dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2025-10-31 18:35:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dany:master
Branches Tags
dany:master dany:shutdown-method dany:dev dany:ocsp dany:luasec-dev-0.8 dany:luasec-dev-0.7 dany:luasec-dev-0.5
dany:v1.3.2 dany:v1.3.1 dany:v1.3.0 dany:v1.2.0 dany:v1.1.0 dany:v1.0.2 dany:v1.0.1 dany:v1.0 dany:v0.9 dany:luasec-0.8.2 dany:luasec-0.7.2 dany:luasec-0.8.1 dany:luasec-0.7.1 dany:luasec-0.8 dany:luasec-0.7 dany:luasec-0.6 dany:luasec-0.5.1 dany:luasec-0.5 dany:luasec-0.4.1 dany:luasec-0.4 dany:luasec-0.3.3 dany:luasec-0.3.2 dany:luasec-0.3.1 dany:luasec-0.3 dany:luasec-0.2
..
compare: dany:luasec-0.8.1
Branches Tags
dany:master dany:shutdown-method dany:dev dany:ocsp dany:luasec-dev-0.8 dany:luasec-dev-0.7 dany:luasec-dev-0.5
dany:v1.3.2 dany:v1.3.1 dany:v1.3.0 dany:v1.2.0 dany:v1.1.0 dany:v1.0.2 dany:v1.0.1 dany:v1.0 dany:v0.9 dany:luasec-0.8.2 dany:luasec-0.7.2 dany:luasec-0.8.1 dany:luasec-0.7.1 dany:luasec-0.8 dany:luasec-0.7 dany:luasec-0.6 dany:luasec-0.5.1 dany:luasec-0.5 dany:luasec-0.4.1 dany:luasec-0.4 dany:luasec-0.3.3 dany:luasec-0.3.2 dany:luasec-0.3.1 dany:luasec-0.3 dany:luasec-0.2

2 Commits
master ... luasec-0.8

Author SHA1 Message Date
Bruno Silvestre
20db8ae168 Update version number: 0.8 -> 0.8.1 2019-08-16 10:31:04 -03:00
Bruno Silvestre
dcd385e615 Fix memory leak 2019-08-16 10:15:42 -03:00
37 changed files with 299 additions and 1077 deletions
Expand all files Collapse all files

106
CHANGELOG
View File

@@ -1,99 +1,9 @@
--------------------------------------------------------------------------------
LuaSec 1.3.2
---------------
This version includes:
* Fix: place EAI_OVERFLOW inside macro, unbreak build on <10.7 (Sergey Fedorov)
* Fix: Expand workaround for zero errno to OpenSSL 3.0.x (Kim Alvefur)
* Fix: reset block timeout at send or receive (MartinDahlberg)
--------------------------------------------------------------------------------
LuaSec 1.3.1
---------------
This version includes:
* Fix: check if PSK is available
--------------------------------------------------------------------------------
LuaSec 1.3.0
---------------
This version includes:
* Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods (@mwild1)
* Add Pre-Shared Key (PSK) support (@jclab-joseph)
--------------------------------------------------------------------------------
LuaSec 1.2.0
---------------
This version includes:
* Add key material export method
* Backguard compat for openssl on providers, like LTS linuxes
--------------------------------------------------------------------------------
LuaSec 1.1.0
---------------
This version includes:
* Fix missing DANE flag
* Remove unused parameter in https.lua
--------------------------------------------------------------------------------
LuaSec 1.0.2
---------------
This version includes:
* Fix handle SSL_send SYSCALL error without errno
* Fix off by one in cert:validat(notafter)
* Fix meth_get_{sinagure => signature}_name function name
* Fix update the Lua state reference on the selected SSL context after SNI
* Fix ignore SSL_OP_BIT(n) macro and update option.c
--------------------------------------------------------------------------------
LuaSec 1.0.1
---------------
This version includes:
* Fix luaL_buffinit() can use the stack and broke buffer_meth_receive()
--------------------------------------------------------------------------------
LuaSec 1.0
---------------
This version includes:
* Add cert:getsignaturename()
--------------------------------------------------------------------------------
LuaSec 0.9
---------------
This version includes:
* Add DNS-based Authentication of Named Entities (DANE) support
* Add __close() metamethod
* Fix deprecation warnings with OpenSSL 1.1
* Fix special case listing of TLS 1.3 EC curves
* Fix general_name leak in cert:extensions()
* Fix unexported 'ssl.config' table
* Replace $(LD) with $(CCLD) variable
* Remove multiple definitions of 'ssl_options' variable
* Use tag in git format: v0.9
--------------------------------------------------------------------------------
LuaSec 0.8.2
---------------
This version includes:
* Fix unexported 'ssl.config' table (backported)
--------------------------------------------------------------------------------
LuaSec 0.8.1
---------------
This version includes:
* Fix general_name leak in cert:extensions() (backported)
* Fix another memory leak when get certficate extensions
--------------------------------------------------------------------------------
LuaSec 0.8
@@ -109,20 +19,6 @@ This version includes:
* Fix invalid reference to Lua state
* Fix memory leak when get certficate extensions
--------------------------------------------------------------------------------
LuaSec 0.7.2
---------------
This version includes:
* Fix unexported 'ssl.config' table (backported)
--------------------------------------------------------------------------------
LuaSec 0.7.1
---------------
This version includes:
* Fix general_name leak in cert:extensions() (backported)
--------------------------------------------------------------------------------
LuaSec 0.7
---------------

6
INSTALL
View File

@@ -1,14 +1,14 @@
LuaSec 1.3.2
LuaSec 0.8.1
------------
* OpenSSL options:
By default, this version includes options for OpenSSL 3.0.8
By default, LuaSec 0.8.1 includes options for OpenSSL 1.1.0g.
If you need to generate the options for a different version of OpenSSL:
$ cd src
$ lua options.lua -g /usr/include/openssl/ssl.h > options.c
$ lua options.lua -g /usr/include/openssl/ssl.h > options.h
--------------------------------------------------------------------------------

4
LICENSE
View File

@@ -1,5 +1,5 @@
LuaSec 1.3.2 license
Copyright (C) 2006-2023 Bruno Silvestre, UFG
LuaSec 0.8.1 license
Copyright (C) 2006-2019 Bruno Silvestre, UFG
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the

2
Makefile
View File

@@ -6,7 +6,7 @@ LUACPATH ?= /usr/lib/lua/5.1
# Comment this lines if you will link with non-internal LuaSocket's help files
# and edit INCDIR and LIBDIR properly.
EXTRA = luasocket
DEFS = -DWITH_LUASOCKET -DOPENSSL_API_COMPAT=0x10101000L
DEFS = -DWITH_LUASOCKET
# Edit the lines below to inform new path, if necessary.
# Path below points to internal LuaSocket's help files.

5
README.md
View File

@@ -1,6 +1,9 @@
LuaSec 1.3.2
LuaSec 0.8.1
===============
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
Important: This version requires at least OpenSSL 1.0.2.
For old versions of OpenSSL, use LuaSec 0.7.
Documentation: https://github.com/brunoos/luasec/wiki

17
luasec-1.3.2-1.rockspec → luasec-0.8.1-1.rockspec
View File

@@ -1,8 +1,8 @@
package = "LuaSec"
version = "1.3.2-1"
version = "0.8.1-1"
source = {
url = "git+https://github.com/brunoos/luasec",
tag = "v1.3.2",
url = "https://github.com/brunoos/luasec/archive/luasec-0.8.1.tar.gz",
dir = "luasec-luasec-0.8.1"
}
description = {
summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
@@ -46,7 +46,7 @@ build = {
modules = {
ssl = {
defines = {
"WITH_LUASOCKET", "LUASOCKET_DEBUG", "OPENSSL_API_COMPAT=0x10101000L"
"WITH_LUASOCKET", "LUASOCKET_DEBUG",
},
incdirs = {
"$(OPENSSL_INCDIR)", "src/", "src/luasocket",
@@ -58,7 +58,7 @@ build = {
"ssl", "crypto"
},
sources = {
"src/options.c", "src/config.c", "src/ec.c",
"src/config.c", "src/ec.c",
"src/x509.c", "src/context.c", "src/ssl.c",
"src/luasocket/buffer.c", "src/luasocket/io.c",
"src/luasocket/timeout.c", "src/luasocket/usocket.c"
@@ -80,21 +80,20 @@ build = {
defines = {
"WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)",
"WITH_LUASOCKET", "LUASOCKET_DEBUG",
"LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300",
"OPENSSL_API_COMPAT=0x10101000L"
"LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300"
},
libdirs = {
"$(OPENSSL_LIBDIR)",
"$(OPENSSL_BINDIR)",
},
libraries = {
"libssl", "libcrypto", "ws2_32"
"libssl32MD", "libcrypto32MD", "ws2_32"
},
incdirs = {
"$(OPENSSL_INCDIR)", "src/", "src/luasocket"
},
sources = {
"src/options.c", "src/config.c", "src/ec.c",
"src/config.c", "src/ec.c",
"src/x509.c", "src/context.c", "src/ssl.c",
"src/luasocket/buffer.c", "src/luasocket/io.c",
"src/luasocket/timeout.c", "src/luasocket/wsocket.c"

7
luasec.vcxproj
View File

@@ -61,7 +61,7 @@
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ws2_32.lib;libeay32MDd.lib;ssleay32MDd.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>$(OutDir)ssl.dll</OutputFile>
<AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
@@ -85,7 +85,7 @@
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>ws2_32.lib;libssl32MD.lib;libcrypto32MD.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
@@ -107,7 +107,6 @@
<ClCompile Include="src\luasocket\io.c" />
<ClCompile Include="src\luasocket\timeout.c" />
<ClCompile Include="src\luasocket\wsocket.c" />
<ClCompile Include="src\options.c" />
<ClCompile Include="src\ssl.c" />
<ClCompile Include="src\x509.c" />
</ItemGroup>
@@ -128,4 +127,4 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
</Project>

3
samples/README
View File

@@ -45,9 +45,6 @@ Directories:
* oneshot
A simple connection example.
* psk
PSK(Pre Shared Key) support.
* sni
Support to SNI (Server Name Indication).

2
samples/certs/all.sh
View File

@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
./rootA.sh
./rootB.sh
./clientA.sh

2
samples/certs/serverA.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh
openssl req -newkey rsa:2048 -sha256 -keyout serverAkey.pem -out serverAreq.pem \
openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem \
-config ./serverA.cnf -nodes -days 365 -batch
openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \

2
samples/certs/serverB.sh
View File

@@ -1,6 +1,6 @@
#!/bin/sh
openssl req -newkey rsa:2048 -sha256 -keyout serverBkey.pem -out serverBreq.pem \
openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \
-config ./serverB.cnf -nodes -days 365 -batch
openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \

21
samples/chain/server.lua
View File

@@ -31,27 +31,8 @@ util.show( conn:getpeercertificate() )
print("----------------------------------------------------------------------")
local expectedpeerchain = { "../certs/clientAcert.pem", "../certs/rootA.pem" }
local peerchain = conn:getpeerchain()
assert(#peerchain == #expectedpeerchain)
for k, cert in ipairs( peerchain ) do
for k, cert in ipairs( conn:getpeerchain() ) do
util.show(cert)
local expectedpem = assert(io.open(expectedpeerchain[k])):read("*a")
assert(cert:pem() == expectedpem, "peer chain mismatch @ "..tostring(k))
end
local expectedlocalchain = { "../certs/serverAcert.pem" }
local localchain = assert(conn:getlocalchain())
assert(#localchain == #expectedlocalchain)
for k, cert in ipairs( localchain ) do
util.show(cert)
local expectedpem = assert(io.open(expectedlocalchain[k])):read("*a")
assert(cert:pem() == expectedpem, "local chain mismatch @ "..tostring(k))
if k == 1 then
assert(cert:pem() == conn:getlocalcertificate():pem())
end
end
local f = io.open(params.certificate)

40
samples/dane/client.lua
View File

@@ -1,40 +0,0 @@
local socket = require "socket";
local ssl = require "ssl";
local dns = require "lunbound".new();
local cfg = {
protocol = "tlsv1_2",
mode = "client",
ciphers = "DEFAULT",
capath = "/etc/ssl/certs",
verify = "peer",
dane = true,
};
local function daneconnect(host, port)
port = port or "443";
local conn = ssl.wrap(socket.connect(host, port), cfg);
local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
assert(tlsa.secure, "Insecure DNS");
assert(conn:setdane(host));
for i = 1, tlsa.n do
local usage, selector, mtype = tlsa[i] :byte(1, 3);
assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
end
assert(conn:dohandshake());
return conn;
end
if not ... then
print("Usage: client.lua example.com [port]");
return os.exit(1);
end
local conn = daneconnect(...);
print(conn:getpeerverification());

2
samples/dhparam/params.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env sh
#!/bin/sh
openssl dhparam -2 -out dh-512.pem -outform PEM 512
openssl dhparam -2 -out dh-1024.pem -outform PEM 1024

2
samples/key/genkey.sh Executable file → Normal file
View File

@@ -1,3 +1,3 @@
#!/usr/bin/env sh
#!/bin/sh
openssl genrsa -des3 -out key.pem -passout pass:foobar 2048

2
samples/multicert/gencerts.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env sh
#!/bin/sh
mkdir -p certs

41
samples/psk/client.lua
View File

@@ -1,41 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
if not ssl.config.capabilities.psk then
print("[ERRO] PSK not available")
os.exit(1)
end
-- @param hint (nil | string)
-- @param max_identity_len (number)
-- @param max_psk_len (number)
-- @return identity (string)
-- @return PSK (string)
local function pskcb(hint, max_identity_len, max_psk_len)
print(string.format("PSK Callback: hint=%q, max_identity_len=%d, max_psk_len=%d", hint, max_identity_len, max_psk_len))
return "abcd", "1234"
end
local params = {
mode = "client",
protocol = "tlsv1_2",
psk = pskcb,
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()

60
samples/psk/server.lua
View File

@@ -1,60 +0,0 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
if not ssl.config.capabilities.psk then
print("[ERRO] PSK not available")
os.exit(1)
end
-- @param identity (string)
-- @param max_psk_len (number)
-- @return psk (string)
local function pskcb(identity, max_psk_len)
print(string.format("PSK Callback: identity=%q, max_psk_len=%d", identity, max_psk_len))
if identity == "abcd" then
return "1234"
end
return nil
end
local params = {
mode = "server",
protocol = "any",
options = "all",
-- PSK with just a callback
psk = pskcb,
-- PSK with identity hint
-- psk = {
-- hint = "hintpsksample",
-- callback = pskcb,
-- },
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()
server:close()

8
src/Makefile
View File

@@ -2,7 +2,6 @@ CMOD=ssl.so
LMOD=ssl.lua
OBJS= \
options.o \
x509.o \
context.o \
ssl.o \
@@ -25,7 +24,7 @@ MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
INSTALL = install
CC ?= cc
CCLD ?= $(MYENV) $(CC)
LD ?= $(MYENV) cc
CFLAGS += $(MYCFLAGS)
LDFLAGS += $(MYLDFLAGS)
@@ -52,15 +51,14 @@ luasocket:
@cd luasocket && $(MAKE)
$(CMOD): $(EXTRA) $(OBJS)
$(CCLD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
$(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
clean:
cd luasocket && $(MAKE) clean
rm -f $(OBJS) $(CMOD)
options.o: options.h options.c
ec.o: ec.c ec.h
x509.o: x509.c x509.h compat.h
context.o: context.c context.h ec.h compat.h options.h
context.o: context.c context.h ec.h compat.h
ssl.o: ssl.c ssl.h context.h x509.h compat.h
config.o: config.c ec.h options.h compat.h

36
src/compat.h
View File

@@ -1,25 +1,19 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#ifndef LSEC_COMPAT_H
#define LSEC_COMPAT_H
#include <openssl/ssl.h>
//------------------------------------------------------------------------------
#if defined(_WIN32)
#define LSEC_API __declspec(dllexport)
#else
#define LSEC_API extern
#endif
//------------------------------------------------------------------------------
#if (LUA_VERSION_NUM == 501)
#define luaL_testudata(L, ud, tname) lsec_testudata(L, ud, tname)
@@ -34,30 +28,4 @@
#define setfuncs(L, R) luaL_setfuncs(L, R, 0)
#endif
//------------------------------------------------------------------------------
#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL))
#define LSEC_ENABLE_DANE
#endif
//------------------------------------------------------------------------------
#if !((defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
#define LSEC_API_OPENSSL_1_1_0
#endif
//------------------------------------------------------------------------------
#if !defined(LIBRESSL_VERSION_NUMBER) && ((OPENSSL_VERSION_NUMBER & 0xFFFFF000L) == 0x10101000L || (OPENSSL_VERSION_NUMBER & 0xFFFFF000L) == 0x30000000L)
#define LSEC_OPENSSL_ERRNO_BUG
#endif
//------------------------------------------------------------------------------
#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_PSK)
#define LSEC_ENABLE_PSK
#endif
//------------------------------------------------------------------------------
#endif

30
src/config.c
View File

@@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@@ -14,14 +14,14 @@
*/
LSEC_API int luaopen_ssl_config(lua_State *L)
{
lsec_ssl_option_t *opt;
ssl_option_t *opt;
lua_newtable(L);
// Options
lua_pushstring(L, "options");
lua_newtable(L);
for (opt = lsec_get_ssl_options(); opt->name; opt++) {
for (opt = ssl_options; opt->name; opt++) {
lua_pushstring(L, opt->name);
lua_pushboolean(L, 1);
lua_rawset(L, -3);
@@ -41,7 +41,7 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
lua_pushstring(L, "tlsv1_2");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#ifdef TLS1_3_VERSION
#if defined(TLS1_3_VERSION)
lua_pushstring(L, "tlsv1_3");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
@@ -74,26 +74,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#ifdef LSEC_ENABLE_PSK
lua_pushstring(L, "psk");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
#ifdef LSEC_ENABLE_DANE
// DANE
lua_pushstring(L, "dane");
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
lua_createtable(L, 0, 1);
lua_pushstring(L, "no_ee_namechecks");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#else
lua_pushboolean(L, 1);
#endif
lua_rawset(L, -3);
#endif
#ifndef OPENSSL_NO_EC
lua_pushstring(L, "curves_list");
lua_pushboolean(L, 1);

216
src/context.c
View File

@@ -1,8 +1,9 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Matthew Wild.
* Copyright (C) 2006-2019 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@@ -16,13 +17,10 @@
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include <openssl/dh.h>
#include <lua.h>
#include <lauxlib.h>
#include "compat.h"
#include "context.h"
#include "options.h"
@@ -51,8 +49,8 @@ static p_context testctx(lua_State *L, int idx)
*/
static int set_option_flag(const char *opt, unsigned long *flag)
{
lsec_ssl_option_t *p;
for (p = lsec_get_ssl_options(); p->name; p++) {
ssl_option_t *p;
for (p = ssl_options; p->name; p++) {
if (!strcmp(opt, p->name)) {
*flag |= p->code;
return 1;
@@ -61,7 +59,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
return 0;
}
#ifndef LSEC_API_OPENSSL_1_1_0
#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)
/**
* Find the protocol.
*/
@@ -333,7 +331,7 @@ static int create(lua_State *L)
ERR_reason_error_string(ERR_get_error()));
return 2;
}
#ifdef LSEC_API_OPENSSL_1_1_0
#if ! ((defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
SSL_CTX_set_min_proto_version(ctx->context, vmin);
SSL_CTX_set_max_proto_version(ctx->context, vmax);
#endif
@@ -614,9 +612,7 @@ static int set_curves_list(lua_State *L)
return 2;
}
#if defined(LIBRESSL_VERSION_NUMBER) || !defined(LSEC_API_OPENSSL_1_1_0)
(void)SSL_CTX_set_ecdh_auto(ctx, 1);
#endif
lua_pushboolean(L, 1);
return 1;
@@ -707,176 +703,6 @@ static int set_alpn_cb(lua_State *L)
return 1;
}
#if defined(LSEC_ENABLE_PSK)
/**
* Callback to select the PSK.
*/
static unsigned int server_psk_cb(SSL *ssl, const char *identity, unsigned char *psk,
unsigned int max_psk_len)
{
size_t psk_len;
const char *ret_psk;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
lua_State *L = pctx->L;
luaL_getmetatable(L, "SSL:PSK:Registry");
lua_pushlightuserdata(L, (void*)pctx->context);
lua_gettable(L, -2);
lua_pushstring(L, identity);
lua_pushinteger(L, max_psk_len);
lua_call(L, 2, 1);
if (!lua_isstring(L, -1)) {
lua_pop(L, 2);
return 0;
}
ret_psk = lua_tolstring(L, -1, &psk_len);
if (psk_len == 0 || psk_len > max_psk_len)
psk_len = 0;
else
memcpy(psk, ret_psk, psk_len);
lua_pop(L, 2);
return psk_len;
}
/**
* Set a PSK callback for server.
*/
static int set_server_psk_cb(lua_State *L)
{
p_context ctx = checkctx(L, 1);
luaL_getmetatable(L, "SSL:PSK:Registry");
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushvalue(L, 2);
lua_settable(L, -3);
SSL_CTX_set_psk_server_callback(ctx->context, server_psk_cb);
lua_pushboolean(L, 1);
return 1;
}
/*
* Set the PSK indentity hint.
*/
static int set_psk_identity_hint(lua_State *L)
{
p_context ctx = checkctx(L, 1);
const char *hint = luaL_checkstring(L, 2);
int ret = SSL_CTX_use_psk_identity_hint(ctx->context, hint);
lua_pushboolean(L, ret);
return 1;
}
/*
* Client callback to PSK.
*/
static unsigned int client_psk_cb(SSL *ssl, const char *hint, char *identity,
unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)
{
size_t psk_len;
size_t identity_len;
const char *ret_psk;
const char *ret_identity;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
lua_State *L = pctx->L;
luaL_getmetatable(L, "SSL:PSK:Registry");
lua_pushlightuserdata(L, (void*)pctx->context);
lua_gettable(L, -2);
if (hint)
lua_pushstring(L, hint);
else
lua_pushnil(L);
// Leave space to '\0'
lua_pushinteger(L, max_identity_len-1);
lua_pushinteger(L, max_psk_len);
lua_call(L, 3, 2);
if (!lua_isstring(L, -1) || !lua_isstring(L, -2)) {
lua_pop(L, 3);
return 0;
}
ret_identity = lua_tolstring(L, -2, &identity_len);
ret_psk = lua_tolstring(L, -1, &psk_len);
if (identity_len >= max_identity_len || psk_len > max_psk_len)
psk_len = 0;
else {
memcpy(identity, ret_identity, identity_len);
identity[identity_len] = 0;
memcpy(psk, ret_psk, psk_len);
}
lua_pop(L, 3);
return psk_len;
}
/**
* Set a PSK callback for client.
*/
static int set_client_psk_cb(lua_State *L) {
p_context ctx = checkctx(L, 1);
luaL_getmetatable(L, "SSL:PSK:Registry");
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushvalue(L, 2);
lua_settable(L, -3);
SSL_CTX_set_psk_client_callback(ctx->context, client_psk_cb);
lua_pushboolean(L, 1);
return 1;
}
#endif
#if defined(LSEC_ENABLE_DANE)
/*
* DANE
*/
static int dane_options[] = {
/* TODO move into options.c
* however this symbol is not from openssl/ssl.h but rather from
* openssl/x509_vfy.h
* */
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
DANE_FLAG_NO_DANE_EE_NAMECHECKS,
#endif
0
};
static const char *dane_option_names[] = {
#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
"no_ee_namechecks",
#endif
NULL
};
static int set_dane(lua_State *L)
{
int ret, i;
SSL_CTX *ctx = lsec_checkcontext(L, 1);
ret = SSL_CTX_dane_enable(ctx);
for (i = 2; ret > 0 && i <= lua_gettop(L); i++) {
ret = SSL_CTX_dane_set_flags(ctx, dane_options[luaL_checkoption(L, i, NULL, dane_option_names)]);
}
lua_pushboolean(L, (ret > 0));
return 1;
}
#endif
/**
* Package functions
@@ -895,19 +721,13 @@ static luaL_Reg funcs[] = {
{"setdhparam", set_dhparam},
{"setverify", set_verify},
{"setoptions", set_options},
#if defined(LSEC_ENABLE_PSK)
{"setpskhint", set_psk_identity_hint},
{"setserverpskcb", set_server_psk_cb},
{"setclientpskcb", set_client_psk_cb},
#endif
{"setmode", set_mode},
#if !defined(OPENSSL_NO_EC)
{"setcurve", set_curve},
{"setcurveslist", set_curves_list},
#endif
#if defined(LSEC_ENABLE_DANE)
{"setdane", set_dane},
{"setcurve", set_curve},
{"setcurveslist", set_curves_list},
#endif
{NULL, NULL}
};
@@ -933,10 +753,6 @@ static int meth_destroy(lua_State *L)
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushnil(L);
lua_settable(L, -3);
luaL_getmetatable(L, "SSL:PSK:Registry");
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushnil(L);
lua_settable(L, -3);
SSL_CTX_free(ctx->context);
ctx->context = NULL;
@@ -1012,7 +828,6 @@ static int meth_set_verify_ext(lua_State *L)
* Context metamethods.
*/
static luaL_Reg meta[] = {
{"__close", meth_destroy},
{"__gc", meth_destroy},
{"__tostring", meth_tostring},
{NULL, NULL}
@@ -1079,10 +894,9 @@ void *lsec_testudata (lua_State *L, int ud, const char *tname) {
*/
LSEC_API int luaopen_ssl_context(lua_State *L)
{
luaL_newmetatable(L, "SSL:DH:Registry"); /* Keep all DH callbacks */
luaL_newmetatable(L, "SSL:ALPN:Registry"); /* Keep all ALPN callbacks */
luaL_newmetatable(L, "SSL:PSK:Registry"); /* Keep all PSK callbacks */
luaL_newmetatable(L, "SSL:Verify:Registry"); /* Keep all verify flags */
luaL_newmetatable(L, "SSL:DH:Registry"); /* Keep all DH callbacks */
luaL_newmetatable(L, "SSL:ALPN:Registry"); /* Keep all ALPN callbacks */
luaL_newmetatable(L, "SSL:Verify:Registry"); /* Keep all verify flags */
luaL_newmetatable(L, "SSL:Context");
setfuncs(L, meta);

4
src/context.h
View File

@@ -2,9 +2,9 @@
#define LSEC_CONTEXT_H
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

34
src/ec.c
View File

@@ -1,10 +1,3 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
*
* Copyright (C) 2006-2023 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/objects.h>
#include "ec.h"
@@ -63,24 +56,25 @@ void lsec_load_curves(lua_State *L)
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
#ifdef NID_X25519
case NID_X25519:
lua_pushstring(L, "X25519");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
#endif
#ifdef NID_X448
case NID_X448:
lua_pushstring(L, "X448");
lua_pushnumber(L, curves[i].nid);
lua_rawset(L, -3);
break;
#endif
}
}
free(curves);
}
/* These are special so are manually added here */
#ifdef NID_X25519
lua_pushstring(L, "X25519");
lua_pushnumber(L, NID_X25519);
lua_rawset(L, -3);
#endif
#ifdef NID_X448
lua_pushstring(L, "X448");
lua_pushnumber(L, NID_X448);
lua_rawset(L, -3);
#endif
lua_rawset(L, LUA_REGISTRYINDEX);
}

4
src/ec.h
View File

@@ -1,7 +1,7 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

11
src/https.lua
View File

@@ -1,7 +1,6 @@
----------------------------------------------------------------------------
-- LuaSec 1.3.2
--
-- Copyright (C) 2009-2023 PUC-Rio
-- LuaSec 0.8.1
-- Copyright (C) 2009-2019 PUC-Rio
--
-- Author: Pablo Musa
-- Author: Tomas Guisasola
@@ -19,8 +18,8 @@ local try = socket.try
-- Module
--
local _M = {
_VERSION = "1.3.2",
_COPYRIGHT = "LuaSec 1.3.2 - Copyright (C) 2009-2023 PUC-Rio",
_VERSION = "0.8.1",
_COPYRIGHT = "LuaSec 0.8.1 - Copyright (C) 2009-2019 PUC-Rio",
PORT = 443,
TIMEOUT = 60
}
@@ -94,7 +93,7 @@ local function tcp(params)
self.sock:sni(host)
self.sock:settimeout(_M.TIMEOUT)
try(self.sock:dohandshake())
reg(self)
reg(self, getmetatable(self.sock))
return 1
end
return conn

22
src/luasocket/buffer.c
View File

@@ -78,7 +78,9 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
const char *data = luaL_checklstring(L, 2, &size);
long start = (long) luaL_optnumber(L, 3, 1);
long end = (long) luaL_optnumber(L, 4, -1);
timeout_markstart(buf->tm);
#ifdef LUASOCKET_DEBUG
p_timeout tm = timeout_markstart(buf->tm);
#endif
if (start < 0) start = (long) (size+start+1);
if (end < 0) end = (long) (size+end+1);
if (start < 1) start = (long) 1;
@@ -96,7 +98,7 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
}
#ifdef LUASOCKET_DEBUG
/* push time elapsed during operation as the last return value */
lua_pushnumber(L, timeout_gettime() - timeout_getstart(buf->tm));
lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
#endif
return lua_gettop(L) - top;
}
@@ -105,17 +107,13 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
* object:receive() interface
\*-------------------------------------------------------------------------*/
int buffer_meth_receive(lua_State *L, p_buffer buf) {
int err = IO_DONE, top = lua_gettop(L);
luaL_Buffer b;
size_t size;
const char *part;
int err = IO_DONE;
int top = lua_gettop(L);
if (top < 3) {
lua_settop(L, 3);
top = 3;
}
part = luaL_optlstring(L, 3, "", &size);
timeout_markstart(buf->tm);
const char *part = luaL_optlstring(L, 3, "", &size);
#ifdef LUASOCKET_DEBUG
p_timeout tm = timeout_markstart(buf->tm);
#endif
/* initialize buffer with optional extra prefix
* (useful for concatenating previous partial results) */
luaL_buffinit(L, &b);
@@ -151,7 +149,7 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
}
#ifdef LUASOCKET_DEBUG
/* push time elapsed during operation as the last return value */
lua_pushnumber(L, timeout_gettime() - timeout_getstart(buf->tm));
lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
#endif
return lua_gettop(L) - top;
}

2
src/luasocket/timeout.c
View File

@@ -146,7 +146,7 @@ int timeout_open(lua_State *L) {
#if LUA_VERSION_NUM > 501 && !defined(LUA_COMPAT_MODULE)
luaL_setfuncs(L, func, 0);
#else
luaL_register(L, NULL, func);
luaL_openlib(L, NULL, func, 0);
#endif
return 0;
}

2
src/luasocket/usocket.c
View File

@@ -426,9 +426,7 @@ const char *socket_gaistrerror(int err) {
case EAI_MEMORY: return "memory allocation failure";
case EAI_NONAME:
return "host or service not provided, or not known";
#ifdef EAI_OVERFLOW
case EAI_OVERFLOW: return "argument buffer overflow";
#endif
#ifdef EAI_PROTOCOL
case EAI_PROTOCOL: return "resolved protocol is unknown";
#endif

185
src/options.c
View File

@@ -1,185 +0,0 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
*
* Copyright (C) 2006-2023 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/ssl.h>
#include "options.h"
/* If you need to generate these options again, see options.lua */
/*
OpenSSL version: OpenSSL 3.0.8
*/
static lsec_ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
#endif
#if defined(SSL_OP_ALLOW_CLIENT_RENEGOTIATION)
{"allow_client_renegotiation", SSL_OP_ALLOW_CLIENT_RENEGOTIATION},
#endif
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
#endif
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
#endif
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
#endif
#if defined(SSL_OP_CISCO_ANYCONNECT)
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
#endif
#if defined(SSL_OP_CLEANSE_PLAINTEXT)
{"cleanse_plaintext", SSL_OP_CLEANSE_PLAINTEXT},
#endif
#if defined(SSL_OP_COOKIE_EXCHANGE)
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
#endif
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
#endif
#if defined(SSL_OP_DISABLE_TLSEXT_CA_NAMES)
{"disable_tlsext_ca_names", SSL_OP_DISABLE_TLSEXT_CA_NAMES},
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif
#if defined(SSL_OP_ENABLE_KTLS)
{"enable_ktls", SSL_OP_ENABLE_KTLS},
#endif
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif
#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
{"ignore_unexpected_eof", SSL_OP_IGNORE_UNEXPECTED_EOF},
#endif
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
#endif
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
#endif
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
#endif
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
#endif
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NO_ANTI_REPLAY)
{"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
#endif
#if defined(SSL_OP_NO_COMPRESSION)
{"no_compression", SSL_OP_NO_COMPRESSION},
#endif
#if defined(SSL_OP_NO_DTLS_MASK)
{"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
#endif
#if defined(SSL_OP_NO_DTLSv1)
{"no_dtlsv1", SSL_OP_NO_DTLSv1},
#endif
#if defined(SSL_OP_NO_DTLSv1_2)
{"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
#endif
#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
{"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
#endif
#if defined(SSL_OP_NO_EXTENDED_MASTER_SECRET)
{"no_extended_master_secret", SSL_OP_NO_EXTENDED_MASTER_SECRET},
#endif
#if defined(SSL_OP_NO_QUERY_MTU)
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
#endif
#if defined(SSL_OP_NO_RENEGOTIATION)
{"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SSL_MASK)
{"no_ssl_mask", SSL_OP_NO_SSL_MASK},
#endif
#if defined(SSL_OP_NO_SSLv2)
{"no_sslv2", SSL_OP_NO_SSLv2},
#endif
#if defined(SSL_OP_NO_SSLv3)
{"no_sslv3", SSL_OP_NO_SSLv3},
#endif
#if defined(SSL_OP_NO_TICKET)
{"no_ticket", SSL_OP_NO_TICKET},
#endif
#if defined(SSL_OP_NO_TLSv1)
{"no_tlsv1", SSL_OP_NO_TLSv1},
#endif
#if defined(SSL_OP_NO_TLSv1_1)
{"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
#endif
#if defined(SSL_OP_NO_TLSv1_2)
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
#endif
#if defined(SSL_OP_NO_TLSv1_3)
{"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_2)
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
#endif
#if defined(SSL_OP_PRIORITIZE_CHACHA)
{"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
#endif
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
#endif
#if defined(SSL_OP_SINGLE_DH_USE)
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
#endif
#if defined(SSL_OP_SINGLE_ECDH_USE)
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
#endif
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
#endif
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
#endif
#if defined(SSL_OP_TLSEXT_PADDING)
{"tlsext_padding", SSL_OP_TLSEXT_PADDING},
#endif
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
#endif
#if defined(SSL_OP_TLS_D5_BUG)
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
#endif
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
#endif
{NULL, 0L}
};
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
return ssl_options;
}

163
src/options.h
View File

@@ -2,21 +2,170 @@
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include "compat.h"
#include <openssl/ssl.h>
struct lsec_ssl_option_s {
/* If you need to generate these options again, see options.lua */
/*
OpenSSL version: OpenSSL 1.1.1b
*/
struct ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
typedef struct lsec_ssl_option_s lsec_ssl_option_t;
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options();
static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
#endif
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
#endif
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
#endif
#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
{"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
#endif
#if defined(SSL_OP_CISCO_ANYCONNECT)
{"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
#endif
#if defined(SSL_OP_COOKIE_EXCHANGE)
{"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
#endif
#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
{"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif
#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
{"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
#endif
#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
{"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
#endif
#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
{"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
#endif
#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
{"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
#endif
#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
{"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
{"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
{"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NO_ANTI_REPLAY)
{"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
#endif
#if defined(SSL_OP_NO_COMPRESSION)
{"no_compression", SSL_OP_NO_COMPRESSION},
#endif
#if defined(SSL_OP_NO_DTLS_MASK)
{"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
#endif
#if defined(SSL_OP_NO_DTLSv1)
{"no_dtlsv1", SSL_OP_NO_DTLSv1},
#endif
#if defined(SSL_OP_NO_DTLSv1_2)
{"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
#endif
#if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
{"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
#endif
#if defined(SSL_OP_NO_QUERY_MTU)
{"no_query_mtu", SSL_OP_NO_QUERY_MTU},
#endif
#if defined(SSL_OP_NO_RENEGOTIATION)
{"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
{"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
#endif
#if defined(SSL_OP_NO_SSL_MASK)
{"no_ssl_mask", SSL_OP_NO_SSL_MASK},
#endif
#if defined(SSL_OP_NO_SSLv2)
{"no_sslv2", SSL_OP_NO_SSLv2},
#endif
#if defined(SSL_OP_NO_SSLv3)
{"no_sslv3", SSL_OP_NO_SSLv3},
#endif
#if defined(SSL_OP_NO_TICKET)
{"no_ticket", SSL_OP_NO_TICKET},
#endif
#if defined(SSL_OP_NO_TLSv1)
{"no_tlsv1", SSL_OP_NO_TLSv1},
#endif
#if defined(SSL_OP_NO_TLSv1_1)
{"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
#endif
#if defined(SSL_OP_NO_TLSv1_2)
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
#endif
#if defined(SSL_OP_NO_TLSv1_3)
{"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_2)
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
#endif
#if defined(SSL_OP_PRIORITIZE_CHACHA)
{"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
#endif
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
#endif
#if defined(SSL_OP_SINGLE_DH_USE)
{"single_dh_use", SSL_OP_SINGLE_DH_USE},
#endif
#if defined(SSL_OP_SINGLE_ECDH_USE)
{"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
#endif
#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
{"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
#endif
#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
{"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
#endif
#if defined(SSL_OP_TLSEXT_PADDING)
{"tlsext_padding", SSL_OP_TLSEXT_PADDING},
#endif
#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
{"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
#endif
#if defined(SSL_OP_TLS_D5_BUG)
{"tls_d5_bug", SSL_OP_TLS_D5_BUG},
#endif
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
#endif
{NULL, 0L}
};
#endif

39
src/options.lua
View File

@@ -1,10 +1,10 @@
local function usage()
print("Usage:")
print("* Generate options of your system:")
print(" lua options.lua -g /path/to/ssl.h [version] > options.c")
print(" lua options.lua -g /path/to/ssl.h [version] > options.h")
print("* Examples:")
print(" lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.1.1f\" > options.c\n")
print(" lua options.lua -g /usr/include/openssl/ssl.h > options.h\n")
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.h\n")
print("* List options of your system:")
print(" lua options.lua -l /path/to/ssl.h\n")
@@ -17,28 +17,34 @@ end
local function generate(options, version)
print([[
#ifndef LSEC_OPTIONS_H
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/ssl.h>
#include "options.h"
/* If you need to generate these options again, see options.lua */
]])
printf([[
/*
OpenSSL version: %s
*/
]], version)
print([[
struct ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
]])
print([[static lsec_ssl_option_t ssl_options[] = {]])
print([[static ssl_option_t ssl_options[] = {]])
for k, option in ipairs(options) do
local name = string.lower(string.sub(option, 8))
@@ -50,9 +56,7 @@ local function generate(options, version)
print([[
};
LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
return ssl_options;
}
#endif
]])
end
@@ -60,12 +64,9 @@ local function loadoptions(file)
local options = {}
local f = assert(io.open(file, "r"))
for line in f:lines() do
local op = string.match(line, "define%s+(SSL_OP_BIT%()")
if not op then
op = string.match(line, "define%s+(SSL_OP_%S+)")
if op then
table.insert(options, op)
end
local op = string.match(line, "define%s+(SSL_OP_%S+)")
if op then
table.insert(options, op)
end
end
table.sort(options, function(a,b) return a<b end)

181
src/ssl.c
View File

@@ -1,8 +1,9 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Matthew Wild.
* Copyright (C) 2006-2019 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@@ -17,7 +18,6 @@
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include <openssl/err.h>
#include <openssl/dh.h>
#include <lua.h>
#include <lauxlib.h>
@@ -32,7 +32,7 @@
#include "ssl.h"
#ifndef LSEC_API_OPENSSL_1_1_0
#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)
#define SSL_is_server(s) (s->server)
#define SSL_up_ref(ssl) CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
#define X509_up_ref(c) CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
@@ -47,11 +47,6 @@ static int lsec_socket_error()
#if defined(WIN32)
return WSAGetLastError();
#else
#if defined(LSEC_OPENSSL_ERRNO_BUG)
// Bug in OpenSSL
if (errno == 0)
return LSEC_IO_SSL;
#endif
return errno;
#endif
}
@@ -529,58 +524,6 @@ static int meth_getpeercertificate(lua_State *L)
return 1;
}
/**
* Return the nth certificate of the chain sent to our peer.
*/
static int meth_getlocalcertificate(lua_State *L)
{
int n;
X509 *cert;
STACK_OF(X509) *certs;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
/* Default to the first cert */
n = (int)luaL_optinteger(L, 2, 1);
/* This function is 1-based, but OpenSSL is 0-based */
--n;
if (n < 0) {
lua_pushnil(L);
lua_pushliteral(L, "invalid certificate index");
return 2;
}
if (n == 0) {
cert = SSL_get_certificate(ssl->ssl);
if (cert)
lsec_pushx509(L, cert);
else
lua_pushnil(L);
return 1;
}
/* In a server-context, the stack doesn't contain the peer cert,
* so adjust accordingly.
*/
if (SSL_is_server(ssl->ssl))
--n;
if(SSL_get0_chain_certs(ssl->ssl, &certs) != 1) {
lua_pushnil(L);
} else {
if (n >= sk_X509_num(certs)) {
lua_pushnil(L);
return 1;
}
cert = sk_X509_value(certs, n);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
X509_up_ref(cert);
lsec_pushx509(L, cert);
}
return 1;
}
/**
* Return the chain of certificate of the peer.
*/
@@ -615,41 +558,6 @@ static int meth_getpeerchain(lua_State *L)
return 1;
}
/**
* Return the chain of certificates sent to the peer.
*/
static int meth_getlocalchain(lua_State *L)
{
int i;
int idx = 1;
int n_certs;
X509 *cert;
STACK_OF(X509) *certs;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
lua_newtable(L);
if (SSL_is_server(ssl->ssl)) {
lsec_pushx509(L, SSL_get_certificate(ssl->ssl));
lua_rawseti(L, -2, idx++);
}
if(SSL_get0_chain_certs(ssl->ssl, &certs)) {
n_certs = sk_X509_num(certs);
for (i = 0; i < n_certs; i++) {
cert = sk_X509_value(certs, i);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
X509_up_ref(cert);
lsec_pushx509(L, cert);
lua_rawseti(L, -2, idx++);
}
}
return 1;
}
/**
* Copy the table src to the table dst.
*/
@@ -757,41 +665,6 @@ static int meth_getpeerfinished(lua_State *L)
return 1;
}
/**
* Get some shared keying material
*/
static int meth_exportkeyingmaterial(lua_State *L)
{
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if(ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 0;
}
size_t llen = 0;
size_t contextlen = 0;
const unsigned char *context = NULL;
const char *label = (const char*)luaL_checklstring(L, 2, &llen);
size_t olen = (size_t)luaL_checkinteger(L, 3);
if (!lua_isnoneornil(L, 4))
context = (const unsigned char*)luaL_checklstring(L, 4, &contextlen);
/* Temporary buffer memory-managed by Lua itself */
unsigned char *out = (unsigned char*)lua_newuserdata(L, olen);
if(SSL_export_keying_material(ssl->ssl, out, olen, label, llen, context, contextlen, context != NULL) != 1) {
lua_pushnil(L);
lua_pushstring(L, "error exporting keying material");
return 2;
}
lua_pushlstring(L, (char*)out, olen);
return 1;
}
/**
* Object information -- tostring metamethod
*/
@@ -868,8 +741,6 @@ static int sni_cb(SSL *ssl, int *ad, void *arg)
lua_pop(L, 4);
/* Found, use this context */
if (newctx) {
p_context pctx = (p_context)SSL_CTX_get_app_data(newctx);
pctx->L = L;
SSL_set_SSL_CTX(ssl, newctx);
return SSL_TLSEXT_ERR_OK;
}
@@ -947,7 +818,7 @@ static int meth_getalpn(lua_State *L)
static int meth_copyright(lua_State *L)
{
lua_pushstring(L, "LuaSec 1.3.2 - Copyright (C) 2006-2023 Bruno Silvestre, UFG"
lua_pushstring(L, "LuaSec 0.8.1 - Copyright (C) 2006-2019 Bruno Silvestre, UFG"
#if defined(WITH_LUASOCKET)
"\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
#endif
@@ -955,34 +826,6 @@ static int meth_copyright(lua_State *L)
return 1;
}
#if defined(LSEC_ENABLE_DANE)
static int meth_dane(lua_State *L)
{
int ret;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
ret = SSL_dane_enable(ssl->ssl, luaL_checkstring(L, 2));
lua_pushboolean(L, (ret > 0));
return 1;
}
static int meth_tlsa(lua_State *L)
{
int ret;
size_t len;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
uint8_t usage = (uint8_t)luaL_checkinteger(L, 2);
uint8_t selector = (uint8_t)luaL_checkinteger(L, 3);
uint8_t mtype = (uint8_t)luaL_checkinteger(L, 4);
unsigned char *data = (unsigned char*)luaL_checklstring(L, 5, &len);
ERR_clear_error();
ret = SSL_dane_tlsa_add(ssl->ssl, usage, selector, mtype, data, len);
lua_pushboolean(L, (ret > 0));
return 1;
}
#endif
/*---------------------------------------------------------------------------*/
/**
@@ -994,12 +837,9 @@ static luaL_Reg methods[] = {
{"getfd", meth_getfd},
{"getfinished", meth_getfinished},
{"getpeercertificate", meth_getpeercertificate},
{"getlocalcertificate", meth_getlocalcertificate},
{"getpeerchain", meth_getpeerchain},
{"getlocalchain", meth_getlocalchain},
{"getpeerverification", meth_getpeerverification},
{"getpeerfinished", meth_getpeerfinished},
{"exportkeyingmaterial",meth_exportkeyingmaterial},
{"getsniname", meth_getsniname},
{"getstats", meth_getstats},
{"setstats", meth_setstats},
@@ -1010,10 +850,6 @@ static luaL_Reg methods[] = {
{"settimeout", meth_settimeout},
{"sni", meth_sni},
{"want", meth_want},
#if defined(LSEC_ENABLE_DANE)
{"setdane", meth_dane},
{"settlsa", meth_tlsa},
#endif
{NULL, NULL}
};
@@ -1021,7 +857,6 @@ static luaL_Reg methods[] = {
* SSL metamethods.
*/
static luaL_Reg meta[] = {
{"__close", meth_destroy},
{"__gc", meth_destroy},
{"__tostring", meth_tostring},
{NULL, NULL}
@@ -1045,7 +880,6 @@ static luaL_Reg funcs[] = {
*/
LSEC_API int luaopen_ssl_core(lua_State *L)
{
#ifndef LSEC_API_OPENSSL_1_1_0
/* Initialize SSL */
if (!SSL_library_init()) {
lua_pushstring(L, "unable to initialize SSL library");
@@ -1053,7 +887,6 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
}
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
#endif
#if defined(WITH_LUASOCKET)
/* Initialize internal library */
@@ -1072,7 +905,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
luaL_newlib(L, funcs);
lua_pushstring(L, "SOCKET_INVALID");
lua_pushinteger(L, SOCKET_INVALID);
lua_pushnumber(L, SOCKET_INVALID);
lua_rawset(L, -3);
return 1;

4
src/ssl.h
View File

@@ -2,9 +2,9 @@
#define LSEC_SSL_H
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2006-2023 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/

42
src/ssl.lua
View File

@@ -1,7 +1,7 @@
------------------------------------------------------------------------------
-- LuaSec 1.3.2
-- LuaSec 0.8.1
--
-- Copyright (C) 2006-2023 Bruno Silvestre
-- Copyright (C) 2006-2019 Bruno Silvestre
--
------------------------------------------------------------------------------
@@ -201,41 +201,6 @@ local function newcontext(cfg)
if not succ then return nil, msg end
end
-- PSK
if config.capabilities.psk and cfg.psk then
if cfg.mode == "client" then
if type(cfg.psk) ~= "function" then
return nil, "invalid PSK configuration"
end
succ = context.setclientpskcb(ctx, cfg.psk)
if not succ then return nil, msg end
elseif cfg.mode == "server" then
if type(cfg.psk) == "function" then
succ, msg = context.setserverpskcb(ctx, cfg.psk)
if not succ then return nil, msg end
elseif type(cfg.psk) == "table" then
if type(cfg.psk.hint) == "string" and type(cfg.psk.callback) == "function" then
succ, msg = context.setpskhint(ctx, cfg.psk.hint)
if not succ then return succ, msg end
succ = context.setserverpskcb(ctx, cfg.psk.callback)
if not succ then return succ, msg end
else
return nil, "invalid PSK configuration"
end
else
return nil, "invalid PSK configuration"
end
end
end
if config.capabilities.dane and cfg.dane then
if type(cfg.dane) == "table" then
context.setdane(ctx, unpack(cfg.dane))
else
context.setdane(ctx)
end
end
return ctx
end
@@ -302,9 +267,8 @@ core.setmethod("info", info)
--
local _M = {
_VERSION = "1.3.2",
_VERSION = "0.8.1",
_COPYRIGHT = core.copyright(),
config = config,
loadcertificate = x509.load,
newcontext = newcontext,
wrap = wrap,

63
src/x509.c
View File

@@ -1,8 +1,8 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
* Copyright (C) 2014-2023 Bruno Silvestre
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
* Matthew Wild, Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
@@ -33,12 +33,16 @@
#include "x509.h"
#ifndef LSEC_API_OPENSSL_1_1_0
#define X509_get0_notBefore X509_get_notBefore
#define X509_get0_notAfter X509_get_notAfter
#define ASN1_STRING_get0_data ASN1_STRING_data
/*
* ASN1_STRING_data is deprecated in OpenSSL 1.1.0
*/
#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
#else
#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
#endif
static const char* hex_tab = "0123456789abcdef";
/**
@@ -153,7 +157,8 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
}
switch (encode) {
case LSEC_AI5_STRING:
lua_pushlstring(L, (char*)ASN1_STRING_get0_data(string), ASN1_STRING_length(string));
lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
ASN1_STRING_length(string));
break;
case LSEC_UTF8_STRING:
len = ASN1_STRING_to_UTF8(&data, string);
@@ -169,7 +174,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
/**
* Return a human readable time.
*/
static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
{
char *tmp;
long size;
@@ -188,7 +193,7 @@ static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
{
int af;
char dst[INET6_ADDRSTRLEN];
unsigned char *ip = (unsigned char*)ASN1_STRING_get0_data(string);
unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
switch(ASN1_STRING_length(string)) {
case 4:
af = AF_INET;
@@ -485,13 +490,10 @@ static int meth_digest(lua_State* L)
*/
static int meth_valid_at(lua_State* L)
{
int nb, na;
X509* cert = lsec_checkx509(L, 1);
time_t time = luaL_checkinteger(L, 2);
nb = X509_cmp_time(X509_get0_notBefore(cert), &time);
time -= 1;
na = X509_cmp_time(X509_get0_notAfter(cert), &time);
lua_pushboolean(L, nb == -1 && na == 1);
lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time) >= 0
&& X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
return 1;
}
@@ -519,7 +521,7 @@ static int meth_serial(lua_State *L)
static int meth_notbefore(lua_State *L)
{
X509* cert = lsec_checkx509(L, 1);
return push_asn1_time(L, X509_get0_notBefore(cert));
return push_asn1_time(L, X509_get_notBefore(cert));
}
/**
@@ -528,7 +530,7 @@ static int meth_notbefore(lua_State *L)
static int meth_notafter(lua_State *L)
{
X509* cert = lsec_checkx509(L, 1);
return push_asn1_time(L, X509_get0_notAfter(cert));
return push_asn1_time(L, X509_get_notAfter(cert));
}
/**
@@ -621,11 +623,7 @@ cleanup:
*/
static int meth_destroy(lua_State* L)
{
p_x509 px = lsec_checkp_x509(L, 1);
if (px->cert) {
X509_free(px->cert);
px->cert = NULL;
}
X509_free(lsec_checkx509(L, 1));
return 0;
}
@@ -655,23 +653,6 @@ static int meth_set_encode(lua_State* L)
return 1;
}
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
/**
* Get signature name.
*/
static int meth_get_signature_name(lua_State* L)
{
p_x509 px = lsec_checkp_x509(L, 1);
int nid = X509_get_signature_nid(px->cert);
const char *name = OBJ_nid2sn(nid);
if (!name)
lua_pushnil(L);
else
lua_pushstring(L, name);
return 1;
}
#endif
/*---------------------------------------------------------------------------*/
static int load_cert(lua_State* L)
@@ -700,9 +681,6 @@ static luaL_Reg methods[] = {
{"digest", meth_digest},
{"setencode", meth_set_encode},
{"extensions", meth_extensions},
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
{"getsignaturename", meth_get_signature_name},
#endif
{"issuer", meth_issuer},
{"notbefore", meth_notbefore},
{"notafter", meth_notafter},
@@ -719,7 +697,6 @@ static luaL_Reg methods[] = {
* X509 metamethods.
*/
static luaL_Reg meta[] = {
{"__close", meth_destroy},
{"__gc", meth_destroy},
{"__tostring", meth_tostring},
{NULL, NULL}

6
src/x509.h
View File

@@ -1,8 +1,8 @@
/*--------------------------------------------------------------------------
* LuaSec 1.3.2
* LuaSec 0.8.1
*
* Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
* Copyright (C) 2013-2023 Bruno Silvestre
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
* Matthew Wild, Bruno Silvestre.
*
*--------------------------------------------------------------------------*/