From b9dd8d800b02628a678afd8c11582c4c1e53a412 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Sun, 12 Jan 2020 19:34:26 +0200 Subject: [PATCH] main/lua-ossl: align with latest PEM encryption patch set https://github.com/wahern/luaossl/pull/128 backwards incompatible --- .../0001-pkey-getPrivateKey-method.patch | 45 ------- ...1-pkey.toPEM-opts-rename-const-array.patch | 33 +++++ .../0002-pkey.getPrivateKey-encryption.patch | 50 -------- ...02-pkey.toPEM-accept-table-arguments.patch | 35 ++++++ ...03-pkey.toPEM-private-key-encryption.patch | 63 ++++++++++ ....getPrivateKey-use-password-callback.patch | 25 ---- .../0004-pkey.new-type-rename-variable.patch | 43 +++++++ .../0005-pkey-PEM-password-callback.patch | 103 ---------------- .../0005-pkey.new-opt-rename-variable.patch | 42 +++++++ ...6-optencoding-allow-negative-indices.patch | 48 ++++++++ .../0007-pkey.new-accept-option-table.patch | 58 +++++++++ ...n.patch => 0008-pkey.new-decryption.patch} | 61 +++++---- ...009-pkey.toPEM-use-password-callback.patch | 25 ++++ .../0010-pkey-PEM-password-callback.patch | 116 ++++++++++++++++++ main/lua-ossl/APKBUILD | 32 +++-- 15 files changed, 523 insertions(+), 256 deletions(-) delete mode 100644 main/lua-ossl/0001-pkey-getPrivateKey-method.patch create mode 100644 main/lua-ossl/0001-pkey.toPEM-opts-rename-const-array.patch delete mode 100644 main/lua-ossl/0002-pkey.getPrivateKey-encryption.patch create mode 100644 main/lua-ossl/0002-pkey.toPEM-accept-table-arguments.patch create mode 100644 main/lua-ossl/0003-pkey.toPEM-private-key-encryption.patch delete mode 100644 main/lua-ossl/0004-pkey.getPrivateKey-use-password-callback.patch create mode 100644 main/lua-ossl/0004-pkey.new-type-rename-variable.patch delete mode 100644 main/lua-ossl/0005-pkey-PEM-password-callback.patch create mode 100644 main/lua-ossl/0005-pkey.new-opt-rename-variable.patch create mode 100644 main/lua-ossl/0006-optencoding-allow-negative-indices.patch create mode 100644 main/lua-ossl/0007-pkey.new-accept-option-table.patch rename main/lua-ossl/{0003-pkey.new-decryption.patch => 0008-pkey.new-decryption.patch} (54%) create mode 100644 main/lua-ossl/0009-pkey.toPEM-use-password-callback.patch create mode 100644 main/lua-ossl/0010-pkey-PEM-password-callback.patch diff --git a/main/lua-ossl/0001-pkey-getPrivateKey-method.patch b/main/lua-ossl/0001-pkey-getPrivateKey-method.patch deleted file mode 100644 index d5a6496c43f6..000000000000 --- a/main/lua-ossl/0001-pkey-getPrivateKey-method.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 3f9c54caeb4b70c4e3a1776951b13daec3accf07 Mon Sep 17 00:00:00 2001 -From: Kaarle Ritvanen -Date: Mon, 30 Apr 2018 13:19:28 +0300 -Subject: [PATCH 1/5] pkey: getPrivateKey method - ---- - src/openssl.c | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/src/openssl.c b/src/openssl.c -index 5d757a2..0df6b61 100644 ---- a/src/openssl.c -+++ b/src/openssl.c -@@ -4103,6 +4103,20 @@ static int pk_toPEM(lua_State *L) { - } /* pk_toPEM() */ - - -+static int pk_getPrivateKey(lua_State *L) { -+ BIO *bio = getbio(L); -+ char *str; -+ long len; -+ -+ if (!PEM_write_bio_PrivateKey(bio, checksimple(L, 1, PKEY_CLASS), 0, 0, 0, 0, 0)) -+ return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey"); -+ len = BIO_get_mem_data(bio, &str); -+ lua_pushlstring(L, str, len); -+ -+ return 1; -+} /* pk_getPrivateKey() */ -+ -+ - static int pk_getDefaultDigestName(lua_State *L) { - EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); - int nid; -@@ -4680,6 +4694,7 @@ static const auxL_Reg pk_methods[] = { - { "toPEM", &pk_toPEM }, - { "tostring", &pk__tostring }, - { "verify", &pk_verify }, -+ { "getPrivateKey", &pk_getPrivateKey }, - { NULL, NULL }, - }; - --- -2.18.0 - diff --git a/main/lua-ossl/0001-pkey.toPEM-opts-rename-const-array.patch b/main/lua-ossl/0001-pkey.toPEM-opts-rename-const-array.patch new file mode 100644 index 000000000000..8e43c1687344 --- /dev/null +++ b/main/lua-ossl/0001-pkey.toPEM-opts-rename-const-array.patch @@ -0,0 +1,33 @@ +From 4589f5b1a5c2cbeab2069f9cdce605bc3a3096fb Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Sun, 2 Sep 2018 13:07:20 +0300 +Subject: [PATCH 01/10] pkey.toPEM: opts: rename const array + +--- + src/openssl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/openssl.c b/src/openssl.c +index 9a9de0f..acb8289 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -4675,14 +4675,14 @@ static int pk_toPEM(lua_State *L) { + bio = getbio(L); + + for (i = 2; i <= top; i++) { +- static const char *const opts[] = { ++ static const char *const types[] = { + "public", "PublicKey", + "private", "PrivateKey", + // "params", "Parameters", + NULL, + }; + +- switch (auxL_checkoption(L, i, NULL, opts, 1)) { ++ switch (auxL_checkoption(L, i, NULL, types, 1)) { + case 0: case 1: /* public, PublicKey */ + if (!PEM_write_bio_PUBKEY(bio, key)) + return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring"); +-- +2.24.1 + diff --git a/main/lua-ossl/0002-pkey.getPrivateKey-encryption.patch b/main/lua-ossl/0002-pkey.getPrivateKey-encryption.patch deleted file mode 100644 index 218133d2dd93..000000000000 --- a/main/lua-ossl/0002-pkey.getPrivateKey-encryption.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d829a3a94494b06af8d52d9181cdd00c26b81084 Mon Sep 17 00:00:00 2001 -From: Kaarle Ritvanen -Date: Mon, 30 Apr 2018 13:26:16 +0300 -Subject: [PATCH 2/5] pkey.getPrivateKey: encryption - ---- - src/openssl.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - -diff --git a/src/openssl.c b/src/openssl.c -index 0df6b61..a32dd1a 100644 ---- a/src/openssl.c -+++ b/src/openssl.c -@@ -31,7 +31,7 @@ - - #include /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */ - #include /* uintptr_t */ --#include /* memset(3) strerror_r(3) */ -+#include /* memset(3) strerror_r(3) strlen(3) */ - #include /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */ - #include /* struct tm time_t strptime(3) time(2) */ - #include /* isdigit(3), isxdigit(3), tolower(3) */ -@@ -4104,11 +4104,23 @@ static int pk_toPEM(lua_State *L) { - - - static int pk_getPrivateKey(lua_State *L) { -+ EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); -+ const char *cname = luaL_optstring(L, 2, NULL); -+ const char *pass = NULL; -+ EVP_CIPHER *cipher = NULL; -+ -+ if (cname) { -+ pass = luaL_checkstring(L, 3); -+ cipher = EVP_get_cipherbyname(cname); -+ if (!cipher) -+ return luaL_error(L, "pkey:getPrivateKey: unknown cipher: %s", cname); -+ } -+ - BIO *bio = getbio(L); - char *str; - long len; - -- if (!PEM_write_bio_PrivateKey(bio, checksimple(L, 1, PKEY_CLASS), 0, 0, 0, 0, 0)) -+ if (!PEM_write_bio_PrivateKey(bio, key, cipher, pass, pass ? strlen(pass) : 0, 0, 0)) - return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey"); - len = BIO_get_mem_data(bio, &str); - lua_pushlstring(L, str, len); --- -2.18.0 - diff --git a/main/lua-ossl/0002-pkey.toPEM-accept-table-arguments.patch b/main/lua-ossl/0002-pkey.toPEM-accept-table-arguments.patch new file mode 100644 index 000000000000..28fd10fa822d --- /dev/null +++ b/main/lua-ossl/0002-pkey.toPEM-accept-table-arguments.patch @@ -0,0 +1,35 @@ +From 2fb6331a5304927fcfe915d5d42535d3d500f540 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Sun, 2 Sep 2018 13:18:48 +0300 +Subject: [PATCH 02/10] pkey.toPEM: accept table arguments + +--- + src/openssl.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/openssl.c b/src/openssl.c +index acb8289..1905693 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -4681,8 +4681,17 @@ static int pk_toPEM(lua_State *L) { + // "params", "Parameters", + NULL, + }; ++ int type; + +- switch (auxL_checkoption(L, i, NULL, types, 1)) { ++ if (!lua_istable(L, i)) ++ lua_pushvalue(L, i); ++ else if (!getfield(L, i, "type")) ++ lua_pushliteral(L, "public"); ++ ++ type = auxL_checkoption(L, -1, NULL, types, 1); ++ lua_pop(L, 1); ++ ++ switch (type) { + case 0: case 1: /* public, PublicKey */ + if (!PEM_write_bio_PUBKEY(bio, key)) + return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring"); +-- +2.24.1 + diff --git a/main/lua-ossl/0003-pkey.toPEM-private-key-encryption.patch b/main/lua-ossl/0003-pkey.toPEM-private-key-encryption.patch new file mode 100644 index 000000000000..8f2b78e617fa --- /dev/null +++ b/main/lua-ossl/0003-pkey.toPEM-private-key-encryption.patch @@ -0,0 +1,63 @@ +From 367597c9fbbd8c0179a8b2a75e5b0819ef5bc5d6 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Mon, 30 Apr 2018 13:26:16 +0300 +Subject: [PATCH 03/10] pkey.toPEM: private key encryption + +--- + src/openssl.c | 25 +++++++++++++++++++------ + 1 file changed, 19 insertions(+), 6 deletions(-) + +diff --git a/src/openssl.c b/src/openssl.c +index 1905693..9b10165 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -31,7 +31,7 @@ + + #include /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */ + #include /* uintptr_t */ +-#include /* memset(3) strerror_r(3) */ ++#include /* memset(3) strerror_r(3) strlen(3) */ + #include /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */ + #include /* struct tm time_t strptime(3) time(2) */ + #include /* isdigit(3), isxdigit(3), tolower(3) */ +@@ -4682,11 +4682,16 @@ static int pk_toPEM(lua_State *L) { + NULL, + }; + int type; +- +- if (!lua_istable(L, i)) ++ const char *cname = NULL; ++ const EVP_CIPHER *cipher = NULL; ++ const char *pass = NULL; ++ ++ if (lua_istable(L, i)) { ++ loadfield(L, i, "cipher", LUA_TSTRING, &cname); ++ if (!getfield(L, i, "type")) ++ lua_pushstring(L, cname ? "private" : "public"); ++ } else + lua_pushvalue(L, i); +- else if (!getfield(L, i, "type")) +- lua_pushliteral(L, "public"); + + type = auxL_checkoption(L, -1, NULL, types, 1); + lua_pop(L, 1); +@@ -4702,7 +4707,15 @@ static int pk_toPEM(lua_State *L) { + + break; + case 2: case 3: /* private, PrivateKey */ +- if (!PEM_write_bio_PrivateKey(bio, key, 0, 0, 0, 0, 0)) ++ if (cname) { ++ cipher = EVP_get_cipherbyname(cname); ++ if (!cipher) ++ return luaL_error(L, "pkey:toPEM: unknown cipher: %s", cname); ++ if (!loadfield(L, i, "password", LUA_TSTRING, &pass)) ++ return luaL_error(L, "pkey:toPEM: password not defined"); ++ } ++ ++ if (!PEM_write_bio_PrivateKey(bio, key, cipher, pass, pass ? strlen(pass) : 0, 0, 0)) + return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring"); + + len = BIO_get_mem_data(bio, &pem); +-- +2.24.1 + diff --git a/main/lua-ossl/0004-pkey.getPrivateKey-use-password-callback.patch b/main/lua-ossl/0004-pkey.getPrivateKey-use-password-callback.patch deleted file mode 100644 index b9317c59a380..000000000000 --- a/main/lua-ossl/0004-pkey.getPrivateKey-use-password-callback.patch +++ /dev/null @@ -1,25 +0,0 @@ -From a1bbc97c659e72f110f68d37c2b09ef1cf32b46a Mon Sep 17 00:00:00 2001 -From: Kaarle Ritvanen -Date: Thu, 3 May 2018 21:21:16 +0300 -Subject: [PATCH 4/5] pkey.getPrivateKey: use password callback - ---- - src/openssl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/openssl.c b/src/openssl.c -index 2e6d802..be585fe 100644 ---- a/src/openssl.c -+++ b/src/openssl.c -@@ -4130,7 +4130,7 @@ static int pk_getPrivateKey(lua_State *L) { - char *str; - long len; - -- if (!PEM_write_bio_PrivateKey(bio, key, cipher, pass, pass ? strlen(pass) : 0, 0, 0)) -+ if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass)) - return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey"); - len = BIO_get_mem_data(bio, &str); - lua_pushlstring(L, str, len); --- -2.18.0 - diff --git a/main/lua-ossl/0004-pkey.new-type-rename-variable.patch b/main/lua-ossl/0004-pkey.new-type-rename-variable.patch new file mode 100644 index 000000000000..522985f91650 --- /dev/null +++ b/main/lua-ossl/0004-pkey.new-type-rename-variable.patch @@ -0,0 +1,43 @@ +From f287bd7a314458a3870ee4e7fbdfc7e0ea41a4b6 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Sun, 2 Sep 2018 14:22:43 +0300 +Subject: [PATCH 04/10] pkey.new: type: rename variable + +--- + src/openssl.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/openssl.c b/src/openssl.c +index 9b10165..ed18e60 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -4299,7 +4299,7 @@ static int pk_new(lua_State *L) { + #endif + } /* switch() */ + } else if (lua_isstring(L, 1)) { +- int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER); ++ int format = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER); + int pubonly = 0, prvtonly = 0; + const char *opt, *data; + size_t len; +@@ -4325,7 +4325,7 @@ static int pk_new(lua_State *L) { + if (!(bio = BIO_new_mem_buf((void *)data, len))) + return auxL_error(L, auxL_EOPENSSL, "pkey.new"); + +- if (type == X509_PEM || type == X509_ANY) { ++ if (format == X509_PEM || format == X509_ANY) { + if (!prvtonly && !pub) { + /* + * BIO_reset is a rewind for read-only +@@ -4346,7 +4346,7 @@ static int pk_new(lua_State *L) { + } + } + +- if (type == X509_DER || type == X509_ANY) { ++ if (format == X509_DER || format == X509_ANY) { + if (!prvtonly && !pub) { + BIO_reset(bio); + +-- +2.24.1 + diff --git a/main/lua-ossl/0005-pkey-PEM-password-callback.patch b/main/lua-ossl/0005-pkey-PEM-password-callback.patch deleted file mode 100644 index d3f77cf0292d..000000000000 --- a/main/lua-ossl/0005-pkey-PEM-password-callback.patch +++ /dev/null @@ -1,103 +0,0 @@ -From b8c6bb03d9638e429e7b0051d9eb0f46e72cb6bd Mon Sep 17 00:00:00 2001 -From: Kaarle Ritvanen -Date: Thu, 3 May 2018 21:37:30 +0300 -Subject: [PATCH 5/5] pkey: PEM password callback - ---- - src/openssl.c | 26 +++++++++++++++++--------- - 1 file changed, 17 insertions(+), 9 deletions(-) - -diff --git a/src/openssl.c b/src/openssl.c -index be585fe..bd9d4ea 100644 ---- a/src/openssl.c -+++ b/src/openssl.c -@@ -3428,9 +3428,15 @@ static BIO *getbio(lua_State *L) { - - - static int pem_pw_cb(char *buf, int size, int rwflag, void *u) { -- if (!u) -+ lua_State *L = (lua_State *) u; -+ -+ if (lua_isnil(L, -1) || (lua_isfunction(L, -1) && lua_pcall(L, 0, 1, 0))) -+ return 0; -+ -+ const char *pass = lua_tostring(L, -1); -+ if (!pass) - return 0; -- char *pass = (char *) u; -+ - strncpy(buf, pass, size); - return MIN(strlen(pass), (unsigned int) size); - } /* pem_pw_cb() */ -@@ -3646,7 +3652,7 @@ static int pk_new(lua_State *L) { - } else if (lua_isstring(L, 1)) { - int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER); - int pubonly = 0, prvtonly = 0; -- const char *opt, *data, *pass; -+ const char *opt, *data; - size_t len; - BIO *bio; - EVP_PKEY *pub = NULL, *prvt = NULL; -@@ -3664,7 +3670,6 @@ static int pk_new(lua_State *L) { - } - - data = luaL_checklstring(L, 1, &len); -- pass = luaL_optstring(L, 4, NULL); - - ud = prepsimple(L, PKEY_CLASS); - -@@ -3672,6 +3677,8 @@ static int pk_new(lua_State *L) { - return auxL_error(L, auxL_EOPENSSL, "pkey.new"); - - if (type == X509_PEM || type == X509_ANY) { -+ lua_pushvalue(L, 4); -+ - if (!prvtonly && !pub) { - /* - * BIO_reset is a rewind for read-only -@@ -3680,16 +3687,18 @@ static int pk_new(lua_State *L) { - */ - BIO_reset(bio); - -- if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass))) -+ if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, L))) - goterr = 1; - } - - if (!pubonly && !prvt) { - BIO_reset(bio); - -- if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass))) -+ if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, L))) - goterr = 1; - } -+ -+ lua_pop(L, 1); - } - - if (type == X509_DER || type == X509_ANY) { -@@ -4116,11 +4125,10 @@ static int pk_toPEM(lua_State *L) { - static int pk_getPrivateKey(lua_State *L) { - EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS); - const char *cname = luaL_optstring(L, 2, NULL); -- const char *pass = NULL; - EVP_CIPHER *cipher = NULL; -+ lua_settop(L, 3); - - if (cname) { -- pass = luaL_checkstring(L, 3); - cipher = EVP_get_cipherbyname(cname); - if (!cipher) - return luaL_error(L, "pkey:getPrivateKey: unknown cipher: %s", cname); -@@ -4130,7 +4138,7 @@ static int pk_getPrivateKey(lua_State *L) { - char *str; - long len; - -- if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass)) -+ if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, L)) - return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey"); - len = BIO_get_mem_data(bio, &str); - lua_pushlstring(L, str, len); --- -2.18.0 - diff --git a/main/lua-ossl/0005-pkey.new-opt-rename-variable.patch b/main/lua-ossl/0005-pkey.new-opt-rename-variable.patch new file mode 100644 index 000000000000..fbbb163c1e3c --- /dev/null +++ b/main/lua-ossl/0005-pkey.new-opt-rename-variable.patch @@ -0,0 +1,42 @@ +From 31403e7892b554458edc28a43f6f0552f3f27bac Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Sun, 2 Sep 2018 14:24:51 +0300 +Subject: [PATCH 05/10] pkey.new: opt: rename variable + +--- + src/openssl.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/openssl.c b/src/openssl.c +index ed18e60..5904bf1 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -4301,20 +4301,20 @@ static int pk_new(lua_State *L) { + } else if (lua_isstring(L, 1)) { + int format = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER); + int pubonly = 0, prvtonly = 0; +- const char *opt, *data; ++ const char *type, *data; + size_t len; + BIO *bio; + EVP_PKEY *pub = NULL, *prvt = NULL; + int goterr = 0; + + /* check if specified publickey or privatekey */ +- if ((opt = luaL_optstring(L, 3, NULL))) { +- if (xtolower(opt[0]) == 'p' && xtolower(opt[1]) == 'u') { ++ if ((type = luaL_optstring(L, 3, NULL))) { ++ if (xtolower(type[0]) == 'p' && xtolower(type[1]) == 'u') { + pubonly = 1; +- } else if (xtolower(opt[0]) == 'p' && xtolower(opt[1]) == 'r') { ++ } else if (xtolower(type[0]) == 'p' && xtolower(type[1]) == 'r') { + prvtonly = 1; + } else { +- return luaL_argerror(L, 3, lua_pushfstring(L, "invalid option %s", opt)); ++ return luaL_argerror(L, 3, lua_pushfstring(L, "invalid type: %s", type)); + } + } + +-- +2.24.1 + diff --git a/main/lua-ossl/0006-optencoding-allow-negative-indices.patch b/main/lua-ossl/0006-optencoding-allow-negative-indices.patch new file mode 100644 index 000000000000..836ddd21cc73 --- /dev/null +++ b/main/lua-ossl/0006-optencoding-allow-negative-indices.patch @@ -0,0 +1,48 @@ +From 49ea990493039729e5a856f8bb3c758a0aa98a78 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Sun, 2 Sep 2018 14:40:07 +0300 +Subject: [PATCH 06/10] optencoding: allow negative indices + +--- + src/openssl.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/openssl.c b/src/openssl.c +index 5904bf1..cb38f2f 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -846,8 +846,12 @@ static int optencoding(lua_State *L, int index, const char *def, int allow) { + break; + } + +- if (!(type & allow)) +- luaL_argerror(L, index, lua_pushfstring(L, "invalid option %s", luaL_checkstring(L, index))); ++ if (!(type & allow)) { ++ const char *arg = luaL_checkstring(L, index); ++ if (index > 0) ++ luaL_argerror(L, index, lua_pushfstring(L, "invalid format: %s", arg)); ++ luaL_error(L, "invalid format: %s", arg); ++ } + + return type; + } /* optencoding() */ +@@ -1186,11 +1190,15 @@ static int auxL_testoption(lua_State *L, int index, const char *def, const char + + static int auxL_checkoption(lua_State *L, int index, const char *def, const char *const *optlist, _Bool nocase) { + int i; ++ const char *arg; + + if ((i = auxL_testoption(L, index, def, optlist, nocase)) >= 0) + return i; + +- return luaL_argerror(L, index, lua_pushfstring(L, "invalid option '%s'", luaL_optstring(L, index, def))); ++ arg = luaL_optstring(L, index, def); ++ if (index > 0) ++ return luaL_argerror(L, index, lua_pushfstring(L, "invalid option '%s'", arg)); ++ return luaL_error(L, "invalid option '%s'", arg); + } /* auxL_checkoption() */ + + /* +-- +2.24.1 + diff --git a/main/lua-ossl/0007-pkey.new-accept-option-table.patch b/main/lua-ossl/0007-pkey.new-accept-option-table.patch new file mode 100644 index 000000000000..b78818ee6e07 --- /dev/null +++ b/main/lua-ossl/0007-pkey.new-accept-option-table.patch @@ -0,0 +1,58 @@ +From 07e298a09b20f24d7a1efede41c04f398bb1022a Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Sun, 2 Sep 2018 14:44:46 +0300 +Subject: [PATCH 07/10] pkey.new: accept option table + +--- + src/openssl.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/src/openssl.c b/src/openssl.c +index cb38f2f..2aaa5d8 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -4073,7 +4073,7 @@ static BIO *getbio(lua_State *L) { + static int pk_new(lua_State *L) { + EVP_PKEY **ud; + +- /* #1 table or key; if key, #2 format and #3 type */ ++ /* #1 table or key; if key, #2 option table or format; if format, #3 type */ + lua_settop(L, 3); + + if (lua_istable(L, 1) || lua_isnil(L, 1)) { +@@ -4307,7 +4307,7 @@ static int pk_new(lua_State *L) { + #endif + } /* switch() */ + } else if (lua_isstring(L, 1)) { +- int format = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER); ++ int format; + int pubonly = 0, prvtonly = 0; + const char *type, *data; + size_t len; +@@ -4315,14 +4315,21 @@ static int pk_new(lua_State *L) { + EVP_PKEY *pub = NULL, *prvt = NULL; + int goterr = 0; + ++ if (lua_istable(L, 2)) { ++ lua_getfield(L, 2, "format"); ++ lua_getfield(L, 2, "type"); ++ } ++ ++ format = optencoding(L, -2, "*", X509_ANY|X509_PEM|X509_DER); ++ + /* check if specified publickey or privatekey */ +- if ((type = luaL_optstring(L, 3, NULL))) { ++ if ((type = luaL_optstring(L, -1, NULL))) { + if (xtolower(type[0]) == 'p' && xtolower(type[1]) == 'u') { + pubonly = 1; + } else if (xtolower(type[0]) == 'p' && xtolower(type[1]) == 'r') { + prvtonly = 1; + } else { +- return luaL_argerror(L, 3, lua_pushfstring(L, "invalid type: %s", type)); ++ return luaL_error(L, "invalid key type: %s", type); + } + } + +-- +2.24.1 + diff --git a/main/lua-ossl/0003-pkey.new-decryption.patch b/main/lua-ossl/0008-pkey.new-decryption.patch similarity index 54% rename from main/lua-ossl/0003-pkey.new-decryption.patch rename to main/lua-ossl/0008-pkey.new-decryption.patch index aaf9a8d25661..e143fd049230 100644 --- a/main/lua-ossl/0003-pkey.new-decryption.patch +++ b/main/lua-ossl/0008-pkey.new-decryption.patch @@ -1,14 +1,14 @@ -From a97094ecf78bdc8ae2cadeaa877b23689e873342 Mon Sep 17 00:00:00 2001 +From 132ac48cea935829c31f873aaab920a940bc6b98 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Mon, 30 Apr 2018 13:49:57 +0300 -Subject: [PATCH 3/5] pkey.new: decryption +Subject: [PATCH 08/10] pkey.new: decryption --- - src/openssl.c | 22 ++++++++++++++++------ - 1 file changed, 16 insertions(+), 6 deletions(-) + src/openssl.c | 32 +++++++++++++++++++++++++------- + 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/src/openssl.c b/src/openssl.c -index a32dd1a..2e6d802 100644 +index 2aaa5d8..937ffa6 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -31,7 +31,7 @@ @@ -20,7 +20,7 @@ index a32dd1a..2e6d802 100644 #include /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */ #include /* struct tm time_t strptime(3) time(2) */ #include /* isdigit(3), isxdigit(3), tolower(3) */ -@@ -3427,11 +3427,20 @@ static BIO *getbio(lua_State *L) { +@@ -4070,6 +4070,15 @@ static BIO *getbio(lua_State *L) { } /* getbio() */ @@ -36,31 +36,48 @@ index a32dd1a..2e6d802 100644 static int pk_new(lua_State *L) { EVP_PKEY **ud; -- /* #1 table or key; if key, #2 format and #3 type */ -- lua_settop(L, 3); -+ /* #1 table or key; if key, #2 format, #3 type and #4 password */ -+ lua_settop(L, 4); - - if (lua_istable(L, 1) || lua_isnil(L, 1)) { - int type = EVP_PKEY_RSA; -@@ -3637,7 +3646,7 @@ static int pk_new(lua_State *L) { +@@ -4309,7 +4318,7 @@ static int pk_new(lua_State *L) { } else if (lua_isstring(L, 1)) { - int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER); + int format; int pubonly = 0, prvtonly = 0; -- const char *opt, *data; -+ const char *opt, *data, *pass; +- const char *type, *data; ++ const char *type, *data, *pass; size_t len; BIO *bio; EVP_PKEY *pub = NULL, *prvt = NULL; -@@ -3655,6 +3664,7 @@ static int pk_new(lua_State *L) { +@@ -4318,12 +4327,14 @@ static int pk_new(lua_State *L) { + if (lua_istable(L, 2)) { + lua_getfield(L, 2, "format"); + lua_getfield(L, 2, "type"); +- } ++ lua_getfield(L, 2, "password"); ++ } else ++ lua_pushnil(L); + +- format = optencoding(L, -2, "*", X509_ANY|X509_PEM|X509_DER); ++ format = optencoding(L, -3, "*", X509_ANY|X509_PEM|X509_DER); + + /* check if specified publickey or privatekey */ +- if ((type = luaL_optstring(L, -1, NULL))) { ++ if ((type = luaL_optstring(L, -2, NULL))) { + if (xtolower(type[0]) == 'p' && xtolower(type[1]) == 'u') { + pubonly = 1; + } else if (xtolower(type[0]) == 'p' && xtolower(type[1]) == 'r') { +@@ -4333,6 +4344,13 @@ static int pk_new(lua_State *L) { + } } ++ pass = luaL_optstring(L, -1, NULL); ++ if (pass) { ++ if (format == X509_DER) ++ return luaL_error(L, "decryption supported only for PEM keys"); ++ else format = X509_PEM; ++ } ++ data = luaL_checklstring(L, 1, &len); -+ pass = luaL_optstring(L, 4, NULL); ud = prepsimple(L, PKEY_CLASS); - -@@ -3670,14 +3680,14 @@ static int pk_new(lua_State *L) { +@@ -4349,14 +4367,14 @@ static int pk_new(lua_State *L) { */ BIO_reset(bio); @@ -78,5 +95,5 @@ index a32dd1a..2e6d802 100644 } } -- -2.18.0 +2.24.1 diff --git a/main/lua-ossl/0009-pkey.toPEM-use-password-callback.patch b/main/lua-ossl/0009-pkey.toPEM-use-password-callback.patch new file mode 100644 index 000000000000..108621099ecc --- /dev/null +++ b/main/lua-ossl/0009-pkey.toPEM-use-password-callback.patch @@ -0,0 +1,25 @@ +From 4899a210dfdd91fa75b77601d29df0152aecc382 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Thu, 3 May 2018 21:21:16 +0300 +Subject: [PATCH 09/10] pkey.toPEM: use password callback + +--- + src/openssl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/openssl.c b/src/openssl.c +index 937ffa6..3af285b 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -4748,7 +4748,7 @@ static int pk_toPEM(lua_State *L) { + return luaL_error(L, "pkey:toPEM: password not defined"); + } + +- if (!PEM_write_bio_PrivateKey(bio, key, cipher, pass, pass ? strlen(pass) : 0, 0, 0)) ++ if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass)) + return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring"); + + len = BIO_get_mem_data(bio, &pem); +-- +2.24.1 + diff --git a/main/lua-ossl/0010-pkey-PEM-password-callback.patch b/main/lua-ossl/0010-pkey-PEM-password-callback.patch new file mode 100644 index 000000000000..adeba2be85db --- /dev/null +++ b/main/lua-ossl/0010-pkey-PEM-password-callback.patch @@ -0,0 +1,116 @@ +From cf6557954e012cb9f4453d84566bec30958c5a58 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen +Date: Thu, 3 May 2018 21:37:30 +0300 +Subject: [PATCH 10/10] pkey: PEM password callback + +--- + src/openssl.c | 37 +++++++++++++++++++++++++++---------- + 1 file changed, 27 insertions(+), 10 deletions(-) + +diff --git a/src/openssl.c b/src/openssl.c +index 3af285b..03c2b68 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -4071,9 +4071,21 @@ static BIO *getbio(lua_State *L) { + + + static int pem_pw_cb(char *buf, int size, int rwflag, void *u) { +- if (!u) ++ lua_State *L = (lua_State *) u; ++ ++ if (lua_isnil(L, -1)) + return 0; +- char *pass = (char *) u; ++ ++ if (lua_isfunction(L, -1) && lua_pcall(L, 0, 1, 0)) { ++ lua_pop(L, 1); ++ lua_pushnil(L); ++ return 0; ++ } ++ ++ const char *pass = lua_tostring(L, -1); ++ if (!pass) ++ return 0; ++ + strncpy(buf, pass, size); + return MIN(strlen(pass), (unsigned int) size); + } /* pem_pw_cb() */ +@@ -4318,7 +4330,7 @@ static int pk_new(lua_State *L) { + } else if (lua_isstring(L, 1)) { + int format; + int pubonly = 0, prvtonly = 0; +- const char *type, *data, *pass; ++ const char *type, *data; + size_t len; + BIO *bio; + EVP_PKEY *pub = NULL, *prvt = NULL; +@@ -4344,8 +4356,7 @@ static int pk_new(lua_State *L) { + } + } + +- pass = luaL_optstring(L, -1, NULL); +- if (pass) { ++ if (!lua_isnil(L, -1)) { + if (format == X509_DER) + return luaL_error(L, "decryption supported only for PEM keys"); + else format = X509_PEM; +@@ -4359,6 +4370,8 @@ static int pk_new(lua_State *L) { + return auxL_error(L, auxL_EOPENSSL, "pkey.new"); + + if (format == X509_PEM || format == X509_ANY) { ++ lua_pushvalue(L, -2); ++ + if (!prvtonly && !pub) { + /* + * BIO_reset is a rewind for read-only +@@ -4367,16 +4380,18 @@ static int pk_new(lua_State *L) { + */ + BIO_reset(bio); + +- if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass))) ++ if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, L))) + goterr = 1; + } + + if (!pubonly && !prvt) { + BIO_reset(bio); + +- if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass))) ++ if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, L))) + goterr = 1; + } ++ ++ lua_pop(L, 1); + } + + if (format == X509_DER || format == X509_ANY) { +@@ -4717,7 +4732,6 @@ static int pk_toPEM(lua_State *L) { + int type; + const char *cname = NULL; + const EVP_CIPHER *cipher = NULL; +- const char *pass = NULL; + + if (lua_istable(L, i)) { + loadfield(L, i, "cipher", LUA_TSTRING, &cname); +@@ -4744,13 +4758,16 @@ static int pk_toPEM(lua_State *L) { + cipher = EVP_get_cipherbyname(cname); + if (!cipher) + return luaL_error(L, "pkey:toPEM: unknown cipher: %s", cname); +- if (!loadfield(L, i, "password", LUA_TSTRING, &pass)) ++ if (!getfield(L, i, "password")) + return luaL_error(L, "pkey:toPEM: password not defined"); + } + +- if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass)) ++ if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, L)) + return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring"); + ++ if (cname) ++ lua_pop(L, 1); ++ + len = BIO_get_mem_data(bio, &pem); + lua_pushlstring(L, pem, len); + BIO_reset(bio); +-- +2.24.1 + diff --git a/main/lua-ossl/APKBUILD b/main/lua-ossl/APKBUILD index c733a88aee79..e62e8adf1a34 100644 --- a/main/lua-ossl/APKBUILD +++ b/main/lua-ossl/APKBUILD @@ -4,7 +4,7 @@ pkgname=lua-ossl _pkgname=luaossl pkgver=20190731 _ver=${pkgver%_git*} -pkgrel=0 +pkgrel=1 pkgdesc="A comprehensive OpenSSL Lua module" url="http://25thandclement.com/~william/projects/luaossl.html" arch="all" @@ -13,11 +13,16 @@ makedepends="openssl-dev" subpackages="" checkdepends="" source="$_pkgname-$_ver.tar.gz::https://github.com/wahern/$_pkgname/archive/rel-$pkgver.tar.gz - 0001-pkey-getPrivateKey-method.patch - 0002-pkey.getPrivateKey-encryption.patch - 0003-pkey.new-decryption.patch - 0004-pkey.getPrivateKey-use-password-callback.patch - 0005-pkey-PEM-password-callback.patch + 0001-pkey.toPEM-opts-rename-const-array.patch + 0002-pkey.toPEM-accept-table-arguments.patch + 0003-pkey.toPEM-private-key-encryption.patch + 0004-pkey.new-type-rename-variable.patch + 0005-pkey.new-opt-rename-variable.patch + 0006-optencoding-allow-negative-indices.patch + 0007-pkey.new-accept-option-table.patch + 0008-pkey.new-decryption.patch + 0009-pkey.toPEM-use-password-callback.patch + 0010-pkey-PEM-password-callback.patch " builddir="$srcdir/$_pkgname-rel-$pkgver" @@ -77,8 +82,13 @@ _package() { } sha512sums="09315deb0c40b59230d80262906cb9f067660242315544179ec5df57a028b088c56a4bb0b944e5975bccf86d521901eae36006c5623ec1159cfca94d05fb6890 luaossl-20190731.tar.gz -385ca444d860deaf22b460cba0510daf40014c5da90bafb5e0299ee173625e4ab4083dab17fcd973f816a46b3cb1d2d3d535633128462ba33f5ab9c14c2baa77 0001-pkey-getPrivateKey-method.patch -0e33d10cb40f0b4d614591a3fda3e8ddc35438a9ddd8170239e8680b831ecbfea108ff111504686fbfc8a82bc59b96bbeb166ddef2ee6e299707fb5795b4b3ce 0002-pkey.getPrivateKey-encryption.patch -c5800c658773477c967a73eb1a86d9f746a6a0821ee462e8873ac5149c0b77ef3b54ee651ea7bf5d93c42e67b8e60b449e6697c1167aa92bf73e6d65aa645205 0003-pkey.new-decryption.patch -9eb6a87241bba69fc4508fb28a95e043fea9078aa7515314e9f181fd5e0789a31715de3912e4095c7b0028c24ee9ea4061e411ffb8ae7161ba7477ee85d6609c 0004-pkey.getPrivateKey-use-password-callback.patch -e0028d4623018de3f467b405e704a8cbb9e6a2a88d12358ff26ffad1aa0d28733f55fb2ed0ead4c358b350dd702c80a3d322a70c2d4463ee58ebf68ef1a9ab6a 0005-pkey-PEM-password-callback.patch" +896fd302480b42829c79226d08c05e9ed7348ba441ac15a2d4e0d473486f1476b36bc296878d55e5678864e6161861ab2e178973f3e1d7f3c2d4a915a62c7471 0001-pkey.toPEM-opts-rename-const-array.patch +9362910e3bc5e1f3110d2e6f49c086374a9277698c26917a2b43e312f81160f5330212a27915efc8cd969273452f7057bf4db9cdb8481728067d1b10e03230cd 0002-pkey.toPEM-accept-table-arguments.patch +2a021ab500e1539ba7259ef38e1e015c3ecf561b31c7f344732cbf860525db8335acd61eaaa10049881b862f17064d640da6dedeeb94d92b3aeba32d822b575c 0003-pkey.toPEM-private-key-encryption.patch +2b1a0b702ba3e4787a706ba87b79eed7ea373075a2eb8b858258e8bed105222198a8ed73aa3aa973d24d9c2d7227bda7f049f01bda0b495da5a610789c63e187 0004-pkey.new-type-rename-variable.patch +849aeef985cf9693b19b3f5131954c107c166871327bd2ae4db48b99b5e1bfa738270b9647a47cc8757d9f627b5bff4dc5ba71255be9ed9ee7741677df983b1f 0005-pkey.new-opt-rename-variable.patch +9635f795875173842ed8fe286dfc2721a6af561fd3a25236bb5609875f4cbbe3a1b6021103747bd2d8acf03eb25d3eba1dd8e13ea2410776b8346493dcead221 0006-optencoding-allow-negative-indices.patch +9b992db5d0c33258e3858bd60c2a085669112089658600fe8b84be947d33ee858a0189fc5aef96565c226ebaf3ae9a326c23fb993c95c5f3ae0caa02844f2632 0007-pkey.new-accept-option-table.patch +f8b3a1c4815f03180ca60df62e6be307c180a9d5225dcb6b78b5f6fc2d67f176756d02b1a8cd06e1909b0b0430ae876b5b1172b090ba9b8b9873169ad21b354f 0008-pkey.new-decryption.patch +fc433f9e15479083f1d737247556a2404704727712604c43d0bc93d3d7269dc73e07acd09bfaa46dfade6756cb67bcbf586aadf58f9b48c6c39ecb659ed02640 0009-pkey.toPEM-use-password-callback.patch +edcbf7110c838404bda83a4d15719264e798ddd18d2b550652d6e07218104f9bfbf33a6a08ab9baa2491a56c8723394663a06be669aee92d3b3ecd83cc5f0305 0010-pkey-PEM-password-callback.patch"