summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/luaossl.pdfbin268918 -> 269289 bytes
-rw-r--r--doc/luaossl.tex14
-rw-r--r--src/compat52.h8
-rw-r--r--src/openssl.c112
4 files changed, 108 insertions, 26 deletions
diff --git a/doc/luaossl.pdf b/doc/luaossl.pdf
index b015a6a..459a9cc 100644
--- a/doc/luaossl.pdf
+++ b/doc/luaossl.pdf
Binary files differ
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 0675e62..49e8e0e 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -394,7 +394,19 @@ Binds the X.509 extension OpenSSL object.
394 394
395\subsubsection[\fn{extension.new}]{\fn{extension.new($name$, $value$ [, $data$])}} 395\subsubsection[\fn{extension.new}]{\fn{extension.new($name$, $value$ [, $data$])}}
396 396
397Returns a new X.509 extension. If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string. Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is an OpenSSL configuration string defining any referenced identifiers in $value$. 397Returns a new X.509 extension.
398If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string.
399Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is either an OpenSSL configuration string defining any referenced identifiers in $value$, or a table with members:
400
401\begin{ctabular}{ l | l | p{8cm} }
402field & type:default & description\\\hline
403.db & string:$nil$ & OpenSSL configuration string\\
404.issuer & \module{openssl.x509}:$nil$ & issuer certificate\\
405.subject & \module{openssl.x509}:$nil$ & subject certificate\\
406.request & \module{openssl.x509.csr}:$nil$ & certificate signing request\\
407.crl & \module{openssl.x509.crl}:$nil$ & certificate revocation list\\
408.flags & integer:$0$ & a bitwise combination of flags
409\end{ctabular}
398 410
399\subsubsection[\fn{extension.interpose}]{\fn{extension.interpose($name$, $function$)}} 411\subsubsection[\fn{extension.interpose}]{\fn{extension.interpose($name$, $function$)}}
400 412
diff --git a/src/compat52.h b/src/compat52.h
index 0057b3c..22541f7 100644
--- a/src/compat52.h
+++ b/src/compat52.h
@@ -23,6 +23,14 @@
23 * USE OR OTHER DEALINGS IN THE SOFTWARE. 23 * USE OR OTHER DEALINGS IN THE SOFTWARE.
24 * ========================================================================== 24 * ==========================================================================
25 */ 25 */
26
27
28#if LUA_VERSION_NUM < 503
29
30#define lua_getfield(L, i, f) (lua_getfield(L, (i), (f)), lua_type(L, -1))
31
32#endif
33
26#if LUA_VERSION_NUM < 502 34#if LUA_VERSION_NUM < 502
27 35
28#define LUA_OK 0 36#define LUA_OK 0
diff --git a/src/openssl.c b/src/openssl.c
index 0ba7825..bd62996 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -74,9 +74,7 @@
74#include <lualib.h> 74#include <lualib.h>
75#include <lauxlib.h> 75#include <lauxlib.h>
76 76
77#if LUA_VERSION_NUM < 502
78#include "compat52.h" 77#include "compat52.h"
79#endif
80 78
81#define GNUC_2VER(M, m, p) (((M) * 10000) + ((m) * 100) + (p)) 79#define GNUC_2VER(M, m, p) (((M) * 10000) + ((m) * 100) + (p))
82#define GNUC_PREREQ(M, m, p) (__GNUC__ > 0 && GNUC_2VER(__GNUC__, __GNUC_MINOR__, __GNUC_PATCHLEVEL__) >= GNUC_2VER((M), (m), (p))) 80#define GNUC_PREREQ(M, m, p) (__GNUC__ > 0 && GNUC_2VER(__GNUC__, __GNUC_MINOR__, __GNUC_PATCHLEVEL__) >= GNUC_2VER((M), (m), (p)))
@@ -4976,6 +4974,25 @@ static _Bool xe_new_isder(const char *value, _Bool *crit) {
4976 return 0; 4974 return 0;
4977} /* xs_new_isder() */ 4975} /* xs_new_isder() */
4978 4976
4977static CONF* loadconf(lua_State *L, int idx) {
4978 CONF *conf;
4979 size_t len;
4980 const char *cdata = luaL_checklstring(L, idx, &len);
4981 BIO *bio = getbio(L);
4982 if (BIO_write(bio, cdata, len) < 0)
4983 return NULL;
4984
4985 if (!(conf = NCONF_new(NULL)))
4986 return NULL;
4987
4988 if (!NCONF_load_bio(conf, bio, NULL)) {
4989 NCONF_free(conf);
4990 return NULL;
4991 }
4992
4993 return conf;
4994}
4995
4979static int xe_new(lua_State *L) { 4996static int xe_new(lua_State *L) {
4980 const char *name = luaL_checkstring(L, 1); 4997 const char *name = luaL_checkstring(L, 1);
4981 const char *value = luaL_checkstring(L, 2); 4998 const char *value = luaL_checkstring(L, 2);
@@ -4984,42 +5001,87 @@ static int xe_new(lua_State *L) {
4984 CONF *conf = NULL; 5001 CONF *conf = NULL;
4985 X509V3_CTX cbuf = { 0 }, *ctx = NULL; 5002 X509V3_CTX cbuf = { 0 }, *ctx = NULL;
4986 X509_EXTENSION **ud; 5003 X509_EXTENSION **ud;
5004 _Bool crit;
4987 5005
4988 lua_settop(L, 3); 5006 lua_settop(L, 3);
4989 ud = prepsimple(L, X509_EXT_CLASS); 5007 ud = prepsimple(L, X509_EXT_CLASS);
4990 5008
4991 if (!lua_isnil(L, 3)) { 5009 if (xe_new_isder(value, &crit)) {
4992 size_t len; 5010 size_t len;
4993 const char *cdata = luaL_checklstring(L, 3, &len); 5011 const char *cdata = lua_tolstring(L, 3, &len);
4994 _Bool crit; 5012 if (!(obj = OBJ_txt2obj(name, 0)))
5013 goto error;
5014 if (!(oct = ASN1_STRING_new()))
5015 goto error;
5016 if (!ASN1_STRING_set(oct, cdata, len))
5017 goto error;
5018 if (!(*ud = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct)))
5019 goto error;
4995 5020
4996 if (xe_new_isder(value, &crit)) { 5021 ASN1_OBJECT_free(obj);
4997 if (!(obj = OBJ_txt2obj(name, 0))) 5022 ASN1_STRING_free(oct);
4998 goto error; 5023
4999 if (!(oct = ASN1_STRING_new())) 5024 return 1;
5000 goto error; 5025 }
5001 if (!ASN1_STRING_set(oct, cdata, len)) 5026
5002 goto error; 5027 switch (lua_type(L, 3)) {
5003 if (!(*ud = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct))) 5028 case LUA_TNONE:
5029 case LUA_TNIL:
5030 break;
5031 case LUA_TSTRING: {
5032 if (!(conf = loadconf(L, 3)))
5033 goto error;
5034
5035 ctx = &cbuf;
5036 X509V3_set_nconf(ctx, conf);
5037 break;
5038 }
5039 case LUA_TTABLE: {
5040 X509 *issuer = NULL;
5041 X509 *subject = NULL;
5042 X509_REQ *request = NULL;
5043 X509_CRL *crl = NULL;
5044 int flags = 0;
5045
5046 ctx = &cbuf;
5047
5048 if (lua_getfield(L, 3, "db") != LUA_TNIL) {
5049 if (!(conf = loadconf(L, -1)))
5004 goto error; 5050 goto error;
5051 X509V3_set_nconf(ctx, conf);
5052 }
5053 lua_pop(L, 1);
5005 5054
5006 ASN1_OBJECT_free(obj); 5055 if (lua_getfield(L, 3, "issuer") != LUA_TNIL) {
5007 ASN1_STRING_free(oct); 5056 issuer = checksimple(L, -1, X509_CERT_CLASS);
5057 }
5058 lua_pop(L, 1);
5008 5059
5009 return 1; 5060 if (lua_getfield(L, 3, "subject") != LUA_TNIL) {
5061 subject = checksimple(L, -1, X509_CERT_CLASS);
5010 } 5062 }
5063 lua_pop(L, 1);
5011 5064
5012 BIO *bio = getbio(L); 5065 if (lua_getfield(L, 3, "request") != LUA_TNIL) {
5013 if (BIO_puts(bio, cdata) < 0) 5066 request = checksimple(L, -1, X509_CSR_CLASS);
5014 goto error; 5067 }
5068 lua_pop(L, 1);
5015 5069
5016 if (!(conf = NCONF_new(NULL))) 5070 if (lua_getfield(L, 3, "crl") != LUA_TNIL) {
5017 goto error; 5071 crl = checksimple(L, -1, X509_CRL_CLASS);
5018 if (!NCONF_load_bio(conf, bio, NULL)) 5072 }
5019 goto error; 5073 lua_pop(L, 1);
5020 5074
5021 ctx = &cbuf; 5075 if (lua_getfield(L, 3, "flags") != LUA_TNIL) {
5022 X509V3_set_nconf(ctx, conf); 5076 flags = luaL_checkinteger(L, -1);
5077 }
5078 lua_pop(L, 1);
5079
5080 X509V3_set_ctx(ctx, issuer, subject, request, crl, flags);
5081 break;
5082 }
5083 default:
5084 return luaL_argerror(L, 3, "invalid extra parameter (expected string, table or nil)");
5023 } 5085 }
5024 5086
5025 /* 5087 /*
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 22:00:40 +0000