Merge pull request #410 from jonas-schievink/passwd-callbacks

Password callbacks

7 files changed, 173 insertions, 1 deletions

diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml
index ed90a6a5..218969eb 100644
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@@ -27,6 +27,7 @@ ecdh_auto = ["openssl-sys-extras/ecdh_auto"]
 pkcs5_pbkdf2_hmac = ["openssl-sys/pkcs5_pbkdf2_hmac"]
 
 nightly = []
+catch_unwind = []
 
 [dependencies]
 bitflags = ">= 0.5.0, < 0.8.0"
diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs
index 95b27022..481eb05c 100644
--- a/openssl/src/crypto/mod.rs
+++ b/openssl/src/crypto/mod.rs
@@ -24,6 +24,8 @@ pub mod rand;
 pub mod symm;
 pub mod memcmp;
 pub mod rsa;
+#[cfg(feature = "catch_unwind")]
+mod util;
 
 mod symm_internal;
 
diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs
index c4111860..15744047 100644
--- a/openssl/src/crypto/pkey.rs
+++ b/openssl/src/crypto/pkey.rs
@@ -13,6 +13,11 @@ use ffi;
 use ssl::error::{SslError, StreamError};
 use crypto::rsa::RSA;
 
+#[cfg(feature = "catch_unwind")]
+use libc::{c_void, c_char};
+#[cfg(feature = "catch_unwind")]
+use crypto::util::{CallbackState, invoke_passwd_cb};
+
 #[derive(Copy, Clone)]
 pub enum Parts {
     Neither,
@@ -93,6 +98,35 @@ impl PKey {
         }
     }
 
+    /// Read a private key from PEM, supplying a password callback to be invoked if the private key
+    /// is encrypted.
+    ///
+    /// The callback will be passed the password buffer and should return the number of characters
+    /// placed into the buffer.
+    ///
+    /// Requires the `catch_unwind` feature.
+    #[cfg(feature = "catch_unwind")]
+    pub fn private_key_from_pem_cb<R, F>(reader: &mut R, pass_cb: F) -> Result<PKey, SslError>
+        where R: Read, F: FnOnce(&mut [c_char]) -> usize
+    {
+        let mut cb = CallbackState::new(pass_cb);
+
+        let mut mem_bio = try!(MemBio::new());
+        try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
+
+        unsafe {
+            let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.get_handle(),
+                                                                 ptr::null_mut(),
+                                                                 Some(invoke_passwd_cb::<F>),
+                                                                 &mut cb as *mut _ as *mut c_void));
+
+            Ok(PKey {
+                evp: evp as *mut ffi::EVP_PKEY,
+                parts: Parts::Both,
+            })
+        }
+    }
+
     /// Reads public key from PEM, takes ownership of handle
     pub fn public_key_from_pem<R>(reader: &mut R) -> Result<PKey, SslError>
         where R: Read
diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs
index 52b8590e..3b420fbc 100644
--- a/openssl/src/crypto/rsa.rs
+++ b/openssl/src/crypto/rsa.rs
@@ -10,6 +10,11 @@ use bio::MemBio;
 use crypto::HashTypeInternals;
 use crypto::hash;
 
+#[cfg(feature = "catch_unwind")]
+use libc::{c_void, c_char};
+#[cfg(feature = "catch_unwind")]
+use crypto::util::{CallbackState, invoke_passwd_cb};
+
 pub struct RSA(*mut ffi::RSA);
 
 impl Drop for RSA {
@@ -76,6 +81,29 @@ impl RSA {
         }
     }
 
+    /// Reads an RSA private key from PEM formatted data and supplies a password callback.
+    ///
+    /// Requires the `catch_unwind` feature.
+    #[cfg(feature = "catch_unwind")]
+    pub fn private_key_from_pem_cb<R, F>(reader: &mut R, pass_cb: F) -> Result<RSA, SslError>
+        where R: Read, F: FnOnce(&mut [c_char]) -> usize
+    {
+        let mut cb = CallbackState::new(pass_cb);
+
+        let mut mem_bio = try!(MemBio::new());
+        try!(io::copy(reader, &mut mem_bio).map_err(StreamError));
+
+        unsafe {
+            let cb_ptr = &mut cb as *mut _ as *mut c_void;
+            let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(),
+                                                                    ptr::null_mut(),
+                                                                    Some(invoke_passwd_cb::<F>),
+                                                                    cb_ptr));
+
+            Ok(RSA(rsa))
+        }
+    }
+
     /// Writes an RSA private key as unencrypted PEM formatted data
     pub fn private_key_to_pem<W>(&self, writer: &mut W) -> Result<(), SslError>
         where W: Write
@@ -277,4 +305,23 @@ mod test {
 
         assert!(result);
     }
+
+    #[test]
+    #[cfg(feature = "catch_unwind")]
+    pub fn test_password() {
+        let mut password_queried = false;
+        let mut buffer = File::open("test/rsa-encrypted.pem").unwrap();
+        RSA::private_key_from_pem_cb(&mut buffer, |password| {
+            password_queried = true;
+            password[0] = b'm' as _;
+            password[1] = b'y' as _;
+            password[2] = b'p' as _;
+            password[3] = b'a' as _;
+            password[4] = b's' as _;
+            password[5] = b's' as _;
+            6
+        }).unwrap();
+
+        assert!(password_queried);
+    }
 }
diff --git a/openssl/src/crypto/util.rs b/openssl/src/crypto/util.rs
new file mode 100644
index 00000000..be72aa59
--- /dev/null
+++ b/openssl/src/crypto/util.rs
@@ -0,0 +1,58 @@
+use libc::{c_int, c_char, c_void};
+
+use std::any::Any;
+use std::panic;
+use std::slice;
+
+/// Wraps a user-supplied callback and a slot for panics thrown inside the callback (while FFI
+/// frames are on the stack).
+///
+/// When dropped, checks if the callback has panicked, and resumes unwinding if so.
+pub struct CallbackState<F> {
+    /// The user callback. Taken out of the `Option` when called.
+    cb: Option<F>,
+    /// If the callback panics, we place the panic object here, to be re-thrown once OpenSSL
+    /// returns.
+    panic: Option<Box<Any + Send + 'static>>,
+}
+
+impl<F> CallbackState<F> {
+    pub fn new(callback: F) -> Self {
+        CallbackState {
+            cb: Some(callback),
+            panic: None,
+        }
+    }
+}
+
+impl<F> Drop for CallbackState<F> {
+    fn drop(&mut self) {
+        if let Some(panic) = self.panic.take() {
+            panic::resume_unwind(panic);
+        }
+    }
+}
+
+/// Password callback function, passed to private key loading functions.
+///
+/// `cb_state` is expected to be a pointer to a `CallbackState`.
+pub extern "C" fn invoke_passwd_cb<F>(buf: *mut c_char,
+                                      size: c_int,
+                                      _rwflag: c_int,
+                                      cb_state: *mut c_void)
+                                      -> c_int
+                                      where F: FnOnce(&mut [i8]) -> usize {
+    let result = panic::catch_unwind(|| {
+        // build a `i8` slice to pass to the user callback
+        let pass_slice = unsafe { slice::from_raw_parts_mut(buf, size as usize) };
+        let callback = unsafe { &mut *(cb_state as *mut CallbackState<F>) };
+
+        callback.cb.take().unwrap()(pass_slice)
+    });
+
+    if let Ok(len) = result {
+        return len as c_int;
+    } else {
+        return 0;
+    }
+}
diff --git a/openssl/test/rsa-encrypted.pem b/openssl/test/rsa-encrypted.pem
new file mode 100644
index 00000000..a6249997
--- /dev/null
+++ b/openssl/test/rsa-encrypted.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,E2F16153E2BA3D617285A68C896BA6AF
+
+vO9SnhtGjGe8pG1pN//vsONnvJr+DjU+lFCiSqGMPT7tezDnbehLfS+9kus2HV7r
+HmI14JvVG9O7NpF7zMyBRlHYdWcCCWED9Yar0NsWN9419e5pMe/bqIXAzAiJbtT4
+OB9U5XF3m+349zjN1dVXPPLGRmMC1pcHAlofeb5nIUFTvUi5xcsbe1itGjgkkvHb
+Bt8NioHTBun8kKrlsFQOuB55ylBU/eWG8DQBtvFOmQ7iWp0RnGQfh8k5e5rcZNpQ
+fD9ygc7UVISl0xTrIG4IH15g34H+nrBauKtIPOpNPuXQPOMHCZv3XH8wnhrWHHwT
+ZFnQBdXbSpQtMsRh0phG2G+VIlyCgSn4+CxjCJ+TgFtsoK/tU0unmRYc59QnTxxb
+qkHYsPs3E0NApQAgH1ENEGl1M+FGLYQH7gftjc3ophBTeRA17sRmD7Y4QBInggsq
+Gv6tImPVBdekAjz/Ls/EyMwjAvvrL5eAokqrIsAarGo+zmbJKHzknw2KUz2En0+k
+YYaxB4oy9u7bzuQlvio6xYHJEb4K197bby4Dldmqv7YCCJBJwhOBAInMD687viKv
+vcUwL8YuS6cW5E8MbvEENlY4+lvKKj3M8Bnyb79cYIPQe92EuCwXU9DZXPRMLwwM
+oFEJpF5E/PmNJzu+B52ahHtDrh83WSx71fWqjdTqwkPZhAYo3ztsfFkb/UqUcq8u
+rBSebeUjZh0XZ9B04eshZQ5vJUcXGtYIe/77beV3Pv89/fw+zTZjpiP9Q3sZALzf
+Qt0YGp0/6qBuqR1tcqdu65AS2hun7yFw7uRavqYKvww4axRiz2do+xWmZFuoCAwD
+EWktaUujltpvAc1lo7lg4C6nByefJB9Xqk22N/vpqOsWr1NbAntT42Qj/HF9BVWR
+osvN3yMnKYWYe6oSTVnNBDM5obWAIHd3I9gcxTOTb1KsEwt2RrDs5EpB5ptS3Fjo
+JfBRhNZQ3cXttrIIhsHgDn9BDNg865/xpIgktKj0gEd60Abx0PqkAIm6IZTh4Efg
+7uZwfzxB+saOcddbrW2gNdzVZMC0s2Ye3sqHhtLbAJ3BlXYTxE4CAvTg54Ny+5hF
+IjvjlOKgXceSG1cSfk21/wyp9RY3Ft0AEYvvp0kZScWZaoA2aSFDUrchXVhgrEbn
+lJ7UptjefwRFIreAlwbKSbIDDNWnyzvIWyHfQ2aYqgnb7W7XqNPSgH9cALCfzirI
+dlRHjha0bMUtrjPCC/YfMXzJBVniy0gG6Pd5uC7vz/Awn6/6HRQVNaTQASphPBQ7
+bJuz+JTfzI9OUVCMRMdnb6b35U4P9tibFmnPvzTIPe+3WUmf8aRsLS3NN3G1Webd
+PMYVZpMycPaAI0Ht87axhsOzlxCWHYWjdHa+WoNNc1J90TxLCmAHquh5BDaWvjMK
+0DySftJZjV7Tf1p2KosmU83LRl39B5NHMbZb1xOEZl9IWwhT/PVKTVZ25xdxWLfb
+hF4l8rfvKehIp5r4t8zW1bvI2Hl6vrUvmcUVWt3BfKjxlgwRVD0vvwonMt1INesF
+204vUBeXbDsUUicLwOyUgaFvJ3XU3dOyvL9MhOgM5OgoFRRhG+4AS8a5JCD8iLtq
+-----END RSA PRIVATE KEY-----
diff --git a/openssl/test/run.sh b/openssl/test/run.sh
index 829f11e9..1c23067f 100755
--- a/openssl/test/run.sh
+++ b/openssl/test/run.sh
@@ -8,7 +8,7 @@ if [ "$TEST_FEATURES" == "true" ]; then
 fi
 
 if [ "$TRAVIS_RUST_VERSION" == "nightly" ]; then
-    FEATURES="$FEATURES nightly"
+    FEATURES="$FEATURES nightly catch_unwind"
 fi
 
 if [ "$TRAVIS_OS_NAME" != "osx" ]; then