Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lua-luasec for openSUSE:Factory checked in at 2023-07-11 15:57:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lua-luasec (Old) and /work/SRC/openSUSE:Factory/.lua-luasec.new.8922 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lua-luasec" Tue Jul 11 15:57:26 2023 rev:9 rq:1098146 version:1.3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/lua-luasec/lua-luasec.changes 2023-01-26 14:03:20.101875378 +0100 +++ /work/SRC/openSUSE:Factory/.lua-luasec.new.8922/lua-luasec.changes 2023-07-11 15:57:51.245363610 +0200 @@ -1,0 +2,7 @@ +Tue Jul 11 11:29:59 UTC 2023 - Gordon Leung <[email protected]> + +- Update to version 1.3.1 + * Add support for tls-psk + * See: https://github.com/brunoos/luasec/compare/v1.2.0...v1.3.1 + +------------------------------------------------------------------- Old: ---- luasec-1.2.0.tar.gz New: ---- luasec-1.3.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lua-luasec.spec ++++++ --- /var/tmp/diff_new_pack.TGS5Fb/_old 2023-07-11 15:57:51.873367264 +0200 +++ /var/tmp/diff_new_pack.TGS5Fb/_new 2023-07-11 15:57:51.877367286 +0200 @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ %else Name: %{flavor}-%{mod_name} %endif -Version: 1.2.0 +Version: 1.3.1 Release: 0 Summary: A Lua binding for OpenSSL License: MIT ++++++ luasec-1.2.0.tar.gz -> luasec-1.3.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/CHANGELOG new/luasec-1.3.1/CHANGELOG --- old/luasec-1.2.0/CHANGELOG 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/CHANGELOG 2023-03-19 15:55:08.000000000 +0100 @@ -1,4 +1,19 @@ -------------------------------------------------------------------------------- +LuaSec 1.3.1 +--------------- +This version includes: + +* Fix: check if PSK is available + +-------------------------------------------------------------------------------- +LuaSec 1.3.0 +--------------- +This version includes: + +* Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods (@mwild1) +* Add Pre-Shared Key (PSK) support (@jclab-joseph) + +-------------------------------------------------------------------------------- LuaSec 1.2.0 --------------- This version includes: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/INSTALL new/luasec-1.3.1/INSTALL --- old/luasec-1.2.0/INSTALL 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/INSTALL 2023-03-19 15:55:08.000000000 +0100 @@ -1,9 +1,9 @@ -LuaSec 1.2.0 +LuaSec 1.3.1 ------------ * OpenSSL options: - By default, this version includes options for OpenSSL 3.0.0 beta2 + By default, this version includes options for OpenSSL 3.0.8 If you need to generate the options for a different version of OpenSSL: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/LICENSE new/luasec-1.3.1/LICENSE --- old/luasec-1.2.0/LICENSE 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/LICENSE 2023-03-19 15:55:08.000000000 +0100 @@ -1,5 +1,5 @@ -LuaSec 1.2.0 license -Copyright (C) 2006-2022 Bruno Silvestre, UFG +LuaSec 1.3.1 license +Copyright (C) 2006-2023 Bruno Silvestre, UFG Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/README.md new/luasec-1.3.1/README.md --- old/luasec-1.2.0/README.md 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/README.md 2023-03-19 15:55:08.000000000 +0100 @@ -1,4 +1,4 @@ -LuaSec 1.2.0 +LuaSec 1.3.1 =============== LuaSec depends on OpenSSL, and integrates with LuaSocket to make it easy to add secure connections to any Lua applications or scripts. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/luasec-1.2.0-1.rockspec new/luasec-1.3.1/luasec-1.2.0-1.rockspec --- old/luasec-1.2.0/luasec-1.2.0-1.rockspec 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/luasec-1.2.0-1.rockspec 1970-01-01 01:00:00.000000000 +0100 @@ -1,105 +0,0 @@ -package = "LuaSec" -version = "1.2.0-1" -source = { - url = "git+https://github.com/brunoos/luasec";, - tag = "v1.2.0", -} -description = { - summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.", - detailed = "This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session.", - homepage = "https://github.com/brunoos/luasec/wiki";, - license = "MIT" -} -dependencies = { - "lua >= 5.1", "luasocket" -} -external_dependencies = { - platforms = { - unix = { - OPENSSL = { - header = "openssl/ssl.h", - library = "ssl" - } - }, - windows = { - OPENSSL = { - header = "openssl/ssl.h", - } - }, - } -} -build = { - type = "builtin", - copy_directories = { - "samples" - }, - platforms = { - unix = { - install = { - lib = { - "ssl.so" - }, - lua = { - "src/ssl.lua", ['ssl.https'] = "src/https.lua" - } - }, - modules = { - ssl = { - defines = { - "WITH_LUASOCKET", "LUASOCKET_DEBUG", - }, - incdirs = { - "$(OPENSSL_INCDIR)", "src/", "src/luasocket", - }, - libdirs = { - "$(OPENSSL_LIBDIR)" - }, - libraries = { - "ssl", "crypto" - }, - sources = { - "src/options.c", "src/config.c", "src/ec.c", - "src/x509.c", "src/context.c", "src/ssl.c", - "src/luasocket/buffer.c", "src/luasocket/io.c", - "src/luasocket/timeout.c", "src/luasocket/usocket.c" - } - } - } - }, - windows = { - install = { - lib = { - "ssl.dll" - }, - lua = { - "src/ssl.lua", ['ssl.https'] = "src/https.lua" - } - }, - modules = { - ssl = { - defines = { - "WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)", - "WITH_LUASOCKET", "LUASOCKET_DEBUG", - "LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300" - }, - libdirs = { - "$(OPENSSL_LIBDIR)", - "$(OPENSSL_BINDIR)", - }, - libraries = { - "libssl32MD", "libcrypto32MD", "ws2_32" - }, - incdirs = { - "$(OPENSSL_INCDIR)", "src/", "src/luasocket" - }, - sources = { - "src/options.c", "src/config.c", "src/ec.c", - "src/x509.c", "src/context.c", "src/ssl.c", - "src/luasocket/buffer.c", "src/luasocket/io.c", - "src/luasocket/timeout.c", "src/luasocket/wsocket.c" - } - } - } - } - } -} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/luasec-1.3.1-1.rockspec new/luasec-1.3.1/luasec-1.3.1-1.rockspec --- old/luasec-1.2.0/luasec-1.3.1-1.rockspec 1970-01-01 01:00:00.000000000 +0100 +++ new/luasec-1.3.1/luasec-1.3.1-1.rockspec 2023-03-19 15:55:08.000000000 +0100 @@ -0,0 +1,105 @@ +package = "LuaSec" +version = "1.3.1-1" +source = { + url = "git+https://github.com/brunoos/luasec";, + tag = "v1.3.1", +} +description = { + summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.", + detailed = "This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session.", + homepage = "https://github.com/brunoos/luasec/wiki";, + license = "MIT" +} +dependencies = { + "lua >= 5.1", "luasocket" +} +external_dependencies = { + platforms = { + unix = { + OPENSSL = { + header = "openssl/ssl.h", + library = "ssl" + } + }, + windows = { + OPENSSL = { + header = "openssl/ssl.h", + } + }, + } +} +build = { + type = "builtin", + copy_directories = { + "samples" + }, + platforms = { + unix = { + install = { + lib = { + "ssl.so" + }, + lua = { + "src/ssl.lua", ['ssl.https'] = "src/https.lua" + } + }, + modules = { + ssl = { + defines = { + "WITH_LUASOCKET", "LUASOCKET_DEBUG", + }, + incdirs = { + "$(OPENSSL_INCDIR)", "src/", "src/luasocket", + }, + libdirs = { + "$(OPENSSL_LIBDIR)" + }, + libraries = { + "ssl", "crypto" + }, + sources = { + "src/options.c", "src/config.c", "src/ec.c", + "src/x509.c", "src/context.c", "src/ssl.c", + "src/luasocket/buffer.c", "src/luasocket/io.c", + "src/luasocket/timeout.c", "src/luasocket/usocket.c" + } + } + } + }, + windows = { + install = { + lib = { + "ssl.dll" + }, + lua = { + "src/ssl.lua", ['ssl.https'] = "src/https.lua" + } + }, + modules = { + ssl = { + defines = { + "WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)", + "WITH_LUASOCKET", "LUASOCKET_DEBUG", + "LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300" + }, + libdirs = { + "$(OPENSSL_LIBDIR)", + "$(OPENSSL_BINDIR)", + }, + libraries = { + "libssl", "libcrypto", "ws2_32" + }, + incdirs = { + "$(OPENSSL_INCDIR)", "src/", "src/luasocket" + }, + sources = { + "src/options.c", "src/config.c", "src/ec.c", + "src/x509.c", "src/context.c", "src/ssl.c", + "src/luasocket/buffer.c", "src/luasocket/io.c", + "src/luasocket/timeout.c", "src/luasocket/wsocket.c" + } + } + } + } + } +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/luasec.vcxproj new/luasec-1.3.1/luasec.vcxproj --- old/luasec-1.2.0/luasec.vcxproj 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/luasec.vcxproj 2023-03-19 15:55:08.000000000 +0100 @@ -61,7 +61,7 @@ <DebugInformationFormat>EditAndContinue</DebugInformationFormat> </ClCompile> <Link> - <AdditionalDependencies>ws2_32.lib;libeay32MDd.lib;ssleay32MDd.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies> <OutputFile>$(OutDir)ssl.dll</OutputFile> <AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <GenerateDebugInformation>true</GenerateDebugInformation> @@ -85,7 +85,7 @@ <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> </ClCompile> <Link> - <AdditionalDependencies>ws2_32.lib;libssl32MD.lib;libcrypto32MD.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies> + <AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies> <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile> <AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <GenerateDebugInformation>true</GenerateDebugInformation> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/README new/luasec-1.3.1/samples/README --- old/luasec-1.2.0/samples/README 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/samples/README 2023-03-19 15:55:08.000000000 +0100 @@ -45,6 +45,9 @@ * oneshot A simple connection example. +* psk + PSK(Pre Shared Key) support. + * sni Support to SNI (Server Name Indication). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/certs/all.sh new/luasec-1.3.1/samples/certs/all.sh --- old/luasec-1.2.0/samples/certs/all.sh 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/samples/certs/all.sh 2023-03-19 15:55:08.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh ./rootA.sh ./rootB.sh ./clientA.sh diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/certs/clientA.sh new/luasec-1.3.1/samples/certs/clientA.sh --- old/luasec-1.2.0/samples/certs/clientA.sh 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/samples/certs/clientA.sh 2023-03-19 15:55:08.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \ -nodes -config ./clientA.cnf -days 365 -batch diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/certs/clientB.sh new/luasec-1.3.1/samples/certs/clientB.sh --- old/luasec-1.2.0/samples/certs/clientB.sh 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/samples/certs/clientB.sh 2023-03-19 15:55:08.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \ -nodes -config ./clientB.cnf -days 365 -batch diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/certs/rootA.sh new/luasec-1.3.1/samples/certs/rootA.sh --- old/luasec-1.2.0/samples/certs/rootA.sh 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/samples/certs/rootA.sh 2023-03-19 15:55:08.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/certs/rootB.sh new/luasec-1.3.1/samples/certs/rootB.sh --- old/luasec-1.2.0/samples/certs/rootB.sh 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/samples/certs/rootB.sh 2023-03-19 15:55:08.000000000 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/bin/sh openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/certs/serverA.sh new/luasec-1.3.1/samples/certs/serverA.sh --- old/luasec-1.2.0/samples/certs/serverA.sh 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/samples/certs/serverA.sh 2023-03-19 15:55:08.000000000 +0100 @@ -1,6 +1,6 @@ -#!/usr/bin/env sh +#!/bin/sh -openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem \ +openssl req -newkey rsa:2048 -sha256 -keyout serverAkey.pem -out serverAreq.pem \ -config ./serverA.cnf -nodes -days 365 -batch openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/certs/serverB.sh new/luasec-1.3.1/samples/certs/serverB.sh --- old/luasec-1.2.0/samples/certs/serverB.sh 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/samples/certs/serverB.sh 2023-03-19 15:55:08.000000000 +0100 @@ -1,6 +1,6 @@ -#!/usr/bin/env sh +#!/bin/sh -openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \ +openssl req -newkey rsa:2048 -sha256 -keyout serverBkey.pem -out serverBreq.pem \ -config ./serverB.cnf -nodes -days 365 -batch openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/chain/server.lua new/luasec-1.3.1/samples/chain/server.lua --- old/luasec-1.2.0/samples/chain/server.lua 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/samples/chain/server.lua 2023-03-19 15:55:08.000000000 +0100 @@ -31,8 +31,27 @@ print("----------------------------------------------------------------------") -for k, cert in ipairs( conn:getpeerchain() ) do +local expectedpeerchain = { "../certs/clientAcert.pem", "../certs/rootA.pem" } + +local peerchain = conn:getpeerchain() +assert(#peerchain == #expectedpeerchain) +for k, cert in ipairs( peerchain ) do + util.show(cert) + local expectedpem = assert(io.open(expectedpeerchain[k])):read("*a") + assert(cert:pem() == expectedpem, "peer chain mismatch @ "..tostring(k)) +end + +local expectedlocalchain = { "../certs/serverAcert.pem" } + +local localchain = assert(conn:getlocalchain()) +assert(#localchain == #expectedlocalchain) +for k, cert in ipairs( localchain ) do util.show(cert) + local expectedpem = assert(io.open(expectedlocalchain[k])):read("*a") + assert(cert:pem() == expectedpem, "local chain mismatch @ "..tostring(k)) + if k == 1 then + assert(cert:pem() == conn:getlocalcertificate():pem()) + end end local f = io.open(params.certificate) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/psk/client.lua new/luasec-1.3.1/samples/psk/client.lua --- old/luasec-1.2.0/samples/psk/client.lua 1970-01-01 01:00:00.000000000 +0100 +++ new/luasec-1.3.1/samples/psk/client.lua 2023-03-19 15:55:08.000000000 +0100 @@ -0,0 +1,41 @@ +-- +-- Public domain +-- +local socket = require("socket") +local ssl = require("ssl") + +if not ssl.config.capabilities.psk then + print("[ERRO] PSK not available") + os.exit(1) +end + +-- @param hint (nil | string) +-- @param max_identity_len (number) +-- @param max_psk_len (number) +-- @return identity (string) +-- @return PSK (string) +local function pskcb(hint, max_identity_len, max_psk_len) + print(string.format("PSK Callback: hint=%q, max_identity_len=%d, max_psk_len=%d", hint, max_identity_len, max_psk_len)) + return "abcd", "1234" +end + +local params = { + mode = "client", + protocol = "tlsv1_2", + psk = pskcb, +} + +local peer = socket.tcp() +peer:connect("127.0.0.1", 8888) + +peer = assert( ssl.wrap(peer, params) ) +assert(peer:dohandshake()) + +print("--- INFO ---") +local info = peer:info() +for k, v in pairs(info) do + print(k, v) +end +print("---") + +peer:close() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/samples/psk/server.lua new/luasec-1.3.1/samples/psk/server.lua --- old/luasec-1.2.0/samples/psk/server.lua 1970-01-01 01:00:00.000000000 +0100 +++ new/luasec-1.3.1/samples/psk/server.lua 2023-03-19 15:55:08.000000000 +0100 @@ -0,0 +1,60 @@ +-- +-- Public domain +-- +local socket = require("socket") +local ssl = require("ssl") + +if not ssl.config.capabilities.psk then + print("[ERRO] PSK not available") + os.exit(1) +end + +-- @param identity (string) +-- @param max_psk_len (number) +-- @return psk (string) +local function pskcb(identity, max_psk_len) + print(string.format("PSK Callback: identity=%q, max_psk_len=%d", identity, max_psk_len)) + if identity == "abcd" then + return "1234" + end + return nil +end + +local params = { + mode = "server", + protocol = "any", + options = "all", + +-- PSK with just a callback + psk = pskcb, + +-- PSK with identity hint +-- psk = { +-- hint = "hintpsksample", +-- callback = pskcb, +-- }, +} + + +-- [[ SSL context +local ctx = assert(ssl.newcontext(params)) +--]] + +local server = socket.tcp() +server:setoption('reuseaddr', true) +assert( server:bind("127.0.0.1", 8888) ) +server:listen() + +local peer = server:accept() +peer = assert( ssl.wrap(peer, ctx) ) +assert( peer:dohandshake() ) + +print("--- INFO ---") +local info = peer:info() +for k, v in pairs(info) do + print(k, v) +end +print("---") + +peer:close() +server:close() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/compat.h new/luasec-1.3.1/src/compat.h --- old/luasec-1.2.0/src/compat.h 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/compat.h 2023-03-19 15:55:08.000000000 +0100 @@ -1,7 +1,7 @@ /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2006-2022 Bruno Silvestre + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ @@ -53,5 +53,11 @@ #endif //------------------------------------------------------------------------------ + +#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_PSK) +#define LSEC_ENABLE_PSK +#endif + +//------------------------------------------------------------------------------ #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/config.c new/luasec-1.3.1/src/config.c --- old/luasec-1.2.0/src/config.c 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/config.c 2023-03-19 15:55:08.000000000 +0100 @@ -1,7 +1,7 @@ /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2006-2022 Bruno Silvestre. + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ @@ -74,6 +74,12 @@ lua_pushboolean(L, 1); lua_rawset(L, -3); +#ifdef LSEC_ENABLE_PSK + lua_pushstring(L, "psk"); + lua_pushboolean(L, 1); + lua_rawset(L, -3); +#endif + #ifdef LSEC_ENABLE_DANE // DANE lua_pushstring(L, "dane"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/context.c new/luasec-1.3.1/src/context.c --- old/luasec-1.2.0/src/context.c 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/context.c 2023-03-19 15:55:08.000000000 +0100 @@ -1,9 +1,8 @@ /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann, - * Matthew Wild. - * Copyright (C) 2006-2022 Bruno Silvestre. + * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ @@ -708,6 +707,143 @@ return 1; } +#if defined(LSEC_ENABLE_PSK) +/** + * Callback to select the PSK. + */ +static unsigned int server_psk_cb(SSL *ssl, const char *identity, unsigned char *psk, + unsigned int max_psk_len) +{ + size_t psk_len; + const char *ret_psk; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + p_context pctx = (p_context)SSL_CTX_get_app_data(ctx); + lua_State *L = pctx->L; + + luaL_getmetatable(L, "SSL:PSK:Registry"); + lua_pushlightuserdata(L, (void*)pctx->context); + lua_gettable(L, -2); + + lua_pushstring(L, identity); + lua_pushinteger(L, max_psk_len); + + lua_call(L, 2, 1); + + if (!lua_isstring(L, -1)) { + lua_pop(L, 2); + return 0; + } + + ret_psk = lua_tolstring(L, -1, &psk_len); + + if (psk_len == 0 || psk_len > max_psk_len) + psk_len = 0; + else + memcpy(psk, ret_psk, psk_len); + + lua_pop(L, 2); + + return psk_len; +} + +/** + * Set a PSK callback for server. + */ +static int set_server_psk_cb(lua_State *L) +{ + p_context ctx = checkctx(L, 1); + + luaL_getmetatable(L, "SSL:PSK:Registry"); + lua_pushlightuserdata(L, (void*)ctx->context); + lua_pushvalue(L, 2); + lua_settable(L, -3); + + SSL_CTX_set_psk_server_callback(ctx->context, server_psk_cb); + + lua_pushboolean(L, 1); + return 1; +} + +/* + * Set the PSK indentity hint. + */ +static int set_psk_identity_hint(lua_State *L) +{ + p_context ctx = checkctx(L, 1); + const char *hint = luaL_checkstring(L, 2); + int ret = SSL_CTX_use_psk_identity_hint(ctx->context, hint); + lua_pushboolean(L, ret); + return 1; +} + +/* + * Client callback to PSK. + */ +static unsigned int client_psk_cb(SSL *ssl, const char *hint, char *identity, + unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len) +{ + size_t psk_len; + size_t identity_len; + const char *ret_psk; + const char *ret_identity; + SSL_CTX *ctx = SSL_get_SSL_CTX(ssl); + p_context pctx = (p_context)SSL_CTX_get_app_data(ctx); + lua_State *L = pctx->L; + + luaL_getmetatable(L, "SSL:PSK:Registry"); + lua_pushlightuserdata(L, (void*)pctx->context); + lua_gettable(L, -2); + + if (hint) + lua_pushstring(L, hint); + else + lua_pushnil(L); + + // Leave space to '\0' + lua_pushinteger(L, max_identity_len-1); + lua_pushinteger(L, max_psk_len); + + lua_call(L, 3, 2); + + if (!lua_isstring(L, -1) || !lua_isstring(L, -2)) { + lua_pop(L, 3); + return 0; + } + + ret_identity = lua_tolstring(L, -2, &identity_len); + ret_psk = lua_tolstring(L, -1, &psk_len); + + if (identity_len >= max_identity_len || psk_len > max_psk_len) + psk_len = 0; + else { + memcpy(identity, ret_identity, identity_len); + identity[identity_len] = 0; + memcpy(psk, ret_psk, psk_len); + } + + lua_pop(L, 3); + + return psk_len; +} + +/** + * Set a PSK callback for client. + */ +static int set_client_psk_cb(lua_State *L) { + p_context ctx = checkctx(L, 1); + + luaL_getmetatable(L, "SSL:PSK:Registry"); + lua_pushlightuserdata(L, (void*)ctx->context); + lua_pushvalue(L, 2); + lua_settable(L, -3); + + SSL_CTX_set_psk_client_callback(ctx->context, client_psk_cb); + + lua_pushboolean(L, 1); + return 1; +} +#endif + #if defined(LSEC_ENABLE_DANE) /* * DANE @@ -759,6 +895,11 @@ {"setdhparam", set_dhparam}, {"setverify", set_verify}, {"setoptions", set_options}, +#if defined(LSEC_ENABLE_PSK) + {"setpskhint", set_psk_identity_hint}, + {"setserverpskcb", set_server_psk_cb}, + {"setclientpskcb", set_client_psk_cb}, +#endif {"setmode", set_mode}, #if !defined(OPENSSL_NO_EC) {"setcurve", set_curve}, @@ -792,6 +933,10 @@ lua_pushlightuserdata(L, (void*)ctx->context); lua_pushnil(L); lua_settable(L, -3); + luaL_getmetatable(L, "SSL:PSK:Registry"); + lua_pushlightuserdata(L, (void*)ctx->context); + lua_pushnil(L); + lua_settable(L, -3); SSL_CTX_free(ctx->context); ctx->context = NULL; @@ -934,9 +1079,10 @@ */ LSEC_API int luaopen_ssl_context(lua_State *L) { - luaL_newmetatable(L, "SSL:DH:Registry"); /* Keep all DH callbacks */ - luaL_newmetatable(L, "SSL:ALPN:Registry"); /* Keep all ALPN callbacks */ - luaL_newmetatable(L, "SSL:Verify:Registry"); /* Keep all verify flags */ + luaL_newmetatable(L, "SSL:DH:Registry"); /* Keep all DH callbacks */ + luaL_newmetatable(L, "SSL:ALPN:Registry"); /* Keep all ALPN callbacks */ + luaL_newmetatable(L, "SSL:PSK:Registry"); /* Keep all PSK callbacks */ + luaL_newmetatable(L, "SSL:Verify:Registry"); /* Keep all verify flags */ luaL_newmetatable(L, "SSL:Context"); setfuncs(L, meta); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/context.h new/luasec-1.3.1/src/context.h --- old/luasec-1.2.0/src/context.h 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/context.h 2023-03-19 15:55:08.000000000 +0100 @@ -2,9 +2,9 @@ #define LSEC_CONTEXT_H /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2006-2022 Bruno Silvestre + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/ec.c new/luasec-1.3.1/src/ec.c --- old/luasec-1.2.0/src/ec.c 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/ec.c 2023-03-19 15:55:08.000000000 +0100 @@ -1,3 +1,10 @@ +/*-------------------------------------------------------------------------- + * LuaSec 1.3.1 + * + * Copyright (C) 2006-2023 Bruno Silvestre + * + *--------------------------------------------------------------------------*/ + #include <openssl/objects.h> #include "ec.h" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/ec.h new/luasec-1.3.1/src/ec.h --- old/luasec-1.2.0/src/ec.h 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/ec.h 2023-03-19 15:55:08.000000000 +0100 @@ -1,7 +1,7 @@ /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2006-2022 Bruno Silvestre + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/https.lua new/luasec-1.3.1/src/https.lua --- old/luasec-1.2.0/src/https.lua 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/https.lua 2023-03-19 15:55:08.000000000 +0100 @@ -1,6 +1,7 @@ ---------------------------------------------------------------------------- --- LuaSec 1.2.0 --- Copyright (C) 2009-2022 PUC-Rio +-- LuaSec 1.3.1 +-- +-- Copyright (C) 2009-2023 PUC-Rio -- -- Author: Pablo Musa -- Author: Tomas Guisasola @@ -18,8 +19,8 @@ -- Module -- local _M = { - _VERSION = "1.2.0", - _COPYRIGHT = "LuaSec 1.2.0 - Copyright (C) 2009-2022 PUC-Rio", + _VERSION = "1.3.1", + _COPYRIGHT = "LuaSec 1.3.1 - Copyright (C) 2009-2023 PUC-Rio", PORT = 443, TIMEOUT = 60 } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/options.c new/luasec-1.3.1/src/options.c --- old/luasec-1.2.0/src/options.c 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/options.c 2023-03-19 15:55:08.000000000 +0100 @@ -1,7 +1,7 @@ /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2006-2022 Bruno Silvestre + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ @@ -13,7 +13,7 @@ /* - OpenSSL version: OpenSSL 3.0.0-beta2 + OpenSSL version: OpenSSL 3.0.8 */ static lsec_ssl_option_t ssl_options[] = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/options.h new/luasec-1.3.1/src/options.h --- old/luasec-1.2.0/src/options.h 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/options.h 2023-03-19 15:55:08.000000000 +0100 @@ -2,9 +2,9 @@ #define LSEC_OPTIONS_H /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2006-2022 Bruno Silvestre + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/options.lua new/luasec-1.3.1/src/options.lua --- old/luasec-1.2.0/src/options.lua 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/options.lua 2023-03-19 15:55:08.000000000 +0100 @@ -18,9 +18,9 @@ local function generate(options, version) print([[ /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2006-2022 Bruno Silvestre + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/ssl.c new/luasec-1.3.1/src/ssl.c --- old/luasec-1.2.0/src/ssl.c 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/ssl.c 2023-03-19 15:55:08.000000000 +0100 @@ -1,9 +1,8 @@ /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann, - * Matthew Wild. - * Copyright (C) 2006-2022 Bruno Silvestre. + * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ @@ -531,6 +530,58 @@ } /** + * Return the nth certificate of the chain sent to our peer. + */ +static int meth_getlocalcertificate(lua_State *L) +{ + int n; + X509 *cert; + STACK_OF(X509) *certs; + p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); + if (ssl->state != LSEC_STATE_CONNECTED) { + lua_pushnil(L); + lua_pushstring(L, "closed"); + return 2; + } + /* Default to the first cert */ + n = (int)luaL_optinteger(L, 2, 1); + /* This function is 1-based, but OpenSSL is 0-based */ + --n; + if (n < 0) { + lua_pushnil(L); + lua_pushliteral(L, "invalid certificate index"); + return 2; + } + if (n == 0) { + cert = SSL_get_certificate(ssl->ssl); + if (cert) + lsec_pushx509(L, cert); + else + lua_pushnil(L); + return 1; + } + /* In a server-context, the stack doesn't contain the peer cert, + * so adjust accordingly. + */ + if (SSL_is_server(ssl->ssl)) + --n; + if(SSL_get0_chain_certs(ssl->ssl, &certs) != 1) { + lua_pushnil(L); + } else { + if (n >= sk_X509_num(certs)) { + lua_pushnil(L); + return 1; + } + cert = sk_X509_value(certs, n); + /* Increment the reference counting of the object. */ + /* See SSL_get_peer_certificate() source code. */ + X509_up_ref(cert); + lsec_pushx509(L, cert); + } + return 1; +} + +/** * Return the chain of certificate of the peer. */ static int meth_getpeerchain(lua_State *L) @@ -565,6 +616,41 @@ } /** + * Return the chain of certificates sent to the peer. + */ +static int meth_getlocalchain(lua_State *L) +{ + int i; + int idx = 1; + int n_certs; + X509 *cert; + STACK_OF(X509) *certs; + p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); + if (ssl->state != LSEC_STATE_CONNECTED) { + lua_pushnil(L); + lua_pushstring(L, "closed"); + return 2; + } + lua_newtable(L); + if (SSL_is_server(ssl->ssl)) { + lsec_pushx509(L, SSL_get_certificate(ssl->ssl)); + lua_rawseti(L, -2, idx++); + } + if(SSL_get0_chain_certs(ssl->ssl, &certs)) { + n_certs = sk_X509_num(certs); + for (i = 0; i < n_certs; i++) { + cert = sk_X509_value(certs, i); + /* Increment the reference counting of the object. */ + /* See SSL_get_peer_certificate() source code. */ + X509_up_ref(cert); + lsec_pushx509(L, cert); + lua_rawseti(L, -2, idx++); + } + } + return 1; +} + +/** * Copy the table src to the table dst. */ static void copy_error_table(lua_State *L, int src, int dst) @@ -861,7 +947,7 @@ static int meth_copyright(lua_State *L) { - lua_pushstring(L, "LuaSec 1.2.0 - Copyright (C) 2006-2022 Bruno Silvestre, UFG" + lua_pushstring(L, "LuaSec 1.3.1 - Copyright (C) 2006-2023 Bruno Silvestre, UFG" #if defined(WITH_LUASOCKET) "\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab" #endif @@ -908,7 +994,9 @@ {"getfd", meth_getfd}, {"getfinished", meth_getfinished}, {"getpeercertificate", meth_getpeercertificate}, + {"getlocalcertificate", meth_getlocalcertificate}, {"getpeerchain", meth_getpeerchain}, + {"getlocalchain", meth_getlocalchain}, {"getpeerverification", meth_getpeerverification}, {"getpeerfinished", meth_getpeerfinished}, {"exportkeyingmaterial",meth_exportkeyingmaterial}, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/ssl.h new/luasec-1.3.1/src/ssl.h --- old/luasec-1.2.0/src/ssl.h 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/ssl.h 2023-03-19 15:55:08.000000000 +0100 @@ -2,9 +2,9 @@ #define LSEC_SSL_H /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2006-2022 Bruno Silvestre + * Copyright (C) 2006-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/ssl.lua new/luasec-1.3.1/src/ssl.lua --- old/luasec-1.2.0/src/ssl.lua 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/ssl.lua 2023-03-19 15:55:08.000000000 +0100 @@ -1,7 +1,7 @@ ------------------------------------------------------------------------------ --- LuaSec 1.2.0 +-- LuaSec 1.3.1 -- --- Copyright (C) 2006-2022 Bruno Silvestre +-- Copyright (C) 2006-2023 Bruno Silvestre -- ------------------------------------------------------------------------------ @@ -201,6 +201,33 @@ if not succ then return nil, msg end end + -- PSK + if config.capabilities.psk and cfg.psk then + if cfg.mode == "client" then + if type(cfg.psk) ~= "function" then + return nil, "invalid PSK configuration" + end + succ = context.setclientpskcb(ctx, cfg.psk) + if not succ then return nil, msg end + elseif cfg.mode == "server" then + if type(cfg.psk) == "function" then + succ, msg = context.setserverpskcb(ctx, cfg.psk) + if not succ then return nil, msg end + elseif type(cfg.psk) == "table" then + if type(cfg.psk.hint) == "string" and type(cfg.psk.callback) == "function" then + succ, msg = context.setpskhint(ctx, cfg.psk.hint) + if not succ then return succ, msg end + succ = context.setserverpskcb(ctx, cfg.psk.callback) + if not succ then return succ, msg end + else + return nil, "invalid PSK configuration" + end + else + return nil, "invalid PSK configuration" + end + end + end + if config.capabilities.dane and cfg.dane then if type(cfg.dane) == "table" then context.setdane(ctx, unpack(cfg.dane)) @@ -275,7 +302,7 @@ -- local _M = { - _VERSION = "1.2.0", + _VERSION = "1.3.1", _COPYRIGHT = core.copyright(), config = config, loadcertificate = x509.load, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/x509.c new/luasec-1.3.1/src/x509.c --- old/luasec-1.2.0/src/x509.c 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/x509.c 2023-03-19 15:55:08.000000000 +0100 @@ -1,8 +1,8 @@ /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann - * Matthew Wild, Bruno Silvestre. + * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild + * Copyright (C) 2014-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/luasec-1.2.0/src/x509.h new/luasec-1.3.1/src/x509.h --- old/luasec-1.2.0/src/x509.h 2022-07-30 13:42:53.000000000 +0200 +++ new/luasec-1.3.1/src/x509.h 2023-03-19 15:55:08.000000000 +0100 @@ -1,8 +1,8 @@ /*-------------------------------------------------------------------------- - * LuaSec 1.2.0 + * LuaSec 1.3.1 * - * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann - * Matthew Wild, Bruno Silvestre. + * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild + * Copyright (C) 2013-2023 Bruno Silvestre * *--------------------------------------------------------------------------*/
