luasec: Update to 0.7

Switched to codeload to keep a sane source name. Backported a few useful patches. Signed-off-by: Rosen Penev <rosenp@gmail.com>
author: Rosen Penev <rosenp@gmail.com> 2018-11-20 18:55:59 -0800
committer: Rosen Penev <rosenp@gmail.com> 2018-11-20 20:04:46 -0800
commit: a48a5c0e26139f43a9899882529589ce4b69ca49 (patch)
tree: 72111f34c81247337de39b4d1916625c2235dd72 /lang/luasec
parent: 9d4a067599f84b0ef25599a32e996f27e5cd3791 (diff)
7 files changed, 303 insertions, 184 deletions
diff --git a/lang/luasec/Makefile b/lang/luasec/Makefile
index 307624d69..4690ddd4b 100644
--- a/lang/luasec/Makefile
+++ b/lang/luasec/Makefile
@@ -8,18 +8,19 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luasec
-PKG_VERSION:=0.6
-PKG_RELEASE:=2
+PKG_VERSION:=0.7
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/brunoos/luasec/archive/
-PKG_HASH:=cef3a35c18beb8a54d9c8ce6260a4cabbd9a386de8711320d084daffad0aed5d
+PKG_SOURCE_URL:=https://codeload.github.com/brunoos/luasec/tar.gz/luasec-$(PKG_VERSION)?
+PKG_HASH:=2176e95b1d2a72a3235ede5d2aa9838050feee55dade8fdbde4be7fdc66f3a31
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_NAME)-$(PKG_VERSION)
 
 MAINTAINER:=W. Michael Petullo <mike@flyn.org>
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE
 
+PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
 
 include $(INCLUDE_DIR)/package.mk
diff --git a/lang/luasec/patches/010-Using-const-SSL_METHOD.patch b/lang/luasec/patches/010-Using-const-SSL_METHOD.patch
new file mode 100644
index 000000000..ddf4d9a53
--- /dev/null
+++ b/lang/luasec/patches/010-Using-const-SSL_METHOD.patch
@@ -0,0 +1,49 @@
+From 8212b89f1a04023b431d2fc9bc12aca02394698f Mon Sep 17 00:00:00 2001
+From: Bruno Silvestre <bruno.silvestre@gmail.com>
+Date: Fri, 29 Jun 2018 14:02:39 -0300
+Subject: [PATCH 1/3] Using 'const SSL_METHOD*'
+
+This change was introduced in OpenSSL 1.0.0.
+Start droping 0.9.8 code.
+---
+ src/context.c | 10 ++--------
+ 1 file changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/src/context.c b/src/context.c
+index a2b5ae5..b9e8cda 100644
+--- a/src/context.c
++++ b/src/context.c
+@@ -29,12 +29,6 @@
+ #include "ec.h"
+ #endif
+ 
+-#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
+-typedef const SSL_METHOD LSEC_SSL_METHOD;
+-#else
+-typedef       SSL_METHOD LSEC_SSL_METHOD;
+-#endif
+-
+ /*--------------------------- Auxiliary Functions ----------------------------*/
+ 
+ /**
+@@ -68,7 +62,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
+ /**
+  * Find the protocol.
+  */
+-static LSEC_SSL_METHOD* str2method(const char *method)
++static const SSL_METHOD* str2method(const char *method)
+ {
+   if (!strcmp(method, "any"))     return SSLv23_method();
+   if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
+@@ -287,7 +281,7 @@ static int create(lua_State *L)
+ {
+   p_context ctx;
+   const char *str_method;
+-  LSEC_SSL_METHOD *method;
++  const SSL_METHOD *method;
+ 
+   str_method = luaL_checkstring(L, 1);
+   method = str2method(str_method);
+-- 
+2.19.1
+
diff --git a/lang/luasec/patches/010-openssl-1.1-compatibility.patch b/lang/luasec/patches/010-openssl-1.1-compatibility.patch
deleted file mode 100644
index 39681dd10..000000000
--- a/lang/luasec/patches/010-openssl-1.1-compatibility.patch
+++ /dev/null
@@ -1,180 +0,0 @@
---- a/src/context.c
-+++ b/src/context.c
-@@ -24,7 +24,7 @@
- #include "context.h"
- #include "options.h"
- 
--#ifndef OPENSSL_NO_ECDH
-+#ifndef OPENSSL_NO_EC
- #include <openssl/ec.h>
- #include "ec.h"
- #endif
-@@ -35,10 +35,6 @@ typedef const SSL_METHOD LSEC_SSL_METHOD
- typedef       SSL_METHOD LSEC_SSL_METHOD;
- #endif
- 
--#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
--#define SSLv23_method() TLS_method()
--#endif
--
- /*-- Compat - Lua 5.1 --------------------------------------------------------*/
- 
- #if (LUA_VERSION_NUM == 501)
-@@ -304,7 +300,7 @@ static int verify_cb(int preverify_ok, X
-   return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
- }
- 
--#ifndef OPENSSL_NO_ECDH
-+#ifndef OPENSSL_NO_EC
- static EC_KEY *find_ec_key(const char *str)
- {
-   p_ec ptr;
-@@ -565,7 +561,7 @@ static int set_dhparam(lua_State *L)
- /**
-  * Set elliptic curve.
-  */
--#ifdef OPENSSL_NO_ECDH
-+#ifdef OPENSSL_NO_EC
- static int set_curve(lua_State *L)
- {
-   lua_pushboolean(L, 0);
---- a/src/ssl.c
-+++ b/src/ssl.c
-@@ -31,6 +31,13 @@
- #include "context.h"
- #include "ssl.h"
- 
-+
-+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
-+#define SSL_is_server(s) (s->server)
-+#define X509_up_ref(c)   CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
-+#endif
-+
-+
- /**
-  * Underline socket error.
-  */
-@@ -406,7 +413,9 @@ static int meth_want(lua_State *L)
-  */
- static int meth_compression(lua_State *L)
- {
--#if !defined(OPENSSL_NO_COMP)
-+#ifdef OPENSSL_NO_COMP
-+  const void *comp;
-+#else
-   const COMP_METHOD *comp;
- #endif
-   p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-@@ -415,15 +424,11 @@ static int meth_compression(lua_State *L
-     lua_pushstring(L, "closed");
-     return 2;
-   }
--#if !defined(OPENSSL_NO_COMP)
-   comp = SSL_get_current_compression(ssl->ssl);
-   if (comp)
-     lua_pushstring(L, SSL_COMP_get_name(comp));
-   else
-     lua_pushnil(L);
--#else
--  lua_pushnil(L);
--#endif
-   return 1;
- }
- 
-@@ -461,7 +466,7 @@ static int meth_getpeercertificate(lua_S
-   /* In a server-context, the stack doesn't contain the peer cert,
-    * so adjust accordingly.
-    */
--  if (ssl->ssl->server)
-+  if (SSL_is_server(ssl->ssl))
-     --n;
-   certs = SSL_get_peer_cert_chain(ssl->ssl);
-   if (n >= sk_X509_num(certs)) {
-@@ -471,7 +476,7 @@ static int meth_getpeercertificate(lua_S
-   cert = sk_X509_value(certs, n);
-   /* Increment the reference counting of the object. */
-   /* See SSL_get_peer_certificate() source code.     */
--  CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-+  X509_up_ref(cert);
-   lsec_pushx509(L, cert);
-   return 1;
- }
-@@ -493,7 +498,7 @@ static int meth_getpeerchain(lua_State *
-     return 2;
-   }
-   lua_newtable(L);
--  if (ssl->ssl->server) {
-+  if (SSL_is_server(ssl->ssl)) {
-     lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
-     lua_rawseti(L, -2, idx++);
-   }
-@@ -503,7 +508,7 @@ static int meth_getpeerchain(lua_State *
-     cert = sk_X509_value(certs, i);
-     /* Increment the reference counting of the object. */
-     /* See SSL_get_peer_certificate() source code.     */
--    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-+    X509_up_ref(cert);
-     lsec_pushx509(L, cert);
-     lua_rawseti(L, -2, idx++);
-   }
---- a/src/x509.c
-+++ b/src/x509.c
-@@ -32,6 +32,17 @@
- 
- #include "x509.h"
- 
-+
-+/*
-+ * ASN1_STRING_data is deprecated in OpenSSL 1.1.0
-+ */
-+#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
-+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
-+#else
-+#define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
-+#endif
-+
-+
- static const char* hex_tab = "0123456789abcdef";
- 
- /**
-@@ -146,7 +157,7 @@ static void push_asn1_string(lua_State*
-   }
-   switch (encode) {
-   case LSEC_AI5_STRING:
--    lua_pushlstring(L, (char*)ASN1_STRING_data(string),
-+    lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
-                        ASN1_STRING_length(string));
-     break;
-   case LSEC_UTF8_STRING:
-@@ -182,7 +193,7 @@ static void push_asn1_ip(lua_State *L, A
- {
-   int af;
-   char dst[INET6_ADDRSTRLEN];
--  unsigned char *ip = ASN1_STRING_data(string);
-+  unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
-   switch(ASN1_STRING_length(string)) {
-   case 4:
-     af = AF_INET;
-@@ -293,11 +304,11 @@ int meth_extensions(lua_State* L)
-       break;
- 
-     /* Push ret[oid] */
--    push_asn1_objname(L, extension->object, 1);
-+    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 1);
-     push_subtable(L, -2);
- 
-     /* Set ret[oid].name = name */
--    push_asn1_objname(L, extension->object, 0);
-+    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 0);
-     lua_setfield(L, -2, "name");
- 
-     n_general_names = sk_GENERAL_NAME_num(values);
-@@ -404,7 +415,7 @@ static int meth_pubkey(lua_State* L)
-     bytes = BIO_get_mem_data(bio, &data);
-     if (bytes > 0) {
-       lua_pushlstring(L, data, bytes);
--      switch(EVP_PKEY_type(pkey->type)) {
-+      switch(EVP_PKEY_base_id(pkey)) {
-         case EVP_PKEY_RSA:
-           lua_pushstring(L, "RSA");
-           break;
diff --git a/lang/luasec/patches/020-Removing-SSLv3-support.patch b/lang/luasec/patches/020-Removing-SSLv3-support.patch
new file mode 100644
index 000000000..ef3dc05f2
--- /dev/null
+++ b/lang/luasec/patches/020-Removing-SSLv3-support.patch
@@ -0,0 +1,43 @@
+From 89bdc6148cd8cffb1483f4fc0aa14d636f8f5b4f Mon Sep 17 00:00:00 2001
+From: Bruno Silvestre <bruno.silvestre@gmail.com>
+Date: Fri, 29 Jun 2018 14:06:51 -0300
+Subject: [PATCH 2/3] Removing SSLv3 support
+
+---
+ src/config.c  | 5 -----
+ src/context.c | 3 ---
+ 2 files changed, 8 deletions(-)
+
+diff --git a/src/config.c b/src/config.c
+index ce74997..6939fca 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -32,11 +32,6 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
+   lua_pushstring(L, "protocols");
+   lua_newtable(L);
+ 
+-#ifndef OPENSSL_NO_SSL3
+-  lua_pushstring(L, "sslv3");
+-  lua_pushboolean(L, 1);
+-  lua_rawset(L, -3);
+-#endif
+   lua_pushstring(L, "tlsv1");
+   lua_pushboolean(L, 1);
+   lua_rawset(L, -3);
+diff --git a/src/context.c b/src/context.c
+index b9e8cda..d8fc8b6 100644
+--- a/src/context.c
++++ b/src/context.c
+@@ -66,9 +66,6 @@ static const SSL_METHOD* str2method(const char *method)
+ {
+   if (!strcmp(method, "any"))     return SSLv23_method();
+   if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
+-#ifndef OPENSSL_NO_SSL3
+-  if (!strcmp(method, "sslv3"))   return SSLv3_method();
+-#endif
+   if (!strcmp(method, "tlsv1"))   return TLSv1_method();
+ #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
+   if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
+-- 
+2.19.1
+
diff --git a/lang/luasec/patches/030-Removing-deprecated-methods-to-select-the-protocol.patch b/lang/luasec/patches/030-Removing-deprecated-methods-to-select-the-protocol.patch
new file mode 100644
index 000000000..64c4501f3
--- /dev/null
+++ b/lang/luasec/patches/030-Removing-deprecated-methods-to-select-the-protocol.patch
@@ -0,0 +1,98 @@
+From 28e247dbc53b95acf9cb716f99f13aadc4d38651 Mon Sep 17 00:00:00 2001
+From: Bruno Silvestre <bruno.silvestre@gmail.com>
+Date: Mon, 2 Jul 2018 10:31:45 -0300
+Subject: [PATCH 3/3] Removing deprecated methods to select the protocol
+
+Using TLS_method(), SSL_set_min_proto_version() and
+SSL_set_max_proto_version().
+---
+ src/context.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 44 insertions(+), 2 deletions(-)
+
+diff --git a/src/context.c b/src/context.c
+index d8fc8b6..d1377f1 100644
+--- a/src/context.c
++++ b/src/context.c
+@@ -59,11 +59,46 @@ static int set_option_flag(const char *opt, unsigned long *flag)
+   return 0;
+ }
+ 
++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
++
+ /**
+  * Find the protocol.
+  */
+-static const SSL_METHOD* str2method(const char *method)
++static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
+ {
++  if (!strcmp(method, "any") || !strcmp(method, "sslv23")) {
++    *vmin = TLS1_VERSION;
++    *vmax = TLS1_2_VERSION;
++    return TLS_method();
++  }
++  else if (!strcmp(method, "tlsv1")) {
++    *vmin = TLS1_VERSION;
++    *vmax = TLS1_VERSION;
++    return TLS_method();
++  }
++  else if (!strcmp(method, "tlsv1_1")) {
++    *vmin = TLS1_1_VERSION;
++    *vmax = TLS1_1_VERSION;
++    return TLS_method();
++  }
++  else if (!strcmp(method, "tlsv1_2")) {
++    *vmin = TLS1_2_VERSION;
++    *vmax = TLS1_2_VERSION;
++    return TLS_method();
++  }
++
++  return NULL;
++}
++
++#else
++
++/**
++ * Find the protocol.
++ */
++static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
++{
++  (void)vmin;
++  (void)vmax;
+   if (!strcmp(method, "any"))     return SSLv23_method();
+   if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
+   if (!strcmp(method, "tlsv1"))   return TLSv1_method();
+@@ -74,6 +109,8 @@ static const SSL_METHOD* str2method(const char *method)
+   return NULL;
+ }
+ 
++#endif
++
+ /**
+  * Prepare the SSL handshake verify flag.
+  */
+@@ -279,9 +316,10 @@ static int create(lua_State *L)
+   p_context ctx;
+   const char *str_method;
+   const SSL_METHOD *method;
++  int vmin, vmax;
+ 
+   str_method = luaL_checkstring(L, 1);
+-  method = str2method(str_method);
++  method = str2method(str_method, &vmin, &vmax);
+   if (!method) {
+     lua_pushnil(L);
+     lua_pushfstring(L, "invalid protocol (%s)", str_method);
+@@ -301,6 +339,10 @@ static int create(lua_State *L)
+       ERR_reason_error_string(ERR_get_error()));
+     return 2;
+   }
++#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
++  SSL_CTX_set_min_proto_version(ctx->context, vmin);
++  SSL_CTX_set_max_proto_version(ctx->context, vmax);
++#endif
+   ctx->mode = LSEC_MODE_INVALID;
+   ctx->L = L;
+   luaL_getmetatable(L, "SSL:Context");
+-- 
+2.19.1
+
diff --git a/lang/luasec/patches/040-openssl-deprecated.patch b/lang/luasec/patches/040-openssl-deprecated.patch
new file mode 100644
index 000000000..5709b213b
--- /dev/null
+++ b/lang/luasec/patches/040-openssl-deprecated.patch
@@ -0,0 +1,89 @@
+--- a/src/context.c
++++ b/src/context.c
+@@ -17,6 +17,7 @@
+ #include <openssl/err.h>
+ #include <openssl/x509.h>
+ #include <openssl/x509v3.h>
++#include <openssl/dh.h>
+ 
+ #include <lua.h>
+ #include <lauxlib.h>
+@@ -819,7 +820,9 @@ LSEC_API int luaopen_ssl_context(lua_State *L)
+   luaL_newlib(L, meta_index);
+   lua_setfield(L, -2, "__index");
+ 
++#ifndef OPENSSL_NO_EC
+   lsec_load_curves(L);
++#endif
+ 
+   /* Return the module */
+   luaL_newlib(L, funcs);
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -857,6 +857,7 @@ static luaL_Reg funcs[] = {
+  */
+ LSEC_API int luaopen_ssl_core(lua_State *L)
+ {
++#if OPENSSL_VERSION_NUMBER<0x10100000L
+   /* Initialize SSL */
+   if (!SSL_library_init()) {
+     lua_pushstring(L, "unable to initialize SSL library");
+@@ -864,6 +865,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
+   }
+   OpenSSL_add_all_algorithms();
+   SSL_load_error_strings();
++#endif
+ 
+ #if defined(WITH_LUASOCKET)
+   /* Initialize internal library */
+--- a/src/x509.c
++++ b/src/x509.c
+@@ -42,6 +42,10 @@
+ #define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define X509_get0_notBefore X509_get_notBefore
++#define X509_get0_notAfter X509_get_notAfter
++#endif
+ 
+ static const char* hex_tab = "0123456789abcdef";
+ 
+@@ -174,7 +178,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
+ /**
+  * Return a human readable time.
+  */
+-static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
++static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
+ {
+   char *tmp;
+   long size;
+@@ -490,8 +494,8 @@ static int meth_valid_at(lua_State* L)
+ {
+   X509* cert = lsec_checkx509(L, 1);
+   time_t time = luaL_checkinteger(L, 2);
+-  lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time)     >= 0
+-                      && X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
++  lua_pushboolean(L, (X509_cmp_time(X509_get0_notAfter(cert), &time)     >= 0
++                      && X509_cmp_time(X509_get0_notBefore(cert), &time) <= 0));
+   return 1;
+ }
+ 
+@@ -519,7 +523,7 @@ static int meth_serial(lua_State *L)
+ static int meth_notbefore(lua_State *L)
+ {
+   X509* cert = lsec_checkx509(L, 1);
+-  return push_asn1_time(L, X509_get_notBefore(cert));
++  return push_asn1_time(L, X509_get0_notBefore(cert));
+ }
+ 
+ /**
+@@ -528,7 +532,7 @@ static int meth_notbefore(lua_State *L)
+ static int meth_notafter(lua_State *L)
+ {
+   X509* cert = lsec_checkx509(L, 1);
+-  return push_asn1_time(L, X509_get_notAfter(cert));
++  return push_asn1_time(L, X509_get0_notAfter(cert));
+ }
+ 
+ /**
diff --git a/lang/luasec/patches/100-fix-compilation.patch b/lang/luasec/patches/100-fix-compilation.patch
new file mode 100644
index 000000000..fbd6ab3b6
--- /dev/null
+++ b/lang/luasec/patches/100-fix-compilation.patch
@@ -0,0 +1,19 @@
+diff --git a/src/Makefile b/src/Makefile
+index 9be2f14..93d1dc4 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -33,10 +33,10 @@ LDFLAGS += $(MYLDFLAGS)
+ all:
+ 
+ install: $(CMOD) $(LMOD)
+-	$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
+-	$(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
+-	$(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
+-	$(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
++	$(INSTALL) -d $(LUAPATH)/ssl $(LUACPATH)
++	$(INSTALL) $(CMOD) $(LUACPATH)
++	$(INSTALL) -m644 $(LMOD) $(LUAPATH)
++	$(INSTALL) -m644 https.lua $(LUAPATH)/ssl
+ 
+ linux:
+ 	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
author	Rosen Penev <rosenp@gmail.com>	2018-11-20 18:55:59 -0800
committer	Rosen Penev <rosenp@gmail.com>	2018-11-20 20:04:46 -0800
commit	a48a5c0e26139f43a9899882529589ce4b69ca49 (patch)
tree	72111f34c81247337de39b4d1916625c2235dd72 /lang/luasec
parent	9d4a067599f84b0ef25599a32e996f27e5cd3791 (diff)