void destroy_ui_method(void)
{
if(ui_method)
{
UI_destroy_method(ui_method);
ui_method = NULL;
}
}
static int load_tpm_certificate(struct openconnect_info *vpninfo)
{
ENGINE *e;
EVP_PKEY *key;
UI_METHOD *meth = NULL;
int ret = 0;
ENGINE_load_builtin_engines();
e = ENGINE_by_id("tpm");
if (!e) {
vpn_progress(vpninfo, PRG_ERR, _("Can't load TPM engine.\n"));
openconnect_report_ssl_errors(vpninfo);
return -EINVAL;
}
if (!ENGINE_init(e) || !ENGINE_set_default_RSA(e) ||
!ENGINE_set_default_RAND(e)) {
vpn_progress(vpninfo, PRG_ERR, _("Failed to init TPM engine\n"));
openconnect_report_ssl_errors(vpninfo);
ENGINE_free(e);
return -EINVAL;
}
if (vpninfo->cert_password) {
if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->cert_password),
vpninfo->cert_password, NULL, 0)) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set TPM SRK password\n"));
openconnect_report_ssl_errors(vpninfo);
}
vpninfo->cert_password = NULL;
free(vpninfo->cert_password);
} else {
/* Provide our own UI method to handle the PIN callback. */
meth = create_openssl_ui(vpninfo);
}
key = ENGINE_load_private_key(e, vpninfo->sslkey, meth, NULL);
if (meth)
UI_destroy_method(meth);
if (!key) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM private key\n"));
openconnect_report_ssl_errors(vpninfo);
ret = -EINVAL;
goto out;
}
if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) {
vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n"));
openconnect_report_ssl_errors(vpninfo);
ret = -EINVAL;
}
EVP_PKEY_free(key);
out:
ENGINE_finish(e);
ENGINE_free(e);
return ret;
}
int main(void)
{
char buffer1[64], buffer2[64];
UI_METHOD *ui_method;
UI *ui;
printf("Testing UI_UTIL_read_pw:\n");
if (UI_UTIL_read_pw(&buffer1[0], &buffer2[0], sizeof(buffer1) - 1, "Prompt", 1) == 0)
printf("Password: \"%s\"\n", &buffer1[0]);
else
printf("Error getting password\n");
printf("Testing UI with default UI method:\n");
if((ui = UI_new()) != NULL)
{
TestUI(ui);
UI_free(ui);
}
else
printf("Couldn't setup method\n");
printf("Testing UI with UI method with wrappers:\n");
if((ui_method = UI_create_method((char *)"Test method")) != NULL)
{
if((ui = UI_new_method(ui_method)) != NULL)
{
UI_method_set_opener(ui_method, ui_open);
UI_method_set_reader(ui_method, ui_read);
UI_method_set_writer(ui_method, ui_write);
UI_method_set_closer(ui_method, ui_close);
TestUI(ui);
UI_free(ui);
}
else
printf("Couldn't setup method\n");
UI_destroy_method(ui_method);
}
else
printf("Couldn't create method\n");
return(0);
}
/*
* Test wrapping old style PEM password callback in a UI method through the
* use of UI utility functions
*/
static int test_old()
{
UI_METHOD *ui_method = NULL;
UI *ui = NULL;
char defpass[] = "password";
char pass[16];
int ok = 0;
if ((ui_method =
UI_UTIL_wrap_read_pem_callback(test_pem_password_cb, 0)) == NULL
|| (ui = UI_new_method(ui_method)) == NULL)
goto err;
/* The wrapper passes the UI userdata as the callback userdata param */
UI_add_user_data(ui, defpass);
if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD,
pass, 0, sizeof(pass) - 1))
goto err;
switch (UI_process(ui)) {
case -2:
BIO_printf(bio_err, "test_old: UI process interrupted or cancelled\n");
/* fall through */
case -1:
goto err;
default:
break;
}
if (strcmp(pass, defpass) == 0)
ok = 1;
else
BIO_printf(bio_err, "test_old: password failure\n");
err:
if (!ok)
ERR_print_errors_fp(stderr);
UI_free(ui);
UI_destroy_method(ui_method);
return ok;
}
/*
* Test wrapping old style PEM password callback in a UI method through the
* use of UI utility functions
*/
static int test_old(void)
{
UI_METHOD *ui_method = NULL;
UI *ui = NULL;
char defpass[] = "password";
char pass[16];
int ok = 0;
if (!TEST_ptr(ui_method =
UI_UTIL_wrap_read_pem_callback( test_pem_password_cb, 0))
|| !TEST_ptr(ui = UI_new_method(ui_method)))
goto err;
/* The wrapper passes the UI userdata as the callback userdata param */
UI_add_user_data(ui, defpass);
if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD,
pass, 0, sizeof(pass) - 1))
goto err;
switch (UI_process(ui)) {
case -2:
TEST_info("test_old: UI process interrupted or cancelled");
/* fall through */
case -1:
goto err;
default:
break;
}
if (TEST_str_eq(pass, defpass))
ok = 1;
err:
UI_free(ui);
UI_destroy_method(ui_method);
return ok;
}
UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag)
{
struct pem_password_cb_data *data = NULL;
UI_METHOD *ui_method = NULL;
if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
|| (ui_method = UI_create_method("PEM password callback wrapper")) == NULL
|| UI_method_set_opener(ui_method, ui_open) < 0
|| UI_method_set_reader(ui_method, ui_read) < 0
|| UI_method_set_writer(ui_method, ui_write) < 0
|| UI_method_set_closer(ui_method, ui_close) < 0
|| !RUN_ONCE(&get_index_once, ui_method_data_index_init)
|| UI_method_set_ex_data(ui_method, ui_method_data_index, data) < 0) {
UI_destroy_method(ui_method);
OPENSSL_free(data);
return NULL;
}
data->rwflag = rwflag;
data->cb = cb;
return ui_method;
}
