static int openssl_ec_group_parse(lua_State*L)
{
const EC_GROUP* group = CHECK_OBJECT(1, EC_GROUP, "openssl.ec_group");
const EC_POINT *generator = EC_GROUP_get0_generator(group);
BN_CTX* ctx = BN_CTX_new();
BIGNUM *a, *b, *p, *order, *cofactor;
lua_newtable(L);
if (generator)
{
generator = EC_POINT_dup(generator, group);
AUXILIAR_SETOBJECT(L, generator, "openssl.ec_point", -1, "generator");
}
order = BN_new();
EC_GROUP_get_order(group, order, ctx);
AUXILIAR_SETOBJECT(L, order, "openssl.bn", -1, "order");
cofactor = BN_new();
EC_GROUP_get_cofactor(group, cofactor, ctx);
AUXILIAR_SETOBJECT(L, cofactor, "openssl.bn", -1, "cofactor");
AUXILIAR_SET(L, -1, "asn1_flag", EC_GROUP_get_asn1_flag(group), integer);
AUXILIAR_SET(L, -1, "degree", EC_GROUP_get_degree(group), integer);
AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer);
AUXILIAR_SET(L, -1, "conversion_form", EC_GROUP_get_point_conversion_form(group), integer);
AUXILIAR_SETLSTR(L, -1, "seed", EC_GROUP_get0_seed(group), EC_GROUP_get_seed_len(group));
a = BN_new();
b = BN_new();
p = BN_new();
EC_GROUP_get_curve_GFp(group, p, a, b, ctx);
lua_newtable(L);
{
AUXILIAR_SETOBJECT(L, p, "openssl.bn", -1, "p");
AUXILIAR_SETOBJECT(L, a, "openssl.bn", -1, "a");
AUXILIAR_SETOBJECT(L, b, "openssl.bn", -1, "b");
}
lua_setfield(L, -2, "curve");
BN_CTX_free(ctx);
return 1;
}
static LUA_FUNCTION(openssl_crl_parse)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
int n, i;
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", X509_CRL_get_version(crl), integer);
/* hash as used in CA directories to lookup cert by subject name */
{
char buf[32];
snprintf(buf, sizeof(buf), "%08lx", X509_NAME_hash(X509_CRL_get_issuer(crl)));
AUXILIAR_SET(L, -1, "hash", buf, string);
}
{
const EVP_MD *digest = EVP_get_digestbyname("sha1");
unsigned char md[EVP_MAX_MD_SIZE];
int n = sizeof(md);
if (X509_CRL_digest(crl, digest, md, (unsigned int*)&n))
{
lua_newtable(L);
AUXILIAR_SET(L, -1, "alg", OBJ_nid2sn(EVP_MD_type(digest)), string);
AUXILIAR_SETLSTR(L, -1, "hash", (const char*)md, n);
lua_setfield(L, -2, "fingerprint");
}
}
openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl));
lua_setfield(L, -2, "issuer");
PUSH_ASN1_TIME(L,X509_CRL_get_lastUpdate(crl));
lua_setfield(L, -2, "lastUpdate");
PUSH_ASN1_TIME(L,X509_CRL_get_nextUpdate(crl));
lua_setfield(L, -2, "nextUpdate");
openssl_push_x509_algor(L, crl->crl->sig_alg);
lua_setfield(L, -2, "sig_alg");
PUSH_ASN1_INTEGER(L, X509_CRL_get_ext_d2i(crl, NID_crl_number, NULL, NULL));
lua_setfield(L, -2, "crl_number");
PUSH_OBJECT(sk_X509_EXTENSION_dup(crl->crl->extensions),"openssl.stack_of_x509_extension");
lua_setfield(L, -2, "extensions");
n = sk_X509_REVOKED_num(crl->crl->revoked);
lua_newtable(L);
for (i = 0; i < n; i++)
{
X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i);
lua_newtable(L);
#if OPENSSL_VERSION_NUMBER > 0x10000000L
AUXILIAR_SET(L, -1, "CRLReason", reason_flags[revoked->reason].lname, string);
#else
{
int crit = 0;
void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL);
AUXILIAR_SET(L, -1, "CRLReason", reason_flags[ASN1_ENUMERATED_get(reason)].lname, string);
ASN1_ENUMERATED_free(reason);
}
#endif
PUSH_ASN1_INTEGER(L, revoked->serialNumber);
lua_setfield(L,-2, "serialNumber");
PUSH_ASN1_TIME(L, revoked->revocationDate);
lua_setfield(L,-2, "revocationDate");
PUSH_OBJECT(sk_X509_EXTENSION_dup(revoked->extensions),"openssl.stack_of_x509_extension");
lua_setfield(L,-2, "extensions");
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "revoked");
return 1;
}
/*
int openssl_signerinfo_parse(lua_State*L)
{
PKCS7_SIGNER_INFO * si = CHECK_OBJECT(1,PKCS7_SIGNER_INFO,"openssl.pkcs7_signer_info");
si->
}
*/
static LUA_FUNCTION(openssl_pkcs7_parse)
{
PKCS7 * p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7");
STACK_OF(X509) *certs = NULL;
STACK_OF(X509_CRL) *crls = NULL;
int i = OBJ_obj2nid(p7->type);
lua_newtable(L);
AUXILIAR_SET(L, -1, "type", OBJ_nid2ln(i), string);
switch (i)
{
case NID_pkcs7_signed:
{
PKCS7_SIGNED *sign = p7->d.sign;
PKCS7* c = sign->contents;
PKCS7_SIGNER_INFO* si = sk_PKCS7_SIGNER_INFO_value(sign->signer_info, 0);
(void*)si;
certs = sign->cert ? sign->cert : NULL;
crls = sign->crl ? sign->crl : NULL;
#if 0
typedef struct pkcs7_signed_st
{
ASN1_INTEGER *version; /* version 1 */
STACK_OF(X509_ALGOR) *md_algs; /* md used */
STACK_OF(X509) *cert; /* [ 0 ] */
STACK_OF(X509_CRL) *crl; /* [ 1 ] */
STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
struct pkcs7_st *contents;
} PKCS7_SIGNED;
#endif
AUXILIAR_SETOBJECT(L, sk_X509_ALGOR_dup(sign->md_algs), "openssl.stack_of_x509_algor", -1, "md_algs");
AUXILIAR_SETOBJECT(L, sk_PKCS7_SIGNER_INFO_dup(sign->signer_info), "openssl.stack_of_pkcs7_signer_info", -1, "signer_info");
AUXILIAR_SET(L, -1, "detached", PKCS7_is_detached(p7), boolean);
if (c)
{
AUXILIAR_SETOBJECT(L, PKCS7_dup(c), "openssl.pkcs7", -1, "contents");
}
if (!PKCS7_is_detached(p7))
{
AUXILIAR_SETOBJECT(L, p7->d.sign->contents, "openssl.pkcs7", -1, "content");
}
}
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
break;
case NID_pkcs7_enveloped:
{
/*
BIO * mem = BIO_new(BIO_s_mem());
BIO * v_p7bio = PKCS7_dataDecode(p7,pkey,NULL,NULL);
BUF_MEM *bptr = NULL;
unsigned char src[4096];
int len;
while((len = BIO_read(v_p7bio,src,4096))>0){
BIO_write(mem, src, len);
}
BIO_free(v_p7bio);
BIO_get_mem_ptr(mem, &bptr);
if((int)*puiDataLen < bptr->length)
{
*puiDataLen = bptr->length;
ret = SAR_MemoryErr;
}else{
*puiDataLen = bptr->length;
memcpy(pucData,bptr->data, bptr->length);
}
*/
}
break;
case NID_pkcs7_digest:
{
PKCS7_DIGEST* d = p7->d.digest;
PKCS7* c = d->contents;
ASN1_OCTET_STRING *data = d->digest;
(void*)c;
AUXILIAR_SET(L, -1, "type", "digest", string);
if (data)
{
int dlen = ASN1_STRING_length(data);
unsigned char* dptr = ASN1_STRING_data(data);
AUXILIAR_SETLSTR(L, -1, "digest", (const char*)dptr, dlen);
}
}
break;
case NID_pkcs7_data:
{
ASN1_OCTET_STRING *data = p7->d.data;
int dlen = ASN1_STRING_length(data);
unsigned char* dptr = ASN1_STRING_data(data);
AUXILIAR_SET(L, -1, "type", "data", string);
AUXILIAR_SETLSTR(L, -1, "data", (const char*)dptr, dlen);
}
break;
default:
break;
}
