From 923b1857decf4440b13b82f2aa7cf1189327d1a3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 21 Mar 2016 18:08:57 +0100 Subject: Fix "no-ui" configuration Reviewed-by: Matt Caswell --- apps/apps.c | 10 +++++++++- apps/enc.c | 41 +++++++++++++++++++++++----------------- apps/openssl.c | 4 ++++ apps/passwd.c | 35 +++++++++++++++++++++++----------- apps/pkcs12.c | 53 ++++++++++++++++++++++++++++++++++++++-------------- apps/pkcs8.c | 19 ++++++++++++++++--- crypto/err/err_all.c | 2 ++ 7 files changed, 118 insertions(+), 46 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index e1241495ea..7ba12fea5a 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -266,6 +266,7 @@ int dump_cert_text(BIO *out, X509 *x) return 0; } +#ifndef OPENSSL_NO_UI static int ui_open(UI *ui) { return UI_method_get_opener(UI_OpenSSL())(ui); @@ -335,20 +336,25 @@ void destroy_ui_method(void) ui_method = NULL; } } +#endif int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) { - UI *ui = NULL; int res = 0; +#ifndef OPENSSL_NO_UI + UI *ui = NULL; const char *prompt_info = NULL; +#endif const char *password = NULL; PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp; if (cb_data) { if (cb_data->password) password = cb_data->password; +#ifndef OPENSSL_NO_UI if (cb_data->prompt_info) prompt_info = cb_data->prompt_info; +#endif } if (password) { @@ -359,6 +365,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) return res; } +#ifndef OPENSSL_NO_UI ui = UI_new_method(ui_method); if (ui) { int ok = 0; @@ -408,6 +415,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) UI_free(ui); OPENSSL_free(prompt); } +#endif return res; } diff --git a/apps/enc.c b/apps/enc.c index 520ee47ebe..77df79d953 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -347,26 +347,33 @@ int enc_main(int argc, char **argv) } if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) { - for (;;) { - char prompt[200]; - - BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:", - OBJ_nid2ln(EVP_CIPHER_nid(cipher)), - (enc) ? "encryption" : "decryption"); - strbuf[0] = '\0'; - i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc); - if (i == 0) { - if (strbuf[0] == '\0') { - ret = 1; + if (1) { +#ifndef OPENSSL_NO_UI + for (;;) { + char prompt[200]; + + BIO_snprintf(prompt, sizeof prompt, "enter %s %s password:", + OBJ_nid2ln(EVP_CIPHER_nid(cipher)), + (enc) ? "encryption" : "decryption"); + strbuf[0] = '\0'; + i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc); + if (i == 0) { + if (strbuf[0] == '\0') { + ret = 1; + goto end; + } + str = strbuf; + break; + } + if (i < 0) { + BIO_printf(bio_err, "bad password read\n"); goto end; } - str = strbuf; - break; - } - if (i < 0) { - BIO_printf(bio_err, "bad password read\n"); - goto end; } + } else { +#endif + BIO_printf(bio_err, "password required\n"); + goto end; } } diff --git a/apps/openssl.c b/apps/openssl.c index 166c7a1e45..b810ecf8b8 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -176,14 +176,18 @@ static int apps_startup() | OPENSSL_INIT_LOAD_CONFIG, NULL)) return 0; +#ifndef OPENSSL_NO_UI setup_ui_method(); +#endif return 1; } static void apps_shutdown() { +#ifndef OPENSSL_NO_UI destroy_ui_method(); +#endif } static char *make_config_name() diff --git a/apps/passwd.c b/apps/passwd.c index 7ae9e88880..98092bb04b 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -118,7 +118,10 @@ int passwd_main(int argc, char **argv) char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL; char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; OPTION_CHOICE o; - int in_stdin = 0, in_noverify = 0, pw_source_defined = 0; + int in_stdin = 0, pw_source_defined = 0; +#ifndef OPENSSL_NO_UI + int in_noverify = 0; +#endif int passed_salt = 0, quiet = 0, table = 0, reverse = 0; int ret = 1, usecrypt = 0, use1 = 0, useapr1 = 0; size_t passwd_malloc_size = 0, pw_maxlen = 256; @@ -142,7 +145,9 @@ int passwd_main(int argc, char **argv) pw_source_defined = 1; break; case OPT_NOVERIFY: +#ifndef OPENSSL_NO_UI in_noverify = 1; +#endif break; case OPT_QUIET: quiet = 1; @@ -232,18 +237,26 @@ int passwd_main(int argc, char **argv) } if ((in == NULL) && (passwds == NULL)) { - /* build a null-terminated list */ - static char *passwds_static[2] = { NULL, NULL }; - - passwds = passwds_static; - if (in == NULL) - if (EVP_read_pw_string - (passwd_malloc, passwd_malloc_size, "Password: ", - !(passed_salt || in_noverify)) != 0) - goto end; - passwds[0] = passwd_malloc; + if (1) { +#ifndef OPENSSL_NO_UI + /* build a null-terminated list */ + static char *passwds_static[2] = { NULL, NULL }; + + passwds = passwds_static; + if (in == NULL) + if (EVP_read_pw_string + (passwd_malloc, passwd_malloc_size, "Password: ", + !(passed_salt || in_noverify)) != 0) + goto end; + passwds[0] = passwd_malloc; + } else { +#endif + BIO_printf(bio_err, "password required\n"); + goto end; + } } + if (in == NULL) { assert(passwds != NULL); assert(*passwds != NULL); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 6657c4fcee..ff3cb8845b 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -176,7 +176,8 @@ int pkcs12_main(int argc, char **argv) int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; # endif int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - int ret = 1, macver = 1, noprompt = 0, add_lmk = 0, private = 0; + int ret = 1, macver = 1, add_lmk = 0, private = 0; + int noprompt = 0; char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; char *passin = NULL, *passout = NULL, *inrand = NULL, *macalg = NULL; char *cpass = NULL, *mpass = NULL, *CApath = NULL, *CAfile = NULL; @@ -367,9 +368,16 @@ int pkcs12_main(int argc, char **argv) } if (twopass) { - if (EVP_read_pw_string - (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { - BIO_printf(bio_err, "Can't read Password\n"); + if (1) { +#ifndef OPENSSL_NO_UI + if (EVP_read_pw_string + (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) { + BIO_printf(bio_err, "Can't read Password\n"); + goto end; + } + } else { +#endif + BIO_printf(bio_err, "Unsupported option -twopass\n"); goto end; } } @@ -477,12 +485,21 @@ int pkcs12_main(int argc, char **argv) if (add_lmk && key) EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); - if (!noprompt && - EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", - 1)) { - BIO_printf(bio_err, "Can't read Password\n"); - goto export_end; + if (!noprompt) { + if (1) { +#ifndef OPENSSL_NO_UI + if (EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", + 1)) { + BIO_printf(bio_err, "Can't read Password\n"); + goto export_end; + } + } else { +#endif + BIO_printf(bio_err, "Password required\n"); + goto export_end; + } } + if (!twopass) OPENSSL_strlcpy(macpass, pass, sizeof macpass); @@ -534,11 +551,19 @@ int pkcs12_main(int argc, char **argv) goto end; } - if (!noprompt - && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", - 0)) { - BIO_printf(bio_err, "Can't read Password\n"); - goto end; + if (!noprompt) { + if (1) { +#ifndef OPENSSL_NO_UI + if (EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", + 0)) { + BIO_printf(bio_err, "Can't read Password\n"); + goto end; + } + } else { +#endif + BIO_printf(bio_err, "Password required\n"); + goto end; + } } if (!twopass) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 8a4d5423d1..15b8e6a084 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -111,7 +111,10 @@ int pkcs8_main(int argc, char **argv) const EVP_CIPHER *cipher = NULL; char *infile = NULL, *outfile = NULL; char *passinarg = NULL, *passoutarg = NULL, *prog; - char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL; +#ifndef OPENSSL_NO_UI + char pass[50]; +#endif + char *passin = NULL, *passout = NULL, *p8pass = NULL; OPTION_CHOICE o; int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER; int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1; @@ -272,13 +275,18 @@ int pkcs8_main(int argc, char **argv) } if (passout) p8pass = passout; - else { + else if (1) { +#ifndef OPENSSL_NO_UI p8pass = pass; if (EVP_read_pw_string (pass, sizeof pass, "Enter Encryption Password:", 1)) { X509_ALGOR_free(pbe); goto end; } + } else { +#endif + BIO_printf(bio_err, "Password required\n"); + goto end; } app_RAND_load_file(NULL, 0); p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe); @@ -330,9 +338,14 @@ int pkcs8_main(int argc, char **argv) } if (passin) p8pass = passin; - else { + else if (1) { +#ifndef OPENSSL_NO_UI p8pass = pass; EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0); + } else { +#endif + BIO_printf(bio_err, "Password required\n"); + goto end; } p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); } diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 25f7d411eb..78cdd5bb06 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -133,7 +133,9 @@ void err_load_crypto_strings_intern(void) ERR_load_ENGINE_strings(); # endif ERR_load_OCSP_strings(); +#ifndef OPENSSL_NO_UI ERR_load_UI_strings(); +#endif # ifdef OPENSSL_FIPS ERR_load_FIPS_strings(); # endif -- cgit v1.2.3