Skip to content

Commit cf65579

Browse files
kunkkukunkku
committed
pkey: PEM password callback
1 parent 4899a21 commit cf65579

File tree

1 file changed

+27
-10
lines changed

1 file changed

+27
-10
lines changed

src/openssl.c

Lines changed: 27 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4071,9 +4071,21 @@ static BIO *getbio(lua_State *L) {
40714071

40724072

40734073
static int pem_pw_cb(char *buf, int size, int rwflag, void *u) {
4074-
if (!u)
4074+
lua_State *L = (lua_State *) u;
4075+
4076+
if (lua_isnil(L, -1))
40754077
return 0;
4076-
char *pass = (char *) u;
4078+
4079+
if (lua_isfunction(L, -1) && lua_pcall(L, 0, 1, 0)) {
4080+
lua_pop(L, 1);
4081+
lua_pushnil(L);
4082+
return 0;
4083+
}
4084+
4085+
const char *pass = lua_tostring(L, -1);
4086+
if (!pass)
4087+
return 0;
4088+
40774089
strncpy(buf, pass, size);
40784090
return MIN(strlen(pass), (unsigned int) size);
40794091
} /* pem_pw_cb() */
@@ -4318,7 +4330,7 @@ static int pk_new(lua_State *L) {
43184330
} else if (lua_isstring(L, 1)) {
43194331
int format;
43204332
int pubonly = 0, prvtonly = 0;
4321-
const char *type, *data, *pass;
4333+
const char *type, *data;
43224334
size_t len;
43234335
BIO *bio;
43244336
EVP_PKEY *pub = NULL, *prvt = NULL;
@@ -4344,8 +4356,7 @@ static int pk_new(lua_State *L) {
43444356
}
43454357
}
43464358

4347-
pass = luaL_optstring(L, -1, NULL);
4348-
if (pass) {
4359+
if (!lua_isnil(L, -1)) {
43494360
if (format == X509_DER)
43504361
return luaL_error(L, "decryption supported only for PEM keys");
43514362
else format = X509_PEM;
@@ -4359,6 +4370,8 @@ static int pk_new(lua_State *L) {
43594370
return auxL_error(L, auxL_EOPENSSL, "pkey.new");
43604371

43614372
if (format == X509_PEM || format == X509_ANY) {
4373+
lua_pushvalue(L, -2);
4374+
43624375
if (!prvtonly && !pub) {
43634376
/*
43644377
* BIO_reset is a rewind for read-only
@@ -4367,16 +4380,18 @@ static int pk_new(lua_State *L) {
43674380
*/
43684381
BIO_reset(bio);
43694382

4370-
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass)))
4383+
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, L)))
43714384
goterr = 1;
43724385
}
43734386

43744387
if (!pubonly && !prvt) {
43754388
BIO_reset(bio);
43764389

4377-
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass)))
4390+
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, L)))
43784391
goterr = 1;
43794392
}
4393+
4394+
lua_pop(L, 1);
43804395
}
43814396

43824397
if (format == X509_DER || format == X509_ANY) {
@@ -4717,7 +4732,6 @@ static int pk_toPEM(lua_State *L) {
47174732
int type;
47184733
const char *cname = NULL;
47194734
const EVP_CIPHER *cipher = NULL;
4720-
const char *pass = NULL;
47214735

47224736
if (lua_istable(L, i)) {
47234737
loadfield(L, i, "cipher", LUA_TSTRING, &cname);
@@ -4744,13 +4758,16 @@ static int pk_toPEM(lua_State *L) {
47444758
cipher = EVP_get_cipherbyname(cname);
47454759
if (!cipher)
47464760
return luaL_error(L, "pkey:toPEM: unknown cipher: %s", cname);
4747-
if (!loadfield(L, i, "password", LUA_TSTRING, &pass))
4761+
if (!getfield(L, i, "password"))
47484762
return luaL_error(L, "pkey:toPEM: password not defined");
47494763
}
47504764

4751-
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass))
4765+
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, L))
47524766
return auxL_error(L, auxL_EOPENSSL, "pkey:__tostring");
47534767

4768+
if (cname)
4769+
lua_pop(L, 1);
4770+
47544771
len = BIO_get_mem_data(bio, &pem);
47554772
lua_pushlstring(L, pem, len);
47564773
BIO_reset(bio);

0 commit comments

Comments
 (0)