-/* crypto/des/read2pwd.c */
/* ====================================================================
* Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
*
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
- *
+ *
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
+ *
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
+ * 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
+ *
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
+ *
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+#include <string.h>
#include <openssl/des.h>
#include <openssl/ui.h>
+#include <openssl/crypto.h>
+
+#ifndef OPENSSL_NO_UI
+
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
int DES_read_password(DES_cblock *key, const char *prompt, int verify)
- {
- int ok;
- char buf[BUFSIZ],buff[BUFSIZ];
+{
+ int ok;
+ char buf[BUFSIZ], buff[BUFSIZ];
- if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
- DES_string_to_key(buf,key);
- memset(buf,0,BUFSIZ);
- memset(buff,0,BUFSIZ);
- return(ok);
- }
+ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
+ DES_string_to_key(buf, key);
+ OPENSSL_cleanse(buf, BUFSIZ);
+ OPENSSL_cleanse(buff, BUFSIZ);
+ return (ok);
+}
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
- int verify)
- {
- int ok;
- char buf[BUFSIZ],buff[BUFSIZ];
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
+ const char *prompt, int verify)
+{
+ int ok;
+ char buf[BUFSIZ], buff[BUFSIZ];
- if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
- DES_string_to_2keys(buf,key1,key2);
- memset(buf,0,BUFSIZ);
- memset(buff,0,BUFSIZ);
- return(ok);
- }
+ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
+ DES_string_to_2keys(buf, key1, key2);
+ OPENSSL_cleanse(buf, BUFSIZ);
+ OPENSSL_cleanse(buff, BUFSIZ);
+ return (ok);
+}
+#endif