static int openssl_xext_data(lua_State* L)
{
X509_EXTENSION *x = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension");
if(lua_isnone(L, 2)){
ASN1_STRING *s = X509_EXTENSION_get_data(x);
PUSH_OBJECT(ASN1_STRING_dup(s),"openssl.asn1_string");
return 1;
} else {
ASN1_STRING *s = CHECK_OBJECT(2, ASN1_STRING, "openssl.asn1_string");
int ret;
s = ASN1_STRING_dup(s);
ret = X509_EXTENSION_set_data(x, s);
return openssl_pushresult(L, ret);
}
};
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
{
if (!value || (type == V_ASN1_BOOLEAN))
{
void *p = (void *)value;
ASN1_TYPE_set(a, type, p);
}
else if (type == V_ASN1_OBJECT)
{
ASN1_OBJECT *odup;
odup = OBJ_dup(value);
if (!odup)
return 0;
ASN1_TYPE_set(a, type, odup);
}
else
{
ASN1_STRING *sdup;
sdup = ASN1_STRING_dup(value);
if (!sdup)
return 0;
ASN1_TYPE_set(a, type, sdup);
}
return 1;
}
static int openssl_xattr_data(lua_State*L)
{
X509_ATTRIBUTE* attr = CHECK_OBJECT(1, X509_ATTRIBUTE, "openssl.x509_attribute");
if (lua_type(L, 2) == LUA_TSTRING)
{
int attrtype = luaL_checkint(L, 2);
size_t size;
int ret;
const char *data = luaL_checklstring(L, 3, &size);
if (attr->single)
ASN1_TYPE_free((ASN1_TYPE*)attr->value.ptr);
else
sk_ASN1_TYPE_pop_free(attr->value.set, ASN1_TYPE_free);
attr->value.ptr = NULL;
ret = X509_ATTRIBUTE_set1_data(attr, attrtype, data, size);
return openssl_pushresult(L, ret);
}
else
{
int idx = luaL_checkint(L, 2);
int attrtype = luaL_checkint(L, 3);
ASN1_STRING *as = (ASN1_STRING *)X509_ATTRIBUTE_get0_data(attr, idx, attrtype, NULL);
as = ASN1_STRING_dup(as);
PUSH_OBJECT(as, "openssl.asn1_string");
return 1;
}
}
static int openssl_xalgor_get(lua_State* L)
{
int type;
void* val;
ASN1_OBJECT *obj, *dup;
X509_ALGOR* alg = CHECK_OBJECT(1, X509_ALGOR, "openssl.x509_algor");
X509_ALGOR_get0(&obj, &type, &val, alg);
if (obj != NULL)
{
dup = OBJ_dup(obj);
PUSH_OBJECT(dup, "openssl.asn1_object");
}
else
lua_pushnil(L);
if (type == V_ASN1_UNDEF)
lua_pushnil(L);
else
{
ASN1_STRING *s = ASN1_STRING_dup(val);
PUSH_OBJECT(s, "openssl.asn1_string");
}
return 2;
}
static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig)
{
int pad_mode;
EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
if (pad_mode == RSA_PKCS1_PADDING)
return 2;
if (pad_mode == RSA_PKCS1_PSS_PADDING) {
ASN1_STRING *os1 = NULL;
os1 = rsa_ctx_to_pss(pkctx);
if (!os1)
return 0;
/* Duplicate parameters if we have to */
if (alg2) {
ASN1_STRING *os2 = ASN1_STRING_dup(os1);
if (!os2) {
ASN1_STRING_free(os1);
return 0;
}
X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
V_ASN1_SEQUENCE, os2);
}
X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
V_ASN1_SEQUENCE, os1);
return 3;
}
return 2;
}
static int openssl_xalgor_set(lua_State* L) {
X509_ALGOR* alg = CHECK_OBJECT(1, X509_ALGOR, "openssl.x509_algor");
ASN1_OBJECT* obj = CHECK_OBJECT(2, ASN1_OBJECT, "openssl.asn1_object");
ASN1_STRING* val = lua_isnoneornil(L,3) ?
NULL : auxiliar_checkgroup(L, "openssl.asn1_group", 3);
int ret = X509_ALGOR_set0(alg, OBJ_dup(obj), val->type, ASN1_STRING_dup(val));
return openssl_pushresult(L, ret);
}
int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
{
switch(type)
{
case CMS_SIGNERINFO_ISSUER_SERIAL:
sid->d.issuerAndSerialNumber =
M_ASN1_new_of(CMS_IssuerAndSerialNumber);
if (!sid->d.issuerAndSerialNumber)
goto merr;
if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
X509_get_issuer_name(cert)))
goto merr;
ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
sid->d.issuerAndSerialNumber->serialNumber =
ASN1_STRING_dup(X509_get_serialNumber(cert));
if(!sid->d.issuerAndSerialNumber->serialNumber)
goto merr;
break;
case CMS_SIGNERINFO_KEYIDENTIFIER:
if (!cert->skid)
{
CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
CMS_R_CERTIFICATE_HAS_NO_KEYID);
return 0;
}
sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
if (!sid->d.subjectKeyIdentifier)
goto merr;
break;
default:
CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
return 0;
}
sid->type = type;
return 1;
merr:
CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
return 0;
}
int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
{
ASN1_TIME *in;
in = *ptm;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
ASN1_TIME_free(*ptm);
*ptm = in;
}
}
return (in != NULL);
}
int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)
{
ASN1_GENERALIZEDTIME *new_time;
if (a->time == gtime)
return 1;
new_time = ASN1_STRING_dup(gtime);
if (new_time == NULL) {
TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
return 0;
}
ASN1_GENERALIZEDTIME_free(a->time);
a->time = new_time;
return 1;
}
int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
{
ASN1_TIME *in;
if (x == NULL)
return (0);
in = x->revocationDate;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
ASN1_TIME_free(x->revocationDate);
x->revocationDate = in;
}
}
return (in != NULL);
}
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
if (x == NULL)
return (0);
in = x->crl.nextUpdate;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
ASN1_TIME_free(x->crl.nextUpdate);
x->crl.nextUpdate = in;
}
}
return (in != NULL);
}
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
if (x == NULL)
return (0);
in = x->cert_info.validity.notAfter;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
ASN1_TIME_free(x->cert_info.validity.notAfter);
x->cert_info.validity.notAfter = in;
}
}
return (in != NULL);
}
int
X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL))
return (0);
in = x->cert_info->validity->notBefore;
if (in != tm) {
in = ASN1_STRING_dup(tm);
if (in != NULL) {
ASN1_TIME_free(x->cert_info->validity->notBefore);
x->cert_info->validity->notBefore = in;
}
}
return (in != NULL);
}
int
X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
{
ASN1_INTEGER *in;
if (x == NULL)
return (0);
in = x->serialNumber;
if (in != serial) {
in = ASN1_STRING_dup(serial);
if (in != NULL) {
M_ASN1_INTEGER_free(x->serialNumber);
x->serialNumber = in;
}
}
return (in != NULL);
}
int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
{
ASN1_OCTET_STRING *keyid = NULL;
const ASN1_OCTET_STRING *cert_keyid;
cert_keyid = X509_get0_subject_key_id(cert);
if (cert_keyid == NULL) {
CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
return 0;
}
keyid = ASN1_STRING_dup(cert_keyid);
if (!keyid) {
CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
return 0;
}
ASN1_OCTET_STRING_free(*pkeyid);
*pkeyid = keyid;
return 1;
}
int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
{
ASN1_OCTET_STRING *keyid = NULL;
X509_check_purpose(cert, -1, -1);
if (!cert->skid) {
CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
return 0;
}
keyid = ASN1_STRING_dup(cert->skid);
if (!keyid) {
CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
return 0;
}
if (*pkeyid)
ASN1_OCTET_STRING_free(*pkeyid);
*pkeyid = keyid;
return 1;
}
static int openssl_xname_delete_entry(lua_State*L)
{
X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
int loc = luaL_checkint(L, 2);
X509_NAME_ENTRY *xe = X509_NAME_delete_entry(xn,loc);
if(xe)
{
ASN1_OBJECT *obj = OBJ_dup(xe->object);
ASN1_STRING *as = ASN1_STRING_dup(xe->value);
PUSH_OBJECT(obj,"openssl.asn1_object");
PUSH_OBJECT(as,"openssl.asn1_string");
X509_NAME_ENTRY_free(xe);
return 2;
}else
lua_pushnil(L);
return 1;
};
static int openssl_push_pkcs7_signer_info(lua_State *L, PKCS7_SIGNER_INFO *info)
{
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(info->version), integer);
if (info->issuer_and_serial != NULL)
{
X509_NAME *i = X509_NAME_dup(info->issuer_and_serial->issuer);
ASN1_INTEGER *s = ASN1_INTEGER_dup(info->issuer_and_serial->serial);
if (info->issuer_and_serial->issuer)
AUXILIAR_SETOBJECT(L, i, "openssl.x509_name", -1, "issuer");
if (info->issuer_and_serial->serial)
AUXILIAR_SETOBJECT(L, s, "openssl.asn1_integer", -1, "serial");
}
if (info->digest_alg)
{
X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg);
AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_alg");
}
if (info->digest_enc_alg)
{
X509_ALGOR *dup = X509_ALGOR_dup(info->digest_alg);
AUXILIAR_SETOBJECT(L, dup, "openssl.x509_algor", -1, "digest_enc_alg");
}
if (info->enc_digest)
{
ASN1_STRING *dup = ASN1_STRING_dup(info->enc_digest);
AUXILIAR_SETOBJECT(L, dup, "openssl.asn1_string", -1, "enc_digest");
}
if (info->pkey)
{
CRYPTO_add(&info->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
AUXILIAR_SETOBJECT(L, info->pkey, "openssl.evp_pkey", -1, "pkey");
}
return 1;
}
static int openssl_xext_data(lua_State* L)
{
int ret = 0;
X509_EXTENSION *x = CHECK_OBJECT(1, X509_EXTENSION, "openssl.x509_extension");
if (lua_isnone(L, 2))
{
ASN1_STRING *s = X509_EXTENSION_get_data(x);
s = ASN1_STRING_dup(s);
PUSH_OBJECT(s, "openssl.asn1_string");
return 1;
}
else if (lua_isstring(L, 2))
{
size_t size;
const char* data = lua_tolstring(L, 2, &size);
ASN1_STRING* s = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
if (ASN1_STRING_set(s, data, size) == 1)
{
ret = X509_EXTENSION_set_data(x, s);
}
ASN1_STRING_free(s);
return openssl_pushresult(L, ret);
}
else
{
ASN1_STRING* s = CHECK_GROUP(2, ASN1_STRING, "openssl.asn1group");
if (ASN1_STRING_type(s) == V_ASN1_OCTET_STRING)
{
int ret;
ret = X509_EXTENSION_set_data(x, s);
return openssl_pushresult(L, ret);
}
else
{
luaL_argerror(L, 2, "asn1_string type must be octet");
}
}
return 0;
};
static X509_EXTENSION* openssl_new_xextension(lua_State*L, X509_EXTENSION** x, int idx, int utf8)
{
int nid;
ASN1_OCTET_STRING* value;
int critical = 0;
lua_getfield(L, idx, "object");
nid = openssl_get_nid(L, -1);
lua_pop(L, 1);
if (nid==NID_undef) {
lua_pushfstring(L, "%s is not valid object id",lua_tostring(L, -1));
luaL_argerror(L, idx, lua_tostring(L,-1));
}
lua_getfield(L, idx, "value");
value = CHECK_OBJECT(-1, ASN1_STRING, "openssl.asn1_string");
lua_pop(L, 1);
lua_getfield(L, idx, "critical");
critical = lua_isnil(L,-1) ? 0 : lua_toboolean(L, -1);
lua_pop(L, 1);
return X509_EXTENSION_create_by_NID(x, nid, critical, ASN1_STRING_dup(value));
}
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{
return ASN1_STRING_dup(x);
}
static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig)
{
int pad_mode;
EVP_PKEY_CTX *pkctx = ctx->pctx;
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
if (pad_mode == RSA_PKCS1_PADDING)
return 2;
if (pad_mode == RSA_PKCS1_PSS_PADDING)
{
const EVP_MD *sigmd, *mgf1md;
RSA_PSS_PARAMS *pss = NULL;
X509_ALGOR *mgf1alg = NULL;
ASN1_STRING *os1 = NULL, *os2 = NULL;
EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
int saltlen, rv = 0;
sigmd = EVP_MD_CTX_md(ctx);
if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
goto err;
if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
goto err;
if (saltlen == -1)
saltlen = EVP_MD_size(sigmd);
else if (saltlen == -2)
{
saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
saltlen--;
}
pss = RSA_PSS_PARAMS_new();
if (!pss)
goto err;
if (saltlen != 20)
{
pss->saltLength = ASN1_INTEGER_new();
if (!pss->saltLength)
goto err;
if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
goto err;
}
if (EVP_MD_type(sigmd) != NID_sha1)
{
pss->hashAlgorithm = X509_ALGOR_new();
if (!pss->hashAlgorithm)
goto err;
X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
}
if (EVP_MD_type(mgf1md) != NID_sha1)
{
ASN1_STRING *stmp = NULL;
/* need to embed algorithm ID inside another */
mgf1alg = X509_ALGOR_new();
X509_ALGOR_set_md(mgf1alg, mgf1md);
if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
&stmp))
goto err;
pss->maskGenAlgorithm = X509_ALGOR_new();
if (!pss->maskGenAlgorithm)
goto err;
X509_ALGOR_set0(pss->maskGenAlgorithm,
OBJ_nid2obj(NID_mgf1),
V_ASN1_SEQUENCE, stmp);
}
/* Finally create string with pss parameter encoding. */
if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
goto err;
if (alg2)
{
os2 = ASN1_STRING_dup(os1);
if (!os2)
goto err;
X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
V_ASN1_SEQUENCE, os2);
}
X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
V_ASN1_SEQUENCE, os1);
os1 = os2 = NULL;
rv = 3;
err:
if (mgf1alg)
X509_ALGOR_free(mgf1alg);
if (pss)
RSA_PSS_PARAMS_free(pss);
if (os1)
ASN1_STRING_free(os1);
return rv;
}
return 2;
}
static LUA_FUNCTION(openssl_pkcs7_parse)
{
PKCS7 * p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7");
STACK_OF(X509) *certs = NULL;
STACK_OF(X509_CRL) *crls = NULL;
int i = OBJ_obj2nid(p7->type);
lua_newtable(L);
AUXILIAR_SET(L, -1, "type", OBJ_nid2ln(i), string);
switch (i)
{
case NID_pkcs7_signed:
{
PKCS7_SIGNED *sign = p7->d.sign;
certs = sign->cert ? sign->cert : NULL;
crls = sign->crl ? sign->crl : NULL;
AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(sign->version), integer);
AUXILIAR_SET(L, -1, "detached", PKCS7_is_detached(p7), boolean);
lua_pushstring(L, "md_algs");
openssl_sk_x509_algor_totable(L, sign->md_algs);
lua_rawset(L, -3);
if (sign->signer_info)
{
int j, n;
n = sk_PKCS7_SIGNER_INFO_num(sign->signer_info);
lua_pushstring(L, "signer_info");
lua_newtable(L);
for (j = 0; j < n; j++)
{
PKCS7_SIGNER_INFO *info = sk_PKCS7_SIGNER_INFO_value(sign->signer_info, j);
lua_pushinteger(L, j + 1);
openssl_push_pkcs7_signer_info(L, info);
lua_rawset(L, -3);
}
lua_rawset(L, -3);
}
if (!PKCS7_is_detached(p7))
{
PKCS7* c = sign->contents;
c = PKCS7_dup(c);
AUXILIAR_SETOBJECT(L, c, "openssl.pkcs7", -1, "contents");
}
}
break;
case NID_pkcs7_signedAndEnveloped:
certs = p7->d.signed_and_enveloped->cert;
crls = p7->d.signed_and_enveloped->crl;
break;
case NID_pkcs7_enveloped:
{
/*
BIO * mem = BIO_new(BIO_s_mem());
BIO * v_p7bio = PKCS7_dataDecode(p7,pkey,NULL,NULL);
BUF_MEM *bptr = NULL;
unsigned char src[4096];
int len;
while((len = BIO_read(v_p7bio,src,4096))>0){
BIO_write(mem, src, len);
}
BIO_free(v_p7bio);
BIO_get_mem_ptr(mem, &bptr);
if((int)*puiDataLen < bptr->length)
{
*puiDataLen = bptr->length;
ret = SAR_MemoryErr;
}else{
*puiDataLen = bptr->length;
memcpy(pucData,bptr->data, bptr->length);
}
*/
}
break;
case NID_pkcs7_digest:
{
PKCS7_DIGEST* d = p7->d.digest;
ASN1_OCTET_STRING *as = ASN1_STRING_dup(d->digest);
PUSH_OBJECT(as, "openssl.asn1_string");
lua_setfield(L, -2, "digest");
}
break;
case NID_pkcs7_data:
{
ASN1_OCTET_STRING *as = ASN1_STRING_dup(p7->d.data);
PUSH_OBJECT(as, "openssl.asn1_string");
lua_setfield(L, -2, "data");
}
break;
default:
break;
}
/* NID_pkcs7_signed or NID_pkcs7_signedAndEnveloped */
if (certs != NULL)
{
lua_pushstring(L, "certs");
openssl_sk_x509_totable(L, certs);
lua_rawset(L, -3);
}
if (crls != NULL)
{
lua_pushstring(L, "crls");
openssl_sk_x509_crl_totable(L, crls);
lua_rawset(L, -3);
}
return 1;
}