I use the OpenSSL 'UI' abstraction to call back into a GTK+ program and
handle user interaction that way.
When asked for a passphrase for a certificate, there is a minimum length
of 4 characters (MIN_LENGTH). But although that information ought to be
conveyed to the UI code through UI_get_result_minsize(), that doesn't
seem to be done correctly.
So when I enter a passphrase which is too short, we just get a line of
output to stderr (of our GUI program) followed by another request for
the passphrase. This is suboptimal, so this patch provides
EVP_read_pw_string_min() and makes PEM_default_callback() use it. I
didn't just add the extra argument to EVP_read_pw_string() because that
has quite far-reaching effects.
Now my GUI program doesn't show me the 'OK' button until I've managed to
bash out enough characters on the keyboard.
Patch applies to both 0.9.8 branch and HEAD/1.0.0.
Index: crypto/evp/evp.h
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/crypto/evp/evp.h,v
retrieving revision 1.112.2.8
diff -u -p -r1.112.2.8 evp.h
--- crypto/evp/evp.h 17 Sep 2008 17:11:00 -0000 1.112.2.8
+++ crypto/evp/evp.h 22 Apr 2009 16:42:02 -0000
@@ -562,6 +562,7 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, cons
int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int EVP_read_pw_string_min(char *buf,int minlen,int maxlen,const char
*prompt,int verify);
void EVP_set_pw_prompt(const char *prompt);
char * EVP_get_pw_prompt(void);
Index: crypto/evp/evp_key.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/crypto/evp/evp_key.c,v
retrieving revision 1.18.2.1
diff -u -p -r1.18.2.1 evp_key.c
--- crypto/evp/evp_key.c 1 Mar 2006 21:17:50 -0000 1.18.2.1
+++ crypto/evp/evp_key.c 22 Apr 2009 16:52:51 -0000
@@ -90,6 +90,11 @@ char *EVP_get_pw_prompt(void)
* this function will fail */
int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
{
+ return EVP_read_pw_string_min(buf, 0, length, prompt, verify);
+ }
+
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
int verify)
+ {
int ret;
char buff[BUFSIZ];
UI *ui;
@@ -97,10 +102,10 @@ int EVP_read_pw_string(char *buf, int le
if ((prompt == NULL) && (prompt_string[0] != '\0'))
prompt=prompt_string;
ui = UI_new();
- UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+ UI_add_input_string(ui,prompt,0,buf,min,(len>=BUFSIZ)?BUFSIZ-1:len);
if (verify)
UI_add_verify_string(ui,prompt,0,
- buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+ buff,min,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
ret = UI_process(ui);
UI_free(ui);
OPENSSL_cleanse(buff,BUFSIZ);
Index: crypto/pem/pem_lib.c
===================================================================
RCS file: /home/dwmw2/openssl-cvs/openssl/crypto/pem/pem_lib.c,v
retrieving revision 1.55.2.3
diff -u -p -r1.55.2.3 pem_lib.c
--- crypto/pem/pem_lib.c 11 Nov 2008 12:42:32 -0000 1.55.2.3
+++ crypto/pem/pem_lib.c 22 Apr 2009 16:41:39 -0000
@@ -99,7 +99,7 @@ int PEM_def_callback(char *buf, int num,
for (;;)
{
- i=EVP_read_pw_string(buf,num,prompt,w);
+ i=EVP_read_pw_string_min(buf,MIN_LENGTH,num,prompt,w);
if (i != 0)
{
PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
--
dwmw2
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
