From c8e8cf8f43b4d683cfa82d9aff239a4054b9c71b Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 9 Jun 2016 04:36:07 +0000
Subject: [PATCH] Return RSA exponent from parsed SSL certificates, as a bignum

---
 nse_ssl_cert.cc    | 15 +++++++++++++++
 nselib/nmap.luadoc |  6 ++++++
 2 files changed, 21 insertions(+)

diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc
index 8cb12ec2c..87d4fad4c 100644
--- a/nse_ssl_cert.cc
+++ b/nse_ssl_cert.cc
@@ -128,6 +128,7 @@
 #include <ctype.h>
 #include <errno.h>
 #include <string.h>
+#include <openssl/bn.h>
 #include <openssl/bio.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
@@ -146,6 +147,12 @@ struct cert_userdata {
   int attributes_table;
 };
 
+/* from nse_openssl.cc */
+typedef struct bignum_data {
+  BIGNUM * bn;
+} bignum_data_t;
+
+
 SSL *nse_nsock_get_ssl(lua_State *L);
 
 /* This is a reference to a table that will be used as the metatable for
@@ -546,6 +553,14 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
   if (pkey_type == EVP_PKEY_EC) {
     lua_push_ecdhparams(L, pubkey);
   }
+  else if (pkey_type == EVP_PKEY_RSA) {
+    RSA *rsa = EVP_PKEY_get1_RSA(pubkey);
+    bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
+    luaL_getmetatable( L, "BIGNUM" );
+    lua_setmetatable( L, -2 );
+    data->bn = rsa->e;
+    lua_setfield(L, -2, "exponent");
+  }
   lua_pushstring(L, pkey_type_to_string(pkey_type));
   lua_setfield(L, -2, "type");
   lua_pushnumber(L, EVP_PKEY_bits(pubkey));
diff --git a/nselib/nmap.luadoc b/nselib/nmap.luadoc
index 2e02d9740..25560947c 100644
--- a/nselib/nmap.luadoc
+++ b/nselib/nmap.luadoc
@@ -732,6 +732,12 @@ function pcap_close()
 -- pem = "-----BEGIN CERTIFICATE-----\nMIIFxzCCBK+gAwIBAgIQX02QuADDB7CVj..."
 -- </code>
 --
+-- If the <code>pubkey</code> is type <code>"rsa"</code>, it will also have an
+-- <code>exponent</code> member, containing the public exponent as a bignum. If
+-- the type is <code>"ec"</code>, it will have an <code>ecdhparams</code>
+-- member, containing a table with <code>ec_curve_type</code> and
+-- <code>curve</code> keys as strings.
+--
 -- It also has the following member functions:
 --
 -- * <code>digest(algorithm)</code> returns the digest of the certificate using the given digest algorithm, which is any of the strings returned by <code>openssl.supported_digests</code>, typically something like <code>"md5"</code> or <code>"sha1"</code>.