1 /*
2 * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11 #include <openssl/pem.h> /* PEM_def_callback() */
12 #include "internal/thread_once.h"
13 #include "ui_local.h"
14
15 #ifndef BUFSIZ
16 #define BUFSIZ 256
17 #endif
18
UI_UTIL_read_pw_string(char * buf,int length,const char * prompt,int verify)19 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
20 int verify)
21 {
22 char buff[BUFSIZ];
23 int ret;
24
25 ret =
26 UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
27 prompt, verify);
28 OPENSSL_cleanse(buff, BUFSIZ);
29 return ret;
30 }
31
UI_UTIL_read_pw(char * buf,char * buff,int size,const char * prompt,int verify)32 int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
33 int verify)
34 {
35 int ok = -2;
36 UI *ui;
37
38 if (size < 1)
39 return -1;
40
41 ui = UI_new();
42 if (ui != NULL) {
43 ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
44 if (ok >= 0 && verify)
45 ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf);
46 if (ok >= 0)
47 ok = UI_process(ui);
48 UI_free(ui);
49 }
50 return ok;
51 }
52
53 /*
54 * Wrapper around pem_password_cb, a method to help older APIs use newer
55 * ones.
56 */
57 struct pem_password_cb_data {
58 pem_password_cb *cb;
59 int rwflag;
60 };
61
ui_new_method_data(void * parent,void * ptr,CRYPTO_EX_DATA * ad,int idx,long argl,void * argp)62 static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
63 int idx, long argl, void *argp)
64 {
65 /*
66 * Do nothing, the data is allocated externally and assigned later with
67 * CRYPTO_set_ex_data()
68 */
69 }
70
ui_dup_method_data(CRYPTO_EX_DATA * to,const CRYPTO_EX_DATA * from,void ** pptr,int idx,long argl,void * argp)71 static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
72 void **pptr, int idx, long argl, void *argp)
73 {
74 if (*pptr != NULL) {
75 *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data));
76 if (*pptr != NULL)
77 return 1;
78 }
79 return 0;
80 }
81
ui_free_method_data(void * parent,void * ptr,CRYPTO_EX_DATA * ad,int idx,long argl,void * argp)82 static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
83 int idx, long argl, void *argp)
84 {
85 OPENSSL_free(ptr);
86 }
87
88 static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
89 static int ui_method_data_index = -1;
DEFINE_RUN_ONCE_STATIC(ui_method_data_index_init)90 DEFINE_RUN_ONCE_STATIC(ui_method_data_index_init)
91 {
92 ui_method_data_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD,
93 0, NULL, ui_new_method_data,
94 ui_dup_method_data,
95 ui_free_method_data);
96 return 1;
97 }
98
ui_open(UI * ui)99 static int ui_open(UI *ui)
100 {
101 return 1;
102 }
ui_read(UI * ui,UI_STRING * uis)103 static int ui_read(UI *ui, UI_STRING *uis)
104 {
105 switch (UI_get_string_type(uis)) {
106 case UIT_PROMPT:
107 {
108 int len;
109 char result[PEM_BUFSIZE + 1]; /* reserve one byte at the end */
110 const struct pem_password_cb_data *data =
111 UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index);
112 int maxsize = UI_get_result_maxsize(uis);
113
114 if (maxsize > PEM_BUFSIZE)
115 maxsize = PEM_BUFSIZE;
116 len = data->cb(result, maxsize, data->rwflag,
117 UI_get0_user_data(ui));
118 if (len > maxsize)
119 return -1;
120 if (len >= 0)
121 result[len] = '\0';
122 if (len < 0)
123 return len;
124 if (UI_set_result_ex(ui, uis, result, len) >= 0)
125 return 1;
126 return 0;
127 }
128 case UIT_VERIFY:
129 case UIT_NONE:
130 case UIT_BOOLEAN:
131 case UIT_INFO:
132 case UIT_ERROR:
133 break;
134 }
135 return 1;
136 }
ui_write(UI * ui,UI_STRING * uis)137 static int ui_write(UI *ui, UI_STRING *uis)
138 {
139 return 1;
140 }
ui_close(UI * ui)141 static int ui_close(UI *ui)
142 {
143 return 1;
144 }
145
UI_UTIL_wrap_read_pem_callback(pem_password_cb * cb,int rwflag)146 UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag)
147 {
148 struct pem_password_cb_data *data = NULL;
149 UI_METHOD *ui_method = NULL;
150
151 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
152 || (ui_method = UI_create_method("PEM password callback wrapper")) == NULL
153 || UI_method_set_opener(ui_method, ui_open) < 0
154 || UI_method_set_reader(ui_method, ui_read) < 0
155 || UI_method_set_writer(ui_method, ui_write) < 0
156 || UI_method_set_closer(ui_method, ui_close) < 0
157 || !RUN_ONCE(&get_index_once, ui_method_data_index_init)
158 || !UI_method_set_ex_data(ui_method, ui_method_data_index, data)) {
159 UI_destroy_method(ui_method);
160 OPENSSL_free(data);
161 return NULL;
162 }
163 data->rwflag = rwflag;
164 data->cb = cb != NULL ? cb : PEM_def_callback;
165
166 return ui_method;
167 }
168
