UI_METHOD functions not being invoked for smart card

George whippet0 at gmail.com
Wed Jan 27 03:57:48 UTC 2021 

Hi,

   I looked for "NO_UI" in the source code but did not find any 
references to it. I'll take a closer look and see if I can find some 
other flag, which disables the UI_METHOD function calls.

By the way, I found your code for this in eap-tls.c very helpful and 
easy to follow. :)  I did have to make minor modifications for it to 
compile with the Visual Studio C++ compiler, though.

Thanks,
George



On 2021-01-26 4:29 a.m., Jan Just Keijser wrote:
> On 26/01/21 05:28, George wrote:
>> Hi,
>>
>>     I'm trying to get OpenSSL 1.0.2u with the FIPS Object Module 
>> 2.0.16  in Windows 10 to prompt the user for a smart card's PIN 
>> number every time the application is launched. However, I cannot seem 
>> to get it to work. My UI_METHOD callback functions are not being invoked.
>>
>> I'm using the following code as a reference:
>> https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c
>>
>> I tried the following:
>>
>>     UI_METHOD* transfer_pin = UI_create_method("transfer_pin");
>>
>>     int writer (UI *ui, UI_STRING *uis)
>>     {
>>         PW_CB_DATA* cb_data = (PW_CB_DATA*)UI_get0_user_data(ui);
>>         UI_set_result(ui, uis, cb_data->password);
>>         return 1;
>>     };
>>     int stub (UI* ui) {return 1;};
>>     int stub_reader (UI *ui, UI_STRING *uis) {return 1;};
>>
>>     UI_method_set_writer(transfer_pin,  writer);
>>     UI_method_set_opener(transfer_pin,  stub);
>>     UI_method_set_closer(transfer_pin,  stub);
>>     UI_method_set_flusher(transfer_pin, stub);
>>     UI_method_set_reader(transfer_pin,  stub_reader);
>>
>>     pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier,
>>     transfer_pin, &cb_data);
>>
>>
>>
>> However, none of the callback functions "writer", "stub", or 
>> "stub_reader" actually get called. Do I need to do anything else to 
>> enable this functionality?  I would like to force the user to enter 
>> PIN number every time.
>>
>
> this depends on how openssl for windows was built ; some non-UNIX 
> builds set the flag OPENSSL_NO_UI_CONSOLE  (or possibly OPENSSL_NO_UI) 
> in which case all UI_methods are effectively disabled. If this flag is 
> set for your build then you will have to rebuild OpenSSL.
>
> Apart from that, that code snippet above is not the cleanest code I 
> have ever written  - some C/C++ compilers do not like functions 
> defined insides an  "if { } " block; you might have to take the 
> function "int writer { } " outside of the "if { } " block.
>
> HTH,
>
> JJK
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210126/b3de8d50/attachment.html>

More information about the openssl-users mailing list