Skip to content

Commit cc6f021

Browse files
kunkkukunkku
committed
pkey: PEM password callback
1 parent ccfb4be commit cc6f021

File tree

1 file changed

+17
-9
lines changed

1 file changed

+17
-9
lines changed

src/openssl.c

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3404,9 +3404,15 @@ static BIO *getbio(lua_State *L) {
34043404

34053405

34063406
static int pem_pw_cb(char *buf, int size, int rwflag, void *u) {
3407-
if (!u)
3407+
lua_State *L = (lua_State *) u;
3408+
3409+
if (lua_isnil(L, -1) || (lua_isfunction(L, -1) && lua_pcall(L, 0, 1, 0)))
3410+
return 0;
3411+
3412+
const char *pass = lua_tostring(L, -1);
3413+
if (!pass)
34083414
return 0;
3409-
char *pass = (char *) u;
3415+
34103416
strncpy(buf, pass, size);
34113417
return MIN(strlen(pass), (unsigned int) size);
34123418
} /* pem_password_cb() */
@@ -3622,7 +3628,7 @@ static int pk_new(lua_State *L) {
36223628
} else if (lua_isstring(L, 1)) {
36233629
int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER);
36243630
int pubonly = 0, prvtonly = 0;
3625-
const char *opt, *data, *pass;
3631+
const char *opt, *data;
36263632
size_t len;
36273633
BIO *bio;
36283634
EVP_PKEY *pub = NULL, *prvt = NULL;
@@ -3640,14 +3646,15 @@ static int pk_new(lua_State *L) {
36403646
}
36413647

36423648
data = luaL_checklstring(L, 1, &len);
3643-
pass = luaL_optstring(L, 4, NULL);
36443649

36453650
ud = prepsimple(L, PKEY_CLASS);
36463651

36473652
if (!(bio = BIO_new_mem_buf((void *)data, len)))
36483653
return auxL_error(L, auxL_EOPENSSL, "pkey.new");
36493654

36503655
if (type == X509_PEM || type == X509_ANY) {
3656+
lua_pushvalue(L, 4);
3657+
36513658
if (!prvtonly && !pub) {
36523659
/*
36533660
* BIO_reset is a rewind for read-only
@@ -3656,16 +3663,18 @@ static int pk_new(lua_State *L) {
36563663
*/
36573664
BIO_reset(bio);
36583665

3659-
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass)))
3666+
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, L)))
36603667
goterr = 1;
36613668
}
36623669

36633670
if (!pubonly && !prvt) {
36643671
BIO_reset(bio);
36653672

3666-
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass)))
3673+
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, L)))
36673674
goterr = 1;
36683675
}
3676+
3677+
lua_pop(L, 1);
36693678
}
36703679

36713680
if (type == X509_DER || type == X509_ANY) {
@@ -4092,11 +4101,10 @@ static int pk_toPEM(lua_State *L) {
40924101
static int pk_getPrivateKey(lua_State *L) {
40934102
EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
40944103
const char *cname = luaL_optstring(L, 2, NULL);
4095-
const char *pass = NULL;
40964104
EVP_CIPHER *cipher = NULL;
4105+
lua_settop(L, 3);
40974106

40984107
if (cname) {
4099-
pass = luaL_checkstring(L, 3);
41004108
cipher = EVP_get_cipherbyname(cname);
41014109
if (!cipher)
41024110
return luaL_error(L, "pkey:getPrivateKey: unknown cipher: %s", cname);
@@ -4106,7 +4114,7 @@ static int pk_getPrivateKey(lua_State *L) {
41064114
char *str;
41074115
long len;
41084116

4109-
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass))
4117+
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, L))
41104118
return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey");
41114119
len = BIO_get_mem_data(bio, &str);
41124120
lua_pushlstring(L, str, len);

0 commit comments

Comments
 (0)