generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Updates from stable branch.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2008-09-14 16:13:59 +00:00
parent 9b4e99ebd1
commit ef7c1a9490
6 changed files with 95 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
demos/engines/cluster_labs/hw_cluster_labs_err.h
View File

@ -55,6 +55,10 @@
#ifndef HEADER_CL_ERR_H #ifndef HEADER_CL_ERR_H
#define HEADER_CL_ERR_H #define HEADER_CL_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */ /* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes /* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run. * made after this point may be overwritten when the script is next run.

4
demos/engines/ibmca/hw_ibmca_err.h
View File

@ -55,6 +55,10 @@
#ifndef HEADER_IBMCA_ERR_H #ifndef HEADER_IBMCA_ERR_H
#define HEADER_IBMCA_ERR_H #define HEADER_IBMCA_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */ /* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes /* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run. * made after this point may be overwritten when the script is next run.

4
demos/engines/zencod/hw_zencod_err.h
View File

@ -55,6 +55,10 @@
#ifndef HEADER_ZENCOD_ERR_H #ifndef HEADER_ZENCOD_ERR_H
#define HEADER_ZENCOD_ERR_H #define HEADER_ZENCOD_ERR_H
#ifdef __cplusplus
extern "C" {
#endif
/* BEGIN ERROR CODES */ /* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes /* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run. * made after this point may be overwritten when the script is next run.

6
doc/ssl/SSL_read.pod
View File

@ -64,6 +64,11 @@ non-blocking socket, nothing is to be done, but select() can be used to check
for the required condition. When using a buffering BIO, like a BIO pair, data for the required condition. When using a buffering BIO, like a BIO pair, data
must be written into or retrieved out of the BIO before being able to continue. must be written into or retrieved out of the BIO before being able to continue.
L<SSL_pending(3)|SSL_pending(3)> can be used to find out whether there
are buffered bytes available for immediate retrieval. In this case
SSL_read() can be called without blocking or actually receiving new
data from the underlying socket.
=head1 WARNING =head1 WARNING
When an SSL_read() operation has to be repeated because of When an SSL_read() operation has to be repeated because of
@ -112,6 +117,7 @@ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)> L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
L<SSL_pending(3)|SSL_pending(3)>,
L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)> L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>

73
engines/e_capi.c
View File

@ -62,14 +62,30 @@
#ifdef OPENSSL_SYS_WIN32 #ifdef OPENSSL_SYS_WIN32
#ifndef OPENSSL_NO_CAPIENG #ifndef OPENSSL_NO_CAPIENG
#include <windows.h> #include <windows.h>
#ifndef _WIN32_WINNT
#define _WIN32_WINNT 0x0400
#endif
#include <wincrypt.h> #include <wincrypt.h>
#undef X509_EXTENSIONS #undef X509_EXTENSIONS
#undef X509_CERT_PAIR #undef X509_CERT_PAIR
/* Definitions which may be missing from earlier version of headers */
#ifndef CERT_STORE_OPEN_EXISTING_FLAG
#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
#endif
#ifndef CERT_STORE_CREATE_NEW_FLAG
#define CERT_STORE_CREATE_NEW_FLAG 0x00002000
#endif
#include <openssl/engine.h> #include <openssl/engine.h>
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/x509v3.h>
#include "e_capi_err.h" #include "e_capi_err.h"
#include "e_capi_err.c" #include "e_capi_err.c"
@ -141,6 +157,8 @@ struct CAPI_CTX_st {
/* Certificate store name to use */ /* Certificate store name to use */
LPTSTR storename; LPTSTR storename;
LPTSTR ssl_client_store; LPTSTR ssl_client_store;
/* System store flags */
DWORD store_flags;
/* Lookup string meanings in load_private_key */ /* Lookup string meanings in load_private_key */
/* Substring of subject: uses "storename" */ /* Substring of subject: uses "storename" */
@ -190,6 +208,7 @@ static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
#define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10) #define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10)
#define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11) #define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11)
#define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12) #define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12)
#define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13)
static const ENGINE_CMD_DEFN capi_cmd_defns[] = { static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
{CAPI_CMD_LIST_CERTS, {CAPI_CMD_LIST_CERTS,
@ -245,6 +264,10 @@ static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
"store_name", "store_name",
"certificate store name, default \"MY\"", "certificate store name, default \"MY\"",
ENGINE_CMD_FLAG_STRING}, ENGINE_CMD_FLAG_STRING},
{CAPI_CMD_STORE_FLAGS,
"store_flags",
"Certificate store flags: 1 = system store",
ENGINE_CMD_FLAG_NUMERIC},
{0, NULL, NULL, 0} {0, NULL, NULL, 0}
}; };
@ -291,6 +314,20 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
CAPI_trace(ctx, "Setting store name to %s\n", p); CAPI_trace(ctx, "Setting store name to %s\n", p);
break; break;
case CAPI_CMD_STORE_FLAGS:
if (i & 1)
{
ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
}
else
{
ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
}
CAPI_trace(ctx, "Setting flags to %d\n", i);
break;
case CAPI_CMD_DEBUG_LEVEL: case CAPI_CMD_DEBUG_LEVEL:
ctx->debug_level = (int)i; ctx->debug_level = (int)i;
CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level); CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
@ -1254,7 +1291,8 @@ HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
storename = "MY"; storename = "MY";
CAPI_trace(ctx, "Opening certificate store %s\n", storename); CAPI_trace(ctx, "Opening certificate store %s\n", storename);
hstore = CertOpenSystemStore(0, storename); hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
ctx->store_flags, storename);
if (!hstore) if (!hstore)
{ {
CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE); CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
@ -1371,7 +1409,7 @@ static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provnam
static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert) static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
{ {
CAPI_KEY *key; CAPI_KEY *key = NULL;
CRYPT_KEY_PROV_INFO *pinfo = NULL; CRYPT_KEY_PROV_INFO *pinfo = NULL;
char *provname = NULL, *contname = NULL; char *provname = NULL, *contname = NULL;
pinfo = capi_get_prov_info(ctx, cert); pinfo = capi_get_prov_info(ctx, cert);
@ -1380,8 +1418,7 @@ static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
provname = wide_to_asc(pinfo->pwszProvName); provname = wide_to_asc(pinfo->pwszProvName);
contname = wide_to_asc(pinfo->pwszContainerName); contname = wide_to_asc(pinfo->pwszContainerName);
if (!provname || !contname) if (!provname || !contname)
return 0; goto err;
key = capi_get_key(ctx, contname, provname, key = capi_get_key(ctx, contname, provname,
pinfo->dwProvType, pinfo->dwKeySpec); pinfo->dwProvType, pinfo->dwKeySpec);
@ -1454,6 +1491,9 @@ static CAPI_CTX *capi_ctx_new()
ctx->keytype = AT_KEYEXCHANGE; ctx->keytype = AT_KEYEXCHANGE;
ctx->storename = NULL; ctx->storename = NULL;
ctx->ssl_client_store = NULL; ctx->ssl_client_store = NULL;
ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
CERT_STORE_READONLY_FLAG |
CERT_SYSTEM_STORE_CURRENT_USER;
ctx->lookup_method = CAPI_LU_SUBSTR; ctx->lookup_method = CAPI_LU_SUBSTR;
ctx->debug_level = 0; ctx->debug_level = 0;
ctx->debug_file = NULL; ctx->debug_file = NULL;
@ -1562,11 +1602,15 @@ static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
CAPI_trace(ctx, "Can't Parse Certificate %d\n", i); CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
continue; continue;
} }
if (cert_issuer_match(ca_dn, x)) if (cert_issuer_match(ca_dn, x)
&& X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0))
{ {
key = capi_get_cert_key(ctx, cert); key = capi_get_cert_key(ctx, cert);
if (!key) if (!key)
{
X509_free(x);
continue; continue;
}
/* Match found: attach extra data to it so /* Match found: attach extra data to it so
* we can retrieve the key later. * we can retrieve the key later.
*/ */
@ -1641,8 +1685,14 @@ static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
* CryptUIDlgSelectCertificateFromStore() to produce a dialog box. * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
*/ */
#include <PrSht.h> /* Definitions which are in cryptuiapi.h but this is not present in older
#include <cryptuiapi.h> * versions of headers.
*/
#ifndef CRYPTUI_SELECT_LOCATION_COLUMN
#define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010
#define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004
#endif
#define dlg_title L"OpenSSL Application SSL Client Certificate Selection" #define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
#define dlg_prompt L"Select a certificate to use for authentication" #define dlg_prompt L"Select a certificate to use for authentication"
@ -1685,6 +1735,8 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
} }
} }
hwnd = GetForegroundWindow();
if (!hwnd)
hwnd = GetActiveWindow(); hwnd = GetActiveWindow();
if (!hwnd && ctx->getconswindow) if (!hwnd && ctx->getconswindow)
hwnd = ctx->getconswindow(); hwnd = ctx->getconswindow();
@ -1718,5 +1770,12 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
} }
#endif #endif
#endif
#else /* !WIN32 */
#include <openssl/engine.h>
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
IMPLEMENT_DYNAMIC_CHECK_FN()
#endif #endif
#endif #endif

15
engines/e_gmp.c
View File

@ -451,9 +451,13 @@ static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
} }
#endif #endif
#endif /* !OPENSSL_NO_GMP */
/* This stuff is needed if this ENGINE is being compiled into a self-contained /* This stuff is needed if this ENGINE is being compiled into a self-contained
* shared-library. */ * shared-library. */
#ifndef ENGINE_NO_DYNAMIC_SUPPORT #ifndef OPENSSL_NO_DYNAMIC_ENGINE
IMPLEMENT_DYNAMIC_CHECK_FN()
#ifndef OPENSSL_NO_GMP
static int bind_fn(ENGINE *e, const char *id) static int bind_fn(ENGINE *e, const char *id)
{ {
if(id && (strcmp(id, engine_e_gmp_id) != 0)) if(id && (strcmp(id, engine_e_gmp_id) != 0))
@ -462,10 +466,11 @@ static int bind_fn(ENGINE *e, const char *id)
return 0; return 0;
return 1; return 1;
} }
IMPLEMENT_DYNAMIC_CHECK_FN()
IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
#endif /* ENGINE_DYNAMIC_SUPPORT */ #else
OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
#endif
#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
#endif /* !OPENSSL_NO_GMP */
#endif /* !OPENSSL_NO_HW */ #endif /* !OPENSSL_NO_HW */