Skip to content

Commit 2cea827

Browse files
kunkkukunkku
committed
pkey: PEM password callback
1 parent ccfb4be commit 2cea827

File tree

1 file changed

+17
-13
lines changed

1 file changed

+17
-13
lines changed

src/openssl.c

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3404,9 +3404,15 @@ static BIO *getbio(lua_State *L) {
34043404

34053405

34063406
static int pem_pw_cb(char *buf, int size, int rwflag, void *u) {
3407-
if (!u)
3407+
lua_State *L = (lua_State *) u;
3408+
3409+
if (lua_isnil(L, -1) || (lua_isfunction(L, -1) && lua_pcall(L, 0, 1, 0)))
3410+
return 0;
3411+
3412+
const char *pass = lua_tostring(L, -1);
3413+
if (!pass)
34083414
return 0;
3409-
char *pass = (char *) u;
3415+
34103416
strncpy(buf, pass, size);
34113417
return MIN(strlen(pass), (unsigned int) size);
34123418
} /* pem_password_cb() */
@@ -3622,7 +3628,7 @@ static int pk_new(lua_State *L) {
36223628
} else if (lua_isstring(L, 1)) {
36233629
int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER);
36243630
int pubonly = 0, prvtonly = 0;
3625-
const char *opt, *data, *pass;
3631+
const char *opt, *data;
36263632
size_t len;
36273633
BIO *bio;
36283634
EVP_PKEY *pub = NULL, *prvt = NULL;
@@ -3640,9 +3646,6 @@ static int pk_new(lua_State *L) {
36403646
}
36413647

36423648
data = luaL_checklstring(L, 1, &len);
3643-
pass = luaL_optstring(L, 4, NULL);
3644-
3645-
ud = prepsimple(L, PKEY_CLASS);
36463649

36473650
if (!(bio = BIO_new_mem_buf((void *)data, len)))
36483651
return auxL_error(L, auxL_EOPENSSL, "pkey.new");
@@ -3656,14 +3659,14 @@ static int pk_new(lua_State *L) {
36563659
*/
36573660
BIO_reset(bio);
36583661

3659-
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass)))
3662+
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, L)))
36603663
goterr = 1;
36613664
}
36623665

36633666
if (!pubonly && !prvt) {
36643667
BIO_reset(bio);
36653668

3666-
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass)))
3669+
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, L)))
36673670
goterr = 1;
36683671
}
36693672
}
@@ -3684,6 +3687,10 @@ static int pk_new(lua_State *L) {
36843687
}
36853688
}
36863689

3690+
BIO_free(bio);
3691+
3692+
ud = prepsimple(L, PKEY_CLASS);
3693+
36873694
if (prvt) {
36883695
#if 0
36893696
/* TODO: Determine if this is necessary. */
@@ -3709,8 +3716,6 @@ static int pk_new(lua_State *L) {
37093716
pub = NULL;
37103717
}
37113718
done:
3712-
BIO_free(bio);
3713-
37143719
if (pub)
37153720
EVP_PKEY_free(pub);
37163721

@@ -4092,11 +4097,10 @@ static int pk_toPEM(lua_State *L) {
40924097
static int pk_getPrivateKey(lua_State *L) {
40934098
EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
40944099
const char *cname = luaL_optstring(L, 2, NULL);
4095-
const char *pass = NULL;
40964100
EVP_CIPHER *cipher = NULL;
4101+
lua_settop(L, 3);
40974102

40984103
if (cname) {
4099-
pass = luaL_checkstring(L, 3);
41004104
cipher = EVP_get_cipherbyname(cname);
41014105
if (!cipher)
41024106
return luaL_error(L, "pkey:getPrivateKey: unknown cipher: %s", cname);
@@ -4106,7 +4110,7 @@ static int pk_getPrivateKey(lua_State *L) {
41064110
char *str;
41074111
long len;
41084112

4109-
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass))
4113+
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, L))
41104114
return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey");
41114115
len = BIO_get_mem_data(bio, &str);
41124116
lua_pushlstring(L, str, len);

0 commit comments

Comments
 (0)