Skip to content

Commit b8c6bb0

Browse files
kunkkukunkku
committed
pkey: PEM password callback
1 parent a1bbc97 commit b8c6bb0

File tree

1 file changed

+17
-9
lines changed

1 file changed

+17
-9
lines changed

src/openssl.c

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3428,9 +3428,15 @@ static BIO *getbio(lua_State *L) {
34283428

34293429

34303430
static int pem_pw_cb(char *buf, int size, int rwflag, void *u) {
3431-
if (!u)
3431+
lua_State *L = (lua_State *) u;
3432+
3433+
if (lua_isnil(L, -1) || (lua_isfunction(L, -1) && lua_pcall(L, 0, 1, 0)))
3434+
return 0;
3435+
3436+
const char *pass = lua_tostring(L, -1);
3437+
if (!pass)
34323438
return 0;
3433-
char *pass = (char *) u;
3439+
34343440
strncpy(buf, pass, size);
34353441
return MIN(strlen(pass), (unsigned int) size);
34363442
} /* pem_pw_cb() */
@@ -3646,7 +3652,7 @@ static int pk_new(lua_State *L) {
36463652
} else if (lua_isstring(L, 1)) {
36473653
int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER);
36483654
int pubonly = 0, prvtonly = 0;
3649-
const char *opt, *data, *pass;
3655+
const char *opt, *data;
36503656
size_t len;
36513657
BIO *bio;
36523658
EVP_PKEY *pub = NULL, *prvt = NULL;
@@ -3664,14 +3670,15 @@ static int pk_new(lua_State *L) {
36643670
}
36653671

36663672
data = luaL_checklstring(L, 1, &len);
3667-
pass = luaL_optstring(L, 4, NULL);
36683673

36693674
ud = prepsimple(L, PKEY_CLASS);
36703675

36713676
if (!(bio = BIO_new_mem_buf((void *)data, len)))
36723677
return auxL_error(L, auxL_EOPENSSL, "pkey.new");
36733678

36743679
if (type == X509_PEM || type == X509_ANY) {
3680+
lua_pushvalue(L, 4);
3681+
36753682
if (!prvtonly && !pub) {
36763683
/*
36773684
* BIO_reset is a rewind for read-only
@@ -3680,16 +3687,18 @@ static int pk_new(lua_State *L) {
36803687
*/
36813688
BIO_reset(bio);
36823689

3683-
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass)))
3690+
if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, L)))
36843691
goterr = 1;
36853692
}
36863693

36873694
if (!pubonly && !prvt) {
36883695
BIO_reset(bio);
36893696

3690-
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass)))
3697+
if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, L)))
36913698
goterr = 1;
36923699
}
3700+
3701+
lua_pop(L, 1);
36933702
}
36943703

36953704
if (type == X509_DER || type == X509_ANY) {
@@ -4116,11 +4125,10 @@ static int pk_toPEM(lua_State *L) {
41164125
static int pk_getPrivateKey(lua_State *L) {
41174126
EVP_PKEY *key = checksimple(L, 1, PKEY_CLASS);
41184127
const char *cname = luaL_optstring(L, 2, NULL);
4119-
const char *pass = NULL;
41204128
EVP_CIPHER *cipher = NULL;
4129+
lua_settop(L, 3);
41214130

41224131
if (cname) {
4123-
pass = luaL_checkstring(L, 3);
41244132
cipher = EVP_get_cipherbyname(cname);
41254133
if (!cipher)
41264134
return luaL_error(L, "pkey:getPrivateKey: unknown cipher: %s", cname);
@@ -4130,7 +4138,7 @@ static int pk_getPrivateKey(lua_State *L) {
41304138
char *str;
41314139
long len;
41324140

4133-
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, pass))
4141+
if (!PEM_write_bio_PrivateKey(bio, key, cipher, NULL, 0, pem_pw_cb, L))
41344142
return auxL_error(L, auxL_EOPENSSL, "pkey:getPrivateKey");
41354143
len = BIO_get_mem_data(bio, &str);
41364144
lua_pushlstring(L, str, len);

0 commit comments

Comments
 (0)