static int openssl_cms_read(lua_State *L)
{
BIO* in = load_bio_object(L, 1);
int fmt = luaL_checkoption(L, 2, "auto", format);
CMS_ContentInfo *cms = NULL;
if (fmt == FORMAT_AUTO)
{
fmt = bio_is_der(in) ? FORMAT_DER : FORMAT_PEM;
}
if (fmt == FORMAT_DER)
{
cms = d2i_CMS_bio(in, NULL);
//CMS_ContentInfo *cms = CMS_ContentInfo_new();
//int ret = i2d_CMS_bio(bio, cms);
}else
if (fmt == FORMAT_PEM)
{
cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
}else
if (fmt == FORMAT_SMIME)
{
BIO *indata = load_bio_object(L, 3);
cms = SMIME_read_CMS(in, &indata);
}
if (cms)
{
PUSH_OBJECT(cms, "openssl.cms");
return 1;
}
return openssl_pushresult(L, 0);
}
static int openssl_cms_uncompress(lua_State *L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
BIO *in = load_bio_object(L, 2);
BIO *out = load_bio_object(L, 3);
int flags = luaL_optint(L, 4, 0);
int ret = CMS_uncompress(cms, in, out, flags);
return openssl_pushresult(L, ret);
}
static int openssl_cms_EncryptedData_decrypt(lua_State*L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
size_t klen;
const char* key = luaL_checklstring(L, 2, &klen);
BIO* dcont = load_bio_object(L, 3);
BIO* out = load_bio_object(L, 4);
unsigned int flags = luaL_optint(L, 5, 0);
int ret = CMS_EncryptedData_decrypt(cms, (const unsigned char*)key, klen, dcont, out, flags);
return openssl_pushresult(L, ret);
}
static int openssl_cms_decrypt(lua_State *L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
EVP_PKEY* pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey");
X509* x509 = CHECK_OBJECT(3, X509, "openssl.x509");
BIO* dcont = load_bio_object(L, 4);
BIO* out = load_bio_object(L, 5);
unsigned int flags = luaL_optint(L, 6, 0);
int ret = 1;
if (lua_istable(L, 7))
{
lua_getfield(L, 7, "password");
if (lua_isstring(L, -1))
{
unsigned char*passwd = (unsigned char*)lua_tostring(L, -1);
ret = CMS_decrypt_set1_password(cms, passwd, -1);
}
else if (!lua_isnil(L, -1))
{
luaL_argerror(L, 7, "password field must be string");
}
lua_pop(L, 1);
if (ret)
{
lua_getfield(L, 7, "key");
lua_getfield(L, 7, "keyid");
if (lua_isstring(L, -1) && lua_isstring(L, -2))
{
size_t keylen, keyidlen;
unsigned char*key = (unsigned char*)lua_tolstring(L, -2, &keylen);
unsigned char*keyid = (unsigned char*)lua_tolstring(L, -1, &keyidlen);
ret = CMS_decrypt_set1_key(cms, key, keylen, keyid, keyidlen);
}
else if (!lua_isnil(L, -1) || !lua_isnil(L, -2))
{
luaL_argerror(L, 7, "key and keyid field must be string");
}
lua_pop(L, 2);
}
}
if (ret)
{
ret = CMS_decrypt_set1_pkey(cms, pkey, x509);
}
if (ret == 1)
ret = CMS_decrypt(cms, NULL, NULL, dcont, out, flags);
return openssl_pushresult(L, ret);
}
static LUA_FUNCTION(openssl_pkcs7_encrypt)
{
PKCS7 * p7 = NULL;
BIO *in = load_bio_object(L, 1);
STACK_OF(X509) *recipcerts = openssl_sk_x509_fromtable(L, 2);
const EVP_CIPHER *cipher = get_cipher(L, 3, "des3");
long flags = luaL_optint(L, 4, 0);
if (cipher == NULL)
{
luaL_error(L, "Failed to get cipher");
}
p7 = PKCS7_encrypt(recipcerts, in, cipher, flags);
BIO_free(in);
sk_X509_pop_free(recipcerts, X509_free);
if (p7 == NULL)
{
lua_pushnil(L);
}
else
{
PUSH_OBJECT(p7, "openssl.pkcs7");
}
return 1;
}
static LUA_FUNCTION(openssl_pkcs7_sign)
{
BIO *in = load_bio_object(L, 1);
X509 *cert = CHECK_OBJECT(2, X509, "openssl.x509");
EVP_PKEY *privkey = CHECK_OBJECT(3, EVP_PKEY, "openssl.evp_pkey");
STACK_OF(X509) *others = lua_isnoneornil(L, 4) ? 0 : openssl_sk_x509_fromtable(L, 4);
long flags = luaL_optint(L, 5, 0);
PKCS7 *p7 = NULL;
luaL_argcheck(L, openssl_pkey_is_private(privkey), 3, "must be private key");
if (!X509_check_private_key(cert, privkey))
luaL_error(L, "sigcert and private key not match");
p7 = PKCS7_sign(cert, privkey, others, in, flags);
BIO_free(in);
if (others)
sk_X509_pop_free(others, X509_free);
if (p7)
{
PUSH_OBJECT(p7, "openssl.pkcs7");
return 1;
}
else
{
luaL_error(L, "error creating PKCS7 structure!");
}
return 0;
}
static int openssl_cms_create(lua_State*L)
{
CMS_ContentInfo *cms = NULL;
if (lua_gettop(L) == 1)
{
cms = CMS_ContentInfo_new();
}
else
{
BIO* in = load_bio_object(L, 1);
if (lua_isuserdata(L, 2))
{
const EVP_MD* md = get_digest(L, 2);
int flags = luaL_optint(L, 3, 0);
cms = CMS_digest_create(in, md, flags);
}
else
{
int flags = luaL_optint(L, 2, 0);
cms = CMS_data_create(in, flags);
}
}
PUSH_OBJECT(cms, "openssl.cms");
return 1;
}
static LUA_FUNCTION(openssl_csr_read)
{
BIO * in = load_bio_object(L, 1);
int fmt = luaL_checkoption(L, 2, "auto", format);
X509_REQ * csr = NULL;
if (fmt == FORMAT_AUTO)
{
fmt = bio_is_der(in) ? FORMAT_DER : FORMAT_PEM;
}
if (fmt == FORMAT_PEM)
{
csr = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
BIO_reset(in);
}else
if (fmt == FORMAT_DER)
{
csr = d2i_X509_REQ_bio(in, NULL);
BIO_reset(in);
}
BIO_free(in);
if (csr)
{
PUSH_OBJECT(csr, "openssl.x509_req");
return 1;
}
return openssl_pushresult(L, 0);
}
static LUA_FUNCTION(openssl_crl_read)
{
BIO * in = load_bio_object(L, 1);
int fmt = luaL_checkoption(L, 2, "auto", format);
X509_CRL *crl = NULL;
if (fmt == FORMAT_AUTO || fmt == FORMAT_PEM)
{
crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
BIO_reset(in);
}
if ((fmt == FORMAT_AUTO && crl == NULL) || fmt == FORMAT_DER)
{
crl = d2i_X509_CRL_bio(in, NULL);
BIO_reset(in);
}
BIO_free(in);
if (crl)
{
PUSH_OBJECT(crl, "openssl.x509_crl");
return 1;
}
return 0;
}
static int openssl_cms_bio_new(lua_State*L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
BIO* out = lua_isnoneornil(L, 2) ? NULL : load_bio_object(L, 2);
out = BIO_new_CMS(out, cms);
PUSH_OBJECT(out, "openssl.bio");
return 1;
}
static int openssl_cms_datainit(lua_State *L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
BIO* icont = load_bio_object(L, 2);
icont = CMS_dataInit(cms, icont);
PUSH_OBJECT(icont, "openssl.bio");
return 1;
}
static int openssl_cms_datafinal(lua_State *L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
BIO* bio = load_bio_object(L, 2);
int ret = CMS_dataFinal(cms, bio);
lua_pushboolean(L, ret);
return 1;
}
static int openssl_cms_data(lua_State *L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
BIO *out = load_bio_object(L, 2);
unsigned int flags = luaL_optint(L, 3, 0);
int ret = CMS_data(cms, out, flags);
return openssl_pushresult(L, ret);
}
static int openssl_cms_final(lua_State*L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
BIO* in = load_bio_object(L, 2);
int flags = luaL_optint(L, 3, 0);
int ret = CMS_final(cms, in, NULL, flags);
return openssl_pushresult(L, ret);
}
static int openssl_cms_verify(lua_State *L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
static const char* verify_mode[] =
{
"verify", /* 0 */
"digest", /* 1 */
"receipt", /* 2 */
NULL
};
int mode = luaL_checkoption(L, 2, NULL, verify_mode);
if (mode == 1)
{
BIO* in = load_bio_object(L, 3);
BIO* out = load_bio_object(L, 4);
unsigned int flags = luaL_optint(L, 5, 0);
int ret = CMS_digest_verify(cms, in, out, flags);
return openssl_pushresult(L, ret);
}
if (mode == 2)
{
CMS_ContentInfo *src = CHECK_OBJECT(3, CMS_ContentInfo, "openssl.cms");
STACK_OF(X509) *other = CHECK_OBJECT(4, STACK_OF(X509), "openssl.stack_of_x509");
X509_STORE* store = CHECK_OBJECT(5, X509_STORE, "openssl.x509_store");
unsigned int flags = luaL_optint(L, 6, 0);
int ret = CMS_verify_receipt(cms, src, other, store, flags);
return openssl_pushresult(L, ret);
}
if (mode == 0)
{
STACK_OF(X509) *other = CHECK_OBJECT(3, STACK_OF(X509), "openssl.stack_of_x509");
X509_STORE* store = CHECK_OBJECT(4, X509_STORE, "openssl.x509_store");
BIO* in = load_bio_object(L, 5);
BIO* out = load_bio_object(L, 6);
unsigned int flags = luaL_optint(L, 7, 0);
int ret = CMS_verify(cms, other, store, in, out, flags);
return openssl_pushresult(L, ret);
}
return 0;
}
static LUA_FUNCTION(openssl_ts_req_read)
{
BIO *in = load_bio_object(L, 1);
TS_REQ *ts_req = d2i_TS_REQ_bio(in, NULL);
BIO_free(in);
if (ts_req)
{
PUSH_OBJECT(ts_req, "openssl.ts_req");
return 1;
}
return 0;
}
static int openssl_cms_write(lua_State *L)
{
CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms");
BIO *out = load_bio_object(L, 2);
BIO *in = load_bio_object(L, 3);
int flags = luaL_optint(L, 4, 0);
int fmt = luaL_checkoption(L, 5, "smime", format);
int ret = 0;
if (fmt == FORMAT_SMIME)
ret = SMIME_write_CMS(out, cms, in, flags);
else if (fmt == FORMAT_PEM)
ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
else if (fmt == FORMAT_DER)
{
ret = i2d_CMS_bio_stream(out, cms, in, flags);
//i2d_CMS_bio
}
else
luaL_argerror(L, 5, "only accept smime, pem or der");
return openssl_pushresult(L, ret);
}
static int openssl_xname_print(lua_State*L)
{
X509_NAME* xname = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name");
BIO* bio = load_bio_object(L, 2);
int indent = luaL_optint(L, 3, 0);
unsigned long flags = luaL_optinteger(L, 4, 0);
int ret = X509_NAME_print_ex(bio, xname, indent, flags);
BIO_free(bio);
if (ret == 1)
lua_pushboolean(L, 1);
else
return openssl_pushresult(L, ret);
return 1;
};
static LUA_FUNCTION(openssl_lhash_read)
{
long eline = -1;
BIO* bio = load_bio_object(L, 1);
LHASH* lhash = CONF_load_bio(NULL, bio, &eline);
if (lhash)
PUSH_OBJECT(lhash, "openssl.lhash");
else
{
lua_pushfstring(L, "ERROR at LINE %d", eline);
luaL_argerror(L, 1, lua_tostring(L, -1));
}
return 1;
}
static LUA_FUNCTION(openssl_pkcs7_verify)
{
int ret = 0;
PKCS7 *p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7");
STACK_OF(X509) *signers = lua_isnoneornil(L, 2) ? NULL : CHECK_OBJECT(2, STACK_OF(X509), "openssl.stack_of_x509");
X509_STORE *store = lua_isnoneornil(L, 3) ? NULL : CHECK_OBJECT(3, X509_STORE, "openssl.x509_store");
BIO* in = lua_isnoneornil(L, 4) ? NULL : load_bio_object(L, 4);
long flags = luaL_optint(L, 5, 0);
BIO* out = BIO_new(BIO_s_mem());
if (!store)
{
luaL_error(L, "can't setup veirfy cainfo");
}
if (PKCS7_verify(p7, signers, store, in, out, flags) == 1)
{
STACK_OF(X509) *signers1 = PKCS7_get0_signers(p7, NULL, flags);
if (out)
{
BUF_MEM *bio_buf;
BIO_get_mem_ptr(out, &bio_buf);
lua_pushlstring(L, bio_buf->data, bio_buf->length);
ret = 1;
}
else
ret = 0;
if (signers1)
{
signers1 = openssl_sk_x509_dup(signers1);
PUSH_OBJECT(signers1, "openssl.sk_x509");
ret += 1;
}
}
else
{
lua_pushnil(L);
ret = 1;
}
if (out)
BIO_free(out);
if (in)
BIO_free(in);
return ret;
}
static int openssl_cms_EncryptedData_encrypt(lua_State*L)
{
BIO* in = load_bio_object(L, 1);
const EVP_CIPHER* ciphers = get_cipher(L, 2, NULL);
size_t klen;
const char* key = luaL_checklstring(L, 3, &klen);
unsigned int flags = luaL_optint(L, 4, 0);
CMS_ContentInfo *cms = CMS_EncryptedData_encrypt(in, ciphers, (const unsigned char*) key, klen, flags);
if (cms)
{
PUSH_OBJECT(cms, "openssl.cms");
return 1;
}
return openssl_pushresult(L, 0);
}
static int openssl_ssl_session_read(lua_State*L)
{
BIO *in = load_bio_object(L, 1);
SSL_SESSION* ss = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
if (!ss)
{
BIO_reset(in);
ss = d2i_SSL_SESSION_bio(in, NULL);
}
BIO_free(in);
if (ss)
{
PUSH_OBJECT(ss, "openssl.ssl_session");
return 1;
}
return openssl_pushresult(L, 0);
}
static int openssl_cms_sign(lua_State *L)
{
X509* signcert = CHECK_OBJECT(1, X509, "openssl.x509");
EVP_PKEY* pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey");
STACK_OF(X509)* certs = openssl_sk_x509_fromtable(L, 3);
BIO* data = load_bio_object(L, 4);
unsigned int flags = luaL_optint(L, 5, 0);
CMS_ContentInfo *cms;
cms = CMS_sign(signcert, pkey, certs, data, flags);
if (cms)
{
PUSH_OBJECT(cms, "openssl.cms");
return 1;
}
return openssl_pushresult(L, 0);
}
static int openssl_cms_sign(lua_State *L)
{
X509* signcert = CHECK_OBJECT(1, X509, "openssl.x509");
EVP_PKEY* pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey");
STACK_OF(X509)* certs = CHECK_OBJECT(3, STACK_OF(X509), "openssl.stack_of_x509");
BIO* data = load_bio_object(L, 4);
unsigned int flags = luaL_optint(L, 5, 0);
CMS_ContentInfo *cms;
luaL_argcheck(L, openssl_pkey_is_private(pkey), 2, "must be private key");
cms = CMS_sign(signcert, pkey, certs, data, flags);
if (cms)
{
PUSH_OBJECT(cms, "openssl.cms");
return 1;
}
return openssl_pushresult(L, 0);
}
static LUA_FUNCTION(openssl_pkcs12_read)
{
PKCS12 * p12 = NULL;
EVP_PKEY * pkey = NULL;
X509 * cert = NULL;
STACK_OF(X509) * ca = NULL;
int ret = 0;
int base64 = 0;
int olb64 = 0;
BIO * b64 = NULL;
BIO * bio_in = load_bio_object(L, 1);
const char *pass = luaL_checkstring(L, 2);
if (!lua_isnoneornil(L, 3))
base64 = auxiliar_checkboolean(L, 3);
if (!lua_isnoneornil(L, 4))
olb64 = auxiliar_checkboolean(L, 4);
if (base64)
{
if ((b64 = BIO_new(BIO_f_base64())) == NULL)
return 0;
if (olb64) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
bio_in = BIO_push(b64, bio_in);
}
if (d2i_PKCS12_bio(bio_in, &p12) && PKCS12_parse(p12, pass, &pkey, &cert, &ca))
{
lua_newtable(L);
AUXILIAR_SETOBJECT(L, cert, "openssl.x509" , -1, "cert");
AUXILIAR_SETOBJECT(L, pkey, "openssl.evp_pkey" , -1, "pkey");
AUXILIAR_SETOBJECT(L, ca, "openssl.stack_of_x509" , -1, "extracerts");
ret = 1;
}
if (b64)
BIO_free(b64);
BIO_free(bio_in);
PKCS12_free(p12);
return ret;
}
static LUA_FUNCTION(openssl_pkcs7_read)
{
BIO* bio = load_bio_object(L, 1);
int fmt = luaL_checkoption(L, 2, "auto", format);
PKCS7 *p7 = NULL;
BIO* ctx = NULL;
if (fmt == FORMAT_AUTO)
{
fmt = bio_is_der(bio) ? FORMAT_DER : FORMAT_PEM;
}
if (fmt == FORMAT_DER)
{
p7 = d2i_PKCS7_bio(bio, NULL);
BIO_reset(bio);
}
else if (fmt == FORMAT_PEM)
{
p7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL);
BIO_reset(bio);
}
else if (fmt == FORMAT_SMIME)
{
p7 = SMIME_read_PKCS7(bio, &ctx);
}
BIO_free(bio);
if (p7)
{
PUSH_OBJECT(p7, "openssl.pkcs7");
if (ctx)
{
BUF_MEM* mem;
BIO_get_mem_ptr(ctx, &mem);
lua_pushlstring(L, mem->data, mem->length);
BIO_free(ctx);
return 2;
}
return 1;
}
return openssl_pushresult(L, 0);
}
static LUA_FUNCTION(openssl_base64)
{
BIO *inp = load_bio_object(L, 1);
int encode = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
int nonl = lua_isnoneornil(L, 3) ? BIO_FLAGS_BASE64_NO_NL
: (lua_toboolean(L, 3) ? BIO_FLAGS_BASE64_NO_NL : 0);
BIO *b64 = BIO_new(BIO_f_base64());
BIO *out = BIO_new(BIO_s_mem());
BUF_MEM* mem = {0};
BIO_set_flags(b64, nonl);
if (encode)
{
BIO_push(b64, out);
BIO_get_mem_ptr(inp, &mem);
BIO_write(b64, mem->data, mem->length);
BIO_flush(b64);
}
else
{
char inbuf[512];
int inlen;
BIO_push(b64, inp);
while ((inlen = BIO_read(b64, inbuf, 512)) > 0)
BIO_write(out, inbuf, inlen);
BIO_flush(out);
}
BIO_get_mem_ptr(out, &mem);
if (mem->length > 0)
lua_pushlstring(L, mem->data, mem->length);
else
lua_pushnil(L);
BIO_free_all(b64);
if (encode)
BIO_free(inp);
else
BIO_free(out);
return 1;
}
static LUA_FUNCTION(openssl_pkcs7_verify)
{
int ret = 0;
PKCS7 *p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7");
STACK_OF(X509) *signers = lua_isnoneornil(L, 2) ? NULL : openssl_sk_x509_fromtable(L, 2);
X509_STORE *store = lua_isnoneornil(L, 3) ? NULL : CHECK_OBJECT(3, X509_STORE, "openssl.x509_store");
BIO* in = lua_isnoneornil(L, 4) ? NULL : load_bio_object(L, 4);
long flags = luaL_optint(L, 5, 0);
BIO* out = BIO_new(BIO_s_mem());
if (!store)
flags |= PKCS7_NOVERIFY;
if (PKCS7_verify(p7, signers, store, in, out, flags) == 1)
{
if (out && (flags & PKCS7_DETACHED) == 0)
{
BUF_MEM *bio_buf;
BIO_get_mem_ptr(out, &bio_buf);
lua_pushlstring(L, bio_buf->data, bio_buf->length);
}
else
{
lua_pushboolean(L, 1);
}
ret += 1;
}
else
{
ret = openssl_pushresult(L, 0);
}
if (signers)
sk_X509_pop_free(signers, X509_free);
if (out)
BIO_free(out);
if (in)
BIO_free(in);
return ret;
}
static LUA_FUNCTION(openssl_base64)
{
size_t l = 0;
BIO *bio = load_bio_object(L, 1);
int encode = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
BIO *b64 = BIO_new(BIO_f_base64());
BIO *out = BIO_new(BIO_s_mem());
BUF_MEM* mem;
if (encode)
{
BIO_push(b64, out);
BIO_get_mem_ptr(bio, &mem);
lua_pushlstring(L, mem->data, mem->length);
BIO_write(b64, mem->data, mem->length);
BIO_flush(b64);
}
else
{
char inbuf[512];
int inlen;
BIO_push(b64, bio);
while ((inlen = BIO_read(b64, inbuf, 512)) > 0)
BIO_write(out, inbuf, inlen);
BIO_flush(out);
}
BIO_get_mem_ptr(out, &mem);
lua_pushlstring(L, mem->data, mem->length);
BIO_free_all(b64);
if (encode)
BIO_free(bio);
else
BIO_free(out);
return 1;
}
static int openssl_cms_compress(lua_State *L)
{
BIO* in = load_bio_object(L, 1);
int nid = NID_undef;
unsigned int flags = 0;
const char* compress_options[] =
{
"zlib",
"rle",
NULL
};
CMS_ContentInfo *cms;
nid = luaL_checkoption(L, 2, "zlib", compress_options);
flags = luaL_optint(L, 3, 0);
cms = CMS_compress(in, nid, flags);
if (cms)
{
PUSH_OBJECT(cms, "openssl.cms");
return 1;
}
return openssl_pushresult(L, 0);
}
