int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
{
int ok = 0;
UI *ui;
if (size < 1)
return -1;
ui = UI_new();
if (ui)
{
ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
if (ok >= 0 && verify)
ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
buf);
if (ok >= 0)
ok=UI_process(ui);
UI_free(ui);
}
if (ok > 0)
ok = 0;
return(ok);
}
int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
int verify)
{
int ret;
char buff[BUFSIZ];
UI *ui;
if ((prompt == NULL) && (prompt_string[0] != '\0'))
prompt = prompt_string;
ui = UI_new();
if (ui == NULL)
return -1;
UI_add_input_string(ui, prompt, 0, buf, min,
(len >= BUFSIZ) ? BUFSIZ - 1 : len);
if (verify)
UI_add_verify_string(ui, prompt, 0,
buff, min, (len >= BUFSIZ) ? BUFSIZ - 1 : len,
buf);
ret = UI_process(ui);
UI_free(ui);
OPENSSL_cleanse(buff, BUFSIZ);
return ret;
}
static int hwcrhk_insert_card(const char *prompt_info,
const char *wrong_info,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx)
{
int ok = -1;
UI *ui;
void *callback_data = NULL;
UI_METHOD *ui_method = NULL;
if (cactx)
{
if (cactx->ui_method)
ui_method = cactx->ui_method;
if (cactx->callback_data)
callback_data = cactx->callback_data;
}
if (ppctx)
{
if (ppctx->ui_method)
ui_method = ppctx->ui_method;
if (ppctx->callback_data)
callback_data = ppctx->callback_data;
}
if (ui_method == NULL)
{
HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
HWCRHK_R_NO_CALLBACK);
return -1;
}
ui = UI_new_method(ui_method);
if (ui)
{
char answer;
char buf[BUFSIZ];
/* Despite what the documentation says wrong_info can be
* an empty string.
*/
if (wrong_info && *wrong_info)
BIO_snprintf(buf, sizeof(buf)-1,
"Current card: \"%s\"\n", wrong_info);
else
buf[0] = 0;
ok = UI_dup_info_string(ui, buf);
if (ok >= 0 && prompt_info)
{
BIO_snprintf(buf, sizeof(buf)-1,
"Insert card \"%s\"", prompt_info);
ok = UI_dup_input_boolean(ui, buf,
"\n then hit <enter> or C<enter> to cancel\n",
"\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
}
UI_add_user_data(ui, callback_data);
if (ok >= 0)
ok = UI_process(ui);
UI_free(ui);
if (ok == -2 || (ok >= 0 && answer == 'C'))
ok = 1;
else if (ok < 0)
ok = -1;
else
ok = 0;
}
return ok;
}
static int hwcrhk_get_pass(const char *prompt_info,
int *len_io, char *buf,
HWCryptoHook_PassphraseContext *ppctx,
HWCryptoHook_CallerContext *cactx)
{
pem_password_cb *callback = NULL;
void *callback_data = NULL;
UI_METHOD *ui_method = NULL;
/* Despite what the documentation says prompt_info can be
* an empty string.
*/
if (prompt_info && !*prompt_info)
prompt_info = NULL;
if (cactx)
{
if (cactx->ui_method)
ui_method = cactx->ui_method;
if (cactx->password_callback)
callback = cactx->password_callback;
if (cactx->callback_data)
callback_data = cactx->callback_data;
}
if (ppctx)
{
if (ppctx->ui_method)
{
ui_method = ppctx->ui_method;
callback = NULL;
}
if (ppctx->callback_data)
callback_data = ppctx->callback_data;
}
if (callback == NULL && ui_method == NULL)
{
HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
return -1;
}
if (ui_method)
{
UI *ui = UI_new_method(ui_method);
if (ui)
{
int ok;
char *prompt = UI_construct_prompt(ui,
"pass phrase", prompt_info);
ok = UI_add_input_string(ui,prompt,
UI_INPUT_FLAG_DEFAULT_PWD,
buf,0,(*len_io) - 1);
UI_add_user_data(ui, callback_data);
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
if (ok >= 0)
do
{
ok=UI_process(ui);
}
while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
if (ok >= 0)
*len_io = strlen(buf);
UI_free(ui);
OPENSSL_free(prompt);
}
}
else
{
*len_io = callback(buf, *len_io, 0, callback_data);
}
if(!*len_io)
return -1;
return 0;
}
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
{
UI *ui = NULL;
int res = 0;
const char *prompt_info = NULL;
const char *password = NULL;
PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
if (cb_data)
{
if (cb_data->password)
password = (const char*)cb_data->password;
if (cb_data->prompt_info)
prompt_info = cb_data->prompt_info;
}
if (password)
{
res = strlen(password);
if (res > bufsiz)
res = bufsiz;
memcpy(buf, password, res);
return res;
}
ui = UI_new_method(ui_method);
if (ui)
{
int ok = 0;
char *buff = NULL;
int ui_flags = 0;
char *prompt = NULL;
prompt = UI_construct_prompt(ui, "pass phrase",
prompt_info);
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
if (ok >= 0)
ok = UI_add_input_string(ui,prompt,ui_flags,buf,
PW_MIN_LENGTH,BUFSIZ-1);
if (ok >= 0 && verify)
{
buff = (char *)OPENSSL_malloc(bufsiz);
ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
PW_MIN_LENGTH,BUFSIZ-1, buf);
}
if (ok >= 0)
do
{
ok = UI_process(ui);
}
while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
if (buff)
{
OPENSSL_cleanse(buff,(unsigned int)bufsiz);
OPENSSL_free(buff);
}
if (ok >= 0)
res = strlen(buf);
if (ok == -1)
{
BIO_printf(bio_err, "User interface error\n");
ERR_print_errors(bio_err);
OPENSSL_cleanse(buf,(unsigned int)bufsiz);
res = 0;
}
if (ok == -2)
{
BIO_printf(bio_err,"aborted!\n");
OPENSSL_cleanse(buf,(unsigned int)bufsiz);
res = 0;
}
UI_free(ui);
OPENSSL_free(prompt);
}
return res;
}
/* Asks user to verify certificate data before proceeding */
static VerifyStatus verify_trust(X509 *cert)
{
char vfy_trust = 'y';
VerifyStatus ret = Accept;
PKG_ERR *err;
UI *ui = NULL;
err = pkgerr_new();
/* print cert data */
if (print_cert(err, cert, KEYSTORE_FORMAT_TEXT,
get_subject_display_name(cert), B_TRUE, stdout) != 0) {
log_pkgerr(LOG_MSG_ERR, err);
ret = VerifyFailed;
goto cleanup;
}
if ((ui = UI_new()) == NULL) {
log_msg(LOG_MSG_ERR, MSG_MEM);
ret = VerifyFailed;
goto cleanup;
}
/*
* The prompt is internationalized, but the valid
* response values are fixed, to avoid any complex
* multibyte processing that results in bugs
*/
if (UI_add_input_boolean(ui, MSG_VERIFY_TRUST,
"",
"yY", "nN",
UI_INPUT_FLAG_ECHO, &vfy_trust) <= 0) {
log_msg(LOG_MSG_ERR, MSG_MEM);
ret = VerifyFailed;
goto cleanup;
}
if (UI_process(ui) != 0) {
log_msg(LOG_MSG_ERR, MSG_MEM);
ret = VerifyFailed;
goto cleanup;
}
if (vfy_trust != 'y') {
ret = Reject;
goto cleanup;
}
/*
* if the cert does not appear to be a CA cert
* r is not self-signed, verify that as well
*/
if (!is_ca_cert(cert)) {
UI_free(ui);
if ((ui = UI_new()) == NULL) {
log_msg(LOG_MSG_ERR, MSG_MEM);
ret = VerifyFailed;
goto cleanup;
}
if (UI_add_input_boolean(ui,
MSG_VERIFY_NOT_CA,
"",
"yY", "nN",
UI_INPUT_FLAG_ECHO, &vfy_trust) <= 0) {
ret = VerifyFailed;
goto cleanup;
}
if (UI_process(ui) != 0) {
log_msg(LOG_MSG_ERR, MSG_MEM);
ret = VerifyFailed;
goto cleanup;
}
if (vfy_trust != 'y') {
ret = Reject;
goto cleanup;
}
}
cleanup:
if (ui != NULL)
UI_free(ui);
if (err != NULL)
pkgerr_free(err);
return (ret);
}
