diff --git a/.github/lua-openssl.supp b/.github/lua-openssl.supp index 6c488c1a..cfee9ae3 100644 --- a/.github/lua-openssl.supp +++ b/.github/lua-openssl.supp @@ -190,3 +190,107 @@ fun:_dl_catch_error fun:_dlerror_run } + +{ + asn1.c ASN1_TYPE_set1 in openssl_asn1type_new + Memcheck:Leak + match-leak-kinds: indirect + fun:malloc + fun:ASN1_STRING_set + fun:ASN1_STRING_copy + fun:ASN1_STRING_dup + fun:ASN1_TYPE_set1 + obj:* +} + +{ + asn1.c ASN1_TYPE_set1 in openssl_asn1type_new + Memcheck:Leak + match-leak-kinds: definite + fun:malloc + fun:CRYPTO_zalloc + fun:ASN1_STRING_type_new + fun:ASN1_STRING_dup + fun:ASN1_TYPE_set1 + obj:* +} + +{ + dlopen_doit + Memcheck:Leak + match-leak-kinds: reachable + fun:malloc + fun:_dl_new_object + fun:_dl_map_object_from_fd + fun:_dl_map_object + fun:openaux + fun:_dl_catch_exception + fun:_dl_map_object_deps + fun:dl_open_worker + fun:_dl_catch_exception + fun:_dl_open + fun:dlopen_doit + fun:_dl_catch_exception +} + +{ + dlopen_doit + Memcheck:Leak + match-leak-kinds: reachable + fun:calloc + fun:_dl_new_object + fun:_dl_map_object_from_fd + fun:_dl_map_object + fun:openaux + fun:_dl_catch_exception + fun:_dl_map_object_deps + fun:dl_open_worker + fun:_dl_catch_exception + fun:_dl_open + fun:dlopen_doit + fun:_dl_catch_exception +} + +{ + ASN1_item_d2i + Memcheck:Leak + match-leak-kinds: indirect + fun:malloc + fun:CRYPTO_zalloc + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:BN_bin2bn +} + +{ + BIO_new_bio_pair + Memcheck:Leak + match-leak-kinds: indirect + fun:malloc + fun:CRYPTO_zalloc + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:BIO_new + fun:BIO_new_bio_pair + obj:* +} + +{ + BIO_new_bio_pair + Memcheck:Leak + match-leak-kinds: indirect + fun:malloc + obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 + fun:BIO_ctrl + fun:BIO_new_bio_pair + obj:* +} + +{ + BIO_new_bio_pair + Memcheck:Leak + match-leak-kinds: definite + fun:malloc + fun:CRYPTO_zalloc + fun:BIO_new + fun:BIO_new_bio_pair + obj:* +} diff --git a/CMakeLists.txt b/CMakeLists.txt index b35907a3..6b2e8de2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,6 +5,10 @@ set(CMAKE_MACOSX_RPATH 1) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules") option(BUILD_SHARED_LUA_OPENSSL "Shared or Static lua-openssl" ON) +option(BUILD_LINK_LUA_LIBRARIES "Link Lua libraries during build-time" OFF) +if(WIN32) + set(BUILD_LINK_LUA_LIBRARIES ON) +endif() include(GNUInstallDirs) @@ -87,14 +91,15 @@ target_link_libraries(lua-openssl PUBLIC Threads::Threads ) -if(WIN32) - target_link_libraries(lua-openssl PUBLIC - ${LUA_LIBRARIES} - ) -endif() - -if(APPLE) - target_link_options(lua-openssl PUBLIC -bundle -undefined dynamic_lookup) +if(BUILD_LINK_LUA_LIBRARIES) + target_link_libraries(lua-openssl PUBLIC ${LUA_LIBRARIES}) + if(UNIX) + target_link_options(lua-openssl PUBLIC -Wl,--no-undefined) + endif() +else() + if(APPLE) + target_link_options(lua-openssl PUBLIC -bundle -undefined dynamic_lookup) + endif() endif() target_compile_options(lua-openssl PRIVATE -DLUA_LIB) diff --git a/src/asn1.c b/src/asn1.c index bab03056..e8800776 100644 --- a/src/asn1.c +++ b/src/asn1.c @@ -146,18 +146,9 @@ static int openssl_get_object(lua_State*L) int class = 0; int ret; - if (start > l) - { - lua_pushnil(L); - openssl_pushargerror(L, 2, "out of range"); - return 2; - } - if (start>stop) - { - lua_pushnil(L); - openssl_pushargerror(L, 3, "before of start"); - return 2; - } + luaL_argcheck(L, start > 0 && start < l, 2, "start out of length of asn1 string"); + luaL_argcheck(L, stop > start, 3, "stop must be greater than start"); + luaL_argcheck(L, stop <= l, 3, "stop out of length of asn1 string"); p = (const unsigned char *)asn1s + start - 1; ret = ASN1_get_object(&p, &len, &tag, &class, stop - start + 1); diff --git a/src/cipher.c b/src/cipher.c index 3a026448..fa68bd29 100644 --- a/src/cipher.c +++ b/src/cipher.c @@ -34,20 +34,9 @@ get evp_cipher object */ static LUA_FUNCTION(openssl_cipher_get) { - if (!lua_isuserdata(L, 1)) - { - const EVP_CIPHER* cipher = get_cipher(L, 1, NULL); + const EVP_CIPHER* cipher = get_cipher(L, 1, NULL); - if (cipher) - PUSH_OBJECT((void*)cipher, "openssl.evp_cipher"); - else - lua_pushnil(L); - } - else - { - luaL_argcheck(L, auxiliar_getclassudata(L, "openssl.evp_cipher", 1), 1, "only accept openssl.evp_cipher object"); - lua_pushvalue(L, 1); - } + PUSH_OBJECT((void*)cipher, "openssl.evp_cipher"); return 1; } @@ -66,66 +55,60 @@ quick encrypt static LUA_FUNCTION(openssl_evp_encrypt) { const EVP_CIPHER* cipher = get_cipher(L, 1, NULL); - if (cipher) + size_t input_len = 0; + const char *input = luaL_checklstring(L, 2, &input_len); + size_t key_len = 0; + const char *key = luaL_optlstring(L, 3, NULL, &key_len); /* can be NULL */ + size_t iv_len = 0; + const char *iv = luaL_optlstring(L, 4, NULL, &iv_len); /* can be NULL */ + int pad = lua_isnone(L, 5) ? 1 : lua_toboolean(L, 5); + ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine"); + + EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new(); + + int output_len = 0; + int len = 0; + char *buffer = NULL; + char evp_key[EVP_MAX_KEY_LENGTH] = {0}; + char evp_iv[EVP_MAX_IV_LENGTH] = {0}; + int ret = 0; + + if (key) { - size_t input_len = 0; - const char *input = luaL_checklstring(L, 2, &input_len); - size_t key_len = 0; - const char *key = luaL_optlstring(L, 3, NULL, &key_len); /* can be NULL */ - size_t iv_len = 0; - const char *iv = luaL_optlstring(L, 4, NULL, &iv_len); /* can be NULL */ - int pad = lua_isnone(L, 5) ? 1 : lua_toboolean(L, 5); - ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine"); - - EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new(); - - int output_len = 0; - int len = 0; - char *buffer = NULL; - char evp_key[EVP_MAX_KEY_LENGTH] = {0}; - char evp_iv[EVP_MAX_IV_LENGTH] = {0}; - int ret = 0; - - if (key) - { - key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; - memcpy(evp_key, key, key_len); - } - if (iv_len > 0 && iv) - { - iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; - memcpy(evp_iv, iv, iv_len); - } + key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; + memcpy(evp_key, key, key_len); + } + if (iv_len > 0 && iv) + { + iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; + memcpy(evp_iv, iv, iv_len); + } - ret = EVP_EncryptInit_ex(c, cipher, e, - (const byte*)evp_key, - iv_len > 0 ? (const byte*)evp_iv : NULL); + ret = EVP_EncryptInit_ex(c, cipher, e, + (const byte*)evp_key, + iv_len > 0 ? (const byte*)evp_iv : NULL); + if (ret == 1) + { + ret = EVP_CIPHER_CTX_set_padding(c, pad); if (ret == 1) { - ret = EVP_CIPHER_CTX_set_padding(c, pad); - if (ret == 1) + buffer = OPENSSL_malloc(input_len + EVP_CIPHER_CTX_block_size(c)); + ret = EVP_EncryptUpdate(c, (byte*) buffer, &len, (const byte*)input, input_len); + if ( ret == 1 ) { - buffer = OPENSSL_malloc(input_len + EVP_CIPHER_CTX_block_size(c)); - ret = EVP_EncryptUpdate(c, (byte*) buffer, &len, (const byte*)input, input_len); - if ( ret == 1 ) + output_len += len; + ret = EVP_EncryptFinal_ex(c, (byte*)buffer + len, &len); + if (ret == 1) { output_len += len; - ret = EVP_EncryptFinal_ex(c, (byte*)buffer + len, &len); - if (ret == 1) - { - output_len += len; - lua_pushlstring(L, buffer, output_len); - } + lua_pushlstring(L, buffer, output_len); } - OPENSSL_free(buffer); } + OPENSSL_free(buffer); } - EVP_CIPHER_CTX_free(c); - return (ret == 1) ? ret : openssl_pushresult(L, ret); } - else - luaL_error(L, "argument #1 is not a valid cipher algorithm or openssl.evp_cipher object"); - return 0; + EVP_CIPHER_CTX_free(c); + return (ret == 1) ? ret : openssl_pushresult(L, ret); } /*** @@ -143,66 +126,60 @@ quick decrypt static LUA_FUNCTION(openssl_evp_decrypt) { const EVP_CIPHER* cipher = get_cipher(L, 1, NULL); - if (cipher) + size_t input_len = 0; + const char *input = luaL_checklstring(L, 2, &input_len); + size_t key_len = 0; + const char *key = luaL_optlstring(L, 3, NULL, &key_len); /* can be NULL */ + size_t iv_len = 0; + const char *iv = luaL_optlstring(L, 4, NULL, &iv_len); /* can be NULL */ + int pad = lua_isnone(L, 5) ? 1 : lua_toboolean(L, 5); + ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine"); + EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new(); + + int output_len = 0; + int len = 0; + char *buffer = NULL; + char evp_key[EVP_MAX_KEY_LENGTH] = {0}; + char evp_iv[EVP_MAX_IV_LENGTH] = {0}; + int ret; + if (key) { - size_t input_len = 0; - const char *input = luaL_checklstring(L, 2, &input_len); - size_t key_len = 0; - const char *key = luaL_optlstring(L, 3, NULL, &key_len); /* can be NULL */ - size_t iv_len = 0; - const char *iv = luaL_optlstring(L, 4, NULL, &iv_len); /* can be NULL */ - int pad = lua_isnone(L, 5) ? 1 : lua_toboolean(L, 5); - ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine"); - EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new(); - - int output_len = 0; - int len = 0; - char *buffer = NULL; - char evp_key[EVP_MAX_KEY_LENGTH] = {0}; - char evp_iv[EVP_MAX_IV_LENGTH] = {0}; - int ret; - if (key) - { - key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; - memcpy(evp_key, key, key_len); - } - if (iv_len > 0 && iv) - { - iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; - memcpy(evp_iv, iv, iv_len); - } + key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; + memcpy(evp_key, key, key_len); + } + if (iv_len > 0 && iv) + { + iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; + memcpy(evp_iv, iv, iv_len); + } - ret = EVP_DecryptInit_ex(c, cipher, e, - key ? (const byte*)evp_key : NULL, - iv_len > 0 ? (const byte*)evp_iv : NULL); + ret = EVP_DecryptInit_ex(c, cipher, e, + key ? (const byte*)evp_key : NULL, + iv_len > 0 ? (const byte*)evp_iv : NULL); + if (ret == 1) + { + ret = EVP_CIPHER_CTX_set_padding(c, pad); if (ret == 1) { - ret = EVP_CIPHER_CTX_set_padding(c, pad); + buffer = OPENSSL_malloc(input_len); + + ret = EVP_DecryptUpdate(c, (byte*)buffer, &len, (const byte*)input, input_len); if (ret == 1) { - buffer = OPENSSL_malloc(input_len); - - ret = EVP_DecryptUpdate(c, (byte*)buffer, &len, (const byte*)input, input_len); + output_len += len; + len = input_len - len; + ret = EVP_DecryptFinal_ex(c, (byte*)buffer + output_len, &len); if (ret == 1) { output_len += len; - len = input_len - len; - ret = EVP_DecryptFinal_ex(c, (byte*)buffer + output_len, &len); - if (ret == 1) - { - output_len += len; - lua_pushlstring(L, buffer, output_len); - } + lua_pushlstring(L, buffer, output_len); } - OPENSSL_free(buffer); } + OPENSSL_free(buffer); } - EVP_CIPHER_CTX_free(c); - return (ret == 1) ? ret : openssl_pushresult(L, ret); } - else - luaL_argerror(L, 1, "invalid cipher algorithm or openssl.evp_cipher object"); - return 0; + EVP_CIPHER_CTX_free(c); + return (ret == 1) ? ret : openssl_pushresult(L, ret); } /*** @@ -221,75 +198,67 @@ quick encrypt or decrypt static LUA_FUNCTION(openssl_evp_cipher) { const EVP_CIPHER* cipher = get_cipher(L, 1, NULL); + int enc = lua_toboolean(L, 2); + size_t input_len = 0; + const char *input = luaL_checklstring(L, 3, &input_len); + size_t key_len = 0; + const char *key = luaL_checklstring(L, 4, &key_len); + size_t iv_len = 0; + const char *iv = luaL_optlstring(L, 5, NULL, &iv_len); /* can be NULL */ - if (cipher) - { - int enc = lua_toboolean(L, 2); - size_t input_len = 0; - const char *input = luaL_checklstring(L, 3, &input_len); - size_t key_len = 0; - const char *key = luaL_checklstring(L, 4, &key_len); - size_t iv_len = 0; - const char *iv = luaL_optlstring(L, 5, NULL, &iv_len); /* can be NULL */ - - int pad = lua_isnone(L, 6) ? 1 : lua_toboolean(L, 6); - ENGINE *e = lua_isnoneornil(L, 7) ? NULL : CHECK_OBJECT(7, ENGINE, "openssl.engine"); + int pad = lua_isnone(L, 6) ? 1 : lua_toboolean(L, 6); + ENGINE *e = lua_isnoneornil(L, 7) ? NULL : CHECK_OBJECT(7, ENGINE, "openssl.engine"); - EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *c = EVP_CIPHER_CTX_new(); - int output_len = 0; - int len = 0; + int output_len = 0; + int len = 0; - char evp_key[EVP_MAX_KEY_LENGTH] = {0}; - char evp_iv[EVP_MAX_IV_LENGTH] = {0}; + char evp_key[EVP_MAX_KEY_LENGTH] = {0}; + char evp_iv[EVP_MAX_IV_LENGTH] = {0}; - int ret; + int ret; - if (key) - { - key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; - memcpy(evp_key, key, key_len); - } - if (iv_len > 0 && iv) - { - iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; - memcpy(evp_iv, iv, iv_len); - } + if (key) + { + key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; + memcpy(evp_key, key, key_len); + } + if (iv_len > 0 && iv) + { + iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; + memcpy(evp_iv, iv, iv_len); + } - ret = EVP_CipherInit_ex(c, cipher, e, - (const byte*)evp_key, - iv_len > 0 ? (const byte*)evp_iv : NULL, - enc); + ret = EVP_CipherInit_ex(c, cipher, e, + (const byte*)evp_key, + iv_len > 0 ? (const byte*)evp_iv : NULL, + enc); + if (ret == 1) + { + ret = EVP_CIPHER_CTX_set_padding(c, pad); if (ret == 1) { - ret = EVP_CIPHER_CTX_set_padding(c, pad); + char *buffer; + len = input_len + EVP_MAX_BLOCK_LENGTH; + buffer = OPENSSL_malloc(len); + ret = EVP_CipherUpdate(c, (byte*)buffer, &len, (const byte*)input, input_len); if (ret == 1) { - char *buffer; - len = input_len + EVP_MAX_BLOCK_LENGTH; - buffer = OPENSSL_malloc(len); - ret = EVP_CipherUpdate(c, (byte*)buffer, &len, (const byte*)input, input_len); + output_len += len; + len = input_len + EVP_MAX_BLOCK_LENGTH - len; + ret = EVP_CipherFinal_ex(c, (byte*)buffer + output_len, &len); if (ret == 1) { output_len += len; - len = input_len + EVP_MAX_BLOCK_LENGTH - len; - ret = EVP_CipherFinal_ex(c, (byte*)buffer + output_len, &len); - if (ret == 1) - { - output_len += len; - lua_pushlstring(L, buffer, output_len); - } + lua_pushlstring(L, buffer, output_len); } - OPENSSL_free(buffer); } + OPENSSL_free(buffer); } - EVP_CIPHER_CTX_free(c); - return (ret == 1) ? ret : openssl_pushresult(L, ret); } - else - luaL_argerror(L, 1, "invvalid cipher algorithm or openssl.evp_cipher object"); - - return 0; + EVP_CIPHER_CTX_free(c); + return (ret == 1) ? ret : openssl_pushresult(L, ret); } typedef enum @@ -317,44 +286,39 @@ get evp_cipher_ctx object for encrypt or decrypt static LUA_FUNCTION(openssl_cipher_new) { const EVP_CIPHER* cipher = get_cipher(L, 1, NULL); - if (cipher) + int enc = lua_toboolean(L, 2); + size_t key_len = 0; + const char *key = luaL_optlstring(L, 3, NULL, &key_len); + size_t iv_len = 0; + const char *iv = luaL_optlstring(L, 4, NULL, &iv_len); + int pad = lua_isnone(L, 5) ? 1 : lua_toboolean(L, 5); + ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine"); + EVP_CIPHER_CTX *c = NULL; + + char evp_key[EVP_MAX_KEY_LENGTH] = {0}; + char evp_iv[EVP_MAX_IV_LENGTH] = {0}; + if (key) { - int enc = lua_toboolean(L, 2); - size_t key_len = 0; - const char *key = luaL_optlstring(L, 3, NULL, &key_len); - size_t iv_len = 0; - const char *iv = luaL_optlstring(L, 4, NULL, &iv_len); - int pad = lua_isnone(L, 5) ? 1 : lua_toboolean(L, 5); - ENGINE *e = lua_isnoneornil(L, 6) ? NULL : CHECK_OBJECT(6, ENGINE, "openssl.engine"); - EVP_CIPHER_CTX *c = NULL; - - char evp_key[EVP_MAX_KEY_LENGTH] = {0}; - char evp_iv[EVP_MAX_IV_LENGTH] = {0}; - if (key) - { - key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; - memcpy(evp_key, key, key_len); - } - if (iv_len > 0 && iv) - { - iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; - memcpy(evp_iv, iv, iv_len); - } - c = EVP_CIPHER_CTX_new(); - if (!EVP_CipherInit_ex(c, cipher, e, - key ? (const byte*)evp_key : NULL, - iv_len > 0 ? (const byte*)evp_iv : NULL, - enc)) - { - luaL_error(L, "EVP_CipherInit_ex failed, please check openssl error"); - } - EVP_CIPHER_CTX_set_padding(c, pad); - PUSH_OBJECT(c, "openssl.evp_cipher_ctx"); - lua_pushinteger(L, DO_CIPHER); - lua_rawsetp(L, LUA_REGISTRYINDEX, c); + key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; + memcpy(evp_key, key, key_len); } - else - luaL_error(L, "argument #1 is not a valid cipher algorithm or openssl.evp_cipher object"); + if (iv_len > 0 && iv) + { + iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; + memcpy(evp_iv, iv, iv_len); + } + c = EVP_CIPHER_CTX_new(); + if (!EVP_CipherInit_ex(c, cipher, e, + key ? (const byte*)evp_key : NULL, + iv_len > 0 ? (const byte*)evp_iv : NULL, + enc)) + { + luaL_error(L, "EVP_CipherInit_ex failed, please check openssl error"); + } + EVP_CIPHER_CTX_set_padding(c, pad); + PUSH_OBJECT(c, "openssl.evp_cipher_ctx"); + lua_pushinteger(L, DO_CIPHER); + lua_rawsetp(L, LUA_REGISTRYINDEX, c); return 1; } @@ -375,46 +339,39 @@ get evp_cipher_ctx object for encrypt static LUA_FUNCTION(openssl_cipher_encrypt_new) { const EVP_CIPHER* cipher = get_cipher(L, 1, NULL); - if (cipher) + int ret; + size_t key_len = 0; + const char *key = luaL_optlstring(L, 2, NULL, &key_len); /* can be NULL */ + size_t iv_len = 0; + const char *iv = luaL_optlstring(L, 3, NULL, &iv_len); /* can be NULL */ + ENGINE *e = lua_isnoneornil(L, 4) ? NULL : CHECK_OBJECT(4, ENGINE, "openssl.engine"); + EVP_CIPHER_CTX *c = NULL; + + char evp_key[EVP_MAX_KEY_LENGTH] = {0}; + char evp_iv[EVP_MAX_IV_LENGTH] = {0}; + if (key) { - int ret; - size_t key_len = 0; - const char *key = luaL_optlstring(L, 2, NULL, &key_len); /* can be NULL */ - size_t iv_len = 0; - const char *iv = luaL_optlstring(L, 3, NULL, &iv_len); /* can be NULL */ - ENGINE *e = lua_isnoneornil(L, 4) ? NULL : CHECK_OBJECT(4, ENGINE, "openssl.engine"); - EVP_CIPHER_CTX *c = NULL; - - char evp_key[EVP_MAX_KEY_LENGTH] = {0}; - char evp_iv[EVP_MAX_IV_LENGTH] = {0}; - if (key) - { - key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; - memcpy(evp_key, key, key_len); - } - if (iv_len > 0 && iv) - { - iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; - memcpy(evp_iv, iv, iv_len); - } - c = EVP_CIPHER_CTX_new(); - ret = EVP_EncryptInit_ex(c, cipher, e, - key ? (const byte*)evp_key : NULL, - iv_len > 0 ? (const byte*)evp_iv : NULL); - if (ret==1) - { - PUSH_OBJECT(c, "openssl.evp_cipher_ctx"); - lua_pushinteger(L, DO_ENCRYPT); - lua_rawsetp(L, LUA_REGISTRYINDEX, c); - return 1; - } - EVP_CIPHER_CTX_free(c); - return openssl_pushresult(L, ret); + key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; + memcpy(evp_key, key, key_len); } - else - luaL_error(L, "argument #1 is not a valid cipher algorithm or openssl.evp_cipher object"); - - return 0; + if (iv_len > 0 && iv) + { + iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; + memcpy(evp_iv, iv, iv_len); + } + c = EVP_CIPHER_CTX_new(); + ret = EVP_EncryptInit_ex(c, cipher, e, + key ? (const byte*)evp_key : NULL, + iv_len > 0 ? (const byte*)evp_iv : NULL); + if (ret==1) + { + PUSH_OBJECT(c, "openssl.evp_cipher_ctx"); + lua_pushinteger(L, DO_ENCRYPT); + lua_rawsetp(L, LUA_REGISTRYINDEX, c); + return 1; + } + EVP_CIPHER_CTX_free(c); + return openssl_pushresult(L, ret); } /*** @@ -433,47 +390,40 @@ get evp_cipher_ctx object for decrypt static LUA_FUNCTION(openssl_cipher_decrypt_new) { const EVP_CIPHER* cipher = get_cipher(L, 1, NULL); - if (cipher) + size_t key_len = 0; + const char *key = luaL_optlstring(L, 2, NULL, &key_len); /* can be NULL */ + size_t iv_len = 0; + const char *iv = luaL_optlstring(L, 3, NULL, &iv_len); /* can be NULL */ + ENGINE *e = lua_isnoneornil(L, 4) ? NULL : CHECK_OBJECT(4, ENGINE, "openssl.engine"); + EVP_CIPHER_CTX *c = NULL; + + char evp_key[EVP_MAX_KEY_LENGTH] = {0}; + char evp_iv[EVP_MAX_IV_LENGTH] = {0}; + int ret; + + if (key) { - size_t key_len = 0; - const char *key = luaL_optlstring(L, 2, NULL, &key_len); /* can be NULL */ - size_t iv_len = 0; - const char *iv = luaL_optlstring(L, 3, NULL, &iv_len); /* can be NULL */ - ENGINE *e = lua_isnoneornil(L, 4) ? NULL : CHECK_OBJECT(4, ENGINE, "openssl.engine"); - EVP_CIPHER_CTX *c = NULL; - - char evp_key[EVP_MAX_KEY_LENGTH] = {0}; - char evp_iv[EVP_MAX_IV_LENGTH] = {0}; - int ret; - - if (key) - { - key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; - memcpy(evp_key, key, key_len); - } - if (iv_len > 0 && iv) - { - iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; - memcpy(evp_iv, iv, iv_len); - } - c = EVP_CIPHER_CTX_new(); - ret = EVP_DecryptInit_ex(c, cipher, e, - key ? (const byte*)evp_key : NULL, - iv_len > 0 ? (const byte*)evp_iv : NULL); - if (ret == 1) - { - PUSH_OBJECT(c, "openssl.evp_cipher_ctx"); - lua_pushinteger(L, DO_DECRYPT); - lua_rawsetp(L, LUA_REGISTRYINDEX, c); - return 1; - } - EVP_CIPHER_CTX_free(c); - return openssl_pushresult(L, ret); + key_len = EVP_MAX_KEY_LENGTH > key_len ? key_len : EVP_MAX_KEY_LENGTH; + memcpy(evp_key, key, key_len); } - else - luaL_argerror(L, 1, "invalid cipher algorithm or openssl.evp_cipher object"); - - return 0; + if (iv_len > 0 && iv) + { + iv_len = EVP_MAX_IV_LENGTH > iv_len ? iv_len : EVP_MAX_IV_LENGTH; + memcpy(evp_iv, iv, iv_len); + } + c = EVP_CIPHER_CTX_new(); + ret = EVP_DecryptInit_ex(c, cipher, e, + key ? (const byte*)evp_key : NULL, + iv_len > 0 ? (const byte*)evp_iv : NULL); + if (ret == 1) + { + PUSH_OBJECT(c, "openssl.evp_cipher_ctx"); + lua_pushinteger(L, DO_DECRYPT); + lua_rawsetp(L, LUA_REGISTRYINDEX, c); + return 1; + } + EVP_CIPHER_CTX_free(c); + return openssl_pushresult(L, ret); } /*** diff --git a/src/misc.c b/src/misc.c index f98d8d18..ae62c55e 100644 --- a/src/misc.c +++ b/src/misc.c @@ -307,41 +307,3 @@ int bin2hex(const unsigned char * src, char *dst, int len) return i * 2; } -int openssl_pusherror (lua_State *L, const char *fmt, ...) -{ - va_list argp; - va_start(argp, fmt); - luaL_where(L, 1); - lua_pushvfstring(L, fmt, argp); - va_end(argp); - lua_concat(L, 2); - return 1; -} - -int openssl_pushargerror (lua_State *L, int arg, const char *extramsg) -{ - lua_Debug ar; - const char* name; - - if (lua_getstack(L, 0, &ar)) /* have stack frame? */ - { - lua_getinfo(L, "n", &ar); - if (strcmp(ar.namewhat, "method") == 0) - { - arg--; - /* do not count 'self' */ - if (arg == 0) /* error is in the self argument itself? */ - return openssl_pusherror(L, "calling '%s' on bad self (%s)", - ar.name, extramsg); - } - if (ar.name == NULL) -#if defined(COMPAT53_C_) || LUA_VERSION_NUM != 502 - name = "?"; -#else - name = (compat53_pushglobalfuncname(L, &ar)) ? lua_tostring(L, -1) : "?"; -#endif - } - - return openssl_pusherror(L, "bad argument #%d to '%s' (%s)", - arg, name, extramsg); -} diff --git a/src/private.h b/src/private.h index 1c62bf6f..1ca5d561 100644 --- a/src/private.h +++ b/src/private.h @@ -300,9 +300,6 @@ int openssl_sk_x509_attribute_totable(lua_State *L, const STACK_OF(X509_ATTRIBUT X509_ATTRIBUTE* openssl_new_xattribute(lua_State*L, X509_ATTRIBUTE** a, int idx); -int openssl_pusherror (lua_State *L, const char *fmt, ...); -int openssl_pushargerror (lua_State *L, int arg, const char *extramsg); - #ifdef HAVE_USER_CUSTOME #include HAVE_USER_CUSTOME #endif diff --git a/test/1.asn1.lua b/test/1.asn1.lua index 07d196a9..edc75e6e 100644 --- a/test/1.asn1.lua +++ b/test/1.asn1.lua @@ -1,6 +1,5 @@ local openssl = require 'openssl' local lu = require 'luaunit' -local helper = require'helper' local asn1 = openssl.asn1 local first = true @@ -301,3 +300,26 @@ function TestType:testBasic() assert(o:info()) assert(o:asn1string()) end + +function TestType:testAll() + -- FIXME: need more code + local skip = { + [asn1.OBJECT] = true, + [asn1.SEQUENCE] = true, + [asn1.SET] = true, + [asn1.BMPSTRING] = true, + [asn1.UNIVERSALSTRING] = true + } + for i = asn1.BOOLEAN, asn1.BMPSTRING do + if not skip[i] then + + local s = assert(asn1.new_string("octet", i)) + local o = assert(asn1.new_type(s)) + local d = assert(assert(o:i2d())) + assert(asn1.d2i_asn1type(d) == o) + + assert(o:info()) + end + end + +end diff --git a/test/2.asn1.lua b/test/2.asn1.lua index d9c452cb..d257bf33 100644 --- a/test/2.asn1.lua +++ b/test/2.asn1.lua @@ -26,9 +26,12 @@ local function asn1parse(s, off, last, indent) if first then print(string.format('%sTAG=%s CLS=%s START=%s STOP=%s, %s', - string.rep(tab, indent), asn1.tostring(tag, 'tag'), - asn1.tostring(cls, 'class'), start, stop, + string.rep(tab, indent), + asn1.tostring(tag, 'tag'), + asn1.tostring(cls, 'class'), + start, stop, cons and "CONS" or "PRIM")) + assert(asn1.tostring(tag, 'tag') == asn1.tostring(tag)) end if cons then table.insert(d, asn1.put_object(tag, cls, stop - start + 1, true)) @@ -48,11 +51,17 @@ end TestAsn1_2 = {} function TestAsn1_2.testParse() - d = {} + assert(#ss > 0) -- fire error - asn1parse(ss, 8, 8) - asn1parse(ss, #ss+1) - asn1parse(ss, #ss+1, #ss-1) + lu.assertErrorMsgEquals( + "2.asn1.lua:24: bad argument #2 to 'get_object' (start out of length of asn1 string)", + asn1parse, ss, 0) + lu.assertErrorMsgEquals( + "2.asn1.lua:24: bad argument #2 to 'get_object' (start out of length of asn1 string)", + asn1parse, ss, #ss) + lu.assertErrorMsgEquals( + "2.asn1.lua:24: bad argument #3 to 'get_object' (stop out of length of asn1 string)", + asn1parse, ss, 1, #ss+1) d = {} asn1parse(ss) diff --git a/test/8.ssl.lua b/test/8.ssl.lua index eddbe1ef..94d35506 100644 --- a/test/8.ssl.lua +++ b/test/8.ssl.lua @@ -587,4 +587,28 @@ function TestSSL:testSNI() sess = ssl.session_new() sess:id(id) + + bs, bc = bio.pair() + srv = assert(srv_ctx:ssl(bs)) + srv:set_accept_state() + cli = assert(cli_ctx:ssl(bc)) + cli:use(cert, pkey) + cli:set_connect_state() + cli:set('hostname', 'serverB') + repeat + cs, ec = cli:handshake() + rs, es = srv:handshake() + srv:want() + until (rs and cs) or (rs == nil or cs == nil) + + -- FIXME: bio ssl filter + local sbio = bio.filter('ssl', cli, 0) + + cli:clear() + cli:shutdown() + + sbio:close() + bs:close() + bc:close() + end