Skip to content

Add password prompting support & EVP_read_pw_string #2419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 35 commits into
base: main
Choose a base branch
from
Open

Add password prompting support & EVP_read_pw_string #2419

Show file tree
Hide file tree
Changes from 21 commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
070a228
fix up PEM_def_callback
smittals2 May 1, 2025
44dd2a4
initial linux + windows implementation for ui operations
smittals2 May 1, 2025
ea4c7a2
some more fixup
smittals2 May 1, 2025
39bbfbc
wip
smittals2 May 2, 2025
f8a9683
fix pem_def_callback check
smittals2 May 2, 2025
f736fde
make global var static
smittals2 May 2, 2025
a033226
minor changes
smittals2 May 6, 2025
ec77da4
fix up error handling and documentation
smittals2 May 6, 2025
634337a
add testing for passwd stuff, fix up header file
smittals2 May 8, 2025
9dae8f1
minor stuff
smittals2 May 8, 2025
ee55385
testing refactor
smittals2 May 9, 2025
fa2e7d8
fix up testing for windows
smittals2 May 9, 2025
62d4dbd
fix up windows stuff
smittals2 May 12, 2025
96a869c
add carriage return handling to req tool
smittals2 May 12, 2025
66c1c44
remove global var for prompt string
smittals2 May 13, 2025
46a4745
add explicit cast
smittals2 May 13, 2025
b4f77f0
Merge branch 'main' into read_pw_string
smittals2 May 13, 2025
e3e655d
Merge branch 'main' into read_pw_string
smittals2 May 13, 2025
f534da3
minor fixes for android devicefarm
smittals2 May 13, 2025
efbbacb
disable tests on android
smittals2 May 13, 2025
2326f88
use OPENSSL_memcpy
smittals2 May 13, 2025
bf0c1ea
use OPENSSL_cleanse instead of memset
smittals2 May 14, 2025
3ba16be
refactor lock mechanism
smittals2 May 17, 2025
cb9db66
fix buffer initialization
smittals2 May 17, 2025
96feba4
change to asserts, add CRYPTO_STATIC_MUTEX_is_write_locked implementa…
smittals2 May 19, 2025
0f7e7e2
remove typo
smittals2 May 19, 2025
d9811a6
guard func declaration with NDEBUG
smittals2 May 19, 2025
a86543e
get rid of NDEBUG guard
smittals2 May 19, 2025
eb4a1a3
fix spacing for preprocesser macros
smittals2 May 20, 2025
e381e37
fix up input/output redirection
smittals2 May 22, 2025
1a49aa6
revert NDEBUG condition and add error handling to console read/write
smittals2 May 22, 2025
beb95bb
add NDEBUG guards and pr comments
smittals2 May 23, 2025
517d5b6
move console api to it's own subfolder
smittals2 May 23, 2025
bcceaff
pr comments
smittals2 May 23, 2025
78ed56b
fix typo
smittals2 May 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions crypto/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,7 @@ add_library(
pem/pem_info.c
pem/pem_lib.c
pem/pem_oth.c
pem/pem_passwd.c
pem/pem_pk8.c
pem/pem_pkey.c
pem/pem_x509.c
Expand Down
57 changes: 57 additions & 0 deletions crypto/fipsmodule/evp/evp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@
#include <openssl/thread.h>

#include "../../evp_extra/internal.h"
#include "../../pem/internal.h"
#include "../../internal.h"
#include "internal.h"

Expand Down Expand Up @@ -156,6 +157,62 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
return -2;
}

char *EVP_get_pw_prompt(void) {
return (char*)"Enter PEM pass phrase:";
}

int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify) {
return EVP_read_pw_string_min(buf, 0, length, prompt, verify);
}

int EVP_read_pw_string_min(char *buf, int min_length, int length,
const char *prompt, int verify) {
int ret = -1;
char verify_buf[1024];

if (prompt == NULL) {
prompt = EVP_get_pw_prompt();
}

if (!openssl_console_open()) {
return ret;
}

// Write initial password prompt
if (!openssl_console_write(prompt)) {
return ret;
}

// Read password with echo disabled, returns 1 on success, 0 on error, -2 on interrupt
ret = openssl_console_read(buf, min_length, length, 0);
if (ret != 0) {
OPENSSL_cleanse(buf, sizeof(buf));
OPENSSL_PUT_ERROR(PEM, PEM_R_PROBLEMS_GETTING_PASSWORD);
return ret;
}

if (verify) {
openssl_console_write("Verifying - ");
openssl_console_write(prompt);

ret = openssl_console_read(verify_buf, min_length, sizeof(verify_buf), 0);

if (ret == 0) {
if (strcmp(buf, verify_buf) != 0) {
openssl_console_write("Verify failure\n");
ret = -1;
}
} else {
OPENSSL_PUT_ERROR(PEM, PEM_R_PROBLEMS_GETTING_PASSWORD);
}
}

openssl_console_close();

OPENSSL_cleanse(verify_buf, sizeof(verify_buf));
return ret;
}

int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
SET_DIT_AUTO_RESET;
if (to->type == EVP_PKEY_NONE) {
Expand Down
16 changes: 16 additions & 0 deletions crypto/pem/internal.h
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
#include <openssl/pem.h>

#define MIN_LENGTH 4

#if defined(__cplusplus)
extern "C" {
#endif

// PEM utility functions
// PEM_proc_type appends a Proc-Type header to |buf|, determined by |type|.
Expand All @@ -9,3 +14,14 @@ void PEM_proc_type(char buf[PEM_BUFSIZE], int type);
// and a single parameter, specified by hex-encoding |len| bytes from |str|.
void PEM_dek_info(char buf[PEM_BUFSIZE], const char *type, size_t len,
char *str);

// Console Management Functions
OPENSSL_EXPORT int openssl_console_open(void);
OPENSSL_EXPORT int openssl_console_close(void);
OPENSSL_EXPORT int openssl_console_write(const char *str);
OPENSSL_EXPORT int openssl_console_read(char *buf, int minsize, int maxsize, int echo);


#if defined(__cplusplus)
} // extern C
#endif
36 changes: 29 additions & 7 deletions crypto/pem/pem_lib.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,6 @@
#include "../fipsmodule/evp/internal.h"


#define MIN_LENGTH 4

static int load_iv(char **fromp, unsigned char *to, size_t num);
static int check_pem(const char *nm, const char *name);

Expand Down Expand Up @@ -785,13 +783,37 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
}

int PEM_def_callback(char *buf, int size, int rwflag, void *userdata) {
if (!buf || !userdata || size < 0) {
if (!buf || size < 0) {
return 0;
}
size_t len = strlen((char *)userdata);
if (len >= (size_t)size) {

if (userdata) {
size_t len = strlen((char *)userdata);
if (len >= (size_t)size) {
return 0;
}
OPENSSL_strlcpy(buf, userdata, (size_t)size);
return (int)len;
}

const char *prompt = EVP_get_pw_prompt();
if (prompt == NULL) {
prompt = "Enter PEM pass phrase:";
}

/*
* rwflag == 0 means decryption
* rwflag == 1 means encryption
*
* We assume that for encryption, we want a minimum length, while for
* decryption, we cannot know any minimum length, so we assume zero.
*/
int min_len = rwflag ? MIN_LENGTH : 0;

int ret = EVP_read_pw_string_min(buf, min_len, size, prompt, rwflag);
if (ret != 0 || size > INT_MAX) {
return 0;
}
OPENSSL_strlcpy(buf, userdata, (size_t)size);
return (int)len;

return (int)OPENSSL_strnlen(buf, size);
}
Loading
Loading