static char *tpm_engine_get_auth(UI_METHOD *ui_method, char *auth, int maxlen, char *input_string, void *cb_data) { UI *ui; DBG("%s", __FUNCTION__); ui = UI_new(); if (ui_method) UI_set_method(ui, ui_method); UI_add_user_data(ui, cb_data); if (!UI_add_input_string(ui, input_string, 0, auth, 0, maxlen)) { TSSerr(TPM_F_TPM_ENGINE_GET_AUTH, TPM_R_UI_METHOD_FAILED); UI_free(ui); return NULL; } if (UI_process(ui)) { TSSerr(TPM_F_TPM_ENGINE_GET_AUTH, TPM_R_UI_METHOD_FAILED); UI_free(ui); return NULL; } UI_free(ui); return auth; }
/* Get the PIN via asking user interface. The supplied call-back data are * passed to the user interface implemented by an application. Only the * application knows how to interpret the call-back data. * A (strdup'ed) copy of the PIN code will be stored in the pin variable. */ static int get_pin(ENGINE_CTX *ctx, UI_METHOD *ui_method, void *callback_data) { UI *ui; /* call ui to ask for a pin */ ui = UI_new(); if (ui == NULL) { fprintf(stderr, "UI_new failed\n"); return 0; } if (ui_method != NULL) UI_set_method(ui, ui_method); if (callback_data != NULL) UI_add_user_data(ui, callback_data); destroy_pin(ctx); ctx->pin = OPENSSL_malloc(MAX_PIN_LENGTH * sizeof(char)); if (ctx->pin == NULL) return 0; memset(ctx->pin, 0, MAX_PIN_LENGTH * sizeof(char)); ctx->pin_length = MAX_PIN_LENGTH; if (!UI_add_input_string(ui, "PKCS#11 token PIN: ", UI_INPUT_FLAG_DEFAULT_PWD, ctx->pin, 1, MAX_PIN_LENGTH)) { fprintf(stderr, "UI_add_input_string failed\n"); UI_free(ui); return 0; } if (UI_process(ui)) { fprintf(stderr, "UI_process failed\n"); UI_free(ui); return 0; } UI_free(ui); return 1; }
static int ui_close(UI *ui) { struct ui_data *ui_data = UI_get0_user_data(ui); struct ui_form_opt *opt, *next_opt; opt = (struct ui_form_opt *)ui_data->form.opts; while (opt) { next_opt = (struct ui_form_opt *)opt->opt.next; if (opt->opt.value) free(opt->opt.value); free(opt); opt = next_opt; } free(ui_data); UI_add_user_data(ui, NULL); return 1; }
/* * Authenticate a private the key operation if needed */ int pkcs11_authenticate(PKCS11_KEY *key) { PKCS11_KEY_private *kpriv = PRIVKEY(key); PKCS11_TOKEN *token = KEY2TOKEN(key); PKCS11_SLOT *slot = TOKEN2SLOT(token); PKCS11_SLOT_private *spriv = PRIVSLOT(slot); PKCS11_CTX *ctx = SLOT2CTX(slot); char pin[MAX_PIN_LENGTH+1]; UI *ui; int rv; /* Handle CKF_PROTECTED_AUTHENTICATION_PATH */ if (token->secureLogin) { rv = CRYPTOKI_call(ctx, C_Login(spriv->session, CKU_CONTEXT_SPECIFIC, NULL, 0)); return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv; } /* Call UI to ask for a PIN */ ui = UI_new_method(kpriv->ui_method); if (ui == NULL) return PKCS11_UI_FAILED; if (kpriv->ui_user_data != NULL) UI_add_user_data(ui, kpriv->ui_user_data); memset(pin, 0, MAX_PIN_LENGTH+1); if (!UI_add_input_string(ui, "PKCS#11 key PIN: ", UI_INPUT_FLAG_DEFAULT_PWD, pin, 4, MAX_PIN_LENGTH)) { UI_free(ui); return PKCS11_UI_FAILED; } if (UI_process(ui)) { UI_free(ui); return PKCS11_UI_FAILED; } UI_free(ui); /* Login with the PIN */ rv = CRYPTOKI_call(ctx, C_Login(spriv->session, CKU_CONTEXT_SPECIFIC, (CK_UTF8CHAR *)pin, strlen(pin))); OPENSSL_cleanse(pin, MAX_PIN_LENGTH+1); return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv; }
static char *file_get_pass(const UI_METHOD *ui_method, char *pass, size_t maxsize, const char *prompt_info, void *data) { UI *ui = UI_new(); char *prompt = NULL; if (ui == NULL) { OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); return NULL; } if (ui_method != NULL) UI_set_method(ui, ui_method); UI_add_user_data(ui, data); if ((prompt = UI_construct_prompt(ui, "pass phrase", prompt_info)) == NULL) { OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE); pass = NULL; } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD, pass, 0, maxsize - 1)) { OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); pass = NULL; } else { switch (UI_process(ui)) { case -2: OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED); pass = NULL; break; case -1: OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB); pass = NULL; break; default: break; } } OPENSSL_free(prompt); UI_free(ui); return pass; }
/* * Test wrapping old style PEM password callback in a UI method through the * use of UI utility functions */ static int test_old() { UI_METHOD *ui_method = NULL; UI *ui = NULL; char defpass[] = "password"; char pass[16]; int ok = 0; if ((ui_method = UI_UTIL_wrap_read_pem_callback(test_pem_password_cb, 0)) == NULL || (ui = UI_new_method(ui_method)) == NULL) goto err; /* The wrapper passes the UI userdata as the callback userdata param */ UI_add_user_data(ui, defpass); if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD, pass, 0, sizeof(pass) - 1)) goto err; switch (UI_process(ui)) { case -2: BIO_printf(bio_err, "test_old: UI process interrupted or cancelled\n"); /* fall through */ case -1: goto err; default: break; } if (strcmp(pass, defpass) == 0) ok = 1; else BIO_printf(bio_err, "test_old: password failure\n"); err: if (!ok) ERR_print_errors_fp(stderr); UI_free(ui); UI_destroy_method(ui_method); return ok; }
static int ui_open(UI *ui) { struct openconnect_info *vpninfo = ui_vpninfo; /* Ick */ struct ui_data *ui_data; if (!vpninfo || !vpninfo->process_auth_form) return 0; ui_data = malloc(sizeof(*ui_data)); if (!ui_data) return 0; memset(ui_data, 0, sizeof(*ui_data)); ui_data->last_opt = &ui_data->form.opts; ui_data->vpninfo = vpninfo; ui_data->form.auth_id = (char *)"openssl_ui"; UI_add_user_data(ui, ui_data); return 1; }
int UI_dup_user_data(UI *ui, void *user_data) { void *duplicate = NULL; if (ui->meth->ui_duplicate_data == NULL || ui->meth->ui_destroy_data == NULL) { UIerr(UI_F_UI_DUP_USER_DATA, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED); return -1; } duplicate = ui->meth->ui_duplicate_data(ui, user_data); if (duplicate == NULL) { UIerr(UI_F_UI_DUP_USER_DATA, ERR_R_MALLOC_FAILURE); return -1; } (void)UI_add_user_data(ui, duplicate); ui->flags |= UI_FLAG_DUPL_DATA; return 0; }
/* * Test wrapping old style PEM password callback in a UI method through the * use of UI utility functions */ static int test_old(void) { UI_METHOD *ui_method = NULL; UI *ui = NULL; char defpass[] = "password"; char pass[16]; int ok = 0; if (!TEST_ptr(ui_method = UI_UTIL_wrap_read_pem_callback( test_pem_password_cb, 0)) || !TEST_ptr(ui = UI_new_method(ui_method))) goto err; /* The wrapper passes the UI userdata as the callback userdata param */ UI_add_user_data(ui, defpass); if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD, pass, 0, sizeof(pass) - 1)) goto err; switch (UI_process(ui)) { case -2: TEST_info("test_old: UI process interrupted or cancelled"); /* fall through */ case -1: goto err; default: break; } if (TEST_str_eq(pass, defpass)) ok = 1; err: UI_free(ui); UI_destroy_method(ui_method); return ok; }
static int hwcrhk_insert_card(const char *prompt_info, const char *wrong_info, HWCryptoHook_PassphraseContext *ppctx, HWCryptoHook_CallerContext *cactx) { int ok = -1; UI *ui; void *callback_data = NULL; UI_METHOD *ui_method = NULL; if (cactx) { if (cactx->ui_method) ui_method = cactx->ui_method; if (cactx->callback_data) callback_data = cactx->callback_data; } if (ppctx) { if (ppctx->ui_method) ui_method = ppctx->ui_method; if (ppctx->callback_data) callback_data = ppctx->callback_data; } if (ui_method == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK); return -1; } ui = UI_new_method(ui_method); if (ui) { char answer; char buf[BUFSIZ]; /* Despite what the documentation says wrong_info can be * an empty string. */ if (wrong_info && *wrong_info) BIO_snprintf(buf, sizeof(buf)-1, "Current card: \"%s\"\n", wrong_info); else buf[0] = 0; ok = UI_dup_info_string(ui, buf); if (ok >= 0 && prompt_info) { BIO_snprintf(buf, sizeof(buf)-1, "Insert card \"%s\"", prompt_info); ok = UI_dup_input_boolean(ui, buf, "\n then hit <enter> or C<enter> to cancel\n", "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer); } UI_add_user_data(ui, callback_data); if (ok >= 0) ok = UI_process(ui); UI_free(ui); if (ok == -2 || (ok >= 0 && answer == 'C')) ok = 1; else if (ok < 0) ok = -1; else ok = 0; } return ok; }
static int hwcrhk_get_pass(const char *prompt_info, int *len_io, char *buf, HWCryptoHook_PassphraseContext *ppctx, HWCryptoHook_CallerContext *cactx) { pem_password_cb *callback = NULL; void *callback_data = NULL; UI_METHOD *ui_method = NULL; /* Despite what the documentation says prompt_info can be * an empty string. */ if (prompt_info && !*prompt_info) prompt_info = NULL; if (cactx) { if (cactx->ui_method) ui_method = cactx->ui_method; if (cactx->password_callback) callback = cactx->password_callback; if (cactx->callback_data) callback_data = cactx->callback_data; } if (ppctx) { if (ppctx->ui_method) { ui_method = ppctx->ui_method; callback = NULL; } if (ppctx->callback_data) callback_data = ppctx->callback_data; } if (callback == NULL && ui_method == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK); return -1; } if (ui_method) { UI *ui = UI_new_method(ui_method); if (ui) { int ok; char *prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); ok = UI_add_input_string(ui,prompt, UI_INPUT_FLAG_DEFAULT_PWD, buf,0,(*len_io) - 1); UI_add_user_data(ui, callback_data); UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); if (ok >= 0) do { ok=UI_process(ui); } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); if (ok >= 0) *len_io = strlen(buf); UI_free(ui); OPENSSL_free(prompt); } } else { *len_io = callback(buf, *len_io, 0, callback_data); } if(!*len_io) return -1; return 0; }