diff options
author | Vsevolod Stakhov <vsevolod@rspamd.com> | 2024-09-24 22:09:51 +0600 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-09-24 22:09:51 +0600 |
commit | f8700e56ec5659f331f0aca0b28eec43a4e7cb33 (patch) | |
tree | 999c6c7bd2ea52fc5352ed03275f4cef0cfa80c7 /src/lua | |
parent | 3dda59641af8826d50dd07bc82d67c9ffecef403 (diff) | |
parent | 464045f814b78b2d4f9ca20cc9e0a0a1b323ad8e (diff) | |
download | rspamd-f8700e56ec5659f331f0aca0b28eec43a4e7cb33.tar.gz rspamd-f8700e56ec5659f331f0aca0b28eec43a4e7cb33.zip |
Merge branch 'master' into vstakhov-utf8-mimevstakhov-utf8-mime
Diffstat (limited to 'src/lua')
-rw-r--r-- | src/lua/lua_cryptobox.c | 49 | ||||
-rw-r--r-- | src/lua/lua_map.c | 4 | ||||
-rw-r--r-- | src/lua/lua_rsa.c | 20 |
3 files changed, 43 insertions, 30 deletions
diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c index c9cac1562..9600a4732 100644 --- a/src/lua/lua_cryptobox.c +++ b/src/lua/lua_cryptobox.c @@ -503,7 +503,7 @@ lua_cryptobox_keypair_gc(lua_State *L) } /*** - * @method keypair:totable([hex=false]]) + * @method keypair:totable([encoding="zbase32"]) * Converts keypair to table (not very safe due to memory leftovers) */ static int @@ -512,16 +512,39 @@ lua_cryptobox_keypair_totable(lua_State *L) LUA_TRACE_POINT; struct rspamd_cryptobox_keypair *kp = lua_check_cryptobox_keypair(L, 1); ucl_object_t *obj; - gboolean hex = FALSE; + enum rspamd_cryptobox_keypair_encoding encoding = RSPAMD_KEYPAIR_ENCODING_DEFAULT; int ret = 1; if (kp != NULL) { if (lua_isboolean(L, 2)) { - hex = lua_toboolean(L, 2); + if (lua_toboolean(L, 2)) { + encoding = RSPAMD_KEYPAIR_ENCODING_HEX; + } } + else if (lua_isstring(L, 2)) { + const char *enc = lua_tostring(L, 2); - obj = rspamd_keypair_to_ucl(kp, hex ? RSPAMD_KEYPAIR_DUMP_HEX : RSPAMD_KEYPAIR_DUMP_DEFAULT); + if (g_ascii_strcasecmp(enc, "hex") == 0) { + encoding = RSPAMD_KEYPAIR_ENCODING_HEX; + } + else if (g_ascii_strcasecmp(enc, "zbase32") == 0 || + g_ascii_strcasecmp(enc, "default") == 0 || + g_ascii_strcasecmp(enc, "base32") == 0) { + encoding = RSPAMD_KEYPAIR_ENCODING_ZBASE32; + } + else if (g_ascii_strcasecmp(enc, "base64") == 0) { + encoding = RSPAMD_KEYPAIR_ENCODING_BASE64; + } + else if (g_ascii_strcasecmp(enc, "binary") == 0) { + encoding = RSPAMD_KEYPAIR_ENCODING_BINARY; + } + else { + return luaL_error(L, "unknown encoding (known are: hex, zbase32/default, base64, binary: %s", enc); + } + } + + obj = rspamd_keypair_to_ucl(kp, encoding, RSPAMD_KEYPAIR_DUMP_DEFAULT); ret = ucl_object_push_lua(L, obj, true); ucl_object_unref(obj); @@ -1415,7 +1438,11 @@ lua_cryptobox_hash_reset(lua_State *L) rspamd_cryptobox_hash_init(h->content.h, NULL, 0); break; case LUA_CRYPTOBOX_HASH_SSL: +#if OPENSSL_VERSION_MAJOR >= 3 EVP_DigestInit(h->content.c, EVP_MD_CTX_get0_md(h->content.c)); +#else + EVP_DigestInit(h->content.c, EVP_MD_CTX_md(h->content.c)); +#endif break; case LUA_CRYPTOBOX_HASH_HMAC: #if OPENSSL_VERSION_NUMBER < 0x10100000L || \ @@ -2508,31 +2535,20 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L) } if (strcmp(alg_str, "rsa") == 0) { - BIGNUM *e; EVP_PKEY *pk; - e = BN_new(); pk = EVP_PKEY_new(); - if (BN_set_word(e, RSA_F4) != 1) { - BN_free(e); - EVP_PKEY_free(pk); - - return luaL_error(L, "BN_set_word failed"); - } EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (EVP_PKEY_keygen_init(pctx) != 1) { - BN_free(e); EVP_PKEY_free(pk); EVP_PKEY_CTX_free(pctx); return luaL_error(L, "EVP_PKEY_keygen_init failed"); } EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, nbits); - EVP_PKEY_CTX_set1_rsa_keygen_pubexp(pctx, e); if (EVP_PKEY_keygen(pctx, &pk) != 1) { - BN_free(e); EVP_PKEY_free(pk); EVP_PKEY_CTX_free(pctx); @@ -2552,7 +2568,6 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L) if (rc == 0) { BIO_free(mbio); - BN_free(e); EVP_PKEY_free(pk); return luaL_error(L, "i2d_RSAPrivateKey_bio failed"); @@ -2574,7 +2589,6 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L) if (rc == 0) { BIO_free(mbio); - BN_free(e); EVP_PKEY_free(pk); return luaL_error(L, "i2d_RSA_PUBKEY_bio failed"); @@ -2590,7 +2604,6 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L) pub_out->len = b64_len; pub_out->flags = RSPAMD_TEXT_FLAG_OWN; - BN_free(e); EVP_PKEY_free(pk); BIO_free(mbio); } diff --git a/src/lua/lua_map.c b/src/lua/lua_map.c index 1cc2ce1bd..062613bd7 100644 --- a/src/lua/lua_map.c +++ b/src/lua/lua_map.c @@ -1256,8 +1256,8 @@ lua_map_get_sign_key(lua_State *L) bk = g_ptr_array_index(map->map->backends, i); if (bk->trusted_pubkey) { - ret = rspamd_pubkey_print(bk->trusted_pubkey, - RSPAMD_KEYPAIR_PUBKEY | RSPAMD_KEYPAIR_BASE32); + ret = rspamd_pubkey_print(bk->trusted_pubkey, RSPAMD_KEYPAIR_ENCODING_DEFAULT, + RSPAMD_KEYPAIR_PUBKEY); } else { ret = NULL; diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c index b7be612b0..4b9aa0354 100644 --- a/src/lua/lua_rsa.c +++ b/src/lua/lua_rsa.c @@ -261,6 +261,7 @@ lua_rsa_pubkey_gc(lua_State *L) EVP_PKEY *pkey = lua_check_rsa_pubkey(L, 1); if (pkey != NULL) { + /* It's actually EVP_PKEY_unref, thanks for that API */ EVP_PKEY_free(pkey); } @@ -522,6 +523,7 @@ lua_rsa_privkey_gc(lua_State *L) EVP_PKEY *pkey = lua_check_rsa_privkey(L, 1); if (pkey != NULL) { + /* It's actually EVP_PKEY_unref, thanks for that API */ EVP_PKEY_free(pkey); } @@ -758,7 +760,7 @@ lua_rsa_sign_memory(lua_State *L) data = luaL_checklstring(L, 2, &sz); if (pkey != NULL && data != NULL) { - signature = rspamd_fstring_sized_new(EVP_PKEY_get_size(pkey)); + signature = rspamd_fstring_sized_new(EVP_PKEY_size(pkey)); EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); g_assert(pctx != NULL); @@ -791,7 +793,6 @@ lua_rsa_sign_memory(lua_State *L) static int lua_rsa_keypair(lua_State *L) { - BIGNUM *e; EVP_PKEY *pkey = NULL, *pub_pkey, *priv_pkey, **ppkey; int bits = lua_gettop(L) > 0 ? lua_tointeger(L, 1) : 1024; @@ -799,32 +800,31 @@ lua_rsa_keypair(lua_State *L) return luaL_error(L, "invalid bits count"); } - e = BN_new(); - - g_assert(BN_set_word(e, RSA_F4) == 1); EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); g_assert(pctx != NULL); g_assert(EVP_PKEY_keygen_init(pctx) == 1); g_assert(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, bits) == 1); - g_assert(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(pctx, e) == 1); - g_assert(EVP_PKEY_keygen(pctx, &pkey) == 1); g_assert(pkey != NULL); - priv_pkey = EVP_PKEY_dup(pkey); + /* Increase refcount and share */ + g_assert(EVP_PKEY_up_ref(pkey) == 1); + priv_pkey = pkey; + ppkey = lua_newuserdata(L, sizeof(EVP_PKEY *)); rspamd_lua_setclass(L, rspamd_rsa_privkey_classname, -1); *ppkey = priv_pkey; - pub_pkey = EVP_PKEY_dup(pkey); + /* Increase refcount and share */ + g_assert(EVP_PKEY_up_ref(pkey) == 1); + pub_pkey = pkey; ppkey = lua_newuserdata(L, sizeof(EVP_PKEY *)); rspamd_lua_setclass(L, rspamd_rsa_pubkey_classname, -1); *ppkey = pub_pkey; EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); - BN_free(e); return 2; } |