passphrase: generate a crypto key when OIDCCryptoPassphrase is not set

Signed-off-by: Hans Zandbelt <[email protected]>

Author: zandbelt

ChangeLog

@@ -1,5 +1,6 @@
 11/18/2025
 - id_token: add "off" option to OIDCPassIDTokenAs so no claims from the ID token will be passed on
+- passphrase: generate a crypto key when OIDCCryptoPassphrase is not set
 
 11/17/2025
 - metadata: avoid double-free when validation of provider metadata fails

README.md

@@ -41,7 +41,7 @@ How to Use It
 
 1. install and load `mod_auth_openidc.so` in your Apache server
 1. set `OIDCRedirectURI` to a "vanity" URL within a location that is protected by mod_auth_openidc
-1. configure a random password in `OIDCCryptoPassphrase` for session/state encryption purposes
+
 1. configure `OIDCProviderMetadataURL` so it points to the Discovery metadata of your OpenID Connect Provider served on the `.well-known/openid-configuration` endpoint
 1. register/generate a Client identifier and a secret with the OpenID Connect Provider and configure those in `OIDCClientID` and `OIDCClientSecret` respectively
 1. register the `OIDCRedirectURI` configured above as the Redirect or Callback URI for your client at the Provider
@@ -53,7 +53,6 @@ LoadModule auth_openidc_module modules/mod_auth_openidc.so
 
 # OIDCRedirectURI is a vanity URL that must point to a path protected by this module but must NOT point to any content
 OIDCRedirectURI https://<hostname>/secure/redirect_uri
-OIDCCryptoPassphrase <password>
 
 OIDCProviderMetadataURL <issuer>/.well-known/openid-configuration
 OIDCClientID <client_id>

auth_openidc.conf

@@ -12,7 +12,7 @@
 # support multiple vhosts that belong to the same security domain in a dynamic way
 #OIDCRedirectURI https://www.example.com/protected/redirect_uri
 
-# (Mandatory)
+# (Optional, but required if sessions need to be preserved across server restarts or shared across a cluster)
 # Set a password for crypto purposes, this is used for:
 # - encryption of the (temporary) state cookie
 # - encryption of cache entries, that may include the session cookie, see: OIDCCacheEncrypt and OIDCSessionType
@@ -27,6 +27,7 @@
 # will be used for encryption of new values (including a "kid" in the JWEs during the time 2 values are defined),
 # both values will be used for verification (leveraging the "kid" if present); for seamless rollover one should
 # (at minimum) wait for OIDCSessionInActivityTimeout seconds before removing the 2nd (i.e. old) passprase again.
+# When not specified, a random passphrase will be generated at server start time.
 #OIDCCryptoPassphrase [ <passphrase> | "exec:/path/to/otherProgram arg1" ] [ <previous-passphrase> | "exec:/path/to/otherProgram arg2" ]
 
 #

src/cache/common.c

@@ -248,7 +248,7 @@ static inline apr_byte_t oidc_cache_crypto_encrypt(request_rec *r, const char *p
 /*
  * AES GCM decrypt using the crypto passphrase as symmetric key
  */
-static inline apr_byte_t oidc_cache_crypto_decrypt(request_rec *r, const char *cache_value, char *secret,
+static inline apr_byte_t oidc_cache_crypto_decrypt(request_rec *r, const char *cache_value, const char *secret,
 						   char **plaintext) {
 	oidc_crypto_passphrase_t passphrase;
 	passphrase.secret1 = secret;
@@ -309,12 +309,12 @@ apr_byte_t oidc_cache_get(request_rec *r, const char *section, const char *key,
 	char *msg = NULL;
 	const char *s_key = NULL;
 	char *cache_value = NULL;
-	char *s_secret = NULL;
+	const char *s_secret = NULL;
 	const char *s_section = oidc_cache_section_get(r, section);
 
 	oidc_debug(r, "enter: %s (section=%s, decrypt=%d, type=%s)", key, s_section, encrypted, cfg->cache.impl->name);
 
-	s_secret = cfg->crypto_passphrase.secret1;
+	s_secret = oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
 	if (oidc_cache_get_key(r, key, s_secret, encrypted, &s_key) == FALSE)
 		goto end;
 
@@ -325,9 +325,9 @@ apr_byte_t oidc_cache_get(request_rec *r, const char *section, const char *key,
 		goto end;
 
 	/* see if it is any good */
-	if ((cache_value == NULL) && (encrypted == 1) && (cfg->crypto_passphrase.secret2 != NULL)) {
+	if ((cache_value == NULL) && (encrypted == 1) && (oidc_cfg_crypto_passphrase_secret2_get(cfg) != NULL)) {
 		oidc_debug(r, "2nd try with previous passphrase");
-		s_secret = cfg->crypto_passphrase.secret2;
+		s_secret = oidc_cfg_crypto_passphrase_secret2_get(cfg);
 		if (oidc_cache_get_key(r, key, s_secret, encrypted, &s_key) == FALSE)
 			goto end;
 		if (cfg->cache.impl->get(r, s_section, s_key, &cache_value) == FALSE)
@@ -385,12 +385,12 @@ apr_byte_t oidc_cache_set(request_rec *r, const char *section, const char *key,
 		   value ? (int)_oidc_strlen(value) : 0, encrypted, apr_time_sec(expiry - apr_time_now()),
 		   cfg->cache.impl->name);
 
-	if (oidc_cache_get_key(r, key, cfg->crypto_passphrase.secret1, encrypted, &s_key) == FALSE)
+	if (oidc_cache_get_key(r, key, oidc_cfg_crypto_passphrase_secret1_get(cfg, r), encrypted, &s_key) == FALSE)
 		goto end;
 
 	/* see if we need to encrypt */
 	if ((encrypted == 1) && (value != NULL)) {
-		if (oidc_cache_crypto_encrypt(r, value, &cfg->crypto_passphrase, &encoded) == FALSE)
+		if (oidc_cache_crypto_encrypt(r, value, oidc_cfg_crypto_passphrase_get(cfg, r), &encoded) == FALSE)
 			goto end;
 		value = encoded;
 	}

src/cfg/cfg.c

@@ -102,20 +102,28 @@ const char *oidc_cmd_crypto_passphrase_set(cmd_parms *cmd, void *struct_ptr, con
 	oidc_cfg_t *cfg = (oidc_cfg_t *)ap_get_module_config(cmd->server->module_config, &auth_openidc_module);
 	const char *rv = NULL;
 	if (arg1)
-		rv = oidc_cfg_parse_passphrase(cmd->pool, arg1, &cfg->crypto_passphrase.secret1);
+		rv = oidc_cfg_parse_passphrase(cmd->pool, arg1, (char **)&cfg->crypto_passphrase.secret1);
 	if ((rv == NULL) && (arg2 != NULL))
-		rv = oidc_cfg_parse_passphrase(cmd->pool, arg2, &cfg->crypto_passphrase.secret2);
+		rv = oidc_cfg_parse_passphrase(cmd->pool, arg2, (char **)&cfg->crypto_passphrase.secret2);
 	return rv;
 }
 
-const oidc_crypto_passphrase_t *oidc_cfg_crypto_passphrase_get(oidc_cfg_t *cfg) {
+const oidc_crypto_passphrase_t *oidc_cfg_crypto_passphrase_get(oidc_cfg_t *cfg, request_rec *r) {
+	// make sure secret1 is set
+	oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
 	return &cfg->crypto_passphrase;
 }
 
-const char *oidc_cfg_crypto_passphrase_secret1_get(oidc_cfg_t *cfg) {
+const char *oidc_cfg_crypto_passphrase_secret1_get(oidc_cfg_t *cfg, request_rec *r) {
+	if (cfg->crypto_passphrase.secret1 == NULL)
+		oidc_util_rand_str(r, (char **)&cfg->crypto_passphrase.secret1, 32);
 	return cfg->crypto_passphrase.secret1;
 }
 
+const char *oidc_cfg_crypto_passphrase_secret2_get(oidc_cfg_t *cfg) {
+	return cfg->crypto_passphrase.secret2;
+}
+
 const char *oidc_cmd_outgoing_proxy_set(cmd_parms *cmd, void *ptr, const char *arg1, const char *arg2,
 					const char *arg3) {
 	oidc_cfg_t *cfg = (oidc_cfg_t *)ap_get_module_config(cmd->server->module_config, &auth_openidc_module);

src/cfg/cfg.h

@@ -146,8 +146,8 @@ typedef struct oidc_apr_expr_t {
 } oidc_apr_expr_t;
 
 typedef struct oidc_crypto_passphrase_t {
-	char *secret1;
-	char *secret2;
+	const char *secret1;
+	const char *secret2;
 } oidc_crypto_passphrase_t;
 
 typedef struct oidc_remote_user_claim_t {
@@ -209,7 +209,9 @@ const char *oidc_cfg_endpoint_auth_set(apr_pool_t *pool, oidc_cfg_t *cfg, const
 
 OIDC_CFG_MEMBER_FUNCS_DECL(delete_oldest_state_cookies, int)
 OIDC_CFG_MEMBER_FUNCS_DECL(action_on_userinfo_error, oidc_on_error_action_t)
-OIDC_CFG_MEMBER_FUNCS_DECL(crypto_passphrase_secret1, const char *)
+OIDC_CMD_MEMBER_FUNC_DECL(crypto_passphrase_secret1, const char *);
+const char *oidc_cfg_crypto_passphrase_secret1_get(oidc_cfg_t *cfg, request_rec *r);
+OIDC_CFG_MEMBER_FUNC_GET_DECL(crypto_passphrase_secret2, const char *)
 OIDC_CFG_MEMBER_FUNCS_DECL(refresh_mutex, oidc_cache_mutex_t *)
 OIDC_CFG_MEMBER_FUNCS_DECL(store_id_token, int)
 OIDC_CFG_MEMBER_FUNCS_DECL(post_preserve_template, const char *)
@@ -247,9 +249,11 @@ OIDC_CFG_MEMBER_FUNCS_DECL(dpop_api_enabled, int)
 
 // 2 args
 OIDC_CFG_MEMBER_FUNCS_DECL(post_preserve_templates, const char *, const char *)
-OIDC_CFG_MEMBER_FUNCS_DECL(crypto_passphrase, const oidc_crypto_passphrase_t *, const char *)
 OIDC_CFG_MEMBER_FUNCS_DECL(max_number_of_state_cookies, int, const char *)
 
+const char *oidc_cmd_crypto_passphrase_set(cmd_parms *, void *, const char *, const char *);
+const oidc_crypto_passphrase_t *oidc_cfg_crypto_passphrase_get(oidc_cfg_t *cfg, request_rec *r);
+
 // 3 args
 OIDC_CFG_MEMBER_FUNCS_DECL(cookie_same_site_session, oidc_samesite_cookie_t, const char *, const char *)
 OIDC_CFG_MEMBER_FUNC_GET_DECL(cookie_same_site_state, oidc_samesite_cookie_t)

src/mod_auth_openidc.c

@@ -1450,9 +1450,6 @@ static int oidc_check_config_openid_openidc(server_rec *s, oidc_cfg_t *c) {
 		return oidc_check_config_error(s, OIDCRedirectURI);
 	redirect_uri_is_relative = (oidc_cfg_redirect_uri_get(c)[0] == OIDC_CHAR_FORWARD_SLASH);
 
-	if (oidc_cfg_crypto_passphrase_secret1_get(c) == NULL)
-		return oidc_check_config_error(s, OIDCCryptoPassphrase);
-
 	if (oidc_cfg_metadata_dir_get(c) == NULL) {
 		if (oidc_cfg_provider_metadata_url_get(oidc_cfg_provider_get(c)) == NULL) {
 			if (oidc_cfg_provider_issuer_get(oidc_cfg_provider_get(c)) == NULL)
@@ -1556,9 +1553,6 @@ static int oidc_check_config_oauth(server_rec *s, oidc_cfg_t *c) {
 		return HTTP_INTERNAL_SERVER_ERROR;
 	}
 
-	if ((oidc_cfg_cache_encrypt_get(c) == 1) && (oidc_cfg_crypto_passphrase_secret1_get(c) == NULL))
-		return oidc_check_config_error(s, OIDCCryptoPassphrase);
-
 	return OK;
 }
 

src/proto/state.c

@@ -231,30 +231,13 @@ void oidc_proto_state_set_timestamp_now(oidc_proto_state_t *proto_state) {
 	json_object_set_new(proto_state, OIDC_PROTO_STATE_TIMESTAMP, json_integer(apr_time_sec(apr_time_now())));
 }
 
-/*
- * sanity check on the configuration of OIDCCryptoPassphrase
- */
-static apr_byte_t oidc_proto_check_crypto_passphrase(request_rec *r, oidc_cfg_t *c, const char *action) {
-	if (oidc_cfg_crypto_passphrase_secret1_get(c) == NULL) {
-		oidc_error(r,
-			   "cannot %s state cookie because " OIDCCryptoPassphrase
-			   " is not set; please check your OIDC Provider configuration as well or avoid using AuthType "
-			   "openid-connect",
-			   action);
-		return FALSE;
-	}
-	return TRUE;
-}
-
 /*
  * parse a state object from the provided cookie value
  */
 oidc_proto_state_t *oidc_proto_state_from_cookie(request_rec *r, oidc_cfg_t *c, const char *cookieValue) {
 	char *s_payload = NULL;
 	json_t *result = NULL;
-	if (oidc_proto_check_crypto_passphrase(r, c, "parse") == FALSE)
-		return NULL;
-	oidc_util_jwt_verify(r, oidc_cfg_crypto_passphrase_get(c), cookieValue, &s_payload);
+	oidc_util_jwt_verify(r, oidc_cfg_crypto_passphrase_get(c, r), cookieValue, &s_payload);
 	oidc_util_json_decode_object(r, s_payload, &result);
 	return result;
 }
@@ -264,9 +247,7 @@ oidc_proto_state_t *oidc_proto_state_from_cookie(request_rec *r, oidc_cfg_t *c,
  */
 char *oidc_proto_state_to_cookie(request_rec *r, oidc_cfg_t *c, oidc_proto_state_t *proto_state) {
 	char *cookieValue = NULL;
-	if (oidc_proto_check_crypto_passphrase(r, c, "create") == FALSE)
-		return NULL;
-	oidc_util_jwt_create(r, oidc_cfg_crypto_passphrase_get(c),
+	oidc_util_jwt_create(r, oidc_cfg_crypto_passphrase_get(c, r),
 			     oidc_util_json_encode(r->pool, proto_state, JSON_COMPACT), &cookieValue);
 	return cookieValue;
 }

src/session.c

@@ -71,12 +71,12 @@ static apr_byte_t oidc_session_encode(request_rec *r, oidc_cfg_t *c, oidc_sessio
 	if (encrypt == FALSE) {
 		*s_value = oidc_util_json_encode(r->pool, z->state, JSON_COMPACT);
 		return (*s_value != NULL);
-	} else if (oidc_cfg_crypto_passphrase_secret1_get(c) == NULL) {
+	} else if (oidc_cfg_crypto_passphrase_secret1_get(c, r) == NULL) {
 		oidc_error(r, "cannot encrypt session state because " OIDCCryptoPassphrase " is not set");
 		return FALSE;
 	}
 
-	if (oidc_util_jwt_create(r, oidc_cfg_crypto_passphrase_get(c),
+	if (oidc_util_jwt_create(r, oidc_cfg_crypto_passphrase_get(c, r),
 				 oidc_util_json_encode(r->pool, z->state, JSON_COMPACT), s_value) == FALSE)
 		return FALSE;
 
@@ -92,12 +92,12 @@ static apr_byte_t oidc_session_decode(request_rec *r, oidc_cfg_t *c, oidc_sessio
 
 	if (encrypt == FALSE) {
 		return oidc_util_json_decode_object(r, s_json, &z->state);
-	} else if (oidc_cfg_crypto_passphrase_secret1_get(c) == NULL) {
+	} else if (oidc_cfg_crypto_passphrase_secret1_get(c, r) == NULL) {
 		oidc_error(r, "cannot decrypt session state because " OIDCCryptoPassphrase " is not set");
 		return FALSE;
 	}
 
-	if (oidc_util_jwt_verify(r, oidc_cfg_crypto_passphrase_get(c), s_json, &s_payload) == FALSE) {
+	if (oidc_util_jwt_verify(r, oidc_cfg_crypto_passphrase_get(c, r), s_json, &s_payload) == FALSE) {
 		oidc_error(r, "could not verify secure JWT: cache value possibly corrupted");
 		return FALSE;
 	}

test/test_cache.c

@@ -169,15 +169,20 @@ START_TEST(test_cache_encrypt_no_secret) {
 
 	/* get cfg and temporarily remove the secret to simulate missing passphrase */
 	oidc_cfg_t *cfg = oidc_test_cfg_get();
-	const char *old_secret = cfg->crypto_passphrase.secret1;
+	const char *old_secret = oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
 	cfg->crypto_passphrase.secret1 = NULL;
 	cfg->cache.encrypt = 1;
 
-	/* set should fail when encryption is on but no secret is set */
+	/* fail when value is too short and compression fails */
 	ck_assert_int_eq(oidc_cache_set(r, OIDC_CACHE_SECTION_SESSION, "nokey", "v", expiry), FALSE);
 
-	/* get should also fail */
-	ck_assert_int_eq(oidc_cache_get(r, OIDC_CACHE_SECTION_SESSION, "nokey", &value), FALSE);
+	/* do not fail when encryption is on but no secret is set (long enough value to compress) */
+	ck_assert_int_eq(oidc_cache_set(r, OIDC_CACHE_SECTION_SESSION, "nokey",
+					"vadadfsssssssssssssssssssssssssssssssssssssssssssssssssssssssss", expiry),
+			 TRUE);
+
+	/* get should not fail because a secret should be generated */
+	ck_assert_int_eq(oidc_cache_get(r, OIDC_CACHE_SECTION_SESSION, "nokey", &value), TRUE);
 
 	/* restore secret */
 	cfg->crypto_passphrase.secret1 = (char *)old_secret;
@@ -199,8 +204,8 @@ START_TEST(test_cache_second_passphrase_retry) {
 
 	/* prepare cfg and secrets */
 	oidc_cfg_t *cfg = oidc_test_cfg_get();
-	const char *old_s1 = cfg->crypto_passphrase.secret1;
-	const char *old_s2 = cfg->crypto_passphrase.secret2;
+	const char *old_s1 = oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
+	const char *old_s2 = oidc_cfg_crypto_passphrase_secret2_get(cfg);
 	int old_encrypt = cfg->cache.encrypt;
 
 	/* set initial secret and ensure encryption is enabled */
@@ -270,8 +275,8 @@ START_TEST(test_cache_secret1_empty_secret2_fallback) {
 
 	/* prepare cfg and secrets */
 	oidc_cfg_t *cfg = oidc_test_cfg_get();
-	const char *old_s1 = cfg->crypto_passphrase.secret1;
-	const char *old_s2 = cfg->crypto_passphrase.secret2;
+	const char *old_s1 = oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
+	const char *old_s2 = oidc_cfg_crypto_passphrase_secret2_get(cfg);
 	int old_encrypt = cfg->cache.encrypt;
 
 	/* set initial secret and ensure encryption is enabled */
@@ -337,8 +342,8 @@ START_TEST(test_cache_compression_enabled_set_get) {
 	/* verify encryption+compression works by trying to create a JWT with the current cfg secret */
 	oidc_cfg_t *cfg = oidc_test_cfg_get();
 	oidc_crypto_passphrase_t passphrase;
-	passphrase.secret1 = cfg->crypto_passphrase.secret1;
-	passphrase.secret2 = cfg->crypto_passphrase.secret2;
+	passphrase.secret1 = oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
+	passphrase.secret2 = oidc_cfg_crypto_passphrase_secret2_get(cfg);
 	char *encoded = NULL;
 	apr_byte_t forced_no_compress = FALSE;
 	if (!oidc_util_jwt_create(r, &passphrase, "probe", &encoded)) {
@@ -368,8 +373,8 @@ START_TEST(test_cache_compression_enabled_second_passphrase) {
 
 	/* prepare cfg and secrets */
 	oidc_cfg_t *cfg = oidc_test_cfg_get();
-	const char *old_s1 = cfg->crypto_passphrase.secret1;
-	const char *old_s2 = cfg->crypto_passphrase.secret2;
+	const char *old_s1 = oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
+	const char *old_s2 = oidc_cfg_crypto_passphrase_secret2_get(cfg);
 	int old_encrypt = cfg->cache.encrypt;
 
 	/* set initial secret and ensure encryption is enabled */
@@ -379,8 +384,8 @@ START_TEST(test_cache_compression_enabled_second_passphrase) {
 
 	/* verify encryption+compression works for this cfg; fall back to no-compress if not */
 	oidc_crypto_passphrase_t passphrase;
-	passphrase.secret1 = cfg->crypto_passphrase.secret1;
-	passphrase.secret2 = cfg->crypto_passphrase.secret2;
+	passphrase.secret1 = oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
+	passphrase.secret2 = oidc_cfg_crypto_passphrase_secret2_get(cfg);
 	char *encoded = NULL;
 	apr_byte_t forced_no_compress = FALSE;
 	if (!oidc_util_jwt_create(r, &passphrase, "probe", &encoded)) {
@@ -428,8 +433,8 @@ START_TEST(test_cache_compression_enabled_empty_secret2_fallback) {
 
 	/* prepare cfg and secrets */
 	oidc_cfg_t *cfg = oidc_test_cfg_get();
-	const char *old_s1 = cfg->crypto_passphrase.secret1;
-	const char *old_s2 = cfg->crypto_passphrase.secret2;
+	const char *old_s1 = oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
+	const char *old_s2 = oidc_cfg_crypto_passphrase_secret2_get(cfg);
 	int old_encrypt = cfg->cache.encrypt;
 
 	cfg->crypto_passphrase.secret1 = "cmp_origsecret012345678901234567";
@@ -438,8 +443,8 @@ START_TEST(test_cache_compression_enabled_empty_secret2_fallback) {
 
 	/* verify encryption+compression works; fall back to no-compress if not */
 	oidc_crypto_passphrase_t passphrase2;
-	passphrase2.secret1 = cfg->crypto_passphrase.secret1;
-	passphrase2.secret2 = cfg->crypto_passphrase.secret2;
+	passphrase2.secret1 = oidc_cfg_crypto_passphrase_secret1_get(cfg, r);
+	passphrase2.secret2 = oidc_cfg_crypto_passphrase_secret2_get(cfg);
 	char *encoded2 = NULL;
 	apr_byte_t forced_no_compress = FALSE;
 	if (!oidc_util_jwt_create(r, &passphrase2, "probe", &encoded2)) {