From 311af7c3be6eac14b257a695f3c3c428ca177b08 Mon Sep 17 00:00:00 2001 From: Jonas Schievink Date: Mon, 13 Jun 2016 21:17:20 +0200 Subject: Add PKey::private_key_from_pem_cb --- openssl/src/crypto/pkey.rs | 49 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) (limited to 'openssl/src') diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index c4111860..f59ee40a 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -1,9 +1,11 @@ -use libc::{c_int, c_uint, c_ulong}; +use libc::{c_int, c_uint, c_ulong, c_char, c_void}; use std::io; use std::io::prelude::*; use std::iter::repeat; use std::mem; +use std::panic::catch_unwind; use std::ptr; +use std::slice; use bio::MemBio; use crypto::HashTypeInternals; @@ -93,6 +95,51 @@ impl PKey { } } + /// Read a private key from PEM, supplying a password callback to be invoked if the private key + /// is encrypted. + /// + /// The callback will be passed the password buffer and should return the number of characters + /// placed into the buffer. + pub fn private_key_from_pem_cb(reader: &mut R, mut pass_cb: F) -> Result + where R: Read, F: FnMut(&mut [i8]) -> usize + { + extern "C" fn user_cb_wrapper(buf: *mut c_char, + size: c_int, + _rwflag: c_int, + user_cb: *mut c_void) + -> c_int + where F: FnMut(&mut [i8]) -> usize { + let result = catch_unwind(|| { + // build a `i8` slice to pass to the user callback + let pass_slice = unsafe { slice::from_raw_parts_mut(buf, size as usize) }; + let callback = unsafe { &mut *(user_cb as *mut F) }; + + callback(pass_slice) + }); + + if let Ok(len) = result { + return len as c_int; + } else { + return 0; + } + } + + let mut mem_bio = try!(MemBio::new()); + try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); + + unsafe { + let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.get_handle(), + ptr::null_mut(), + Some(user_cb_wrapper::), + &mut pass_cb as *mut _ as *mut c_void)); + + Ok(PKey { + evp: evp as *mut ffi::EVP_PKEY, + parts: Parts::Both, + }) + } + } + /// Reads public key from PEM, takes ownership of handle pub fn public_key_from_pem(reader: &mut R) -> Result where R: Read -- cgit v1.2.3 From f0b4a032d5a6cdf3928318e113dcfd7e0ecf03f9 Mon Sep 17 00:00:00 2001 From: Jonas Schievink Date: Mon, 13 Jun 2016 21:47:02 +0200 Subject: Try to propagate callback panics --- openssl/src/crypto/pkey.rs | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index f59ee40a..8ae9aa20 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -1,9 +1,10 @@ use libc::{c_int, c_uint, c_ulong, c_char, c_void}; +use std::any::Any; use std::io; use std::io::prelude::*; use std::iter::repeat; use std::mem; -use std::panic::catch_unwind; +use std::panic; use std::ptr; use std::slice; use bio::MemBio; @@ -100,21 +101,26 @@ impl PKey { /// /// The callback will be passed the password buffer and should return the number of characters /// placed into the buffer. - pub fn private_key_from_pem_cb(reader: &mut R, mut pass_cb: F) -> Result + pub fn private_key_from_pem_cb(reader: &mut R, pass_cb: F) -> Result where R: Read, F: FnMut(&mut [i8]) -> usize { + struct CallbackState usize> { + cb: F, + panic: Option>, + } + extern "C" fn user_cb_wrapper(buf: *mut c_char, size: c_int, _rwflag: c_int, user_cb: *mut c_void) -> c_int where F: FnMut(&mut [i8]) -> usize { - let result = catch_unwind(|| { + let result = panic::catch_unwind(|| { // build a `i8` slice to pass to the user callback let pass_slice = unsafe { slice::from_raw_parts_mut(buf, size as usize) }; - let callback = unsafe { &mut *(user_cb as *mut F) }; + let callback = unsafe { &mut *(user_cb as *mut CallbackState) }; - callback(pass_slice) + (callback.cb)(pass_slice) }); if let Ok(len) = result { @@ -124,6 +130,11 @@ impl PKey { } } + let mut cb = CallbackState { + cb: pass_cb, + panic: None, + }; + let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); @@ -131,7 +142,11 @@ impl PKey { let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.get_handle(), ptr::null_mut(), Some(user_cb_wrapper::), - &mut pass_cb as *mut _ as *mut c_void)); + &mut cb as *mut _ as *mut c_void)); + + if let Some(panic) = cb.panic { + panic::resume_unwind(panic); + } Ok(PKey { evp: evp as *mut ffi::EVP_PKEY, -- cgit v1.2.3 From 8119f06ca5ca50a677cf584cbe816500153ce783 Mon Sep 17 00:00:00 2001 From: Jonas Schievink Date: Tue, 14 Jun 2016 18:12:50 +0200 Subject: Move into utility module --- openssl/src/crypto/mod.rs | 1 + openssl/src/crypto/pkey.rs | 43 ++++------------------------------ openssl/src/crypto/util.rs | 58 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 39 deletions(-) create mode 100644 openssl/src/crypto/util.rs (limited to 'openssl/src') diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs index 95b27022..9d79b8b0 100644 --- a/openssl/src/crypto/mod.rs +++ b/openssl/src/crypto/mod.rs @@ -24,6 +24,7 @@ pub mod rand; pub mod symm; pub mod memcmp; pub mod rsa; +mod util; mod symm_internal; diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index 8ae9aa20..605aed42 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -1,12 +1,9 @@ -use libc::{c_int, c_uint, c_ulong, c_char, c_void}; -use std::any::Any; +use libc::{c_int, c_uint, c_ulong, c_void}; use std::io; use std::io::prelude::*; use std::iter::repeat; use std::mem; -use std::panic; use std::ptr; -use std::slice; use bio::MemBio; use crypto::HashTypeInternals; @@ -15,6 +12,7 @@ use crypto::hash::Type as HashType; use ffi; use ssl::error::{SslError, StreamError}; use crypto::rsa::RSA; +use crypto::util::{CallbackState, invoke_passwd_cb}; #[derive(Copy, Clone)] pub enum Parts { @@ -104,36 +102,7 @@ impl PKey { pub fn private_key_from_pem_cb(reader: &mut R, pass_cb: F) -> Result where R: Read, F: FnMut(&mut [i8]) -> usize { - struct CallbackState usize> { - cb: F, - panic: Option>, - } - - extern "C" fn user_cb_wrapper(buf: *mut c_char, - size: c_int, - _rwflag: c_int, - user_cb: *mut c_void) - -> c_int - where F: FnMut(&mut [i8]) -> usize { - let result = panic::catch_unwind(|| { - // build a `i8` slice to pass to the user callback - let pass_slice = unsafe { slice::from_raw_parts_mut(buf, size as usize) }; - let callback = unsafe { &mut *(user_cb as *mut CallbackState) }; - - (callback.cb)(pass_slice) - }); - - if let Ok(len) = result { - return len as c_int; - } else { - return 0; - } - } - - let mut cb = CallbackState { - cb: pass_cb, - panic: None, - }; + let mut cb = CallbackState::new(pass_cb); let mut mem_bio = try!(MemBio::new()); try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); @@ -141,13 +110,9 @@ impl PKey { unsafe { let evp = try_ssl_null!(ffi::PEM_read_bio_PrivateKey(mem_bio.get_handle(), ptr::null_mut(), - Some(user_cb_wrapper::), + Some(invoke_passwd_cb::), &mut cb as *mut _ as *mut c_void)); - if let Some(panic) = cb.panic { - panic::resume_unwind(panic); - } - Ok(PKey { evp: evp as *mut ffi::EVP_PKEY, parts: Parts::Both, diff --git a/openssl/src/crypto/util.rs b/openssl/src/crypto/util.rs new file mode 100644 index 00000000..85df86b7 --- /dev/null +++ b/openssl/src/crypto/util.rs @@ -0,0 +1,58 @@ +use libc::{c_int, c_char, c_void}; + +use std::any::Any; +use std::panic; +use std::slice; + +/// Wraps a user-supplied callback and a slot for panics thrown inside the callback (while FFI +/// frames are on the stack). +/// +/// When dropped, checks if the callback has panicked, and resumes unwinding if so. +pub struct CallbackState { + /// The user callback. Taken out of the `Option` when called. + cb: Option, + /// If the callback panics, we place the panic object here, to be re-thrown once OpenSSL + /// returns. + panic: Option>, +} + +impl CallbackState { + pub fn new(callback: F) -> Self { + CallbackState { + cb: Some(callback), + panic: None, + } + } +} + +impl Drop for CallbackState { + fn drop(&mut self) { + if let Some(panic) = self.panic.take() { + panic::resume_unwind(panic); + } + } +} + +/// Password callback function, passed to private key loading functions. +/// +/// `cb_state` is expected to be a pointer to a `CallbackState`. +pub extern "C" fn invoke_passwd_cb(buf: *mut c_char, + size: c_int, + _rwflag: c_int, + cb_state: *mut c_void) + -> c_int + where F: FnMut(&mut [i8]) -> usize { + let result = panic::catch_unwind(|| { + // build a `i8` slice to pass to the user callback + let pass_slice = unsafe { slice::from_raw_parts_mut(buf, size as usize) }; + let callback = unsafe { &mut *(cb_state as *mut CallbackState) }; + + callback.cb.take().unwrap()(pass_slice) + }); + + if let Ok(len) = result { + return len as c_int; + } else { + return 0; + } +} -- cgit v1.2.3 From c399c2475d71c313970dc4e3b271f0086e90b013 Mon Sep 17 00:00:00 2001 From: Jonas Schievink Date: Tue, 14 Jun 2016 18:17:25 +0200 Subject: Add RSA::private_key_from_pem_cb --- openssl/src/crypto/rsa.rs | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'openssl/src') diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 52b8590e..d451aab6 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -3,12 +3,13 @@ use std::fmt; use ssl::error::{SslError, StreamError}; use std::ptr; use std::io::{self, Read, Write}; -use libc::c_int; +use libc::{c_int, c_void}; use bn::BigNum; use bio::MemBio; use crypto::HashTypeInternals; use crypto::hash; +use crypto::util::{CallbackState, invoke_passwd_cb}; pub struct RSA(*mut ffi::RSA); @@ -76,6 +77,26 @@ impl RSA { } } + /// Reads an RSA private key from PEM formatted data and supplies a password callback. + pub fn private_key_from_pem_cb(reader: &mut R, pass_cb: F) -> Result + where R: Read, F: FnMut(&mut [i8]) -> usize + { + let mut cb = CallbackState::new(pass_cb); + + let mut mem_bio = try!(MemBio::new()); + try!(io::copy(reader, &mut mem_bio).map_err(StreamError)); + + unsafe { + let cb_ptr = &mut cb as *mut _ as *mut c_void; + let rsa = try_ssl_null!(ffi::PEM_read_bio_RSAPrivateKey(mem_bio.get_handle(), + ptr::null_mut(), + Some(invoke_passwd_cb::), + cb_ptr)); + + Ok(RSA(rsa)) + } + } + /// Writes an RSA private key as unencrypted PEM formatted data pub fn private_key_to_pem(&self, writer: &mut W) -> Result<(), SslError> where W: Write -- cgit v1.2.3 From c1b7cd2420c679b611c7ff28024db10cb0ffb8b5 Mon Sep 17 00:00:00 2001 From: Jonas Schievink Date: Wed, 22 Jun 2016 21:51:43 +0200 Subject: Make the callback take a `&mut [c_char]` --- openssl/src/crypto/pkey.rs | 4 ++-- openssl/src/crypto/rsa.rs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index 605aed42..238c1b9e 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -1,4 +1,4 @@ -use libc::{c_int, c_uint, c_ulong, c_void}; +use libc::{c_int, c_uint, c_ulong, c_void, c_char}; use std::io; use std::io::prelude::*; use std::iter::repeat; @@ -100,7 +100,7 @@ impl PKey { /// The callback will be passed the password buffer and should return the number of characters /// placed into the buffer. pub fn private_key_from_pem_cb(reader: &mut R, pass_cb: F) -> Result - where R: Read, F: FnMut(&mut [i8]) -> usize + where R: Read, F: FnMut(&mut [c_char]) -> usize { let mut cb = CallbackState::new(pass_cb); diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index d451aab6..c7f5cfaf 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -3,7 +3,7 @@ use std::fmt; use ssl::error::{SslError, StreamError}; use std::ptr; use std::io::{self, Read, Write}; -use libc::{c_int, c_void}; +use libc::{c_int, c_void, c_char}; use bn::BigNum; use bio::MemBio; @@ -79,7 +79,7 @@ impl RSA { /// Reads an RSA private key from PEM formatted data and supplies a password callback. pub fn private_key_from_pem_cb(reader: &mut R, pass_cb: F) -> Result - where R: Read, F: FnMut(&mut [i8]) -> usize + where R: Read, F: FnMut(&mut [c_char]) -> usize { let mut cb = CallbackState::new(pass_cb); -- cgit v1.2.3 From 41b78547ad0357d3e86462f72c0cff333096d59f Mon Sep 17 00:00:00 2001 From: Jonas Schievink Date: Wed, 22 Jun 2016 22:05:03 +0200 Subject: Put password callbacks behind a cargo feature --- openssl/src/crypto/mod.rs | 1 + openssl/src/crypto/pkey.rs | 7 ++++++- openssl/src/crypto/rsa.rs | 7 ++++++- 3 files changed, 13 insertions(+), 2 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/crypto/mod.rs b/openssl/src/crypto/mod.rs index 9d79b8b0..481eb05c 100644 --- a/openssl/src/crypto/mod.rs +++ b/openssl/src/crypto/mod.rs @@ -24,6 +24,7 @@ pub mod rand; pub mod symm; pub mod memcmp; pub mod rsa; +#[cfg(feature = "catch_unwind")] mod util; mod symm_internal; diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index 238c1b9e..bbb8427d 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -1,4 +1,4 @@ -use libc::{c_int, c_uint, c_ulong, c_void, c_char}; +use libc::{c_int, c_uint, c_ulong}; use std::io; use std::io::prelude::*; use std::iter::repeat; @@ -12,6 +12,10 @@ use crypto::hash::Type as HashType; use ffi; use ssl::error::{SslError, StreamError}; use crypto::rsa::RSA; + +#[cfg(feature = "catch_unwind")] +use libc::{c_void, c_char}; +#[cfg(feature = "catch_unwind")] use crypto::util::{CallbackState, invoke_passwd_cb}; #[derive(Copy, Clone)] @@ -99,6 +103,7 @@ impl PKey { /// /// The callback will be passed the password buffer and should return the number of characters /// placed into the buffer. + #[cfg(feature = "catch_unwind")] pub fn private_key_from_pem_cb(reader: &mut R, pass_cb: F) -> Result where R: Read, F: FnMut(&mut [c_char]) -> usize { diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index c7f5cfaf..a67fe38e 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -3,12 +3,16 @@ use std::fmt; use ssl::error::{SslError, StreamError}; use std::ptr; use std::io::{self, Read, Write}; -use libc::{c_int, c_void, c_char}; +use libc::c_int; use bn::BigNum; use bio::MemBio; use crypto::HashTypeInternals; use crypto::hash; + +#[cfg(feature = "catch_unwind")] +use libc::{c_void, c_char}; +#[cfg(feature = "catch_unwind")] use crypto::util::{CallbackState, invoke_passwd_cb}; pub struct RSA(*mut ffi::RSA); @@ -78,6 +82,7 @@ impl RSA { } /// Reads an RSA private key from PEM formatted data and supplies a password callback. + #[cfg(feature = "catch_unwind")] pub fn private_key_from_pem_cb(reader: &mut R, pass_cb: F) -> Result where R: Read, F: FnMut(&mut [c_char]) -> usize { -- cgit v1.2.3 From d176ea1c6e7aaa4e96d27eb0c62dc11fdb990aca Mon Sep 17 00:00:00 2001 From: Jonas Schievink Date: Wed, 22 Jun 2016 22:27:53 +0200 Subject: Add an RSA key decryption test --- openssl/src/crypto/rsa.rs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'openssl/src') diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index a67fe38e..d0303283 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -303,4 +303,22 @@ mod test { assert!(result); } + + #[test] + pub fn test_password() { + let mut password_queried = false; + let mut buffer = File::open("test/rsa-encrypted.pem").unwrap(); + let rsa = RSA::private_key_from_pem_cb(&mut buffer, |password| { + password_queried = true; + password[0] = b'm' as _; + password[1] = b'y' as _; + password[2] = b'p' as _; + password[3] = b'a' as _; + password[4] = b's' as _; + password[5] = b's' as _; + 6 + }).unwrap(); + + assert!(password_queried); + } } -- cgit v1.2.3 From 351bc569a46ab1590736114a50179351de8719d7 Mon Sep 17 00:00:00 2001 From: Jonas Schievink Date: Sun, 26 Jun 2016 18:24:47 +0200 Subject: Put the test behind the catch_unwind feature And fix an unused variable warning --- openssl/src/crypto/rsa.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'openssl/src') diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index d0303283..9a04bf7f 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -305,10 +305,11 @@ mod test { } #[test] + #[cfg(feature = "catch_unwind")] pub fn test_password() { let mut password_queried = false; let mut buffer = File::open("test/rsa-encrypted.pem").unwrap(); - let rsa = RSA::private_key_from_pem_cb(&mut buffer, |password| { + RSA::private_key_from_pem_cb(&mut buffer, |password| { password_queried = true; password[0] = b'm' as _; password[1] = b'y' as _; -- cgit v1.2.3 From f24ab2693636f16ce71a171a4d4d63bd0f5bbea0 Mon Sep 17 00:00:00 2001 From: Jonas Schievink Date: Sun, 26 Jun 2016 19:44:53 +0200 Subject: FnMut -> FnOnce, update docs --- openssl/src/crypto/pkey.rs | 4 +++- openssl/src/crypto/rsa.rs | 4 +++- openssl/src/crypto/util.rs | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) (limited to 'openssl/src') diff --git a/openssl/src/crypto/pkey.rs b/openssl/src/crypto/pkey.rs index bbb8427d..15744047 100644 --- a/openssl/src/crypto/pkey.rs +++ b/openssl/src/crypto/pkey.rs @@ -103,9 +103,11 @@ impl PKey { /// /// The callback will be passed the password buffer and should return the number of characters /// placed into the buffer. + /// + /// Requires the `catch_unwind` feature. #[cfg(feature = "catch_unwind")] pub fn private_key_from_pem_cb(reader: &mut R, pass_cb: F) -> Result - where R: Read, F: FnMut(&mut [c_char]) -> usize + where R: Read, F: FnOnce(&mut [c_char]) -> usize { let mut cb = CallbackState::new(pass_cb); diff --git a/openssl/src/crypto/rsa.rs b/openssl/src/crypto/rsa.rs index 9a04bf7f..3b420fbc 100644 --- a/openssl/src/crypto/rsa.rs +++ b/openssl/src/crypto/rsa.rs @@ -82,9 +82,11 @@ impl RSA { } /// Reads an RSA private key from PEM formatted data and supplies a password callback. + /// + /// Requires the `catch_unwind` feature. #[cfg(feature = "catch_unwind")] pub fn private_key_from_pem_cb(reader: &mut R, pass_cb: F) -> Result - where R: Read, F: FnMut(&mut [c_char]) -> usize + where R: Read, F: FnOnce(&mut [c_char]) -> usize { let mut cb = CallbackState::new(pass_cb); diff --git a/openssl/src/crypto/util.rs b/openssl/src/crypto/util.rs index 85df86b7..be72aa59 100644 --- a/openssl/src/crypto/util.rs +++ b/openssl/src/crypto/util.rs @@ -41,7 +41,7 @@ pub extern "C" fn invoke_passwd_cb(buf: *mut c_char, _rwflag: c_int, cb_state: *mut c_void) -> c_int - where F: FnMut(&mut [i8]) -> usize { + where F: FnOnce(&mut [i8]) -> usize { let result = panic::catch_unwind(|| { // build a `i8` slice to pass to the user callback let pass_slice = unsafe { slice::from_raw_parts_mut(buf, size as usize) }; -- cgit v1.2.3