From 1caa952f22f06ef58cd153e7bcffacef660e423d Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Tue, 6 May 2014 18:59:27 +0300 Subject: method for adding arbitrary certificate extensions --- src/openssl.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/src/openssl.c b/src/openssl.c index c589d6c..a0af882 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -2496,6 +2496,50 @@ static int xc_setBasicConstraintsCritical(lua_State *L) { } /* xc_setBasicConstraintsCritical() */ +static int xc_addExtension(lua_State *L) { + X509 *crt = checksimple(L, 1, X509_CERT_CLASS); + char *name = (char *) luaL_checkstring(L, 2); + char *value = (char *) luaL_checkstring(L, 3); + + int ok = 1; + + BIO *bio = NULL; + CONF *conf = NULL; + X509V3_CTX *ctx = NULL; + X509_EXTENSION *ext = NULL; + + if (lua_gettop(L) > 3) { + char *cdata = (char *) luaL_checkstring(L, 4); + + bio = BIO_new(BIO_s_mem()); + if (!bio) goto error; + if (BIO_puts(bio, cdata) < 0) goto error; + + conf = NCONF_new(NULL); + if (!conf) goto error; + if (!NCONF_load_bio(conf, bio, NULL)) goto error; + + ctx = (X509V3_CTX *) malloc(sizeof (X509V3_CTX)); + X509V3_set_nconf(ctx, conf); + } + + ext = X509V3_EXT_nconf(conf, ctx, name, value); + + if (ext && X509_add_ext(crt, ext, -1)) goto done; + + error: + ok = 0; + + done: + if (ext) X509_EXTENSION_free(ext); + if (ctx) free(ctx); + if (conf) NCONF_free(conf); + if (bio) BIO_free(bio); + + return ok ? 0 : throwssl(L, "x509.cert:addExtension"); +} /* xc_addExtension() */ + + static int xc_isIssuedBy(lua_State *L) { X509 *crt = checksimple(L, 1, X509_CERT_CLASS); X509 *issuer = checksimple(L, 2, X509_CERT_CLASS); @@ -2651,6 +2695,7 @@ static const luaL_Reg xc_methods[] = { { "setBasicConstraint", &xc_setBasicConstraint }, { "getBasicConstraintsCritical", &xc_getBasicConstraintsCritical }, { "setBasicConstraintsCritical", &xc_setBasicConstraintsCritical }, + { "addExtension", &xc_addExtension }, { "isIssuedBy", &xc_isIssuedBy }, { "getPublicKey", &xc_getPublicKey }, { "setPublicKey", &xc_setPublicKey }, -- cgit v1.2.3-59-g8ed1b From 934e32e0416ae1da69aa1295837b93369c9f7aca Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Sat, 31 May 2014 23:54:06 +0300 Subject: module for custom certificate extensions --- src/GNUmakefile | 1 + src/openssl.c | 135 ++++++++++++++++++++++++++++++----------- src/openssl.x509.extension.lua | 1 + 3 files changed, 101 insertions(+), 36 deletions(-) create mode 100644 src/openssl.x509.extension.lua diff --git a/src/GNUmakefile b/src/GNUmakefile index 75e8c3a..c3cddf0 100644 --- a/src/GNUmakefile +++ b/src/GNUmakefile @@ -95,6 +95,7 @@ MODS$(1)_$(d) = \ $$(DESTDIR)$(3)/openssl/x509/altname.lua \ $$(DESTDIR)$(3)/openssl/x509/chain.lua \ $$(DESTDIR)$(3)/openssl/x509/crl.lua \ + $$(DESTDIR)$(3)/openssl/x509/extension.lua \ $$(DESTDIR)$(3)/openssl/x509/store.lua \ $$(DESTDIR)$(3)/openssl/ssl/context.lua \ $$(DESTDIR)$(3)/openssl/ssl.lua \ diff --git a/src/openssl.c b/src/openssl.c index a0af882..b72b28e 100644 --- a/src/openssl.c +++ b/src/openssl.c @@ -82,6 +82,7 @@ #define PKEY_CLASS "EVP_PKEY*" #define X509_NAME_CLASS "X509_NAME*" #define X509_GENS_CLASS "GENERAL_NAMES*" +#define X509_EXT_CLASS "X509_EXTENSION*" #define X509_CERT_CLASS "X509*" #define X509_CHAIN_CLASS "STACK_OF(X509)*" #define X509_CSR_CLASS "X509_REQ*" @@ -1803,6 +1804,98 @@ int luaopen__openssl_x509_altname(lua_State *L) { } /* luaopen__openssl_x509_altname() */ +/* + * X509_EXTENSION - openssl.x509.extension + * + * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ + +static int xe_new(lua_State *L) { + lua_settop(L, 3); + + X509_EXTENSION **ud = prepsimple(L, X509_EXT_CLASS); + + char *name = (char *) luaL_checkstring(L, 1); + char *value = (char *) luaL_checkstring(L, 2); + + CONF *conf = NULL; + X509V3_CTX *ctx = NULL; + X509_EXTENSION *ext = NULL; + + if (!lua_isnil(L, 3)) { + char *cdata = (char *) luaL_checkstring(L, 3); + BIO *bio = getbio(L); + if (BIO_puts(bio, cdata) < 0) + goto error; + + if (!(conf = NCONF_new(NULL))) + goto error; + if (!NCONF_load_bio(conf, bio, NULL)) + goto error; + + ctx = (X509V3_CTX *) malloc(sizeof (X509V3_CTX)); + X509V3_set_nconf(ctx, conf); + } + + if (!(*ud = X509V3_EXT_nconf(conf, ctx, name, value))) + goto error; + + if (conf) { + free(ctx); + NCONF_free(conf); + } + + return 1; + + error: + if (ctx) + free(ctx); + if (conf) + NCONF_free(conf); + + return throwssl(L, "x509.extension.new"); +} /* xe_new() */ + + +static int xe_interpose(lua_State *L) { + return interpose(L, X509_EXT_CLASS); +} /* xe_interpose() */ + + +static int xe__gc(lua_State *L) { + X509_EXTENSION **ud = luaL_checkudata(L, 1, X509_EXT_CLASS); + + X509_EXTENSION_free(*ud); + *ud = NULL; + + return 0; +} /* xe__gc() */ + + +static const luaL_Reg xe_methods[] = { + { NULL, NULL }, +}; + +static const luaL_Reg xe_metatable[] = { + { "__gc", &xe__gc }, + { NULL, NULL }, +}; + + +static const luaL_Reg xe_globals[] = { + { "new", &xe_new }, + { "interpose", &xe_interpose }, + { NULL, NULL }, +}; + +int luaopen__openssl_x509_extension(lua_State *L) { + initall(L); + + luaL_newlib(L, xe_globals); + + return 1; +} /* luaopen__openssl_x509_extension() */ + + /* * X509 - openssl.x509.cert * @@ -2498,45 +2591,14 @@ static int xc_setBasicConstraintsCritical(lua_State *L) { static int xc_addExtension(lua_State *L) { X509 *crt = checksimple(L, 1, X509_CERT_CLASS); - char *name = (char *) luaL_checkstring(L, 2); - char *value = (char *) luaL_checkstring(L, 3); - - int ok = 1; - - BIO *bio = NULL; - CONF *conf = NULL; - X509V3_CTX *ctx = NULL; - X509_EXTENSION *ext = NULL; - - if (lua_gettop(L) > 3) { - char *cdata = (char *) luaL_checkstring(L, 4); - - bio = BIO_new(BIO_s_mem()); - if (!bio) goto error; - if (BIO_puts(bio, cdata) < 0) goto error; - - conf = NCONF_new(NULL); - if (!conf) goto error; - if (!NCONF_load_bio(conf, bio, NULL)) goto error; + X509_EXTENSION *ext = checksimple(L, 2, X509_EXT_CLASS); - ctx = (X509V3_CTX *) malloc(sizeof (X509V3_CTX)); - X509V3_set_nconf(ctx, conf); - } - - ext = X509V3_EXT_nconf(conf, ctx, name, value); - - if (ext && X509_add_ext(crt, ext, -1)) goto done; + if (!X509_add_ext(crt, ext, -1)) + throwssl(L, "x509.cert:addExtension"); - error: - ok = 0; - - done: - if (ext) X509_EXTENSION_free(ext); - if (ctx) free(ctx); - if (conf) NCONF_free(conf); - if (bio) BIO_free(bio); + lua_pushboolean(L, 1); - return ok ? 0 : throwssl(L, "x509.cert:addExtension"); + return 1; } /* xc_addExtension() */ @@ -4799,6 +4861,7 @@ static void initall(lua_State *L) { addclass(L, PKEY_CLASS, pk_methods, pk_metatable); addclass(L, X509_NAME_CLASS, xn_methods, xn_metatable); addclass(L, X509_GENS_CLASS, gn_methods, gn_metatable); + addclass(L, X509_EXT_CLASS, xe_methods, xe_metatable); addclass(L, X509_CERT_CLASS, xc_methods, xc_metatable); addclass(L, X509_CSR_CLASS, xr_methods, xr_metatable); addclass(L, X509_CRL_CLASS, xx_methods, xx_metatable); diff --git a/src/openssl.x509.extension.lua b/src/openssl.x509.extension.lua new file mode 100644 index 0000000..7043f45 --- /dev/null +++ b/src/openssl.x509.extension.lua @@ -0,0 +1 @@ +return require('_openssl.x509.extension') -- cgit v1.2.3-59-g8ed1b