static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
const char *policy, int no_nonce, int cert)
{
int ret = 0;
TS_REQ *ts_req = NULL;
int len;
TS_MSG_IMPRINT *msg_imprint = NULL;
X509_ALGOR *algo = NULL;
unsigned char *data = NULL;
ASN1_OBJECT *policy_obj = NULL;
ASN1_INTEGER *nonce_asn1 = NULL;
if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
goto err;
if ((ts_req = TS_REQ_new()) == NULL)
goto err;
if (!TS_REQ_set_version(ts_req, 1))
goto err;
if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL)
goto err;
if ((algo = X509_ALGOR_new()) == NULL)
goto err;
if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL)
goto err;
if ((algo->parameter = ASN1_TYPE_new()) == NULL)
goto err;
algo->parameter->type = V_ASN1_NULL;
if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))
goto err;
if ((len = create_digest(data_bio, digest, md, &data)) == 0)
goto err;
if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))
goto err;
if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))
goto err;
if (policy && (policy_obj = txt2obj(policy)) == NULL)
goto err;
if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))
goto err;
/* Setting nonce if requested. */
if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL)
goto err;
if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))
goto err;
if (!TS_REQ_set_cert_req(ts_req, cert))
goto err;
ret = 1;
err:
if (!ret) {
TS_REQ_free(ts_req);
ts_req = NULL;
BIO_printf(bio_err, "could not create query\n");
ERR_print_errors(bio_err);
}
TS_MSG_IMPRINT_free(msg_imprint);
X509_ALGOR_free(algo);
OPENSSL_free(data);
ASN1_OBJECT_free(policy_obj);
ASN1_INTEGER_free(nonce_asn1);
return ts_req;
}
static int openssl_ts_req_msg_imprint(lua_State*L)
{
TS_REQ* req = CHECK_OBJECT(1, TS_REQ, "openssl.ts_req");
if (lua_isnone(L, 2))
{
TS_MSG_IMPRINT * msg = TS_REQ_get_msg_imprint(req);
if (msg)
{
ASN1_OCTET_STRING *s = TS_MSG_IMPRINT_get_msg(msg);
X509_ALGOR *a = TS_MSG_IMPRINT_get_algo(msg);
PUSH_ASN1_OCTET_STRING(L, s);
openssl_push_x509_algor(L, a);
ASN1_OCTET_STRING_free(s);
X509_ALGOR_free(a);
return 2;
}
return 1;
}
else
{
size_t size;
const char* data = luaL_checklstring(L, 2, &size);
const EVP_MD* md = lua_isnoneornil(L, 3)
? EVP_get_digestbyname("sha1")
: get_digest(L, 3);
TS_MSG_IMPRINT *msg = TS_MSG_IMPRINT_new();
int ret = TS_MSG_IMPRINT_set_msg(msg, (unsigned char*)data, size);
if (ret == 1)
{
X509_ALGOR* alg = X509_ALGOR_new();
X509_ALGOR_set_md(alg, md);
if (ret == 1)
{
ret = TS_MSG_IMPRINT_set_algo(msg, alg);
if (ret == 1)
ret = TS_REQ_set_msg_imprint(req, msg);
}
X509_ALGOR_free(alg);
}
TS_MSG_IMPRINT_free(msg);
return openssl_pushresult(L, ret);
}
};
TS_REQ* get_timestamp_request(char* hash, int hash_size, ASN1_INTEGER *nonce_asn1)
{
int ret = 0;
TS_REQ *ts_req = NULL;
TS_MSG_IMPRINT *msg_imprint = NULL;
X509_ALGOR *algo = NULL;
unsigned char *data = NULL;
ASN1_OBJECT *policy_obj = NULL;
const EVP_MD* md = NULL;
/* Setting default message digest. */
if ((md = EVP_get_digestbyname("sha256")) == NULL)
{
goto err;
}
/* Creating request object. */
if ((ts_req = TS_REQ_new()) == NULL)
{
goto err;
}
/* Setting version. */
if (!TS_REQ_set_version(ts_req, 1)) goto err;
/* Creating and adding MSG_IMPRINT object. */
if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL)
{
goto err;
}
/* Adding algorithm. */
if ((algo = X509_ALGOR_new()) == NULL)
{
goto err;
}
if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL)
{
goto err;
}
if ((algo->parameter = ASN1_TYPE_new()) == NULL)
{
goto err;
}
algo->parameter->type = V_ASN1_NULL;
if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) goto err;
/* Adding message digest. */
if (!TS_MSG_IMPRINT_set_msg(msg_imprint, (unsigned char*)hash, hash_size)) goto err;
if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint)) goto err;
/* Setting policy if requested. */
if ((policy_obj = OBJ_txt2obj("1.1.3", 0)) == NULL)
{
goto err;
}
if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj)) goto err;
/* Setting nonce if requested. */
if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1)) goto err;
/* Setting certificate request flag if requested. */
if (!TS_REQ_set_cert_req(ts_req, 1)) goto err;
ret = 1;
err:
if (!ret)
{
TS_REQ_free(ts_req);
ts_req = NULL;
}
TS_MSG_IMPRINT_free(msg_imprint);
X509_ALGOR_free(algo);
OPENSSL_free(data);
ASN1_OBJECT_free(policy_obj);
return ts_req;
}