diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2015-05-21 13:33:49 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2015-05-21 13:33:49 +0300 |
commit | 3681f34c0d3bd9b6d30a7817989a862e29ab4fe4 (patch) | |
tree | 37c7682cc82c2aeb40dbae3f254d0443098adf34 | |
parent | 4612138ae56728c821ba01850d8e0f36aa5ce2a3 (diff) | |
download | aports-3681f34c0d3bd9b6d30a7817989a862e29ab4fe4.tar.bz2 aports-3681f34c0d3bd9b6d30a7817989a862e29ab4fe4.tar.xz |
main/lua-ossl: various extension-related improvements
6 files changed, 283 insertions, 4 deletions
diff --git a/main/lua-ossl/0001-get-digest-for-certificate-s-public-key.patch b/main/lua-ossl/0001-get-digest-for-certificate-s-public-key.patch new file mode 100644 index 0000000000..68ca2cec8b --- /dev/null +++ b/main/lua-ossl/0001-get-digest-for-certificate-s-public-key.patch @@ -0,0 +1,51 @@ +From 85d74658b5ad93a3e2788639dff5ffb210b0e04b Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Thu, 14 May 2015 11:44:14 +0300 +Subject: [PATCH 1/5] get digest for certificate's public key +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The digest may be used in key identifier extensions. See RFC 5280 +ยง4.2.1.2. +--- + src/openssl.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/openssl.c b/src/openssl.c +index aa01cbc..4f89859 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -3693,6 +3693,21 @@ static int xc_setPublicKey(lua_State *L) { + } /* xc_setPublicKey() */ + + ++static int xc_getPublicKeyDigest(lua_State *L) { ++ ASN1_BIT_STRING *pk = ((X509 *) checksimple(L, 1, X509_CERT_CLASS))->cert_info->key->public_key; ++ ++ unsigned char digest[EVP_MAX_MD_SIZE]; ++ unsigned int len; ++ ++ if (!EVP_Digest(pk->data, pk->length, digest, &len, EVP_sha1(), NULL)) ++ return auxL_error(L, auxL_EOPENSSL, "x509.cert:getPublicKeyDigest"); ++ ++ lua_pushlstring(L, (char *) digest, len); ++ ++ return 1; ++} /* xc_setPublicKeyDigest() */ ++ ++ + static const EVP_MD *xc_signature(lua_State *L, int index, EVP_PKEY *key) { + const char *id; + const EVP_MD *md; +@@ -3853,6 +3868,7 @@ static const luaL_Reg xc_methods[] = { + { "isIssuedBy", &xc_isIssuedBy }, + { "getPublicKey", &xc_getPublicKey }, + { "setPublicKey", &xc_setPublicKey }, ++ { "getPublicKeyDigest", &xc_getPublicKeyDigest }, + { "sign", &xc_sign }, + { "text", &xc_text }, + { "tostring", &xc__tostring }, +-- +2.1.0 + diff --git a/main/lua-ossl/0002-CRL-extensions.patch b/main/lua-ossl/0002-CRL-extensions.patch new file mode 100644 index 0000000000..3a8182e2d8 --- /dev/null +++ b/main/lua-ossl/0002-CRL-extensions.patch @@ -0,0 +1,43 @@ +From 4994ce80890d6a1af30bb539085bd02ff8e7e68a Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Thu, 14 May 2015 11:59:20 +0300 +Subject: [PATCH 2/5] CRL extensions + +--- + src/openssl.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/openssl.c b/src/openssl.c +index 4f89859..941da9b 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -4334,6 +4334,18 @@ error: + } /* xx_add() */ + + ++static int xx_addExtension(lua_State *L) { ++ X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); ++ X509_EXTENSION *ext = checksimple(L, 2, X509_EXT_CLASS); ++ ++ if (!X509_CRL_add_ext(crl, ext, -1)) ++ return auxL_error(L, auxL_EOPENSSL, "x509.crl:addExtension"); ++ ++ lua_pushboolean(L, 1); ++ ++ return 1; ++} /* xx_addExtension() */ ++ + static int xx_sign(lua_State *L) { + X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); + EVP_PKEY *key = checksimple(L, 2, PKEY_CLASS); +@@ -4412,6 +4424,7 @@ static const luaL_Reg xx_methods[] = { + { "getIssuer", &xx_getIssuer }, + { "setIssuer", &xx_setIssuer }, + { "add", &xx_add }, ++ { "addExtension", &xx_addExtension }, + { "sign", &xx_sign }, + { "text", &xx_text }, + { "tostring", &xx__tostring }, +-- +2.1.0 + diff --git a/main/lua-ossl/0003-get-named-extension-from-certificate.patch b/main/lua-ossl/0003-get-named-extension-from-certificate.patch new file mode 100644 index 0000000000..d1da746a2e --- /dev/null +++ b/main/lua-ossl/0003-get-named-extension-from-certificate.patch @@ -0,0 +1,62 @@ +From 1da611092ca5d925020ce4e51aa9e603646ff79f Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Thu, 14 May 2015 14:28:00 +0300 +Subject: [PATCH 3/5] get named extension from certificate + +--- + src/openssl.c | 32 ++++++++++++++++++++++++++++++++ + 1 file changed, 32 insertions(+) + +diff --git a/src/openssl.c b/src/openssl.c +index 941da9b..8564ce1 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -3632,6 +3632,37 @@ static int xc_addExtension(lua_State *L) { + } /* xc_addExtension() */ + + ++static int xc_getExtension(lua_State *L) { ++ X509 *crt = checksimple(L, 1, X509_CERT_CLASS); ++ const char *name = luaL_checkstring(L, 2); ++ ++ X509_EXTENSION *ext, **ud; ++ ASN1_OBJECT *obj = NULL; ++ ++ if (!(obj = OBJ_txt2obj(name, 0))) ++ goto error; ++ ++ int i = X509_get_ext_by_OBJ(crt, obj, -1); ++ if (i > -1) { ++ ud = prepsimple(L, X509_EXT_CLASS); ++ if (!(ext = X509_get_ext(crt, i))) ++ goto error; ++ if (!(*ud = X509_EXTENSION_dup(ext))) ++ goto error; ++ } ++ else lua_pushnil(L); ++ ++ ASN1_OBJECT_free(obj); ++ return 1; ++ ++error: ++ if (obj) ++ ASN1_OBJECT_free(obj); ++ ++ return auxL_error(L, auxL_EOPENSSL, "x509.cert:getExtension"); ++} /* xc_getExtension() */ ++ ++ + static int xc_isIssuedBy(lua_State *L) { + X509 *crt = checksimple(L, 1, X509_CERT_CLASS); + X509 *issuer = checksimple(L, 2, X509_CERT_CLASS); +@@ -3865,6 +3896,7 @@ static const luaL_Reg xc_methods[] = { + { "getBasicConstraintsCritical", &xc_getBasicConstraintsCritical }, + { "setBasicConstraintsCritical", &xc_setBasicConstraintsCritical }, + { "addExtension", &xc_addExtension }, ++ { "getExtension", &xc_getExtension }, + { "isIssuedBy", &xc_isIssuedBy }, + { "getPublicKey", &xc_getPublicKey }, + { "setPublicKey", &xc_setPublicKey }, +-- +2.1.0 + diff --git a/main/lua-ossl/0004-get-extension-data-in-DER-format.patch b/main/lua-ossl/0004-get-extension-data-in-DER-format.patch new file mode 100644 index 0000000000..0a2df91b6f --- /dev/null +++ b/main/lua-ossl/0004-get-extension-data-in-DER-format.patch @@ -0,0 +1,40 @@ +From 38d2781a958901109eef34abc5826d2d25fb42b5 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Thu, 14 May 2015 14:50:22 +0300 +Subject: [PATCH 4/5] get extension data in DER format + +--- + src/openssl.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/openssl.c b/src/openssl.c +index 8564ce1..89be6b5 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -2889,6 +2889,13 @@ static int xe_interpose(lua_State *L) { + } /* xe_interpose() */ + + ++static int xe_getData(lua_State *L) { ++ ASN1_STRING *data = X509_EXTENSION_get_data(checksimple(L, 1, X509_EXT_CLASS)); ++ lua_pushlstring(L, (char *) ASN1_STRING_data(data), ASN1_STRING_length(data)); ++ return 1; ++} /* xe_getData() */ ++ ++ + static int xe__gc(lua_State *L) { + X509_EXTENSION **ud = luaL_checkudata(L, 1, X509_EXT_CLASS); + +@@ -2902,7 +2909,8 @@ static int xe__gc(lua_State *L) { + + + static const luaL_Reg xe_methods[] = { +- { NULL, NULL }, ++ { "getData", &xe_getData }, ++ { NULL, NULL }, + }; + + static const luaL_Reg xe_metatable[] = { +-- +2.1.0 + diff --git a/main/lua-ossl/0005-initialize-extension-data-in-DER-format-without-inte.patch b/main/lua-ossl/0005-initialize-extension-data-in-DER-format-without-inte.patch new file mode 100644 index 0000000000..331720254d --- /dev/null +++ b/main/lua-ossl/0005-initialize-extension-data-in-DER-format-without-inte.patch @@ -0,0 +1,63 @@ +From 7ca611d113b05016ad91920120e537712e036983 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Thu, 14 May 2015 15:24:05 +0300 +Subject: [PATCH 5/5] initialize extension data in DER format without + intermediate hex encoding + +--- + src/openssl.c | 27 ++++++++++++++++++++++++++- + 1 file changed, 26 insertions(+), 1 deletion(-) + +diff --git a/src/openssl.c b/src/openssl.c +index 89be6b5..55f9aaa 100644 +--- a/src/openssl.c ++++ b/src/openssl.c +@@ -2841,12 +2841,31 @@ static int xe_new(lua_State *L) { + const char *name = luaL_checkstring(L, 1); + const char *value = luaL_checkstring(L, 2); + ++ ASN1_OBJECT *obj = NULL; ++ ASN1_STRING *oct = NULL; + CONF *conf = NULL; + X509V3_CTX cbuf = { 0 }, *ctx = NULL; + X509_EXTENSION *ext = NULL; + + if (!lua_isnil(L, 3)) { +- const char *cdata = luaL_checkstring(L, 3); ++ size_t len; ++ const char *cdata = luaL_checklstring(L, 3, &len); ++ int crit = !strcmp(value, "critical,DER"); ++ ++ if (crit || !strcmp(value, "DER")) { ++ if (!(obj = OBJ_txt2obj(name, 0))) ++ goto error; ++ if (!(oct = ASN1_STRING_new())) ++ goto error; ++ if (!ASN1_STRING_set(oct, cdata, len)) ++ goto error; ++ if (!(*ud = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct))) ++ goto error; ++ ASN1_OBJECT_free(obj); ++ ASN1_STRING_free(oct); ++ return 1; ++ } ++ + BIO *bio = getbio(L); + if (BIO_puts(bio, cdata) < 0) + goto error; +@@ -2877,6 +2896,12 @@ static int xe_new(lua_State *L) { + + return 1; + error: ++ if (obj) ++ ASN1_OBJECT_free(obj); ++ ++ if (oct) ++ ASN1_STRING_free(oct); ++ + if (conf) + NCONF_free(conf); + +-- +2.1.0 + diff --git a/main/lua-ossl/APKBUILD b/main/lua-ossl/APKBUILD index 359e214d87..9ffcf06e31 100644 --- a/main/lua-ossl/APKBUILD +++ b/main/lua-ossl/APKBUILD @@ -5,7 +5,7 @@ _luaversions="5.1 5.2 5.3" pkgname=lua-ossl pkgver=20150504 _ver=${pkgver%_git*} -pkgrel=0 +pkgrel=1 pkgdesc="comprehensive OpenSSL Lua module" url="http://25thandclement.com/~william/projects/luaossl.html" arch="all" @@ -23,6 +23,11 @@ done source="luaossl-$_ver.tar.gz::https://github.com/wahern/luaossl/archive/rel-$_ver.tar.gz musl-fixes.patch + 0001-get-digest-for-certificate-s-public-key.patch + 0002-CRL-extensions.patch + 0003-get-named-extension-from-certificate.patch + 0004-get-extension-data-in-DER-format.patch + 0005-initialize-extension-data-in-DER-format-without-inte.patch " _builddir="$srcdir"/luaossl-rel-$_ver @@ -71,8 +76,23 @@ for _v in $_luaversions; do done md5sums="b35a44550bc25569d7f35a49f19f320c luaossl-20150504.tar.gz -7d03f360ebc62b60279ff0f2066ed6f6 musl-fixes.patch" +7d03f360ebc62b60279ff0f2066ed6f6 musl-fixes.patch +f8453534acdc9911b2196808b7792420 0001-get-digest-for-certificate-s-public-key.patch +ce2b0d18246b9157458a1bcf52178164 0002-CRL-extensions.patch +a0c5eb94ea15db8d037f379b5f131176 0003-get-named-extension-from-certificate.patch +12e8cea5731c41fe60f174c5d8a43dba 0004-get-extension-data-in-DER-format.patch +32c5a7de631c981bbe3438b384a0814a 0005-initialize-extension-data-in-DER-format-without-inte.patch" sha256sums="1c6b7c3dd81438431fa0a6c4be18683ccfcb23c1d6c26643863fc9fcaedd982f luaossl-20150504.tar.gz -49694f9ab7f7a90074471d8e55580f13ff8fc6f7a158a5793f8d55df11147c0e musl-fixes.patch" +49694f9ab7f7a90074471d8e55580f13ff8fc6f7a158a5793f8d55df11147c0e musl-fixes.patch +0eba82d31b2a1ad436f5db7bfe09002f7faea31d2cef93fe28307fdf94ac7f08 0001-get-digest-for-certificate-s-public-key.patch +9a15289fde5efea1cadf3634fe65305e2547f2adf1dc17d6d3f8389ef9af9d47 0002-CRL-extensions.patch +88b4853f69b878f72112d003b1e40356e9cf16f73cd41706122fa3697f21a949 0003-get-named-extension-from-certificate.patch +a2f787c4722708c5e18e071cc06b0de9b9eca99a32deb65017f03444b768f972 0004-get-extension-data-in-DER-format.patch +5eec04be3bef70940a857b1e9a6edd7ae745b0b141c7b211b55a6a7db1ea6433 0005-initialize-extension-data-in-DER-format-without-inte.patch" sha512sums="97bd085059c0e4773dbf25c1f9c9c282034c900b65d59c6457c0da2b653315fd521e1f52913e580199d322d9ffb2d273badc9761c5104deed6ea5970c1cdda76 luaossl-20150504.tar.gz -370467081c87c0e4b0c96a72ff81918d3d492dfa90578b34f51004461d9a983ffd486accb44471a34d092b1a08743ad60462c6937096f80f72a39a335ccd81be musl-fixes.patch" +370467081c87c0e4b0c96a72ff81918d3d492dfa90578b34f51004461d9a983ffd486accb44471a34d092b1a08743ad60462c6937096f80f72a39a335ccd81be musl-fixes.patch +dfd0de275ac6da33c22f112b26d8e47038e9b81b66663e17f5db6cc653e7820381bdea7a49efa1a2c33e36caf702cf7dd4b3470c966cbad68a16cbe643e06aca 0001-get-digest-for-certificate-s-public-key.patch +4e30ebabea3279262d46b17f54bee6cdbb2ed2f6f8d81c5a914db9a17608b6f7eb84b08b43fde4ce8cd99fa5c1c1fdcbe60ec82957fe94ca943c26e7c10e6b41 0002-CRL-extensions.patch +1699362f3ea09824f1c431cc2b4307918cb1e2eaef7336254d89f1b8f1e4d4e7fc469581c677a6cd4852a35d996de66aa8586739e4b0a442cd2ab418e78b94ce 0003-get-named-extension-from-certificate.patch +45ce28aef661ae8ad9064cb7fe28aea80013b64d4083cc603a11eb0495a129e39fcb8b4e1b8fd1c865eedb130c04a20b0b0ffa7b64acdcfa5484fd896104ad39 0004-get-extension-data-in-DER-format.patch +04ae5b77fb8c3097515d433dfdadc7c274d400847d773e04ecaf3471f6319e9cbcdba99f5d4572ae8ef04bcd14201189b2cd18c8197e2774cdd4408e02882f10 0005-initialize-extension-data-in-DER-format-without-inte.patch" |