From 1d7b0306d564d38f5b7c1cb250b8c5f366ea9600 Mon Sep 17 00:00:00 2001 From: Magicks Date: Sat, 24 Jul 2021 22:57:39 +0100 Subject: [PATCH 1/2] This commit adds two new methods to openssl.ssl.ctx objects. - `ctx:setCertificteFromFile` calls `SSL_CTX_use_certificate_chain_file` to add a certificate chain from a pem encoded file specified by the string argument path. - `ctx:setPrivateKeyFromFile` calls `SSL_CTX_use_private_key_file` to add a private key from a PEM or ASN1 encoded file using the string argument path and filetype integer flag argument. The filetype is optional and will default to PEM if not specified. - `openssl.filetypes` is a new table in the openssl module which contains the two filetypes used by `setPrivateKeyFromFile`. The `.PEM` field is the value of `SSL_FILETYPE_PEM` and the `.ASN1` field is the value of `SSL_FILETYPE_ASN1`. --- src/openssl.c | 47 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/src/openssl.c b/src/openssl.c index b56c78a..6ee86d0 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -613,6 +613,10 @@ #define HMAC_INIT_EX_INT OPENSSL_PREREQ(1,0,0) #endif +#ifndef HAVE_USE_CERTIFICATE_CHAIN_FILE +#define HAVE_USE_CERTIFICATE_CHAIN_FILE (OPENSSL_PREREQ(0,9,4) || LIBRESSL_PREREQ(2,0,0)) +#endif + #if HAVE_EVP_PKEY_CTX_KDF || HAVE_EVP_KDF_CTX #include #endif @@ -3248,6 +3252,12 @@ static const auxL_IntegerReg openssl_integers[] = { { NULL, 0 }, }; +static const auxL_IntegerReg openssl_filetypes[] = { + {"PEM", SSL_FILETYPE_PEM}, + {"ASN1", SSL_FILETYPE_ASN1}, + {NULL, 0} +}; + EXPORT int luaopen__openssl(lua_State *L) { size_t i; @@ -3271,6 +3281,12 @@ EXPORT int luaopen__openssl(lua_State *L) { lua_pushstring(L, SHLIB_VERSION_NUMBER); lua_setfield(L, -2, "SHLIB_VERSION_NUMBER"); + + lua_newtable(L); + auxL_setintegers(L, openssl_filetypes); + + lua_setfield(L, -2, "filetypes"); + return 1; } /* luaopen__openssl() */ @@ -9481,6 +9497,18 @@ static int sx_setCertificateChain(lua_State *L) { } /* sx_setCertificateChain() */ #endif +#if HAVE_USE_CERTIFICATE_CHAIN_FILE +static int sx_useCertificateChainFile(lua_State* L) { + SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); + const char *filepath = luaL_checkstring(L, 2); + + if (!SSL_CTX_use_certificate_chain_file(ctx, filepath)) + return auxL_error(L, auxL_EOPENSSL, "ssl.context:setCertificateChainFromFile"); + + lua_pushboolean(L, 1); + return 1; +} +#endif #if HAVE_SSL_CTX_GET0_CHAIN_CERTS static int sx_getCertificateChain(lua_State *L) { @@ -9496,7 +9524,6 @@ static int sx_getCertificateChain(lua_State *L) { } /* sx_getCertificateChain() */ #endif - static int sx_setPrivateKey(lua_State *L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); @@ -9519,6 +9546,19 @@ static int sx_setPrivateKey(lua_State *L) { } /* sx_setPrivateKey() */ +static int sx_usePrivateKeyFile(lua_State* L) { + SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); + const char* filepath = luaL_checkstring(L, 2); + int typ = luaL_optinteger(L, 3, SSL_FILETYPE_PEM); + + if (!SSL_CTX_use_PrivateKey_file(ctx, filepath, typ)) + return auxL_error(L, auxL_EOPENSSL, "ssl.context:setPrivateKeyFromFile"); + + lua_pushboolean(L, 1); + + return 1; +} + static int sx_setCipherList(lua_State *L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); const char *ciphers = luaL_checkstring(L, 2); @@ -10270,7 +10310,6 @@ static int sx__gc(lua_State *L) { return 0; } /* sx__gc() */ - static const auxL_Reg sx_methods[] = { { "setOptions", &sx_setOptions }, { "getOptions", &sx_getOptions }, @@ -10292,8 +10331,12 @@ static const auxL_Reg sx_methods[] = { #endif #if HAVE_SSL_CTX_GET0_CHAIN_CERTS { "getCertificateChain", &sx_getCertificateChain }, +#endif +#if HAVE_USE_CERTIFICATE_CHAIN_FILE + {"setCertificateChainFromFile", &sx_useCertificateChainFile}, #endif { "setPrivateKey", &sx_setPrivateKey }, + { "setPrivateKeyFromFile", &sx_usePrivateKeyFile}, { "setCipherList", &sx_setCipherList }, #if HAVE_SSL_CTX_SET_CIPHERSUITES { "setCipherSuites", &sx_setCipherSuites }, From 124d32b45ebbd415955583f27b778dda146efd35 Mon Sep 17 00:00:00 2001 From: Magicks Date: Sun, 1 Aug 2021 15:05:40 +0100 Subject: [PATCH 2/2] Add the corresponding ssl object methods and format code. - Adds `ssl:setCertificateChainFromFile` and `ssl:setPrivateKeyFromFile` These both behave the same way as their context counterparts. - Attempt to improve formatting: - Added double newlines between the new code sections. - Tried to space out the reg declarations following the style of the code. - Added function end comments. - Renamed the c functions to match their lua registry name. --- src/openssl.c | 70 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 56 insertions(+), 14 deletions(-) diff --git a/src/openssl.c b/src/openssl.c index 6ee86d0..3a81907 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -501,6 +501,10 @@ #define HAVE_SSL_SET1_CHAIN OPENSSL_PREREQ(1,0,2) #endif +#ifndef HAVE_SSL_USE_CHAIN_FILE +#define HAVE_SSL_USE_CHAIN_FILE (OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,3,3)) +#endif + #ifndef HAVE_SSL_SET1_PARAM #define HAVE_SSL_SET1_PARAM (OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(2,5,1)) #endif @@ -9497,8 +9501,9 @@ static int sx_setCertificateChain(lua_State *L) { } /* sx_setCertificateChain() */ #endif + #if HAVE_USE_CERTIFICATE_CHAIN_FILE -static int sx_useCertificateChainFile(lua_State* L) { +static int sx_setCertificateChainFromFile(lua_State* L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); const char *filepath = luaL_checkstring(L, 2); @@ -9507,9 +9512,10 @@ static int sx_useCertificateChainFile(lua_State* L) { lua_pushboolean(L, 1); return 1; -} +} /* sx_setCertificateChainFromFile() */ #endif + #if HAVE_SSL_CTX_GET0_CHAIN_CERTS static int sx_getCertificateChain(lua_State *L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); @@ -9524,6 +9530,7 @@ static int sx_getCertificateChain(lua_State *L) { } /* sx_getCertificateChain() */ #endif + static int sx_setPrivateKey(lua_State *L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); @@ -9546,7 +9553,7 @@ static int sx_setPrivateKey(lua_State *L) { } /* sx_setPrivateKey() */ -static int sx_usePrivateKeyFile(lua_State* L) { +static int sx_setPrivateKeyFromFile(lua_State* L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); const char* filepath = luaL_checkstring(L, 2); int typ = luaL_optinteger(L, 3, SSL_FILETYPE_PEM); @@ -9557,7 +9564,8 @@ static int sx_usePrivateKeyFile(lua_State* L) { lua_pushboolean(L, 1); return 1; -} +} /* sx_setPrivateKeyFromFile() */ + static int sx_setCipherList(lua_State *L) { SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS); @@ -10333,11 +10341,11 @@ static const auxL_Reg sx_methods[] = { { "getCertificateChain", &sx_getCertificateChain }, #endif #if HAVE_USE_CERTIFICATE_CHAIN_FILE - {"setCertificateChainFromFile", &sx_useCertificateChainFile}, + { "setCertificateChainFromFile", &sx_setCertificateChainFromFile }, #endif - { "setPrivateKey", &sx_setPrivateKey }, - { "setPrivateKeyFromFile", &sx_usePrivateKeyFile}, - { "setCipherList", &sx_setCipherList }, + { "setPrivateKey", &sx_setPrivateKey }, + { "setPrivateKeyFromFile", &sx_setPrivateKeyFromFile }, + { "setCipherList", &sx_setCipherList }, #if HAVE_SSL_CTX_SET_CIPHERSUITES { "setCipherSuites", &sx_setCipherSuites }, #endif @@ -10834,6 +10842,21 @@ static int ssl_setCertificateChain(lua_State *L) { #endif +#if HAVE_SSL_USE_CHAIN_FILE +static int ssl_setCertificateChainFromFile(lua_State *L) { + SSL *ssl = checksimple(L, 1, SSL_CLASS); + const char *filepath = luaL_checkstring(L, 2); + + if (!SSL_use_certificate_chain_file(ssl, filepath)) + return auxL_error(L, auxL_EOPENSSL, "ssl:setCertificateChainFromFile"); + + lua_pushboolean(L, 1); + + return 1; +} /* ssl_setCertificateChainFromFile() */ +#endif + + #if HAVE_SSL_GET0_CHAIN_CERTS static int ssl_getCertificateChain(lua_State *L) { SSL *ssl = checksimple(L, 1, SSL_CLASS); @@ -10870,6 +10893,21 @@ static int ssl_setPrivateKey(lua_State *L) { } /* ssl_setPrivateKey() */ +static int ssl_setPrivateKeyFromFile(lua_State* L) { + SSL *ssl = checksimple(L, 1, SSL_CLASS); + const char* filepath = luaL_checkstring(L, 2); + int typ = luaL_optinteger(L, 3, SSL_FILETYPE_PEM); + + if (!SSL_use_PrivateKey_file(ssl, filepath, typ)) + return auxL_error(L, auxL_EOPENSSL, "ssl:setPrivateKeyFromFile"); + + lua_pushboolean(L, 1); + + return 1; +} /* ssl_setPrivateKeyFromFile() */ + + + static int ssl_getCertificate(lua_State *L) { SSL *ssl = checksimple(L, 1, SSL_CLASS); X509 *x509; @@ -11262,15 +11300,19 @@ static const auxL_Reg ssl_methods[] = { #if HAVE_SSL_SET1_CHAIN { "setCertificateChain", &ssl_setCertificateChain }, #endif +#if HAVE_SSL_USE_CHAIN_FILE + { "setCertificateChainFromFile", &ssl_setCertificateChainFromFile}, +#endif #if HAVE_SSL_GET0_CHAIN_CERTS { "getCertificateChain", &ssl_getCertificateChain }, #endif - { "setPrivateKey", &ssl_setPrivateKey }, - { "getCertificate", &ssl_getCertificate }, - { "getPeerCertificate", &ssl_getPeerCertificate }, - { "getPeerChain", &ssl_getPeerChain }, - { "getCipherInfo", &ssl_getCipherInfo }, - { "setCipherList", &ssl_setCipherList }, + { "setPrivateKey", &ssl_setPrivateKey }, + { "setPrivateKeyFromFile", &ssl_setPrivateKeyFromFile }, + { "getCertificate", &ssl_getCertificate }, + { "getPeerCertificate", &ssl_getPeerCertificate }, + { "getPeerChain", &ssl_getPeerChain }, + { "getCipherInfo", &ssl_getCipherInfo }, + { "setCipherList", &ssl_setCipherList }, #if HAVE_SSL_SET_CIPHERSUITES { "setCipherSuites", &ssl_setCipherSuites }, #endif