brunoos
/
luasec
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LuaSec 20120616 (unofficial) + patches

master
Matthew Wild 2013-03-30 12:21:40 +00:00
parent 908fc346d2
commit 77ac210283
64 changed files with 3560 additions and 272 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Makefile
View File

@ -2,16 +2,20 @@
LUAPATH=/usr/local/share/lua/5.1
LUACPATH=/usr/local/lib/lua/5.1
# Edit the lines below to inform new path, if necessary
#
#INCDIR=-I/usr/local/lua-5.1/include -I/usr/local/openssl-0.9.8/include
#LIBDIR=-L/usr/local/openssl-0.9.8/lib -R/usr/local/openssl-0.9.8/lib
# Compile with build-in LuaSocket's help files.
# Comment this lines if you will link with non-internal LuaSocket's help files
# and edit INCDIR and LIBDIR properly.
EXTRA=luasocket
DEFS=-DWITH_LUASOCKET
# Edit the lines below to inform new path, if necessary.
# Path below points to internal LuaSocket's help files.
INCDIR=-I.
LIBDIR=-L./luasocket
# For Mac OS X: set the system version
MACOSX_VERSION=10.4
DEFS=-DBUFFER_DEBUG
#----------------------
# Do not edit this part
@ -26,25 +30,25 @@ none:
@echo " * macosx"
install:
@cd src ; $(MAKE) LUACPATH="$(LUACPATH)" LUAPATH="$(LUAPATH)" install
@cd src && $(MAKE) LUACPATH="$(LUACPATH)" LUAPATH="$(LUAPATH)" install
linux:
@echo "---------------------"
@echo "** Build for Linux **"
@echo "---------------------"
@cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" $@
@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
bsd:
@echo "-------------------"
@echo "** Build for BSD **"
@echo "-------------------"
@cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" $@
@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
macosx:
@echo "------------------------------"
@echo "** Build for Mac OS X $(MACOSX_VERSION) **"
@echo "------------------------------"
@cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" MACVER="$(MACOSX_VERSION)" $@
@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" MACVER="$(MACOSX_VERSION)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
clean:
@cd src ; $(MAKE) clean
@cd src && $(MAKE) clean

6
luasec.sln
View File

@ -1,6 +1,6 @@
Microsoft Visual Studio Solution File, Format Version 10.00
# Visual C++ Express 2008
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}"
Microsoft Visual Studio Solution File, Format Version 11.00
# Visual C++ Express 2010
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcxproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution

BIN
luasec.suo
View File

Binary file not shown.

125
luasec.vcxproj Normal file
View File

@ -0,0 +1,125 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{A629932F-8819-4C0B-8835-CBF1FEED6376}</ProjectGuid>
<Keyword>Win32Proj</Keyword>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
</ImportGroup>
<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup>
<_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
<OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</OutDir>
<IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</IntDir>
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
<OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</OutDir>
<IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</IntDir>
<LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
<TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ssl</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<Optimization>Disabled</Optimization>
<AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua-dll9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<MinimalRebuild>true</MinimalRebuild>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>EditAndContinue</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libeay32MDd.lib;ssleay32MDd.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>$(OutDir)ssl.dll</OutputFile>
<AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
<ProgramDatabaseFile>$(OutDir)luasec.pdb</ProgramDatabaseFile>
<SubSystem>Windows</SubSystem>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
</DataExecutionPrevention>
<ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
<TargetMachine>MachineX86</TargetMachine>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua5.2\include;.\src;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;_WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASOCKET_DEBUG;WITH_LUASOCKET;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;libeay32MD.lib;ssleay32MD.lib;lua52.lib;%(AdditionalDependencies)</AdditionalDependencies>
<OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua5.2\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
<OptimizeReferences>true</OptimizeReferences>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<RandomizedBaseAddress>false</RandomizedBaseAddress>
<DataExecutionPrevention>
</DataExecutionPrevention>
<ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
<TargetMachine>MachineX86</TargetMachine>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="src\context.c" />
<ClCompile Include="src\luasocket\buffer.c" />
<ClCompile Include="src\luasocket\io.c" />
<ClCompile Include="src\luasocket\timeout.c" />
<ClCompile Include="src\luasocket\wsocket.c" />
<ClCompile Include="src\ssl.c" />
<ClCompile Include="src\x509.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="src\config.h" />
<ClInclude Include="src\context.h" />
<ClInclude Include="src\ec.h" />
<ClInclude Include="src\luasocket\buffer.h" />
<ClInclude Include="src\luasocket\io.h" />
<ClInclude Include="src\luasocket\socket.h" />
<ClInclude Include="src\luasocket\timeout.h" />
<ClInclude Include="src\luasocket\wsocket.h" />
<ClInclude Include="src\options.h" />
<ClInclude Include="src\ssl.h" />
<ClInclude Include="src\x509.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

75
luasec.vcxproj.filters Normal file
View File

@ -0,0 +1,75 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="src\x509.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\context.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\ssl.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\luasocket\wsocket.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\luasocket\buffer.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\luasocket\io.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\luasocket\timeout.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="src\x509.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\config.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\context.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\ec.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\options.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\ssl.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\wsocket.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\buffer.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\io.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\socket.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\luasocket\timeout.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

2
samples/certs/serverA.cnf
View File

@ -172,7 +172,7 @@ basicConstraints=CA:FALSE
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign

2
samples/certs/serverB.cnf
View File

@ -172,7 +172,7 @@ basicConstraints=CA:FALSE
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign

36
samples/chain/client.lua Normal file
View File

@ -0,0 +1,36 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local util = require("util")
local params = {
mode = "client",
protocol = "tlsv1",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
local conn = socket.tcp()
conn:connect("127.0.0.1", 8888)
conn = assert( ssl.wrap(conn, params) )
assert(conn:dohandshake())
util.show( conn:getpeercertificate() )
print("----------------------------------------------------------------------")
for k, cert in ipairs( conn:getpeerchain() ) do
util.show(cert)
end
local cert = conn:getpeercertificate()
print( cert )
print( cert:pem() )
conn:close()

53
samples/chain/server.lua Normal file
View File

@ -0,0 +1,53 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local util = require("util")
local params = {
mode = "server",
protocol = "tlsv1",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
local ctx = assert(ssl.newcontext(params))
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local conn = server:accept()
conn = assert( ssl.wrap(conn, ctx) )
assert( conn:dohandshake() )
util.show( conn:getpeercertificate() )
print("----------------------------------------------------------------------")
for k, cert in ipairs( conn:getpeerchain() ) do
util.show(cert)
end
local f = io.open(params.certificate)
local str = f:read("*a")
f:close()
util.show( ssl.loadcertificate(str) )
print("----------------------------------------------------------------------")
local cert = conn:getpeercertificate()
print( cert )
print( cert:digest() )
print( cert:digest("sha1") )
print( cert:digest("sha256") )
print( cert:digest("sha512") )
conn:close()
server:close()

22
samples/chain/util.lua Normal file
View File

@ -0,0 +1,22 @@
local print = print
local ipairs = ipairs
local _ENV = {}
function _ENV.show(cert)
print("Serial:", cert:serial())
print("NotBefore:", cert:notbefore())
print("NotAfter:", cert:notafter())
print("--- Issuer ---")
for k, v in ipairs(cert:issuer()) do
print(v.name .. " = " .. v.value)
end
print("--- Subject ---")
for k, v in ipairs(cert:subject()) do
print(v.name .. " = " .. v.value)
end
print("----------------------------------------------------------------------")
end
return _ENV

26
samples/dhparam/client.lua Normal file
View File

@ -0,0 +1,26 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "sslv3",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

4
samples/dhparam/params.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/sh
openssl dhparam -2 -out dh-512.pem -outform PEM 512
openssl dhparam -2 -out dh-1024.pem -outform PEM 1024

61
samples/dhparam/server.lua Normal file
View File

@ -0,0 +1,61 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local function readfile(filename)
local fd = assert(io.open(filename))
local dh = fd:read("*a")
fd:close()
return dh
end
local function dhparam_cb(export, keylength)
print("---")
print("DH Callback")
print("Export", export)
print("Key length", keylength)
print("---")
local filename
if keylength == 512 then
filename = "dh-512.pem"
elseif keylength == 1024 then
filename = "dh-1024.pem"
else
-- No key
return nil
end
return readfile(filename)
end
local params = {
mode = "server",
protocol = "sslv3",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
dhparam = dhparam_cb,
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
peer:send("oneshot test\n")
peer:close()

26
samples/digest/client.lua Normal file
View File

@ -0,0 +1,26 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "sslv3",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

44
samples/digest/server.lua Normal file
View File

@ -0,0 +1,44 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "sslv3",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
local cert = peer:getpeercertificate()
local sha1 = cert:digest("sha1")
local sha256 = cert:digest("sha256")
local sha512 = cert:digest("sha512")
print("SHA1", sha1)
print("SHA256", sha256)
print("SHA512", sha512)
peer:send("oneshot test\n")
peer:close()

33
samples/ecdh/client.lua Normal file
View File

@ -0,0 +1,33 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "sslv3",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
--
curve = "secp384r1",
}
--------------------------------------------------------------------------------
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()

40
samples/ecdh/server.lua Normal file
View File

@ -0,0 +1,40 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "sslv3",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
--
curve = "secp384r1",
}
------------------------------------------------------------------------------
local ctx = assert(ssl.newcontext(params))
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
print("--- INFO ---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
peer:close()
server:close()

26
samples/info/client.lua Normal file
View File

@ -0,0 +1,26 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "sslv3",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
print(peer:receive("*l"))
peer:close()

48
samples/info/server.lua Normal file
View File

@ -0,0 +1,48 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "sslv3",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
-- Before handshake: nil
print( peer:info() )
assert( peer:dohandshake() )
--]]
print("---")
local info = peer:info()
for k, v in pairs(info) do
print(k, v)
end
print("---")
print("-> Compression", peer:info("compression"))
peer:send("oneshot test\n")
peer:close()

2
samples/key/loadkey.lua
View File

@ -1,7 +1,7 @@
--
-- Public domain
--
require("ssl")
local ssl = require("ssl")
local pass = "foobar"
local cfg = {

4
samples/loop-gc/client.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",

4
samples/loop-gc/server.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",

4
samples/loop/client.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",

4
samples/loop/server.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",

4
samples/oneshot/client.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",

4
samples/oneshot/server.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",

29
samples/verification/fail-string/client.lua Normal file
View File

@ -0,0 +1,29 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "sslv3",
key = "../../certs/clientBkey.pem",
certificate = "../../certs/clientB.pem",
cafile = "../../certs/rootB.pem",
verify = {"none"},
options = {"all", "no_sslv2"},
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local err, msg = peer:getpeerverification()
print(err, msg)
print(peer:receive("*l"))
peer:close()

38
samples/verification/fail-string/server.lua Normal file
View File

@ -0,0 +1,38 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "sslv3",
key = "../../certs/serverAkey.pem",
certificate = "../../certs/serverA.pem",
cafile = "../../certs/rootA.pem",
verify = {"none"},
options = {"all", "no_sslv2"},
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
local err, msg = peer:getpeerverification()
print(err, msg)
peer:send("oneshot test\n")
peer:close()

40
samples/verification/fail-table/client.lua Normal file
View File

@ -0,0 +1,40 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "sslv3",
key = "../../certs/clientBkey.pem",
certificate = "../../certs/clientB.pem",
cafile = "../../certs/rootB.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
ctx:setverifyext("lsec_continue")
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert(peer:dohandshake())
--]]
local succ, errs = peer:getpeerverification()
print(succ, errs)
for i, err in pairs(errs) do
for j, msg in ipairs(err) do
print("depth = " .. i, "error = " .. msg)
end
end
print(peer:receive("*l"))
peer:close()

45
samples/verification/fail-table/server.lua Normal file
View File

@ -0,0 +1,45 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "sslv3",
key = "../../certs/serverAkey.pem",
certificate = "../../certs/serverA.pem",
cafile = "../../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
ctx:setverifyext("lsec_continue", "crl_check", "crl_check_chain")
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
local succ, errs = peer:getpeerverification()
print(succ, errs)
for i, err in pairs(errs) do
for j, msg in ipairs(err) do
print("depth = " .. i, "error = " .. msg)
end
end
peer:send("oneshot test\n")
peer:close()

29
samples/verification/success/client.lua Normal file
View File

@ -0,0 +1,29 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "sslv3",
key = "../../certs/clientAkey.pem",
certificate = "../../certs/clientA.pem",
cafile = "../../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local err, msg = peer:getpeerverification()
print(err, msg)
print(peer:receive("*l"))
peer:close()

38
samples/verification/success/server.lua Normal file
View File

@ -0,0 +1,38 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "sslv3",
key = "../../certs/serverAkey.pem",
certificate = "../../certs/serverA.pem",
cafile = "../../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
local err, msg = peer:getpeerverification()
print(err, msg)
peer:send("oneshot test\n")
peer:close()

40
samples/verify/client.lua Normal file
View File

@ -0,0 +1,40 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1",
key = "../certs/serverBkey.pem",
certificate = "../certs/serverB.pem",
cafile = "../certs/rootB.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
local ctx = assert(ssl.newcontext(params))
-- [[ Ignore error on certificate verification
ctx:setverifyext("lsec_continue")
--ctx:setverifyext("lsec_ignore_purpose")
--ctx:setverifyext(); -- Clear all flags set
--]]
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, ctx) )
assert(peer:dohandshake())
local succ, errs = peer:getpeerverification()
print(succ, errs)
for i, err in pairs(errs) do
for j, msg in ipairs(err) do
print("depth = " .. i, "error = " .. msg)
end
end
print(peer:receive("*l"))
peer:close()

45
samples/verify/server.lua Normal file
View File

@ -0,0 +1,45 @@
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "tlsv1",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = {"all", "no_sslv2"},
}
local ctx = assert(ssl.newcontext(params))
-- [[ Ignore error on certificate verification
ctx:setverifyext("lsec_continue")
--ctx:setverifyext("lsec_ignore_purpose")
--ctx:setverifyext(); -- Clear all flags set
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
local succ, errs = peer:getpeerverification()
print(succ, errs)
for i, err in pairs(errs) do
for j, msg in ipairs(err) do
print("depth = " .. i, "error = " .. msg)
end
end
peer:send("oneshot test\n")
peer:close()

4
samples/want/client.lua
View File

@ -3,8 +3,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",

4
samples/want/server.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",

4
samples/wantread/client.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",

4
samples/wantread/server.lua
View File

@ -3,8 +3,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",

4
samples/wantwrite/client.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",

4
samples/wantwrite/server.lua
View File

@ -1,8 +1,8 @@
--
-- Public domain
--
require("socket")
require("ssl")
local socket = require("socket")
local ssl = require("ssl")
print("Use Ctrl+S and Ctrl+Q to suspend and resume the server.")

36
src/Makefile
View File

@ -2,14 +2,11 @@ CMOD=ssl.so
LMOD=ssl.lua
OBJS= \
timeout.o \
buffer.o \
io.o \
usocket.o \
x509.o \
context.o \
ssl.o
LIBS=-lssl -lcrypto
LIBS=-lssl -lcrypto -lluasocket
WARN=-Wall -pedantic
@ -28,35 +25,34 @@ LD=$(MYENV) gcc
CFLAGS=$(MYCFLAGS)
LDFLAGS=$(MYLDFLAGS)
.PHONY: all clean install none linux bsd macosx
.PHONY: all clean install none linux bsd macosx luasocket
all:
install: $(CMOD) $(LMOD)
mkdir -p $(LUAPATH)/ssl
cp $(CMOD) $(LUACPATH)
cp $(LMOD) $(LUAPATH)
cp https.lua $(LUAPATH)/ssl
install -m644 -D $(CMOD) $(LUACPATH)
install -m644 -D $(LMOD) $(LUAPATH)
install -m644 -D https.lua $(LUAPATH)/ssl
linux:
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)"
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
bsd:
@$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)"
@$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)" EXTRA="$(EXTRA)"
macosx:
@$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)"
@$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)" EXTRA="$(EXTRA)"
luasocket:
@cd luasocket && $(MAKE)
$(CMOD): $(OBJS)
$(CMOD): $(EXTRA) $(OBJS)
$(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
clean:
cd luasocket && $(MAKE) clean
rm -f $(OBJS) $(CMOD)
buffer.o: buffer.c buffer.h io.h timeout.h
io.o: io.c io.h timeout.h
timeout.o: timeout.c timeout.h
usocket.o: usocket.c socket.h io.h timeout.h usocket.h
context.o: context.c context.h
ssl.o: ssl.c socket.h io.h timeout.h usocket.h buffer.h context.h context.c
x509.o: x509.c x509.h config.h
context.o: context.c context.h ec.h config.h
ssl.o: ssl.c ssl.h context.h x509.h config.h

14
src/config.h Normal file
View File

@ -0,0 +1,14 @@
#ifndef LSEC_CONFIG_H
#define LSEC_CONFIG_H
#if defined(_WIN32)
#define LSEC_API __declspec(dllexport)
#else
#define LSEC_API extern
#endif
#if (LUA_VERSION_NUM == 501)
#define lua_rawlen(L, i) lua_objlen(L, i)
#endif
#endif

396
src/context.c
View File

@ -5,8 +5,15 @@
*--------------------------------------------------------------------------*/
#include <string.h>
#if defined(WIN32)
#include <windows.h>
#endif
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <lua.h>
#include <lauxlib.h>
@ -14,6 +21,17 @@
#include "context.h"
#include "options.h"
#ifndef OPENSSL_NO_ECDH
#include <openssl/ec.h>
#include "ec.h"
#endif
#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
typedef const SSL_METHOD LSEC_SSL_METHOD;
#else
typedef SSL_METHOD LSEC_SSL_METHOD;
#endif
/*--------------------------- Auxiliary Functions ----------------------------*/
/**
@ -42,7 +60,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
/**
* Find the protocol.
*/
static SSL_METHOD* str2method(const char *method)
static LSEC_SSL_METHOD* str2method(const char *method)
{
if (!strcmp(method, "sslv3")) return SSLv3_method();
if (!strcmp(method, "tlsv1")) return TLSv1_method();
@ -84,17 +102,162 @@ static int passwd_cb(char *buf, int size, int flag, void *udata)
case LUA_TFUNCTION:
lua_pushvalue(L, 3);
lua_call(L, 0, 1);
if (lua_type(L, -1) != LUA_TSTRING)
if (lua_type(L, -1) != LUA_TSTRING) {
lua_pop(L, 1); /* Remove the result from the stack */
return 0;
}
/* fallback */
case LUA_TSTRING:
strncpy(buf, lua_tostring(L, -1), size);
lua_pop(L, 1); /* Remove the result from the stack */
buf[size-1] = '\0';
return (int)strlen(buf);
}
return 0;
}
/**
* Add an error related to a depth certificate of the chain.
*/
static void add_cert_error(lua_State *L, SSL *ssl, int err, int depth)
{
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ssl);
lua_gettable(L, -2);
if (lua_isnil(L, -1)) {
lua_pop(L, 1);
/* Create an error table for this connection */
lua_newtable(L);
lua_pushlightuserdata(L, (void*)ssl);
lua_pushvalue(L, -2); /* keep the table on stack */
lua_settable(L, -4);
}
lua_rawgeti(L, -1, depth+1);
/* If the table doesn't exist, create it */
if (lua_isnil(L, -1)) {
lua_pop(L, 1); /* remove 'nil' from stack */
lua_newtable(L);
lua_pushvalue(L, -1); /* keep the table on stack */
lua_rawseti(L, -3, depth+1);
}
lua_pushstring(L, X509_verify_cert_error_string(err));
lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
/* Clear the stack */
lua_pop(L, 3);
}
/**
* Call Lua user function to get the DH key.
*/
static DH *dhparam_cb(SSL *ssl, int is_export, int keylength)
{
BIO *bio;
lua_State *L;
DH *dh_tmp = NULL;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
L = (lua_State*)SSL_CTX_get_app_data(ctx);
/* Get the callback */
luaL_getmetatable(L, "SSL:DH:Registry");
lua_pushlightuserdata(L, (void*)ctx);
lua_gettable(L, -2);
/* Invoke the callback */
lua_pushnumber(L, is_export);
lua_pushnumber(L, keylength);
lua_call(L, 2, 1);
/* Load parameters from returned value */
if (lua_type(L, -1) != LUA_TSTRING) {
lua_pop(L, 2); /* Remove values from stack */
return NULL;
}
bio = BIO_new_mem_buf((void*)lua_tostring(L, -1),
lua_rawlen(L, -1));
if (bio) {
dh_tmp = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
}
lua_pop(L, 2); /* Remove values from stack */
return dh_tmp;
}
/**
* Set the "ignore purpose" before to start verifing the certificate chain.
*/
static int cert_verify_cb(X509_STORE_CTX *x509_ctx, void *ptr)
{
int verify;
lua_State *L;
SSL_CTX *ctx = (SSL_CTX*)ptr;
L = (lua_State*)SSL_CTX_get_app_data(ctx);
/* Get verify flags */
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ctx);
lua_gettable(L, -2);
verify = (int)lua_tonumber(L, -1);
lua_pop(L, 2); /* Remove values from stack */
if (verify & LSEC_VERIFY_IGNORE_PURPOSE) {
/* Set parameters to ignore the server purpose */
X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(x509_ctx);
if (param) {
X509_VERIFY_PARAM_set_purpose(param, X509_PURPOSE_SSL_SERVER);
X509_VERIFY_PARAM_set_trust(param, X509_TRUST_SSL_SERVER);
}
}
/* Call OpenSSL standard verification function */
return X509_verify_cert(x509_ctx);
}
/**
* This callback implements the "continue on error" flag and log the errors.
*/
static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
{
int err;
int verify;
SSL *ssl;
SSL_CTX *ctx;
lua_State *L;
/* Short-circuit optimization */
if (preverify_ok)
return 1;
ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
ctx = SSL_get_SSL_CTX(ssl);
L = (lua_State*)SSL_CTX_get_app_data(ctx);
/* Get verify flags */
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ctx);
lua_gettable(L, -2);
verify = (int)lua_tonumber(L, -1);
lua_pop(L, 2); /* Remove values from stack */
err = X509_STORE_CTX_get_error(x509_ctx);
if (err != X509_V_OK)
add_cert_error(L, ssl, err, X509_STORE_CTX_get_error_depth(x509_ctx));
return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
}
static EC_KEY *find_ec_key(const char *str)
{
p_ec ptr;
for (ptr = curves; ptr->name; ptr++) {
if (!strcmp(str, ptr->name))
return EC_KEY_new_by_curve_name(ptr->nid);
}
return NULL;
}
/*------------------------------ Lua Functions -------------------------------*/
/**
@ -103,7 +266,7 @@ static int passwd_cb(char *buf, int size, int flag, void *udata)
static int create(lua_State *L)
{
p_context ctx;
SSL_METHOD *method;
LSEC_SSL_METHOD *method;
method = str2method(luaL_checkstring(L, 1));
if (!method) {
@ -123,11 +286,15 @@ static int create(lua_State *L)
lua_pushstring(L, "error creating context");
return 2;
}
ctx->mode = MD_CTX_INVALID;
/* No session support */
SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
ctx->mode = LSEC_MODE_INVALID;
luaL_getmetatable(L, "SSL:Context");
lua_setmetatable(L, -2);
/* No session support */
SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
/* Link lua_State with the context */
SSL_CTX_set_app_data(ctx->context, (void*)L);
return 1;
}
@ -136,7 +303,7 @@ static int create(lua_State *L)
*/
static int load_locations(lua_State *L)
{
SSL_CTX *ctx = ctx_getcontext(L, 1);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
const char *cafile = luaL_optstring(L, 2, NULL);
const char *capath = luaL_optstring(L, 3, NULL);
if (SSL_CTX_load_verify_locations(ctx, cafile, capath) != 1) {
@ -154,7 +321,7 @@ static int load_locations(lua_State *L)
*/
static int load_cert(lua_State *L)
{
SSL_CTX *ctx = ctx_getcontext(L, 1);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
const char *filename = luaL_checkstring(L, 2);
if (SSL_CTX_use_certificate_chain_file(ctx, filename) != 1) {
lua_pushboolean(L, 0);
@ -172,7 +339,7 @@ static int load_cert(lua_State *L)
static int load_key(lua_State *L)
{
int ret = 1;
SSL_CTX *ctx = ctx_getcontext(L, 1);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
const char *filename = luaL_checkstring(L, 2);
switch (lua_type(L, 3)) {
case LUA_TSTRING:
@ -204,7 +371,7 @@ static int load_key(lua_State *L)
*/
static int set_cipher(lua_State *L)
{
SSL_CTX *ctx = ctx_getcontext(L, 1);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
const char *list = luaL_checkstring(L, 2);
if (SSL_CTX_set_cipher_list(ctx, list) != 1) {
lua_pushboolean(L, 0);
@ -221,7 +388,7 @@ static int set_cipher(lua_State *L)
*/
static int set_depth(lua_State *L)
{
SSL_CTX *ctx = ctx_getcontext(L, 1);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
SSL_CTX_set_verify_depth(ctx, luaL_checkint(L, 2));
lua_pushboolean(L, 1);
return 1;
@ -233,20 +400,25 @@ static int set_depth(lua_State *L)
static int set_verify(lua_State *L)
{
int i;
const char *str;
int flag = 0;
SSL_CTX *ctx = ctx_getcontext(L, 1);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
int max = lua_gettop(L);
/* any flag? */
if (max > 1) {
for (i = 2; i <= max; i++) {
if (!set_verify_flag(luaL_checkstring(L, i), &flag)) {
lua_pushboolean(L, 0);
lua_pushstring(L, "invalid verify option");
return 2;
}
for (i = 2; i <= max; i++) {
str = luaL_checkstring(L, i);
#if !defined(SSL_OP_NO_COMPRESSION) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
/* Version 0.9.8 has a different way to disable compression */
if (!strcmp(luaL_checkstring(L, i), "no_compression"))
ctx->comp_methods = NULL;
else
#endif
if (!set_verify_flag(str, &flag)) {
lua_pushboolean(L, 0);
lua_pushstring(L, "invalid verify option");
return 2;
}
SSL_CTX_set_verify(ctx, flag, NULL);
}
if (flag) SSL_CTX_set_verify(ctx, flag, NULL);
lua_pushboolean(L, 1);
return 1;
}
@ -258,7 +430,7 @@ static int set_options(lua_State *L)
{
int i;
unsigned long flag = 0L;
SSL_CTX *ctx = ctx_getcontext(L, 1);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
int max = lua_gettop(L);
/* any option? */
if (max > 1) {
@ -283,12 +455,12 @@ static int set_mode(lua_State *L)
p_context ctx = checkctx(L, 1);
const char *str = luaL_checkstring(L, 2);
if (!strcmp("server", str)) {
ctx->mode = MD_CTX_SERVER;
ctx->mode = LSEC_MODE_SERVER;
lua_pushboolean(L, 1);
return 1;
}
if(!strcmp("client", str)) {
ctx->mode = MD_CTX_CLIENT;
if (!strcmp("client", str)) {
ctx->mode = LSEC_MODE_CLIENT;
lua_pushboolean(L, 1);
return 1;
}
@ -298,29 +470,68 @@ static int set_mode(lua_State *L)
}
/**
* Return a pointer to SSL_CTX structure.
* Configure DH parameters.
*/
static int raw_ctx(lua_State *L)
static int set_dhparam(lua_State *L)
{
p_context ctx = checkctx(L, 1);
lua_pushlightuserdata(L, (void*)ctx->context);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
SSL_CTX_set_tmp_dh_callback(ctx, dhparam_cb);
/* Save callback */
luaL_getmetatable(L, "SSL:DH:Registry");
lua_pushlightuserdata(L, (void*)ctx);
lua_pushvalue(L, 2);
lua_settable(L, -3);
return 0;
}
/**
* Set elliptic curve.
*/
#ifdef OPENSSL_NO_ECDH
static int set_curve(lua_State *L)
{
lua_pushboolean(L, 0);
lua_pushstring(L, "OpenSSL does not support ECDH");
return 2;
}
#else
static int set_curve(lua_State *L)
{
SSL_CTX *ctx = lsec_checkcontext(L, 1);
const char *str = luaL_checkstring(L, 2);
EC_KEY *key = find_ec_key(str);
if (!key) {
lua_pushboolean(L, 0);
lua_pushstring(L, "elliptic curve not supported");
return 2;
}
if (!SSL_CTX_set_tmp_ecdh(ctx, key)) {
lua_pushboolean(L, 0);
lua_pushstring(L, "error setting elliptic curve");
return 2;
}
lua_pushboolean(L, 1);
return 1;
}
#endif
/**
* Package functions
*/
static luaL_Reg funcs[] = {
{"create", create},
{"locations", load_locations},
{"loadcert", load_cert},
{"loadkey", load_key},
{"setcipher", set_cipher},
{"setdepth", set_depth},
{"setverify", set_verify},
{"setoptions", set_options},
{"setmode", set_mode},
{"rawcontext", raw_ctx},
{"create", create},
{"locations", load_locations},
{"loadcert", load_cert},
{"loadkey", load_key},
{"setcipher", set_cipher},
{"setdepth", set_depth},
{"setdhparam", set_dhparam},
{"setcurve", set_curve},
{"setverify", set_verify},
{"setoptions", set_options},
{"setmode", set_mode},
{NULL, NULL}
};
@ -333,6 +544,16 @@ static int meth_destroy(lua_State *L)
{
p_context ctx = checkctx(L, 1);
if (ctx->context) {
/* Clear registries */
luaL_getmetatable(L, "SSL:DH:Registry");
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushnil(L);
lua_settable(L, -3);
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ctx->context);
lua_pushnil(L);
lua_settable(L, -3);
SSL_CTX_free(ctx->context);
ctx->context = NULL;
}
@ -349,6 +570,60 @@ static int meth_tostring(lua_State *L)
return 1;
}
/**
* Set extra flags for handshake verification.
*/
static int meth_set_verify_ext(lua_State *L)
{
int i;
const char *str;
int crl_flag = 0;
int lsec_flag = 0;
SSL_CTX *ctx = lsec_checkcontext(L, 1);
int max = lua_gettop(L);
for (i = 2; i <= max; i++) {
str = luaL_checkstring(L, i);
if (!strcmp(str, "lsec_continue")) {
lsec_flag |= LSEC_VERIFY_CONTINUE;
} else if (!strcmp(str, "lsec_ignore_purpose")) {
lsec_flag |= LSEC_VERIFY_IGNORE_PURPOSE;
} else if (!strcmp(str, "crl_check")) {
crl_flag |= X509_V_FLAG_CRL_CHECK;
} else if (!strcmp(str, "crl_check_chain")) {
crl_flag |= X509_V_FLAG_CRL_CHECK_ALL;
} else {
lua_pushboolean(L, 0);
lua_pushstring(L, "invalid verify option");
return 2;
}
}
/* Set callback? */
if (lsec_flag) {
SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(ctx), verify_cb);
SSL_CTX_set_cert_verify_callback(ctx, cert_verify_cb, (void*)ctx);
/* Save flag */
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ctx);
lua_pushnumber(L, lsec_flag);
lua_settable(L, -3);
} else {
SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(ctx), NULL);
SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
/* Remove flag */
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ctx);
lua_pushnil(L);
lua_settable(L, -3);
}
/* X509 flag */
X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), crl_flag);
/* Ok */
lua_pushboolean(L, 1);
return 1;
}
/**
* Context metamethods.
*/
@ -358,13 +633,21 @@ static luaL_Reg meta[] = {
{NULL, NULL}
};
/**
* Index metamethods.
*/
static luaL_Reg meta_index[] = {
{"setverifyext", meth_set_verify_ext},
{NULL, NULL}
};
/*----------------------------- Public Functions ---------------------------*/
/**
* Retrieve the SSL context from the Lua stack.
*/
SSL_CTX* ctx_getcontext(lua_State *L, int idx)
SSL_CTX* lsec_checkcontext(lua_State *L, int idx)
{
p_context ctx = checkctx(L, idx);
return ctx->context;
@ -373,7 +656,7 @@ SSL_CTX* ctx_getcontext(lua_State *L, int idx)
/**
* Retrieve the mode from the context in the Lua stack.
*/
char ctx_getmode(lua_State *L, int idx)
int lsec_getmode(lua_State *L, int idx)
{
p_context ctx = checkctx(L, idx);
return ctx->mode;
@ -384,10 +667,39 @@ char ctx_getmode(lua_State *L, int idx)
/**
* Registre the module.
*/
int luaopen_ssl_context(lua_State *L)
#if (LUA_VERSION_NUM == 501)
LSEC_API int luaopen_ssl_context(lua_State *L)
{
luaL_newmetatable(L, "SSL:DH:Registry"); /* Keep all DH callbacks */
luaL_newmetatable(L, "SSL:Verify:Registry"); /* Keep all verify flags */
luaL_newmetatable(L, "SSL:Context");
luaL_register(L, NULL, meta);
/* Create __index metamethods for context */
lua_newtable(L);
luaL_register(L, NULL, meta_index);
lua_setfield(L, -2, "__index");
/* Register the module */
luaL_register(L, "ssl.context", funcs);
return 1;
}
#else
LSEC_API int luaopen_ssl_context(lua_State *L)
{
luaL_newmetatable(L, "SSL:DH:Registry"); /* Keep all DH callbacks */
luaL_newmetatable(L, "SSL:Verify:Registry"); /* Keep all verify flags */
luaL_newmetatable(L, "SSL:Context");
luaL_setfuncs(L, meta, 0);
/* Create __index metamethods for context */
lua_newtable(L);
luaL_setfuncs(L, meta_index, 0);
lua_setfield(L, -2, "__index");
/* Return the module */
lua_newtable(L);
luaL_setfuncs(L, funcs, 0);
return 1;
}
#endif

28
src/context.h
View File

@ -1,5 +1,5 @@
#ifndef __CONTEXT_H__
#define __CONTEXT_H__
#ifndef LSEC_CONTEXT_H
#define LSEC_CONTEXT_H
/*--------------------------------------------------------------------------
* LuaSec 0.4.1
@ -10,28 +10,28 @@
#include <lua.h>
#include <openssl/ssl.h>
#if defined(_WIN32)
#define LUASEC_API __declspec(dllexport)
#else
#define LUASEC_API extern
#endif
#include "config.h"
#define MD_CTX_INVALID 0
#define MD_CTX_SERVER 1
#define MD_CTX_CLIENT 2
#define LSEC_MODE_INVALID 0
#define LSEC_MODE_SERVER 1
#define LSEC_MODE_CLIENT 2
#define LSEC_VERIFY_CONTINUE 1
#define LSEC_VERIFY_IGNORE_PURPOSE 2
typedef struct t_context_ {
SSL_CTX *context;
char mode;
int mode;
} t_context;
typedef t_context* p_context;
/* Retrieve the SSL context from the Lua stack */
SSL_CTX *ctx_getcontext(lua_State *L, int idx);
SSL_CTX *lsec_checkcontext(lua_State *L, int idx);
/* Retrieve the mode from the context in the Lua stack */
char ctx_getmode(lua_State *L, int idx);
int lsec_getmode(lua_State *L, int idx);
/* Registre the module. */
LUASEC_API int luaopen_ssl_context(lua_State *L);
LSEC_API int luaopen_ssl_context(lua_State *L);
#endif

58
src/ec.h Normal file
View File

@ -0,0 +1,58 @@
#ifndef LSEC_EC_H
#define LSEC_EC_H
#include <openssl/objects.h>
typedef struct t_ec_ {
char *name;
int nid;
} t_ec;
typedef t_ec* p_ec;
/* Elliptic curves supported */
static t_ec curves[] = {
/* SECG */
{"secp112r1", NID_secp112r1},
{"secp112r2", NID_secp112r2},
{"secp128r1", NID_secp128r1},
{"secp128r2", NID_secp128r2},
{"secp160k1", NID_secp160k1},
{"secp160r1", NID_secp160r1},
{"secp160r2", NID_secp160r2},
{"secp192k1", NID_secp192k1},
{"secp224k1", NID_secp224k1},
{"secp224r1", NID_secp224r1},
{"secp256k1", NID_secp256k1},
{"secp384r1", NID_secp384r1},
{"secp521r1", NID_secp521r1},
{"sect113r1", NID_sect113r1},
{"sect113r2", NID_sect113r2},
{"sect131r1", NID_sect131r1},
{"sect131r2", NID_sect131r2},
{"sect163k1", NID_sect163k1},
{"sect163r1", NID_sect163r1},
{"sect163r2", NID_sect163r2},
{"sect193r1", NID_sect193r1},
{"sect193r2", NID_sect193r2},
{"sect233k1", NID_sect233k1},
{"sect233r1", NID_sect233r1},
{"sect239k1", NID_sect239k1},
{"sect283k1", NID_sect283k1},
{"sect283r1", NID_sect283r1},
{"sect409k1", NID_sect409k1},
{"sect409r1", NID_sect409r1},
{"sect571k1", NID_sect571k1},
{"sect571r1", NID_sect571r1},
/* ANSI X9.62 */
{"prime192v1", NID_X9_62_prime192v1},
{"prime192v2", NID_X9_62_prime192v2},
{"prime192v3", NID_X9_62_prime192v3},
{"prime239v1", NID_X9_62_prime239v1},
{"prime239v2", NID_X9_62_prime239v2},
{"prime239v3", NID_X9_62_prime239v3},
{"prime256v1", NID_X9_62_prime256v1},
/* End */
{NULL, 0U}
};
#endif

24
src/luasocket/Makefile Normal file
View File

@ -0,0 +1,24 @@
OBJS= \
io.o \
buffer.o \
timeout.o \
usocket.o
CC=gcc
CFLAGS=$(MYCFLAGS) -DLUASOCKET_DEBUG
.PHONY: all clean
all: libluasocket.a
libluasocket.a: $(OBJS)
ar rcu $@ $(OBJS)
ranlib $@
clean:
rm -f $(OBJS) libluasocket.a
buffer.o: buffer.c buffer.h io.h timeout.h
io.o: io.c io.h timeout.h
timeout.o: timeout.c timeout.h
usocket.o: usocket.c socket.h io.h timeout.h usocket.h

237
src/luasocket/buffer.c Normal file
View File

@ -0,0 +1,237 @@
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Input/Output interface for Lua programs
*
* RCS ID: $Id: buffer.c,v 1.28 2007/06/11 23:44:54 diego Exp $
\*=========================================================================*/
#include "lua.h"
#include "lauxlib.h"
#include "buffer.h"
/*=========================================================================*\
* Internal function prototypes
\*=========================================================================*/
static int recvraw(p_buffer buf, size_t wanted, luaL_Buffer *b);
static int recvline(p_buffer buf, luaL_Buffer *b);
static int recvall(p_buffer buf, luaL_Buffer *b);
static int buffer_get(p_buffer buf, const char **data, size_t *count);
static void buffer_skip(p_buffer buf, size_t count);
static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent);
/* min and max macros */
#ifndef MIN
#define MIN(x, y) ((x) < (y) ? x : y)
#endif
#ifndef MAX
#define MAX(x, y) ((x) > (y) ? x : y)
#endif
/*=========================================================================*\
* Exported functions
\*=========================================================================*/
/*-------------------------------------------------------------------------*\
* Initializes C structure
\*-------------------------------------------------------------------------*/
void buffer_init(p_buffer buf, p_io io, p_timeout tm) {
buf->first = buf->last = 0;
buf->io = io;
buf->tm = tm;
}
/*-------------------------------------------------------------------------*\
* object:send() interface
\*-------------------------------------------------------------------------*/
int buffer_meth_send(lua_State *L, p_buffer buf) {
int top = lua_gettop(L);
int err = IO_DONE;
size_t size = 0, sent = 0;
const char *data = luaL_checklstring(L, 2, &size);
long start = (long) luaL_optnumber(L, 3, 1);
long end = (long) luaL_optnumber(L, 4, -1);
p_timeout tm = timeout_markstart(buf->tm);
if (start < 0) start = (long) (size+start+1);
if (end < 0) end = (long) (size+end+1);
if (start < 1) start = (long) 1;
if (end > (long) size) end = (long) size;
if (start <= end) err = sendraw(buf, data+start-1, end-start+1, &sent);
/* check if there was an error */
if (err != IO_DONE) {
lua_pushnil(L);
lua_pushstring(L, buf->io->error(buf->io->ctx, err));
lua_pushnumber(L, sent+start-1);
} else {
lua_pushnumber(L, sent+start-1);
lua_pushnil(L);
lua_pushnil(L);
}
#ifdef LUASOCKET_DEBUG
/* push time elapsed during operation as the last return value */
lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
#endif
return lua_gettop(L) - top;
}
/*-------------------------------------------------------------------------*\
* object:receive() interface
\*-------------------------------------------------------------------------*/
int buffer_meth_receive(lua_State *L, p_buffer buf) {
int err = IO_DONE, top = lua_gettop(L);
luaL_Buffer b;
size_t size;
const char *part = luaL_optlstring(L, 3, "", &size);
p_timeout tm = timeout_markstart(buf->tm);
/* initialize buffer with optional extra prefix
* (useful for concatenating previous partial results) */
luaL_buffinit(L, &b);
luaL_addlstring(&b, part, size);
/* receive new patterns */
if (!lua_isnumber(L, 2)) {
const char *p= luaL_optstring(L, 2, "*l");
if (p[0] == '*' && p[1] == 'l') err = recvline(buf, &b);
else if (p[0] == '*' && p[1] == 'a') err = recvall(buf, &b);
else luaL_argcheck(L, 0, 2, "invalid receive pattern");
/* get a fixed number of bytes (minus what was already partially
* received) */
} else err = recvraw(buf, (size_t) lua_tonumber(L, 2)-size, &b);
/* check if there was an error */
if (err != IO_DONE) {
/* we can't push anyting in the stack before pushing the
* contents of the buffer. this is the reason for the complication */
luaL_pushresult(&b);
lua_pushstring(L, buf->io->error(buf->io->ctx, err));
lua_pushvalue(L, -2);
lua_pushnil(L);
lua_replace(L, -4);
} else {
luaL_pushresult(&b);
lua_pushnil(L);
lua_pushnil(L);
}
#ifdef LUASOCKET_DEBUG
/* push time elapsed during operation as the last return value */
lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
#endif
return lua_gettop(L) - top;
}
/*-------------------------------------------------------------------------*\
* Determines if there is any data in the read buffer
\*-------------------------------------------------------------------------*/
int buffer_isempty(p_buffer buf) {
return buf->first >= buf->last;
}
/*=========================================================================*\
* Internal functions
\*=========================================================================*/
/*-------------------------------------------------------------------------*\
* Sends a block of data (unbuffered)
\*-------------------------------------------------------------------------*/
#define STEPSIZE 8192
static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent) {
p_io io = buf->io;
p_timeout tm = buf->tm;
size_t total = 0;
int err = IO_DONE;
while (total < count && err == IO_DONE) {
size_t done;
size_t step = (count-total <= STEPSIZE)? count-total: STEPSIZE;
err = io->send(io->ctx, data+total, step, &done, tm);
total += done;
}
*sent = total;
return err;
}
/*-------------------------------------------------------------------------*\
* Reads a fixed number of bytes (buffered)
\*-------------------------------------------------------------------------*/
static int recvraw(p_buffer buf, size_t wanted, luaL_Buffer *b) {
int err = IO_DONE;
size_t total = 0;
while (err == IO_DONE) {
size_t count; const char *data;
err = buffer_get(buf, &data, &count);
count = MIN(count, wanted - total);
luaL_addlstring(b, data, count);
buffer_skip(buf, count);
total += count;
if (total >= wanted) break;
}
return err;
}
/*-------------------------------------------------------------------------*\
* Reads everything until the connection is closed (buffered)
\*-------------------------------------------------------------------------*/
static int recvall(p_buffer buf, luaL_Buffer *b) {
int err = IO_DONE;
size_t total = 0;
while (err == IO_DONE) {
const char *data; size_t count;
err = buffer_get(buf, &data, &count);
total += count;
luaL_addlstring(b, data, count);
buffer_skip(buf, count);
}
if (err == IO_CLOSED) {
if (total > 0) return IO_DONE;
else return IO_CLOSED;
} else return err;
}
/*-------------------------------------------------------------------------*\
* Reads a line terminated by a CR LF pair or just by a LF. The CR and LF
* are not returned by the function and are discarded from the buffer
\*-------------------------------------------------------------------------*/
static int recvline(p_buffer buf, luaL_Buffer *b) {
int err = IO_DONE;
while (err == IO_DONE) {
size_t count, pos; const char *data;
err = buffer_get(buf, &data, &count);
pos = 0;
while (pos < count && data[pos] != '\n') {
/* we ignore all \r's */
if (data[pos] != '\r') luaL_addchar(b, data[pos]);
pos++;
}
if (pos < count) { /* found '\n' */
buffer_skip(buf, pos+1); /* skip '\n' too */
break; /* we are done */
} else /* reached the end of the buffer */
buffer_skip(buf, pos);
}
return err;
}
/*-------------------------------------------------------------------------*\
* Skips a given number of bytes from read buffer. No data is read from the
* transport layer
\*-------------------------------------------------------------------------*/
static void buffer_skip(p_buffer buf, size_t count) {
buf->first += count;
if (buffer_isempty(buf))
buf->first = buf->last = 0;
}
/*-------------------------------------------------------------------------*\
* Return any data available in buffer, or get more data from transport layer
* if buffer is empty
\*-------------------------------------------------------------------------*/
static int buffer_get(p_buffer buf, const char **data, size_t *count) {
int err = IO_DONE;
p_io io = buf->io;
p_timeout tm = buf->tm;
if (buffer_isempty(buf)) {
size_t got;
err = io->recv(io->ctx, buf->data, BUF_SIZE, &got, tm);
buf->first = 0;
buf->last = got;
}
*count = buf->last - buf->first;
*data = buf->data + buf->first;
return err;
}

45
src/luasocket/buffer.h Normal file
View File

@ -0,0 +1,45 @@
#ifndef BUF_H
#define BUF_H
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Input/Output interface for Lua programs
*
* Line patterns require buffering. Reading one character at a time involves
* too many system calls and is very slow. This module implements the
* LuaSocket interface for input/output on connected objects, as seen by
* Lua programs.
*
* Input is buffered. Output is *not* buffered because there was no simple
* way of making sure the buffered output data would ever be sent.
*
* The module is built on top of the I/O abstraction defined in io.h and the
* timeout management is done with the timeout.h interface.
*
*
* RCS ID: $Id: buffer.h,v 1.12 2005/10/07 04:40:59 diego Exp $
\*=========================================================================*/
#include <lua.h>
#include "io.h"
#include "timeout.h"
/* buffer size in bytes */
#define BUF_SIZE 8192
/* buffer control structure */
typedef struct t_buffer_ {
p_io io; /* IO driver used for this buffer */
p_timeout tm; /* timeout management for this buffer */
size_t first, last; /* index of first and last bytes of stored data */
char data[BUF_SIZE]; /* storage space for buffer data */
} t_buffer;
typedef t_buffer *p_buffer;
void buffer_init(p_buffer buf, p_io io, p_timeout tm);
int buffer_meth_send(lua_State *L, p_buffer buf);
int buffer_meth_receive(lua_State *L, p_buffer buf);
int buffer_isempty(p_buffer buf);
#endif /* BUF_H */

34
src/luasocket/io.c Normal file
View File

@ -0,0 +1,34 @@
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Input/Output abstraction
*
* RCS ID: $Id: io.c 2 2006-04-30 19:30:47Z brunoos $
\*=========================================================================*/
#include "io.h"
/*=========================================================================*\
* Exported functions
\*=========================================================================*/
/*-------------------------------------------------------------------------*\
* Initializes C structure
\*-------------------------------------------------------------------------*/
void io_init(p_io io, p_send send, p_recv recv, p_error error, void *ctx) {
io->send = send;
io->recv = recv;
io->error = error;
io->ctx = ctx;
}
/*-------------------------------------------------------------------------*\
* I/O error strings
\*-------------------------------------------------------------------------*/
const char *io_strerror(int err) {
switch (err) {
case IO_DONE: return NULL;
case IO_CLOSED: return "closed";
case IO_TIMEOUT: return "timeout";
default: return "unknown error";
}
}

70
src/luasocket/io.h Normal file
View File

@ -0,0 +1,70 @@
#ifndef IO_H
#define IO_H
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Input/Output abstraction
*
* This module defines the interface that LuaSocket expects from the
* transport layer for streamed input/output. The idea is that if any
* transport implements this interface, then the buffer.c functions
* automatically work on it.
*
* The module socket.h implements this interface, and thus the module tcp.h
* is very simple.
*
* RCS ID: $Id: io.h 6 2006-04-30 20:33:05Z brunoos $
\*=========================================================================*/
#include <stdio.h>
#include <lua.h>
#include "timeout.h"
/* IO error codes */
enum {
IO_DONE = 0, /* operation completed successfully */
IO_TIMEOUT = -1, /* operation timed out */
IO_CLOSED = -2, /* the connection has been closed */
IO_UNKNOWN = -3, /* Unknown error */
IO_SSL = -4 /* SSL error */
};
/* interface to error message function */
typedef const char *(*p_error) (
void *ctx, /* context needed by send */
int err /* error code */
);
/* interface to send function */
typedef int (*p_send) (
void *ctx, /* context needed by send */
const char *data, /* pointer to buffer with data to send */
size_t count, /* number of bytes to send from buffer */
size_t *sent, /* number of bytes sent uppon return */
p_timeout tm /* timeout control */
);
/* interface to recv function */
typedef int (*p_recv) (
void *ctx, /* context needed by recv */
char *data, /* pointer to buffer where data will be writen */
size_t count, /* number of bytes to receive into buffer */
size_t *got, /* number of bytes received uppon return */
p_timeout tm /* timeout control */
);
/* IO driver definition */
typedef struct t_io_ {
void *ctx; /* context needed by send/recv */
p_send send; /* send function pointer */
p_recv recv; /* receive function pointer */
p_error error; /* strerror function */
} t_io;
typedef t_io *p_io;
void io_init(p_io io, p_send send, p_recv recv, p_error error, void *ctx);
const char *io_strerror(int err);
#endif /* IO_H */

47
src/luasocket/socket.h Normal file
View File

@ -0,0 +1,47 @@
#ifndef SOCKET_H
#define SOCKET_H
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Socket compatibilization module
*
* BSD Sockets and WinSock are similar, but there are a few irritating
* differences. Also, not all *nix platforms behave the same. This module
* (and the associated usocket.h and wsocket.h) factor these differences and
* creates a interface compatible with the io.h module.
*
* RCS ID: $Id: socket.h 2 2006-04-30 19:30:47Z brunoos $
\*=========================================================================*/
#include "io.h"
/*=========================================================================*\
* Platform specific compatibilization
\*=========================================================================*/
#ifdef _WIN32
#include "wsocket.h"
#else
#include "usocket.h"
#endif
/*=========================================================================*\
* The connect and accept functions accept a timeout and their
* implementations are somewhat complicated. We chose to move
* the timeout control into this module for these functions in
* order to simplify the modules that use them.
\*=========================================================================*/
#include "timeout.h"
/*=========================================================================*\
* Functions bellow implement a comfortable platform independent
* interface to sockets
\*=========================================================================*/
int socket_open(void);
int socket_close(void);
void socket_destroy(p_socket ps);
void socket_setnonblocking(p_socket ps);
void socket_setblocking(p_socket ps);
int socket_waitfd(p_socket ps, int sw, p_timeout tm);
const char *socket_strerror(int err);
#endif /* SOCKET_H */

155
src/luasocket/timeout.c Normal file
View File

@ -0,0 +1,155 @@
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Timeout management functions
*
* RCS ID: $Id: timeout.c,v 1.30 2005/10/07 04:40:59 diego Exp $
\*=========================================================================*/
#include <stdio.h>
#ifdef _WIN32
#include <windows.h>
#else
#include <time.h>
#include <sys/time.h>
#endif
#include <lua.h>
#include <lauxlib.h>
#include "timeout.h"
/* min and max macros */
#ifndef MIN
#define MIN(x, y) ((x) < (y) ? x : y)
#endif
#ifndef MAX
#define MAX(x, y) ((x) > (y) ? x : y)
#endif
/*=========================================================================*\
* Exported functions.
\*=========================================================================*/
/*-------------------------------------------------------------------------*\
* Initialize structure
\*-------------------------------------------------------------------------*/
void timeout_init(p_timeout tm, double block, double total) {
tm->block = block;
tm->total = total;
}
/*-------------------------------------------------------------------------*\
* Determines how much time we have left for the next system call,
* if the previous call was successful
* Input
* tm: timeout control structure
* Returns
* the number of ms left or -1 if there is no time limit
\*-------------------------------------------------------------------------*/
double timeout_get(p_timeout tm) {
if (tm->block < 0.0 && tm->total < 0.0) {
return -1;
} else if (tm->block < 0.0) {
double t = tm->total - timeout_gettime() + tm->start;
return MAX(t, 0.0);
} else if (tm->total < 0.0) {
return tm->block;
} else {
double t = tm->total - timeout_gettime() + tm->start;
return MIN(tm->block, MAX(t, 0.0));
}
}
/*-------------------------------------------------------------------------*\
* Returns time since start of operation
* Input
* tm: timeout control structure
* Returns
* start field of structure
\*-------------------------------------------------------------------------*/
double timeout_getstart(p_timeout tm) {
return tm->start;
}
/*-------------------------------------------------------------------------*\
* Determines how much time we have left for the next system call,
* if the previous call was a failure
* Input
* tm: timeout control structure
* Returns
* the number of ms left or -1 if there is no time limit
\*-------------------------------------------------------------------------*/
double timeout_getretry(p_timeout tm) {
if (tm->block < 0.0 && tm->total < 0.0) {
return -1;
} else if (tm->block < 0.0) {
double t = tm->total - timeout_gettime() + tm->start;
return MAX(t, 0.0);
} else if (tm->total < 0.0) {
double t = tm->block - timeout_gettime() + tm->start;
return MAX(t, 0.0);
} else {
double t = tm->total - timeout_gettime() + tm->start;
return MIN(tm->block, MAX(t, 0.0));
}
}
/*-------------------------------------------------------------------------*\
* Marks the operation start time in structure
* Input
* tm: timeout control structure
\*-------------------------------------------------------------------------*/
p_timeout timeout_markstart(p_timeout tm) {
tm->start = timeout_gettime();
return tm;
}
/*-------------------------------------------------------------------------*\
* Gets time in s, relative to January 1, 1970 (UTC)
* Returns
* time in s.
\*-------------------------------------------------------------------------*/
#ifdef _WIN32
double timeout_gettime(void) {
FILETIME ft;
double t;
GetSystemTimeAsFileTime(&ft);
/* Windows file time (time since January 1, 1601 (UTC)) */
t = ft.dwLowDateTime/1.0e7 + ft.dwHighDateTime*(4294967296.0/1.0e7);
/* convert to Unix Epoch time (time since January 1, 1970 (UTC)) */
return (t - 11644473600.0);
}
#else
double timeout_gettime(void) {
struct timeval v;
gettimeofday(&v, (struct timezone *) NULL);
/* Unix Epoch time (time since January 1, 1970 (UTC)) */
return v.tv_sec + v.tv_usec/1.0e6;
}
#endif
/*-------------------------------------------------------------------------*\
* Sets timeout values for IO operations
* Lua Input: base, time [, mode]
* time: time out value in seconds
* mode: "b" for block timeout, "t" for total timeout. (default: b)
\*-------------------------------------------------------------------------*/
int timeout_meth_settimeout(lua_State *L, p_timeout tm) {
double t = luaL_optnumber(L, 2, -1);
const char *mode = luaL_optstring(L, 3, "b");
switch (*mode) {
case 'b':
tm->block = t;
break;
case 'r': case 't':
tm->total = t;
break;
default:
luaL_argcheck(L, 0, 3, "invalid timeout mode");
break;
}
lua_pushnumber(L, 1);
return 1;
}

32
src/luasocket/timeout.h Normal file
View File

@ -0,0 +1,32 @@
#ifndef TIMEOUT_H
#define TIMEOUT_H
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Timeout management functions
*
* RCS ID: $Id: timeout.h 2 2006-04-30 19:30:47Z brunoos $
\*=========================================================================*/
#include <lua.h>
/* timeout control structure */
typedef struct t_timeout_ {
double block; /* maximum time for blocking calls */
double total; /* total number of miliseconds for operation */
double start; /* time of start of operation */
} t_timeout;
typedef t_timeout *p_timeout;
int timeout_open(lua_State *L);
void timeout_init(p_timeout tm, double block, double total);
double timeout_get(p_timeout tm);
double timeout_getretry(p_timeout tm);
p_timeout timeout_markstart(p_timeout tm);
double timeout_getstart(p_timeout tm);
double timeout_gettime(void);
int timeout_meth_settimeout(lua_State *L, p_timeout tm);
#define timeout_iszero(tm) ((tm)->block == 0.0)
#endif /* TIMEOUT_H */

136
src/luasocket/usocket.c Normal file
View File

@ -0,0 +1,136 @@
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Socket compatibilization module for Unix
*
* The code is now interrupt-safe.
* The penalty of calling select to avoid busy-wait is only paid when
* the I/O call fail in the first place.
*
* RCS ID: $Id: usocket.c,v 1.38 2007/10/13 23:55:20 diego Exp $
\*=========================================================================*/
#include <errno.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include <fcntl.h>
#include "socket.h"
#include "usocket.h"
/*-------------------------------------------------------------------------*\
* Wait for readable/writable/connected socket with timeout
\*-------------------------------------------------------------------------*/
#ifdef SOCKET_POLL
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
int ret;
struct pollfd pfd;
pfd.fd = *ps;
pfd.events = sw;
pfd.revents = 0;
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
do {
int t = (int)(timeout_getretry(tm)*1e3);
ret = poll(&pfd, 1, t >= 0? t: -1);
} while (ret == -1 && errno == EINTR);
if (ret == -1) return errno;
if (ret == 0) return IO_TIMEOUT;
if (sw == WAITFD_C && (pfd.revents & (POLLIN|POLLERR))) return IO_CLOSED;
return IO_DONE;
}
#else
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
int ret;
fd_set rfds, wfds, *rp, *wp;
struct timeval tv, *tp;
double t;
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
do {
/* must set bits within loop, because select may have modifed them */
rp = wp = NULL;
if (sw & WAITFD_R) { FD_ZERO(&rfds); FD_SET(*ps, &rfds); rp = &rfds; }
if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
t = timeout_getretry(tm);
tp = NULL;
if (t >= 0.0) {
tv.tv_sec = (int)t;
tv.tv_usec = (int)((t-tv.tv_sec)*1.0e6);
tp = &tv;
}
ret = select(*ps+1, rp, wp, NULL, tp);
} while (ret == -1 && errno == EINTR);
if (ret == -1) return errno;
if (ret == 0) return IO_TIMEOUT;
if (sw == WAITFD_C && FD_ISSET(*ps, &rfds)) return IO_CLOSED;
return IO_DONE;
}
#endif
/*-------------------------------------------------------------------------*\
* Initializes module
\*-------------------------------------------------------------------------*/
int socket_open(void) {
/* instals a handler to ignore sigpipe or it will crash us */
signal(SIGPIPE, SIG_IGN);
return 1;
}
/*-------------------------------------------------------------------------*\
* Close module
\*-------------------------------------------------------------------------*/
int socket_close(void) {
return 1;
}
/*-------------------------------------------------------------------------*\
* Close and inutilize socket
\*-------------------------------------------------------------------------*/
void socket_destroy(p_socket ps) {
if (*ps != SOCKET_INVALID) {
socket_setblocking(ps);
close(*ps);
*ps = SOCKET_INVALID;
}
}
/*-------------------------------------------------------------------------*\
* Put socket into blocking mode
\*-------------------------------------------------------------------------*/
void socket_setblocking(p_socket ps) {
int flags = fcntl(*ps, F_GETFL, 0);
flags &= (~(O_NONBLOCK));
fcntl(*ps, F_SETFL, flags);
}
/*-------------------------------------------------------------------------*\
* Put socket into non-blocking mode
\*-------------------------------------------------------------------------*/
void socket_setnonblocking(p_socket ps) {
int flags = fcntl(*ps, F_GETFL, 0);
flags |= O_NONBLOCK;
fcntl(*ps, F_SETFL, flags);
}
/*-------------------------------------------------------------------------*\
* Error translation functions
* Make sure important error messages are standard
\*-------------------------------------------------------------------------*/
const char *socket_strerror(int err) {
if (err <= 0) return io_strerror(err);
switch (err) {
case EADDRINUSE: return "address already in use";
case EISCONN: return "already connected";
case EACCES: return "permission denied";
case ECONNREFUSED: return "connection refused";
case ECONNABORTED: return "closed";
case ECONNRESET: return "closed";
case EPIPE: return "closed";
case ETIMEDOUT: return "timeout";
default: return strerror(errno);
}
}

28
src/luasocket/usocket.h Normal file
View File

@ -0,0 +1,28 @@
#ifndef USOCKET_H
#define USOCKET_H
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Socket compatibilization module for Unix
*
* RCS ID: $Id: usocket.h 6 2006-04-30 20:33:05Z brunoos $
\*=========================================================================*/
#ifdef SOCKET_POLL
#include <sys/poll.h>
#define WAITFD_R POLLIN
#define WAITFD_W POLLOUT
#define WAITFD_C (POLLIN|POLLOUT)
#else
#define WAITFD_R 1
#define WAITFD_W 2
#define WAITFD_C (WAITFD_R|WAITFD_W)
#endif
typedef int t_socket;
typedef t_socket *p_socket;
#define SOCKET_INVALID (-1)
#endif /* USOCKET_H */

162
src/luasocket/wsocket.c Normal file
View File

@ -0,0 +1,162 @@
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Socket compatibilization module for Win32
*
* The penalty of calling select to avoid busy-wait is only paid when
* the I/O call fail in the first place.
*
* RCS ID: $Id: wsocket.c,v 1.36 2007/06/11 23:44:54 diego Exp $
\*=========================================================================*/
#include <string.h>
#include "socket.h"
/*-------------------------------------------------------------------------*\
* Initializes module
\*-------------------------------------------------------------------------*/
int socket_open(void) {
WSADATA wsaData;
WORD wVersionRequested = MAKEWORD(2, 0);
int err = WSAStartup(wVersionRequested, &wsaData );
if (err != 0) return 0;
if ((LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 0) &&
(LOBYTE(wsaData.wVersion) != 1 || HIBYTE(wsaData.wVersion) != 1)) {
WSACleanup();
return 0;
}
return 1;
}
/*-------------------------------------------------------------------------*\
* Close module
\*-------------------------------------------------------------------------*/
int socket_close(void) {
WSACleanup();
return 1;
}
/*-------------------------------------------------------------------------*\
* Wait for readable/writable/connected socket with timeout
\*-------------------------------------------------------------------------*/
int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
int ret;
fd_set rfds, wfds, efds, *rp = NULL, *wp = NULL, *ep = NULL;
struct timeval tv, *tp = NULL;
double t;
if (timeout_iszero(tm)) return IO_TIMEOUT; /* optimize timeout == 0 case */
if (sw & WAITFD_R) {
FD_ZERO(&rfds);
FD_SET(*ps, &rfds);
rp = &rfds;
}
if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
if (sw & WAITFD_C) { FD_ZERO(&efds); FD_SET(*ps, &efds); ep = &efds; }
if ((t = timeout_get(tm)) >= 0.0) {
tv.tv_sec = (int) t;
tv.tv_usec = (int) ((t-tv.tv_sec)*1.0e6);
tp = &tv;
}
ret = select(0, rp, wp, ep, tp);
if (ret == -1) return WSAGetLastError();
if (ret == 0) return IO_TIMEOUT;
if (sw == WAITFD_C && FD_ISSET(*ps, &efds)) return IO_CLOSED;
return IO_DONE;
}
/*-------------------------------------------------------------------------*\
* Close and inutilize socket
\*-------------------------------------------------------------------------*/
void socket_destroy(p_socket ps) {
if (*ps != SOCKET_INVALID) {
socket_setblocking(ps); /* close can take a long time on WIN32 */
closesocket(*ps);
*ps = SOCKET_INVALID;
}
}
/*-------------------------------------------------------------------------*\
* Put socket into blocking mode
\*-------------------------------------------------------------------------*/
void socket_setblocking(p_socket ps) {
u_long argp = 0;
ioctlsocket(*ps, FIONBIO, &argp);
}
/*-------------------------------------------------------------------------*\
* Put socket into non-blocking mode
\*-------------------------------------------------------------------------*/
void socket_setnonblocking(p_socket ps) {
u_long argp = 1;
ioctlsocket(*ps, FIONBIO, &argp);
}
/*-------------------------------------------------------------------------*\
* Error translation functions
\*-------------------------------------------------------------------------*/
/* WinSock doesn't have a strerror... */
static const char *wstrerror(int err) {
switch (err) {
case WSAEINTR: return "Interrupted function call";
case WSAEACCES: return "Permission denied";
case WSAEFAULT: return "Bad address";
case WSAEINVAL: return "Invalid argument";
case WSAEMFILE: return "Too many open files";
case WSAEWOULDBLOCK: return "Resource temporarily unavailable";
case WSAEINPROGRESS: return "Operation now in progress";
case WSAEALREADY: return "Operation already in progress";
case WSAENOTSOCK: return "Socket operation on nonsocket";
case WSAEDESTADDRREQ: return "Destination address required";
case WSAEMSGSIZE: return "Message too long";
case WSAEPROTOTYPE: return "Protocol wrong type for socket";
case WSAENOPROTOOPT: return "Bad protocol option";
case WSAEPROTONOSUPPORT: return "Protocol not supported";
case WSAESOCKTNOSUPPORT: return "Socket type not supported";
case WSAEOPNOTSUPP: return "Operation not supported";
case WSAEPFNOSUPPORT: return "Protocol family not supported";
case WSAEAFNOSUPPORT:
return "Address family not supported by protocol family";
case WSAEADDRINUSE: return "Address already in use";
case WSAEADDRNOTAVAIL: return "Cannot assign requested address";
case WSAENETDOWN: return "Network is down";
case WSAENETUNREACH: return "Network is unreachable";
case WSAENETRESET: return "Network dropped connection on reset";
case WSAECONNABORTED: return "Software caused connection abort";
case WSAECONNRESET: return "Connection reset by peer";
case WSAENOBUFS: return "No buffer space available";
case WSAEISCONN: return "Socket is already connected";
case WSAENOTCONN: return "Socket is not connected";
case WSAESHUTDOWN: return "Cannot send after socket shutdown";
case WSAETIMEDOUT: return "Connection timed out";
case WSAECONNREFUSED: return "Connection refused";
case WSAEHOSTDOWN: return "Host is down";
case WSAEHOSTUNREACH: return "No route to host";
case WSAEPROCLIM: return "Too many processes";
case WSASYSNOTREADY: return "Network subsystem is unavailable";
case WSAVERNOTSUPPORTED: return "Winsock.dll version out of range";
case WSANOTINITIALISED:
return "Successful WSAStartup not yet performed";
case WSAEDISCON: return "Graceful shutdown in progress";
case WSAHOST_NOT_FOUND: return "Host not found";
case WSATRY_AGAIN: return "Nonauthoritative host not found";
case WSANO_RECOVERY: return "Nonrecoverable name lookup error";
case WSANO_DATA: return "Valid name, no data record of requested type";
default: return "Unknown error";
}
}
const char *socket_strerror(int err) {
if (err <= 0) return io_strerror(err);
switch (err) {
case WSAEADDRINUSE: return "address already in use";
case WSAECONNREFUSED: return "connection refused";
case WSAEISCONN: return "already connected";
case WSAEACCES: return "permission denied";
case WSAECONNABORTED: return "closed";
case WSAECONNRESET: return "closed";
case WSAETIMEDOUT: return "timeout";
default: return wstrerror(err);
}
}

28
src/luasocket/wsocket.h Normal file
View File

@ -0,0 +1,28 @@
#ifndef WSOCKET_H
#define WSOCKET_H
/*=========================================================================*\
* LuaSocket 2.0.2
* Copyright (C) 2004-2007 Diego Nehab
*
* Socket compatibilization module for Win32
*
* RCS ID: $Id: wsocket.h 2 2006-04-30 19:30:47Z brunoos $
\*=========================================================================*/
/*=========================================================================*\
* WinSock include files
\*=========================================================================*/
#include <winsock.h>
#define WAITFD_R 1
#define WAITFD_W 2
#define WAITFD_E 4
#define WAITFD_C (WAITFD_E|WAITFD_W)
#define SOCKET_INVALID (INVALID_SOCKET)
typedef int socklen_t;
typedef SOCKET t_socket;
typedef t_socket *p_socket;
#endif /* WSOCKET_H */

76
src/options.h
View File

@ -1,67 +1,26 @@
#ifndef LSEC_OPTIONS_H
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 0.4.1
* Copyright (C) 2006-2011 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/ssl.h>
/* If you need to generate these options again, see options.lua */
/*
OpenSSL version: OpenSSL 1.0.1 14 Mar 2012
*/
struct ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
/*
-- Supported SSL options and script in Lua 5.1 to generate the file.
-- Ugly, but easier to maintain.
local options = [[
SSL_OP_ALL
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_OP_CISCO_ANYCONNECT
SSL_OP_COOKIE_EXCHANGE
SSL_OP_CRYPTOPRO_TLSEXT_BUG
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
SSL_OP_EPHEMERAL_RSA
SSL_OP_LEGACY_SERVER_CONNECT
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_MSIE_SSLV2_RSA_PADDING
SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
SSL_OP_NO_COMPRESSION
SSL_OP_NO_QUERY_MTU
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
SSL_OP_NO_SSLv2
SSL_OP_NO_SSLv3
SSL_OP_NO_TICKET
SSL_OP_NO_TLSv1
SSL_OP_PKCS1_CHECK_1
SSL_OP_PKCS1_CHECK_2
SSL_OP_SINGLE_DH_USE
SSL_OP_SINGLE_ECDH_USE
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
SSL_OP_TLS_BLOCK_PADDING_BUG
SSL_OP_TLS_D5_BUG
SSL_OP_TLS_ROLLBACK_BUG
]]
print([[static ssl_option_t ssl_options[] = {]])
for option in string.gmatch(options, "(%S+)") do
local name = string.lower(string.sub(option, 8))
print(string.format([[#if defined(%s)]], option))
print(string.format([[ {"%s", %s},]], name, option))
print([[#endif]])
end
print([[ {NULL, 0L}]])
print([[};]])
*/
static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
@ -132,6 +91,12 @@ static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_NO_TLSv1)
{"no_tlsv1", SSL_OP_NO_TLSv1},
#endif
#if defined(SSL_OP_NO_TLSv1_1)
{"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
#endif
#if defined(SSL_OP_NO_TLSv1_2)
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif
@ -158,6 +123,13 @@ static ssl_option_t ssl_options[] = {
#endif
#if defined(SSL_OP_TLS_ROLLBACK_BUG)
{"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
#endif
#if !defined(SSL_OP_NO_COMPRESSION) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
/* Add SSL_OP_NO_COMPRESSION manually if built against 0.9.8. */
{"no_compression", 0L},
#endif
{NULL, 0L}
};
#endif

98
src/options.lua Normal file
View File

@ -0,0 +1,98 @@
local function usage()
print("Usage:")
print("* Generate options of your system:")
print(" lua options.lua -g /path/to/ssl.h [verion] > options.h")
print("* Examples:")
print(" lua options.lua -g /usr/include/openssl/ssl.h > options.h\n")
print(" lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.h\n")
print("* List options of your system:")
print(" lua options.lua -l /path/to/ssl.h\n")
end
--
local function printf(str, ...)
print(string.format(str, ...))
end
local function generate(options, version)
print([[
#ifndef LSEC_OPTIONS_H
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 0.4.1
* Copyright (C) 2006-2011 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
#include <openssl/ssl.h>
/* If you need to generate these options again, see options.lua */
]])
printf([[
/*
OpenSSL version: %s
*/
]], version)
print([[
struct ssl_option_s {
const char *name;
unsigned long code;
};
typedef struct ssl_option_s ssl_option_t;
]])
print([[static ssl_option_t ssl_options[] = {]])
for k, option in ipairs(options) do
local name = string.lower(string.sub(option, 8))
print(string.format([[#if defined(%s)]], option))
print(string.format([[ {"%s", %s},]], name, option))
print([[#endif]])
end
print([[
#if !defined(SSL_OP_NO_COMPRESSION) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
/* Add SSL_OP_NO_COMPRESSION manually if built against 0.9.8. */
{"no_compression", 0L},
#endif]])
print([[ {NULL, 0L}]])
print([[
};
#endif
]])
end
local function loadoptions(file)
local options = {}
local f = assert(io.open(file, "r"))
for line in f:lines() do
local op = string.match(line, "define%s+(SSL_OP_%S+)")
if op then
table.insert(options, op)
end
end
table.sort(options, function(a,b) return a<b end)
return options
end
--
local options
local flag, file, version = ...
version = version or "Unknown"
if not file then
usage()
elseif flag == "-g" then
options = loadoptions(file)
generate(options, version)
elseif flag == "-l" then
options = loadoptions(file)
for k, option in ipairs(options) do
print(option)
end
else
usage()
end

507
src/ssl.c
View File

@ -4,26 +4,47 @@
*
*--------------------------------------------------------------------------*/
#include <errno.h>
#include <string.h>
#if defined(WIN32)
#include <Winsock2.h>
#endif
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include <openssl/err.h>
#include <lua.h>
#include <lauxlib.h>
#include "io.h"
#include "buffer.h"
#include "timeout.h"
#include "socket.h"
#include <luasocket/io.h>
#include <luasocket/buffer.h>
#include <luasocket/timeout.h>
#include <luasocket/socket.h>
#include "x509.h"
#include "ssl.h"
/**
* Underline socket error.
*/
static int lsec_socket_error()
{
#if defined(WIN32)
return WSAGetLastError();
#else
return errno;
#endif
}
/**
* Map error code into string.
*/
static const char *ssl_ioerror(void *ctx, int err)
{
if (err == IO_SSL) {
if (err == LSEC_IO_SSL) {
p_ssl ssl = (p_ssl) ctx;
switch(ssl->error) {
case SSL_ERROR_NONE: return "No error";
@ -46,11 +67,22 @@ static const char *ssl_ioerror(void *ctx, int err)
*/
static int meth_destroy(lua_State *L)
{
p_ssl ssl = (p_ssl) lua_touserdata(L, 1);
if (ssl->ssl) {
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state == LSEC_STATE_CONNECTED) {
socket_setblocking(&ssl->sock);
SSL_shutdown(ssl->ssl);
}
if (ssl->sock != SOCKET_INVALID) {
socket_destroy(&ssl->sock);
}
ssl->state = LSEC_STATE_CLOSED;
if (ssl->ssl) {
/* Clear the registry */
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ssl->ssl);
lua_pushnil(L);
lua_settable(L, -3);
/* Destroy the object */
SSL_free(ssl->ssl);
ssl->ssl = NULL;
}
@ -64,36 +96,36 @@ static int handshake(p_ssl ssl)
{
int err;
p_timeout tm = timeout_markstart(&ssl->tm);
if (ssl->state == ST_SSL_CLOSED)
if (ssl->state == LSEC_STATE_CLOSED)
return IO_CLOSED;
for ( ; ; ) {
ERR_clear_error();
err = SSL_do_handshake(ssl->ssl);
ssl->error = SSL_get_error(ssl->ssl, err);
switch(ssl->error) {
switch (ssl->error) {
case SSL_ERROR_NONE:
ssl->state = ST_SSL_CONNECTED;
ssl->state = LSEC_STATE_CONNECTED;
return IO_DONE;
case SSL_ERROR_WANT_READ:
err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
if (err == IO_TIMEOUT) return IO_SSL;
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
if (err != IO_DONE) return err;
break;
case SSL_ERROR_WANT_WRITE:
err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
if (err == IO_TIMEOUT) return IO_SSL;
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
if (err != IO_DONE) return err;
break;
case SSL_ERROR_SYSCALL:
if (ERR_peek_error()) {
ssl->error = SSL_ERROR_SSL;
return IO_SSL;
return LSEC_IO_SSL;
}
if (err == 0)
return IO_CLOSED;
return socket_error();
return lsec_socket_error();
default:
return IO_SSL;
return LSEC_IO_SSL;
}
}
return IO_UNKNOWN;
@ -106,38 +138,38 @@ static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent,
p_timeout tm)
{
int err;
p_ssl ssl = (p_ssl) ctx;
if (ssl->state == ST_SSL_CLOSED)
p_ssl ssl = (p_ssl)ctx;
if (ssl->state != LSEC_STATE_CONNECTED)
return IO_CLOSED;
*sent = 0;
for ( ; ; ) {
ERR_clear_error();
err = SSL_write(ssl->ssl, data, (int) count);
err = SSL_write(ssl->ssl, data, (int)count);
ssl->error = SSL_get_error(ssl->ssl, err);
switch(ssl->error) {
switch (ssl->error) {
case SSL_ERROR_NONE:
*sent = err;
return IO_DONE;
case SSL_ERROR_WANT_READ:
err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
if (err == IO_TIMEOUT) return IO_SSL;
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
if (err != IO_DONE) return err;
break;
case SSL_ERROR_WANT_WRITE:
err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
if (err == IO_TIMEOUT) return IO_SSL;
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
if (err != IO_DONE) return err;
break;
case SSL_ERROR_SYSCALL:
if (ERR_peek_error()) {
ssl->error = SSL_ERROR_SSL;
return IO_SSL;
return LSEC_IO_SSL;
}
if (err == 0)
return IO_CLOSED;
return socket_error();
return lsec_socket_error();
default:
return IO_SSL;
return LSEC_IO_SSL;
}
}
return IO_UNKNOWN;
@ -150,15 +182,15 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
p_timeout tm)
{
int err;
p_ssl ssl = (p_ssl) ctx;
if (ssl->state == ST_SSL_CLOSED)
p_ssl ssl = (p_ssl)ctx;
if (ssl->state != LSEC_STATE_CONNECTED)
return IO_CLOSED;
*got = 0;
for ( ; ; ) {
ERR_clear_error();
err = SSL_read(ssl->ssl, data, (int) count);
err = SSL_read(ssl->ssl, data, (int)count);
ssl->error = SSL_get_error(ssl->ssl, err);
switch(ssl->error) {
switch (ssl->error) {
case SSL_ERROR_NONE:
*got = err;
return IO_DONE;
@ -167,24 +199,24 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
return IO_CLOSED;
case SSL_ERROR_WANT_READ:
err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
if (err == IO_TIMEOUT) return IO_SSL;
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
if (err != IO_DONE) return err;
break;
case SSL_ERROR_WANT_WRITE:
err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
if (err == IO_TIMEOUT) return IO_SSL;
if (err == IO_TIMEOUT) return LSEC_IO_SSL;
if (err != IO_DONE) return err;
break;
case SSL_ERROR_SYSCALL:
if (ERR_peek_error()) {
ssl->error = SSL_ERROR_SSL;
return IO_SSL;
return LSEC_IO_SSL;
}
if (err == 0)
return IO_CLOSED;
return socket_error();
return lsec_socket_error();
default:
return IO_SSL;
return LSEC_IO_SSL;
}
}
return IO_UNKNOWN;
@ -196,15 +228,15 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
static int meth_create(lua_State *L)
{
p_ssl ssl;
int mode = ctx_getmode(L, 1);
SSL_CTX *ctx = ctx_getcontext(L, 1);
int mode = lsec_getmode(L, 1);
SSL_CTX *ctx = lsec_checkcontext(L, 1);
if (mode == MD_CTX_INVALID) {
if (mode == LSEC_MODE_INVALID) {
lua_pushnil(L);
lua_pushstring(L, "invalid mode");
return 2;
}
ssl = (p_ssl) lua_newuserdata(L, sizeof(t_ssl));
ssl = (p_ssl)lua_newuserdata(L, sizeof(t_ssl));
if (!ssl) {
lua_pushnil(L);
lua_pushstring(L, "error creating SSL object");
@ -214,21 +246,21 @@ static int meth_create(lua_State *L)
if (!ssl->ssl) {
lua_pushnil(L);
lua_pushstring(L, "error creating SSL object");
return 2;;
return 2;
}
ssl->state = ST_SSL_NEW;
SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID);
ssl->state = LSEC_STATE_NEW;
SSL_set_fd(ssl->ssl, (int)SOCKET_INVALID);
SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#if defined(SSL_MODE_RELEASE_BUFFERS)
SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
#endif
if (mode == MD_CTX_SERVER)
if (mode == LSEC_MODE_SERVER)
SSL_set_accept_state(ssl->ssl);
else
SSL_set_connect_state(ssl->ssl);
io_init(&ssl->io, (p_send) ssl_send, (p_recv) ssl_recv,
io_init(&ssl->io, (p_send)ssl_send, (p_recv)ssl_recv,
(p_error) ssl_ioerror, ssl);
timeout_init(&ssl->tm, -1, -1);
buffer_init(&ssl->buf, &ssl->io, &ssl->tm);
@ -242,7 +274,7 @@ static int meth_create(lua_State *L)
* Buffer send function
*/
static int meth_send(lua_State *L) {
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
return buffer_meth_send(L, &ssl->buf);
}
@ -250,7 +282,7 @@ static int meth_send(lua_State *L) {
* Buffer receive function
*/
static int meth_receive(lua_State *L) {
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
return buffer_meth_receive(L, &ssl->buf);
}
@ -259,19 +291,19 @@ static int meth_receive(lua_State *L) {
*/
static int meth_getfd(lua_State *L)
{
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
lua_pushnumber(L, ssl->sock);
return 1;
}
/**
* Set the TLS/SSL file descriptor.
* This is done *before* the handshake.
* Call it *before* the handshake.
*/
static int meth_setfd(lua_State *L)
{
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != ST_SSL_NEW)
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_NEW)
luaL_argerror(L, 1, "invalid SSL object state");
ssl->sock = luaL_checkint(L, 2);
socket_setnonblocking(&ssl->sock);
@ -284,7 +316,7 @@ static int meth_setfd(lua_State *L)
*/
static int meth_handshake(lua_State *L)
{
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
int err = handshake(ssl);
if (err == IO_DONE) {
lua_pushboolean(L, 1);
@ -300,9 +332,7 @@ static int meth_handshake(lua_State *L)
*/
static int meth_close(lua_State *L)
{
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
meth_destroy(L);
ssl->state = ST_SSL_CLOSED;
return 0;
}
@ -311,7 +341,7 @@ static int meth_close(lua_State *L)
*/
static int meth_settimeout(lua_State *L)
{
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
return timeout_meth_settimeout(L, &ssl->tm);
}
@ -321,8 +351,8 @@ static int meth_settimeout(lua_State *L)
static int meth_dirty(lua_State *L)
{
int res = 0;
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != ST_SSL_CLOSED)
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CLOSED)
res = !buffer_isempty(&ssl->buf) || SSL_pending(ssl->ssl);
lua_pushboolean(L, res);
return 1;
@ -333,8 +363,10 @@ static int meth_dirty(lua_State *L)
*/
static int meth_want(lua_State *L)
{
p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
int code = (ssl->state == ST_SSL_CLOSED) ? SSL_NOTHING : SSL_want(ssl->ssl);
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
int code = (ssl->state == LSEC_STATE_CLOSED)
? SSL_NOTHING
: SSL_want(ssl->ssl);
switch(code) {
case SSL_NOTHING: lua_pushstring(L, "nothing"); break;
case SSL_READING: lua_pushstring(L, "read"); break;
@ -345,65 +377,341 @@ static int meth_want(lua_State *L)
}
/**
* Return a pointer to SSL structure.
* Return the compression method used.
*/
static int meth_rawconn(lua_State *L)
static int meth_compression(lua_State *L)
{
const COMP_METHOD *comp;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
comp = SSL_get_current_compression(ssl->ssl);
if (comp)
lua_pushstring(L, SSL_COMP_get_name(comp));
else
lua_pushnil(L);
return 1;
}
/**
* Return the nth certificate of the peer's chain.
*/
static int meth_getpeercertificate(lua_State *L)
{
int n;
X509 *cert;
STACK_OF(X509) *certs;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
/* Default to the first cert */
n = luaL_optint(L, 2, 1);
/* This function is 1-based, but OpenSSL is 0-based */
--n;
if (n < 0) {
lua_pushnil(L);
lua_pushliteral(L, "invalid certificate index");
return 2;
}
if (n == 0) {
cert = SSL_get_peer_certificate(ssl->ssl);
if (cert)
lsec_pushx509(L, cert);
else
lua_pushnil(L);
return 1;
}
/* In a server-context, the stack doesn't contain the peer cert,
* so adjust accordingly.
*/
if (ssl->ssl->server)
--n;
certs = SSL_get_peer_cert_chain(ssl->ssl);
if (n >= sk_X509_num(certs)) {
lua_pushnil(L);
return 1;
}
cert = sk_X509_value(certs, n);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
lsec_pushx509(L, cert);
return 1;
}
/**
* Return the chain of certificate of the peer.
*/
static int meth_getpeerchain(lua_State *L)
{
int i;
int idx = 1;
int n_certs;
X509 *cert;
STACK_OF(X509) *certs;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
lua_newtable(L);
if (ssl->ssl->server) {
lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
lua_rawseti(L, -2, idx++);
}
certs = SSL_get_peer_cert_chain(ssl->ssl);
n_certs = sk_X509_num(certs);
for (i = 0; i < n_certs; i++) {
cert = sk_X509_value(certs, i);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
lsec_pushx509(L, cert);
lua_rawseti(L, -2, idx++);
}
return 1;
}
/**
* Copy the table src to the table dst.
*/
static void copy_error_table(lua_State *L, int src, int dst)
{
lua_pushnil(L);
while (lua_next(L, src) != 0) {
if (lua_istable(L, -1)) {
/* Replace the table with its copy */
lua_newtable(L);
copy_error_table(L, dst+2, dst+3);
lua_remove(L, dst+2);
}
lua_pushvalue(L, -2);
lua_pushvalue(L, -2);
lua_rawset(L, dst);
/* Remove the value and leave the key */
lua_pop(L, 1);
}
}
/**
* Return the verification state of the peer chain.
*/
static int meth_getpeerverification(lua_State *L)
{
long err;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushboolean(L, 0);
lua_pushstring(L, "closed");
return 2;
}
err = SSL_get_verify_result(ssl->ssl);
if (err == X509_V_OK) {
lua_pushboolean(L, 1);
return 1;
}
luaL_getmetatable(L, "SSL:Verify:Registry");
lua_pushlightuserdata(L, (void*)ssl->ssl);
lua_gettable(L, -2);
if (lua_isnil(L, -1))
lua_pushstring(L, X509_verify_cert_error_string(err));
else {
/* Copy the table of errors to avoid modifications */
lua_newtable(L);
copy_error_table(L, lua_gettop(L)-1, lua_gettop(L));
}
lua_pushboolean(L, 0);
lua_pushvalue(L, -2);
return 2;
}
/**
* Get the latest "Finished" message sent out.
*/
static int meth_getfinished(lua_State *L)
{
size_t len = 0;
char *buffer = NULL;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
if ((len = SSL_get_finished(ssl->ssl, NULL, 0)) == 0)
return 0;
buffer = (char*)malloc(len);
if (!buffer) {
lua_pushnil(L);
lua_pushstring(L, "out of memory");
return 2;
}
SSL_get_finished(ssl->ssl, buffer, len);
lua_pushlstring(L, buffer, len);
free(buffer);
return 1;
}
/**
* Gets the latest "Finished" message received.
*/
static int meth_getpeerfinished(lua_State *L)
{
size_t len = 0;
char *buffer = NULL;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 0;
}
if ((len = SSL_get_peer_finished(ssl->ssl, NULL, 0)) == 0)
return 0;
buffer = (char*)malloc(len);
if (!buffer) {
lua_pushnil(L);
lua_pushstring(L, "out of memory");
return 2;
}
SSL_get_peer_finished(ssl->ssl, buffer, len);
lua_pushlstring(L, buffer, len);
free(buffer);
return 1;
}
/**
* Object information -- tostring metamethod
*/
static int meth_tostring(lua_State *L)
{
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
lua_pushlightuserdata(L, (void*)ssl->ssl);
lua_pushfstring(L, "SSL connection: %p%s", ssl,
ssl->state == LSEC_STATE_CLOSED ? " (closed)" : "");
return 1;
}
/**
* Add a method in the SSL metatable.
*/
static int meth_setmethod(lua_State *L)
{
luaL_getmetatable(L, "SSL:Connection");
lua_pushstring(L, "__index");
lua_gettable(L, -2);
lua_pushvalue(L, 1);
lua_pushvalue(L, 2);
lua_settable(L, -3);
return 0;
}
/**
* Return information about the connection.
*/
static int meth_info(lua_State *L)
{
int bits = 0;
int algbits = 0;
char buf[256] = {0};
const SSL_CIPHER *cipher;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
cipher = SSL_get_current_cipher(ssl->ssl);
if (!cipher)
return 0;
SSL_CIPHER_description(cipher, buf, sizeof(buf));
bits = SSL_CIPHER_get_bits(cipher, &algbits);
lua_pushstring(L, buf);
lua_pushnumber(L, bits);
lua_pushnumber(L, algbits);
return 3;
}
static int meth_copyright(lua_State *L)
{
lua_pushstring(L, "LuaSec 0.4.1 - Copyright (C) 2006-2011 Bruno Silvestre"
#if defined(WITH_LUASOCKET)
"\nLuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
#endif
);
return 1;
}
/*---------------------------------------------------------------------------*/
/**
* SSL methods
*/
static luaL_Reg methods[] = {
{"close", meth_close},
{"getfd", meth_getfd},
{"getfinished", meth_getfinished},
{"getpeercertificate", meth_getpeercertificate},
{"getpeerchain", meth_getpeerchain},
{"getpeerverification", meth_getpeerverification},
{"getpeerfinished", meth_getpeerfinished},
{"dirty", meth_dirty},
{"dohandshake", meth_handshake},
{"receive", meth_receive},
{"send", meth_send},
{"settimeout", meth_settimeout},
{"want", meth_want},
{NULL, NULL}
};
/**
* SSL metamethods
* SSL metamethods.
*/
static luaL_Reg meta[] = {
{"close", meth_close},
{"getfd", meth_getfd},
{"dirty", meth_dirty},
{"dohandshake", meth_handshake},
{"receive", meth_receive},
{"send", meth_send},
{"settimeout", meth_settimeout},
{"want", meth_want},
{"__gc", meth_destroy},
{"__tostring", meth_tostring},
{NULL, NULL}
};
/**
* SSL functions.
*/
static luaL_Reg funcs[] = {
{"compression", meth_compression},
{"create", meth_create},
{"info", meth_info},
{"setfd", meth_setfd},
{"setmethod", meth_setmethod},
{"copyright", meth_copyright},
{NULL, NULL}
};
/**
* SSL functions
* Initialize modules.
*/
static luaL_Reg funcs[] = {
{"create", meth_create},
{"setfd", meth_setfd},
{"rawconnection", meth_rawconn},
{NULL, NULL}
};
/**
* Initialize modules
*/
LUASEC_API int luaopen_ssl_core(lua_State *L)
#if (LUA_VERSION_NUM == 501)
LSEC_API int luaopen_ssl_core(lua_State *L)
{
/* Initialize SSL */
if (!SSL_library_init()) {
lua_pushstring(L, "unable to initialize SSL library");
lua_error(L);
}
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
#if defined(WITH_LUASOCKET)
/* Initialize internal library */
socket_open();
#endif
/* Registre the functions and tables */
/* Register the functions and tables */
luaL_newmetatable(L, "SSL:Connection");
lua_newtable(L);
luaL_register(L, NULL, meta);
lua_newtable(L);
luaL_register(L, NULL, methods);
lua_setfield(L, -2, "__index");
lua_pushcfunction(L, meth_destroy);
lua_setfield(L, -2, "__gc");
luaL_register(L, "ssl.core", funcs);
lua_pushnumber(L, SOCKET_INVALID);
@ -411,4 +719,35 @@ LUASEC_API int luaopen_ssl_core(lua_State *L)
return 1;
}
#else
LSEC_API int luaopen_ssl_core(lua_State *L)
{
/* Initialize SSL */
if (!SSL_library_init()) {
lua_pushstring(L, "unable to initialize SSL library");
lua_error(L);
}
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
#if defined(WITH_LUASOCKET)
/* Initialize internal library */
socket_open();
#endif
/* Register the functions and tables */
luaL_newmetatable(L, "SSL:Connection");
luaL_setfuncs(L, meta, 0);
lua_newtable(L);
luaL_setfuncs(L, methods, 0);
lua_setfield(L, -2, "__index");
lua_newtable(L);
luaL_setfuncs(L, funcs, 0);
lua_pushnumber(L, SOCKET_INVALID);
lua_setfield(L, -2, "invalidfd");
return 1;
}
#endif

25
src/ssl.h
View File

@ -1,5 +1,5 @@
#ifndef __SSL_H__
#define __SSL_H__
#ifndef LSEC_SSL_H
#define LSEC_SSL_H
/*--------------------------------------------------------------------------
* LuaSec 0.4.1
@ -10,14 +10,19 @@
#include <openssl/ssl.h>
#include <lua.h>
#include "io.h"
#include "buffer.h"
#include "timeout.h"
#include <luasocket/io.h>
#include <luasocket/buffer.h>
#include <luasocket/timeout.h>
#include <luasocket/socket.h>
#include "config.h"
#include "context.h"
#define ST_SSL_NEW 1
#define ST_SSL_CONNECTED 2
#define ST_SSL_CLOSED 3
#define LSEC_STATE_NEW 1
#define LSEC_STATE_CONNECTED 2
#define LSEC_STATE_CLOSED 3
#define LSEC_IO_SSL -100
typedef struct t_ssl_ {
t_socket sock;
@ -25,11 +30,11 @@ typedef struct t_ssl_ {
t_buffer buf;
t_timeout tm;
SSL *ssl;
char state;
int state;
int error;
} t_ssl;
typedef t_ssl* p_ssl;
LUASEC_API int luaopen_ssl_core(lua_State *L);
LSEC_API int luaopen_ssl_core(lua_State *L);
#endif

85
src/ssl.lua
View File

@ -4,19 +4,21 @@
--
------------------------------------------------------------------------------
local core = require("ssl.core")
local context = require("ssl.context")
local x509 = require("ssl.x509")
module("ssl", package.seeall)
require("ssl.core")
require("ssl.context")
_VERSION = "0.5.PR"
_COPYRIGHT = core.copyright()
-- Export
loadcertificate = x509.load
_VERSION = "0.4.1"
_COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2006-2011 Bruno Silvestre\n" ..
"LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
-- Export functions
rawconnection = core.rawconnection
rawcontext = context.rawcontext
-- We must prevent the contexts to be collected before the connections,
-- otherwise the C registry will be cleared.
local registry = setmetatable({}, {__mode="k"})
--
--
@ -45,6 +47,12 @@ function newcontext(cfg)
if not succ then return nil, msg end
-- Load the key
if cfg.key then
if cfg.password and
type(cfg.password) ~= "function" and
type(cfg.password) ~= "string"
then
return nil, "invalid password type"
end
succ, msg = context.loadkey(ctx, cfg.key, cfg.password)
if not succ then return nil, msg end
end
@ -58,6 +66,11 @@ function newcontext(cfg)
succ, msg = context.locations(ctx, cfg.cafile, cfg.capath)
if not succ then return nil, msg end
end
-- Set SSL ciphers
if cfg.ciphers then
succ, msg = context.setcipher(ctx, cfg.ciphers)
if not succ then return nil, msg end
end
-- Set the verification options
succ, msg = optexec(context.setverify, cfg.verify, ctx)
if not succ then return nil, msg end
@ -69,6 +82,24 @@ function newcontext(cfg)
succ, msg = context.setdepth(ctx, cfg.depth)
if not succ then return nil, msg end
end
-- Set DH parameters
if cfg.dhparam then
if type(cfg.dhparam) ~= "function" then
return nil, "invalid DH parameter type"
end
context.setdhparam(ctx, cfg.dhparam)
end
-- Set elliptic curve
if cfg.curve then
succ, msg = context.setcurve(ctx, cfg.curve)
if not succ then return nil, msg end
end
-- Set extra verification options
if cfg.verifyext and ctx.setverifyext then
succ, msg = optexec(ctx.setverifyext, cfg.verifyext, ctx)
if not succ then return nil, msg end
end
return ctx
end
@ -87,7 +118,43 @@ function wrap(sock, cfg)
if s then
core.setfd(s, sock:getfd())
sock:setfd(core.invalidfd)
registry[s] = ctx
return s
end
return nil, msg
end
--
-- Extract connection information.
--
local function info(ssl, field)
local str, comp, err
comp, err = core.compression(ssl)
if err then
return comp, err
end
-- Avoid parser
if field == "compression" then
return comp
end
local info = {compression = comp}
str, info.bits, info.algbits = core.info(ssl)
if str then
info.cipher, info.protocol, info.key,
info.authentication, info.encryption, info.mac =
string.match(str,
"^(%S+)%s+(%S+)%s+Kx=(%S+)%s+Au=(%S+)%s+Enc=(%S+)%s+Mac=(%S+)")
info.export = (string.match(str, "%sexport%s*$") ~= nil)
end
if field then
return info[field]
end
-- Empty?
return ( (next(info)) and info )
end
--
-- Set method for SSL connections.
--
core.setmethod("info", info)

477
src/x509.c Normal file
View File

@ -0,0 +1,477 @@
/*--------------------------------------------------------------------------
* LuaSec 0.4.1
* Copyright (C) 2012
*
*--------------------------------------------------------------------------*/
#include <string.h>
#if defined(WIN32)
#include <windows.h>
#endif
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <lua.h>
#include <lauxlib.h>
#include "x509.h"
static const char* hex_tab = "0123456789abcdef";
/**
* Push the certificate on the stack.
*/
void lsec_pushx509(lua_State* L, X509 *cert)
{
p_x509 cert_obj = (p_x509)lua_newuserdata(L, sizeof(t_x509));
cert_obj->cert = cert;
luaL_getmetatable(L, "SSL:Certificate");
lua_setmetatable(L, -2);
}
/**
* Return the OpenSSL certificate X509.
*/
X509* lsec_checkx509(lua_State* L, int idx)
{
return ((p_x509)luaL_checkudata(L, idx, "SSL:Certificate"))->cert;
}
/*---------------------------------------------------------------------------*/
/**
* Convert the buffer 'in' to hexadecimal.
*/
static void to_hex(const char* in, int length, char* out)
{
int i;
for (i = 0; i < length; i++) {
out[i*2] = hex_tab[(in[i] >> 4) & 0xF];
out[i*2+1] = hex_tab[(in[i]) & 0xF];
}
}
/**
* Converts the ASN1_OBJECT into a textual representation and put it
* on the Lua stack.
*/
static void push_asn1_objname(lua_State* L, ASN1_OBJECT *object, int no_name)
{
char buffer[256];
int len = OBJ_obj2txt(buffer, sizeof(buffer), object, no_name);
len = (len < sizeof(buffer)) ? len : sizeof(buffer);
lua_pushlstring(L, buffer, len);
}
/**
* Push the ASN1 string on the stack.
*/
static void push_asn1_string(lua_State* L, ASN1_STRING *string)
{
if (string)
lua_pushlstring(L, (char*)ASN1_STRING_data(string),
ASN1_STRING_length(string));
else
lua_pushnil(L);
}
/**
* Return a human readable time.
*/
static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
{
char *tmp;
long size;
BIO *out = BIO_new(BIO_s_mem());
ASN1_TIME_print(out, tm);
size = BIO_get_mem_data(out, &tmp);
lua_pushlstring(L, tmp, size);
BIO_free(out);
return 1;
}
/**
*
*/
static int push_subtable(lua_State* L, int idx)
{
lua_pushvalue(L, -1);
lua_gettable(L, idx-1);
if (lua_isnil(L, -1)) {
lua_pop(L, 1);
lua_newtable(L);
lua_pushvalue(L, -2);
lua_pushvalue(L, -2);
lua_settable(L, idx-3);
lua_replace(L, -2); /* Replace key with table */
return 1;
}
lua_replace(L, -2); /* Replace key with table */
return 0;
}
/**
* Retrive the general names from the object.
*/
static int push_x509_name(lua_State* L, X509_NAME *name)
{
int i;
int n_entries;
ASN1_OBJECT *object;
X509_NAME_ENTRY *entry;
lua_newtable(L);
n_entries = X509_NAME_entry_count(name);
for (i = 0; i < n_entries; i++) {
entry = X509_NAME_get_entry(name, i);
object = X509_NAME_ENTRY_get_object(entry);
lua_newtable(L);
push_asn1_objname(L, object, 1);
lua_setfield(L, -2, "oid");
push_asn1_objname(L, object, 0);
lua_setfield(L, -2, "name");
push_asn1_string(L, X509_NAME_ENTRY_get_data(entry));
lua_setfield(L, -2, "value");
lua_rawseti(L, -2, i+1);
}
return 1;
}
/*---------------------------------------------------------------------------*/
/**
* Retrive the Subject from the certificate.
*/
static int meth_subject(lua_State* L)
{
return push_x509_name(L, X509_get_subject_name(lsec_checkx509(L, 1)));
}
/**
* Retrive the Issuer from the certificate.
*/
static int meth_issuer(lua_State* L)
{
return push_x509_name(L, X509_get_issuer_name(lsec_checkx509(L, 1)));
}
/**
* Retrieve the extensions from the certificate.
*/
int meth_extensions(lua_State* L)
{
int j;
int i = -1;
int n_general_names;
OTHERNAME *otherName;
X509_EXTENSION *extension;
GENERAL_NAME *general_name;
STACK_OF(GENERAL_NAME) *values;
X509 *peer = lsec_checkx509(L, 1);
/* Return (ret) */
lua_newtable(L);
while ((i = X509_get_ext_by_NID(peer, NID_subject_alt_name, i)) != -1) {
extension = X509_get_ext(peer, i);
if (extension == NULL)
break;
values = X509V3_EXT_d2i(extension);
if (values == NULL)
break;
/* Push ret[oid] */
push_asn1_objname(L, extension->object, 1);
push_subtable(L, -2);
/* Set ret[oid].name = name */
push_asn1_objname(L, extension->object, 0);
lua_setfield(L, -2, "name");
n_general_names = sk_GENERAL_NAME_num(values);
for (j = 0; j < n_general_names; j++) {
general_name = sk_GENERAL_NAME_value(values, j);
switch (general_name->type) {
case GEN_OTHERNAME:
otherName = general_name->d.otherName;
push_asn1_objname(L, otherName->type_id, 1);
if (push_subtable(L, -2)) {
push_asn1_objname(L, otherName->type_id, 0);
lua_setfield(L, -2, "name");
}
push_asn1_string(L, otherName->value->value.asn1_string);
lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
lua_pop(L, 1);
break;
case GEN_DNS:
lua_pushstring(L, "dNSName");
push_subtable(L, -2);
push_asn1_string(L, general_name->d.dNSName);
lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
lua_pop(L, 1);
break;
case GEN_EMAIL:
lua_pushstring(L, "rfc822Name");
push_subtable(L, -2);
push_asn1_string(L, general_name->d.rfc822Name);
lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
lua_pop(L, 1);
break;
case GEN_URI:
lua_pushstring(L, "uniformResourceIdentifier");
push_subtable(L, -2);
push_asn1_string(L, general_name->d.uniformResourceIdentifier);
lua_rawseti(L, -2, lua_rawlen(L, -2)+1);
lua_pop(L, 1);
break;
case GEN_IPADD:
lua_pushstring(L, "iPAddress");
push_subtable(L, -2);
push_asn1_string(L, general_name->d.iPAddress);
lua_rawseti(L, -2, lua_rawlen(L, -2)+1);
lua_pop(L, 1);
break;
case GEN_X400:
/* x400Address */
/* not supported */
break;
case GEN_DIRNAME:
/* directoryName */
/* not supported */
break;
case GEN_EDIPARTY:
/* ediPartyName */
/* not supported */
break;
case GEN_RID:
/* registeredID */
/* not supported */
break;
}
}
lua_pop(L, 1); /* ret[oid] */
i++; /* Next extension */
}
return 1;
}
/**
* Convert the certificate to PEM format.
*/
static int meth_pem(lua_State* L)
{
char* data;
long bytes;
X509* cert = lsec_checkx509(L, 1);
BIO *bio = BIO_new(BIO_s_mem());
if (!PEM_write_bio_X509(bio, cert)) {
lua_pushnil(L);
return 1;
}
bytes = BIO_get_mem_data(bio, &data);
if (bytes > 0)
lua_pushlstring(L, data, bytes);
else
lua_pushnil(L);
BIO_free(bio);
return 1;
}
/**
* Compute the fingerprint.
*/
static int meth_digest(lua_State* L)
{
unsigned int bytes;
const EVP_MD *digest = NULL;
unsigned char buffer[EVP_MAX_MD_SIZE];
char hex_buffer[EVP_MAX_MD_SIZE*2];
X509 *cert = lsec_checkx509(L, 1);
const char *str = luaL_optstring(L, 2, NULL);
if (!str)
digest = EVP_sha1();
else {
if (!strcmp(str, "sha1"))
digest = EVP_sha1();
else if (!strcmp(str, "sha256"))
digest = EVP_sha256();
else if (!strcmp(str, "sha512"))
digest = EVP_sha512();
}
if (!digest) {
lua_pushnil(L);
lua_pushstring(L, "digest algorithm not supported");
return 2;
}
if (!X509_digest(cert, digest, buffer, &bytes)) {
lua_pushnil(L);
lua_pushstring(L, "error processing the certificate");
return 2;
}
to_hex((char*)buffer, bytes, hex_buffer);
lua_pushlstring(L, hex_buffer, bytes*2);
return 1;
}
/**
* Check if the certificate is valid in a given time.
*/
static int meth_valid_at(lua_State* L)
{
X509* cert = lsec_checkx509(L, 1);
time_t time = luaL_checkinteger(L, 2);
lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time) >= 0
&& X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
return 1;
}
/**
* Return the serial number.
*/
static int meth_serial(lua_State *L)
{
char *tmp;
BIGNUM *bn;
ASN1_INTEGER *serial;
X509* cert = lsec_checkx509(L, 1);
serial = X509_get_serialNumber(cert);
bn = ASN1_INTEGER_to_BN(serial, NULL);
tmp = BN_bn2hex(bn);
lua_pushstring(L, tmp);
BN_free(bn);
OPENSSL_free(tmp);
return 1;
}
/**
* Return not before date.
*/
static int meth_notbefore(lua_State *L)
{
X509* cert = lsec_checkx509(L, 1);
return push_asn1_time(L, X509_get_notBefore(cert));
}
/**
* Return not after date.
*/
static int meth_notafter(lua_State *L)
{
X509* cert = lsec_checkx509(L, 1);
return push_asn1_time(L, X509_get_notAfter(cert));
}
/**
* Collect X509 objects.
*/
static int meth_destroy(lua_State* L)
{
X509_free(lsec_checkx509(L, 1));
return 0;
}
static int meth_tostring(lua_State *L)
{
X509* cert = lsec_checkx509(L, 1);
lua_pushfstring(L, "X509 certificate: %p", cert);
return 1;
}
/*---------------------------------------------------------------------------*/
static int load_cert(lua_State* L)
{
X509 *cert;
size_t bytes;
const char* data;
BIO *bio = BIO_new(BIO_s_mem());
data = luaL_checklstring(L, 1, &bytes);
BIO_write(bio, data, bytes);
cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (cert)
lsec_pushx509(L, cert);
else
lua_pushnil(L);
BIO_free(bio);
return 1;
}
/*---------------------------------------------------------------------------*/
/**
* Certificate methods.
*/
static luaL_Reg methods[] = {
{"digest", meth_digest},
{"extensions", meth_extensions},
{"issuer", meth_issuer},
{"notbefore", meth_notbefore},
{"notafter", meth_notafter},
{"pem", meth_pem},
{"serial", meth_serial},
{"subject", meth_subject},
{"validat", meth_valid_at},
{NULL, NULL}
};
/**
* X509 metamethods.
*/
static luaL_Reg meta[] = {
{"__gc", meth_destroy},
{"__tostring", meth_tostring},
{NULL, NULL}
};
/**
* X509 functions.
*/
static luaL_Reg funcs[] = {
{"load", load_cert},
{NULL, NULL}
};
/*--------------------------------------------------------------------------*/
#if (LUA_VERSION_NUM == 501)
LSEC_API int luaopen_ssl_x509(lua_State *L)
{
/* Register the functions and tables */
luaL_newmetatable(L, "SSL:Certificate");
luaL_register(L, NULL, meta);
lua_newtable(L);
luaL_register(L, NULL, methods);
lua_setfield(L, -2, "__index");
luaL_register(L, "ssl.x509", funcs);
return 1;
}
#else
LSEC_API int luaopen_ssl_x509(lua_State *L)
{
/* Register the functions and tables */
luaL_newmetatable(L, "SSL:Certificate");
luaL_setfuncs(L, meta, 0);
lua_newtable(L);
luaL_setfuncs(L, methods, 0);
lua_setfield(L, -2, "__index");
lua_newtable(L);
luaL_setfuncs(L, funcs, 0);
return 1;
}
#endif

25
src/x509.h Normal file
View File

@ -0,0 +1,25 @@
#ifndef LSEC_X509_H
#define LSEC_X509_H
/*--------------------------------------------------------------------------
* LuaSec 0.4.1
* Copyright (C) 2012
*
*--------------------------------------------------------------------------*/
#include <openssl/x509v3.h>
#include <lua.h>
#include "config.h"
typedef struct t_x509_ {
X509 *cert;
} t_x509;
typedef t_x509* p_x509;
void lsec_pushx509(lua_State* L, X509* cert);
X509* lsec_checkx509(lua_State* L, int idx);
LSEC_API int luaopen_ssl_x509(lua_State *L);
#endif