diff options
| author |   daurnimator <quae@daurnimator.com>
| 2017-04-03 15:53:49 +1000 |
|---|---|---|
| committer | daurnimator <quae@daurnimator.com>
| 2017-04-03 15:54:24 +1000 |
| commit | 590d368daeb400515c82b2d99ddcdf14607f9353 (patch) | |
| tree | 02ccfbb791c934f976a21ced2485c10f780d3ac7 | |
| parent | f2f0f09caef1925a4ff731a6feed35b8f355b169 (diff) | |
| parent | 3c49837d05b6fad0f1212a27e81e8ffc868eedfb (diff) | |
| download | luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.gz luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.tar.bz2 luaossl-590d368daeb400515c82b2d99ddcdf14607f9353.zip | |
Merge commit '3c49837d05b6fad0f1212a27e81e8ffc868eedfb'
This contains portions of #90
| -rw-r--r-- | doc/luaossl.pdf | bin | 289975 -> 268918 bytes | |||
| -rw-r--r-- | doc/luaossl.tex | 13 | ||||
| -rw-r--r-- | src/openssl.c | 92 |
3 files changed, 103 insertions, 2 deletions
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf Binary files differindex 6a20f27..b015a6a 100644 --- a/doc/luaossl.pdf +++ b/doc/luaossl.pdf diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 7db7463..0675e62 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex @@ -286,8 +286,13 @@ field & type:default & description\\\hline .exp & number:65537 & RSA or Diffie-Hellman exponent \\ +.dhparam & string & PEM encoded string with precomputed DH parameters \\ + .curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve \end{ctabular} + +The DH parameters ``dhparam'' will be generated on the fly, ``bits'' wide. This is a slow process, and especially for larger sizes, you would precompute those; for example: ``openssl dhparam -2 -out dh-2048.pem -outform PEM 2048''. Using the field ``dhparam'' overrides the ``bits'' field. + \subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}} Add or interpose a pkey class method. Returns the previous method, if any. @@ -688,6 +693,10 @@ Returns the integer count of the number of extensions. Signs the instance CRL using the \module{openssl.pkey} $key$. +\subsubsection[\fn{crl:verify}]{\fn{crl:verify($publickey$)}} + +Verifies the instance CRL using a public key. + \subsubsection[\fn{crl:text}]{\fn{crl:text()}} Returns a human-readable textual representation of the instance CRL. @@ -763,6 +772,10 @@ Add or interpose a store class method. Returns the previous method, if any. Returns a PKCS \#12 binary encoded string. +\subsubsection[\fn{pkcs12.parse}]{\fn{pkcs12.parse($bag$[, $passphrase$])}} + +Parses a PKCS\#12 bag, presented as a binary string $bag$. The second parameter $passphrase$ is the passphrase required to decrypt the PKCS\#12 bag. The function returns three items; namely the key, certificate and the CA chain, as their respective objects. If an item is absent, it will be substituted with nil. + \end{Module} diff --git a/src/openssl.c b/src/openssl.c index fa7dd79..0ba7825 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -3062,6 +3062,7 @@ static int pk_new(lua_State *L) { unsigned exp = 65537; int curve = NID_X9_62_prime192v1; const char *id; + const char *dhparam = NULL; lua_Number n; if (!lua_istable(L, 1)) @@ -3103,6 +3104,9 @@ static int pk_new(lua_State *L) { luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); } + /* dhparam field can contain a PEM encoded string. */ + loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam); + creat: if (!(*ud = EVP_PKEY_new())) return auxL_error(L, auxL_EOPENSSL, "pkey.new"); @@ -3140,9 +3144,23 @@ creat: case EVP_PKEY_DH: { DH *dh; - if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) + /* DH Parameter Generation can take a long time, therefore we look + * at the "dhparam" field, provided by the user. + * The "dhparam" field takes precedence over "bits" + */ + if (dhparam) { + BIO *bio = BIO_new_mem_buf((void*)dhparam, strlen(dhparam)); + if (!bio) + return auxL_error(L, auxL_EOPENSSL, "pkey.new"); + + dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + BIO_free(bio); + if (!dh) + return auxL_error(L, auxL_EOPENSSL, "pkey.new"); + } else if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) return auxL_error(L, auxL_EOPENSSL, "pkey.new"); + if (!DH_generate_key(dh)) { DH_free(dh); return auxL_error(L, auxL_EOPENSSL, "pkey.new"); @@ -6630,7 +6648,7 @@ static int xx_getNextUpdate(lua_State *L) { updateby = timeutc(time); if (isfinite(updateby)) - lua_pushnumber(L, 1); + lua_pushnumber(L, updateby); else lua_pushnil(L); @@ -6820,6 +6838,19 @@ static int xx_sign(lua_State *L) { } /* xx_sign() */ +static int xx_verify(lua_State *L) { + X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); + EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); + + if (!X509_CRL_verify(crl, key)) + return auxL_error(L, auxL_EOPENSSL, "x509.crl:verify"); + + lua_pushboolean(L, 1); + + return 1; +} /* xx_verify() */ + + static int xx_text(lua_State *L) { X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); @@ -6889,6 +6920,7 @@ static const auxL_Reg xx_methods[] = { { "getExtension", &xx_getExtension }, { "getExtensionCount", &xx_getExtensionCount }, { "sign", &xx_sign }, + { "verify", &xx_verify }, { "text", &xx_text }, { "tostring", &xx__tostring }, { NULL, NULL }, @@ -7416,6 +7448,61 @@ static int p12_interpose(lua_State *L) { } /* p12_interpose() */ +static int p12_parse(lua_State *L) { + /* parse a p12 binary string and return the parts */ + + EVP_PKEY *pkey; + X509 *cert; + STACK_OF(X509) *ca = NULL; + PKCS12 *p12; + + /* gather input parameters */ + size_t len; + const char *blob = luaL_checklstring(L, 1, &len); + const char *passphrase = luaL_optstring(L, 2, NULL); + + /* prepare return values */ + EVP_PKEY **ud_pkey = prepsimple(L, PKEY_CLASS); + X509 **ud_cert = prepsimple(L, X509_CERT_CLASS); + STACK_OF(X509) **ud_chain = prepsimple(L, X509_CHAIN_CLASS); + /* Note: *ud_chain must be initialised to NULL, which prepsimple does. */ + + /* read PKCS#12 data into OpenSSL memory buffer */ + BIO *bio = BIO_new_mem_buf((void*)blob, len); + if (!bio) + return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse"); + p12 = d2i_PKCS12_bio(bio, NULL); + BIO_free(bio); + if (!p12) + return auxL_error(L, auxL_EOPENSSL, "pkcs12.parse"); + + /* the p12 pointer holds the data we're interested in */ + int rc = PKCS12_parse(p12, passphrase, ud_pkey, ud_cert, ud_chain); + PKCS12_free(p12); + if (!rc) + auxL_error(L, auxL_EOPENSSL, "pkcs12.parse"); + + /* replace the return values by nil if the ud pointers are NULL */ + if (*ud_pkey == NULL) { + lua_pushnil(L); + lua_replace(L, -4); + } + + if (*ud_cert == NULL) { + lua_pushnil(L); + lua_replace(L, -3); + } + + /* other certificates (a chain, STACK_OF(X509) *) */ + if (*ud_chain == NULL) { + lua_pop(L, 1); + lua_pushnil(L); + } + + return 3; +} /* p12_parse() */ + + static int p12__tostring(lua_State *L) { PKCS12 *p12 = checksimple(L, 1, PKCS12_CLASS); BIO *bio = getbio(L); @@ -7459,6 +7546,7 @@ static const auxL_Reg p12_metatable[] = { static const auxL_Reg p12_globals[] = { { "new", &p12_new }, { "interpose", &p12_interpose }, + { "parse", &p12_parse }, { NULL, NULL }, }; |