tools: Disable unnecessary confirmation during ndnsec-import
Change-Id: I75113483a343bbe06cf0af85a08695b0a9ae9aeb
Refs: #3644
diff --git a/tools/ndnsec/import.cpp b/tools/ndnsec/import.cpp
index 4bb9b63..4137324 100644
--- a/tools/ndnsec/import.cpp
+++ b/tools/ndnsec/import.cpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -68,7 +68,7 @@
safeBag = io::load<security::SafeBag>(input);
int count = 3;
- while (!getPassword(importPassword, "Passphrase for the private key: ")) {
+ while (!getPassword(importPassword, "Passphrase for the private key: ", false)) {
count--;
if (count <= 0) {
std::cerr << "ERROR: Fail to get password" << std::endl;
diff --git a/tools/ndnsec/util.cpp b/tools/ndnsec/util.cpp
index 52657f7..6a34f53 100644
--- a/tools/ndnsec/util.cpp
+++ b/tools/ndnsec/util.cpp
@@ -1,5 +1,5 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
* Copyright (c) 2013-2017 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -21,6 +21,8 @@
#include "util.hpp"
+#include "security/detail/openssl.hpp"
+
namespace ndn {
namespace ndnsec {
@@ -28,38 +30,34 @@
getPassword(std::string& password, const std::string& prompt, bool shouldConfirm)
{
#ifdef NDN_CXX_HAVE_GETPASS
- char* pw0 = nullptr;
-
- pw0 = getpass(prompt.c_str());
- if (!pw0)
+ char* pw0 = getpass(prompt.c_str());
+ if (!pw0 || strlen(pw0) == 0) {
return false;
+ }
std::string password1 = pw0;
- memset(pw0, 0, strlen(pw0));
+ OPENSSL_cleanse(pw0, strlen(pw0));
if (!shouldConfirm) {
+ password.swap(password1);
return true;
}
pw0 = getpass("Confirm:");
if (!pw0) {
- char* pw1 = const_cast<char*>(password1.c_str());
- memset(pw1, 0, password1.size());
+ OPENSSL_cleanse(&password1.front(), password1.size());
return false;
}
bool isReady = false;
-
- if (!password1.compare(pw0)) {
+ if (password1.size() == strlen(pw0) &&
+ CRYPTO_memcmp(password1.data(), pw0, password1.size()) == 0) {
isReady = true;
password.swap(password1);
}
-
- char* pw1 = const_cast<char*>(password1.c_str());
- memset(pw1, 0, password1.size());
- memset(pw0, 0, strlen(pw0));
-
- if (password.empty())
- return false;
+ else {
+ OPENSSL_cleanse(&password1.front(), password1.size());
+ }
+ OPENSSL_cleanse(pw0, strlen(pw0));
return isReady;
#else