[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Encryption in Lua ? Lua encryption library OR C/C++/C#/Java library which can be called from Lua ?
- From: Paul Ducklin <pducklin@...>
- Date: Wed, 17 Feb 2021 01:37:26 +0000
Phone sent before I was ready :-) At end of text below I meant to say ‘LuaSec says in its changelog “added integration with luaossl” at release 0.7.’
The code is there (use a precreated luaossl context for the session instead of a LuaSec initialised one) but it doesn’t work.
I wanted that feature so I could use LuaSec with certificates expressed as data already loaded into memory, whereas LuaSec’s own context-creation API only allows you to specify certificates via the name of an already existing file.
I can dig out those fixes too if anyone would like them.
(I also added a keylog callback function to LuaSec that can be used to emulate Firefox’s and Chrome’s behaviour when used with the SSLKEYLOGFILE environment variable. Dangerous but useful for research purposes: dumps all TLS key material for every TLS connection, even TLS 1.3, so you can decrypt sniffed traffic later on like Wireshark does.)
On 17 Feb 2021, at 01:28, Paul Ducklin <firstname.lastname@example.org> wrote:
>>> Why not send patches upstream?
> Do you or William accept suggested patches by email? (I’m not a GitHub user.)
> Bodges I made to my own build include:
> * Change to allow a digest of NULL without which Ed25519 signatures cannot [?] be specified
> * That Y2K bug you guys already fixed.
> * Code to make # work with X509 chains due to no more ipairs() metamethod, so you can use a loop to go through the chain.
> * Very basic (incomplete) code to call AEAD gettag and settag functions. (No support for additional data or IVs other than 12 bytes.)
> Er, that’s it.
>> Which integration is that? (how can it both be claimed *and* undocumented?)
> If you say “this code has X” but then you don’t tell anyone how to use X (and, indeed, X is broken anyway), that is claimed, undocumented and broken :-)
> You can
> LuaSec’s changelig mentioned somewhere (and included code, might