void destroy_ui_method(void) { if(ui_method) { UI_destroy_method(ui_method); ui_method = NULL; } }
static int load_tpm_certificate(struct openconnect_info *vpninfo) { ENGINE *e; EVP_PKEY *key; UI_METHOD *meth = NULL; int ret = 0; ENGINE_load_builtin_engines(); e = ENGINE_by_id("tpm"); if (!e) { vpn_progress(vpninfo, PRG_ERR, _("Can't load TPM engine.\n")); openconnect_report_ssl_errors(vpninfo); return -EINVAL; } if (!ENGINE_init(e) || !ENGINE_set_default_RSA(e) || !ENGINE_set_default_RAND(e)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to init TPM engine\n")); openconnect_report_ssl_errors(vpninfo); ENGINE_free(e); return -EINVAL; } if (vpninfo->cert_password) { if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->cert_password), vpninfo->cert_password, NULL, 0)) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TPM SRK password\n")); openconnect_report_ssl_errors(vpninfo); } vpninfo->cert_password = NULL; free(vpninfo->cert_password); } else { /* Provide our own UI method to handle the PIN callback. */ meth = create_openssl_ui(vpninfo); } key = ENGINE_load_private_key(e, vpninfo->sslkey, meth, NULL); if (meth) UI_destroy_method(meth); if (!key) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM private key\n")); openconnect_report_ssl_errors(vpninfo); ret = -EINVAL; goto out; } if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) { vpn_progress(vpninfo, PRG_ERR, _("Add key from TPM failed\n")); openconnect_report_ssl_errors(vpninfo); ret = -EINVAL; } EVP_PKEY_free(key); out: ENGINE_finish(e); ENGINE_free(e); return ret; }
int main(void) { char buffer1[64], buffer2[64]; UI_METHOD *ui_method; UI *ui; printf("Testing UI_UTIL_read_pw:\n"); if (UI_UTIL_read_pw(&buffer1[0], &buffer2[0], sizeof(buffer1) - 1, "Prompt", 1) == 0) printf("Password: \"%s\"\n", &buffer1[0]); else printf("Error getting password\n"); printf("Testing UI with default UI method:\n"); if((ui = UI_new()) != NULL) { TestUI(ui); UI_free(ui); } else printf("Couldn't setup method\n"); printf("Testing UI with UI method with wrappers:\n"); if((ui_method = UI_create_method((char *)"Test method")) != NULL) { if((ui = UI_new_method(ui_method)) != NULL) { UI_method_set_opener(ui_method, ui_open); UI_method_set_reader(ui_method, ui_read); UI_method_set_writer(ui_method, ui_write); UI_method_set_closer(ui_method, ui_close); TestUI(ui); UI_free(ui); } else printf("Couldn't setup method\n"); UI_destroy_method(ui_method); } else printf("Couldn't create method\n"); return(0); }
/* * Test wrapping old style PEM password callback in a UI method through the * use of UI utility functions */ static int test_old() { UI_METHOD *ui_method = NULL; UI *ui = NULL; char defpass[] = "password"; char pass[16]; int ok = 0; if ((ui_method = UI_UTIL_wrap_read_pem_callback(test_pem_password_cb, 0)) == NULL || (ui = UI_new_method(ui_method)) == NULL) goto err; /* The wrapper passes the UI userdata as the callback userdata param */ UI_add_user_data(ui, defpass); if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD, pass, 0, sizeof(pass) - 1)) goto err; switch (UI_process(ui)) { case -2: BIO_printf(bio_err, "test_old: UI process interrupted or cancelled\n"); /* fall through */ case -1: goto err; default: break; } if (strcmp(pass, defpass) == 0) ok = 1; else BIO_printf(bio_err, "test_old: password failure\n"); err: if (!ok) ERR_print_errors_fp(stderr); UI_free(ui); UI_destroy_method(ui_method); return ok; }
/* * Test wrapping old style PEM password callback in a UI method through the * use of UI utility functions */ static int test_old(void) { UI_METHOD *ui_method = NULL; UI *ui = NULL; char defpass[] = "password"; char pass[16]; int ok = 0; if (!TEST_ptr(ui_method = UI_UTIL_wrap_read_pem_callback( test_pem_password_cb, 0)) || !TEST_ptr(ui = UI_new_method(ui_method))) goto err; /* The wrapper passes the UI userdata as the callback userdata param */ UI_add_user_data(ui, defpass); if (!UI_add_input_string(ui, "prompt", UI_INPUT_FLAG_DEFAULT_PWD, pass, 0, sizeof(pass) - 1)) goto err; switch (UI_process(ui)) { case -2: TEST_info("test_old: UI process interrupted or cancelled"); /* fall through */ case -1: goto err; default: break; } if (TEST_str_eq(pass, defpass)) ok = 1; err: UI_free(ui); UI_destroy_method(ui_method); return ok; }
UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag) { struct pem_password_cb_data *data = NULL; UI_METHOD *ui_method = NULL; if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL || (ui_method = UI_create_method("PEM password callback wrapper")) == NULL || UI_method_set_opener(ui_method, ui_open) < 0 || UI_method_set_reader(ui_method, ui_read) < 0 || UI_method_set_writer(ui_method, ui_write) < 0 || UI_method_set_closer(ui_method, ui_close) < 0 || !RUN_ONCE(&get_index_once, ui_method_data_index_init) || UI_method_set_ex_data(ui_method, ui_method_data_index, data) < 0) { UI_destroy_method(ui_method); OPENSSL_free(data); return NULL; } data->rwflag = rwflag; data->cb = cb; return ui_method; }