static int openssl_revoked_info(lua_State* L) { X509_REVOKED* revoked = CHECK_OBJECT(1, X509_REVOKED, "openssl.x509_revoked"); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (revoked->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, revoked->extensions); lua_rawset(L, -3); } return 1; };
static int openssl_ocsp_request_parse(lua_State*L) { OCSP_REQUEST *req = CHECK_OBJECT(1, OCSP_REQUEST, "openssl.ocsp_request"); int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2); OCSP_REQINFO *inf = req->tbsRequest; OCSP_SIGNATURE *sig = req->optionalSignature; BIO* bio = BIO_new(BIO_s_mem()); int i, num; lua_newtable(L); AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(inf->version), integer); if (inf->requestorName) { opensl_push_general_name(L, inf->requestorName, utf8); lua_setfield(L, -2, "requestorName"); } num = sk_OCSP_ONEREQ_num(inf->requestList); lua_newtable(L); for (i = 0; i < num; i++) { OCSP_ONEREQ *one = sk_OCSP_ONEREQ_value(inf->requestList, i); OCSP_CERTID *a = one->reqCert; lua_newtable(L); { openssl_push_x509_algor(L, a->hashAlgorithm); lua_setfield(L, -2, "hashAlgorithm"); PUSH_ASN1_OCTET_STRING(L, a->issuerNameHash); lua_setfield(L, -2, "issuerNameHash"); PUSH_ASN1_OCTET_STRING(L, a->issuerKeyHash); lua_setfield(L, -2, "issuerKeyHash"); PUSH_ASN1_INTEGER(L, a->serialNumber); lua_setfield(L, -2, "serialNumber"); } lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "requestList"); if (inf->requestExtensions){ STACK_OF(X509_EXTENSION) *extensions = sk_X509_EXTENSION_dup(inf->requestExtensions); PUSH_OBJECT(extensions,"openssl.stack_of_x509_extension"); lua_setfield(L,-2, "extensions"); } if (sig) { BIO_reset(bio); X509_signature_print(bio, sig->signatureAlgorithm, sig->signature); for (i = 0; i < sk_X509_num(sig->certs); i++) { X509_print(bio, sk_X509_value(sig->certs, i)); PEM_write_bio_X509(bio, sk_X509_value(sig->certs, i)); } } BIO_free(bio); return 1; }
static int openssl_revoked_serialNumber(lua_State* L) { X509_REVOKED* revoked = CHECK_OBJECT(1, X509_REVOKED, "openssl.x509_revoked"); BIGNUM *bn = ASN1_INTEGER_to_BN(revoked->serialNumber, NULL); PUSH_ASN1_INTEGER(L, revoked->serialNumber); PUSH_OBJECT(bn, "openssl.bn"); return 2; }
static LUA_FUNCTION(openssl_crl_get) { X509_CRL * crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int i = 0; X509_REVOKED *revoked = NULL; if (lua_isinteger(L, 2)) { i = lua_tointeger(L, 2); luaL_argcheck(L, (i >= 0 && i < sk_X509_REVOKED_num(crl->crl->revoked)), 2, "Out of range"); revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); } else { ASN1_STRING *sn = CHECK_OBJECT(2, ASN1_STRING, "openssl.asn1_integer"); int cnt = sk_X509_REVOKED_num(crl->crl->revoked); for (i = 0; i < cnt; i++) { X509_REVOKED *rev = sk_X509_REVOKED_value(crl->crl->revoked, i); if (ASN1_STRING_cmp(rev->serialNumber, sn) == 0) { revoked = rev; break; } } } if (revoked) { lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "code", revoked->reason, number); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "code", ASN1_ENUMERATED_get(reason), number); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (crl->crl->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, crl->crl->extensions); lua_rawset(L, -3); } } else lua_pushnil(L); return 1; }
static int openssl_revoked2table(lua_State*L, X509_REVOKED *revoked) { int reason = openssl_x509_revoked_get_reason(revoked); lua_newtable(L); AUXILIAR_SET(L, -1, "code", reason, number); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(reason), string); PUSH_ASN1_INTEGER(L, X509_REVOKED_get0_serialNumber(revoked)); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, X509_REVOKED_get0_revocationDate(revoked)); lua_setfield(L, -2, "revocationDate"); lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, X509_REVOKED_get0_extensions(revoked)); lua_rawset(L, -3); return 1; }
static LUA_FUNCTION(openssl_crl_get) { X509_CRL * crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int i = luaL_checkint(L, 2); if (i >= 0 && i < sk_X509_REVOKED_num(crl->crl->revoked)) { X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(revoked->reason), string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "reason", openssl_i2s_revoke_reason(ASN1_ENUMERATED_get(reason)), string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L, -2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L, -2, "revocationDate"); if (crl->crl->extensions) { lua_pushstring(L, "extensions"); openssl_sk_x509_extension_totable(L, crl->crl->extensions); lua_rawset(L, -3); } return 1; } else lua_pushnil(L); return 1; }
static int openssl_ts_req_nonce(lua_State*L) { TS_REQ* req = CHECK_OBJECT(1, TS_REQ, "openssl.ts_req"); if (lua_isnone(L, 2)) { const ASN1_INTEGER* ai = TS_REQ_get_nonce(req); BIGNUM *bn; PUSH_ASN1_INTEGER(L, ai); bn = ASN1_INTEGER_to_BN(ai, NULL); PUSH_OBJECT(bn, "openssl.bn"); return 2; } else { BIGNUM *bn = BN_get(L, 2); ASN1_INTEGER *ai = BN_to_ASN1_INTEGER(bn, NULL); int ret = TS_REQ_set_nonce(req, ai); ASN1_INTEGER_free(ai); BN_free(bn); return openssl_pushresult(L, ret); } }
static LUA_FUNCTION(openssl_crl_parse) { X509_CRL *crl = CHECK_OBJECT(1, X509_CRL, "openssl.x509_crl"); int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2); int n, i; lua_newtable(L); AUXILIAR_SET(L, -1, "version", X509_CRL_get_version(crl), integer); /* hash as used in CA directories to lookup cert by subject name */ { char buf[32]; snprintf(buf, sizeof(buf), "%08lx", X509_NAME_hash(X509_CRL_get_issuer(crl))); AUXILIAR_SET(L, -1, "hash", buf, string); } { const EVP_MD *digest = EVP_get_digestbyname("sha1"); unsigned char md[EVP_MAX_MD_SIZE]; int n = sizeof(md); if (X509_CRL_digest(crl, digest, md, (unsigned int*)&n)) { lua_newtable(L); AUXILIAR_SET(L, -1, "alg", OBJ_nid2sn(EVP_MD_type(digest)), string); AUXILIAR_SETLSTR(L, -1, "hash", (const char*)md, n); lua_setfield(L, -2, "fingerprint"); } } openssl_push_xname_asobject(L, X509_CRL_get_issuer(crl)); lua_setfield(L, -2, "issuer"); PUSH_ASN1_TIME(L,X509_CRL_get_lastUpdate(crl)); lua_setfield(L, -2, "lastUpdate"); PUSH_ASN1_TIME(L,X509_CRL_get_nextUpdate(crl)); lua_setfield(L, -2, "nextUpdate"); openssl_push_x509_algor(L, crl->crl->sig_alg); lua_setfield(L, -2, "sig_alg"); PUSH_ASN1_INTEGER(L, X509_CRL_get_ext_d2i(crl, NID_crl_number, NULL, NULL)); lua_setfield(L, -2, "crl_number"); PUSH_OBJECT(sk_X509_EXTENSION_dup(crl->crl->extensions),"openssl.stack_of_x509_extension"); lua_setfield(L, -2, "extensions"); n = sk_X509_REVOKED_num(crl->crl->revoked); lua_newtable(L); for (i = 0; i < n; i++) { X509_REVOKED *revoked = sk_X509_REVOKED_value(crl->crl->revoked, i); lua_newtable(L); #if OPENSSL_VERSION_NUMBER > 0x10000000L AUXILIAR_SET(L, -1, "CRLReason", reason_flags[revoked->reason].lname, string); #else { int crit = 0; void* reason = X509_REVOKED_get_ext_d2i(revoked, NID_crl_reason, &crit, NULL); AUXILIAR_SET(L, -1, "CRLReason", reason_flags[ASN1_ENUMERATED_get(reason)].lname, string); ASN1_ENUMERATED_free(reason); } #endif PUSH_ASN1_INTEGER(L, revoked->serialNumber); lua_setfield(L,-2, "serialNumber"); PUSH_ASN1_TIME(L, revoked->revocationDate); lua_setfield(L,-2, "revocationDate"); PUSH_OBJECT(sk_X509_EXTENSION_dup(revoked->extensions),"openssl.stack_of_x509_extension"); lua_setfield(L,-2, "extensions"); lua_rawseti(L, -2, i + 1); } lua_setfield(L, -2, "revoked"); return 1; }