14788361818

Committed 02 May 2025 03:43AM UTC coverage: 88.812% (-4.7%) from 93.466%

Build # 14788361818

Build Type

push

travis-ci

Committed by

zhaozg

Commit Message

ci: valgrind combine

Run Details

8954 of 10082 relevant lines covered (88.81%)

1094.64 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.88

/src/openssl.c

/***
Openssl binding for Lua, provide openssl full function in lua.

@module openssl
@usage
  openssl = require('openssl')
*/

#include "openssl.h"
#include <openssl/asn1.h>
#include <openssl/engine.h>
#include <openssl/opensslconf.h>
#include <openssl/ssl.h>

#include "private.h"
#ifndef OPENSSL_NO_CMS
#include <openssl/cms.h>
#endif

/***
get lua-openssl version
@function version
@tparam[opt] boolean format result will be number when set true, or string
@treturn lua-openssl version, lua version, openssl version
*/
static int
openssl_version(lua_State *L)
{
  int num = lua_isnone(L, 1) ? 0 : auxiliar_checkboolean(L, 1);
  if (num) {
    lua_pushinteger(L, LOPENSSL_VERSION_NUM);
    lua_pushinteger(L, LUA_VERSION_NUM);
#ifdef LIBRESSL_VERSION_NUMBER
    lua_pushinteger(L, LIBRESSL_VERSION_NUMBER);
#else
    lua_pushinteger(L, OPENSSL_VERSION_NUMBER);
#endif
  } else {
    lua_pushstring(L, LOPENSSL_VERSION);
    lua_pushstring(L, LUA_VERSION);
    lua_pushstring(L, OPENSSL_VERSION_TEXT);
  }
  return 3;
}

/***
hex encode or decode string
@function hex
@tparam string str
@tparam[opt=true] boolean encode true to encoed, false to decode
@treturn string
*/
static LUA_FUNCTION(openssl_hex)
{
  size_t      l = 0;
  const char *s = luaL_checklstring(L, 1, &l);
  int         encode = lua_isnone(L, 2) ? 1 : lua_toboolean(L, 2);
  char       *h = NULL;

  if (l == 0) {
    lua_pushstring(L, "");
    return 1;
  }
  if (encode) {
    h = OPENSSL_malloc(2 * l + 1);
    l = bin2hex((const unsigned char *)s, h, l);
  } else {
    h = OPENSSL_malloc(l / 2 + 1);
    l = hex2bin(s, (unsigned char *)h, l);
  };
  lua_pushlstring(L, (const char *)h, l);
  OPENSSL_free(h);

  return 1;
}

/***
base64 encode or decode
@function base64
@tparam string|bio input
@tparam[opt=true] boolean encode true to encoed, false to decode
@tparam[opt=true] boolean NO_NL default true without newline, false with newline
@treturn string
*/
static LUA_FUNCTION(openssl_base64)
{
  BIO     *inp = load_bio_object(L, 1);
  int      encode = lua_isnone(L, 2) ? 1 : lua_toboolean(L, 2);
  int      nonl = lua_isnone(L, 3) ? BIO_FLAGS_BASE64_NO_NL
                                   : (lua_toboolean(L, 3) ? BIO_FLAGS_BASE64_NO_NL : 0);
  BIO     *b64 = BIO_new(BIO_f_base64());
  BIO     *out = BIO_new(BIO_s_mem());
  BUF_MEM *mem = { 0 };
  int      ret = 0;

  BIO_set_flags(b64, nonl);
  if (encode) {
    BIO_push(b64, out);
    BIO_get_mem_ptr(inp, &mem);
    BIO_write(b64, mem->data, mem->length);
    (void)BIO_flush(b64);
  } else {
    char inbuf[512];
    int  inlen;
    BIO_push(b64, inp);
    while ((inlen = BIO_read(b64, inbuf, 512)) > 0) BIO_write(out, inbuf, inlen);
    (void)BIO_flush(out);
  }

  BIO_get_mem_ptr(out, &mem);
  if (mem->length > 0) {
    lua_pushlstring(L, mem->data, mem->length);
    ret = 1;
  }
  BIO_free_all(b64);
  if (encode)
    BIO_free(inp);
  else
    BIO_free(out);
  return ret;
}

static void
list_callback(const OBJ_NAME *obj, void *arg)
{
  lua_State *L = (lua_State *)arg;
  int        idx = (int)lua_rawlen(L, -1);
  lua_pushstring(L, obj->name);
  lua_rawseti(L, -2, idx + 1);
}

/***
get method names
@function list
@tparam string type support 'cipher','digests','pkeys','comps'
@treturn table as array
*/
static LUA_FUNCTION(openssl_list)
{
  static int options[] = { OBJ_NAME_TYPE_MD_METH,
                           OBJ_NAME_TYPE_CIPHER_METH,
#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x30900000L
                           /* NOTE: libressl 4.0.0 */
                           OBJ_NAME_TYPE_PKEY_METH,
                           OBJ_NAME_TYPE_COMP_METH
#endif
  };
  static const char *names[] = { "digests",
                                 "ciphers",
#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x30900000L
                                 "pkeys",
                                 "comps",
#endif
                                 NULL };
  int type = auxiliar_checkoption(L, 1, NULL, names, options);
  lua_createtable(L, 0, 0);
  OBJ_NAME_do_all_sorted(type, list_callback, L);
  return 1;
}

/***
get last or given error infomation

Most lua-openssl function or methods return nil or false when error or
failed, followed by string type error _reason_ and number type error _code_,
_code_ can pass to openssl.error() to get more error information.

@function error
@tparam[opt] number error, default use ERR_get_error() return value
@treturn string reason
@treturn string library name
@treturn number errcode
@treturn string function name if available
@treturn boolean indicates whether a given error code is a fatal error
*/
static LUA_FUNCTION(openssl_error_string)
{
  unsigned long val = ERR_get_error();
  if (val == 0) return 0;

  val = (unsigned long)luaL_optinteger(L, 1, val);

  lua_pushstring(L, ERR_reason_error_string(val));
  lua_pushstring(L, ERR_lib_error_string(val));
  lua_pushinteger(L, val);

#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
  lua_pushstring(L, ERR_func_error_string(val));
#else
  lua_pushnil(L);
#endif

#ifdef ERR_FATAL_ERROR
  lua_pushboolean(L, ERR_FATAL_ERROR(val));
#else
  lua_pushnil(L);
#endif

  return 5;
}

/***
Empties the current thread's error queue, helps reduce memory usage.
@function clear_error
*/
static LUA_FUNCTION(openssl_clear_error)
{
  ERR_clear_error();
  return 0;
}

/***
Fetch all error strings from current thread's error queue, and empty the error queue.
@function errors
@treturn string
*/
static LUA_FUNCTION(openssl_errors)
{
  int  ret = 0;
  BIO *out = BIO_new(BIO_s_mem());
  if (out) {
    BUF_MEM *mem;

    ERR_print_errors(out);
    BIO_get_mem_ptr(out, &mem);
    lua_pushlstring(L, mem->data, mem->length);
    BIO_free(out);

    ERR_clear_error();
    ret = 1;
  }
  return ret;
}

/***
mixes the num bytes at buf into the PRNG state.
@function rand_add
@tparam string seed data to seed random generator
@tparam number entropy the lower bound of an estimate of how much randomness is contained in buf,
measured in bytes.
*/
static int
openssl_random_add(lua_State *L)
{
  size_t      num = 0;
  const void *buf = luaL_checklstring(L, 1, &num);
  double      entropy = luaL_optinteger(L, 2, num);

  RAND_add(buf, num, entropy);
  return 0;
}

/***
load rand seed from file
@function rand_load
@tparam[opt=nil] string file path to laod seed, default openssl management
@treturn boolean result
*/
static int
openssl_random_load(lua_State *L)
{
  const char *file = luaL_optstring(L, 1, NULL);
  char        buffer[MAX_PATH];
  int         ret = 0, len = luaL_optinteger(L, 2, 2048);

  if (file == NULL) file = RAND_file_name(buffer, sizeof buffer);
  ret = RAND_load_file(file, len);

  lua_pushboolean(L, ret);
  return 1;
}

/***
save rand seed to file
@function rand_write
@tparam[opt=nil] string file path to save seed, default openssl management
@treturn bool result
*/
static int
openssl_random_write(lua_State *L)
{
  const char *file = luaL_optstring(L, 1, NULL);
  char        buffer[MAX_PATH];
  int         ret = 0;

  if (file == NULL) file = RAND_file_name(buffer, sizeof buffer);
#ifndef OPENSSL_NO_EGD
  ret = RAND_egd(file);
  /* we try if the given filename is an EGD socket.
     if it is, we don't write anything back to the file.
   */
#endif
  if (ret != 1) ret = RAND_write_file(file);

  return openssl_pushresult(L, ret);
}

/***
get random generator state
@function rand_status
@tparam boolean result true for sucess
*/
static int
openssl_random_status(lua_State *L)
{
  lua_pushboolean(L, RAND_status());
  return 1;
}

/***
get random bytes
@function random
@tparam number length
@treturn string
*/
static LUA_FUNCTION(openssl_random_bytes)
{
  long length = luaL_checkint(L, 1);

  char *buffer = NULL;
  int   ret = 0;

  luaL_argcheck(L, length > 0, 1, "must greater than 0");

  buffer = malloc(length + 1);
  ret = RAND_bytes((byte *)buffer, length);
  if (ret == 1) {
    lua_pushlstring(L, buffer, length);
  }
  free(buffer);
  return ret == 1 ? 1 : openssl_pushresult(L, ret);
}

/***
set FIPS mode
@function FIPS_mode
@tparam boolean fips true enable FIPS mode, false disable it.
@treturn boolean success
*/

/***
get FIPS mode
@function FIPS_mode
@treturn boolean return true when FIPS mode enabled, false when FIPS mode disabled.
*/
static int
openssl_fips_mode(lua_State *L)
{
  int ret = 0;
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER < 0x30000000L)
  int on = 0;
  if (lua_isnone(L, 1)) {
    lua_pushboolean(L, FIPS_mode());
    ret = 1;
  } else {
    on = auxiliar_checkboolean(L, 1);
    ret = FIPS_mode_set(on);
    ret = openssl_pushresult(L, ret);
  }
#endif

  return ret;
}

#ifndef OPENSSL_NO_CRYPTO_MDEBUG
static int
openssl_mem_leaks(lua_State *L)
{
  BIO     *bio = BIO_new(BIO_s_mem());
  BUF_MEM *mem;

  CRYPTO_mem_leaks(bio);
  BIO_get_mem_ptr(bio, &mem);
  lua_pushlstring(L, mem->data, mem->length);
  BIO_free(bio);
  return 1;
}
#endif

/***
get openssl engine object
@function engine
@tparam string engine_id
@treturn engine
*/
static const luaL_Reg eay_functions[] = {
  { "version",     openssl_version       },
  { "list",        openssl_list          },
  { "hex",         openssl_hex           },
  { "base64",      openssl_base64        },
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
  { "mem_leaks",   openssl_mem_leaks     },
#endif
  { "rand_status", openssl_random_status },
  { "rand_add",    openssl_random_add    },
  { "rand_load",   openssl_random_load   },
  { "rand_write",  openssl_random_write  },
  { "random",      openssl_random_bytes  },

  { "clear_error", openssl_clear_error   },
  { "error",       openssl_error_string  },
  { "errors",      openssl_errors        },
#ifndef OPENSSL_NO_ENGINE
  { "engine",      openssl_engine        },
#endif
  { "FIPS_mode",   openssl_fips_mode     },

  { NULL,          NULL                  }
};

#if defined(OPENSSL_THREADS)                                                                       \
  && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
void CRYPTO_thread_setup(void);
void CRYPTO_thread_cleanup(void);
#endif

#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
#include <stdatomic.h>
static atomic_int _guard = 0;
#else
static volatile int _guard = 0;
#endif

#if OPENSSL_VERSION_NUMBER >= 0x30000000L
static OSSL_PROVIDER *legacy = NULL;
static OSSL_PROVIDER *openssl = NULL;
#endif

static void
openssl_finalize(void)
{
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
  if (atomic_fetch_add_explicit(&_guard, -1, memory_order_relaxed) != 1) return;
#else
  if (--_guard == 1) return;
#endif

#if (OPENSSL_VERSION_NUMBER > 0x10100000L && !IS_LIBRESSL())                                       \
  || LIBRESSL_VERSION_NUMBER > 0x30600000L
#if !IS_LIBRESSL()
  /* This will be called automatically by the library when the thread exits. */
  OPENSSL_thread_stop();

  OSSL_PROVIDER_unload(openssl);
  OSSL_PROVIDER_unload(legacy);
#endif
  /* This is initiated automatically on application exit */
  OPENSSL_cleanup();
#else

#if !defined(LIBRESSL_VERSION_NUMBER)
  FIPS_mode_set(0);
#endif

  CONF_modules_unload(1);
  OBJ_cleanup();
  EVP_cleanup();
#ifndef OPENSSL_NO_ENGINE
  ENGINE_cleanup();
#endif
  CRYPTO_cleanup_all_ex_data();
  ERR_remove_thread_state(NULL);
  RAND_cleanup();
  ERR_free_strings();
#if !defined(OPENSSL_NO_COMP) && !defined(LIBRESSL_VERSION_NUMBER)
  COMP_zlib_cleanup();
#endif

  CRYPTO_THREADID_set_callback(NULL);
  CRYPTO_set_locking_callback(NULL);

#if defined(OPENSSL_THREADS)                                                                       \
  && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
  CRYPTO_thread_cleanup();
#endif

  CONF_modules_free();

#ifndef OPENSSL_NO_CRYPTO_MDEBUG
#if !(defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_FP_API))
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L
  CRYPTO_mem_leaks_fp(stderr);
#else
  if (CRYPTO_mem_leaks_fp(stderr) != 1) {
    fprintf(stderr,
            "Please report a bug on https://github.com/zhaozg/lua-openssl."
            "And if can, please provide a reproduce method and minimal code.\n"
            "\n\tThank You.");
  }
#endif

#endif /* OPENSSL_NO_STDIO or OPENSSL_NO_FP_API */
#endif /* OPENSSL_NO_CRYPTO_MDEBUG */
#endif /* OPENSSL_VERSION_NUMBER > 0x10100000L && !IS_LIBRESSL() */
}

static void
openssl_initialize()
{
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
  if (atomic_fetch_add_explicit(&_guard, 1, memory_order_relaxed) > 0) return;
#else
  if (++_guard > 0) return;
#endif

  /* Automatically do thread and resources cleanup */
  atexit(openssl_finalize);

#if defined(OPENSSL_THREADS)                                                                       \
  && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
  CRYPTO_thread_setup();
#endif

#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
  OpenSSL_add_all_ciphers();
  OpenSSL_add_all_digests();
  SSL_library_init();

  ERR_load_ERR_strings();
  ERR_load_EVP_strings();
  ERR_load_crypto_strings();
  ERR_load_SSL_strings();
#endif
#if OPENSSL_VERSION_NUMBER < 0x30000000
  ERR_load_BN_strings();
#endif
#ifndef OPENSSL_NO_CMS
#if OPENSSL_VERSION_NUMBER < 0x30000000
  ERR_load_CMS_strings();
#endif
#endif

#ifndef OPENSSL_NO_ENGINE
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
  ENGINE_load_openssl();
#else
  OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL);
  OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL);
#endif
#if OPENSSL_VERSION_NUMBER < 0x30000000L
  ENGINE_load_builtin_engines();
#endif
#endif

#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
  RAND_seed(LOPENSSL_VERSION LUA_VERSION OPENSSL_VERSION_TEXT,
            sizeof(LOPENSSL_VERSION LUA_VERSION OPENSSL_VERSION_TEXT));
#endif

#ifdef LOAD_ENGINE_CUSTOM
  LOAD_ENGINE_CUSTOM
#endif

#if OPENSSL_VERSION_NUMBER >= 0x30000000L
  legacy = OSSL_PROVIDER_load(NULL, "legacy");
  openssl = OSSL_PROVIDER_load(NULL, "default");
#endif
}

#ifndef LUA_RIDX_MAINTHREAD
#define LUA_RIDX_MAINTHREAD 1
#endif
lua_State *openssl_mainthread(lua_State *L)
{
  lua_rawgeti(L, LUA_REGISTRYINDEX, LUA_RIDX_MAINTHREAD);
  lua_State *mainL = lua_tothread(L, -1);
  lua_pop(L, 1);
  return mainL ? mainL : L;
}

LUALIB_API int
luaopen_openssl(lua_State *L)
{
  openssl_initialize();

  lua_newtable(L);

  luaL_setfuncs(L, eay_functions, 0);

#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x30900000L
  /* NOTE: refact lhash/conf module */
  openssl_register_lhash(L);
#endif

#ifndef OPENSSL_NO_ENGINE
  openssl_register_engine(L);
#endif

  luaopen_bio(L);
  lua_setfield(L, -2, "bio");

  luaopen_asn1(L);
  lua_setfield(L, -2, "asn1");

  luaopen_digest(L);
  lua_setfield(L, -2, "digest");

  luaopen_cipher(L);
  lua_setfield(L, -2, "cipher");

  luaopen_hmac(L);
  lua_setfield(L, -2, "hmac");

#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
  luaopen_mac(L);
  lua_setfield(L, -2, "mac");
  luaopen_param(L);
  lua_setfield(L, -2, "param");
#endif
  luaopen_kdf(L);
  lua_setfield(L, -2, "kdf");

  luaopen_pkey(L);
  lua_setfield(L, -2, "pkey");

#ifdef EVP_PKEY_EC
  luaopen_ec(L);
  lua_setfield(L, -2, "ec");
#endif

  luaopen_x509(L);
  lua_setfield(L, -2, "x509");

  luaopen_pkcs7(L);
  lua_setfield(L, -2, "pkcs7");

  luaopen_pkcs12(L);
  lua_setfield(L, -2, "pkcs12");

  luaopen_ocsp(L);
  lua_setfield(L, -2, "ocsp");

#ifdef OPENSSL_HAVE_TS
  /* timestamp handling */
  luaopen_ts(L);
  lua_setfield(L, -2, "ts");
#endif

  luaopen_cms(L);
  lua_setfield(L, -2, "cms");

  luaopen_ssl(L);
  lua_setfield(L, -2, "ssl");

  /* third part */
  luaopen_bn(L);
  lua_setfield(L, -2, "bn");

  luaopen_rsa(L);
  lua_setfield(L, -2, "rsa");
  luaopen_dsa(L);
  lua_setfield(L, -2, "dsa");
  luaopen_dh(L);
  lua_setfield(L, -2, "dh");

#ifndef OPENSSL_NO_SRP
  luaopen_srp(L);
  lua_setfield(L, -2, "srp");
#endif

#ifdef ENABLE_OPENSSL_GLOBAL
  lua_pushvalue(L, -1);
  lua_setglobal(L, "openssl");
#endif

  return 1;
}

1	/***
2	Openssl binding for Lua, provide openssl full function in lua.
3
4	@module openssl
5	@usage
6	openssl = require('openssl')
7	*/
8
9	#include "openssl.h"
10	#include <openssl/asn1.h>
11	#include <openssl/engine.h>
12	#include <openssl/opensslconf.h>
13	#include <openssl/ssl.h>
14
15	#include "private.h"
16	#ifndef OPENSSL_NO_CMS
17	#include <openssl/cms.h>
18	#endif
19
20	/***
21	get lua-openssl version
22	@function version
23	@tparam[opt] boolean format result will be number when set true, or string
24	@treturn lua-openssl version, lua version, openssl version
25	*/
26	static int
27	openssl_version(lua_State *L)	6✔
28	{
29	int num = lua_isnone(L, 1) ? 0 : auxiliar_checkboolean(L, 1);	6✔
30	if (num) {	6✔
31	lua_pushinteger(L, LOPENSSL_VERSION_NUM);	4✔
32	lua_pushinteger(L, LUA_VERSION_NUM);	4✔
33	#ifdef LIBRESSL_VERSION_NUMBER
34	lua_pushinteger(L, LIBRESSL_VERSION_NUMBER);
35	#else
36	lua_pushinteger(L, OPENSSL_VERSION_NUMBER);	4✔
37	#endif
38	} else {
39	lua_pushstring(L, LOPENSSL_VERSION);	2✔
40	lua_pushstring(L, LUA_VERSION);	2✔
41	lua_pushstring(L, OPENSSL_VERSION_TEXT);	2✔
42	}
43	return 3;	6✔
44	}
45
46	/***
47	hex encode or decode string
48	@function hex
49	@tparam string str
50	@tparam[opt=true] boolean encode true to encoed, false to decode
51	@treturn string
52	*/
53	static LUA_FUNCTION(openssl_hex)	39✔
54	{
55	size_t l = 0;	39✔
56	const char *s = luaL_checklstring(L, 1, &l);	39✔
57	int encode = lua_isnone(L, 2) ? 1 : lua_toboolean(L, 2);	39✔
58	char *h = NULL;	39✔
59
60	if (l == 0) {	39✔
61	lua_pushstring(L, "");	1✔
62	return 1;	1✔
63	}
64	if (encode) {	38✔
65	h = OPENSSL_malloc(2 * l + 1);	37✔
66	l = bin2hex((const unsigned char *)s, h, l);	37✔
67	} else {
68	h = OPENSSL_malloc(l / 2 + 1);	1✔
69	l = hex2bin(s, (unsigned char *)h, l);	1✔
70	};
71	lua_pushlstring(L, (const char *)h, l);	38✔
72	OPENSSL_free(h);	38✔
73
74	return 1;	38✔
75	}
76
77	/***
78	base64 encode or decode
79	@function base64
80	@tparam string\|bio input
81	@tparam[opt=true] boolean encode true to encoed, false to decode
82	@tparam[opt=true] boolean NO_NL default true without newline, false with newline
83	@treturn string
84	*/
85	static LUA_FUNCTION(openssl_base64)	44✔
86	{
87	BIO *inp = load_bio_object(L, 1);	44✔
88	int encode = lua_isnone(L, 2) ? 1 : lua_toboolean(L, 2);	44✔
89	int nonl = lua_isnone(L, 3) ? BIO_FLAGS_BASE64_NO_NL	44✔
90	: (lua_toboolean(L, 3) ? BIO_FLAGS_BASE64_NO_NL : 0);	44✔
91	BIO *b64 = BIO_new(BIO_f_base64());	44✔
92	BIO *out = BIO_new(BIO_s_mem());	44✔
93	BUF_MEM *mem = { 0 };	44✔
94	int ret = 0;	44✔
95
96	BIO_set_flags(b64, nonl);	44✔
97	if (encode) {	44✔
98	BIO_push(b64, out);	14✔
99	BIO_get_mem_ptr(inp, &mem);	14✔
100	BIO_write(b64, mem->data, mem->length);	14✔
101	(void)BIO_flush(b64);	14✔
102	} else {
103	char inbuf[512];
104	int inlen;
105	BIO_push(b64, inp);	30✔
106	while ((inlen = BIO_read(b64, inbuf, 512)) > 0) BIO_write(out, inbuf, inlen);	60✔
107	(void)BIO_flush(out);	30✔
108	}
109
110	BIO_get_mem_ptr(out, &mem);	44✔
111	if (mem->length > 0) {	44✔
112	lua_pushlstring(L, mem->data, mem->length);	44✔
113	ret = 1;	44✔
114	}
115	BIO_free_all(b64);	44✔
116	if (encode)	44✔
117	BIO_free(inp);	14✔
118	else
119	BIO_free(out);	30✔
120	return ret;	44✔
121	}
122
123	static void
124	list_callback(const OBJ_NAME obj, void arg)	57✔
125	{
126	lua_State L = (lua_State )arg;	57✔
127	int idx = (int)lua_rawlen(L, -1);	57✔
128	lua_pushstring(L, obj->name);	57✔
129	lua_rawseti(L, -2, idx + 1);	57✔
130	}	57✔
131
132	/***
133	get method names
134	@function list
135	@tparam string type support 'cipher','digests','pkeys','comps'
136	@treturn table as array
137	*/
138	static LUA_FUNCTION(openssl_list)	1✔
139	{
140	static int options[] = { OBJ_NAME_TYPE_MD_METH,
141	OBJ_NAME_TYPE_CIPHER_METH,
142	#if !defined(LIBRESSL_VERSION_NUMBER) \|\| LIBRESSL_VERSION_NUMBER < 0x30900000L
143	/* NOTE: libressl 4.0.0 */
144	OBJ_NAME_TYPE_PKEY_METH,
145	OBJ_NAME_TYPE_COMP_METH
146	#endif
147	};
148	static const char *names[] = { "digests",
149	"ciphers",
150	#if !defined(LIBRESSL_VERSION_NUMBER) \|\| LIBRESSL_VERSION_NUMBER < 0x30900000L
151	"pkeys",
152	"comps",
153	#endif
154	NULL };
155	int type = auxiliar_checkoption(L, 1, NULL, names, options);	1✔
156	lua_createtable(L, 0, 0);	1✔
157	OBJ_NAME_do_all_sorted(type, list_callback, L);	1✔
158	return 1;	1✔
159	}
160
161	/***
162	get last or given error infomation
163
164	Most lua-openssl function or methods return nil or false when error or
165	failed, followed by string type error _reason_ and number type error _code_,
166	_code_ can pass to openssl.error() to get more error information.
167
168	@function error
169	@tparam[opt] number error, default use ERR_get_error() return value
170	@treturn string reason
171	@treturn string library name
172	@treturn number errcode
173	@treturn string function name if available
174	@treturn boolean indicates whether a given error code is a fatal error
175	*/
176	static LUA_FUNCTION(openssl_error_string)	16✔
177	{
178	unsigned long val = ERR_get_error();	16✔
179	if (val == 0) return 0;	16✔
180
181	val = (unsigned long)luaL_optinteger(L, 1, val);	8✔
182
183	lua_pushstring(L, ERR_reason_error_string(val));	8✔
184	lua_pushstring(L, ERR_lib_error_string(val));	8✔
185	lua_pushinteger(L, val);	8✔
186
187	#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
188	lua_pushstring(L, ERR_func_error_string(val));	8✔
189	#else
190	lua_pushnil(L);
191	#endif
192
193	#ifdef ERR_FATAL_ERROR
194	lua_pushboolean(L, ERR_FATAL_ERROR(val));	8✔
195	#else
196	lua_pushnil(L);
197	#endif
198
199	return 5;	8✔
200	}
201
202	/***
203	Empties the current thread's error queue, helps reduce memory usage.
204	@function clear_error
205	*/
206	static LUA_FUNCTION(openssl_clear_error)	2✔
207	{
208	ERR_clear_error();	2✔
209	return 0;	2✔
210	}
211
212	/***
213	Fetch all error strings from current thread's error queue, and empty the error queue.
214	@function errors
215	@treturn string
216	*/
217	static LUA_FUNCTION(openssl_errors)	5✔
218	{
219	int ret = 0;	5✔
220	BIO *out = BIO_new(BIO_s_mem());	5✔
221	if (out) {	5✔
222	BUF_MEM *mem;
223
224	ERR_print_errors(out);	5✔
225	BIO_get_mem_ptr(out, &mem);	5✔
226	lua_pushlstring(L, mem->data, mem->length);	5✔
227	BIO_free(out);	5✔
228
229	ERR_clear_error();	5✔
230	ret = 1;	5✔
231	}
232	return ret;	5✔
233	}
234
235	/***
236	mixes the num bytes at buf into the PRNG state.
237	@function rand_add
238	@tparam string seed data to seed random generator
239	@tparam number entropy the lower bound of an estimate of how much randomness is contained in buf,
240	measured in bytes.
241	*/
242	static int
243	openssl_random_add(lua_State *L)	1✔
244	{
245	size_t num = 0;	1✔
246	const void *buf = luaL_checklstring(L, 1, &num);	1✔
247	double entropy = luaL_optinteger(L, 2, num);	1✔
248
249	RAND_add(buf, num, entropy);	1✔
250	return 0;	1✔
251	}
252
253	/***
254	load rand seed from file
255	@function rand_load
256	@tparam[opt=nil] string file path to laod seed, default openssl management
257	@treturn boolean result
258	*/
259	static int
260	openssl_random_load(lua_State *L)	1✔
261	{
262	const char *file = luaL_optstring(L, 1, NULL);	1✔
263	char buffer[MAX_PATH];
264	int ret = 0, len = luaL_optinteger(L, 2, 2048);	1✔
265
266	if (file == NULL) file = RAND_file_name(buffer, sizeof buffer);	1✔
267	ret = RAND_load_file(file, len);	1✔
268
269	lua_pushboolean(L, ret);	1✔
270	return 1;	1✔
271	}
272
273	/***
274	save rand seed to file
275	@function rand_write
276	@tparam[opt=nil] string file path to save seed, default openssl management
277	@treturn bool result
278	*/
279	static int
280	openssl_random_write(lua_State *L)	1✔
281	{
282	const char *file = luaL_optstring(L, 1, NULL);	1✔
283	char buffer[MAX_PATH];
284	int ret = 0;	1✔
285
286	if (file == NULL) file = RAND_file_name(buffer, sizeof buffer);	1✔
287	#ifndef OPENSSL_NO_EGD
288	ret = RAND_egd(file);	1✔
289	/* we try if the given filename is an EGD socket.
290	if it is, we don't write anything back to the file.
291	*/
292	#endif
293	if (ret != 1) ret = RAND_write_file(file);	1✔
294
295	return openssl_pushresult(L, ret);	1✔
296	}
297
298	/***
299	get random generator state
300	@function rand_status
301	@tparam boolean result true for sucess
302	*/
303	static int
304	openssl_random_status(lua_State *L)	1✔
305	{
306	lua_pushboolean(L, RAND_status());	1✔
307	return 1;	1✔
308	}
309
310	/***
311	get random bytes
312	@function random
313	@tparam number length
314	@treturn string
315	*/
316	static LUA_FUNCTION(openssl_random_bytes)	173✔
317	{
318	long length = luaL_checkint(L, 1);	173✔
319
320	char *buffer = NULL;	173✔
321	int ret = 0;	173✔
322
323	luaL_argcheck(L, length > 0, 1, "must greater than 0");	173✔
324
325	buffer = malloc(length + 1);	173✔
326	ret = RAND_bytes((byte *)buffer, length);	173✔
327	if (ret == 1) {	173✔
328	lua_pushlstring(L, buffer, length);	173✔
329	}
330	free(buffer);	173✔
331	return ret == 1 ? 1 : openssl_pushresult(L, ret);	173✔
332	}
333
334	/***
335	set FIPS mode
336	@function FIPS_mode
337	@tparam boolean fips true enable FIPS mode, false disable it.
338	@treturn boolean success
339	*/
340
341	/***
342	get FIPS mode
343	@function FIPS_mode
344	@treturn boolean return true when FIPS mode enabled, false when FIPS mode disabled.
345	*/
346	static int
347	openssl_fips_mode(lua_State *L)	4✔
348	{
349	int ret = 0;	4✔
350	#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER < 0x30000000L)
351	int on = 0;	4✔
352	if (lua_isnone(L, 1)) {	4✔
353	lua_pushboolean(L, FIPS_mode());	3✔
354	ret = 1;	3✔
355	} else {
356	on = auxiliar_checkboolean(L, 1);	1✔
357	ret = FIPS_mode_set(on);	1✔
358	ret = openssl_pushresult(L, ret);	1✔
359	}
360	#endif
361
362	return ret;	4✔
363	}
364
365	#ifndef OPENSSL_NO_CRYPTO_MDEBUG
366	static int
367	openssl_mem_leaks(lua_State *L)	×
368	{
369	BIO *bio = BIO_new(BIO_s_mem());	×
370	BUF_MEM *mem;
371
372	CRYPTO_mem_leaks(bio);	×
373	BIO_get_mem_ptr(bio, &mem);	×
374	lua_pushlstring(L, mem->data, mem->length);	×
375	BIO_free(bio);	×
376	return 1;	×
377	}
378	#endif
379
380	/***
381	get openssl engine object
382	@function engine
383	@tparam string engine_id
384	@treturn engine
385	*/
386	static const luaL_Reg eay_functions[] = {
387	{ "version", openssl_version },
388	{ "list", openssl_list },
389	{ "hex", openssl_hex },
390	{ "base64", openssl_base64 },
391	#ifndef OPENSSL_NO_CRYPTO_MDEBUG
392	{ "mem_leaks", openssl_mem_leaks },
393	#endif
394	{ "rand_status", openssl_random_status },
395	{ "rand_add", openssl_random_add },
396	{ "rand_load", openssl_random_load },
397	{ "rand_write", openssl_random_write },
398	{ "random", openssl_random_bytes },
399
400	{ "clear_error", openssl_clear_error },
401	{ "error", openssl_error_string },
402	{ "errors", openssl_errors },
403	#ifndef OPENSSL_NO_ENGINE
404	{ "engine", openssl_engine },
405	#endif
406	{ "FIPS_mode", openssl_fips_mode },
407
408	{ NULL, NULL }
409	};
410
411	#if defined(OPENSSL_THREADS) \
412	&& (OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER))
413	void CRYPTO_thread_setup(void);
414	void CRYPTO_thread_cleanup(void);
415	#endif
416
417	#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
418	#include <stdatomic.h>
419	static atomic_int _guard = 0;
420	#else
421	static volatile int _guard = 0;
422	#endif
423
424	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
425	static OSSL_PROVIDER *legacy = NULL;
426	static OSSL_PROVIDER *openssl = NULL;
427	#endif
428
429	static void
430	openssl_finalize(void)	1✔
431	{
432	#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
433	if (atomic_fetch_add_explicit(&_guard, -1, memory_order_relaxed) != 1) return;	1✔
434	#else
435	if (--_guard == 1) return;
436	#endif
437
438	#if (OPENSSL_VERSION_NUMBER > 0x10100000L && !IS_LIBRESSL()) \
439	\|\| LIBRESSL_VERSION_NUMBER > 0x30600000L
440	#if !IS_LIBRESSL()
441	/* This will be called automatically by the library when the thread exits. */
442	OPENSSL_thread_stop();
443
444	OSSL_PROVIDER_unload(openssl);
445	OSSL_PROVIDER_unload(legacy);
446	#endif
447	/* This is initiated automatically on application exit */
448	OPENSSL_cleanup();
449	#else
450
451	#if !defined(LIBRESSL_VERSION_NUMBER)
452	FIPS_mode_set(0);	1✔
453	#endif
454
455	CONF_modules_unload(1);	1✔
456	OBJ_cleanup();	1✔
457	EVP_cleanup();	1✔
458	#ifndef OPENSSL_NO_ENGINE
459	ENGINE_cleanup();	1✔
460	#endif
461	CRYPTO_cleanup_all_ex_data();	1✔
462	ERR_remove_thread_state(NULL);	1✔
463	RAND_cleanup();	1✔
464	ERR_free_strings();	1✔
465	#if !defined(OPENSSL_NO_COMP) && !defined(LIBRESSL_VERSION_NUMBER)
466	COMP_zlib_cleanup();	1✔
467	#endif
468
469	CRYPTO_THREADID_set_callback(NULL);	1✔
470	CRYPTO_set_locking_callback(NULL);	1✔
471
472	#if defined(OPENSSL_THREADS) \
473	&& (OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER))
474	CRYPTO_thread_cleanup();	1✔
475	#endif
476
477	CONF_modules_free();	1✔
478
479	#ifndef OPENSSL_NO_CRYPTO_MDEBUG
480	#if !(defined(OPENSSL_NO_STDIO) \|\| defined(OPENSSL_NO_FP_API))
481	#if defined(LIBRESSL_VERSION_NUMBER) \|\| OPENSSL_VERSION_NUMBER < 0x10101000L
482	CRYPTO_mem_leaks_fp(stderr);	1✔
483	#else
484	if (CRYPTO_mem_leaks_fp(stderr) != 1) {
485	fprintf(stderr,
486	"Please report a bug on https://github.com/zhaozg/lua-openssl."
487	"And if can, please provide a reproduce method and minimal code.\n"
488	"\n\tThank You.");
489	}
490	#endif
491
492	#endif /* OPENSSL_NO_STDIO or OPENSSL_NO_FP_API */
493	#endif /* OPENSSL_NO_CRYPTO_MDEBUG */
494	#endif /* OPENSSL_VERSION_NUMBER > 0x10100000L && !IS_LIBRESSL() */
495	}
496
497	static void
498	openssl_initialize()	1✔
499	{
500	#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
501	if (atomic_fetch_add_explicit(&_guard, 1, memory_order_relaxed) > 0) return;	1✔
502	#else
503	if (++_guard > 0) return;
504	#endif
505
506	/* Automatically do thread and resources cleanup */
507	atexit(openssl_finalize);	1✔
508
509	#if defined(OPENSSL_THREADS) \
510	&& (OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER))
511	CRYPTO_thread_setup();	1✔
512	#endif
513
514	#if (OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER))
515	OpenSSL_add_all_ciphers();	1✔
516	OpenSSL_add_all_digests();	1✔
517	SSL_library_init();	1✔
518
519	ERR_load_ERR_strings();	1✔
520	ERR_load_EVP_strings();	1✔
521	ERR_load_crypto_strings();	1✔
522	ERR_load_SSL_strings();	1✔
523	#endif
524	#if OPENSSL_VERSION_NUMBER < 0x30000000
525	ERR_load_BN_strings();	1✔
526	#endif
527	#ifndef OPENSSL_NO_CMS
528	#if OPENSSL_VERSION_NUMBER < 0x30000000
529	ERR_load_CMS_strings();	1✔
530	#endif
531	#endif
532
533	#ifndef OPENSSL_NO_ENGINE
534	#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
535	ENGINE_load_openssl();	1✔
536	#else
537	OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL);
538	OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN \| OPENSSL_INIT_LOAD_CONFIG, NULL);
539	#endif
540	#if OPENSSL_VERSION_NUMBER < 0x30000000L
541	ENGINE_load_builtin_engines();	1✔
542	#endif
543	#endif
544
545	#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
546	RAND_seed(LOPENSSL_VERSION LUA_VERSION OPENSSL_VERSION_TEXT,	1✔
547	sizeof(LOPENSSL_VERSION LUA_VERSION OPENSSL_VERSION_TEXT));
548	#endif
549
550	#ifdef LOAD_ENGINE_CUSTOM
551	LOAD_ENGINE_CUSTOM
552	#endif
553
554	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
555	legacy = OSSL_PROVIDER_load(NULL, "legacy");
556	openssl = OSSL_PROVIDER_load(NULL, "default");
557	#endif
558	}
559
560	#ifndef LUA_RIDX_MAINTHREAD
561	#define LUA_RIDX_MAINTHREAD 1
562	#endif
563	lua_State openssl_mainthread(lua_State L)	22✔
564	{
565	lua_rawgeti(L, LUA_REGISTRYINDEX, LUA_RIDX_MAINTHREAD);	22✔
566	lua_State *mainL = lua_tothread(L, -1);	22✔
567	lua_pop(L, 1);	22✔
568	return mainL ? mainL : L;	22✔
569	}
570
571	LUALIB_API int
572	luaopen_openssl(lua_State *L)	1✔
573	{
574	openssl_initialize();	1✔
575
576	lua_newtable(L);	1✔
577
578	luaL_setfuncs(L, eay_functions, 0);	1✔
579
580	#if !defined(LIBRESSL_VERSION_NUMBER) \|\| LIBRESSL_VERSION_NUMBER < 0x30900000L
581	/* NOTE: refact lhash/conf module */
582	openssl_register_lhash(L);	1✔
583	#endif
584
585	#ifndef OPENSSL_NO_ENGINE
586	openssl_register_engine(L);	1✔
587	#endif
588
589	luaopen_bio(L);	1✔
590	lua_setfield(L, -2, "bio");	1✔
591
592	luaopen_asn1(L);	1✔
593	lua_setfield(L, -2, "asn1");	1✔
594
595	luaopen_digest(L);	1✔
596	lua_setfield(L, -2, "digest");	1✔
597
598	luaopen_cipher(L);	1✔
599	lua_setfield(L, -2, "cipher");	1✔
600
601	luaopen_hmac(L);	1✔
602	lua_setfield(L, -2, "hmac");	1✔
603
604	#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
605	luaopen_mac(L);
606	lua_setfield(L, -2, "mac");
607	luaopen_param(L);
608	lua_setfield(L, -2, "param");
609	#endif
610	luaopen_kdf(L);	1✔
611	lua_setfield(L, -2, "kdf");	1✔
612
613	luaopen_pkey(L);	1✔
614	lua_setfield(L, -2, "pkey");	1✔
615
616	#ifdef EVP_PKEY_EC
617	luaopen_ec(L);	1✔
618	lua_setfield(L, -2, "ec");	1✔
619	#endif
620
621	luaopen_x509(L);	1✔
622	lua_setfield(L, -2, "x509");	1✔
623
624	luaopen_pkcs7(L);	1✔
625	lua_setfield(L, -2, "pkcs7");	1✔
626
627	luaopen_pkcs12(L);	1✔
628	lua_setfield(L, -2, "pkcs12");	1✔
629
630	luaopen_ocsp(L);	1✔
631	lua_setfield(L, -2, "ocsp");	1✔
632
633	#ifdef OPENSSL_HAVE_TS
634	/* timestamp handling */
635	luaopen_ts(L);	1✔
636	lua_setfield(L, -2, "ts");	1✔
637	#endif
638
639	luaopen_cms(L);	1✔
640	lua_setfield(L, -2, "cms");	1✔
641
642	luaopen_ssl(L);	1✔
643	lua_setfield(L, -2, "ssl");	1✔
644
645	/* third part */
646	luaopen_bn(L);	1✔
647	lua_setfield(L, -2, "bn");	1✔
648
649	luaopen_rsa(L);	1✔
650	lua_setfield(L, -2, "rsa");	1✔
651	luaopen_dsa(L);	1✔
652	lua_setfield(L, -2, "dsa");	1✔
653	luaopen_dh(L);	1✔
654	lua_setfield(L, -2, "dh");	1✔
655
656	#ifndef OPENSSL_NO_SRP
657	luaopen_srp(L);	1✔
658	lua_setfield(L, -2, "srp");	1✔
659	#endif
660
661	#ifdef ENABLE_OPENSSL_GLOBAL
662	lua_pushvalue(L, -1);
663	lua_setglobal(L, "openssl");
664	#endif
665
666	return 1;	1✔
667	}

zhaozg / lua-openssl / 14788361818

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous