diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/openssl.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/openssl.c b/src/openssl.c index fa7dd79..8fd51d3 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
| @@ -3062,6 +3062,7 @@ static int pk_new(lua_State *L) { | |||
| 3062 | unsigned exp = 65537; | 3062 | unsigned exp = 65537; |
| 3063 | int curve = NID_X9_62_prime192v1; | 3063 | int curve = NID_X9_62_prime192v1; |
| 3064 | const char *id; | 3064 | const char *id; |
| 3065 | const char *dhparam = NULL; | ||
| 3065 | lua_Number n; | 3066 | lua_Number n; |
| 3066 | 3067 | ||
| 3067 | if (!lua_istable(L, 1)) | 3068 | if (!lua_istable(L, 1)) |
| @@ -3103,6 +3104,9 @@ static int pk_new(lua_State *L) { | |||
| 3103 | luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); | 3104 | luaL_argerror(L, 1, lua_pushfstring(L, "%s: invalid curve", id)); |
| 3104 | } | 3105 | } |
| 3105 | 3106 | ||
| 3107 | /* dhparam field can contain a PEM encoded string. */ | ||
| 3108 | loadfield(L, 1, "dhparam", LUA_TSTRING, &dhparam); | ||
| 3109 | |||
| 3106 | creat: | 3110 | creat: |
| 3107 | if (!(*ud = EVP_PKEY_new())) | 3111 | if (!(*ud = EVP_PKEY_new())) |
| 3108 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3112 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
| @@ -3140,9 +3144,23 @@ creat: | |||
| 3140 | case EVP_PKEY_DH: { | 3144 | case EVP_PKEY_DH: { |
| 3141 | DH *dh; | 3145 | DH *dh; |
| 3142 | 3146 | ||
| 3143 | if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) | 3147 | /* DH Parameter Generation can take a long time, therefore we look |
| 3148 | * at the "dhparam" field, provided by the user. | ||
| 3149 | * The "dhparam" field takes precedence over "bits" | ||
| 3150 | */ | ||
| 3151 | if (dhparam) { | ||
| 3152 | BIO *bio = BIO_new_mem_buf((void*)dhparam, strlen(dhparam)); | ||
| 3153 | if (!bio) | ||
| 3154 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | ||
| 3155 | |||
| 3156 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); | ||
| 3157 | BIO_free(bio); | ||
| 3158 | if (!dh) | ||
| 3159 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | ||
| 3160 | } else if (!(dh = DH_generate_parameters(bits, exp, 0, 0))) | ||
| 3144 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3161 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |
| 3145 | 3162 | ||
| 3163 | |||
| 3146 | if (!DH_generate_key(dh)) { | 3164 | if (!DH_generate_key(dh)) { |
| 3147 | DH_free(dh); | 3165 | DH_free(dh); |
| 3148 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); | 3166 | return auxL_error(L, auxL_EOPENSSL, "pkey.new"); |