aboutsummaryrefslogtreecommitdiffstats
path: root/src/lua
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@rspamd.com>2024-09-24 22:09:51 +0600
committerGitHub <noreply@github.com>2024-09-24 22:09:51 +0600
commitf8700e56ec5659f331f0aca0b28eec43a4e7cb33 (patch)
tree999c6c7bd2ea52fc5352ed03275f4cef0cfa80c7 /src/lua
parent3dda59641af8826d50dd07bc82d67c9ffecef403 (diff)
parent464045f814b78b2d4f9ca20cc9e0a0a1b323ad8e (diff)
downloadrspamd-f8700e56ec5659f331f0aca0b28eec43a4e7cb33.tar.gz
rspamd-f8700e56ec5659f331f0aca0b28eec43a4e7cb33.zip
Merge branch 'master' into vstakhov-utf8-mimevstakhov-utf8-mime
Diffstat (limited to 'src/lua')
-rw-r--r--src/lua/lua_cryptobox.c49
-rw-r--r--src/lua/lua_map.c4
-rw-r--r--src/lua/lua_rsa.c20
3 files changed, 43 insertions, 30 deletions
diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c
index c9cac1562..9600a4732 100644
--- a/src/lua/lua_cryptobox.c
+++ b/src/lua/lua_cryptobox.c
@@ -503,7 +503,7 @@ lua_cryptobox_keypair_gc(lua_State *L)
}
/***
- * @method keypair:totable([hex=false]])
+ * @method keypair:totable([encoding="zbase32"])
* Converts keypair to table (not very safe due to memory leftovers)
*/
static int
@@ -512,16 +512,39 @@ lua_cryptobox_keypair_totable(lua_State *L)
LUA_TRACE_POINT;
struct rspamd_cryptobox_keypair *kp = lua_check_cryptobox_keypair(L, 1);
ucl_object_t *obj;
- gboolean hex = FALSE;
+ enum rspamd_cryptobox_keypair_encoding encoding = RSPAMD_KEYPAIR_ENCODING_DEFAULT;
int ret = 1;
if (kp != NULL) {
if (lua_isboolean(L, 2)) {
- hex = lua_toboolean(L, 2);
+ if (lua_toboolean(L, 2)) {
+ encoding = RSPAMD_KEYPAIR_ENCODING_HEX;
+ }
}
+ else if (lua_isstring(L, 2)) {
+ const char *enc = lua_tostring(L, 2);
- obj = rspamd_keypair_to_ucl(kp, hex ? RSPAMD_KEYPAIR_DUMP_HEX : RSPAMD_KEYPAIR_DUMP_DEFAULT);
+ if (g_ascii_strcasecmp(enc, "hex") == 0) {
+ encoding = RSPAMD_KEYPAIR_ENCODING_HEX;
+ }
+ else if (g_ascii_strcasecmp(enc, "zbase32") == 0 ||
+ g_ascii_strcasecmp(enc, "default") == 0 ||
+ g_ascii_strcasecmp(enc, "base32") == 0) {
+ encoding = RSPAMD_KEYPAIR_ENCODING_ZBASE32;
+ }
+ else if (g_ascii_strcasecmp(enc, "base64") == 0) {
+ encoding = RSPAMD_KEYPAIR_ENCODING_BASE64;
+ }
+ else if (g_ascii_strcasecmp(enc, "binary") == 0) {
+ encoding = RSPAMD_KEYPAIR_ENCODING_BINARY;
+ }
+ else {
+ return luaL_error(L, "unknown encoding (known are: hex, zbase32/default, base64, binary: %s", enc);
+ }
+ }
+
+ obj = rspamd_keypair_to_ucl(kp, encoding, RSPAMD_KEYPAIR_DUMP_DEFAULT);
ret = ucl_object_push_lua(L, obj, true);
ucl_object_unref(obj);
@@ -1415,7 +1438,11 @@ lua_cryptobox_hash_reset(lua_State *L)
rspamd_cryptobox_hash_init(h->content.h, NULL, 0);
break;
case LUA_CRYPTOBOX_HASH_SSL:
+#if OPENSSL_VERSION_MAJOR >= 3
EVP_DigestInit(h->content.c, EVP_MD_CTX_get0_md(h->content.c));
+#else
+ EVP_DigestInit(h->content.c, EVP_MD_CTX_md(h->content.c));
+#endif
break;
case LUA_CRYPTOBOX_HASH_HMAC:
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
@@ -2508,31 +2535,20 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L)
}
if (strcmp(alg_str, "rsa") == 0) {
- BIGNUM *e;
EVP_PKEY *pk;
- e = BN_new();
pk = EVP_PKEY_new();
- if (BN_set_word(e, RSA_F4) != 1) {
- BN_free(e);
- EVP_PKEY_free(pk);
-
- return luaL_error(L, "BN_set_word failed");
- }
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (EVP_PKEY_keygen_init(pctx) != 1) {
- BN_free(e);
EVP_PKEY_free(pk);
EVP_PKEY_CTX_free(pctx);
return luaL_error(L, "EVP_PKEY_keygen_init failed");
}
EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, nbits);
- EVP_PKEY_CTX_set1_rsa_keygen_pubexp(pctx, e);
if (EVP_PKEY_keygen(pctx, &pk) != 1) {
- BN_free(e);
EVP_PKEY_free(pk);
EVP_PKEY_CTX_free(pctx);
@@ -2552,7 +2568,6 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L)
if (rc == 0) {
BIO_free(mbio);
- BN_free(e);
EVP_PKEY_free(pk);
return luaL_error(L, "i2d_RSAPrivateKey_bio failed");
@@ -2574,7 +2589,6 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L)
if (rc == 0) {
BIO_free(mbio);
- BN_free(e);
EVP_PKEY_free(pk);
return luaL_error(L, "i2d_RSA_PUBKEY_bio failed");
@@ -2590,7 +2604,6 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L)
pub_out->len = b64_len;
pub_out->flags = RSPAMD_TEXT_FLAG_OWN;
- BN_free(e);
EVP_PKEY_free(pk);
BIO_free(mbio);
}
diff --git a/src/lua/lua_map.c b/src/lua/lua_map.c
index 1cc2ce1bd..062613bd7 100644
--- a/src/lua/lua_map.c
+++ b/src/lua/lua_map.c
@@ -1256,8 +1256,8 @@ lua_map_get_sign_key(lua_State *L)
bk = g_ptr_array_index(map->map->backends, i);
if (bk->trusted_pubkey) {
- ret = rspamd_pubkey_print(bk->trusted_pubkey,
- RSPAMD_KEYPAIR_PUBKEY | RSPAMD_KEYPAIR_BASE32);
+ ret = rspamd_pubkey_print(bk->trusted_pubkey, RSPAMD_KEYPAIR_ENCODING_DEFAULT,
+ RSPAMD_KEYPAIR_PUBKEY);
}
else {
ret = NULL;
diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c
index b7be612b0..4b9aa0354 100644
--- a/src/lua/lua_rsa.c
+++ b/src/lua/lua_rsa.c
@@ -261,6 +261,7 @@ lua_rsa_pubkey_gc(lua_State *L)
EVP_PKEY *pkey = lua_check_rsa_pubkey(L, 1);
if (pkey != NULL) {
+ /* It's actually EVP_PKEY_unref, thanks for that API */
EVP_PKEY_free(pkey);
}
@@ -522,6 +523,7 @@ lua_rsa_privkey_gc(lua_State *L)
EVP_PKEY *pkey = lua_check_rsa_privkey(L, 1);
if (pkey != NULL) {
+ /* It's actually EVP_PKEY_unref, thanks for that API */
EVP_PKEY_free(pkey);
}
@@ -758,7 +760,7 @@ lua_rsa_sign_memory(lua_State *L)
data = luaL_checklstring(L, 2, &sz);
if (pkey != NULL && data != NULL) {
- signature = rspamd_fstring_sized_new(EVP_PKEY_get_size(pkey));
+ signature = rspamd_fstring_sized_new(EVP_PKEY_size(pkey));
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL);
g_assert(pctx != NULL);
@@ -791,7 +793,6 @@ lua_rsa_sign_memory(lua_State *L)
static int
lua_rsa_keypair(lua_State *L)
{
- BIGNUM *e;
EVP_PKEY *pkey = NULL, *pub_pkey, *priv_pkey, **ppkey;
int bits = lua_gettop(L) > 0 ? lua_tointeger(L, 1) : 1024;
@@ -799,32 +800,31 @@ lua_rsa_keypair(lua_State *L)
return luaL_error(L, "invalid bits count");
}
- e = BN_new();
-
- g_assert(BN_set_word(e, RSA_F4) == 1);
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
g_assert(pctx != NULL);
g_assert(EVP_PKEY_keygen_init(pctx) == 1);
g_assert(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, bits) == 1);
- g_assert(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(pctx, e) == 1);
-
g_assert(EVP_PKEY_keygen(pctx, &pkey) == 1);
g_assert(pkey != NULL);
- priv_pkey = EVP_PKEY_dup(pkey);
+ /* Increase refcount and share */
+ g_assert(EVP_PKEY_up_ref(pkey) == 1);
+ priv_pkey = pkey;
+
ppkey = lua_newuserdata(L, sizeof(EVP_PKEY *));
rspamd_lua_setclass(L, rspamd_rsa_privkey_classname, -1);
*ppkey = priv_pkey;
- pub_pkey = EVP_PKEY_dup(pkey);
+ /* Increase refcount and share */
+ g_assert(EVP_PKEY_up_ref(pkey) == 1);
+ pub_pkey = pkey;
ppkey = lua_newuserdata(L, sizeof(EVP_PKEY *));
rspamd_lua_setclass(L, rspamd_rsa_pubkey_classname, -1);
*ppkey = pub_pkey;
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pctx);
- BN_free(e);
return 2;
}