static int openssl_xalgor_dup(lua_State* L) { X509_ALGOR* alg = CHECK_OBJECT(1, X509_ALGOR, "openssl.x509_algor"); X509_ALGOR* ano = X509_ALGOR_dup(alg); PUSH_OBJECT(ano, "openssl.x509_algor"); return 1; }
TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX (TS_REQ * req, TS_VERIFY_CTX * ctx) { TS_VERIFY_CTX *ret = ctx; ASN1_OBJECT *policy; TS_MSG_IMPRINT *imprint; X509_ALGOR *md_alg; ASN1_OCTET_STRING *msg; const ASN1_INTEGER *nonce; OPENSSL_assert (req != NULL); if (ret) TS_VERIFY_CTX_cleanup (ret); else if (!(ret = TS_VERIFY_CTX_new ())) return NULL; /* Setting flags. */ ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); /* Setting policy. */ if ((policy = TS_REQ_get_policy_id (req)) != NULL) { if (!(ret->policy = OBJ_dup (policy))) goto err; } else ret->flags &= ~TS_VFY_POLICY; /* Setting md_alg, imprint and imprint_len. */ imprint = TS_REQ_get_msg_imprint (req); md_alg = TS_MSG_IMPRINT_get_algo (imprint); if (!(ret->md_alg = X509_ALGOR_dup (md_alg))) goto err; msg = TS_MSG_IMPRINT_get_msg (imprint); ret->imprint_len = ASN1_STRING_length (msg); if (!(ret->imprint = OPENSSL_malloc (ret->imprint_len))) goto err; memcpy (ret->imprint, ASN1_STRING_data (msg), ret->imprint_len); /* Setting nonce. */ if ((nonce = TS_REQ_get_nonce (req)) != NULL) { if (!(ret->nonce = ASN1_INTEGER_dup (nonce))) goto err; } else ret->flags &= ~TS_VFY_NONCE; return ret; err: if (ctx) TS_VERIFY_CTX_cleanup (ctx); else TS_VERIFY_CTX_free (ret); return NULL; }
static int openssl_push_pkcs7_signer_info(lua_State *L, PKCS7_SIGNER_INFO *info) { lua_newtable(L); AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(info->version), integer); if (info->issuer_and_serial != NULL) { X509_NAME *i = X509_NAME_dup(info->issuer_and_serial->issuer); ASN1_INTEGER *s = ASN1_INTEGER_dup(info->issuer_and_serial->serial); if (info->issuer_and_serial->issuer) AUXILIAR_SETOBJECT(L, i, "openssl.x509_name", -1, "issuer"); if (info->issuer_and_serial->serial) AUXILIAR_SETOBJECT(L, s, "openssl.asn1_integer", -1, "serial"); } if (info->digest_alg) { X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg); AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_alg"); } if (info->digest_enc_alg) { X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg); AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_enc_alg"); } if (info->enc_digest) { ASN1_STRING *dup = ASN1_STRING_dup(info->enc_digest); AUXILIAR_SETOBJECT(L, dup, "openssl.asn1_string", -1, "enc_digest"); } if (info->pkey) { CRYPTO_add(&info->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); AUXILIAR_SETOBJECT(L, info->pkey, "openssl.evp_pkey", -1, "pkey"); } return 1; }
int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg) { X509_ALGOR *new_alg; if (a->hash_algo == alg) return 1; new_alg = X509_ALGOR_dup(alg); if (new_alg == NULL) { TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE); return 0; } X509_ALGOR_free(a->hash_algo); a->hash_algo = new_alg; return 1; }
int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) { if (!ASN1_INTEGER_set(p7i->version, 0)) return 0; if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, X509_get_issuer_name(x509))) return 0; M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); if (!(p7i->issuer_and_serial->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) return 0; X509_ALGOR_free(p7i->key_enc_algor); if (!(p7i->key_enc_algor = X509_ALGOR_dup(x509->cert_info->key->algor))) return 0; CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); p7i->cert = x509; return (1); }
CPK_MASTER_SECRET *CPK_MASTER_SECRET_create(const char *domain_id, EVP_PKEY *pkey, X509_ALGOR *map_algor) { int e = 1; CPK_MASTER_SECRET *master = NULL; BIGNUM *bn = NULL, *order = NULL; X509_PUBKEY *pubkey = NULL; int pkey_type; int i, bn_size, num_factors; unsigned char *bn_ptr; if (strlen(domain_id) <= 0 || strlen(domain_id) > CPK_MAX_ID_LENGTH) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_ID_LENGTH); goto err; } pkey_type = EVP_PKEY_id(pkey); if (pkey_type == EVP_PKEY_DSA) { if (!(order = ((DSA *)EVP_PKEY_get0(pkey))->q)) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_BAD_ARGUMENT); goto err; } } else if (pkey_type == EVP_PKEY_EC) { const EC_GROUP *ec_group; if (!(order = BN_new())) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE); goto err; } ec_group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0(pkey)); if (!EC_GROUP_get_order(ec_group, order, NULL)) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB); goto err; } //FIXME OPENSSL_assert assert(EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0(pkey)) != NULL); } else { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_PKEY_TYPE); goto err; } if (!(master = CPK_MASTER_SECRET_new())) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE); goto err; } master->version = 1; if (!X509_NAME_add_entry_by_NID(master->id, NID_organizationName, MBSTRING_UTF8, (unsigned char *)domain_id, -1, -1, 0)) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB); goto err; } /* * convert EVP_PKEY to X509_ALGOR through X509_PUBKEY_set * X509_ALGOR_set0() is another choice but require more code */ // FIXME: X509_PUBKEY require pkey has a public key if (!X509_PUBKEY_set(&pubkey, pkey)) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB); goto err; } X509_ALGOR_free(master->pkey_algor); if (!(master->pkey_algor = X509_ALGOR_dup(pubkey->algor))) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_X509_LIB); goto err; } //FIXME: check the validity of CPK_MAP X509_ALGOR_free(master->map_algor); if (!(master->map_algor = X509_ALGOR_dup(map_algor))) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE); goto err; } if ((num_factors = CPK_MAP_num_factors(map_algor)) <= 0) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, CPK_R_INVALID_MAP_ALGOR); goto err; } /* * create secret factors, for both DSA and EC, * the private keys are both big integers, */ bn_size = BN_num_bytes(order); if (!ASN1_STRING_set(master->secret_factors, NULL, bn_size * num_factors)) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_ASN1_LIB); goto err; } bn_ptr = M_ASN1_STRING_data(master->secret_factors); memset(bn_ptr, 0, M_ASN1_STRING_length(master->secret_factors)); if (!(bn = BN_new())) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_MALLOC_FAILURE); goto err; } for (i = 0; i < num_factors; i++) { do { if (!BN_rand_range(bn, order)) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_RAND_LIB); goto err; } } while (BN_is_zero(bn)); if (!BN_bn2bin(bn, bn_ptr + bn_size - BN_num_bytes(bn))) { CPKerr(CPK_F_CPK_MASTER_SECRET_CREATE, ERR_R_BN_LIB); goto err; } bn_ptr += bn_size; } e = 0; err: if (e && master) { CPK_MASTER_SECRET_free(master); master = NULL; } if (pubkey) X509_PUBKEY_free(pubkey); if (order && pkey_type == EVP_PKEY_EC) BN_free(order); if (bn) BN_free(bn); return master; }
CPK_PUBLIC_PARAMS *CPK_MASTER_SECRET_extract_public_params(CPK_MASTER_SECRET *master) { CPK_PUBLIC_PARAMS *param = NULL; int pkey_type; pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm); if (!(param = CPK_PUBLIC_PARAMS_new())) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, ERR_R_MALLOC_FAILURE); goto err; } param->version = master->version; X509_NAME_free(param->id); if (!(param->id = X509_NAME_dup(master->id))) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, ERR_R_MALLOC_FAILURE); goto err; } X509_ALGOR_free(param->pkey_algor); if (!(param->pkey_algor = X509_ALGOR_dup(master->pkey_algor))) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, ERR_R_MALLOC_FAILURE); goto err; } X509_ALGOR_free(param->map_algor); if (!(param->map_algor = X509_ALGOR_dup(master->map_algor))) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, ERR_R_MALLOC_FAILURE); goto err; } switch (pkey_type) { case EVP_PKEY_DSA: if (!extract_dsa_params(master, param)) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, ERR_R_CPK_LIB); goto err; } break; case EVP_PKEY_EC: if (!extract_ec_params(master, param)) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, ERR_R_CPK_LIB); goto err; } break; default: CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PUBLIC_PARAMS, CPK_R_INVALID_PKEY_TYPE); goto err; } return param; err: if (param) CPK_PUBLIC_PARAMS_free(param); return NULL; }
/*** parse x509_req object as table @function parse @tparam[opt=true] shortname default will use short object name @treturn table result */ static LUA_FUNCTION(openssl_csr_parse) { X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req"); X509_NAME *subject = X509_REQ_get_subject_name(csr); STACK_OF(X509_EXTENSION) *exts = X509_REQ_get_extensions(csr); lua_newtable(L); { const ASN1_BIT_STRING *sig = NULL; const X509_ALGOR *alg = NULL; X509_REQ_get0_signature(csr, &sig, &alg); openssl_push_asn1(L, sig, V_ASN1_BIT_STRING); lua_setfield(L, -2, "signature"); alg = X509_ALGOR_dup((X509_ALGOR *)alg); PUSH_OBJECT(alg, "openssl.x509_algor"); lua_setfield(L, -2, "sig_alg"); } lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_REQ_get_version(csr), integer); openssl_push_xname_asobject(L, subject); lua_setfield(L, -2, "subject"); if (exts) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, exts); lua_rawset(L, -3); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } { X509_PUBKEY *xpub = X509_REQ_get_X509_PUBKEY(csr); ASN1_OBJECT *oalg = NULL; int c; EVP_PKEY *pubkey = X509_REQ_get_pubkey(csr); lua_newtable(L); c = X509_REQ_get_attr_count(csr); if (c > 0) { int i; lua_newtable(L); for (i = 0; i < c ; i++) { X509_ATTRIBUTE *attr = X509_REQ_get_attr(csr, i); attr = X509_ATTRIBUTE_dup(attr); PUSH_OBJECT(attr, "openssl.x509_attribute"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "attributes"); } lua_newtable(L); if (X509_PUBKEY_get0_param(&oalg, NULL, NULL, NULL, xpub)) { openssl_push_asn1object(L, oalg); lua_setfield(L, -2, "algorithm"); } AUXILIAR_SETOBJECT(L, pubkey, "openssl.evp_pkey", -1, "pubkey"); lua_setfield(L, -2, "pubkey"); lua_setfield(L, -2, "req_info"); } return 1; }