main/lua-ossl: support encrypted keys

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2018-07-28 22:32:18 +0300
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2018-11-06 22:25:13 +0200
commit: 7c329eb9d72c3b73f172d6d7fe4df2c7df3cc7a9 (patch)
tree: dc8f16560f3a0ebada5ba58be07bf58cdf8a8f79
parent: 2fabafb2b32d929a4de15f8ae3e7a8379120e495 (diff)
6 files changed, 319 insertions, 3 deletions
diff --git a/main/lua-ossl/0001-pkey-getPrivateKey-method.patch b/main/lua-ossl/0001-pkey-getPrivateKey-method.patch
new file mode 100644
index 00000000000..d5a6496c43f
--- /dev/null
+++ b/main/lua-ossl/0001-pkey-getPrivateKey-method.patch
@@ -0,0 +1,45 @@
+From 3f9c54caeb4b70c4e3a1776951b13daec3accf07 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Mon, 30 Apr 2018 13:19:28 +0300
+Subject: [PATCH 1/5] pkey: getPrivateKey method
+
+---
+ src/openssl.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/openssl.c b/src/openssl.c
+index 5d757a2..0df6b61 100644
+--- a/src/openssl.c
++++ b/src/openssl.c
+@@ -4103,6 +4103,20 @@ static int pk_toPEM(lua_State *L) {
+ } /* pk_toPEM() */
+ 
+ 
++static int pk_getPrivateKey(lua_State *L) {
++	BIO *bio = getbio(L);
++	char *str;
++	long len;
++
++	if (!PEM_write_bio_PrivateKey(bio, checksimple(L, 1, PKEY_CLASS), 0, 0, 0, 0, 0))
++		return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey");
++	len = BIO_get_mem_data(bio, &str);
++	lua_pushlstring(L, str, len);
++
++	return 1;
++} /* pk_getPrivateKey() */
++
++
+ static int pk_getDefaultDigestName(lua_State *L) {
+ 	EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
+ 	int nid;
+@@ -4680,6 +4694,7 @@ static const auxL_Reg pk_methods[] = {
+ 	{ "toPEM",         &pk_toPEM },
+ 	{ "tostring",      &pk__tostring },
+ 	{ "verify",        &pk_verify },
++	{ "getPrivateKey", &pk_getPrivateKey },
+ 	{ NULL,            NULL },
+ };
+ 
+-- 
+2.18.0
+
diff --git a/main/lua-ossl/0002-pkey.getPrivateKey-encryption.patch b/main/lua-ossl/0002-pkey.getPrivateKey-encryption.patch
new file mode 100644
index 00000000000..218133d2dd9
--- /dev/null
+++ b/main/lua-ossl/0002-pkey.getPrivateKey-encryption.patch
@@ -0,0 +1,50 @@
+From d829a3a94494b06af8d52d9181cdd00c26b81084 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Mon, 30 Apr 2018 13:26:16 +0300
+Subject: [PATCH 2/5] pkey.getPrivateKey: encryption
+
+---
+ src/openssl.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/src/openssl.c b/src/openssl.c
+index 0df6b61..a32dd1a 100644
+--- a/src/openssl.c
++++ b/src/openssl.c
+@@ -31,7 +31,7 @@
+ 
+ #include <limits.h>       /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */
+ #include <stdint.h>       /* uintptr_t */
+-#include <string.h>       /* memset(3) strerror_r(3) */
++#include <string.h>       /* memset(3) strerror_r(3) strlen(3) */
+ #include <math.h>         /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */
+ #include <time.h>         /* struct tm time_t strptime(3) time(2) */
+ #include <ctype.h>        /* isdigit(3), isxdigit(3), tolower(3) */
+@@ -4104,11 +4104,23 @@ static int pk_toPEM(lua_State *L) {
+ 
+ 
+ static int pk_getPrivateKey(lua_State *L) {
++	EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
++	const char *cname = luaL_optstring(L, 2, NULL);
++	const char *pass = NULL;
++	EVP_CIPHER *cipher = NULL;
++
++	if (cname) {
++		pass = luaL_checkstring(L, 3);
++		cipher = EVP_get_cipherbyname(cname);
++		if (!cipher)
++			return luaL_error(L, "pkey:getPrivateKey: unknown cipher: %s", cname);
++	}
++
+ 	BIO *bio = getbio(L);
+ 	char *str;
+ 	long len;
+ 
+-	if (!PEM_write_bio_PrivateKey(bio, checksimple(L, 1, PKEY_CLASS), 0, 0, 0, 0, 0))
++	if (!PEM_write_bio_PrivateKey(bio, key, cipher, pass, pass ? strlen(pass) : 0, 0, 0))
+ 		return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey");
+ 	len = BIO_get_mem_data(bio, &str);
+ 	lua_pushlstring(L, str, len);
+-- 
+2.18.0
+
diff --git a/main/lua-ossl/0003-pkey.new-decryption.patch b/main/lua-ossl/0003-pkey.new-decryption.patch
new file mode 100644
index 00000000000..aaf9a8d2566
--- /dev/null
+++ b/main/lua-ossl/0003-pkey.new-decryption.patch
@@ -0,0 +1,82 @@
+From a97094ecf78bdc8ae2cadeaa877b23689e873342 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Mon, 30 Apr 2018 13:49:57 +0300
+Subject: [PATCH 3/5] pkey.new: decryption
+
+---
+ src/openssl.c | 22 ++++++++++++++++------
+ 1 file changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/src/openssl.c b/src/openssl.c
+index a32dd1a..2e6d802 100644
+--- a/src/openssl.c
++++ b/src/openssl.c
+@@ -31,7 +31,7 @@
+ 
+ #include <limits.h>       /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */
+ #include <stdint.h>       /* uintptr_t */
+-#include <string.h>       /* memset(3) strerror_r(3) strlen(3) */
++#include <string.h>       /* memset(3) strerror_r(3) strlen(3) strncpy(3) */
+ #include <math.h>         /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */
+ #include <time.h>         /* struct tm time_t strptime(3) time(2) */
+ #include <ctype.h>        /* isdigit(3), isxdigit(3), tolower(3) */
+@@ -3427,11 +3427,20 @@ static BIO *getbio(lua_State *L) {
+ } /* getbio() */
+ 
+ 
++static int pem_pw_cb(char *buf, int size, int rwflag, void *u) {
++	if (!u)
++		return 0;
++	char *pass = (char *) u;
++	strncpy(buf, pass, size);
++	return MIN(strlen(pass), (unsigned int) size);
++} /* pem_pw_cb() */
++
++
+ static int pk_new(lua_State *L) {
+ 	EVP_PKEY **ud;
+ 
+-	/* #1 table or key; if key, #2 format and #3 type */
+-	lua_settop(L, 3);
++	/* #1 table or key; if key, #2 format, #3 type and #4 password */
++	lua_settop(L, 4);
+ 
+ 	if (lua_istable(L, 1) || lua_isnil(L, 1)) {
+ 		int type = EVP_PKEY_RSA;
+@@ -3637,7 +3646,7 @@ static int pk_new(lua_State *L) {
+ 	} else if (lua_isstring(L, 1)) {
+ 		int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER);
+ 		int pubonly = 0, prvtonly = 0;
+-		const char *opt, *data;
++		const char *opt, *data, *pass;
+ 		size_t len;
+ 		BIO *bio;
+ 		EVP_PKEY *pub = NULL, *prvt = NULL;
+@@ -3655,6 +3664,7 @@ static int pk_new(lua_State *L) {
+ 		}
+ 
+ 		data = luaL_checklstring(L, 1, &len);
++		pass = luaL_optstring(L, 4, NULL);
+ 
+ 		ud = prepsimple(L, PKEY_CLASS);
+ 
+@@ -3670,14 +3680,14 @@ static int pk_new(lua_State *L) {
+ 				 */
+ 				BIO_reset(bio);
+ 
+-				if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, 0, "")))
++				if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass)))
+ 					goterr = 1;
+ 			}
+ 
+ 			if (!pubonly && !prvt) {
+ 				BIO_reset(bio);
+ 
+-				if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, 0, "")))
++				if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass)))
+ 					goterr = 1;
+ 			}
+ 		}
+-- 
+2.18.0
+
diff --git a/main/lua-ossl/0004-pkey.getPrivateKey-use-password-callback.patch b/main/lua-ossl/0004-pkey.getPrivateKey-use-password-callback.patch
new file mode 100644
index 00000000000..b9317c59a38
--- /dev/null
+++ b/main/lua-ossl/0004-pkey.getPrivateKey-use-password-callback.patch
@@ -0,0 +1,25 @@
+From a1bbc97c659e72f110f68d37c2b09ef1cf32b46a Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Thu, 3 May 2018 21:21:16 +0300
+Subject: [PATCH 4/5] pkey.getPrivateKey: use password callback
+
+---
+ src/openssl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/openssl.c b/src/openssl.c
+index 2e6d802..be585fe 100644
+--- a/src/openssl.c
++++ b/src/openssl.c
+@@ -4130,7 +4130,7 @@ static int pk_getPrivateKey(lua_State *L) {
+ 	char *str;
+ 	long len;
+ 
+-	if (!PEM_write_bio_PrivateKey(bio, key, cipher, pass, pass ? strlen(pass) : 0, 0, 0))
++	if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass))
+ 		return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey");
+ 	len = BIO_get_mem_data(bio, &str);
+ 	lua_pushlstring(L, str, len);
+-- 
+2.18.0
+
diff --git a/main/lua-ossl/0005-pkey-PEM-password-callback.patch b/main/lua-ossl/0005-pkey-PEM-password-callback.patch
new file mode 100644
index 00000000000..d3f77cf0292
--- /dev/null
+++ b/main/lua-ossl/0005-pkey-PEM-password-callback.patch
@@ -0,0 +1,103 @@
+From b8c6bb03d9638e429e7b0051d9eb0f46e72cb6bd Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Thu, 3 May 2018 21:37:30 +0300
+Subject: [PATCH 5/5] pkey: PEM password callback
+
+---
+ src/openssl.c | 26 +++++++++++++++++---------
+ 1 file changed, 17 insertions(+), 9 deletions(-)
+
+diff --git a/src/openssl.c b/src/openssl.c
+index be585fe..bd9d4ea 100644
+--- a/src/openssl.c
++++ b/src/openssl.c
+@@ -3428,9 +3428,15 @@ static BIO *getbio(lua_State *L) {
+ 
+ 
+ static int pem_pw_cb(char *buf, int size, int rwflag, void *u) {
+-	if (!u)
++	lua_State *L = (lua_State *) u;
++
++	if (lua_isnil(L, -1) || (lua_isfunction(L, -1) && lua_pcall(L, 0, 1, 0)))
++		return 0;
++
++	const char *pass = lua_tostring(L, -1);
++	if (!pass)
+ 		return 0;
+-	char *pass = (char *) u;
++
+ 	strncpy(buf, pass, size);
+ 	return MIN(strlen(pass), (unsigned int) size);
+ } /* pem_pw_cb() */
+@@ -3646,7 +3652,7 @@ static int pk_new(lua_State *L) {
+ 	} else if (lua_isstring(L, 1)) {
+ 		int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER);
+ 		int pubonly = 0, prvtonly = 0;
+-		const char *opt, *data, *pass;
++		const char *opt, *data;
+ 		size_t len;
+ 		BIO *bio;
+ 		EVP_PKEY *pub = NULL, *prvt = NULL;
+@@ -3664,7 +3670,6 @@ static int pk_new(lua_State *L) {
+ 		}
+ 
+ 		data = luaL_checklstring(L, 1, &len);
+-		pass = luaL_optstring(L, 4, NULL);
+ 
+ 		ud = prepsimple(L, PKEY_CLASS);
+ 
+@@ -3672,6 +3677,8 @@ static int pk_new(lua_State *L) {
+ 			return auxL_error(L, auxL_EOPENSSL, "pkey.new");
+ 
+ 		if (type == X509_PEM || type == X509_ANY) {
++			lua_pushvalue(L, 4);
++
+ 			if (!prvtonly && !pub) {
+ 				/*
+ 				 * BIO_reset is a rewind for read-only
+@@ -3680,16 +3687,18 @@ static int pk_new(lua_State *L) {
+ 				 */
+ 				BIO_reset(bio);
+ 
+-				if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass)))
++				if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, L)))
+ 					goterr = 1;
+ 			}
+ 
+ 			if (!pubonly && !prvt) {
+ 				BIO_reset(bio);
+ 
+-				if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass)))
++				if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, L)))
+ 					goterr = 1;
+ 			}
++
++			lua_pop(L, 1);
+ 		}
+ 
+ 		if (type == X509_DER || type == X509_ANY) {
+@@ -4116,11 +4125,10 @@ static int pk_toPEM(lua_State *L) {
+ static int pk_getPrivateKey(lua_State *L) {
+ 	EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
+ 	const char *cname = luaL_optstring(L, 2, NULL);
+-	const char *pass = NULL;
+ 	EVP_CIPHER *cipher = NULL;
++	lua_settop(L, 3);
+ 
+ 	if (cname) {
+-		pass = luaL_checkstring(L, 3);
+ 		cipher = EVP_get_cipherbyname(cname);
+ 		if (!cipher)
+ 			return luaL_error(L, "pkey:getPrivateKey: unknown cipher: %s", cname);
+@@ -4130,7 +4138,7 @@ static int pk_getPrivateKey(lua_State *L) {
+ 	char *str;
+ 	long len;
+ 
+-	if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass))
++	if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, L))
+ 		return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey");
+ 	len = BIO_get_mem_data(bio, &str);
+ 	lua_pushlstring(L, str, len);
+-- 
+2.18.0
+
diff --git a/main/lua-ossl/APKBUILD b/main/lua-ossl/APKBUILD
index 3d45235b20b..9cbbd856096 100644
--- a/main/lua-ossl/APKBUILD
+++ b/main/lua-ossl/APKBUILD
@@ -4,7 +4,7 @@ pkgname=lua-ossl
 _pkgname=luaossl
 pkgver=20180530
 _ver=${pkgver%_git*}
-pkgrel=0
+pkgrel=1
 pkgdesc="A comprehensive OpenSSL Lua module"
 url="http://25thandclement.com/~william/projects/luaossl.html"
 arch="all"
@@ -12,7 +12,13 @@ license="MIT"
 depends=""
 makedepends="libressl-dev"
 subpackages=""
-source="$_pkgname-$_ver.tar.gz::https://github.com/wahern/$_pkgname/archive/rel-$pkgver.tar.gz"
+source="$_pkgname-$_ver.tar.gz::https://github.com/wahern/$_pkgname/archive/rel-$pkgver.tar.gz
+	0001-pkey-getPrivateKey-method.patch
+	0002-pkey.getPrivateKey-encryption.patch
+	0003-pkey.new-decryption.patch
+	0004-pkey.getPrivateKey-use-password-callback.patch
+	0005-pkey-PEM-password-callback.patch
+"
 builddir="$srcdir/$_pkgname-rel-$pkgver"
 
 _luaversions="5.1 5.2 5.3"
@@ -66,4 +72,9 @@ _package() {
 	echo 'rock_manifest = {}' > "$rockdir"/rock_manifest
 }
 
-sha512sums="ebccd65d1887986dac5dc64a7fcd778a60b7cd9a4631ffc8e6337fc9ee1ee15207c84b31c13c363befd7aedb0200c2ff1441ee84a057373530c76b2799f1e04e  luaossl-20180530.tar.gz"
+sha512sums="ebccd65d1887986dac5dc64a7fcd778a60b7cd9a4631ffc8e6337fc9ee1ee15207c84b31c13c363befd7aedb0200c2ff1441ee84a057373530c76b2799f1e04e  luaossl-20180530.tar.gz
+385ca444d860deaf22b460cba0510daf40014c5da90bafb5e0299ee173625e4ab4083dab17fcd973f816a46b3cb1d2d3d535633128462ba33f5ab9c14c2baa77  0001-pkey-getPrivateKey-method.patch
+0e33d10cb40f0b4d614591a3fda3e8ddc35438a9ddd8170239e8680b831ecbfea108ff111504686fbfc8a82bc59b96bbeb166ddef2ee6e299707fb5795b4b3ce  0002-pkey.getPrivateKey-encryption.patch
+c5800c658773477c967a73eb1a86d9f746a6a0821ee462e8873ac5149c0b77ef3b54ee651ea7bf5d93c42e67b8e60b449e6697c1167aa92bf73e6d65aa645205  0003-pkey.new-decryption.patch
+9eb6a87241bba69fc4508fb28a95e043fea9078aa7515314e9f181fd5e0789a31715de3912e4095c7b0028c24ee9ea4061e411ffb8ae7161ba7477ee85d6609c  0004-pkey.getPrivateKey-use-password-callback.patch
+e0028d4623018de3f467b405e704a8cbb9e6a2a88d12358ff26ffad1aa0d28733f55fb2ed0ead4c358b350dd702c80a3d322a70c2d4463ee58ebf68ef1a9ab6a  0005-pkey-PEM-password-callback.patch"
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2018-07-28 22:32:18 +0300
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2018-11-06 22:25:13 +0200
commit	7c329eb9d72c3b73f172d6d7fe4df2c7df3cc7a9 (patch)
tree	dc8f16560f3a0ebada5ba58be07bf58cdf8a8f79
parent	2fabafb2b32d929a4de15f8ae3e7a8379120e495 (diff)