pkey.new: decryption

wahern · May 3, 2018 · b5cfce2 · b5cfce2
1 parent 1d7bfb2
commit b5cfce2
Showing 1 changed file with 16 additions and 6 deletions.
diff --git a/src/openssl.c b/src/openssl.c
@@ -29,7 +29,7 @@
 
 #include <limits.h>       /* INT_MAX INT_MIN LLONG_MAX LLONG_MIN UCHAR_MAX ULLONG_MAX */
 #include <stdint.h>       /* uintptr_t */
-#include <string.h>       /* memset(3) strerror_r(3) strlen(3) */
+#include <string.h>       /* memset(3) strerror_r(3) strlen(3) strncpy(3) */
 #include <math.h>         /* INFINITY fabs(3) floor(3) frexp(3) fmod(3) round(3) isfinite(3) */
 #include <time.h>         /* struct tm time_t strptime(3) time(2) */
 #include <ctype.h>        /* isdigit(3), isxdigit(3), tolower(3) */
@@ -3269,11 +3269,20 @@ static void pushbiostring(lua_State *L) {
 } /* pushbiostring() */
 
 
+static int pem_pw_cb(char *buf, int size, int rwflag, void *u) {
+	if (!u)
+		return 0;
+	char *pass = (char *) u;
+	strncpy(buf, pass, size);
+	return MIN(strlen(pass), (unsigned int) size);
+} /* pem_password_cb() */
+
+
 static int pk_new(lua_State *L) {
 	EVP_PKEY **ud;
 
-	/* #1 table or key; if key, #2 format and #3 type */
-	lua_settop(L, 3);
+	/* #1 table or key; if key, #2 format, #3 type and #4 password */
+	lua_settop(L, 4);
 
 	if (lua_istable(L, 1) || lua_isnil(L, 1)) {
 		int type = EVP_PKEY_RSA;
@@ -3479,7 +3488,7 @@ static int pk_new(lua_State *L) {
 	} else if (lua_isstring(L, 1)) {
 		int type = optencoding(L, 2, "*", X509_ANY|X509_PEM|X509_DER);
 		int pubonly = 0, prvtonly = 0;
-		const char *opt, *data;
+		const char *opt, *data, *pass;
 		size_t len;
 		BIO *bio;
 		EVP_PKEY *pub = NULL, *prvt = NULL;
@@ -3497,6 +3506,7 @@ static int pk_new(lua_State *L) {
 		}
 
 		data = luaL_checklstring(L, 1, &len);
+		pass = luaL_optstring(L, 4, NULL);
 
 		ud = prepsimple(L, PKEY_CLASS);
 
@@ -3512,14 +3522,14 @@ static int pk_new(lua_State *L) {
 				 */
 				BIO_reset(bio);
 
-				if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, 0, "")))
+				if (!(pub = PEM_read_bio_PUBKEY(bio, NULL, pem_pw_cb, pass)))
 					goterr = 1;
 			}
 
 			if (!pubonly && !prvt) {
 				BIO_reset(bio);
 
-				if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, 0, "")))
+				if (!(prvt = PEM_read_bio_PrivateKey(bio, NULL, pem_pw_cb, pass)))
 					goterr = 1;
 			}
 		}