/luasec.pdb"
SubSystem="2"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
ImportLibrary="$(OutDir)/ssl.lib"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
<Configuration
Name="Release|Win32"
OutputDirectory="Release"
IntermediateDirectory="Release"
ConfigurationType="2"
InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
CharacterSet="2"
>
<Tool
Name="VCPreBuildEventTool"
/>
<Tool
Name="VCCustomBuildTool"
/>
<Tool
Name="VCXMLDataGeneratorTool"
/>
<Tool
Name="VCWebServiceProxyGeneratorTool"
/>
<Tool
Name="VCMIDLTool"
/>
<Tool
Name="VCCLCompilerTool"
AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;BUFFER_DEBUG"
RuntimeLibrary="2"
UsePrecompiledHeader="0"
WarningLevel="3"
DebugInformationFormat="3"
/>
<Tool
Name="VCManagedResourceCompilerTool"
/>
<Tool
Name="VCResourceCompilerTool"
/>
<Tool
Name="VCPreLinkEventTool"
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="ws2_32.lib libeay32MD.lib ssleay32MD.lib lua5.1.lib"
OutputFile="$(OutDir)/ssl.dll"
LinkIncremental="1"
AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9\lib"
GenerateDebugInformation="true"
SubSystem="2"
OptimizeReferences="2"
EnableCOMDATFolding="2"
RandomizedBaseAddress="1"
DataExecutionPrevention="0"
ImportLibrary="$(OutDir)/ssl.lib"
TargetMachine="1"
/>
<Tool
Name="VCALinkTool"
/>
<Tool
Name="VCManifestTool"
/>
<Tool
Name="VCXDCMakeTool"
/>
<Tool
Name="VCBscMakeTool"
/>
<Tool
Name="VCFxCopTool"
/>
<Tool
Name="VCAppVerifierTool"
/>
<Tool
Name="VCPostBuildEventTool"
/>
</Configuration>
</Configurations>
<References>
</References>
<Files>
<Filter
Name="Source Files"
Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
>
<File
RelativePath=".\src\buffer.c"
>
</File>
<File
RelativePath=".\src\context.c"
>
</File>
<File
RelativePath=".\src\io.c"
>
</File>
<File
RelativePath=".\src\ssl.c"
>
</File>
<File
RelativePath=".\src\timeout.c"
>
</File>
<File
RelativePath=".\src\wsocket.c"
>
</File>
</Filter>
<Filter
Name="Header Files"
Filter="h;hpp;hxx;hm;inl;inc;xsd"
UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
>
<File
RelativePath=".\src\buffer.h"
>
</File>
<File
RelativePath=".\src\context.h"
>
</File>
<File
RelativePath=".\src\io.h"
>
</File>
<File
RelativePath=".\src\socket.h"
>
</File>
<File
RelativePath=".\src\ssl.h"
>
</File>
<File
RelativePath=".\src\timeout.h"
>
</File>
<File
RelativePath=".\src\wsocket.h"
>
</File>
</Filter>
<Filter
Name="Resource Files"
Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx"
UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
>
</Filter>
</Files>
<Globals>
</Globals>
</VisualStudioProject>

View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
@ -18,10 +18,12 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v140</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<PlatformToolset>v140</PlatformToolset>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@ -74,7 +76,7 @@
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua5.2\include;.\src;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AdditionalIncludeDirectories>C:\devel\openssl-1.1.0\include;C:\devel\lua-5.1\include;.\src;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASOCKET_DEBUG;WITH_LUASOCKET;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<PrecompiledHeader>
@ -83,9 +85,9 @@
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libeay32MD.lib;ssleay32MD.lib;lua52.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ws2_32.lib;libssl32MD.lib;libcrypto32MD.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua5.2\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<OptimizeReferences>true</OptimizeReferences>
@ -98,15 +100,19 @@
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="src\config.c" />
<ClCompile Include="src\context.c" />
<ClCompile Include="src\ec.c" />
<ClCompile Include="src\luasocket\buffer.c" />
<ClCompile Include="src\luasocket\io.c" />
<ClCompile Include="src\luasocket\timeout.c" />
<ClCompile Include="src\luasocket\wsocket.c" />
<ClCompile Include="src\options.c" />
<ClCompile Include="src\ssl.c" />
<ClCompile Include="src\x509.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="src\compat.h" />
<ClInclude Include="src\config.h" />
<ClInclude Include="src\context.h" />
<ClInclude Include="src\ec.h" />

View File

@ -1,75 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="src\x509.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\context.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\ssl.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\luasocket\wsocket.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\luasocket\buffer.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\luasocket\io.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\luasocket\timeout.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="src\x509.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\config.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\context.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\ec.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\options.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\ssl.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\wsocket.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\buffer.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\io.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\socket.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\timeout.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

View File

@ -17,7 +17,7 @@ Directories:
Elliptic curve cipher.
* info
Informations about the connection.
Information about the connection.
* key
Test encrypted private key.

View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret

View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret

View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret

View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret

View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret

View File

@ -50,7 +50,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
@ -102,7 +102,7 @@ default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret

View File

@ -0,0 +1,28 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "any",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all"},
--
curve = "P-256:P-384",
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

View File

@ -0,0 +1,37 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all"},
--
curve = "P-384:P-256:P-521",
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
peer:send("oneshot with curve negotiation test\n")
peer:close()

View File

@ -0,0 +1,40 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local pkey = require "openssl.pkey"
local ssl_context = require "openssl.ssl.context"
local x509 = require "openssl.x509"
local x509_store = require "openssl.x509.store"
local function read_file(path)
local file, err, errno = io.open(path, "rb")
if not file then
return nil, err, errno
end
local contents
contents, err, errno = file:read "*a"
file:close()
return contents, err, errno
end
local ctx = ssl_context.new("TLSv1_2", false)
ctx:setPrivateKey(pkey.new(assert(read_file("../certs/clientAkey.pem"))))
ctx:setCertificate(x509.new(assert(read_file("../certs/clientA.pem"))))
local store = x509_store.new()
store:add("../certs/rootA.pem")
ctx:setStore(store)
ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

View File

@ -0,0 +1,58 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local pkey = require "openssl.pkey"
local ssl_context = require "openssl.ssl.context"
local x509 = require "openssl.x509"
local x509_store = require "openssl.x509.store"
local function read_file(path)
local file, err, errno = io.open(path, "rb")
if not file then
return nil, err, errno
end
local contents
contents, err, errno = file:read "*a"
file:close()
return contents, err, errno
end
local ctx = ssl_context.new("TLSv1_2", true)
ctx:setPrivateKey(pkey.new(assert(read_file("../certs/serverAkey.pem"))))
ctx:setCertificate(x509.new(assert(read_file("../certs/serverA.pem"))))
local store = x509_store.new()
store:add("../certs/rootA.pem")
ctx:setStore(store)
ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
-- Before handshake: nil
print( peer:info() )
assert( peer:dohandshake() )
--]]
print("---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
print("-> Compression", peer:info("compression"))
peer:send("oneshot test\n")
peer:close()

View File

@ -2,9 +2,12 @@ CMOD=ssl.so
LMOD=ssl.lua
OBJS= \
x509.o \
options.o \
x509.o \
context.o \
ssl.o
ssl.o \
config.o \
ec.o
LIBS=-lssl -lcrypto -lluasocket
@ -21,8 +24,8 @@ MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
INSTALL = install
CC = cc
LD = $(MYENV) cc
CC ?= cc
LD ?= $(MYENV) cc
CFLAGS += $(MYCFLAGS)
LDFLAGS += $(MYLDFLAGS)
@ -31,10 +34,10 @@ LDFLAGS += $(MYLDFLAGS)
all:
install: $(CMOD) $(LMOD)
$(INSTALL) -d $(LUAPATH)/ssl $(LUACPATH)
$(INSTALL) $(CMOD) $(LUACPATH)
$(INSTALL) -m644 $(LMOD) $(LUAPATH)
$(INSTALL) -m644 https.lua $(LUAPATH)/ssl
$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
$(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
$(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
$(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
linux:
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
@ -55,6 +58,9 @@ clean:
cd luasocket && $(MAKE) clean
rm -f $(OBJS) $(CMOD)
x509.o: x509.c x509.h config.h
context.o: context.c context.h ec.h config.h
ssl.o: ssl.c ssl.h context.h x509.h config.h
options.o: options.h options.c
ec.o: ec.c ec.h
x509.o: x509.c x509.h compat.h
context.o: context.c context.h ec.h compat.h
ssl.o: ssl.c ssl.h context.h x509.h compat.h
config.o: config.c ec.h options.h compat.h

View File

@ -1,11 +1,12 @@
/*--------------------------------------------------------------------------
* LuaSec 0.6
* Copyright (C) 2006-2016 Bruno Silvestre
* LuaSec 0.7.2
*
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#ifndef LSEC_CONFIG_H
#define LSEC_CONFIG_H
#ifndef LSEC_COMPAT_H
#define LSEC_COMPAT_H
#if defined(_WIN32)
#define LSEC_API __declspec(dllexport)
@ -14,9 +15,15 @@
#endif
#if (LUA_VERSION_NUM == 501)
#define luaL_testudata(L, ud, tname) lsec_testudata(L, ud, tname)
#define setfuncs(L, R) luaL_register(L, NULL, R)
#define lua_rawlen(L, i) lua_objlen(L, i)
#ifndef luaL_newlib
#define luaL_newlib(L, R) do { lua_newtable(L); luaL_register(L, NULL, R); } while(0)
#endif
#else
#define setfuncs(L, R) luaL_setfuncs(L, R, 0)
#endif

88
src/config.c Normal file
View File

@ -0,0 +1,88 @@
/*--------------------------------------------------------------------------
* LuaSec 0.7.2
*
* Copyright (C) 2006-2019 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
#include "compat.h"
#include "options.h"
#include "ec.h"
/**
* Registre the module.
*/
LSEC_API int luaopen_ssl_config(lua_State *L)
{
lsec_ssl_option_t *opt;
lua_newtable(L);
// Options
lua_pushstring(L, "options");
lua_newtable(L);
for (opt = lsec_get_ssl_options(); opt->name; opt++) {
lua_pushstring(L, opt->name);
lua_pushboolean(L, 1);
lua_rawset(L, -3);
}
lua_rawset(L, -3);
// Protocols
lua_pushstring(L, "protocols");
lua_newtable(L);
#ifndef OPENSSL_NO_SSL3
lua_pushstring(L, "sslv3");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
lua_pushstring(L, "tlsv1");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
lua_pushstring(L, "tlsv1_1");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
lua_pushstring(L, "tlsv1_2");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
lua_rawset(L, -3);
// Algorithms
lua_pushstring(L, "algorithms");
lua_newtable(L);
#ifndef OPENSSL_NO_EC
lua_pushstring(L, "ec");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
lua_rawset(L, -3);
// Curves
lua_pushstring(L, "curves");
lsec_get_curves(L);
lua_rawset(L, -3);
// Capabilities
lua_pushstring(L, "capabilities");
lua_newtable(L);
#ifndef OPENSSL_NO_EC
#if defined(SSL_CTRL_SET_ECDH_AUTO) || defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list)
lua_pushstring(L, "curves_list");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#ifdef SSL_CTRL_SET_ECDH_AUTO
lua_pushstring(L, "ecdh_auto");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
#endif
#endif
lua_rawset(L, -3);
return 1;
}

View File

@ -1,9 +1,9 @@
/*--------------------------------------------------------------------------
* LuaSec 0.6
* LuaSec 0.7.2
*
* Copyright (C) 2014-2016 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Matthew Wild.
* Copyright (C) 2006-2016 Bruno Silvestre.
* Copyright (C) 2006-2019 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -24,7 +24,7 @@
#include "context.h"
#include "options.h"
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
#include "ec.h"
#endif
@ -35,32 +35,6 @@ typedef const SSL_METHOD LSEC_SSL_METHOD;
typedef SSL_METHOD LSEC_SSL_METHOD;
#endif
#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
#define SSLv23_method() TLS_method()
#endif
/*-- Compat - Lua 5.1 --------------------------------------------------------*/
#if (LUA_VERSION_NUM == 501)
#define luaL_testudata(L, ud, tname) testudata(L, ud, tname)
static void *testudata (lua_State *L, int ud, const char *tname) {
void *p = lua_touserdata(L, ud);
if (p != NULL) { /* value is a userdata? */
if (lua_getmetatable(L, ud)) { /* does it have a metatable? */
luaL_getmetatable(L, tname); /* get correct metatable */
if (!lua_rawequal(L, -1, -2)) /* not the same? */
p = NULL; /* value is a userdata with wrong metatable */
lua_pop(L, 2); /* remove both metatables */
return p;
}
}
return NULL; /* value is not a userdata with a metatable */
}
#endif
/*--------------------------- Auxiliary Functions ----------------------------*/
/**
@ -81,8 +55,8 @@ static p_context testctx(lua_State *L, int idx)
*/
static int set_option_flag(const char *opt, unsigned long *flag)
{
ssl_option_t *p;
for (p = ssl_options; p->name; p++) {
lsec_ssl_option_t *p;
for (p = lsec_get_ssl_options(); p->name; p++) {
if (!strcmp(opt, p->name)) {
*flag |= p->code;
return 1;
@ -304,18 +278,6 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
}
#ifndef OPENSSL_NO_ECDH
static EC_KEY *find_ec_key(const char *str)
{
p_ec ptr;
for (ptr = curves; ptr->name; ptr++) {
if (!strcmp(str, ptr->name))
return EC_KEY_new_by_curve_name(ptr->nid);
}
return NULL;
}
#endif
/*------------------------------ Lua Functions -------------------------------*/
/**
@ -562,27 +524,23 @@ static int set_dhparam(lua_State *L)
return 0;
}
#if !defined(OPENSSL_NO_EC)
/**
* Set elliptic curve.
*/
#ifdef OPENSSL_NO_ECDH
static int set_curve(lua_State *L)
{
lua_pushboolean(L, 0);
lua_pushstring(L, "OpenSSL does not support ECDH");
return 2;
}
#else
static int set_curve(lua_State *L)
{
long ret;
SSL_CTX *ctx = lsec_checkcontext(L, 1);
const char *str = luaL_checkstring(L, 2);
EC_KEY *key = find_ec_key(str);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
EC_KEY *key = lsec_find_ec_key(L, str);
if (!key) {
lua_pushboolean(L, 0);
lua_pushfstring(L, "elliptic curve %s not supported", str);
lua_pushfstring(L, "elliptic curve '%s' not supported", str);
return 2;
}
@ -596,6 +554,33 @@ static int set_curve(lua_State *L)
ERR_reason_error_string(ERR_get_error()));
return 2;
}
lua_pushboolean(L, 1);
return 1;
}
#endif
#if !defined(OPENSSL_NO_EC) && (defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_ECDH_AUTO))
/**
* Set elliptic curves list.
*/
static int set_curves_list(lua_State *L)
{
SSL_CTX *ctx = lsec_checkcontext(L, 1);
const char *str = luaL_checkstring(L, 2);
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
if (SSL_CTX_set1_curves_list(ctx, str) != 1) {
lua_pushboolean(L, 0);
lua_pushfstring(L, "unknown elliptic curve in \"%s\"", str);
return 2;
}
#ifdef SSL_CTRL_SET_ECDH_AUTO
SSL_CTX_set_ecdh_auto(ctx, 1);
#endif
lua_pushboolean(L, 1);
return 1;
}
@ -613,10 +598,18 @@ static luaL_Reg funcs[] = {
{"setcipher", set_cipher},
{"setdepth", set_depth},
{"setdhparam", set_dhparam},
{"setcurve", set_curve},
{"setverify", set_verify},
{"setoptions", set_options},
{"setmode", set_mode},
#if !defined(OPENSSL_NO_EC)
{"setcurve", set_curve},
#endif
#if !defined(OPENSSL_NO_EC) && (defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_ECDH_AUTO))
{"setcurveslist", set_curves_list},
#endif
{NULL, NULL}
};
@ -758,6 +751,25 @@ int lsec_getmode(lua_State *L, int idx)
return ctx->mode;
}
/*-- Compat - Lua 5.1 --*/
#if (LUA_VERSION_NUM == 501)
void *lsec_testudata (lua_State *L, int ud, const char *tname) {
void *p = lua_touserdata(L, ud);
if (p != NULL) { /* value is a userdata? */
if (lua_getmetatable(L, ud)) { /* does it have a metatable? */
luaL_getmetatable(L, tname); /* get correct metatable */
if (!lua_rawequal(L, -1, -2)) /* not the same? */
p = NULL; /* value is a userdata with wrong metatable */
lua_pop(L, 2); /* remove both metatables */
return p;
}
}
return NULL; /* value is not a userdata with a metatable */
}
#endif
/*------------------------------ Initialization ------------------------------*/
/**
@ -774,6 +786,8 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
luaL_newlib(L, meta_index);
lua_setfield(L, -2, "__index");
lsec_load_curves(L);
/* Return the module */
luaL_newlib(L, funcs);

View File

@ -2,15 +2,16 @@
#define LSEC_CONTEXT_H
/*--------------------------------------------------------------------------
* LuaSec 0.6
* Copyright (C) 2006-2016 Bruno Silvestre
* LuaSec 0.7.2
*
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <lua.h>
#include <openssl/ssl.h>
#include "config.h"
#include "compat.h"
#define LSEC_MODE_INVALID 0
#define LSEC_MODE_SERVER 1
@ -37,4 +38,9 @@ int lsec_getmode(lua_State *L, int idx);
/* Registre the module. */
LSEC_API int luaopen_ssl_context(lua_State *L);
/* Compat - Lua 5.1 */
#if (LUA_VERSION_NUM == 501)
void *lsec_testudata (lua_State *L, int ud, const char *tname);
#endif
#endif

110
src/ec.c Normal file
View File

@ -0,0 +1,110 @@
#include <openssl/objects.h>
#include "ec.h"
#ifndef OPENSSL_NO_ECDH
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
{
int nid;
lua_pushstring(L, "SSL:EC:CURVES");
lua_rawget(L, LUA_REGISTRYINDEX);
lua_pushstring(L, str);
lua_rawget(L, -2);
if (!lua_isnumber(L, -1))
return NULL;
nid = (int)lua_tonumber(L, -1);
return EC_KEY_new_by_curve_name(nid);
}
void lsec_load_curves(lua_State *L)
{
size_t i;
size_t size;
const char *name;
EC_builtin_curve *curves = NULL;
lua_pushstring(L, "SSL:EC:CURVES");
lua_newtable(L);
size = EC_get_builtin_curves(NULL, 0);
if (size > 0) {
curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
EC_get_builtin_curves(curves, size);
for (i = 0; i < size; i++) {
name = OBJ_nid2sn(curves[i].nid);
if (name != NULL) {
lua_pushstring(L, name);
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
}
switch (curves[i].nid) {
case NID_X9_62_prime256v1:
lua_pushstring(L, "P-256");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
case NID_secp384r1:
lua_pushstring(L, "P-384");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
case NID_secp521r1:
lua_pushstring(L, "P-521");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
#ifdef NID_X25519
case NID_X25519:
lua_pushstring(L, "X25519");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
#endif
#ifdef NID_X448
case NID_X448:
lua_pushstring(L, "X448");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
#endif
}
}
free(curves);
}
lua_rawset(L, LUA_REGISTRYINDEX);
}
void lsec_get_curves(lua_State *L)
{
lua_newtable(L);
lua_pushstring(L, "SSL:EC:CURVES");
lua_rawget(L, LUA_REGISTRYINDEX);
lua_pushnil(L);
while (lua_next(L, -2) != 0) {
lua_pop(L, 1);
lua_pushvalue(L, -1);
lua_pushboolean(L, 1);
lua_rawset(L, -5);
}
lua_pop(L, 1);
}
#else
void lsec_load_curves(lua_State *L)
{
// do nothing
}
void lsec_get_curves(lua_State *L)
{
lua_newtable(L);
}
#endif

View File

@ -1,64 +1,22 @@
/*--------------------------------------------------------------------------
* LuaSec 0.6
* Copyright (C) 2006-2016 Bruno Silvestre
* LuaSec 0.7.2
*
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#ifndef LSEC_EC_H
#define LSEC_EC_H
#include <openssl/objects.h>
#include <lua.h>
typedef struct t_ec_ {
char *name;
int nid;
} t_ec;
typedef t_ec* p_ec;
#ifndef OPENSSL_NO_ECDH
#include <openssl/ec.h>
/* Elliptic curves supported */
static t_ec curves[] = {
/* SECG */
{"secp112r1", NID_secp112r1},
{"secp112r2", NID_secp112r2},
{"secp128r1", NID_secp128r1},
{"secp128r2", NID_secp128r2},
{"secp160k1", NID_secp160k1},
{"secp160r1", NID_secp160r1},
{"secp160r2", NID_secp160r2},
{"secp192k1", NID_secp192k1},
{"secp224k1", NID_secp224k1},
{"secp224r1", NID_secp224r1},
{"secp256k1", NID_secp256k1},
{"secp384r1", NID_secp384r1},
{"secp521r1", NID_secp521r1},
{"sect113r1", NID_sect113r1},
{"sect113r2", NID_sect113r2},
{"sect131r1", NID_sect131r1},
{"sect131r2", NID_sect131r2},
{"sect163k1", NID_sect163k1},
{"sect163r1", NID_sect163r1},
{"sect163r2", NID_sect163r2},
{"sect193r1", NID_sect193r1},
{"sect193r2", NID_sect193r2},
{"sect233k1", NID_sect233k1},
{"sect233r1", NID_sect233r1},
{"sect239k1", NID_sect239k1},
{"sect283k1", NID_sect283k1},
{"sect283r1", NID_sect283r1},
{"sect409k1", NID_sect409k1},
{"sect409r1", NID_sect409r1},
{"sect571k1", NID_sect571k1},
{"sect571r1", NID_sect571r1},
/* ANSI X9.62 */
{"prime192v1", NID_X9_62_prime192v1},
{"prime192v2", NID_X9_62_prime192v2},
{"prime192v3", NID_X9_62_prime192v3},
{"prime239v1", NID_X9_62_prime239v1},
{"prime239v2", NID_X9_62_prime239v2},
{"prime239v3", NID_X9_62_prime239v3},
{"prime256v1", NID_X9_62_prime256v1},
/* End */
{NULL, 0U}
};
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
#endif
void lsec_get_curves(lua_State *L);
void lsec_load_curves(lua_State *L);
#endif

View File

@ -1,6 +1,6 @@
----------------------------------------------------------------------------
-- LuaSec 0.6
-- Copyright (C) 2009-2016 PUC-Rio
-- LuaSec 0.7.2
-- Copyright (C) 2009-2019 PUC-Rio
--
-- Author: Pablo Musa
-- Author: Tomas Guisasola
@ -18,8 +18,8 @@ local try = socket.try
-- Module
--
local _M = {
_VERSION = "0.6",
_COPYRIGHT = "LuaSec 0.6 - Copyright (C) 2009-2016 PUC-Rio",
_VERSION = "0.7.2",
_COPYRIGHT = "LuaSec 0.7.2 - Copyright (C) 2009-2019 PUC-Rio",
PORT = 443,
}
@ -89,6 +89,7 @@ local function tcp(params)
function conn:connect(host, port)
try(self.sock:connect(host, port))
self.sock = try(ssl.wrap(self.sock, params))
self.sock:sni(host)
try(self.sock:dohandshake())
reg(self, getmetatable(self.sock))
return 1

View File

@ -135,7 +135,7 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
}
/* check if there was an error */
if (err != IO_DONE) {
/* we can't push anyting in the stack before pushing the
/* we can't push anything in the stack before pushing the
* contents of the buffer. this is the reason for the complication */
luaL_pushresult(&b);
lua_pushstring(L, buf->io->error(buf->io->ctx, err));

View File

@ -43,7 +43,7 @@ typedef int (*p_send) (
/* interface to recv function */
typedef int (*p_recv) (
void *ctx, /* context needed by recv */
char *data, /* pointer to buffer where data will be writen */
char *data, /* pointer to buffer where data will be written */
size_t count, /* number of bytes to receive into buffer */
size_t *got, /* number of bytes received uppon return */
p_timeout tm /* timeout control */

View File

@ -32,7 +32,7 @@
typedef struct sockaddr SA;
/*=========================================================================*\
* Functions bellow implement a comfortable platform independent
* Functions below implement a comfortable platform independent
* interface to sockets
\*=========================================================================*/
int socket_open(void);

View File

@ -9,7 +9,7 @@
/* timeout control structure */
typedef struct t_timeout_ {
double block; /* maximum time for blocking calls */
double total; /* total number of miliseconds for operation */
double total; /* total number of milliseconds for operation */
double start; /* time of start of operation */
} t_timeout;
typedef t_timeout *p_timeout;

View File

@ -40,7 +40,7 @@ int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
if (*ps >= FD_SETSIZE) return EINVAL;
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
do {
/* must set bits within loop, because select may have modifed them */
/* must set bits within loop, because select may have modified them */
rp = wp = NULL;
if (sw & WAITFD_R) { FD_ZERO(&rfds); FD_SET(*ps, &rfds); rp = &rfds; }
if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }

167
src/options.c Normal file
View File

@ -0,0 +1,167 @@
/*--------------------------------------------------------------------------
* LuaSec 0.7.2
*
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/ssl.h>
#include "options.h"
/* If you need to generate these options again, see options.lua */
/*
OpenSSL version: OpenSSL 1.1.1
*/
static lsec_ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
#endif
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
#endif
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
#endif
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
#endif
#if defined(SSL_OP_CISCO_ANYCONNECT)
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
#endif
#if defined(SSL_OP_COOKIE_EXCHANGE)
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
#endif
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
#endif
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
#endif
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
#endif
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
#endif
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NO_ANTI_REPLAY)
{"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
#endif
#if defined(SSL_OP_NO_COMPRESSION)
{"no_compression", SSL_OP_NO_COMPRESSION},
#endif
#if defined(SSL_OP_NO_DTLS_MASK)
{"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
#endif
#if defined(SSL_OP_NO_DTLSv1)
{"no_dtlsv1", SSL_OP_NO_DTLSv1},
#endif
#if defined(SSL_OP_NO_DTLSv1_2)
{"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
#endif
#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
{"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
#endif
#if defined(SSL_OP_NO_QUERY_MTU)
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
#endif
#if defined(SSL_OP_NO_RENEGOTIATION)
{"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SSL_MASK)
{"no_ssl_mask", SSL_OP_NO_SSL_MASK},
#endif
#if defined(SSL_OP_NO_SSLv2)
{"no_sslv2", SSL_OP_NO_SSLv2},
#endif
#if defined(SSL_OP_NO_SSLv3)
{"no_sslv3", SSL_OP_NO_SSLv3},
#endif
#if defined(SSL_OP_NO_TICKET)
{"no_ticket", SSL_OP_NO_TICKET},
#endif
#if defined(SSL_OP_NO_TLSv1)
{"no_tlsv1", SSL_OP_NO_TLSv1},
#endif
#if defined(SSL_OP_NO_TLSv1_1)
{"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
#endif
#if defined(SSL_OP_NO_TLSv1_2)
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
#endif
#if defined(SSL_OP_NO_TLSv1_3)
{"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_2)
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
#endif
#if defined(SSL_OP_PRIORITIZE_CHACHA)
{"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
#endif
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
#endif
#if defined(SSL_OP_SINGLE_DH_USE)
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
#endif
#if defined(SSL_OP_SINGLE_ECDH_USE)
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
#endif
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
#endif
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
#endif
#if defined(SSL_OP_TLSEXT_PADDING)
{"tlsext_padding", SSL_OP_TLSEXT_PADDING},
#endif
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
#endif
#if defined(SSL_OP_TLS_D5_BUG)
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
#endif
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
#endif
{NULL, 0L}
};
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
return ssl_options;
}

View File

@ -2,145 +2,21 @@
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 0.6
* Copyright (C) 2006-2016 Bruno Silvestre
* LuaSec 0.7.2
*
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/ssl.h>
#include "compat.h"
/* If you need to generate these options again, see options.lua */
/*
OpenSSL version: OpenSSL 1.0.2f
*/
struct ssl_option_s {
struct lsec_ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
#endif
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
#endif
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
#endif
#if defined(SSL_OP_CISCO_ANYCONNECT)
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
#endif
#if defined(SSL_OP_COOKIE_EXCHANGE)
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
#endif
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
#endif
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
#endif
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
#endif
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
#endif
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NO_COMPRESSION)
{"no_compression", SSL_OP_NO_COMPRESSION},
#endif
#if defined(SSL_OP_NO_DTLSv1)
{"no_dtlsv1", SSL_OP_NO_DTLSv1},
#endif
#if defined(SSL_OP_NO_DTLSv1_2)
{"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
#endif
#if defined(SSL_OP_NO_QUERY_MTU)
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
#endif
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SSL_MASK)
{"no_ssl_mask", SSL_OP_NO_SSL_MASK},
#endif
#if defined(SSL_OP_NO_SSLv2)
{"no_sslv2", SSL_OP_NO_SSLv2},
#endif
#if defined(SSL_OP_NO_SSLv3)
{"no_sslv3", SSL_OP_NO_SSLv3},
#endif
#if defined(SSL_OP_NO_TICKET)
{"no_ticket", SSL_OP_NO_TICKET},
#endif
#if defined(SSL_OP_NO_TLSv1)
{"no_tlsv1", SSL_OP_NO_TLSv1},
#endif
#if defined(SSL_OP_NO_TLSv1_1)
{"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
#endif
#if defined(SSL_OP_NO_TLSv1_2)
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_2)
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
#endif
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
#endif
#if defined(SSL_OP_SINGLE_DH_USE)
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
#endif
#if defined(SSL_OP_SINGLE_ECDH_USE)
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
#endif
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
#endif
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
#endif
#if defined(SSL_OP_TLSEXT_PADDING)
{"tlsext_padding", SSL_OP_TLSEXT_PADDING},
#endif
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
#endif
#if defined(SSL_OP_TLS_D5_BUG)
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
#endif
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
#endif
{NULL, 0L}
};
typedef struct lsec_ssl_option_s lsec_ssl_option_t;
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options();
#endif

View File

@ -1,10 +1,10 @@
local function usage()
print("Usage:")
print("* Generate options of your system:")
print(" lua options.lua -g /path/to/ssl.h [verion] > options.h")
print(" lua options.lua -g /path/to/ssl.h [version] > options.c")
print("* Examples:")
print(" lua options.lua -g /usr/include/openssl/ssl.h > options.h\n")
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.h\n")
print(" lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.c\n")
print("* List options of your system:")
print(" lua options.lua -l /path/to/ssl.h\n")
@ -17,33 +17,28 @@ end
local function generate(options, version)
print([[
#ifndef LSEC_OPTIONS_H
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 0.6
* Copyright (C) 2006-2016 Bruno Silvestre
* LuaSec 0.7.2
*
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/ssl.h>
#include "options.h"
/* If you need to generate these options again, see options.lua */
]])
printf([[
/*
OpenSSL version: %s
*/
]], version)
print([[
struct ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
]])
print([[static ssl_option_t ssl_options[] = {]])
print([[static lsec_ssl_option_t ssl_options[] = {]])
for k, option in ipairs(options) do
local name = string.lower(string.sub(option, 8))
@ -55,7 +50,9 @@ typedef struct ssl_option_s ssl_option_t;
print([[
};
#endif
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
return ssl_options;
}
]])
end

112
src/ssl.c
View File

@ -1,9 +1,9 @@
/*--------------------------------------------------------------------------
* LuaSec 0.6
* LuaSec 0.7.2
*
* Copyright (C) 2014-2016 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Matthew Wild.
* Copyright (C) 2006-2016 Bruno Silvestre.
* Copyright (C) 2006-2019 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -31,6 +31,14 @@
#include "context.h"
#include "ssl.h"
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
#define SSL_is_server(s) (s->server)
#define SSL_up_ref(ssl) CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
#define X509_up_ref(c) CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
#endif
/**
* Underline socket error.
*/
@ -191,9 +199,9 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
{
int err;
p_ssl ssl = (p_ssl)ctx;
*got = 0;
if (ssl->state != LSEC_STATE_CONNECTED)
return IO_CLOSED;
*got = 0;
for ( ; ; ) {
ERR_clear_error();
err = SSL_read(ssl->ssl, data, (int)count);
@ -203,7 +211,6 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
*got = err;
return IO_DONE;
case SSL_ERROR_ZERO_RETURN:
*got = err;
return IO_CLOSED;
case SSL_ERROR_WANT_READ:
err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
@ -230,32 +237,66 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
return IO_UNKNOWN;
}
static SSL_CTX* luaossl_testcontext(lua_State *L, int arg) {
SSL_CTX **ctx = luaL_testudata(L, arg, "SSL_CTX*");
if (ctx)
return *ctx;
return NULL;
}
static SSL* luaossl_testssl(lua_State *L, int arg) {
SSL **ssl = luaL_testudata(L, arg, "SSL*");
if (ssl)
return *ssl;
return NULL;
}
/**
* Create a new TLS/SSL object and mark it as new.
*/
static int meth_create(lua_State *L)
{
p_ssl ssl;
int mode = lsec_getmode(L, 1);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
int mode;
SSL_CTX *ctx;
lua_settop(L, 1);
if (mode == LSEC_MODE_INVALID) {
lua_pushnil(L);
lua_pushstring(L, "invalid mode");
return 2;
}
ssl = (p_ssl)lua_newuserdata(L, sizeof(t_ssl));
if (!ssl) {
lua_pushnil(L);
lua_pushstring(L, "error creating SSL object");
return 2;
}
ssl->ssl = SSL_new(ctx);
if (!ssl->ssl) {
lua_pushnil(L);
lua_pushfstring(L, "error creating SSL object (%s)",
ERR_reason_error_string(ERR_get_error()));
return 2;
if ((ctx = lsec_testcontext(L, 1))) {
mode = lsec_getmode(L, 1);
if (mode == LSEC_MODE_INVALID) {
lua_pushnil(L);
lua_pushstring(L, "invalid mode");
return 2;
}
ssl->ssl = SSL_new(ctx);
if (!ssl->ssl) {
lua_pushnil(L);
lua_pushfstring(L, "error creating SSL object (%s)",
ERR_reason_error_string(ERR_get_error()));
return 2;
}
} else if ((ctx = luaossl_testcontext(L, 1))) {
ssl->ssl = SSL_new(ctx);
if (!ssl->ssl) {
lua_pushnil(L);
lua_pushfstring(L, "error creating SSL object (%s)",
ERR_reason_error_string(ERR_get_error()));
return 2;
}
mode = SSL_is_server(ssl->ssl) ? LSEC_MODE_SERVER : LSEC_MODE_CLIENT;
} else if ((ssl->ssl = luaossl_testssl(L, 1))) {
SSL_up_ref(ssl->ssl);
mode = SSL_is_server(ssl->ssl) ? LSEC_MODE_SERVER : LSEC_MODE_CLIENT;
} else {
return luaL_argerror(L, 1, "invalid context");
}
ssl->state = LSEC_STATE_NEW;
SSL_set_fd(ssl->ssl, (int)SOCKET_INVALID);
@ -406,7 +447,9 @@ static int meth_want(lua_State *L)
*/
static int meth_compression(lua_State *L)
{
#if !defined(OPENSSL_NO_COMP)
#ifdef OPENSSL_NO_COMP
const void *comp;
#else
const COMP_METHOD *comp;
#endif
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
@ -415,15 +458,11 @@ static int meth_compression(lua_State *L)
lua_pushstring(L, "closed");
return 2;
}
#if !defined(OPENSSL_NO_COMP)
comp = SSL_get_current_compression(ssl->ssl);
if (comp)
lua_pushstring(L, SSL_COMP_get_name(comp));
else
lua_pushnil(L);
#else
lua_pushnil(L);
#endif
return 1;
}
@ -461,7 +500,7 @@ static int meth_getpeercertificate(lua_State *L)
/* In a server-context, the stack doesn't contain the peer cert,
* so adjust accordingly.
*/
if (ssl->ssl->server)
if (SSL_is_server(ssl->ssl))
--n;
certs = SSL_get_peer_cert_chain(ssl->ssl);
if (n >= sk_X509_num(certs)) {
@ -471,7 +510,7 @@ static int meth_getpeercertificate(lua_State *L)
cert = sk_X509_value(certs, n);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
X509_up_ref(cert);
lsec_pushx509(L, cert);
return 1;
}
@ -493,7 +532,7 @@ static int meth_getpeerchain(lua_State *L)
return 2;
}
lua_newtable(L);
if (ssl->ssl->server) {
if (SSL_is_server(ssl->ssl)) {
lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
lua_rawseti(L, -2, idx++);
}
@ -503,7 +542,7 @@ static int meth_getpeerchain(lua_State *L)
cert = sk_X509_value(certs, i);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
X509_up_ref(cert);
lsec_pushx509(L, cert);
lua_rawseti(L, -2, idx++);
}
@ -757,7 +796,7 @@ static int meth_getsniname(lua_State *L)
static int meth_copyright(lua_State *L)
{
lua_pushstring(L, "LuaSec 0.6 - Copyright (C) 2006-2016 Bruno Silvestre, UFG"
lua_pushstring(L, "LuaSec 0.7.2 - Copyright (C) 2006-2019 Bruno Silvestre, UFG"
#if defined(WITH_LUASOCKET)
"\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
#endif
@ -842,5 +881,22 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
luaL_newlib(L, funcs);
lua_pushstring(L, "SOCKET_INVALID");
lua_pushnumber(L, SOCKET_INVALID);
lua_rawset(L, -3);
return 1;
}
//------------------------------------------------------------------------------
#if defined(_MSC_VER)
/* Empty implementation to allow building with LuaRocks and MS compilers */
LSEC_API int luaopen_ssl(lua_State *L) {
lua_pushstring(L, "you should not call this function");
lua_error(L);
return 0;
}
#endif

View File

@ -2,8 +2,9 @@
#define LSEC_SSL_H
/*--------------------------------------------------------------------------
* LuaSec 0.6
* Copyright (C) 2006-2016 Bruno Silvestre
* LuaSec 0.7.2
*
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
@ -15,7 +16,7 @@
#include <luasocket/timeout.h>
#include <luasocket/socket.h>
#include "config.h"
#include "compat.h"
#include "context.h"
#define LSEC_STATE_NEW 1

View File

@ -1,12 +1,14 @@
------------------------------------------------------------------------------
-- LuaSec 0.6
-- Copyright (C) 2006-2016 Bruno Silvestre
-- LuaSec 0.7.2
--
-- Copyright (C) 2006-2019 Bruno Silvestre
--
------------------------------------------------------------------------------
local core = require("ssl.core")
local context = require("ssl.context")
local x509 = require("ssl.x509")
local config = require("ssl.config")
local unpack = table.unpack or unpack
@ -92,11 +94,19 @@ local function newcontext(cfg)
end
context.setdhparam(ctx, cfg.dhparam)
end
-- Set elliptic curve
if cfg.curve then
succ, msg = context.setcurve(ctx, cfg.curve)
if not succ then return nil, msg end
-- Set elliptic curves
if (not config.algorithms.ec) and (cfg.curve or cfg.curveslist) then
return false, "elliptic curves not supported"
end
if config.capabilities.curves_list and cfg.curveslist then
succ, msg = context.setcurveslist(ctx, cfg.curveslist)
if not succ then return nil, msg end
elseif cfg.curve then
succ, msg = context.setcurve(ctx, cfg.curve)
if not succ then return nil, msg end
end
-- Set extra verification options
if cfg.verifyext and ctx.setverifyext then
succ, msg = optexec(ctx.setverifyext, cfg.verifyext, ctx)
@ -120,7 +130,7 @@ local function wrap(sock, cfg)
local s, msg = core.create(ctx)
if s then
core.setfd(s, sock:getfd())
sock:setfd(-1)
sock:setfd(core.SOCKET_INVALID)
registry[s] = ctx
return s
end
@ -169,8 +179,9 @@ core.setmethod("info", info)
--
local _M = {
_VERSION = "0.6",
_VERSION = "0.7.2",
_COPYRIGHT = core.copyright(),
config = config,
loadcertificate = x509.load,
newcontext = newcontext,
wrap = wrap,

View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 0.6
* LuaSec 0.7.2
*
* Copyright (C) 2014-2016 Kim Alvefur, Paul Aurich, Tobias Markmann
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
* Matthew Wild, Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -32,6 +32,17 @@
#include "x509.h"
/*
* ASN1_STRING_data is deprecated in OpenSSL 1.1.0
*/
#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
#else
#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
#endif
static const char* hex_tab = "0123456789abcdef";
/**
@ -146,7 +157,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
}
switch (encode) {
case LSEC_AI5_STRING:
lua_pushlstring(L, (char*)ASN1_STRING_data(string),
lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
ASN1_STRING_length(string));
break;
case LSEC_UTF8_STRING:
@ -182,7 +193,7 @@ static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
{
int af;
char dst[INET6_ADDRSTRLEN];
unsigned char *ip = ASN1_STRING_data(string);
unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
switch(ASN1_STRING_length(string)) {
case 4:
af = AF_INET;
@ -221,7 +232,7 @@ static int push_subtable(lua_State* L, int idx)
}
/**
* Retrive the general names from the object.
* Retrieve the general names from the object.
*/
static int push_x509_name(lua_State* L, X509_NAME *name, int encode)
{
@ -249,7 +260,7 @@ static int push_x509_name(lua_State* L, X509_NAME *name, int encode)
/*---------------------------------------------------------------------------*/
/**
* Retrive the Subject from the certificate.
* Retrieve the Subject from the certificate.
*/
static int meth_subject(lua_State* L)
{
@ -258,7 +269,7 @@ static int meth_subject(lua_State* L)
}
/**
* Retrive the Issuer from the certificate.
* Retrieve the Issuer from the certificate.
*/
static int meth_issuer(lua_State* L)
{
@ -293,11 +304,11 @@ int meth_extensions(lua_State* L)
break;
/* Push ret[oid] */
push_asn1_objname(L, extension->object, 1);
push_asn1_objname(L, X509_EXTENSION_get_object(extension), 1);
push_subtable(L, -2);
/* Set ret[oid].name = name */
push_asn1_objname(L, extension->object, 0);
push_asn1_objname(L, X509_EXTENSION_get_object(extension), 0);
lua_setfield(L, -2, "name");
n_general_names = sk_GENERAL_NAME_num(values);
@ -360,7 +371,9 @@ int meth_extensions(lua_State* L)
/* not supported */
break;
}
GENERAL_NAME_free(general_name);
}
sk_GENERAL_NAME_free(values);
lua_pop(L, 1); /* ret[oid] */
i++; /* Next extension */
}
@ -404,7 +417,7 @@ static int meth_pubkey(lua_State* L)
bytes = BIO_get_mem_data(bio, &data);
if (bytes > 0) {
lua_pushlstring(L, data, bytes);
switch(EVP_PKEY_type(pkey->type)) {
switch(EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA:
lua_pushstring(L, "RSA");
break;

View File

@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 0.6
* LuaSec 0.7.2
*
* Copyright (C) 2014-2016 Kim Alvefur, Paul Aurich, Tobias Markmann
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
* Matthew Wild, Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@ -12,7 +12,7 @@
#include <openssl/x509v3.h>
#include <lua.h>
#include "config.h"
#include "compat.h"
/* We do not support UniversalString nor BMPString as ASN.1 String types */
enum { LSEC_AI5_STRING, LSEC_UTF8_STRING };