static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc) { unsigned char *ext_der, *p; int ext_len; ASN1_OCTET_STRING *ext_oct; X509_EXTENSION *ext; /* Convert internal representation to DER */ ext_len = method->i2d(ext_struc, NULL); if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr; p = ext_der; method->i2d(ext_struc, &p); if(!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; ext_oct->data = ext_der; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); if(!ext) goto merr; M_ASN1_OCTET_STRING_free(ext_oct); return ext; merr: X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); return NULL; }
/* * Create a new extension * * Extension ::= SEQUENCE { * id OBJECT IDENTIFIER, * critical BOOLEAN DEFAULT FALSE, * value OCTET STRING } * * Parameters: * pex: OpenSSL extension pointer (output parameter) * nid: extension identifier * crit: extension critical (EXT_NON_CRIT, EXT_CRIT) * data: extension data. This data will be encapsulated in an Octet String * * Return: Extension address, NULL if error */ static X509_EXTENSION *ext_new(int nid, int crit, unsigned char *data, int len) { X509_EXTENSION *ex; ASN1_OCTET_STRING *ext_data; /* Octet string containing the extension data */ ext_data = ASN1_OCTET_STRING_new(); ASN1_OCTET_STRING_set(ext_data, data, len); /* Create the extension */ ex = X509_EXTENSION_create_by_NID(NULL, nid, crit, ext_data); /* The extension makes a copy of the data, so we can free this object */ ASN1_OCTET_STRING_free(ext_data); return ex; }
static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc) { unsigned char *ext_der = NULL; int ext_len; ASN1_OCTET_STRING *ext_oct = NULL; X509_EXTENSION *ext; /* Convert internal representation to DER */ if (method->it) { ext_der = NULL; ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); if (ext_len < 0) goto merr; } else { unsigned char *p; ext_len = method->i2d(ext_struc, NULL); if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) goto merr; p = ext_der; method->i2d(ext_struc, &p); } if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) goto merr; ext_oct->data = ext_der; ext_der = NULL; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); if (!ext) goto merr; ASN1_OCTET_STRING_free(ext_oct); return ext; merr: X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); OPENSSL_free(ext_der); ASN1_OCTET_STRING_free(ext_oct); return NULL; }
static X509_EXTENSION* openssl_new_xextension(lua_State*L, X509_EXTENSION** x, int idx, int utf8) { int nid; ASN1_OCTET_STRING* value; int critical = 0; lua_getfield(L, idx, "object"); nid = openssl_get_nid(L, -1); lua_pop(L, 1); if (nid==NID_undef) { lua_pushfstring(L, "%s is not valid object id",lua_tostring(L, -1)); luaL_argerror(L, idx, lua_tostring(L,-1)); } lua_getfield(L, idx, "value"); value = CHECK_OBJECT(-1, ASN1_STRING, "openssl.asn1_string"); lua_pop(L, 1); lua_getfield(L, idx, "critical"); critical = lua_isnil(L,-1) ? 0 : lua_toboolean(L, -1); lua_pop(L, 1); return X509_EXTENSION_create_by_NID(x, nid, critical, ASN1_STRING_dup(value)); }
static X509_EXTENSION* openssl_new_xextension(lua_State*L, int idx, int v3) { int nid; int critical = 0; ASN1_OCTET_STRING* value = NULL; X509_EXTENSION* y = NULL; lua_getfield(L, idx, "object"); nid = openssl_get_nid(L, -1); lua_pop(L, 1); lua_getfield(L, idx, "critical"); critical = lua_isnil(L, -1) ? 0 : lua_toboolean(L, -1); lua_pop(L, 1); if (nid == NID_undef) { lua_pushfstring(L, "%s is not valid object id", lua_tostring(L, -1)); luaL_argerror(L, idx, lua_tostring(L, -1)); } lua_getfield(L, idx, "value"); luaL_argcheck(L, lua_isstring(L, -1) || auxiliar_isgroup(L, "openssl.asn1group", -1), 1, "field value must be string or openssl.asn1group object"); if (lua_isstring(L, -1)) { size_t size; const char* data = lua_tolstring(L, -1, &size); if (v3) { const X509V3_EXT_METHOD *method = X509V3_EXT_get_nid(nid); if (method) { void *ext_struc = NULL; STACK_OF(CONF_VALUE) *nval = X509V3_parse_list(data); /* Now get internal extension representation based on type */ if (method->v2i && nval) { if (sk_CONF_VALUE_num(nval) > 0) { ext_struc = method->v2i(method, NULL, nval); } } else if (method->s2i) { ext_struc = method->s2i(method, NULL, data); } if (nval) sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); if (ext_struc) { unsigned char *ext_der = NULL; int ext_len; /* Convert internal representation to DER */ if (method->it) { ext_der = NULL; ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); if (ext_len < 0) { ext_der = NULL; } } else { ext_len = method->i2d(ext_struc, NULL); ext_der = OPENSSL_malloc(ext_len); if (ext_der) { unsigned char* p = ext_der; method->i2d(ext_struc, &p); } } if (ext_der) { value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(value, ext_der, ext_len); } else value = NULL; if (method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); else method->ext_free(ext_struc); } } } else { value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(value, data, size); } if (value) { y = X509_EXTENSION_create_by_NID(NULL, nid, critical, value); ASN1_STRING_free(value); return y; } else { luaL_error(L, "don't support object(%s) with value (%s)", OBJ_nid2ln(nid), data); return NULL; } } else { value = CHECK_GROUP(-1, ASN1_STRING, "openssl.asn1group"); y = X509_EXTENSION_create_by_NID(NULL, nid, critical, value); lua_pop(L, 1); return y; } }
inline extension extension::from_nid(int nid, bool critical, asn1::string data) { return take_ownership(X509_EXTENSION_create_by_NID(NULL, nid, critical ? 1 : 0, data.raw())); }