generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backport ssl client auth ENGINE support to 0.9.8.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2008-06-04 18:01:40 +00:00
parent a865b2c320
commit aa03989791
7 changed files with 62 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/engine/eng_all.c
View File

@ -107,9 +107,9 @@ void ENGINE_load_builtin_engines(void)
#if defined(__OpenBSD__) || defined(__FreeBSD__) #if defined(__OpenBSD__) || defined(__FreeBSD__)
ENGINE_load_cryptodev(); ENGINE_load_cryptodev();
#endif #endif
#endif
#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) #if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
ENGINE_load_capi(); ENGINE_load_capi();
#endif
#endif #endif
} }

3
crypto/engine/eng_err.c
View File

@ -1,6 +1,6 @@
/* crypto/engine/eng_err.c */ /* crypto/engine/eng_err.c */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -92,6 +92,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"}, {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"}, {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"}, {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"},
{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"}, {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"}, {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"}, {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},

2
crypto/engine/eng_int.h
View File

@ -170,6 +170,8 @@ struct engine_st
ENGINE_LOAD_KEY_PTR load_privkey; ENGINE_LOAD_KEY_PTR load_privkey;
ENGINE_LOAD_KEY_PTR load_pubkey; ENGINE_LOAD_KEY_PTR load_pubkey;
ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
const ENGINE_CMD_DEFN *cmd_defns; const ENGINE_CMD_DEFN *cmd_defns;
int flags; int flags;
/* reference count on the structure itself */ /* reference count on the structure itself */

42
crypto/engine/eng_pkey.c
View File

@ -69,6 +69,13 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
return 1; return 1;
} }
int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
{
e->load_ssl_client_cert = loadssl_f;
return 1;
}
ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
{ {
return e->load_privkey; return e->load_privkey;
@ -79,6 +86,11 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
return e->load_pubkey; return e->load_pubkey;
} }
ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
{
return e->load_ssl_client_cert;
}
/* API functions to load public/private keys */ /* API functions to load public/private keys */
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
@ -152,3 +164,33 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
} }
return pkey; return pkey;
} }
int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
{
if(e == NULL)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(e->funct_ref == 0)
{
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
ENGINE_R_NOT_INITIALISED);
return 0;
}
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
if (!e->load_ssl_client_cert)
{
ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
ENGINE_R_NO_LOAD_FUNCTION);
return 0;
}
return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
ui_method, callback_data);
}

13
crypto/engine/engine.h
View File

@ -93,6 +93,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#endif #endif
#include <openssl/x509.h>
#include <openssl/ossl_typ.h> #include <openssl/ossl_typ.h>
#include <openssl/symhacks.h> #include <openssl/symhacks.h>
@ -278,6 +280,9 @@ typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)
/* Generic load_key function pointer */ /* Generic load_key function pointer */
typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
UI_METHOD *ui_method, void *callback_data); UI_METHOD *ui_method, void *callback_data);
typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
/* These callback types are for an ENGINE's handler for cipher and digest logic. /* These callback types are for an ENGINE's handler for cipher and digest logic.
* These handlers have these prototypes; * These handlers have these prototypes;
* int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
@ -462,6 +467,8 @@ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_flags(ENGINE *e, int flags);
@ -497,6 +504,7 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
@ -532,6 +540,10 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data); UI_METHOD *ui_method, void *callback_data);
EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data); UI_METHOD *ui_method, void *callback_data);
int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
STACK_OF(X509) **pother,
UI_METHOD *ui_method, void *callback_data);
/* This returns a pointer for the current ENGINE structure that /* This returns a pointer for the current ENGINE structure that
* is (by default) performing any RSA operations. The value returned * is (by default) performing any RSA operations. The value returned
@ -726,6 +738,7 @@ void ERR_load_ENGINE_strings(void);
#define ENGINE_F_ENGINE_LIST_REMOVE 121 #define ENGINE_F_ENGINE_LIST_REMOVE 121
#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192
#define ENGINE_F_ENGINE_NEW 122 #define ENGINE_F_ENGINE_NEW 122
#define ENGINE_F_ENGINE_REMOVE 123 #define ENGINE_F_ENGINE_REMOVE 123
#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189

2
crypto/ossl_typ.h
View File

@ -140,6 +140,8 @@ typedef struct X509_crl_st X509_CRL;
typedef struct X509_name_st X509_NAME; typedef struct X509_name_st X509_NAME;
typedef struct x509_store_st X509_STORE; typedef struct x509_store_st X509_STORE;
typedef struct x509_store_ctx_st X509_STORE_CTX; typedef struct x509_store_ctx_st X509_STORE_CTX;
typedef struct ssl_st SSL;
typedef struct ssl_ctx_st SSL_CTX;
typedef struct v3_ext_ctx X509V3_CTX; typedef struct v3_ext_ctx X509V3_CTX;
typedef struct conf_st CONF; typedef struct conf_st CONF;

3
ssl/ssl.h
View File

@ -361,9 +361,6 @@ typedef struct ssl_cipher_st
DECLARE_STACK_OF(SSL_CIPHER) DECLARE_STACK_OF(SSL_CIPHER)
typedef struct ssl_st SSL;
typedef struct ssl_ctx_st SSL_CTX;
/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
typedef struct ssl_method_st typedef struct ssl_method_st
{ {