static int openssl_xext_data(lua_State* L) { X509_EXTENSION *x = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension"); if(lua_isnone(L, 2)){ ASN1_STRING *s = X509_EXTENSION_get_data(x); PUSH_OBJECT(ASN1_STRING_dup(s),"openssl.asn1_string"); return 1; } else { ASN1_STRING *s = CHECK_OBJECT(2, ASN1_STRING, "openssl.asn1_string"); int ret; s = ASN1_STRING_dup(s); ret = X509_EXTENSION_set_data(x, s); return openssl_pushresult(L, ret); } };
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) { if (!value || (type == V_ASN1_BOOLEAN)) { void *p = (void *)value; ASN1_TYPE_set(a, type, p); } else if (type == V_ASN1_OBJECT) { ASN1_OBJECT *odup; odup = OBJ_dup(value); if (!odup) return 0; ASN1_TYPE_set(a, type, odup); } else { ASN1_STRING *sdup; sdup = ASN1_STRING_dup(value); if (!sdup) return 0; ASN1_TYPE_set(a, type, sdup); } return 1; }
static int openssl_xattr_data(lua_State*L) { X509_ATTRIBUTE* attr = CHECK_OBJECT(1, X509_ATTRIBUTE, "openssl.x509_attribute"); if (lua_type(L, 2) == LUA_TSTRING) { int attrtype = luaL_checkint(L, 2); size_t size; int ret; const char *data = luaL_checklstring(L, 3, &size); if (attr->single) ASN1_TYPE_free((ASN1_TYPE*)attr->value.ptr); else sk_ASN1_TYPE_pop_free(attr->value.set, ASN1_TYPE_free); attr->value.ptr = NULL; ret = X509_ATTRIBUTE_set1_data(attr, attrtype, data, size); return openssl_pushresult(L, ret); } else { int idx = luaL_checkint(L, 2); int attrtype = luaL_checkint(L, 3); ASN1_STRING *as = (ASN1_STRING *)X509_ATTRIBUTE_get0_data(attr, idx, attrtype, NULL); as = ASN1_STRING_dup(as); PUSH_OBJECT(as, "openssl.asn1_string"); return 1; } }
static int openssl_xalgor_get(lua_State* L) { int type; void* val; ASN1_OBJECT *obj, *dup; X509_ALGOR* alg = CHECK_OBJECT(1, X509_ALGOR, "openssl.x509_algor"); X509_ALGOR_get0(&obj, &type, &val, alg); if (obj != NULL) { dup = OBJ_dup(obj); PUSH_OBJECT(dup, "openssl.asn1_object"); } else lua_pushnil(L); if (type == V_ASN1_UNDEF) lua_pushnil(L); else { ASN1_STRING *s = ASN1_STRING_dup(val); PUSH_OBJECT(s, "openssl.asn1_string"); } return 2; }
static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig) { int pad_mode; EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; if (pad_mode == RSA_PKCS1_PADDING) return 2; if (pad_mode == RSA_PKCS1_PSS_PADDING) { ASN1_STRING *os1 = NULL; os1 = rsa_ctx_to_pss(pkctx); if (!os1) return 0; /* Duplicate parameters if we have to */ if (alg2) { ASN1_STRING *os2 = ASN1_STRING_dup(os1); if (!os2) { ASN1_STRING_free(os1); return 0; } X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os2); } X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os1); return 3; } return 2; }
static int openssl_xalgor_set(lua_State* L) { X509_ALGOR* alg = CHECK_OBJECT(1, X509_ALGOR, "openssl.x509_algor"); ASN1_OBJECT* obj = CHECK_OBJECT(2, ASN1_OBJECT, "openssl.asn1_object"); ASN1_STRING* val = lua_isnoneornil(L,3) ? NULL : auxiliar_checkgroup(L, "openssl.asn1_group", 3); int ret = X509_ALGOR_set0(alg, OBJ_dup(obj), val->type, ASN1_STRING_dup(val)); return openssl_pushresult(L, ret); }
int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type) { switch(type) { case CMS_SIGNERINFO_ISSUER_SERIAL: sid->d.issuerAndSerialNumber = M_ASN1_new_of(CMS_IssuerAndSerialNumber); if (!sid->d.issuerAndSerialNumber) goto merr; if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer, X509_get_issuer_name(cert))) goto merr; ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber); sid->d.issuerAndSerialNumber->serialNumber = ASN1_STRING_dup(X509_get_serialNumber(cert)); if(!sid->d.issuerAndSerialNumber->serialNumber) goto merr; break; case CMS_SIGNERINFO_KEYIDENTIFIER: if (!cert->skid) { CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_CERTIFICATE_HAS_NO_KEYID); return 0; } sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid); if (!sid->d.subjectKeyIdentifier) goto merr; break; default: CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID); return 0; } sid->type = type; return 1; merr: CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE); return 0; }
int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) { ASN1_TIME *in; in = *ptm; if (in != tm) { in = ASN1_STRING_dup(tm); if (in != NULL) { ASN1_TIME_free(*ptm); *ptm = in; } } return (in != NULL); }
int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime) { ASN1_GENERALIZEDTIME *new_time; if (a->time == gtime) return 1; new_time = ASN1_STRING_dup(gtime); if (new_time == NULL) { TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE); return 0; } ASN1_GENERALIZEDTIME_free(a->time); a->time = new_time; return 1; }
int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) { ASN1_TIME *in; if (x == NULL) return (0); in = x->revocationDate; if (in != tm) { in = ASN1_STRING_dup(tm); if (in != NULL) { ASN1_TIME_free(x->revocationDate); x->revocationDate = in; } } return (in != NULL); }
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) { ASN1_TIME *in; if (x == NULL) return (0); in = x->crl.nextUpdate; if (in != tm) { in = ASN1_STRING_dup(tm); if (in != NULL) { ASN1_TIME_free(x->crl.nextUpdate); x->crl.nextUpdate = in; } } return (in != NULL); }
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) { ASN1_TIME *in; if (x == NULL) return (0); in = x->cert_info.validity.notAfter; if (in != tm) { in = ASN1_STRING_dup(tm); if (in != NULL) { ASN1_TIME_free(x->cert_info.validity.notAfter); x->cert_info.validity.notAfter = in; } } return (in != NULL); }
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) { ASN1_TIME *in; if ((x == NULL) || (x->cert_info->validity == NULL)) return (0); in = x->cert_info->validity->notBefore; if (in != tm) { in = ASN1_STRING_dup(tm); if (in != NULL) { ASN1_TIME_free(x->cert_info->validity->notBefore); x->cert_info->validity->notBefore = in; } } return (in != NULL); }
int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) { ASN1_INTEGER *in; if (x == NULL) return (0); in = x->serialNumber; if (in != serial) { in = ASN1_STRING_dup(serial); if (in != NULL) { M_ASN1_INTEGER_free(x->serialNumber); x->serialNumber = in; } } return (in != NULL); }
int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) { ASN1_OCTET_STRING *keyid = NULL; const ASN1_OCTET_STRING *cert_keyid; cert_keyid = X509_get0_subject_key_id(cert); if (cert_keyid == NULL) { CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID); return 0; } keyid = ASN1_STRING_dup(cert_keyid); if (!keyid) { CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE); return 0; } ASN1_OCTET_STRING_free(*pkeyid); *pkeyid = keyid; return 1; }
int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) { ASN1_OCTET_STRING *keyid = NULL; X509_check_purpose(cert, -1, -1); if (!cert->skid) { CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID); return 0; } keyid = ASN1_STRING_dup(cert->skid); if (!keyid) { CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE); return 0; } if (*pkeyid) ASN1_OCTET_STRING_free(*pkeyid); *pkeyid = keyid; return 1; }
static int openssl_xname_delete_entry(lua_State*L) { X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); int loc = luaL_checkint(L, 2); X509_NAME_ENTRY *xe = X509_NAME_delete_entry(xn,loc); if(xe) { ASN1_OBJECT *obj = OBJ_dup(xe->object); ASN1_STRING *as = ASN1_STRING_dup(xe->value); PUSH_OBJECT(obj,"openssl.asn1_object"); PUSH_OBJECT(as,"openssl.asn1_string"); X509_NAME_ENTRY_free(xe); return 2; }else lua_pushnil(L); return 1; };
static int openssl_push_pkcs7_signer_info(lua_State *L, PKCS7_SIGNER_INFO *info) { lua_newtable(L); AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(info->version), integer); if (info->issuer_and_serial != NULL) { X509_NAME *i = X509_NAME_dup(info->issuer_and_serial->issuer); ASN1_INTEGER *s = ASN1_INTEGER_dup(info->issuer_and_serial->serial); if (info->issuer_and_serial->issuer) AUXILIAR_SETOBJECT(L, i, "openssl.x509_name", -1, "issuer"); if (info->issuer_and_serial->serial) AUXILIAR_SETOBJECT(L, s, "openssl.asn1_integer", -1, "serial"); } if (info->digest_alg) { X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg); AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_alg"); } if (info->digest_enc_alg) { X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg); AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_enc_alg"); } if (info->enc_digest) { ASN1_STRING *dup = ASN1_STRING_dup(info->enc_digest); AUXILIAR_SETOBJECT(L, dup, "openssl.asn1_string", -1, "enc_digest"); } if (info->pkey) { CRYPTO_add(&info->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); AUXILIAR_SETOBJECT(L, info->pkey, "openssl.evp_pkey", -1, "pkey"); } return 1; }
static int openssl_xext_data(lua_State* L) { int ret = 0; X509_EXTENSION *x = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension"); if (lua_isnone(L, 2)) { ASN1_STRING *s = X509_EXTENSION_get_data(x); s = ASN1_STRING_dup(s); PUSH_OBJECT(s, "openssl.asn1_string"); return 1; } else if (lua_isstring(L, 2)) { size_t size; const char* data = lua_tolstring(L, 2, &size); ASN1_STRING* s = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); if (ASN1_STRING_set(s, data, size) == 1) { ret = X509_EXTENSION_set_data(x, s); } ASN1_STRING_free(s); return openssl_pushresult(L, ret); } else { ASN1_STRING* s = CHECK_GROUP(2, ASN1_STRING, "openssl.asn1group"); if (ASN1_STRING_type(s) == V_ASN1_OCTET_STRING) { int ret; ret = X509_EXTENSION_set_data(x, s); return openssl_pushresult(L, ret); } else { luaL_argerror(L, 2, "asn1_string type must be octet"); } } return 0; };
static X509_EXTENSION* openssl_new_xextension(lua_State*L, X509_EXTENSION** x, int idx, int utf8) { int nid; ASN1_OCTET_STRING* value; int critical = 0; lua_getfield(L, idx, "object"); nid = openssl_get_nid(L, -1); lua_pop(L, 1); if (nid==NID_undef) { lua_pushfstring(L, "%s is not valid object id",lua_tostring(L, -1)); luaL_argerror(L, idx, lua_tostring(L,-1)); } lua_getfield(L, idx, "value"); value = CHECK_OBJECT(-1, ASN1_STRING, "openssl.asn1_string"); lua_pop(L, 1); lua_getfield(L, idx, "critical"); critical = lua_isnil(L,-1) ? 0 : lua_toboolean(L, -1); lua_pop(L, 1); return X509_EXTENSION_create_by_NID(x, nid, critical, ASN1_STRING_dup(value)); }
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) { return ASN1_STRING_dup(x); }
static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig) { int pad_mode; EVP_PKEY_CTX *pkctx = ctx->pctx; if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; if (pad_mode == RSA_PKCS1_PADDING) return 2; if (pad_mode == RSA_PKCS1_PSS_PADDING) { const EVP_MD *sigmd, *mgf1md; RSA_PSS_PARAMS *pss = NULL; X509_ALGOR *mgf1alg = NULL; ASN1_STRING *os1 = NULL, *os2 = NULL; EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); int saltlen, rv = 0; sigmd = EVP_MD_CTX_md(ctx); if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) goto err; if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) goto err; if (saltlen == -1) saltlen = EVP_MD_size(sigmd); else if (saltlen == -2) { saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) saltlen--; } pss = RSA_PSS_PARAMS_new(); if (!pss) goto err; if (saltlen != 20) { pss->saltLength = ASN1_INTEGER_new(); if (!pss->saltLength) goto err; if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) goto err; } if (EVP_MD_type(sigmd) != NID_sha1) { pss->hashAlgorithm = X509_ALGOR_new(); if (!pss->hashAlgorithm) goto err; X509_ALGOR_set_md(pss->hashAlgorithm, sigmd); } if (EVP_MD_type(mgf1md) != NID_sha1) { ASN1_STRING *stmp = NULL; /* need to embed algorithm ID inside another */ mgf1alg = X509_ALGOR_new(); X509_ALGOR_set_md(mgf1alg, mgf1md); if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) goto err; pss->maskGenAlgorithm = X509_ALGOR_new(); if (!pss->maskGenAlgorithm) goto err; X509_ALGOR_set0(pss->maskGenAlgorithm, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); } /* Finally create string with pss parameter encoding. */ if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1)) goto err; if (alg2) { os2 = ASN1_STRING_dup(os1); if (!os2) goto err; X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os2); } X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os1); os1 = os2 = NULL; rv = 3; err: if (mgf1alg) X509_ALGOR_free(mgf1alg); if (pss) RSA_PSS_PARAMS_free(pss); if (os1) ASN1_STRING_free(os1); return rv; } return 2; }
static LUA_FUNCTION(openssl_pkcs7_parse) { PKCS7 * p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7"); STACK_OF(X509) *certs = NULL; STACK_OF(X509_CRL) *crls = NULL; int i = OBJ_obj2nid(p7->type); lua_newtable(L); AUXILIAR_SET(L, -1, "type", OBJ_nid2ln(i), string); switch (i) { case NID_pkcs7_signed: { PKCS7_SIGNED *sign = p7->d.sign; certs = sign->cert ? sign->cert : NULL; crls = sign->crl ? sign->crl : NULL; AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(sign->version), integer); AUXILIAR_SET(L, -1, "detached", PKCS7_is_detached(p7), boolean); lua_pushstring(L, "md_algs"); openssl_sk_x509_algor_totable(L, sign->md_algs); lua_rawset(L, -3); if (sign->signer_info) { int j, n; n = sk_PKCS7_SIGNER_INFO_num(sign->signer_info); lua_pushstring(L, "signer_info"); lua_newtable(L); for (j = 0; j < n; j++) { PKCS7_SIGNER_INFO *info = sk_PKCS7_SIGNER_INFO_value(sign->signer_info, j); lua_pushinteger(L, j + 1); openssl_push_pkcs7_signer_info(L, info); lua_rawset(L, -3); } lua_rawset(L, -3); } if (!PKCS7_is_detached(p7)) { PKCS7* c = sign->contents; c = PKCS7_dup(c); AUXILIAR_SETOBJECT(L, c, "openssl.pkcs7", -1, "contents"); } } break; case NID_pkcs7_signedAndEnveloped: certs = p7->d.signed_and_enveloped->cert; crls = p7->d.signed_and_enveloped->crl; break; case NID_pkcs7_enveloped: { /* BIO * mem = BIO_new(BIO_s_mem()); BIO * v_p7bio = PKCS7_dataDecode(p7,pkey,NULL,NULL); BUF_MEM *bptr = NULL; unsigned char src[4096]; int len; while((len = BIO_read(v_p7bio,src,4096))>0){ BIO_write(mem, src, len); } BIO_free(v_p7bio); BIO_get_mem_ptr(mem, &bptr); if((int)*puiDataLen < bptr->length) { *puiDataLen = bptr->length; ret = SAR_MemoryErr; }else{ *puiDataLen = bptr->length; memcpy(pucData,bptr->data, bptr->length); } */ } break; case NID_pkcs7_digest: { PKCS7_DIGEST* d = p7->d.digest; ASN1_OCTET_STRING *as = ASN1_STRING_dup(d->digest); PUSH_OBJECT(as, "openssl.asn1_string"); lua_setfield(L, -2, "digest"); } break; case NID_pkcs7_data: { ASN1_OCTET_STRING *as = ASN1_STRING_dup(p7->d.data); PUSH_OBJECT(as, "openssl.asn1_string"); lua_setfield(L, -2, "data"); } break; default: break; } /* NID_pkcs7_signed or NID_pkcs7_signedAndEnveloped */ if (certs != NULL) { lua_pushstring(L, "certs"); openssl_sk_x509_totable(L, certs); lua_rawset(L, -3); } if (crls != NULL) { lua_pushstring(L, "crls"); openssl_sk_x509_crl_totable(L, crls); lua_rawset(L, -3); } return 1; }