static int passwd_cb(char *buf, int size, int rwflag, void *filename) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L UI *ui; const char *prompt; ui = UI_new(); if (ui == NULL) goto err; prompt = UI_construct_prompt(ui, "passphrase", filename); UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); UI_process(ui); UI_free(ui); return strlen(buf); err: LM_ERR("passwd_cb failed\n"); if (ui) UI_free(ui); return 0; #else if( des_read_pw_string(buf, size-1, "Enter Private Key password:"******"passwd_cb failed\n"); return 0; } return strlen( buf ); #endif }
/* Get the PIN via asking user interface. The supplied call-back data are * passed to the user interface implemented by an application. Only the * application knows how to interpret the call-back data. * A (strdup'ed) copy of the PIN code will be stored in the pin variable. */ static int get_pin(ENGINE_CTX *ctx, UI_METHOD *ui_method, void *callback_data) { UI *ui; /* call ui to ask for a pin */ ui = UI_new(); if (ui == NULL) { fprintf(stderr, "UI_new failed\n"); return 0; } if (ui_method != NULL) UI_set_method(ui, ui_method); if (callback_data != NULL) UI_add_user_data(ui, callback_data); destroy_pin(ctx); ctx->pin = OPENSSL_malloc(MAX_PIN_LENGTH * sizeof(char)); if (ctx->pin == NULL) return 0; memset(ctx->pin, 0, MAX_PIN_LENGTH * sizeof(char)); ctx->pin_length = MAX_PIN_LENGTH; if (!UI_add_input_string(ui, "PKCS#11 token PIN: ", UI_INPUT_FLAG_DEFAULT_PWD, ctx->pin, 1, MAX_PIN_LENGTH)) { fprintf(stderr, "UI_add_input_string failed\n"); UI_free(ui); return 0; } if (UI_process(ui)) { fprintf(stderr, "UI_process failed\n"); UI_free(ui); return 0; } UI_free(ui); return 1; }
static char *tpm_engine_get_auth(UI_METHOD *ui_method, char *auth, int maxlen, char *input_string, void *cb_data) { UI *ui; DBG("%s", __FUNCTION__); ui = UI_new(); if (ui_method) UI_set_method(ui, ui_method); UI_add_user_data(ui, cb_data); if (!UI_add_input_string(ui, input_string, 0, auth, 0, maxlen)) { TSSerr(TPM_F_TPM_ENGINE_GET_AUTH, TPM_R_UI_METHOD_FAILED); UI_free(ui); return NULL; } if (UI_process(ui)) { TSSerr(TPM_F_TPM_ENGINE_GET_AUTH, TPM_R_UI_METHOD_FAILED); UI_free(ui); return NULL; } UI_free(ui); return auth; }
int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int verify) { int ret = -1; char buff[BUFSIZ]; UI *ui; if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt = prompt_string; ui = UI_new(); if (ui == NULL) return ret; if (UI_add_input_string(ui, prompt, 0, buf, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0 || (verify && UI_add_verify_string(ui, prompt, 0, buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len, buf) < 0)) goto end; ret = UI_process(ui); OPENSSL_cleanse(buff, BUFSIZ); end: UI_free(ui); return ret; }
int main(void) { char buffer1[64], buffer2[64]; UI_METHOD *ui_method; UI *ui; printf("Testing UI_UTIL_read_pw:\n"); if (UI_UTIL_read_pw(&buffer1[0], &buffer2[0], sizeof(buffer1) - 1, "Prompt", 1) == 0) printf("Password: \"%s\"\n", &buffer1[0]); else printf("Error getting password\n"); printf("Testing UI with default UI method:\n"); if((ui = UI_new()) != NULL) { TestUI(ui); UI_free(ui); } else printf("Couldn't setup method\n"); printf("Testing UI with UI method with wrappers:\n"); if((ui_method = UI_create_method((char *)"Test method")) != NULL) { if((ui = UI_new_method(ui_method)) != NULL) { UI_method_set_opener(ui_method, ui_open); UI_method_set_reader(ui_method, ui_read); UI_method_set_writer(ui_method, ui_write); UI_method_set_closer(ui_method, ui_close); TestUI(ui); UI_free(ui); } else printf("Couldn't setup method\n"); UI_destroy_method(ui_method); } else printf("Couldn't create method\n"); return(0); }
/* * Authenticate a private the key operation if needed */ int pkcs11_authenticate(PKCS11_KEY *key) { PKCS11_KEY_private *kpriv = PRIVKEY(key); PKCS11_TOKEN *token = KEY2TOKEN(key); PKCS11_SLOT *slot = TOKEN2SLOT(token); PKCS11_SLOT_private *spriv = PRIVSLOT(slot); PKCS11_CTX *ctx = SLOT2CTX(slot); char pin[MAX_PIN_LENGTH+1]; UI *ui; int rv; /* Handle CKF_PROTECTED_AUTHENTICATION_PATH */ if (token->secureLogin) { rv = CRYPTOKI_call(ctx, C_Login(spriv->session, CKU_CONTEXT_SPECIFIC, NULL, 0)); return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv; } /* Call UI to ask for a PIN */ ui = UI_new_method(kpriv->ui_method); if (ui == NULL) return PKCS11_UI_FAILED; if (kpriv->ui_user_data != NULL) UI_add_user_data(ui, kpriv->ui_user_data); memset(pin, 0, MAX_PIN_LENGTH+1); if (!UI_add_input_string(ui, "PKCS#11 key PIN: ", UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH)) { UI_free(ui); return PKCS11_UI_FAILED; } if (UI_process(ui)) { UI_free(ui); return PKCS11_UI_FAILED; } UI_free(ui); /* Login with the PIN */ rv = CRYPTOKI_call(ctx, C_Login(spriv->session, CKU_CONTEXT_SPECIFIC, (CK_UTF8CHAR *)pin, strlen(pin))); OPENSSL_cleanse(pin, MAX_PIN_LENGTH+1); return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv; }
static int passwd_cb(char *buf, int size, int rwflag, void *filename) { UI *ui; const char *prompt; ui = UI_new(); if (ui == NULL) goto err; prompt = UI_construct_prompt(ui, "passphrase", filename); UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); UI_process(ui); UI_free(ui); return strlen(buf); err: LM_ERR("passwd_cb failed\n"); if (ui) UI_free(ui); return 0; }
/* For historical reasons, the standard function for reading passwords is * in the DES library -- if someone ever wants to disable DES, * this function will fail */ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) { int ret; char buff[BUFSIZ]; UI *ui; if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt=prompt_string; ui = UI_new(); UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len); if (verify) UI_add_verify_string(ui,prompt,0, buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); ret = UI_process(ui); UI_free(ui); OPENSSL_cleanse(buff,BUFSIZ); return ret; }
static char *file_get_pass(const UI_METHOD *ui_method, char *pass, size_t maxsize, const char *prompt_info, void *data) { UI *ui = UI_new(); char *prompt = NULL; if (ui == NULL) { OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); return NULL; } if (ui_method != NULL) UI_set_method(ui, ui_method); UI_add_user_data(ui, data); if ((prompt = UI_construct_prompt(ui, "pass phrase", prompt_info)) == NULL) { OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); pass = NULL; } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, pass, 0, maxsize - 1)) { OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); pass = NULL; } else { switch (UI_process(ui)) { case -2: OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED); pass = NULL; break; case -1: OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); pass = NULL; break; default: break; } } OPENSSL_free(prompt); UI_free(ui); return pass; }
/* * Test wrapping old style PEM password callback in a UI method through the * use of UI utility functions */ static int test_old() { UI_METHOD *ui_method = NULL; UI *ui = NULL; char defpass[] = "password"; char pass[16]; int ok = 0; if ((ui_method = UI_UTIL_wrap_read_pem_callback(test_pem_password_cb, 0)) == NULL || (ui = UI_new_method(ui_method)) == NULL) goto err; /* The wrapper passes the UI userdata as the callback userdata param */ UI_add_user_data(ui, defpass); if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD, pass, 0, sizeof(pass) - 1)) goto err; switch (UI_process(ui)) { case -2: BIO_printf(bio_err, "test_old: UI process interrupted or cancelled\n"); /* fall through */ case -1: goto err; default: break; } if (strcmp(pass, defpass) == 0) ok = 1; else BIO_printf(bio_err, "test_old: password failure\n"); err: if (!ok) ERR_print_errors_fp(stderr); UI_free(ui); UI_destroy_method(ui_method); return ok; }
/* * Test wrapping old style PEM password callback in a UI method through the * use of UI utility functions */ static int test_old(void) { UI_METHOD *ui_method = NULL; UI *ui = NULL; char defpass[] = "password"; char pass[16]; int ok = 0; if (!TEST_ptr(ui_method = UI_UTIL_wrap_read_pem_callback( test_pem_password_cb, 0)) || !TEST_ptr(ui = UI_new_method(ui_method))) goto err; /* The wrapper passes the UI userdata as the callback userdata param */ UI_add_user_data(ui, defpass); if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD, pass, 0, sizeof(pass) - 1)) goto err; switch (UI_process(ui)) { case -2: TEST_info("test_old: UI process interrupted or cancelled"); /* fall through */ case -1: goto err; default: break; } if (TEST_str_eq(pass, defpass)) ok = 1; err: UI_free(ui); UI_destroy_method(ui_method); return ok; }
int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, int verify) { int ok = 0; UI *ui; if (size < 1) return -1; ui = UI_new(); if (ui != NULL) { ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); if (ok >= 0 && verify) ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf); if (ok >= 0) ok = UI_process(ui); UI_free(ui); } if (ok > 0) ok = 0; return (ok); }
static int hwcrhk_insert_card(const char *prompt_info, const char *wrong_info, HWCryptoHook_PassphraseContext *ppctx, HWCryptoHook_CallerContext *cactx) { int ok = -1; UI *ui; void *callback_data = NULL; UI_METHOD *ui_method = NULL; if (cactx) { if (cactx->ui_method) ui_method = cactx->ui_method; if (cactx->callback_data) callback_data = cactx->callback_data; } if (ppctx) { if (ppctx->ui_method) ui_method = ppctx->ui_method; if (ppctx->callback_data) callback_data = ppctx->callback_data; } if (ui_method == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK); return -1; } ui = UI_new_method(ui_method); if (ui) { char answer; char buf[BUFSIZ]; /* Despite what the documentation says wrong_info can be * an empty string. */ if (wrong_info && *wrong_info) BIO_snprintf(buf, sizeof(buf)-1, "Current card: \"%s\"\n", wrong_info); else buf[0] = 0; ok = UI_dup_info_string(ui, buf); if (ok >= 0 && prompt_info) { BIO_snprintf(buf, sizeof(buf)-1, "Insert card \"%s\"", prompt_info); ok = UI_dup_input_boolean(ui, buf, "\n then hit <enter> or C<enter> to cancel\n", "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer); } UI_add_user_data(ui, callback_data); if (ok >= 0) ok = UI_process(ui); UI_free(ui); if (ok == -2 || (ok >= 0 && answer == 'C')) ok = 1; else if (ok < 0) ok = -1; else ok = 0; } return ok; }
static int hwcrhk_get_pass(const char *prompt_info, int *len_io, char *buf, HWCryptoHook_PassphraseContext *ppctx, HWCryptoHook_CallerContext *cactx) { pem_password_cb *callback = NULL; void *callback_data = NULL; UI_METHOD *ui_method = NULL; /* Despite what the documentation says prompt_info can be * an empty string. */ if (prompt_info && !*prompt_info) prompt_info = NULL; if (cactx) { if (cactx->ui_method) ui_method = cactx->ui_method; if (cactx->password_callback) callback = cactx->password_callback; if (cactx->callback_data) callback_data = cactx->callback_data; } if (ppctx) { if (ppctx->ui_method) { ui_method = ppctx->ui_method; callback = NULL; } if (ppctx->callback_data) callback_data = ppctx->callback_data; } if (callback == NULL && ui_method == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK); return -1; } if (ui_method) { UI *ui = UI_new_method(ui_method); if (ui) { int ok; char *prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); ok = UI_add_input_string(ui,prompt, UI_INPUT_FLAG_DEFAULT_PWD, buf,0,(*len_io) - 1); UI_add_user_data(ui, callback_data); UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); if (ok >= 0) do { ok=UI_process(ui); } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); if (ok >= 0) *len_io = strlen(buf); UI_free(ui); OPENSSL_free(prompt); } } else { *len_io = callback(buf, *len_io, 0, callback_data); } if(!*len_io) return -1; return 0; }
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) { UI *ui = NULL; int res = 0; const char *prompt_info = NULL; const char *password = NULL; PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp; if (cb_data) { if (cb_data->password) password = (const char*)cb_data->password; if (cb_data->prompt_info) prompt_info = cb_data->prompt_info; } if (password) { res = strlen(password); if (res > bufsiz) res = bufsiz; memcpy(buf, password, res); return res; } ui = UI_new_method(ui_method); if (ui) { int ok = 0; char *buff = NULL; int ui_flags = 0; char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); if (ok >= 0) ok = UI_add_input_string(ui,prompt,ui_flags,buf, PW_MIN_LENGTH,BUFSIZ-1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); ok = UI_add_verify_string(ui,prompt,ui_flags,buff, PW_MIN_LENGTH,BUFSIZ-1, buf); } if (ok >= 0) do { ok = UI_process(ui); } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); if (buff) { OPENSSL_cleanse(buff,(unsigned int)bufsiz); OPENSSL_free(buff); } if (ok >= 0) res = strlen(buf); if (ok == -1) { BIO_printf(bio_err, "User interface error\n"); ERR_print_errors(bio_err); OPENSSL_cleanse(buf,(unsigned int)bufsiz); res = 0; } if (ok == -2) { BIO_printf(bio_err,"aborted!\n"); OPENSSL_cleanse(buf,(unsigned int)bufsiz); res = 0; } UI_free(ui); OPENSSL_free(prompt); } return res; }
/* Asks user to verify certificate data before proceeding */ static VerifyStatus verify_trust(X509 *cert) { char vfy_trust = 'y'; VerifyStatus ret = Accept; PKG_ERR *err; UI *ui = NULL; err = pkgerr_new(); /* print cert data */ if (print_cert(err, cert, KEYSTORE_FORMAT_TEXT, get_subject_display_name(cert), B_TRUE, stdout) != 0) { log_pkgerr(LOG_MSG_ERR, err); ret = VerifyFailed; goto cleanup; } if ((ui = UI_new()) == NULL) { log_msg(LOG_MSG_ERR, MSG_MEM); ret = VerifyFailed; goto cleanup; } /* * The prompt is internationalized, but the valid * response values are fixed, to avoid any complex * multibyte processing that results in bugs */ if (UI_add_input_boolean(ui, MSG_VERIFY_TRUST, "", "yY", "nN", UI_INPUT_FLAG_ECHO, &vfy_trust) <= 0) { log_msg(LOG_MSG_ERR, MSG_MEM); ret = VerifyFailed; goto cleanup; } if (UI_process(ui) != 0) { log_msg(LOG_MSG_ERR, MSG_MEM); ret = VerifyFailed; goto cleanup; } if (vfy_trust != 'y') { ret = Reject; goto cleanup; } /* * if the cert does not appear to be a CA cert * r is not self-signed, verify that as well */ if (!is_ca_cert(cert)) { UI_free(ui); if ((ui = UI_new()) == NULL) { log_msg(LOG_MSG_ERR, MSG_MEM); ret = VerifyFailed; goto cleanup; } if (UI_add_input_boolean(ui, MSG_VERIFY_NOT_CA, "", "yY", "nN", UI_INPUT_FLAG_ECHO, &vfy_trust) <= 0) { ret = VerifyFailed; goto cleanup; } if (UI_process(ui) != 0) { log_msg(LOG_MSG_ERR, MSG_MEM); ret = VerifyFailed; goto cleanup; } if (vfy_trust != 'y') { ret = Reject; goto cleanup; } } cleanup: if (ui != NULL) UI_free(ui); if (err != NULL) pkgerr_free(err); return (ret); }