|
On 26/01/21 05:28, George wrote:
Hi,
I'm trying to get OpenSSL 1.0.2u with the FIPS Object Module
2.0.16 in Windows 10 to prompt the user for a smart card's PIN
number every time the application is launched. However, I cannot
seem to get it to work. My UI_METHOD callback functions are not
being invoked.
I'm using the following code as a reference:
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c
I tried the following:
UI_METHOD* transfer_pin =
UI_create_method("transfer_pin");
int writer (UI *ui, UI_STRING *uis)
{
PW_CB_DATA* cb_data = (PW_CB_DATA*)UI_get0_user_data(ui);
UI_set_result(ui, uis, cb_data->password);
return 1;
};
int stub (UI* ui) {return 1;};
int stub_reader (UI *ui, UI_STRING *uis) {return 1;};
UI_method_set_writer(transfer_pin, writer);
UI_method_set_opener(transfer_pin, stub);
UI_method_set_closer(transfer_pin, stub);
UI_method_set_flusher(transfer_pin, stub);
UI_method_set_reader(transfer_pin, stub_reader);
pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier,
transfer_pin, &cb_data);
However, none of the callback functions "writer", "stub", or
"stub_reader" actually get called. Do I need to do anything else
to enable this functionality? I would like to force the user to
enter PIN number every time.
this depends on how openssl for windows was built ; some non-UNIX
builds set the flag OPENSSL_NO_UI_CONSOLE (or possibly
OPENSSL_NO_UI) in which case all UI_methods are effectively
disabled. If this flag is set for your build then you will have to
rebuild OpenSSL.
Apart from that, that code snippet above is not the cleanest code I
have ever written - some C/C++ compilers do not like functions
defined insides an "if { } " block; you might have to take the
function "int writer { } " outside of the "if { } " block.
HTH,
JJK
|
