Merge branch '87-pass-subject-to-extension.new'

Closes #87
author: daurnimator <quae@daurnimator.com> 2017-04-03 16:46:08 +1000
committer: daurnimator <quae@daurnimator.com> 2017-04-03 16:46:45 +1000
commit: 39e3d12d04550c7301414dc8da0cdc31878871fb (patch)
tree: 3617cb1aeb12ad977ce403d37c05fe4104c521ed
parent: 590d368daeb400515c82b2d99ddcdf14607f9353 (diff)
parent: 25ad97c7be75b2d6e7ae677506b1b47ce760d46a (diff)
download: luaossl-39e3d12d04550c7301414dc8da0cdc31878871fb.tar.gz
luaossl-39e3d12d04550c7301414dc8da0cdc31878871fb.tar.bz2
luaossl-39e3d12d04550c7301414dc8da0cdc31878871fb.zip
4 files changed, 108 insertions, 26 deletions
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf
index b015a6a..459a9cc 100644
--- a/doc/luaossl.pdf
+++ b/doc/luaossl.pdf
Binary files differ
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 0675e62..49e8e0e 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -394,7 +394,19 @@ Binds the X.509 extension OpenSSL object.
 \subsubsection[\fn{extension.new}]{\fn{extension.new($name$, $value$ [, $data$])}}
-Returns a new X.509 extension. If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string. Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is an OpenSSL configuration string defining any referenced identifiers in $value$.
+Returns a new X.509 extension.
+If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string.
+Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is either an OpenSSL configuration string defining any referenced identifiers in $value$, or a table with members:
+\begin{ctabular}{ l | l | p{8cm} }
+field & type:default & description\\\hline
+.db & string:$nil$ & OpenSSL configuration string\\
+.issuer & \module{openssl.x509}:$nil$ & issuer certificate\\
+.subject & \module{openssl.x509}:$nil$ & subject certificate\\
+.request & \module{openssl.x509.csr}:$nil$ & certificate signing request\\
+.crl & \module{openssl.x509.crl}:$nil$ & certificate revocation list\\
+.flags & integer:$0$ & a bitwise combination of flags
+\end{ctabular}
 \subsubsection[\fn{extension.interpose}]{\fn{extension.interpose($name$, $function$)}}
diff --git a/src/compat52.h b/src/compat52.h
index 0057b3c..22541f7 100644
--- a/src/compat52.h
+++ b/src/compat52.h
@@ -23,6 +23,14 @@
 * USE OR OTHER DEALINGS IN THE SOFTWARE.
 * ==========================================================================
 */
+#if LUA_VERSION_NUM < 503
+#define lua_getfield(L, i, f) (lua_getfield(L, (i), (f)), lua_type(L, -1))
+#endif
 #if LUA_VERSION_NUM < 502
 #define LUA_OK 0
diff --git a/src/openssl.c b/src/openssl.c
index 0ba7825..bd62996 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -74,9 +74,7 @@
 #include <lualib.h>
 #include <lauxlib.h>
-#if LUA_VERSION_NUM < 502
 #include "compat52.h"
-#endif
 #define GNUC_2VER(M, m, p) (((M) * 10000) + ((m) * 100) + (p))
 #define GNUC_PREREQ(M, m, p) (__GNUC__ > 0 && GNUC_2VER(__GNUC__, __GNUC_MINOR__, __GNUC_PATCHLEVEL__) >= GNUC_2VER((M), (m), (p)))
@@ -4976,6 +4974,25 @@ static _Bool xe_new_isder(const char *value, _Bool *crit) {
        return 0;
 } /* xs_new_isder() */
+static CONF* loadconf(lua_State *L, int idx) {
+        CONF *conf;
+        size_t len;
+        const char *cdata = luaL_checklstring(L, idx, &len);
+        BIO *bio = getbio(L);
+        if (BIO_write(bio, cdata, len) < 0)
+                return NULL;
+        if (!(conf = NCONF_new(NULL)))
+                return NULL;
+        if (!NCONF_load_bio(conf, bio, NULL)) {
+                NCONF_free(conf);
+                return NULL;
+        }
+        return conf;
+}
 static int xe_new(lua_State *L) {
        const char *name = luaL_checkstring(L, 1);
        const char *value = luaL_checkstring(L, 2);
@@ -4984,42 +5001,87 @@ static int xe_new(lua_State *L) {
        CONF *conf = NULL;
        X509V3_CTX cbuf = { 0 }, *ctx = NULL;
        X509_EXTENSION **ud;
+        _Bool crit;
        lua_settop(L, 3);
        ud = prepsimple(L, X509_EXT_CLASS);
-        if (!lua_isnil(L, 3)) {
+        if (xe_new_isder(value, &crit)) {
                size_t len;
-                const char *cdata = luaL_checklstring(L, 3, &len);
+                const char *cdata = lua_tolstring(L, 3, &len);
-                _Bool crit;
+                if (!(obj = OBJ_txt2obj(name, 0)))
+                        goto error;
+                if (!(oct = ASN1_STRING_new()))
+                        goto error;
+                if (!ASN1_STRING_set(oct, cdata, len))
+                        goto error;
+                if (!(*ud = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct)))
+                        goto error;
-                if (xe_new_isder(value, &crit)) {
+                ASN1_OBJECT_free(obj);
-                        if (!(obj = OBJ_txt2obj(name, 0)))
+                ASN1_STRING_free(oct);
-                                goto error;
-                        if (!(oct = ASN1_STRING_new()))
+                return 1;
-                                goto error;
+        }
-                        if (!ASN1_STRING_set(oct, cdata, len))
-                                goto error;
+        switch (lua_type(L, 3)) {
-                        if (!(*ud = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct)))
+        case LUA_TNONE:
+        case LUA_TNIL:
+                break;
+        case LUA_TSTRING: {
+                if (!(conf = loadconf(L, 3)))
+                        goto error;
+                ctx = &cbuf;
+                X509V3_set_nconf(ctx, conf);
+                break;
+        }
+        case LUA_TTABLE: {
+                X509 *issuer = NULL;
+                X509 *subject = NULL;
+                X509_REQ *request = NULL;
+                X509_CRL *crl = NULL;
+                int flags = 0;
+                ctx = &cbuf;
+                if (lua_getfield(L, 3, "db") != LUA_TNIL) {
+                        if (!(conf = loadconf(L, -1)))
                                goto error;
+                        X509V3_set_nconf(ctx, conf);
+                }
+                lua_pop(L, 1);
-                        ASN1_OBJECT_free(obj);
+                if (lua_getfield(L, 3, "issuer") != LUA_TNIL) {
-                        ASN1_STRING_free(oct);
+                        issuer = checksimple(L, -1, X509_CERT_CLASS);
+                }
+                lua_pop(L, 1);
-                        return 1;
+                if (lua_getfield(L, 3, "subject") != LUA_TNIL) {
+                        subject = checksimple(L, -1, X509_CERT_CLASS);
                }
+                lua_pop(L, 1);
-                BIO *bio = getbio(L);
+                if (lua_getfield(L, 3, "request") != LUA_TNIL) {
-                if (BIO_puts(bio, cdata) < 0)
+                        request = checksimple(L, -1, X509_CSR_CLASS);
-                        goto error;
+                }
+                lua_pop(L, 1);
-                if (!(conf = NCONF_new(NULL)))
+                if (lua_getfield(L, 3, "crl") != LUA_TNIL) {
-                        goto error;
+                        crl = checksimple(L, -1, X509_CRL_CLASS);
-                if (!NCONF_load_bio(conf, bio, NULL))
+                }
-                        goto error;
+                lua_pop(L, 1);
-                ctx = &cbuf;
+                if (lua_getfield(L, 3, "flags") != LUA_TNIL) {
-                X509V3_set_nconf(ctx, conf);
+                        flags = luaL_checkinteger(L, -1);
+                }
+                lua_pop(L, 1);
+                X509V3_set_ctx(ctx, issuer, subject, request, crl, flags);
+                break;
+        }
+        default:
+                return luaL_argerror(L, 3, "invalid extra parameter (expected string, table or nil)");
        }
        /*
author	daurnimator <quae@daurnimator.com>	2017-04-03 16:46:08 +1000
committer	daurnimator <quae@daurnimator.com>	2017-04-03 16:46:45 +1000
commit	39e3d12d04550c7301414dc8da0cdc31878871fb (patch)
tree	3617cb1aeb12ad977ce403d37c05fe4104c521ed
parent	590d368daeb400515c82b2d99ddcdf14607f9353 (diff)
parent	25ad97c7be75b2d6e7ae677506b1b47ce760d46a (diff)
download	luaossl-39e3d12d04550c7301414dc8da0cdc31878871fb.tar.gz luaossl-39e3d12d04550c7301414dc8da0cdc31878871fb.tar.bz2 luaossl-39e3d12d04550c7301414dc8da0cdc31878871fb.zip

diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf index b015a6a..459a9cc 100644 --- a/doc/luaossl.pdf +++ b/doc/luaossl.pdf
Binary files differ


diff --git a/doc/luaossl.tex b/doc/luaossl.tex index 0675e62..49e8e0e 100644 --- a/doc/luaossl.tex +++ b/doc/luaossl.tex
@@ -394,7 +394,19 @@ Binds the X.509 extension OpenSSL object.
394		394
395	\subsubsection[\fn{extension.new}]{\fn{extension.new($name$, $value$ [, $data$])}}	395	\subsubsection[\fn{extension.new}]{\fn{extension.new($name$, $value$ [, $data$])}}
396		396
397	Returns a new X.509 extension. If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string. Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is an OpenSSL configuration string defining any referenced identifiers in $value$.	397	Returns a new X.509 extension.
		398	If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string.
		399	Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is either an OpenSSL configuration string defining any referenced identifiers in $value$, or a table with members:
		400
		401	\begin{ctabular}{ l \| l \| p{8cm} }
		402	field & type:default & description\\\hline
		403	.db & string:$nil$ & OpenSSL configuration string\\
		404	.issuer & \module{openssl.x509}:$nil$ & issuer certificate\\
		405	.subject & \module{openssl.x509}:$nil$ & subject certificate\\
		406	.request & \module{openssl.x509.csr}:$nil$ & certificate signing request\\
		407	.crl & \module{openssl.x509.crl}:$nil$ & certificate revocation list\\
		408	.flags & integer:$0$ & a bitwise combination of flags
		409	\end{ctabular}
398		410
399	\subsubsection[\fn{extension.interpose}]{\fn{extension.interpose($name$, $function$)}}	411	\subsubsection[\fn{extension.interpose}]{\fn{extension.interpose($name$, $function$)}}
400		412


diff --git a/src/compat52.h b/src/compat52.h index 0057b3c..22541f7 100644 --- a/src/compat52.h +++ b/src/compat52.h
@@ -23,6 +23,14 @@
23	* USE OR OTHER DEALINGS IN THE SOFTWARE.	23	* USE OR OTHER DEALINGS IN THE SOFTWARE.
24	* ==========================================================================	24	* ==========================================================================
25	*/	25	*/
		26
		27
		28	#if LUA_VERSION_NUM < 503
		29
		30	#define lua_getfield(L, i, f) (lua_getfield(L, (i), (f)), lua_type(L, -1))
		31
		32	#endif
		33
26	#if LUA_VERSION_NUM < 502	34	#if LUA_VERSION_NUM < 502
27		35
28	#define LUA_OK 0	36	#define LUA_OK 0


diff --git a/src/openssl.c b/src/openssl.c index 0ba7825..bd62996 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -74,9 +74,7 @@
74	#include <lualib.h>	74	#include <lualib.h>
75	#include <lauxlib.h>	75	#include <lauxlib.h>
76		76
77	#if LUA_VERSION_NUM < 502
78	#include "compat52.h"	77	#include "compat52.h"
79	#endif
80		78
81	#define GNUC_2VER(M, m, p) (((M) * 10000) + ((m) * 100) + (p))	79	#define GNUC_2VER(M, m, p) (((M) * 10000) + ((m) * 100) + (p))
82	#define GNUC_PREREQ(M, m, p) (__GNUC__ > 0 && GNUC_2VER(__GNUC__, __GNUC_MINOR__, __GNUC_PATCHLEVEL__) >= GNUC_2VER((M), (m), (p)))	80	#define GNUC_PREREQ(M, m, p) (__GNUC__ > 0 && GNUC_2VER(__GNUC__, __GNUC_MINOR__, __GNUC_PATCHLEVEL__) >= GNUC_2VER((M), (m), (p)))
@@ -4976,6 +4974,25 @@ static _Bool xe_new_isder(const char value, _Bool crit) {
4976	return 0;	4974	return 0;
4977	} /* xs_new_isder() */	4975	} /* xs_new_isder() */
4978		4976
		4977	static CONF* loadconf(lua_State *L, int idx) {
		4978	CONF *conf;
		4979	size_t len;
		4980	const char *cdata = luaL_checklstring(L, idx, &len);
		4981	BIO *bio = getbio(L);
		4982	if (BIO_write(bio, cdata, len) < 0)
		4983	return NULL;
		4984
		4985	if (!(conf = NCONF_new(NULL)))
		4986	return NULL;
		4987
		4988	if (!NCONF_load_bio(conf, bio, NULL)) {
		4989	NCONF_free(conf);
		4990	return NULL;
		4991	}
		4992
		4993	return conf;
		4994	}
		4995
4979	static int xe_new(lua_State *L) {	4996	static int xe_new(lua_State *L) {
4980	const char *name = luaL_checkstring(L, 1);	4997	const char *name = luaL_checkstring(L, 1);
4981	const char *value = luaL_checkstring(L, 2);	4998	const char *value = luaL_checkstring(L, 2);
@@ -4984,42 +5001,87 @@ static int xe_new(lua_State *L) {
4984	CONF *conf = NULL;	5001	CONF *conf = NULL;
4985	X509V3_CTX cbuf = { 0 }, *ctx = NULL;	5002	X509V3_CTX cbuf = { 0 }, *ctx = NULL;
4986	X509_EXTENSION **ud;	5003	X509_EXTENSION **ud;
		5004	_Bool crit;
4987		5005
4988	lua_settop(L, 3);	5006	lua_settop(L, 3);
4989	ud = prepsimple(L, X509_EXT_CLASS);	5007	ud = prepsimple(L, X509_EXT_CLASS);
4990		5008
4991	if (!lua_isnil(L, 3)) {	5009	if (xe_new_isder(value, &crit)) {
4992	size_t len;	5010	size_t len;
4993	const char *cdata = luaL_checklstring(L, 3, &len);	5011	const char *cdata = lua_tolstring(L, 3, &len);
4994	_Bool crit;	5012	if (!(obj = OBJ_txt2obj(name, 0)))
		5013	goto error;
		5014	if (!(oct = ASN1_STRING_new()))
		5015	goto error;
		5016	if (!ASN1_STRING_set(oct, cdata, len))
		5017	goto error;
		5018	if (!(*ud = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct)))
		5019	goto error;
4995		5020
4996	if (xe_new_isder(value, &crit)) {	5021	ASN1_OBJECT_free(obj);
4997	if (!(obj = OBJ_txt2obj(name, 0)))	5022	ASN1_STRING_free(oct);
4998	goto error;	5023
4999	if (!(oct = ASN1_STRING_new()))	5024	return 1;
5000	goto error;	5025	}
5001	if (!ASN1_STRING_set(oct, cdata, len))	5026
5002	goto error;	5027	switch (lua_type(L, 3)) {
5003	if (!(*ud = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct)))	5028	case LUA_TNONE:
		5029	case LUA_TNIL:
		5030	break;
		5031	case LUA_TSTRING: {
		5032	if (!(conf = loadconf(L, 3)))
		5033	goto error;
		5034
		5035	ctx = &cbuf;
		5036	X509V3_set_nconf(ctx, conf);
		5037	break;
		5038	}
		5039	case LUA_TTABLE: {
		5040	X509 *issuer = NULL;
		5041	X509 *subject = NULL;
		5042	X509_REQ *request = NULL;
		5043	X509_CRL *crl = NULL;
		5044	int flags = 0;
		5045
		5046	ctx = &cbuf;
		5047
		5048	if (lua_getfield(L, 3, "db") != LUA_TNIL) {
		5049	if (!(conf = loadconf(L, -1)))
5004	goto error;	5050	goto error;
		5051	X509V3_set_nconf(ctx, conf);
		5052	}
		5053	lua_pop(L, 1);
5005		5054
5006	ASN1_OBJECT_free(obj);	5055	if (lua_getfield(L, 3, "issuer") != LUA_TNIL) {
5007	ASN1_STRING_free(oct);	5056	issuer = checksimple(L, -1, X509_CERT_CLASS);
		5057	}
		5058	lua_pop(L, 1);
5008		5059
5009	return 1;	5060	if (lua_getfield(L, 3, "subject") != LUA_TNIL) {
		5061	subject = checksimple(L, -1, X509_CERT_CLASS);
5010	}	5062	}
		5063	lua_pop(L, 1);
5011		5064
5012	BIO *bio = getbio(L);	5065	if (lua_getfield(L, 3, "request") != LUA_TNIL) {
5013	if (BIO_puts(bio, cdata) < 0)	5066	request = checksimple(L, -1, X509_CSR_CLASS);
5014	goto error;	5067	}
		5068	lua_pop(L, 1);
5015		5069
5016	if (!(conf = NCONF_new(NULL)))	5070	if (lua_getfield(L, 3, "crl") != LUA_TNIL) {
5017	goto error;	5071	crl = checksimple(L, -1, X509_CRL_CLASS);
5018	if (!NCONF_load_bio(conf, bio, NULL))	5072	}
5019	goto error;	5073	lua_pop(L, 1);
5020		5074
5021	ctx = &cbuf;	5075	if (lua_getfield(L, 3, "flags") != LUA_TNIL) {
5022	X509V3_set_nconf(ctx, conf);	5076	flags = luaL_checkinteger(L, -1);
		5077	}
		5078	lua_pop(L, 1);
		5079
		5080	X509V3_set_ctx(ctx, issuer, subject, request, crl, flags);
		5081	break;
		5082	}
		5083	default:
		5084	return luaL_argerror(L, 3, "invalid extra parameter (expected string, table or nil)");
5023	}	5085	}
5024		5086
5025	/*	5087	/*