mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity

luasec: Update to 0.7 

Switched to codeload to keep a sane source name.

Backported a few useful patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
This commit is contained in:
Rosen Penev 2018-11-20 18:55:59 -08:00
parent 9d4a067599
commit a48a5c0e26
7 changed files with 303 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lang/luasec/Makefile
View File

@ -8,18 +8,19 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luasec
PKG_VERSION:=0.6
PKG_RELEASE:=2
PKG_VERSION:=0.7
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/brunoos/luasec/archive/
PKG_HASH:=cef3a35c18beb8a54d9c8ce6260a4cabbd9a386de8711320d084daffad0aed5d
PKG_SOURCE_URL:=https://codeload.github.com/brunoos/luasec/tar.gz/luasec-$(PKG_VERSION)?
PKG_HASH:=2176e95b1d2a72a3235ede5d2aa9838050feee55dade8fdbde4be7fdc66f3a31
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION)
MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk

49
lang/luasec/patches/010-Using-const-SSL_METHOD.patch Normal file
View File

@ -0,0 +1,49 @@
From 8212b89f1a04023b431d2fc9bc12aca02394698f Mon Sep 17 00:00:00 2001
From: Bruno Silvestre <bruno.silvestre@gmail.com>
Date: Fri, 29 Jun 2018 14:02:39 -0300
Subject: [PATCH 1/3] Using 'const SSL_METHOD*'
This change was introduced in OpenSSL 1.0.0.
Start droping 0.9.8 code.
---
src/context.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/src/context.c b/src/context.c
index a2b5ae5..b9e8cda 100644
--- a/src/context.c
+++ b/src/context.c
@@ -29,12 +29,6 @@
#include "ec.h"
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
-typedef const SSL_METHOD LSEC_SSL_METHOD;
-#else
-typedef SSL_METHOD LSEC_SSL_METHOD;
-#endif
-
/*--------------------------- Auxiliary Functions ----------------------------*/
/**
@@ -68,7 +62,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
/**
* Find the protocol.
*/
-static LSEC_SSL_METHOD* str2method(const char *method)
+static const SSL_METHOD* str2method(const char *method)
{
if (!strcmp(method, "any")) return SSLv23_method();
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
@@ -287,7 +281,7 @@ static int create(lua_State *L)
{
p_context ctx;
const char *str_method;
- LSEC_SSL_METHOD *method;
+ const SSL_METHOD *method;
str_method = luaL_checkstring(L, 1);
method = str2method(str_method);
--
2.19.1

180
lang/luasec/patches/010-openssl-1.1-compatibility.patch
View File

@ -1,180 +0,0 @@
--- a/src/context.c
+++ b/src/context.c
@@ -24,7 +24,7 @@
#include "context.h"
#include "options.h"
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
#include "ec.h"
#endif
@@ -35,10 +35,6 @@ typedef const SSL_METHOD LSEC_SSL_METHOD
typedef SSL_METHOD LSEC_SSL_METHOD;
#endif
-#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-#define SSLv23_method() TLS_method()
-#endif
-
/*-- Compat - Lua 5.1 --------------------------------------------------------*/
#if (LUA_VERSION_NUM == 501)
@@ -304,7 +300,7 @@ static int verify_cb(int preverify_ok, X
return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
}
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
static EC_KEY *find_ec_key(const char *str)
{
p_ec ptr;
@@ -565,7 +561,7 @@ static int set_dhparam(lua_State *L)
/**
* Set elliptic curve.
*/
-#ifdef OPENSSL_NO_ECDH
+#ifdef OPENSSL_NO_EC
static int set_curve(lua_State *L)
{
lua_pushboolean(L, 0);
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -31,6 +31,13 @@
#include "context.h"
#include "ssl.h"
+
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
+#define SSL_is_server(s) (s->server)
+#define X509_up_ref(c) CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
+#endif
+
+
/**
* Underline socket error.
*/
@@ -406,7 +413,9 @@ static int meth_want(lua_State *L)
*/
static int meth_compression(lua_State *L)
{
-#if !defined(OPENSSL_NO_COMP)
+#ifdef OPENSSL_NO_COMP
+ const void *comp;
+#else
const COMP_METHOD *comp;
#endif
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
@@ -415,15 +424,11 @@ static int meth_compression(lua_State *L
lua_pushstring(L, "closed");
return 2;
}
-#if !defined(OPENSSL_NO_COMP)
comp = SSL_get_current_compression(ssl->ssl);
if (comp)
lua_pushstring(L, SSL_COMP_get_name(comp));
else
lua_pushnil(L);
-#else
- lua_pushnil(L);
-#endif
return 1;
}
@@ -461,7 +466,7 @@ static int meth_getpeercertificate(lua_S
/* In a server-context, the stack doesn't contain the peer cert,
* so adjust accordingly.
*/
- if (ssl->ssl->server)
+ if (SSL_is_server(ssl->ssl))
--n;
certs = SSL_get_peer_cert_chain(ssl->ssl);
if (n >= sk_X509_num(certs)) {
@@ -471,7 +476,7 @@ static int meth_getpeercertificate(lua_S
cert = sk_X509_value(certs, n);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(cert);
lsec_pushx509(L, cert);
return 1;
}
@@ -493,7 +498,7 @@ static int meth_getpeerchain(lua_State *
return 2;
}
lua_newtable(L);
- if (ssl->ssl->server) {
+ if (SSL_is_server(ssl->ssl)) {
lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
lua_rawseti(L, -2, idx++);
}
@@ -503,7 +508,7 @@ static int meth_getpeerchain(lua_State *
cert = sk_X509_value(certs, i);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(cert);
lsec_pushx509(L, cert);
lua_rawseti(L, -2, idx++);
}
--- a/src/x509.c
+++ b/src/x509.c
@@ -32,6 +32,17 @@
#include "x509.h"
+
+/*
+ * ASN1_STRING_data is deprecated in OpenSSL 1.1.0
+ */
+#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
+#else
+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
+#endif
+
+
static const char* hex_tab = "0123456789abcdef";
/**
@@ -146,7 +157,7 @@ static void push_asn1_string(lua_State*
}
switch (encode) {
case LSEC_AI5_STRING:
- lua_pushlstring(L, (char*)ASN1_STRING_data(string),
+ lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
ASN1_STRING_length(string));
break;
case LSEC_UTF8_STRING:
@@ -182,7 +193,7 @@ static void push_asn1_ip(lua_State *L, A
{
int af;
char dst[INET6_ADDRSTRLEN];
- unsigned char *ip = ASN1_STRING_data(string);
+ unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
switch(ASN1_STRING_length(string)) {
case 4:
af = AF_INET;
@@ -293,11 +304,11 @@ int meth_extensions(lua_State* L)
break;
/* Push ret[oid] */
- push_asn1_objname(L, extension->object, 1);
+ push_asn1_objname(L, X509_EXTENSION_get_object(extension), 1);
push_subtable(L, -2);
/* Set ret[oid].name = name */
- push_asn1_objname(L, extension->object, 0);
+ push_asn1_objname(L, X509_EXTENSION_get_object(extension), 0);
lua_setfield(L, -2, "name");
n_general_names = sk_GENERAL_NAME_num(values);
@@ -404,7 +415,7 @@ static int meth_pubkey(lua_State* L)
bytes = BIO_get_mem_data(bio, &data);
if (bytes > 0) {
lua_pushlstring(L, data, bytes);
- switch(EVP_PKEY_type(pkey->type)) {
+ switch(EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA:
lua_pushstring(L, "RSA");
break;

43
lang/luasec/patches/020-Removing-SSLv3-support.patch Normal file
View File

@ -0,0 +1,43 @@
From 89bdc6148cd8cffb1483f4fc0aa14d636f8f5b4f Mon Sep 17 00:00:00 2001
From: Bruno Silvestre <bruno.silvestre@gmail.com>
Date: Fri, 29 Jun 2018 14:06:51 -0300
Subject: [PATCH 2/3] Removing SSLv3 support
---
src/config.c | 5 -----
src/context.c | 3 ---
2 files changed, 8 deletions(-)
diff --git a/src/config.c b/src/config.c
index ce74997..6939fca 100644
--- a/src/config.c
+++ b/src/config.c
@@ -32,11 +32,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
lua_pushstring(L, "protocols");
lua_newtable(L);
-#ifndef OPENSSL_NO_SSL3
- lua_pushstring(L, "sslv3");
- lua_pushboolean(L, 1);
- lua_rawset(L, -3);
-#endif
lua_pushstring(L, "tlsv1");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
diff --git a/src/context.c b/src/context.c
index b9e8cda..d8fc8b6 100644
--- a/src/context.c
+++ b/src/context.c
@@ -66,9 +66,6 @@ static const SSL_METHOD* str2method(const char *method)
{
if (!strcmp(method, "any")) return SSLv23_method();
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
-#ifndef OPENSSL_NO_SSL3
- if (!strcmp(method, "sslv3")) return SSLv3_method();
-#endif
if (!strcmp(method, "tlsv1")) return TLSv1_method();
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
--
2.19.1

98
lang/luasec/patches/030-Removing-deprecated-methods-to-select-the-protocol.patch Normal file
View File

@ -0,0 +1,98 @@
From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001
From: Bruno Silvestre <bruno.silvestre@gmail.com>
Date: Mon, 2 Jul 2018 10:31:45 -0300
Subject: [PATCH 3/3] Removing deprecated methods to select the protocol
Using TLS_method(), SSL_set_min_proto_version() and
SSL_set_max_proto_version().
---
src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 44 insertions(+), 2 deletions(-)
diff --git a/src/context.c b/src/context.c
index d8fc8b6..d1377f1 100644
--- a/src/context.c
+++ b/src/context.c
@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
return 0;
}
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+
/**
* Find the protocol.
*/
-static const SSL_METHOD* str2method(const char *method)
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
{
+ if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
+ *vmin = TLS1_VERSION;
+ *vmax = TLS1_2_VERSION;
+ return TLS_method();
+ }
+ else if (!strcmp(method, "tlsv1")) {
+ *vmin = TLS1_VERSION;
+ *vmax = TLS1_VERSION;
+ return TLS_method();
+ }
+ else if (!strcmp(method, "tlsv1_1")) {
+ *vmin = TLS1_1_VERSION;
+ *vmax = TLS1_1_VERSION;
+ return TLS_method();
+ }
+ else if (!strcmp(method, "tlsv1_2")) {
+ *vmin = TLS1_2_VERSION;
+ *vmax = TLS1_2_VERSION;
+ return TLS_method();
+ }
+
+ return NULL;
+}
+
+#else
+
+/**
+ * Find the protocol.
+ */
+static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
+{
+ (void)vmin;
+ (void)vmax;
if (!strcmp(method, "any")) return SSLv23_method();
if (!strcmp(method, "sslv23")) return SSLv23_method(); // deprecated
if (!strcmp(method, "tlsv1")) return TLSv1_method();
@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
return NULL;
}
+#endif
+
/**
* Prepare the SSL handshake verify flag.
*/
@@ -279,9 +316,10 @@ static int create(lua_State *L)
p_context ctx;
const char *str_method;
const SSL_METHOD *method;
+ int vmin, vmax;
str_method = luaL_checkstring(L, 1);
- method = str2method(str_method);
+ method = str2method(str_method, &vmin, &vmax);
if (!method) {
lua_pushnil(L);
lua_pushfstring(L, "invalid protocol (%s)", str_method);
@@ -301,6 +339,10 @@ static int create(lua_State *L)
ERR_reason_error_string(ERR_get_error()));
return 2;
}
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+ SSL_CTX_set_min_proto_version(ctx->context, vmin);
+ SSL_CTX_set_max_proto_version(ctx->context, vmax);
+#endif
ctx->mode = LSEC_MODE_INVALID;
ctx->L = L;
luaL_getmetatable(L, "SSL:Context");
--
2.19.1

89
lang/luasec/patches/040-openssl-deprecated.patch Normal file
View File

@ -0,0 +1,89 @@
--- a/src/context.c
+++ b/src/context.c
@@ -17,6 +17,7 @@
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#include <openssl/dh.h>
#include <lua.h>
#include <lauxlib.h>
@@ -819,7 +820,9 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
luaL_newlib(L, meta_index);
lua_setfield(L, -2, "__index");
+#ifndef OPENSSL_NO_EC
lsec_load_curves(L);
+#endif
/* Return the module */
luaL_newlib(L, funcs);
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -857,6 +857,7 @@ static luaL_Reg funcs[] = {
*/
LSEC_API int luaopen_ssl_core(lua_State *L)
{
+#if OPENSSL_VERSION_NUMBER<0x10100000L
/* Initialize SSL */
if (!SSL_library_init()) {
lua_pushstring(L, "unable to initialize SSL library");
@@ -864,6 +865,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
}
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
+#endif
#if defined(WITH_LUASOCKET)
/* Initialize internal library */
--- a/src/x509.c
+++ b/src/x509.c
@@ -42,6 +42,10 @@
#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_get0_notBefore X509_get_notBefore
+#define X509_get0_notAfter X509_get_notAfter
+#endif
static const char* hex_tab = "0123456789abcdef";
@@ -174,7 +178,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
/**
* Return a human readable time.
*/
-static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
+static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
{
char *tmp;
long size;
@@ -490,8 +494,8 @@ static int meth_valid_at(lua_State* L)
{
X509* cert = lsec_checkx509(L, 1);
time_t time = luaL_checkinteger(L, 2);
- lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time) >= 0
- && X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
+ lua_pushboolean(L, (X509_cmp_time(X509_get0_notAfter(cert), &time) >= 0
+ && X509_cmp_time(X509_get0_notBefore(cert), &time) <= 0));
return 1;
}
@@ -519,7 +523,7 @@ static int meth_serial(lua_State *L)
static int meth_notbefore(lua_State *L)
{
X509* cert = lsec_checkx509(L, 1);
- return push_asn1_time(L, X509_get_notBefore(cert));
+ return push_asn1_time(L, X509_get0_notBefore(cert));
}
/**
@@ -528,7 +532,7 @@ static int meth_notbefore(lua_State *L)
static int meth_notafter(lua_State *L)
{
X509* cert = lsec_checkx509(L, 1);
- return push_asn1_time(L, X509_get_notAfter(cert));
+ return push_asn1_time(L, X509_get0_notAfter(cert));
}
/**

19
lang/luasec/patches/100-fix-compilation.patch Normal file
View File

@ -0,0 +1,19 @@
diff --git a/src/Makefile b/src/Makefile
index 9be2f14..93d1dc4 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -33,10 +33,10 @@ LDFLAGS += $(MYLDFLAGS)
all:
install: $(CMOD) $(LMOD)
- $(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
- $(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
- $(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
- $(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
+ $(INSTALL) -d $(LUAPATH)/ssl $(LUACPATH)
+ $(INSTALL) $(CMOD) $(LUACPATH)
+ $(INSTALL) -m644 $(LMOD) $(LUAPATH)
+ $(INSTALL) -m644 https.lua $(LUAPATH)/ssl
linux:
@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"