int X509V3_EXT_free(int nid, void *ext_data)
{
const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid);
if (ext_method == NULL) {
X509V3err(X509V3_F_X509V3_EXT_FREE,
X509V3_R_CANNOT_FIND_FREE_FUNCTION);
return 0;
}
if (ext_method->it != NULL)
ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it));
else if (ext_method->ext_free != NULL)
ext_method->ext_free(ext_data);
else {
X509V3err(X509V3_F_X509V3_EXT_FREE,
X509V3_R_CANNOT_FIND_FREE_FUNCTION);
return 0;
}
return 1;
}
int X509V3_EXT_add_alias(int nid_to, int nid_from)
{
const X509V3_EXT_METHOD *ext;
X509V3_EXT_METHOD *tmpext;
if (!(ext = X509V3_EXT_get_nid(nid_from))) {
X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,
X509V3_R_EXTENSION_NOT_FOUND);
return 0;
}
if (!
(tmpext =
(X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
return 0;
}
*tmpext = *ext;
tmpext->ext_nid = nid_to;
tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
return X509V3_EXT_add(tmpext);
}
EXPORT_C X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
{
int nid;
if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
return X509V3_EXT_get_nid(nid);
}
/**
* Module activation
*/
static
int
globus_l_openssl_activate(void)
{
int i;
int pci_NID;
int pci_old_NID;
X509V3_EXT_METHOD * pci_x509v3_ext_meth = NULL;
X509V3_EXT_METHOD * pci_old_x509v3_ext_meth = NULL;
SSL_library_init();
globus_module_activate(GLOBUS_COMMON_MODULE);
globus_module_activate(GLOBUS_GSI_OPENSSL_ERROR_MODULE);
mutex_pool = malloc(CRYPTO_num_locks() * sizeof(globus_mutex_t));
for(i=0;i<CRYPTO_num_locks();i++)
{
globus_mutex_init(&(mutex_pool[i]),NULL);
}
if (!CRYPTO_get_locking_callback())
{
CRYPTO_set_locking_callback(globus_l_openssl_locking_cb);
}
if (!CRYPTO_get_id_callback())
{
CRYPTO_set_id_callback(globus_l_openssl_thread_id);
}
if (OBJ_txt2nid(ANY_LANGUAGE_OID) == 0)
{
OBJ_create(ANY_LANGUAGE_OID,
ANY_LANGUAGE_SN,
ANY_LANGUAGE_LN);
}
if (OBJ_txt2nid(IMPERSONATION_PROXY_OID) == 0)
{
OBJ_create(IMPERSONATION_PROXY_OID,
IMPERSONATION_PROXY_SN,
IMPERSONATION_PROXY_LN);
}
if (OBJ_txt2nid(INDEPENDENT_PROXY_OID) == 0)
{
OBJ_create(INDEPENDENT_PROXY_OID,
INDEPENDENT_PROXY_SN,
INDEPENDENT_PROXY_LN);
}
if (OBJ_txt2nid(LIMITED_PROXY_OID) == 0)
{
OBJ_create(LIMITED_PROXY_OID,
LIMITED_PROXY_SN,
LIMITED_PROXY_LN);
}
pci_NID = OBJ_txt2nid(PROXYCERTINFO_OID);
if (pci_NID == 0)
{
pci_NID = OBJ_create(PROXYCERTINFO_OID,
PROXYCERTINFO_SN,
PROXYCERTINFO_LN);
}
pci_old_NID = OBJ_txt2nid(PROXYCERTINFO_OLD_OID);
if (pci_old_NID == 0)
{
pci_old_NID = OBJ_create(PROXYCERTINFO_OLD_OID,
PROXYCERTINFO_OLD_SN,
PROXYCERTINFO_OLD_LN);
}
/* this sets the pci NID in the static X509V3_EXT_METHOD struct */
if (X509V3_EXT_get_nid(pci_NID) == NULL)
{
pci_x509v3_ext_meth = PROXYCERTINFO_x509v3_ext_meth();
pci_x509v3_ext_meth->ext_nid = pci_NID;
X509V3_EXT_add(pci_x509v3_ext_meth);
}
if (X509V3_EXT_get_nid(pci_old_NID) == NULL)
{
pci_old_x509v3_ext_meth = PROXYCERTINFO_OLD_x509v3_ext_meth();
pci_old_x509v3_ext_meth->ext_nid = pci_old_NID;
X509V3_EXT_add(pci_old_x509v3_ext_meth);
}
return GLOBUS_SUCCESS;
}
/* char *value: Value */
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
int crit, const char *value)
{
const X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
STACK_OF(CONF_VALUE) *nval;
void *ext_struc;
if (ext_nid == NID_undef) {
X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME);
return NULL;
}
if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
return NULL;
}
/* Now get internal extension representation based on type */
if (method->v2i) {
if (*value == '@')
nval = NCONF_get_section(conf, value + 1);
else
nval = X509V3_parse_list(value);
if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
X509V3err(X509V3_F_DO_EXT_NCONF,
X509V3_R_INVALID_EXTENSION_STRING);
ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
value);
if (*value != '@')
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
return NULL;
}
ext_struc = method->v2i(method, ctx, nval);
if (*value != '@')
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
if (!ext_struc)
return NULL;
} else if (method->s2i) {
if ((ext_struc = method->s2i(method, ctx, value)) == NULL)
return NULL;
} else if (method->r2i) {
if (!ctx->db || !ctx->db_meth) {
X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE);
return NULL;
}
if ((ext_struc = method->r2i(method, ctx, value)) == NULL)
return NULL;
} else {
X509V3err(X509V3_F_DO_EXT_NCONF,
X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
return NULL;
}
ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
if (method->it)
ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
else
method->ext_free(ext_struc);
return ext;
}
static X509_EXTENSION* openssl_new_xextension(lua_State*L, int idx, int v3)
{
int nid;
int critical = 0;
ASN1_OCTET_STRING* value = NULL;
X509_EXTENSION* y = NULL;
lua_getfield(L, idx, "object");
nid = openssl_get_nid(L, -1);
lua_pop(L, 1);
lua_getfield(L, idx, "critical");
critical = lua_isnil(L, -1) ? 0 : lua_toboolean(L, -1);
lua_pop(L, 1);
if (nid == NID_undef)
{
lua_pushfstring(L, "%s is not valid object id", lua_tostring(L, -1));
luaL_argerror(L, idx, lua_tostring(L, -1));
}
lua_getfield(L, idx, "value");
luaL_argcheck(L, lua_isstring(L, -1) || auxiliar_isgroup(L, "openssl.asn1group", -1),
1, "field value must be string or openssl.asn1group object");
if (lua_isstring(L, -1))
{
size_t size;
const char* data = lua_tolstring(L, -1, &size);
if (v3)
{
const X509V3_EXT_METHOD *method = X509V3_EXT_get_nid(nid);
if (method)
{
void *ext_struc = NULL;
STACK_OF(CONF_VALUE) *nval = X509V3_parse_list(data);
/* Now get internal extension representation based on type */
if (method->v2i && nval)
{
if (sk_CONF_VALUE_num(nval) > 0)
{
ext_struc = method->v2i(method, NULL, nval);
}
}
else if (method->s2i)
{
ext_struc = method->s2i(method, NULL, data);
}
if (nval)
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
if (ext_struc)
{
unsigned char *ext_der = NULL;
int ext_len;
/* Convert internal representation to DER */
if (method->it)
{
ext_der = NULL;
ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
if (ext_len < 0)
{
ext_der = NULL;
}
}
else
{
ext_len = method->i2d(ext_struc, NULL);
ext_der = OPENSSL_malloc(ext_len);
if (ext_der)
{
unsigned char* p = ext_der;
method->i2d(ext_struc, &p);
}
}
if (ext_der)
{
value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(value, ext_der, ext_len);
}
else
value = NULL;
if (method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
else method->ext_free(ext_struc);
}
}
}
else
{
value = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
ASN1_STRING_set(value, data, size);
}
if (value)
{
y = X509_EXTENSION_create_by_NID(NULL, nid, critical, value);
ASN1_STRING_free(value);
return y;
}
else
{
luaL_error(L, "don't support object(%s) with value (%s)", OBJ_nid2ln(nid), data);
return NULL;
}
}
else
{
value = CHECK_GROUP(-1, ASN1_STRING, "openssl.asn1group");
y = X509_EXTENSION_create_by_NID(NULL, nid, critical, value);
lua_pop(L, 1);
return y;
}
}
