#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
#include <openssl/safestack.h>
#ifdef OPENSSL_SYS_WINDOWS
unsigned long mask;
} NAME_EX_TBL;
+static UI_METHOD *ui_method = NULL;
+
static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
return 0;
}
+static int ui_open(UI *ui)
+ {
+ return UI_method_get_opener(UI_OpenSSL())(ui);
+ }
+static int ui_read(UI *ui, UI_STRING *uis)
+ {
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui))
+ {
+ switch(UI_get_string_type(uis))
+ {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password[0] != '\0')
+ {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+ }
+static int ui_write(UI *ui, UI_STRING *uis)
+ {
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui))
+ {
+ switch(UI_get_string_type(uis))
+ {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password[0] != '\0')
+ return 1;
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+ }
+static int ui_close(UI *ui)
+ {
+ return UI_method_get_closer(UI_OpenSSL())(ui);
+ }
+int setup_ui_method()
+ {
+ ui_method = UI_create_method("OpenSSL application user interface");
+ UI_method_set_opener(ui_method, ui_open);
+ UI_method_set_reader(ui_method, ui_read);
+ UI_method_set_writer(ui_method, ui_write);
+ UI_method_set_closer(ui_method, ui_close);
+ return 0;
+ }
+void destroy_ui_method()
+ {
+ if(ui_method)
+ {
+ UI_destroy_method(ui_method);
+ ui_method = NULL;
+ }
+ }
int password_callback(char *buf, int bufsiz, int verify,
- PW_CB_DATA *cb_data)
+ PW_CB_DATA *cb_tmp)
{
- int i,j;
- char prompt[80];
+ UI *ui = NULL;
+ int res = 0;
const char *prompt_info = NULL;
const char *password = NULL;
+ PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
if (cb_data)
{
prompt_info = cb_data->prompt_info;
}
- if(password) {
- i=strlen(password);
- i=(i > bufsiz)?bufsiz:i;
- memcpy(buf,password,i);
- return(i);
- }
-
- if (EVP_get_pw_prompt())
- BIO_snprintf(prompt, sizeof(prompt)-1, EVP_get_pw_prompt(),
- prompt_info ? prompt_info : "");
- else
- BIO_snprintf(prompt, sizeof(prompt)-1,
- "Enter pass phrase for %s:",
- prompt_info ? prompt_info : "");
+ if (password)
+ {
+ res = strlen(password);
+ if (res > bufsiz)
+ res = bufsiz;
+ memcpy(buf, password, res);
+ return res;
+ }
- for (;;)
+ ui = UI_new_method(ui_method);
+ if (ui)
{
- i=EVP_read_pw_string(buf,bufsiz,prompt,verify);
- if (i != 0)
+ int ok = 0;
+ char *buff = NULL;
+ int ui_flags = 0;
+ char *prompt = NULL;
+
+ prompt = UI_construct_prompt(ui, "pass phrase",
+ cb_data->prompt_info);
+
+ ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+ if (ok >= 0)
+ ok = UI_add_input_string(ui,prompt,ui_flags,buf,
+ PW_MIN_LENGTH,BUFSIZ-1);
+ if (ok >= 0 && verify)
{
- BIO_printf(bio_err,"aborted!\n");
+ buff = (char *)OPENSSL_malloc(bufsiz);
+ ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
+ PW_MIN_LENGTH,BUFSIZ-1, buf);
+ }
+ if (ok >= 0)
+ do
+ {
+ ok = UI_process(ui);
+ }
+ while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+ if (buff)
+ {
+ memset(buff,0,(unsigned int)bufsiz);
+ OPENSSL_free(buff);
+ }
+
+ if (ok >= 0)
+ res = strlen(buf);
+ if (ok == -1)
+ {
+ BIO_printf(bio_err, "User interface error\n");
+ ERR_print_errors(bio_err);
memset(buf,0,(unsigned int)bufsiz);
- return(-1);
+ res = 0;
}
- j=strlen(buf);
- if (j < PW_MIN_LENGTH)
+ if (ok == -2)
{
- BIO_printf(bio_err,"phrase is too short, needs to be at least %d chars\n",PW_MIN_LENGTH);
+ BIO_printf(bio_err,"aborted!\n");
+ memset(buf,0,(unsigned int)bufsiz);
+ res = 0;
}
- else
- break;
+ UI_free(ui);
+ OPENSSL_free(prompt);
}
- return(j);
+ return res;
}
static char *app_get_pass(BIO *err, char *arg, int keepbio);
return BUF_strdup(tpass);
}
-int add_oid_section(BIO *err, LHASH *conf)
+int add_oid_section(BIO *err, CONF *conf)
{
char *p;
STACK_OF(CONF_VALUE) *sktmp;
CONF_VALUE *cnf;
int i;
- if(!(p=CONF_get_string(conf,NULL,"oid_section")))
+ if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
{
ERR_clear_error();
return 1;
}
- if(!(sktmp = CONF_get_section(conf, p))) {
+ if(!(sktmp = NCONF_get_section(conf, p))) {
BIO_printf(err, "problem loading oid section %s\n", p);
return 0;
}
BIO_printf(bio_err,"no engine specified\n");
else
pkey = ENGINE_load_private_key(e, file,
- (pem_password_cb *)password_callback, &cb_data);
+ ui_method, &cb_data);
goto end;
}
key=BIO_new(BIO_s_file());
BIO_printf(bio_err,"no engine specified\n");
else
pkey = ENGINE_load_public_key(e, file,
- (pem_password_cb *)password_callback, &cb_data);
+ ui_method, &cb_data);
goto end;
}
key=BIO_new(BIO_s_file());
X509_STORE_free(store);
return NULL;
}
+
+ENGINE *setup_engine(BIO *err, const char *engine, int debug)
+ {
+ ENGINE *e = NULL;
+
+ if (engine)
+ {
+ if((e = ENGINE_by_id(engine)) == NULL)
+ {
+ BIO_printf(err,"invalid engine \"%s\"\n", engine);
+ return NULL;
+ }
+ if (debug)
+ {
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+ 0, err, 0);
+ }
+ ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+ if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+ {
+ BIO_printf(err,"can't use that engine\n");
+ return NULL;
+ }
+
+ ENGINE_load_engine_ciphers(e);
+
+ BIO_printf(err,"engine \"%s\" set.\n", engine);
+
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+ return e;
+ }