OpenBSD manual page server

Manual Page Search Parameters

DES_READ_PW(3) Library Functions Manual DES_READ_PW(3)

des_read_pw, des_read_pw_string, EVP_read_pw_string, EVP_read_pw_string_mincompatibility user interface functions

#include <openssl/ui_compat.h>

des_read_pw(char *buf, char *buff, int length, const char *prompt, int verify);

des_read_pw_string(char *buf, int length, const char *prompt, int verify);

#include <openssl/evp.h>

EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);

EVP_read_pw_string_min(char *buf, int min_length, int length, const char *prompt, int verify);

These functions are deprecated. Use UI_UTIL_read_pw(3) instead.

The DES library contained a few routines to prompt for passwords. These aren't necessarily dependent on DES, and have therefore become part of the UI compatibility library.

() writes the string specified by prompt to standard output, turns echo off, and reads an input string from the terminal. The string is returned in buf, which must have space for at least length bytes. If verify is set, the user is asked for the password twice and unless the two copies match, an error is returned. The second password is stored in buff, which must therefore also be at least length bytes.

() is a variant of des_read_pw() that provides a buffer if verify is set. It is available in the MIT Kerberos library as well. If length exceeds BUFSIZ, des_read_pw_string() uses BUFSIZ.

() and () are functionally similar to des_read_pw_string(). EVP_read_pw_string_min() additionally checks that the password is at least min_length bytes long.

These functions return 0 on success and a negative value on failure.

They return -1 if length is less than or equal to zero or on memory allocation failure. They return -1 or -2 if the internal call to UI_process(3) fails.

In addition, EVP_read_pw_string_min returns -1 if min_length is negative, if length is less than or equal to min_length, or if the user entered a password shorter than min_length.

UI_new(3), UI_UTIL_read_pw(3)

des_read_pw_string() appeared in SSLeay 0.4 or earlier. EVP_read_pw_string() first appeared in SSLeay 0.5.1. des_read_pw() first appeared in SSLeay 0.8.0. These functions have been available since OpenBSD 2.4.

EVP_read_pw_string_min() first appeared in OpenSSL 1.0.0 and has been available since OpenBSD 4.9.

Richard Levitte <> for the OpenSSL project.

June 19, 2020 OpenBSD-7.3