static int openssl_cms_read(lua_State *L) { BIO* in = load_bio_object(L, 1); int fmt = luaL_checkoption(L, 2, "auto", format); CMS_ContentInfo *cms = NULL; if (fmt == FORMAT_AUTO) { fmt = bio_is_der(in) ? FORMAT_DER : FORMAT_PEM; } if (fmt == FORMAT_DER) { cms = d2i_CMS_bio(in, NULL); //CMS_ContentInfo *cms = CMS_ContentInfo_new(); //int ret = i2d_CMS_bio(bio, cms); }else if (fmt == FORMAT_PEM) { cms = PEM_read_bio_CMS(in, NULL, NULL, NULL); }else if (fmt == FORMAT_SMIME) { BIO *indata = load_bio_object(L, 3); cms = SMIME_read_CMS(in, &indata); } if (cms) { PUSH_OBJECT(cms, "openssl.cms"); return 1; } return openssl_pushresult(L, 0); }
static int openssl_cms_uncompress(lua_State *L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); BIO *in = load_bio_object(L, 2); BIO *out = load_bio_object(L, 3); int flags = luaL_optint(L, 4, 0); int ret = CMS_uncompress(cms, in, out, flags); return openssl_pushresult(L, ret); }
static int openssl_cms_EncryptedData_decrypt(lua_State*L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); size_t klen; const char* key = luaL_checklstring(L, 2, &klen); BIO* dcont = load_bio_object(L, 3); BIO* out = load_bio_object(L, 4); unsigned int flags = luaL_optint(L, 5, 0); int ret = CMS_EncryptedData_decrypt(cms, (const unsigned char*)key, klen, dcont, out, flags); return openssl_pushresult(L, ret); }
static int openssl_cms_decrypt(lua_State *L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); EVP_PKEY* pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey"); X509* x509 = CHECK_OBJECT(3, X509, "openssl.x509"); BIO* dcont = load_bio_object(L, 4); BIO* out = load_bio_object(L, 5); unsigned int flags = luaL_optint(L, 6, 0); int ret = 1; if (lua_istable(L, 7)) { lua_getfield(L, 7, "password"); if (lua_isstring(L, -1)) { unsigned char*passwd = (unsigned char*)lua_tostring(L, -1); ret = CMS_decrypt_set1_password(cms, passwd, -1); } else if (!lua_isnil(L, -1)) { luaL_argerror(L, 7, "password field must be string"); } lua_pop(L, 1); if (ret) { lua_getfield(L, 7, "key"); lua_getfield(L, 7, "keyid"); if (lua_isstring(L, -1) && lua_isstring(L, -2)) { size_t keylen, keyidlen; unsigned char*key = (unsigned char*)lua_tolstring(L, -2, &keylen); unsigned char*keyid = (unsigned char*)lua_tolstring(L, -1, &keyidlen); ret = CMS_decrypt_set1_key(cms, key, keylen, keyid, keyidlen); } else if (!lua_isnil(L, -1) || !lua_isnil(L, -2)) { luaL_argerror(L, 7, "key and keyid field must be string"); } lua_pop(L, 2); } } if (ret) { ret = CMS_decrypt_set1_pkey(cms, pkey, x509); } if (ret == 1) ret = CMS_decrypt(cms, NULL, NULL, dcont, out, flags); return openssl_pushresult(L, ret); }
static LUA_FUNCTION(openssl_pkcs7_encrypt) { PKCS7 * p7 = NULL; BIO *in = load_bio_object(L, 1); STACK_OF(X509) *recipcerts = openssl_sk_x509_fromtable(L, 2); const EVP_CIPHER *cipher = get_cipher(L, 3, "des3"); long flags = luaL_optint(L, 4, 0); if (cipher == NULL) { luaL_error(L, "Failed to get cipher"); } p7 = PKCS7_encrypt(recipcerts, in, cipher, flags); BIO_free(in); sk_X509_pop_free(recipcerts, X509_free); if (p7 == NULL) { lua_pushnil(L); } else { PUSH_OBJECT(p7, "openssl.pkcs7"); } return 1; }
static LUA_FUNCTION(openssl_pkcs7_sign) { BIO *in = load_bio_object(L, 1); X509 *cert = CHECK_OBJECT(2, X509, "openssl.x509"); EVP_PKEY *privkey = CHECK_OBJECT(3, EVP_PKEY, "openssl.evp_pkey"); STACK_OF(X509) *others = lua_isnoneornil(L, 4) ? 0 : openssl_sk_x509_fromtable(L, 4); long flags = luaL_optint(L, 5, 0); PKCS7 *p7 = NULL; luaL_argcheck(L, openssl_pkey_is_private(privkey), 3, "must be private key"); if (!X509_check_private_key(cert, privkey)) luaL_error(L, "sigcert and private key not match"); p7 = PKCS7_sign(cert, privkey, others, in, flags); BIO_free(in); if (others) sk_X509_pop_free(others, X509_free); if (p7) { PUSH_OBJECT(p7, "openssl.pkcs7"); return 1; } else { luaL_error(L, "error creating PKCS7 structure!"); } return 0; }
static int openssl_cms_create(lua_State*L) { CMS_ContentInfo *cms = NULL; if (lua_gettop(L) == 1) { cms = CMS_ContentInfo_new(); } else { BIO* in = load_bio_object(L, 1); if (lua_isuserdata(L, 2)) { const EVP_MD* md = get_digest(L, 2); int flags = luaL_optint(L, 3, 0); cms = CMS_digest_create(in, md, flags); } else { int flags = luaL_optint(L, 2, 0); cms = CMS_data_create(in, flags); } } PUSH_OBJECT(cms, "openssl.cms"); return 1; }
static LUA_FUNCTION(openssl_csr_read) { BIO * in = load_bio_object(L, 1); int fmt = luaL_checkoption(L, 2, "auto", format); X509_REQ * csr = NULL; if (fmt == FORMAT_AUTO) { fmt = bio_is_der(in) ? FORMAT_DER : FORMAT_PEM; } if (fmt == FORMAT_PEM) { csr = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); BIO_reset(in); }else if (fmt == FORMAT_DER) { csr = d2i_X509_REQ_bio(in, NULL); BIO_reset(in); } BIO_free(in); if (csr) { PUSH_OBJECT(csr, "openssl.x509_req"); return 1; } return openssl_pushresult(L, 0); }
static LUA_FUNCTION(openssl_crl_read) { BIO * in = load_bio_object(L, 1); int fmt = luaL_checkoption(L, 2, "auto", format); X509_CRL *crl = NULL; if (fmt == FORMAT_AUTO || fmt == FORMAT_PEM) { crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); BIO_reset(in); } if ((fmt == FORMAT_AUTO && crl == NULL) || fmt == FORMAT_DER) { crl = d2i_X509_CRL_bio(in, NULL); BIO_reset(in); } BIO_free(in); if (crl) { PUSH_OBJECT(crl, "openssl.x509_crl"); return 1; } return 0; }
static int openssl_cms_bio_new(lua_State*L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); BIO* out = lua_isnoneornil(L, 2) ? NULL : load_bio_object(L, 2); out = BIO_new_CMS(out, cms); PUSH_OBJECT(out, "openssl.bio"); return 1; }
static int openssl_cms_datainit(lua_State *L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); BIO* icont = load_bio_object(L, 2); icont = CMS_dataInit(cms, icont); PUSH_OBJECT(icont, "openssl.bio"); return 1; }
static int openssl_cms_datafinal(lua_State *L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); BIO* bio = load_bio_object(L, 2); int ret = CMS_dataFinal(cms, bio); lua_pushboolean(L, ret); return 1; }
static int openssl_cms_data(lua_State *L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); BIO *out = load_bio_object(L, 2); unsigned int flags = luaL_optint(L, 3, 0); int ret = CMS_data(cms, out, flags); return openssl_pushresult(L, ret); }
static int openssl_cms_final(lua_State*L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); BIO* in = load_bio_object(L, 2); int flags = luaL_optint(L, 3, 0); int ret = CMS_final(cms, in, NULL, flags); return openssl_pushresult(L, ret); }
static int openssl_cms_verify(lua_State *L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); static const char* verify_mode[] = { "verify", /* 0 */ "digest", /* 1 */ "receipt", /* 2 */ NULL }; int mode = luaL_checkoption(L, 2, NULL, verify_mode); if (mode == 1) { BIO* in = load_bio_object(L, 3); BIO* out = load_bio_object(L, 4); unsigned int flags = luaL_optint(L, 5, 0); int ret = CMS_digest_verify(cms, in, out, flags); return openssl_pushresult(L, ret); } if (mode == 2) { CMS_ContentInfo *src = CHECK_OBJECT(3, CMS_ContentInfo, "openssl.cms"); STACK_OF(X509) *other = CHECK_OBJECT(4, STACK_OF(X509), "openssl.stack_of_x509"); X509_STORE* store = CHECK_OBJECT(5, X509_STORE, "openssl.x509_store"); unsigned int flags = luaL_optint(L, 6, 0); int ret = CMS_verify_receipt(cms, src, other, store, flags); return openssl_pushresult(L, ret); } if (mode == 0) { STACK_OF(X509) *other = CHECK_OBJECT(3, STACK_OF(X509), "openssl.stack_of_x509"); X509_STORE* store = CHECK_OBJECT(4, X509_STORE, "openssl.x509_store"); BIO* in = load_bio_object(L, 5); BIO* out = load_bio_object(L, 6); unsigned int flags = luaL_optint(L, 7, 0); int ret = CMS_verify(cms, other, store, in, out, flags); return openssl_pushresult(L, ret); } return 0; }
static LUA_FUNCTION(openssl_ts_req_read) { BIO *in = load_bio_object(L, 1); TS_REQ *ts_req = d2i_TS_REQ_bio(in, NULL); BIO_free(in); if (ts_req) { PUSH_OBJECT(ts_req, "openssl.ts_req"); return 1; } return 0; }
static int openssl_cms_write(lua_State *L) { CMS_ContentInfo *cms = CHECK_OBJECT(1, CMS_ContentInfo, "openssl.cms"); BIO *out = load_bio_object(L, 2); BIO *in = load_bio_object(L, 3); int flags = luaL_optint(L, 4, 0); int fmt = luaL_checkoption(L, 5, "smime", format); int ret = 0; if (fmt == FORMAT_SMIME) ret = SMIME_write_CMS(out, cms, in, flags); else if (fmt == FORMAT_PEM) ret = PEM_write_bio_CMS_stream(out, cms, in, flags); else if (fmt == FORMAT_DER) { ret = i2d_CMS_bio_stream(out, cms, in, flags); //i2d_CMS_bio } else luaL_argerror(L, 5, "only accept smime, pem or der"); return openssl_pushresult(L, ret); }
static int openssl_xname_print(lua_State*L) { X509_NAME* xname = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); BIO* bio = load_bio_object(L, 2); int indent = luaL_optint(L, 3, 0); unsigned long flags = luaL_optinteger(L, 4, 0); int ret = X509_NAME_print_ex(bio, xname, indent, flags); BIO_free(bio); if (ret == 1) lua_pushboolean(L, 1); else return openssl_pushresult(L, ret); return 1; };
static LUA_FUNCTION(openssl_lhash_read) { long eline = -1; BIO* bio = load_bio_object(L, 1); LHASH* lhash = CONF_load_bio(NULL, bio, &eline); if (lhash) PUSH_OBJECT(lhash, "openssl.lhash"); else { lua_pushfstring(L, "ERROR at LINE %d", eline); luaL_argerror(L, 1, lua_tostring(L, -1)); } return 1; }
static LUA_FUNCTION(openssl_pkcs7_verify) { int ret = 0; PKCS7 *p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7"); STACK_OF(X509) *signers = lua_isnoneornil(L, 2) ? NULL : CHECK_OBJECT(2, STACK_OF(X509), "openssl.stack_of_x509"); X509_STORE *store = lua_isnoneornil(L, 3) ? NULL : CHECK_OBJECT(3, X509_STORE, "openssl.x509_store"); BIO* in = lua_isnoneornil(L, 4) ? NULL : load_bio_object(L, 4); long flags = luaL_optint(L, 5, 0); BIO* out = BIO_new(BIO_s_mem()); if (!store) { luaL_error(L, "can't setup veirfy cainfo"); } if (PKCS7_verify(p7, signers, store, in, out, flags) == 1) { STACK_OF(X509) *signers1 = PKCS7_get0_signers(p7, NULL, flags); if (out) { BUF_MEM *bio_buf; BIO_get_mem_ptr(out, &bio_buf); lua_pushlstring(L, bio_buf->data, bio_buf->length); ret = 1; } else ret = 0; if (signers1) { signers1 = openssl_sk_x509_dup(signers1); PUSH_OBJECT(signers1, "openssl.sk_x509"); ret += 1; } } else { lua_pushnil(L); ret = 1; } if (out) BIO_free(out); if (in) BIO_free(in); return ret; }
static int openssl_cms_EncryptedData_encrypt(lua_State*L) { BIO* in = load_bio_object(L, 1); const EVP_CIPHER* ciphers = get_cipher(L, 2, NULL); size_t klen; const char* key = luaL_checklstring(L, 3, &klen); unsigned int flags = luaL_optint(L, 4, 0); CMS_ContentInfo *cms = CMS_EncryptedData_encrypt(in, ciphers, (const unsigned char*) key, klen, flags); if (cms) { PUSH_OBJECT(cms, "openssl.cms"); return 1; } return openssl_pushresult(L, 0); }
static int openssl_ssl_session_read(lua_State*L) { BIO *in = load_bio_object(L, 1); SSL_SESSION* ss = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL); if (!ss) { BIO_reset(in); ss = d2i_SSL_SESSION_bio(in, NULL); } BIO_free(in); if (ss) { PUSH_OBJECT(ss, "openssl.ssl_session"); return 1; } return openssl_pushresult(L, 0); }
static int openssl_cms_sign(lua_State *L) { X509* signcert = CHECK_OBJECT(1, X509, "openssl.x509"); EVP_PKEY* pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey"); STACK_OF(X509)* certs = openssl_sk_x509_fromtable(L, 3); BIO* data = load_bio_object(L, 4); unsigned int flags = luaL_optint(L, 5, 0); CMS_ContentInfo *cms; cms = CMS_sign(signcert, pkey, certs, data, flags); if (cms) { PUSH_OBJECT(cms, "openssl.cms"); return 1; } return openssl_pushresult(L, 0); }
static int openssl_cms_sign(lua_State *L) { X509* signcert = CHECK_OBJECT(1, X509, "openssl.x509"); EVP_PKEY* pkey = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey"); STACK_OF(X509)* certs = CHECK_OBJECT(3, STACK_OF(X509), "openssl.stack_of_x509"); BIO* data = load_bio_object(L, 4); unsigned int flags = luaL_optint(L, 5, 0); CMS_ContentInfo *cms; luaL_argcheck(L, openssl_pkey_is_private(pkey), 2, "must be private key"); cms = CMS_sign(signcert, pkey, certs, data, flags); if (cms) { PUSH_OBJECT(cms, "openssl.cms"); return 1; } return openssl_pushresult(L, 0); }
static LUA_FUNCTION(openssl_pkcs12_read) { PKCS12 * p12 = NULL; EVP_PKEY * pkey = NULL; X509 * cert = NULL; STACK_OF(X509) * ca = NULL; int ret = 0; int base64 = 0; int olb64 = 0; BIO * b64 = NULL; BIO * bio_in = load_bio_object(L, 1); const char *pass = luaL_checkstring(L, 2); if (!lua_isnoneornil(L, 3)) base64 = auxiliar_checkboolean(L, 3); if (!lua_isnoneornil(L, 4)) olb64 = auxiliar_checkboolean(L, 4); if (base64) { if ((b64 = BIO_new(BIO_f_base64())) == NULL) return 0; if (olb64) BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); bio_in = BIO_push(b64, bio_in); } if (d2i_PKCS12_bio(bio_in, &p12) && PKCS12_parse(p12, pass, &pkey, &cert, &ca)) { lua_newtable(L); AUXILIAR_SETOBJECT(L, cert, "openssl.x509" , -1, "cert"); AUXILIAR_SETOBJECT(L, pkey, "openssl.evp_pkey" , -1, "pkey"); AUXILIAR_SETOBJECT(L, ca, "openssl.stack_of_x509" , -1, "extracerts"); ret = 1; } if (b64) BIO_free(b64); BIO_free(bio_in); PKCS12_free(p12); return ret; }
static LUA_FUNCTION(openssl_pkcs7_read) { BIO* bio = load_bio_object(L, 1); int fmt = luaL_checkoption(L, 2, "auto", format); PKCS7 *p7 = NULL; BIO* ctx = NULL; if (fmt == FORMAT_AUTO) { fmt = bio_is_der(bio) ? FORMAT_DER : FORMAT_PEM; } if (fmt == FORMAT_DER) { p7 = d2i_PKCS7_bio(bio, NULL); BIO_reset(bio); } else if (fmt == FORMAT_PEM) { p7 = PEM_read_bio_PKCS7(bio, NULL, NULL, NULL); BIO_reset(bio); } else if (fmt == FORMAT_SMIME) { p7 = SMIME_read_PKCS7(bio, &ctx); } BIO_free(bio); if (p7) { PUSH_OBJECT(p7, "openssl.pkcs7"); if (ctx) { BUF_MEM* mem; BIO_get_mem_ptr(ctx, &mem); lua_pushlstring(L, mem->data, mem->length); BIO_free(ctx); return 2; } return 1; } return openssl_pushresult(L, 0); }
static LUA_FUNCTION(openssl_base64) { BIO *inp = load_bio_object(L, 1); int encode = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2); int nonl = lua_isnoneornil(L, 3) ? BIO_FLAGS_BASE64_NO_NL : (lua_toboolean(L, 3) ? BIO_FLAGS_BASE64_NO_NL : 0); BIO *b64 = BIO_new(BIO_f_base64()); BIO *out = BIO_new(BIO_s_mem()); BUF_MEM* mem = {0}; BIO_set_flags(b64, nonl); if (encode) { BIO_push(b64, out); BIO_get_mem_ptr(inp, &mem); BIO_write(b64, mem->data, mem->length); BIO_flush(b64); } else { char inbuf[512]; int inlen; BIO_push(b64, inp); while ((inlen = BIO_read(b64, inbuf, 512)) > 0) BIO_write(out, inbuf, inlen); BIO_flush(out); } BIO_get_mem_ptr(out, &mem); if (mem->length > 0) lua_pushlstring(L, mem->data, mem->length); else lua_pushnil(L); BIO_free_all(b64); if (encode) BIO_free(inp); else BIO_free(out); return 1; }
static LUA_FUNCTION(openssl_pkcs7_verify) { int ret = 0; PKCS7 *p7 = CHECK_OBJECT(1, PKCS7, "openssl.pkcs7"); STACK_OF(X509) *signers = lua_isnoneornil(L, 2) ? NULL : openssl_sk_x509_fromtable(L, 2); X509_STORE *store = lua_isnoneornil(L, 3) ? NULL : CHECK_OBJECT(3, X509_STORE, "openssl.x509_store"); BIO* in = lua_isnoneornil(L, 4) ? NULL : load_bio_object(L, 4); long flags = luaL_optint(L, 5, 0); BIO* out = BIO_new(BIO_s_mem()); if (!store) flags |= PKCS7_NOVERIFY; if (PKCS7_verify(p7, signers, store, in, out, flags) == 1) { if (out && (flags & PKCS7_DETACHED) == 0) { BUF_MEM *bio_buf; BIO_get_mem_ptr(out, &bio_buf); lua_pushlstring(L, bio_buf->data, bio_buf->length); } else { lua_pushboolean(L, 1); } ret += 1; } else { ret = openssl_pushresult(L, 0); } if (signers) sk_X509_pop_free(signers, X509_free); if (out) BIO_free(out); if (in) BIO_free(in); return ret; }
static LUA_FUNCTION(openssl_base64) { size_t l = 0; BIO *bio = load_bio_object(L, 1); int encode = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2); BIO *b64 = BIO_new(BIO_f_base64()); BIO *out = BIO_new(BIO_s_mem()); BUF_MEM* mem; if (encode) { BIO_push(b64, out); BIO_get_mem_ptr(bio, &mem); lua_pushlstring(L, mem->data, mem->length); BIO_write(b64, mem->data, mem->length); BIO_flush(b64); } else { char inbuf[512]; int inlen; BIO_push(b64, bio); while ((inlen = BIO_read(b64, inbuf, 512)) > 0) BIO_write(out, inbuf, inlen); BIO_flush(out); } BIO_get_mem_ptr(out, &mem); lua_pushlstring(L, mem->data, mem->length); BIO_free_all(b64); if (encode) BIO_free(bio); else BIO_free(out); return 1; }
static int openssl_cms_compress(lua_State *L) { BIO* in = load_bio_object(L, 1); int nid = NID_undef; unsigned int flags = 0; const char* compress_options[] = { "zlib", "rle", NULL }; CMS_ContentInfo *cms; nid = luaL_checkoption(L, 2, "zlib", compress_options); flags = luaL_optint(L, 3, 0); cms = CMS_compress(in, nid, flags); if (cms) { PUSH_OBJECT(cms, "openssl.cms"); return 1; } return openssl_pushresult(L, 0); }