Skip to content

Commit eaa5795

Browse files
kunkkukunkku
committed
pkey: PEM password callback
1 parent 9571438 commit eaa5795

File tree

1 file changed

+21
-10
lines changed

1 file changed

+21
-10
lines changed

src/openssl.c

Lines changed: 21 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3436,9 +3436,15 @@ static BIO *getbio(lua_State *L) {
34363436

34373437

34383438
static int pem_pw_cb(char *buf, int size, int rwflag, void *u) {
3439-
if (!u)
3439+
lua_State *L = (lua_State *) u;
3440+
3441+
if (lua_isnil(L, -1) || (lua_isfunction(L, -1) && lua_pcall(L, 0, 1, 0)))
3442+
return 0;
3443+
3444+
const char *pass = lua_tostring(L, -1);
3445+
if (!pass)
34403446
return 0;
3441-
char *pass = (char *) u;
3447+
34423448
strncpy(buf, pass, size);
34433449
return MIN(strlen(pass), (unsigned int) size);
34443450
} /* pem_password_cb() */
@@ -3654,7 +3660,7 @@ static int pk_new(lua_State *L) {
36543660
} else if (lua_isstring(L, 1)) {
36553661
int format;
36563662
int pubonly = 0, prvtonly = 0;
3657-
const char *type, *data, *pass;
3663+
const char *type, *data;
36583664
size_t len;
36593665
BIO *bio;
36603666
EVP_PKEY *pub = NULL, *prvt = NULL;
@@ -3680,8 +3686,7 @@ static int pk_new(lua_State *L) {
36803686
}
36813687
}
36823688

3683-
pass = luaL_optstring(L, -1, NULL);
3684-
if (pass)
3689+
if (!lua_isnil(L, -1))
36853690
if (format == X509_DER)
36863691
return luaL_error(L, "decryption supported only for PEM keys");
36873692
else format = X509_PEM;
@@ -3694,6 +3699,8 @@ static int pk_new(lua_State *L) {
36943699
return auxL_error(L, auxL_EOPENSSL, "pkey.new");
36953700

36963701
if (format == X509_PEM || format == X509_ANY) {
3702+
lua_pushvalue(L, -2);
3703+
36973704
if (!prvtonly && !pub) {
36983705
/*
36993706
* BIO_reset is a rewind for read-only
@@ -3702,16 +3709,18 @@ static int pk_new(lua_State *L) {
37023709
*/
37033710
BIO_reset(bio);
37043711

3705-
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass)))
3712+
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, L)))
37063713
goterr = 1;
37073714
}
37083715

37093716
if (!pubonly && !prvt) {
37103717
BIO_reset(bio);
37113718

3712-
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass)))
3719+
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, L)))
37133720
goterr = 1;
37143721
}
3722+
3723+
lua_pop(L, 1);
37153724
}
37163725

37173726
if (format == X509_DER || format == X509_ANY) {
@@ -4052,7 +4061,6 @@ static int pk_toPEM(lua_State *L) {
40524061
int type;
40534062
const char *cname = NULL;
40544063
EVP_CIPHER *cipher = NULL;
4055-
const char *pass = NULL;
40564064

40574065
if (lua_istable(L, i)) {
40584066
loadfield(L, i, "cipher", LUA_TSTRING, &cname);
@@ -4079,13 +4087,16 @@ static int pk_toPEM(lua_State *L) {
40794087
cipher = EVP_get_cipherbyname(cname);
40804088
if (!cipher)
40814089
return luaL_error(L, "pkey:toPEM: unknown cipher: %s", cname);
4082-
if (!loadfield(L, i, "password", LUA_TSTRING, &pass))
4090+
if (!getfield(L, i, "password"))
40834091
return luaL_error(L, "pkey:toPEM: password not defined");
40844092
}
40854093

4086-
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass))
4094+
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, L))
40874095
return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring");
40884096

4097+
if (cname)
4098+
lua_pop(L, 1);
4099+
40894100
len = BIO_get_mem_data(bio, &pem);
40904101
lua_pushlstring(L, pem, len);
40914102
BIO_reset(bio);

0 commit comments

Comments
 (0)