luasec: Update to 0.7

Switched to codeload to keep a sane source name. Backported a few useful patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years ago · a48a5c0e26
--- a/lang/luasec/Makefile
+++ b/lang/luasec/Makefile
@ -8,18 +8,19 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luasec
 PKG_VERSION:=0.6
 PKG_RELEASE:=2
 PKG_VERSION:=0.7
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/brunoos/luasec/archive/
 PKG_HASH:=cef3a35c18beb8a54d9c8ce6260a4cabbd9a386de8711320d084daffad0aed5d
 PKG_SOURCE_URL:=https://codeload.github.com/brunoos/luasec/tar.gz/luasec-$(PKG_VERSION)?
 PKG_HASH:=2176e95b1d2a72a3235ede5d2aa9838050feee55dade8fdbde4be7fdc66f3a31
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION)

 MAINTAINER:=W. Michael Petullo <mike@flyn.org>
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE

 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1

 include $(INCLUDE_DIR)/package.mk
--- a/lang/luasec/patches/010-Using-const-SSL_METHOD.patch
+++ b/lang/luasec/patches/010-Using-const-SSL_METHOD.patch
@ -0,0 +1,49 @@
 From 8212b89f1a04023b431d2fc9bc12aca02394698f Mon Sep 17 00:00:00 2001
 From: Bruno Silvestre <bruno.silvestre@gmail.com>
 Date: Fri, 29 Jun 2018 14:02:39 -0300
 Subject: [PATCH 1/3] Using 'const SSL_METHOD*'

 This change was introduced in OpenSSL 1.0.0.
 Start droping 0.9.8 code.
 ---
 src/context.c | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

 diff --git a/src/context.c b/src/context.c
 index a2b5ae5..b9e8cda 100644
 --- a/src/context.c
 +++ b/src/context.c
@@ -29,12 +29,6 @@
 #include "ec.h"
 #endif
 
 -#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
 -typedef const SSL_METHOD LSEC_SSL_METHOD;
 -#else
 -typedef       SSL_METHOD LSEC_SSL_METHOD;
 -#endif
 -
 /*--------------------------- Auxiliary Functions ----------------------------*/
 
 /**
@@ -68,7 +62,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
 /**
  * Find the protocol.
  */
 -static LSEC_SSL_METHOD* str2method(const char *method)
 +static const SSL_METHOD* str2method(const char *method)
 {
   if (!strcmp(method, "any"))     return SSLv23_method();
   if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
@@ -287,7 +281,7 @@ static int create(lua_State *L)
 {
   p_context ctx;
   const char *str_method;
 -  LSEC_SSL_METHOD *method;
 +  const SSL_METHOD *method;
 
   str_method = luaL_checkstring(L, 1);
   method = str2method(str_method);
 -- 
 2.19.1

--- a/lang/luasec/patches/010-openssl-1.1-compatibility.patch
+++ b/lang/luasec/patches/010-openssl-1.1-compatibility.patch
@ -1,180 +0,0 @@
 --- a/src/context.c
 +++ b/src/context.c
@@ -24,7 +24,7 @@
 #include "context.h"
 #include "options.h"
 
 -#ifndef OPENSSL_NO_ECDH
 +#ifndef OPENSSL_NO_EC
 #include <openssl/ec.h>
 #include "ec.h"
 #endif
@@ -35,10 +35,6 @@ typedef const SSL_METHOD LSEC_SSL_METHOD
 typedef       SSL_METHOD LSEC_SSL_METHOD;
 #endif
 
 -#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 -#define SSLv23_method() TLS_method()
 -#endif
 -
 /*-- Compat - Lua 5.1 --------------------------------------------------------*/
 
 #if (LUA_VERSION_NUM == 501)
@@ -304,7 +300,7 @@ static int verify_cb(int preverify_ok, X
   return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
 }
 
 -#ifndef OPENSSL_NO_ECDH
 +#ifndef OPENSSL_NO_EC
 static EC_KEY *find_ec_key(const char *str)
 {
   p_ec ptr;
@@ -565,7 +561,7 @@ static int set_dhparam(lua_State *L)
 /**
  * Set elliptic curve.
  */
 -#ifdef OPENSSL_NO_ECDH
 +#ifdef OPENSSL_NO_EC
 static int set_curve(lua_State *L)
 {
   lua_pushboolean(L, 0);
 --- a/src/ssl.c
 +++ b/src/ssl.c
@@ -31,6 +31,13 @@
 #include "context.h"
 #include "ssl.h"
 
 +
 +#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
 +#define SSL_is_server(s) (s->server)
 +#define X509_up_ref(c)   CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
 +#endif
 +
 +
 /**
  * Underline socket error.
  */
@@ -406,7 +413,9 @@ static int meth_want(lua_State *L)
  */
 static int meth_compression(lua_State *L)
 {
 -#if !defined(OPENSSL_NO_COMP)
 +#ifdef OPENSSL_NO_COMP
 +  const void *comp;
 +#else
   const COMP_METHOD *comp;
 #endif
   p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
@@ -415,15 +424,11 @@ static int meth_compression(lua_State *L
     lua_pushstring(L, "closed");
     return 2;
   }
 -#if !defined(OPENSSL_NO_COMP)
   comp = SSL_get_current_compression(ssl->ssl);
   if (comp)
     lua_pushstring(L, SSL_COMP_get_name(comp));
   else
     lua_pushnil(L);
 -#else
 -  lua_pushnil(L);
 -#endif
   return 1;
 }
 
@@ -461,7 +466,7 @@ static int meth_getpeercertificate(lua_S
   /* In a server-context, the stack doesn't contain the peer cert,
    * so adjust accordingly.
    */
 -  if (ssl->ssl->server)
 +  if (SSL_is_server(ssl->ssl))
     --n;
   certs = SSL_get_peer_cert_chain(ssl->ssl);
   if (n >= sk_X509_num(certs)) {
@@ -471,7 +476,7 @@ static int meth_getpeercertificate(lua_S
   cert = sk_X509_value(certs, n);
   /* Increment the reference counting of the object. */
   /* See SSL_get_peer_certificate() source code.     */
 -  CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
 +  X509_up_ref(cert);
   lsec_pushx509(L, cert);
   return 1;
 }
@@ -493,7 +498,7 @@ static int meth_getpeerchain(lua_State *
     return 2;
   }
   lua_newtable(L);
 -  if (ssl->ssl->server) {
 +  if (SSL_is_server(ssl->ssl)) {
     lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
     lua_rawseti(L, -2, idx++);
   }
@@ -503,7 +508,7 @@ static int meth_getpeerchain(lua_State *
     cert = sk_X509_value(certs, i);
     /* Increment the reference counting of the object. */
     /* See SSL_get_peer_certificate() source code.     */
 -    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
 +    X509_up_ref(cert);
     lsec_pushx509(L, cert);
     lua_rawseti(L, -2, idx++);
   }
 --- a/src/x509.c
 +++ b/src/x509.c
@@ -32,6 +32,17 @@
 
 #include "x509.h"
 
 +
 +/*
 + * ASN1_STRING_data is deprecated in OpenSSL 1.1.0
 + */
 +#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
 +#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
 +#else
 +#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
 +#endif
 +
 +
 static const char* hex_tab = "0123456789abcdef";
 
 /**
@@ -146,7 +157,7 @@ static void push_asn1_string(lua_State*
   }
   switch (encode) {
   case LSEC_AI5_STRING:
 -    lua_pushlstring(L, (char*)ASN1_STRING_data(string),
 +    lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
                        ASN1_STRING_length(string));
     break;
   case LSEC_UTF8_STRING:
@@ -182,7 +193,7 @@ static void push_asn1_ip(lua_State *L, A
 {
   int af;
   char dst[INET6_ADDRSTRLEN];
 -  unsigned char *ip = ASN1_STRING_data(string);
 +  unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
   switch(ASN1_STRING_length(string)) {
   case 4:
     af = AF_INET;
@@ -293,11 +304,11 @@ int meth_extensions(lua_State* L)
       break;
 
     /* Push ret[oid] */
 -    push_asn1_objname(L, extension->object, 1);
 +    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 1);
     push_subtable(L, -2);
 
     /* Set ret[oid].name = name */
 -    push_asn1_objname(L, extension->object, 0);
 +    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 0);
     lua_setfield(L, -2, "name");
 
     n_general_names = sk_GENERAL_NAME_num(values);
@@ -404,7 +415,7 @@ static int meth_pubkey(lua_State* L)
     bytes = BIO_get_mem_data(bio, &data);
     if (bytes > 0) {
       lua_pushlstring(L, data, bytes);
 -      switch(EVP_PKEY_type(pkey->type)) {
 +      switch(EVP_PKEY_base_id(pkey)) {
         case EVP_PKEY_RSA:
           lua_pushstring(L, "RSA");
           break;
--- a/lang/luasec/patches/020-Removing-SSLv3-support.patch
+++ b/lang/luasec/patches/020-Removing-SSLv3-support.patch
@ -0,0 +1,43 @@
 From 89bdc6148cd8cffb1483f4fc0aa14d636f8f5b4f Mon Sep 17 00:00:00 2001
 From: Bruno Silvestre <bruno.silvestre@gmail.com>
 Date: Fri, 29 Jun 2018 14:06:51 -0300
 Subject: [PATCH 2/3] Removing SSLv3 support

 ---
 src/config.c  | 5 -----
 src/context.c | 3 ---
 2 files changed, 8 deletions(-)

 diff --git a/src/config.c b/src/config.c
 index ce74997..6939fca 100644
 --- a/src/config.c
 +++ b/src/config.c
@@ -32,11 +32,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
   lua_pushstring(L, "protocols");
   lua_newtable(L);
 
 -#ifndef OPENSSL_NO_SSL3
 -  lua_pushstring(L, "sslv3");
 -  lua_pushboolean(L, 1);
 -  lua_rawset(L, -3);
 -#endif
   lua_pushstring(L, "tlsv1");
   lua_pushboolean(L, 1);
   lua_rawset(L, -3);
 diff --git a/src/context.c b/src/context.c
 index b9e8cda..d8fc8b6 100644
 --- a/src/context.c
 +++ b/src/context.c
@@ -66,9 +66,6 @@ static const SSL_METHOD* str2method(const char *method)
 {
   if (!strcmp(method, "any"))     return SSLv23_method();
   if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
 -#ifndef OPENSSL_NO_SSL3
 -  if (!strcmp(method, "sslv3"))   return SSLv3_method();
 -#endif
   if (!strcmp(method, "tlsv1"))   return TLSv1_method();
 #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
   if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
 -- 
 2.19.1

--- a/lang/luasec/patches/030-Removing-deprecated-methods-to-select-the-protocol.patch
+++ b/lang/luasec/patches/030-Removing-deprecated-methods-to-select-the-protocol.patch
@ -0,0 +1,98 @@
 From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001
 From: Bruno Silvestre <bruno.silvestre@gmail.com>
 Date: Mon, 2 Jul 2018 10:31:45 -0300
 Subject: [PATCH 3/3] Removing deprecated methods to select the protocol

 Using TLS_method(), SSL_set_min_proto_version() and
 SSL_set_max_proto_version().
 ---
 src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 44 insertions(+), 2 deletions(-)

 diff --git a/src/context.c b/src/context.c
 index d8fc8b6..d1377f1 100644
 --- a/src/context.c
 +++ b/src/context.c
@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
   return 0;
 }
 
 +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 +
 /**
  * Find the protocol.
  */
 -static const SSL_METHOD* str2method(const char *method)
 +static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
 {
 +  if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
 +    *vmin = TLS1_VERSION;
 +    *vmax = TLS1_2_VERSION;
 +    return TLS_method();
 +  }
 +  else if (!strcmp(method, "tlsv1")) {
 +    *vmin = TLS1_VERSION;
 +    *vmax = TLS1_VERSION;
 +    return TLS_method();
 +  }
 +  else if (!strcmp(method, "tlsv1_1")) {
 +    *vmin = TLS1_1_VERSION;
 +    *vmax = TLS1_1_VERSION;
 +    return TLS_method();
 +  }
 +  else if (!strcmp(method, "tlsv1_2")) {
 +    *vmin = TLS1_2_VERSION;
 +    *vmax = TLS1_2_VERSION;
 +    return TLS_method();
 +  }
 +
 +  return NULL;
 +}
 +
 +#else
 +
 +/**
 + * Find the protocol.
 + */
 +static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
 +{
 +  (void)vmin;
 +  (void)vmax;
   if (!strcmp(method, "any"))     return SSLv23_method();
   if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
   if (!strcmp(method, "tlsv1"))   return TLSv1_method();
@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
   return NULL;
 }
 
 +#endif
 +
 /**
  * Prepare the SSL handshake verify flag.
  */
@@ -279,9 +316,10 @@ static int create(lua_State *L)
   p_context ctx;
   const char *str_method;
   const SSL_METHOD *method;
 +  int vmin, vmax;
 
   str_method = luaL_checkstring(L, 1);
 -  method = str2method(str_method);
 +  method = str2method(str_method, &vmin, &vmax);
   if (!method) {
     lua_pushnil(L);
     lua_pushfstring(L, "invalid protocol (%s)", str_method);
@@ -301,6 +339,10 @@ static int create(lua_State *L)
       ERR_reason_error_string(ERR_get_error()));
     return 2;
   }
 +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 +  SSL_CTX_set_min_proto_version(ctx->context, vmin);
 +  SSL_CTX_set_max_proto_version(ctx->context, vmax);
 +#endif
   ctx->mode = LSEC_MODE_INVALID;
   ctx->L = L;
   luaL_getmetatable(L, "SSL:Context");
 -- 
 2.19.1

--- a/lang/luasec/patches/040-openssl-deprecated.patch
+++ b/lang/luasec/patches/040-openssl-deprecated.patch
@ -0,0 +1,89 @@
 --- a/src/context.c
 +++ b/src/context.c
@@ -17,6 +17,7 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 +#include <openssl/dh.h>
 
 #include <lua.h>
 #include <lauxlib.h>
@@ -819,7 +820,9 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
   luaL_newlib(L, meta_index);
   lua_setfield(L, -2, "__index");
 
 +#ifndef OPENSSL_NO_EC
   lsec_load_curves(L);
 +#endif
 
   /* Return the module */
   luaL_newlib(L, funcs);
 --- a/src/ssl.c
 +++ b/src/ssl.c
@@ -857,6 +857,7 @@ static luaL_Reg funcs[] = {
  */
 LSEC_API int luaopen_ssl_core(lua_State *L)
 {
 +#if OPENSSL_VERSION_NUMBER<0x10100000L
   /* Initialize SSL */
   if (!SSL_library_init()) {
     lua_pushstring(L, "unable to initialize SSL library");
@@ -864,6 +865,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
   }
   OpenSSL_add_all_algorithms();
   SSL_load_error_strings();
 +#endif
 
 #if defined(WITH_LUASOCKET)
   /* Initialize internal library */
 --- a/src/x509.c
 +++ b/src/x509.c
@@ -42,6 +42,10 @@
 #define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
 #endif
 
 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
 +#define X509_get0_notBefore X509_get_notBefore
 +#define X509_get0_notAfter X509_get_notAfter
 +#endif
 
 static const char* hex_tab = "0123456789abcdef";
 
@@ -174,7 +178,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
 /**
  * Return a human readable time.
  */
 -static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
 +static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
 {
   char *tmp;
   long size;
@@ -490,8 +494,8 @@ static int meth_valid_at(lua_State* L)
 {
   X509* cert = lsec_checkx509(L, 1);
   time_t time = luaL_checkinteger(L, 2);
 -  lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time)     >= 0
 -                      && X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
 +  lua_pushboolean(L, (X509_cmp_time(X509_get0_notAfter(cert), &time)     >= 0
 +                      && X509_cmp_time(X509_get0_notBefore(cert), &time) <= 0));
   return 1;
 }
 
@@ -519,7 +523,7 @@ static int meth_serial(lua_State *L)
 static int meth_notbefore(lua_State *L)
 {
   X509* cert = lsec_checkx509(L, 1);
 -  return push_asn1_time(L, X509_get_notBefore(cert));
 +  return push_asn1_time(L, X509_get0_notBefore(cert));
 }
 
 /**
@@ -528,7 +532,7 @@ static int meth_notbefore(lua_State *L)
 static int meth_notafter(lua_State *L)
 {
   X509* cert = lsec_checkx509(L, 1);
 -  return push_asn1_time(L, X509_get_notAfter(cert));
 +  return push_asn1_time(L, X509_get0_notAfter(cert));
 }
 
 /**
--- a/lang/luasec/patches/100-fix-compilation.patch
+++ b/lang/luasec/patches/100-fix-compilation.patch
@ -0,0 +1,19 @@
 diff --git a/src/Makefile b/src/Makefile
 index 9be2f14..93d1dc4 100644
 --- a/src/Makefile
 +++ b/src/Makefile
@@ -33,10 +33,10 @@ LDFLAGS += $(MYLDFLAGS)
 all:
 
 install: $(CMOD) $(LMOD)
 -	$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
 -	$(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
 -	$(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
 -	$(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
 +	$(INSTALL) -d $(LUAPATH)/ssl $(LUACPATH)
 +	$(INSTALL) $(CMOD) $(LUACPATH)
 +	$(INSTALL) -m644 $(LMOD) $(LUAPATH)
 +	$(INSTALL) -m644 https.lua $(LUAPATH)/ssl
 
 linux:
 	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"