Switched to codeload to keep a sane source name.
Backported a few useful patches.
Signed-off-by: Rosen Penev <redacted>
include $(TOPDIR)/rules.mk
PKG_NAME:=luasec
-PKG_VERSION:=0.6
-PKG_RELEASE:=2
+PKG_VERSION:=0.7
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/brunoos/luasec/archive/
-PKG_HASH:=cef3a35c18beb8a54d9c8ce6260a4cabbd9a386de8711320d084daffad0aed5d
+PKG_SOURCE_URL:=https://codeload.github.com/brunoos/luasec/tar.gz/luasec-$(PKG_VERSION)?
+PKG_HASH:=2176e95b1d2a72a3235ede5d2aa9838050feee55dade8fdbde4be7fdc66f3a31
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION)
MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
+PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
--- /dev/null
+From 8212b89f1a04023b431d2fc9bc12aca02394698f Mon Sep 17 00:00:00 2001
+From: Bruno Silvestre <bruno.silvestre@gmail.com>
+Date: Fri, 29 Jun 2018 14:02:39 -0300
+Subject: [PATCH 1/3] Using 'const SSL_METHOD*'
+
+This change was introduced in OpenSSL 1.0.0.
+Start droping 0.9.8 code.
+---
+ src/context.c | 10 ++--------
+ 1 file changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/src/context.c b/src/context.c
+index a2b5ae5..b9e8cda 100644
+--- a/src/context.c
++++ b/src/context.c
+@@ -29,12 +29,6 @@
+ #include "ec.h"
+ #endif
+
+-#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
+-typedef const SSL_METHOD LSEC_SSL_METHOD;
+-#else
+-typedef SSL_METHOD LSEC_SSL_METHOD;
+-#endif
+-
+ /*--------------------------- Auxiliary Functions ----------------------------*/
+
+ /**
+@@ -68,7 +62,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
+ /**
+ * Find the protocol.
+ */
+-static LSEC_SSL_METHOD* str2method(const char *method)
++static const SSL_METHOD* str2method(const char *method)
+ {
+ if (!strcmp(method, "any")) return SSLv23_method();
+ if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
+@@ -287,7 +281,7 @@ static int create(lua_State *L)
+ {
+ p_context ctx;
+ const char *str_method;
+- LSEC_SSL_METHOD *method;
++ const SSL_METHOD *method;
+
+ str_method = luaL_checkstring(L, 1);
+ method = str2method(str_method);
+--
+2.19.1
+
+++ /dev/null
---- a/src/context.c
-+++ b/src/context.c
-@@ -24,7 +24,7 @@
- #include "context.h"
- #include "options.h"
-
--#ifndef OPENSSL_NO_ECDH
-+#ifndef OPENSSL_NO_EC
- #include <openssl/ec.h>
- #include "ec.h"
- #endif
-@@ -35,10 +35,6 @@ typedef const SSL_METHOD LSEC_SSL_METHOD
- typedef SSL_METHOD LSEC_SSL_METHOD;
- #endif
-
--#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
--#define SSLv23_method() TLS_method()
--#endif
--
- /*-- Compat - Lua 5.1 --------------------------------------------------------*/
-
- #if (LUA_VERSION_NUM == 501)
-@@ -304,7 +300,7 @@ static int verify_cb(int preverify_ok, X
- return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
- }
-
--#ifndef OPENSSL_NO_ECDH
-+#ifndef OPENSSL_NO_EC
- static EC_KEY *find_ec_key(const char *str)
- {
- p_ec ptr;
-@@ -565,7 +561,7 @@ static int set_dhparam(lua_State *L)
- /**
- * Set elliptic curve.
- */
--#ifdef OPENSSL_NO_ECDH
-+#ifdef OPENSSL_NO_EC
- static int set_curve(lua_State *L)
- {
- lua_pushboolean(L, 0);
---- a/src/ssl.c
-+++ b/src/ssl.c
-@@ -31,6 +31,13 @@
- #include "context.h"
- #include "ssl.h"
-
-+
-+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
-+#define SSL_is_server(s) (s->server)
-+#define X509_up_ref(c) CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
-+#endif
-+
-+
- /**
- * Underline socket error.
- */
-@@ -406,7 +413,9 @@ static int meth_want(lua_State *L)
- */
- static int meth_compression(lua_State *L)
- {
--#if !defined(OPENSSL_NO_COMP)
-+#ifdef OPENSSL_NO_COMP
-+ const void *comp;
-+#else
- const COMP_METHOD *comp;
- #endif
- p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-@@ -415,15 +424,11 @@ static int meth_compression(lua_State *L
- lua_pushstring(L, "closed");
- return 2;
- }
--#if !defined(OPENSSL_NO_COMP)
- comp = SSL_get_current_compression(ssl->ssl);
- if (comp)
- lua_pushstring(L, SSL_COMP_get_name(comp));
- else
- lua_pushnil(L);
--#else
-- lua_pushnil(L);
--#endif
- return 1;
- }
-
-@@ -461,7 +466,7 @@ static int meth_getpeercertificate(lua_S
- /* In a server-context, the stack doesn't contain the peer cert,
- * so adjust accordingly.
- */
-- if (ssl->ssl->server)
-+ if (SSL_is_server(ssl->ssl))
- --n;
- certs = SSL_get_peer_cert_chain(ssl->ssl);
- if (n >= sk_X509_num(certs)) {
-@@ -471,7 +476,7 @@ static int meth_getpeercertificate(lua_S
- cert = sk_X509_value(certs, n);
- /* Increment the reference counting of the object. */
- /* See SSL_get_peer_certificate() source code. */
-- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(cert);
- lsec_pushx509(L, cert);
- return 1;
- }
-@@ -493,7 +498,7 @@ static int meth_getpeerchain(lua_State *
- return 2;
- }
- lua_newtable(L);
-- if (ssl->ssl->server) {
-+ if (SSL_is_server(ssl->ssl)) {
- lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
- lua_rawseti(L, -2, idx++);
- }
-@@ -503,7 +508,7 @@ static int meth_getpeerchain(lua_State *
- cert = sk_X509_value(certs, i);
- /* Increment the reference counting of the object. */
- /* See SSL_get_peer_certificate() source code. */
-- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(cert);
- lsec_pushx509(L, cert);
- lua_rawseti(L, -2, idx++);
- }
---- a/src/x509.c
-+++ b/src/x509.c
-@@ -32,6 +32,17 @@
-
- #include "x509.h"
-
-+
-+/*
-+ * ASN1_STRING_data is deprecated in OpenSSL 1.1.0
-+ */
-+#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
-+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
-+#else
-+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
-+#endif
-+
-+
- static const char* hex_tab = "0123456789abcdef";
-
- /**
-@@ -146,7 +157,7 @@ static void push_asn1_string(lua_State*
- }
- switch (encode) {
- case LSEC_AI5_STRING:
-- lua_pushlstring(L, (char*)ASN1_STRING_data(string),
-+ lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
- ASN1_STRING_length(string));
- break;
- case LSEC_UTF8_STRING:
-@@ -182,7 +193,7 @@ static void push_asn1_ip(lua_State *L, A
- {
- int af;
- char dst[INET6_ADDRSTRLEN];
-- unsigned char *ip = ASN1_STRING_data(string);
-+ unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
- switch(ASN1_STRING_length(string)) {
- case 4:
- af = AF_INET;
-@@ -293,11 +304,11 @@ int meth_extensions(lua_State* L)
- break;
-
- /* Push ret[oid] */
-- push_asn1_objname(L, extension->object, 1);
-+ push_asn1_objname(L, X509_EXTENSION_get_object(extension), 1);
- push_subtable(L, -2);
-
- /* Set ret[oid].name = name */
-- push_asn1_objname(L, extension->object, 0);
-+ push_asn1_objname(L, X509_EXTENSION_get_object(extension), 0);
- lua_setfield(L, -2, "name");
-
- n_general_names = sk_GENERAL_NAME_num(values);
-@@ -404,7 +415,7 @@ static int meth_pubkey(lua_State* L)
- bytes = BIO_get_mem_data(bio, &data);
- if (bytes > 0) {
- lua_pushlstring(L, data, bytes);
-- switch(EVP_PKEY_type(pkey->type)) {
-+ switch(EVP_PKEY_base_id(pkey)) {
- case EVP_PKEY_RSA:
- lua_pushstring(L, "RSA");
- break;
--- /dev/null
+From 89bdc6148cd8cffb1483f4fc0aa14d636f8f5b4f Mon Sep 17 00:00:00 2001
+From: Bruno Silvestre <bruno.silvestre@gmail.com>
+Date: Fri, 29 Jun 2018 14:06:51 -0300
+Subject: [PATCH 2/3] Removing SSLv3 support
+
+---
+ src/config.c | 5 -----
+ src/context.c | 3 ---
+ 2 files changed, 8 deletions(-)
+
+diff --git a/src/config.c b/src/config.c
+index ce74997..6939fca 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -32,11 +32,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
+ lua_pushstring(L, "protocols");
+ lua_newtable(L);
+
+-#ifndef OPENSSL_NO_SSL3
+- lua_pushstring(L, "sslv3");
+- lua_pushboolean(L, 1);
+- lua_rawset(L, -3);
+-#endif
+ lua_pushstring(L, "tlsv1");
+ lua_pushboolean(L, 1);
+ lua_rawset(L, -3);
+diff --git a/src/context.c b/src/context.c
+index b9e8cda..d8fc8b6 100644
+--- a/src/context.c
++++ b/src/context.c
+@@ -66,9 +66,6 @@ static const SSL_METHOD* str2method(const char *method)
+ {
+ if (!strcmp(method, "any")) return SSLv23_method();
+ if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
+-#ifndef OPENSSL_NO_SSL3
+- if (!strcmp(method, "sslv3")) return SSLv3_method();
+-#endif
+ if (!strcmp(method, "tlsv1")) return TLSv1_method();
+ #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
+ if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
+--
+2.19.1
+
--- /dev/null
+From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001
+From: Bruno Silvestre <bruno.silvestre@gmail.com>
+Date: Mon, 2 Jul 2018 10:31:45 -0300
+Subject: [PATCH 3/3] Removing deprecated methods to select the protocol
+
+Using TLS_method(), SSL_set_min_proto_version() and
+SSL_set_max_proto_version().
+---
+ src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 44 insertions(+), 2 deletions(-)
+
+diff --git a/src/context.c b/src/context.c
+index d8fc8b6..d1377f1 100644
+--- a/src/context.c
++++ b/src/context.c
+@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
+ return 0;
+ }
+
++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
++
+ /**
+ * Find the protocol.
+ */
+-static const SSL_METHOD* str2method(const char *method)
++static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
+ {
++ if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
++ *vmin = TLS1_VERSION;
++ *vmax = TLS1_2_VERSION;
++ return TLS_method();
++ }
++ else if (!strcmp(method, "tlsv1")) {
++ *vmin = TLS1_VERSION;
++ *vmax = TLS1_VERSION;
++ return TLS_method();
++ }
++ else if (!strcmp(method, "tlsv1_1")) {
++ *vmin = TLS1_1_VERSION;
++ *vmax = TLS1_1_VERSION;
++ return TLS_method();
++ }
++ else if (!strcmp(method, "tlsv1_2")) {
++ *vmin = TLS1_2_VERSION;
++ *vmax = TLS1_2_VERSION;
++ return TLS_method();
++ }
++
++ return NULL;
++}
++
++#else
++
++/**
++ * Find the protocol.
++ */
++static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
++{
++ (void)vmin;
++ (void)vmax;
+ if (!strcmp(method, "any")) return SSLv23_method();
+ if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
+ if (!strcmp(method, "tlsv1")) return TLSv1_method();
+@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
+ return NULL;
+ }
+
++#endif
++
+ /**
+ * Prepare the SSL handshake verify flag.
+ */
+@@ -279,9 +316,10 @@ static int create(lua_State *L)
+ p_context ctx;
+ const char *str_method;
+ const SSL_METHOD *method;
++ int vmin, vmax;
+
+ str_method = luaL_checkstring(L, 1);
+- method = str2method(str_method);
++ method = str2method(str_method, &vmin, &vmax);
+ if (!method) {
+ lua_pushnil(L);
+ lua_pushfstring(L, "invalid protocol (%s)", str_method);
+@@ -301,6 +339,10 @@ static int create(lua_State *L)
+ ERR_reason_error_string(ERR_get_error()));
+ return 2;
+ }
++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
++ SSL_CTX_set_min_proto_version(ctx->context, vmin);
++ SSL_CTX_set_max_proto_version(ctx->context, vmax);
++#endif
+ ctx->mode = LSEC_MODE_INVALID;
+ ctx->L = L;
+ luaL_getmetatable(L, "SSL:Context");
+--
+2.19.1
+
--- /dev/null
+--- a/src/context.c
++++ b/src/context.c
+@@ -17,6 +17,7 @@
+ #include <openssl/err.h>
+ #include <openssl/x509.h>
+ #include <openssl/x509v3.h>
++#include <openssl/dh.h>
+
+ #include <lua.h>
+ #include <lauxlib.h>
+@@ -819,7 +820,9 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
+ luaL_newlib(L, meta_index);
+ lua_setfield(L, -2, "__index");
+
++#ifndef OPENSSL_NO_EC
+ lsec_load_curves(L);
++#endif
+
+ /* Return the module */
+ luaL_newlib(L, funcs);
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -857,6 +857,7 @@ static luaL_Reg funcs[] = {
+ */
+ LSEC_API int luaopen_ssl_core(lua_State *L)
+ {
++#if OPENSSL_VERSION_NUMBER<0x10100000L
+ /* Initialize SSL */
+ if (!SSL_library_init()) {
+ lua_pushstring(L, "unable to initialize SSL library");
+@@ -864,6 +865,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
+ }
+ OpenSSL_add_all_algorithms();
+ SSL_load_error_strings();
++#endif
+
+ #if defined(WITH_LUASOCKET)
+ /* Initialize internal library */
+--- a/src/x509.c
++++ b/src/x509.c
+@@ -42,6 +42,10 @@
+ #define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
+ #endif
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define X509_get0_notBefore X509_get_notBefore
++#define X509_get0_notAfter X509_get_notAfter
++#endif
+
+ static const char* hex_tab = "0123456789abcdef";
+
+@@ -174,7 +178,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
+ /**
+ * Return a human readable time.
+ */
+-static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
++static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
+ {
+ char *tmp;
+ long size;
+@@ -490,8 +494,8 @@ static int meth_valid_at(lua_State* L)
+ {
+ X509* cert = lsec_checkx509(L, 1);
+ time_t time = luaL_checkinteger(L, 2);
+- lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time) >= 0
+- && X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
++ lua_pushboolean(L, (X509_cmp_time(X509_get0_notAfter(cert), &time) >= 0
++ && X509_cmp_time(X509_get0_notBefore(cert), &time) <= 0));
+ return 1;
+ }
+
+@@ -519,7 +523,7 @@ static int meth_serial(lua_State *L)
+ static int meth_notbefore(lua_State *L)
+ {
+ X509* cert = lsec_checkx509(L, 1);
+- return push_asn1_time(L, X509_get_notBefore(cert));
++ return push_asn1_time(L, X509_get0_notBefore(cert));
+ }
+
+ /**
+@@ -528,7 +532,7 @@ static int meth_notbefore(lua_State *L)
+ static int meth_notafter(lua_State *L)
+ {
+ X509* cert = lsec_checkx509(L, 1);
+- return push_asn1_time(L, X509_get_notAfter(cert));
++ return push_asn1_time(L, X509_get0_notAfter(cert));
+ }
+
+ /**
--- /dev/null
+diff --git a/src/Makefile b/src/Makefile
+index 9be2f14..93d1dc4 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -33,10 +33,10 @@ LDFLAGS += $(MYLDFLAGS)
+ all:
+
+ install: $(CMOD) $(LMOD)
+- $(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
+- $(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
+- $(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
+- $(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
++ $(INSTALL) -d $(LUAPATH)/ssl $(LUACPATH)
++ $(INSTALL) $(CMOD) $(LUACPATH)
++ $(INSTALL) -m644 $(LMOD) $(LUAPATH)
++ $(INSTALL) -m644 https.lua $(LUAPATH)/ssl
+
+ linux:
+ @$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
git.99rst.org / openwrt-packages.git / commitdiff