static LUA_FUNCTION(openssl_crl_issuer)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
if (lua_isnone(L, 2))
{
return openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl));
}
else if (auxiliar_isclass(L, "openssl.x509_name", 2))
{
X509_NAME* xn = CHECK_OBJECT(2, X509_NAME, "openssl.x509_name");
int ret = X509_CRL_set_issuer_name(crl, xn);
return openssl_pushresult(L, ret);
}
else if (auxiliar_isclass(L, "openssl.x509", 2))
{
X509* x = CHECK_OBJECT(2, X509, "openssl.x509");
int ret = X509_CRL_set_issuer_name(crl, X509_get_issuer_name(x));
return openssl_pushresult(L, ret);
}
else
{
luaL_argerror(L, 2, "only accept x509 or x509_name object");
}
return 0;
}
static LUA_FUNCTION(openssl_pkcs7_add)
{
PKCS7 *p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7");
int n = lua_gettop(L);
int i, ret;
ret = 1;
luaL_argcheck(L, lua_isuserdata(L, 2), 2, "must supply certificate or crl object");
for (i = 2; i <= n; i++)
{
luaL_argcheck(L, auxiliar_isclass(L, "openssl.x509", i) || auxiliar_isclass(L, "openssl.x509_crl", i),
i, "must supply certificate or crl object");
if (auxiliar_isclass(L, "openssl.x509", i))
{
X509* x = CHECK_OBJECT(i, X509, "openssl.x509");
ret = PKCS7_add_certificate(p7, x);
}
else
{
X509_CRL *crl = CHECK_OBJECT(i, X509_CRL, "openssl.x509_crl");
ret = PKCS7_add_crl(p7, crl);
}
luaL_argcheck(L, ret, i, "add to pkcs7 fail");
}
return openssl_pushresult(L, ret);
}
static LUA_FUNCTION(openssl_crl_verify)
{
X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl");
EVP_PKEY *pub = NULL;
int ret;
luaL_argcheck(L,
auxiliar_isclass(L, "openssl.x509", 2) ||
auxiliar_isclass(L, "openssl.evp_pkey", 2),
2,
"must be x509 or evp_pkey object");
if (auxiliar_isclass(L, "openssl.evp_pkey", 2))
{
pub = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey");
ret = X509_CRL_verify(crl, pub);
}
else
{
X509* cacert = CHECK_OBJECT(2, X509, "openssl.x509");
pub = X509_get_pubkey(cacert);
ret = X509_CRL_verify(crl, pub);
EVP_PKEY_free(pub);
}
return openssl_pushresult(L, ret);
}
static int openssl_ssl_ctx_new_ssl(lua_State*L)
{
SSL_CTX* ctx = CHECK_OBJECT(1, SSL_CTX, "openssl.ssl_ctx");
int server = 0;
int mode_idx = 2;
SSL *ssl = SSL_new(ctx);
int ret = 1;
BIO* bio = NULL;
if (auxiliar_isclass(L, "openssl.bio", 2))
{
BIO *bi = CHECK_OBJECT(2, BIO, "openssl.bio");
BIO *bo = bi;
CRYPTO_add(&bi->references, 1, CRYPTO_LOCK_BIO);
if (auxiliar_isclass(L, "openssl.bio", 3))
{
bo = CHECK_OBJECT(3, BIO, "openssl.bio");
CRYPTO_add(&bo->references, 1, CRYPTO_LOCK_BIO);
mode_idx = 4;
}
else
mode_idx = 3;
SSL_set_bio(ssl, bi, bo);
ret = 1;
}
else if (lua_isnumber(L, 2))
{
ret = SSL_set_fd(ssl, luaL_checkint(L, 2));
mode_idx = 3;
}
if (ret == 1 && !lua_isnoneornil(L, mode_idx))
{
server = auxiliar_checkboolean(L, mode_idx);
}
if (ret == 1)
{
if (server)
SSL_set_accept_state(ssl);
else
SSL_set_connect_state(ssl);
PUSH_OBJECT(ssl, "openssl.ssl");
openssl_newvalue(L, ssl);
}
else
{
SSL_free(ssl);
return openssl_pushresult(L, ret);
}
return 1;
}
static LUA_FUNCTION(openssl_csr_new)
{
X509_REQ *csr = X509_REQ_new();
int i;
int n = lua_gettop(L);
int ret = X509_REQ_set_version(csr, 0L);
for (i = 1; ret == 1 && i <= n; i++)
{
luaL_argcheck(L,
auxiliar_isclass(L, "openssl.x509_name", i) ||
auxiliar_isclass(L, "openssl.evp_pkey", i),
i, "must be x509_name");
if (auxiliar_isclass(L, "openssl.x509_name", i))
{
X509_NAME * subject = CHECK_OBJECT(i, X509_NAME, "openssl.x509_name");
ret = X509_REQ_set_subject_name(csr, subject);
}
if (auxiliar_isclass(L, "openssl.evp_pkey", i))
{
EVP_PKEY *pkey;
const EVP_MD *md;
luaL_argcheck(L, i == n || i == n - 1, i, "must is evp_pkey object");
pkey = CHECK_OBJECT(i, EVP_PKEY, "openssl.evp_pkey");
if (i == n - 1)
md = get_digest(L, n);
else
md = EVP_get_digestbyname("sha1");
ret = X509_REQ_set_pubkey(csr, pkey);
if (ret == 1)
{
ret = X509_REQ_sign(csr, pkey, md);
if (ret > 0)
ret = 1;
}
break;
}
};
if (ret == 1)
PUSH_OBJECT(csr, "openssl.x509_req");
else
{
X509_REQ_free(csr);
return openssl_pushresult(L, ret);
}
return 1;
}
static LUA_FUNCTION(openssl_csr_attribute)
{
X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
if (auxiliar_isclass(L, "openssl.x509_attribute", 2))
{
X509_ATTRIBUTE *attr = CHECK_OBJECT(2, X509_ATTRIBUTE, "openssl.x509_attribute");
int ret = X509_REQ_add1_attr(csr, attr);
return openssl_pushresult(L, ret);
}
else if (lua_isnumber(L, 2))
{
int loc = luaL_checkint(L, 2);
X509_ATTRIBUTE *attr = NULL;
if (lua_isnone(L, 3))
{
attr = X509_REQ_get_attr(csr, loc);
attr = X509_ATTRIBUTE_dup(attr);
}
else if (lua_isnil(L, 3))
{
attr = X509_REQ_delete_attr(csr, loc);
}
if (attr)
{
PUSH_OBJECT(attr, "openssl.x509_attribute");
}
else
lua_pushnil(L);
return 1;
}
return 0;
}
static int tlsext_servername_callback(SSL *ssl, int *ad, void *arg)
{
SSL_CTX *newctx = NULL;
SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
lua_State *L = SSL_CTX_get_app_data(ctx);
const char *name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
/* No name, use default context */
if (!name)
return SSL_TLSEXT_ERR_NOACK;
/* Search for the name in the map */
openssl_getvalue(L, ctx, "tlsext_servername");
if (lua_istable(L, -1))
{
lua_getfield(L, -1, name);
if (auxiliar_isclass(L, "openssl.ssl_ctx", -1))
{
newctx = CHECK_OBJECT(-1, SSL_CTX, "openssl.ssl_ctx");
SSL_set_SSL_CTX(ssl, newctx);
lua_pop(L, 2);
return SSL_TLSEXT_ERR_OK;
}
}
else if (lua_isfunction(L, -1))
{
}
else
{
}
lua_pop(L, 1);
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
BIO* load_bio_object(lua_State* L, int idx)
{
BIO* bio = NULL;
if (lua_isstring(L, idx))
{
size_t l = 0;
const char* ctx = lua_tolstring(L, idx, &l);
/* read only */
bio = (BIO*)BIO_new_mem_buf((void*)ctx, l);
/* read write
BIO_set_close(bio, BIO_NOCLOSE);
bio = BIO_new(BIO_s_mem());
BIO_write(bio,(void*)ctx, l);
BIO_set_close(bio, BIO_CLOSE);
*/
}
else if (auxiliar_isclass(L, "openssl.bio", idx))
{
bio = CHECK_OBJECT(idx, BIO, "openssl.bio");
CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
}
else
luaL_argerror(L, idx, "only support string or openssl.bio");
return bio;
}
static LUA_FUNCTION(openssl_csr_attribute)
{
X509_REQ *csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
if (auxiliar_isclass(L, "openssl.x509_attribute", 2))
{
X509_ATTRIBUTE *attr = CHECK_OBJECT(2, X509_ATTRIBUTE, "openssl.x509_attribute");
int ret = X509_REQ_add1_attr(csr, attr);
return openssl_pushresult(L, ret);
}
else if (lua_isnumber(L, 2))
{
int loc = luaL_checkint(L, 2);
X509_ATTRIBUTE *attr = NULL;
if (lua_isnone(L, 3))
{
attr = X509_REQ_get_attr(csr, loc);
attr = X509_ATTRIBUTE_dup(attr);
}
else if (lua_isnil(L, 3))
{
attr = X509_REQ_delete_attr(csr, loc);
}
if (attr)
{
PUSH_OBJECT(attr, "openssl.x509_attribute");
}
else
lua_pushnil(L);
return 1;
}
else if (lua_istable(L, 2))
{
int i;
int ret = 1;
int n = lua_rawlen(L, 2);
for (i = 1; ret == 1 && i <= n; i++)
{
X509_ATTRIBUTE *attr;
lua_rawgeti(L, 2, i);
attr = NULL;
if (lua_istable(L, -1))
{
attr = openssl_new_xattribute(L, &attr, -1, NULL);
ret = X509_REQ_add1_attr(csr, attr);
X509_ATTRIBUTE_free(attr);
}
else
{
attr = CHECK_OBJECT(-1, X509_ATTRIBUTE, "openssl.x509_attribute");
ret = X509_REQ_add1_attr(csr, attr);
}
lua_pop(L, 1);
}
openssl_pushresult(L, ret);
return 1;
}
return 0;
}
static LUA_FUNCTION(openssl_csr_sign)
{
X509_REQ * csr = CHECK_OBJECT(1, X509_REQ, "openssl.x509_req");
luaL_argcheck(L, csr->req_info->pubkey, 1, "has not set public key!!!");
if (auxiliar_isclass(L, "openssl.evp_pkey", 2))
{
EVP_PKEY *pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey");
const EVP_MD* md = lua_isnone(L, 3) ? EVP_get_digestbyname("sha1") : get_digest(L, 3);
int ret = 1;
if (X509_REQ_get_pubkey(csr) == NULL)
{
BIO* bio = BIO_new(BIO_s_mem());
if ( ret = i2d_PUBKEY_bio(bio, pkey))
{
ret = X509_REQ_set_pubkey(csr, d2i_PUBKEY_bio(bio, NULL));
}
BIO_free(bio);
}
if (ret == 1)
ret = X509_REQ_sign(csr, pkey, md);
return openssl_pushresult(L, ret);
}
else if (lua_isstring(L, 2))
{
size_t siglen;
const unsigned char* sigdata = (const unsigned char*)luaL_checklstring(L, 2, &siglen);
const EVP_MD* md = get_digest(L, 3);
/* (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) ? V_ASN1_NULL : V_ASN1_UNDEF, */
X509_ALGOR_set0(csr->sig_alg, OBJ_nid2obj(md->pkey_type), V_ASN1_NULL, NULL);
if (csr->signature->data != NULL)
OPENSSL_free(csr->signature->data);
csr->signature->data = OPENSSL_malloc(siglen);
memcpy(csr->signature->data, sigdata, siglen);
csr->signature->length = siglen;
/*
* In the interests of compatibility, I'll make sure that the bit string
* has a 'not-used bits' value of 0
*/
csr->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
csr->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
lua_pushboolean(L, 1);
return 1;
}
else
{
unsigned char* tosign = NULL;
const ASN1_ITEM *it = ASN1_ITEM_rptr(X509_REQ_INFO);
int inl = ASN1_item_i2d((void*)csr->req_info, &tosign, it);
if (inl > 0 && tosign)
{
lua_pushlstring(L, (const char*)tosign, inl);
OPENSSL_free(tosign);
return 1;
}
return openssl_pushresult(L, 0);
}
}
const EVP_MD* get_digest(lua_State* L, int idx)
{
const EVP_MD* md = NULL;
if (lua_isstring(L, idx))
md = EVP_get_digestbyname(lua_tostring(L, idx));
else if (lua_isnumber(L, idx))
md = EVP_get_digestbynid(lua_tointeger(L, idx));
else if (auxiliar_isclass(L, "openssl.asn1_object", idx))
md = EVP_get_digestbyobj(CHECK_OBJECT(1, ASN1_OBJECT, "openssl.asn1_object"));
else if (auxiliar_isclass(L, "openssl.evp_digest", idx))
md = CHECK_OBJECT(idx, EVP_MD, "openssl.evp_digest");
else
{
luaL_error(L, "argument #1 must be a string, NID number or asn1_object identity digest method");
}
return md;
}
const EVP_CIPHER* get_cipher(lua_State*L, int idx, const char* def_alg)
{
const EVP_CIPHER* cipher = NULL;
if (lua_isstring(L, idx))
cipher = EVP_get_cipherbyname(lua_tostring(L, idx));
else if (lua_isnumber(L, idx))
cipher = EVP_get_cipherbynid(lua_tointeger(L, idx));
else if (auxiliar_isclass(L, "openssl.asn1_object", idx))
cipher = EVP_get_cipherbyobj(CHECK_OBJECT(1, ASN1_OBJECT, "openssl.asn1_object"));
else if (auxiliar_isclass(L, "openssl.evp_cipher", idx))
cipher = CHECK_OBJECT(idx, EVP_CIPHER, "openssl.evp_cipher");
else if (lua_isnoneornil(L, idx) && def_alg)
cipher = EVP_get_cipherbyname(def_alg);
else
luaL_argerror(L, idx, "must be a string, NID number or asn1_object identity cipher method");
if (cipher == NULL)
luaL_argerror(L, idx, "not valid cipher alg");
return cipher;
}
static LUA_FUNCTION(openssl_digest)
{
const EVP_MD *md = NULL;
if (lua_istable(L, 1))
{
if (lua_getmetatable(L, 1) && lua_equal(L, 1, -1))
{
lua_pop(L, 1);
lua_remove(L, 1);
}
else
luaL_error(L, "call function with invalid state");
}
if (lua_isstring(L, 1))
{
md = EVP_get_digestbyname(lua_tostring(L, 1));
}
else if (auxiliar_isclass(L, "openssl.evp_digest", 1))
{
md = CHECK_OBJECT(1, EVP_MD, "openssl.evp_digest");
}
else
luaL_error(L, "argument #1 must be a string identity digest method or an openssl.evp_digest object");
if (md)
{
size_t inl;
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int blen = sizeof(buf);
const char* in = luaL_checklstring(L, 2, &inl);
int raw = (lua_isnoneornil(L, 3)) ? 0 : lua_toboolean(L, 3);
int status = EVP_Digest(in, inl, buf, &blen, md, NULL);
if (status)
{
if (raw)
lua_pushlstring(L, (const char*)buf, blen);
else
{
char hex[2 * EVP_MAX_MD_SIZE + 1];
to_hex((const char*) buf, blen, hex);
lua_pushstring(L, hex);
}
}
else
luaL_error(L, "EVP_Digest method fail");
}
else
luaL_error(L, "argument #1 is not a valid digest algorithm or openssl.evp_digest object");
return 1;
};
static LUA_FUNCTION(openssl_cipher_get)
{
if (!lua_isuserdata(L, 1))
{
const EVP_CIPHER* cipher = get_cipher(L, 1, NULL);
if (cipher)
PUSH_OBJECT((void*)cipher, "openssl.evp_cipher");
else
lua_pushnil(L);
}
else
{
luaL_argcheck(L, auxiliar_isclass(L, "openssl.evp_cipher", 1), 1, "only accept openssl.evp_cipher object");
lua_pushvalue(L, 1);
}
return 1;
}
BIO* load_bio_object(lua_State* L, int idx)
{
BIO* bio = NULL;
if (lua_isstring(L, idx))
{
size_t l = 0;
const char* ctx = lua_tolstring(L, idx, &l);
/* read only */
bio = (BIO*)BIO_new_mem_buf((void*)ctx, l);
}
else if (auxiliar_isclass(L, "openssl.bio", idx))
{
bio = CHECK_OBJECT(idx, BIO, "openssl.bio");
BIO_up_ref(bio);
}
else
luaL_argerror(L, idx, "only support string or openssl.bio");
return bio;
}
static LUA_FUNCTION(openssl_csr_new)
{
X509_REQ *csr = X509_REQ_new();
int i;
int n = lua_gettop(L);
int ret = X509_REQ_set_version(csr, 0L);
for (i = 1; ret == 1 && i <= n; i++)
{
luaL_argcheck(L,
auxiliar_isclass(L, "openssl.stack_of_x509_extension", i) ||
auxiliar_isclass(L, "openssl.stack_of_x509_attribute", i) ||
auxiliar_isclass(L, "openssl.x509_name", i) ||
auxiliar_isclass(L, "openssl.evp_pkey", i),
i, "must be x509_name, stack_of_x509_extension or stack_of_x509_attribute");
if (auxiliar_isclass(L, "openssl.x509_name", i))
{
X509_NAME * subject = CHECK_OBJECT(i, X509_NAME, "openssl.x509_name");
ret = X509_REQ_set_subject_name(csr, subject);
}
if (auxiliar_isclass(L, "openssl.stack_of_x509_attribute", i))
{
int j, m;
STACK_OF(X509_ATTRIBUTE) *attrs = CHECK_OBJECT(i, STACK_OF(X509_ATTRIBUTE), "openssl.stack_of_x509_attribute");
m = sk_X509_ATTRIBUTE_num(attrs);
for (j = 0; ret == 1 && j < m; j++)
{
ret = X509_REQ_add1_attr(csr, sk_X509_ATTRIBUTE_value(attrs, j));
}
}
if (auxiliar_isclass(L, "openssl.stack_of_x509_extension", i))
{
STACK_OF(X509_EXTENSION) *exts =
CHECK_OBJECT(i, STACK_OF(X509_EXTENSION), "openssl.stack_of_x509_extension");
ret = X509_REQ_add_extensions(csr, exts);
}
if (auxiliar_isclass(L, "openssl.evp_pkey", i))
{
EVP_PKEY *pkey;
const EVP_MD *md;
luaL_argcheck(L, i == n || i == n - 1, i, "must is evp_pkey object");
pkey = CHECK_OBJECT(i, EVP_PKEY, "openssl.evp_pkey");
luaL_argcheck(L, openssl_pkey_is_private(pkey), i, "must be private key");
if (i == n - 1)
md = get_digest(L, n);
else
md = EVP_get_digestbyname("sha1");
ret = X509_REQ_set_pubkey(csr, pkey);
if (ret == 1)
{
ret = X509_REQ_sign(csr, pkey, md);
if (ret > 0)
ret = 1;
}
break;
}
};
if (ret == 1)
PUSH_OBJECT(csr, "openssl.x509_req");
else
{
X509_REQ_free(csr);
return openssl_pushresult(L, ret);
}
return 1;
}
static int openssl_xext_support(lua_State*L)
{
static const int supported_nids[] =
{
NID_netscape_cert_type, /* 71 */
NID_key_usage, /* 83 */
NID_subject_alt_name, /* 85 */
NID_basic_constraints, /* 87 */
NID_certificate_policies, /* 89 */
NID_ext_key_usage, /* 126 */
#ifndef OPENSSL_NO_RFC3779
NID_sbgp_ipAddrBlock, /* 290 */
NID_sbgp_autonomousSysNum, /* 291 */
#endif
NID_policy_constraints, /* 401 */
NID_proxyCertInfo, /* 663 */
NID_name_constraints, /* 666 */
NID_policy_mappings, /* 747 */
NID_inhibit_any_policy /* 748 */
};
if (lua_isnoneornil(L, 1))
{
int count = sizeof(supported_nids) / sizeof(int);
int i, nid;
lua_newtable(L);
for (i = 0; i < count; i++)
{
nid = supported_nids[i];
lua_newtable(L);
lua_pushstring(L, OBJ_nid2ln(nid));
lua_setfield(L, -2, "lname");
lua_pushstring(L, OBJ_nid2sn(nid));
lua_setfield(L, -2, "sname");
lua_pushinteger(L, nid);
lua_setfield(L, -2, "nid");
lua_rawseti(L, -2, i + 1);
};
return 1;
}
else if (auxiliar_isclass(L, "openssl.x509_extension", 1))
{
X509_EXTENSION* ext = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension");
int ret = X509_supported_extension(ext);
lua_pushboolean(L, ret);
return 1;
}
else
{
int i;
int ex_nid = openssl_get_nid(L, 1);
if (ex_nid == NID_undef)
return 0;
for (i = 0; i < sizeof(supported_nids) / sizeof(int); i++)
{
if (supported_nids[i] == ex_nid)
break;
}
lua_pushboolean(L, i < sizeof(supported_nids) / sizeof(int));
return 1;
}
}
static int openssl_ocsp_request_new(lua_State*L)
{
OCSP_REQUEST *req = NULL;
if (lua_isstring(L, 1))
{
BIO* bio = load_bio_object(L, 1);
req = d2i_OCSP_REQUEST_bio(bio, NULL);
/*
if (!req)
{
BIO_reset(bio);
req = PEM_read_bio_OCSP_REQUEST(bio, NULL, NULL);
}
*/
BIO_free(bio);
}
else
{
X509 *issuer = CHECK_OBJECT(1, X509, "openssl.x509");
X509_NAME *iname = X509_get_subject_name(issuer);
ASN1_BIT_STRING *ikey = X509_get0_pubkey_bitstr(issuer);
OCSP_CERTID *id = NULL;
OCSP_ONEREQ *one;
char buf[1024];
int nonce = lua_gettop(L) > 2 ? auxiliar_checkboolean(L, 3) : 0;
req = OCSP_REQUEST_new();
if (lua_istable(L, 2))
{
int len = lua_rawlen(L, 2);
int i;
for (i = 1; i <= len; i++)
{
lua_rawgeti(L, 2, i);
if (auxiliar_isclass(L, "openssl.x509", -1))
{
X509 *cert = CHECK_OBJECT(2, X509, "openssl.x509");
id = OCSP_cert_to_id(NULL, cert, issuer);
one = OCSP_request_add0_id(req, id);
}
else
{
size_t len;
char *serial = (char *)luaL_checklstring(L, -1, &len);
ASN1_INTEGER *sno = ASN1_INTEGER_new();
BIO* bio = BIO_new(BIO_s_mem());
BIO_write(bio, serial, len);
if (a2i_ASN1_INTEGER(bio, sno, buf, 1024) == 1)
{
id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
one = OCSP_request_add0_id(req, id);
};
ASN1_INTEGER_free(sno);
BIO_free(bio);
}
lua_pop(L, 1);
}
}
else if (auxiliar_isclass(L, "openssl.x509", 2))
{
X509 *cert = CHECK_OBJECT(2, X509, "openssl.x509");
id = OCSP_cert_to_id(NULL, cert, issuer);
one = OCSP_request_add0_id(req, id);
}
else
{
ASN1_INTEGER *sno = ASN1_INTEGER_new();
BIO* bio = load_bio_object(L, 2);
if (a2i_ASN1_INTEGER(bio, sno, buf, 1024) == 1)
{
id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
one = OCSP_request_add0_id(req, id);
};
ASN1_INTEGER_free(sno);
BIO_free(bio);
}
if (nonce)
OCSP_request_add1_nonce(req, NULL, -1);
}
if(req) {
PUSH_OBJECT(req, "openssl.ocsp_request");
}else
lua_pushnil(L);
return 1;
}
EC_GROUP* openssl_get_ec_group(lua_State* L, int ec_name_idx, int param_enc_idx,
int conv_form_idx)
{
int nid = NID_undef;
EC_GROUP* g = NULL;
if (lua_isnumber(L, ec_name_idx))
nid = lua_tointeger(L, ec_name_idx);
else if (lua_isstring(L, ec_name_idx))
{
const char* name = luaL_checkstring(L, ec_name_idx);
nid = OBJ_sn2nid(name);
} else if (lua_isuserdata(L, ec_name_idx))
{
if (auxiliar_isclass(L, "openssl.evp_pkey", ec_name_idx))
{
EVP_PKEY* pkey = CHECK_OBJECT(1, EVP_PKEY, "openssl.evp_pkey");
EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(pkey);
if (ec_key)
{
g = (EC_GROUP*)EC_KEY_get0_group(ec_key);
EC_KEY_free(ec_key);
}
} else if (auxiliar_isclass(L, "openssl.ec_key", ec_name_idx))
{
EC_KEY* ec_key = CHECK_OBJECT(1, EC_KEY, "openssl.ec_key");
g = (EC_GROUP*)EC_KEY_get0_group(ec_key);
}
if (g)
g = EC_GROUP_dup(g);
}
if (g == NULL && nid != NID_undef)
g = EC_GROUP_new_by_curve_name(nid);
if (g)
{
if (param_enc_idx)
{
int form = 0;
if (lua_isstring(L, param_enc_idx))
{
const char* options[] = {"compressed", "uncompressed", "hybrid", NULL};
int f = luaL_checkoption(L, param_enc_idx, NULL, options);
if (f == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (f == 1)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (f == 2)
form = POINT_CONVERSION_HYBRID;
else
luaL_argerror(L, param_enc_idx, "not accept value point_conversion_form");
EC_GROUP_set_point_conversion_form(g, form);
} else if (lua_isnumber(L, param_enc_idx))
{
form = luaL_checkint(L, param_enc_idx);
EC_GROUP_set_point_conversion_form(g, form);
} else if (lua_isnoneornil(L, param_enc_idx))
{
EC_GROUP_set_point_conversion_form(g, POINT_CONVERSION_UNCOMPRESSED);
}
else
luaL_argerror(L, param_enc_idx, "not accept type of point_conversion_form");
}else
EC_GROUP_set_point_conversion_form(g, POINT_CONVERSION_UNCOMPRESSED);
if (conv_form_idx)
{
int asn1_flag = 0;
if (lua_isstring(L, conv_form_idx))
{ /* OPENSSL_EC_NAMED_CURVE, 0 */
const char* const options[] = {"named_curve", "explicit", NULL};
asn1_flag = luaL_checkoption(L, conv_form_idx, NULL, options);
EC_GROUP_set_asn1_flag(g, asn1_flag);
} else if (lua_isnumber(L, conv_form_idx))
{
asn1_flag = luaL_checkint(L, conv_form_idx);
EC_GROUP_set_asn1_flag(g, asn1_flag);
} else if (lua_isnoneornil(L, conv_form_idx))
{
EC_GROUP_set_asn1_flag(g, OPENSSL_EC_NAMED_CURVE);
}
else
luaL_argerror(L, conv_form_idx, "not accept type of asn1 flag");
}else
EC_GROUP_set_asn1_flag(g, OPENSSL_EC_NAMED_CURVE);
}
return g;
}
