UI_METHOD functions not being invoked for smart card

Jan Just Keijser janjust at nikhef.nl
Tue Jan 26 09:29:58 UTC 2021 

On 26/01/21 05:28, George wrote:
> Hi,
>
>     I'm trying to get OpenSSL 1.0.2u with the FIPS Object Module 
> 2.0.16  in Windows 10 to prompt the user for a smart card's PIN number 
> every time the application is launched. However, I cannot seem to get 
> it to work. My UI_METHOD callback functions are not being invoked.
>
> I'm using the following code as a reference:
> https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c
>
> I tried the following:
>
>     UI_METHOD* transfer_pin = UI_create_method("transfer_pin");
>
>     int writer (UI *ui, UI_STRING *uis)
>     {
>         PW_CB_DATA* cb_data = (PW_CB_DATA*)UI_get0_user_data(ui);
>         UI_set_result(ui, uis, cb_data->password);
>         return 1;
>     };
>     int stub (UI* ui) {return 1;};
>     int stub_reader (UI *ui, UI_STRING *uis) {return 1;};
>
>     UI_method_set_writer(transfer_pin,  writer);
>     UI_method_set_opener(transfer_pin,  stub);
>     UI_method_set_closer(transfer_pin,  stub);
>     UI_method_set_flusher(transfer_pin, stub);
>     UI_method_set_reader(transfer_pin,  stub_reader);
>
>     pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier,
>     transfer_pin, &cb_data);
>
>
>
> However, none of the callback functions "writer", "stub", or 
> "stub_reader" actually get called. Do I need to do anything else to 
> enable this functionality?  I would like to force the user to enter 
> PIN number every time.
>

this depends on how openssl for windows was built ; some non-UNIX builds 
set the flag OPENSSL_NO_UI_CONSOLE  (or possibly OPENSSL_NO_UI) in which 
case all UI_methods are effectively disabled. If this flag is set for 
your build then you will have to rebuild OpenSSL.

Apart from that, that code snippet above is not the cleanest code I have 
ever written  - some C/C++ compilers do not like functions defined 
insides an  "if { } " block; you might have to take the function "int 
writer { } " outside of the "if { } " block.

HTH,

JJK


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210126/5c50e19c/attachment.html>

More information about the openssl-users mailing list