1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
#include <string.h>
#include <openssl/engine.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
static char *engine_id = "testengine";
static char *engine_name = "Engine for testing openvpn engine key support";
static int is_initialized = 0;
static int
engine_init(ENGINE *e)
{
is_initialized = 1;
fprintf(stderr, "ENGINE: engine_init called\n");
return 1;
}
static int
engine_finish(ENGINE *e)
{
fprintf(stderr, "ENGINE: engine_finsh called\n");
is_initialized = 0;
return 1;
}
static EVP_PKEY *
engine_load_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *cb_data)
{
BIO *b;
EVP_PKEY *pkey;
PKCS8_PRIV_KEY_INFO *p8inf;
UI *ui;
char auth[256];
fprintf(stderr, "ENGINE: engine_load_key called\n");
if (!is_initialized)
{
fprintf(stderr, "Load Key called without correct initialization\n");
return NULL;
}
b = BIO_new_file(key_id, "r");
if (!b)
{
fprintf(stderr, "File %s does not exist or cannot be read\n", key_id);
return 0;
}
/* Basically read an EVP_PKEY private key file with different
* PEM guards --- we are a test engine */
p8inf = PEM_ASN1_read_bio((d2i_of_void *)d2i_PKCS8_PRIV_KEY_INFO,
"TEST ENGINE KEY", b,
NULL, NULL, NULL);
BIO_free(b);
if (!p8inf)
{
fprintf(stderr, "Failed to read engine private key\n");
return NULL;
}
pkey = EVP_PKCS82PKEY(p8inf);
/* now we have a private key, pretend it had a password
* this verifies the password makes it through openvpn OK */
ui = UI_new();
if (ui_method)
{
UI_set_method(ui, ui_method);
}
UI_add_user_data(ui, cb_data);
if (UI_add_input_string(ui, "enter test engine key",
UI_INPUT_FLAG_DEFAULT_PWD,
auth, 0, sizeof(auth)) == 0)
{
fprintf(stderr, "UI_add_input_string failed\n");
goto out;
}
if (UI_process(ui))
{
fprintf(stderr, "UI_process failed\n");
goto out;
}
fprintf(stderr, "ENGINE: engine_load_key got password %s\n", auth);
out:
UI_free(ui);
return pkey;
}
static int
engine_bind_fn(ENGINE *e, const char *id)
{
if (id && strcmp(id, engine_id) != 0)
{
return 0;
}
if (!ENGINE_set_id(e, engine_id)
|| !ENGINE_set_name(e, engine_name)
|| !ENGINE_set_init_function(e, engine_init)
|| !ENGINE_set_finish_function(e, engine_finish)
|| !ENGINE_set_load_privkey_function(e, engine_load_key))
{
return 0;
}
return 1;
}
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(engine_bind_fn)
|
