tools: Disable unnecessary confirmation during ndnsec-import

Change-Id: I75113483a343bbe06cf0af85a08695b0a9ae9aeb
Refs: #3644
diff --git a/tools/ndnsec/import.cpp b/tools/ndnsec/import.cpp
index 4bb9b63..4137324 100644
--- a/tools/ndnsec/import.cpp
+++ b/tools/ndnsec/import.cpp
@@ -1,5 +1,5 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
  * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -68,7 +68,7 @@
       safeBag = io::load<security::SafeBag>(input);
 
     int count = 3;
-    while (!getPassword(importPassword, "Passphrase for the private key: ")) {
+    while (!getPassword(importPassword, "Passphrase for the private key: ", false)) {
       count--;
       if (count <= 0) {
         std::cerr << "ERROR: Fail to get password" << std::endl;
diff --git a/tools/ndnsec/util.cpp b/tools/ndnsec/util.cpp
index 52657f7..6a34f53 100644
--- a/tools/ndnsec/util.cpp
+++ b/tools/ndnsec/util.cpp
@@ -1,5 +1,5 @@
 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
+/*
  * Copyright (c) 2013-2017 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
@@ -21,6 +21,8 @@
 
 #include "util.hpp"
 
+#include "security/detail/openssl.hpp"
+
 namespace ndn {
 namespace ndnsec {
 
@@ -28,38 +30,34 @@
 getPassword(std::string& password, const std::string& prompt, bool shouldConfirm)
 {
 #ifdef NDN_CXX_HAVE_GETPASS
-  char* pw0 = nullptr;
-
-  pw0 = getpass(prompt.c_str());
-  if (!pw0)
+  char* pw0 = getpass(prompt.c_str());
+  if (!pw0 || strlen(pw0) == 0) {
     return false;
+  }
   std::string password1 = pw0;
-  memset(pw0, 0, strlen(pw0));
+  OPENSSL_cleanse(pw0, strlen(pw0));
 
   if (!shouldConfirm) {
+    password.swap(password1);
     return true;
   }
 
   pw0 = getpass("Confirm:");
   if (!pw0) {
-    char* pw1 = const_cast<char*>(password1.c_str());
-    memset(pw1, 0, password1.size());
+    OPENSSL_cleanse(&password1.front(), password1.size());
     return false;
   }
 
   bool isReady = false;
-
-  if (!password1.compare(pw0)) {
+  if (password1.size() == strlen(pw0) &&
+      CRYPTO_memcmp(password1.data(), pw0, password1.size()) == 0) {
     isReady = true;
     password.swap(password1);
   }
-
-  char* pw1 = const_cast<char*>(password1.c_str());
-  memset(pw1, 0, password1.size());
-  memset(pw0, 0, strlen(pw0));
-
-  if (password.empty())
-    return false;
+  else {
+    OPENSSL_cleanse(&password1.front(), password1.size());
+  }
+  OPENSSL_cleanse(pw0, strlen(pw0));
 
   return isReady;
 #else