import openssl-0.9.8j

author: djm <> 2009-01-09 12:14:11 +0000
committer: djm <> 2009-01-09 12:14:11 +0000
commit: a0fdc9ec41594852f67ec77dfad9cb06bacc4186 (patch)
tree: c43f6b3a4d93ad2cb3dcf93275295679d895a033 /src/lib/libcrypto/engine
parent: 5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (diff)
download: openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.gz
openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.bz2
openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.zip
7 files changed, 77 insertions, 4 deletions
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 8599046717..d29cd57dc2 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -107,6 +107,9 @@ void ENGINE_load_builtin_engines(void)
 #if defined(__OpenBSD__) || defined(__FreeBSD__)
        ENGINE_load_cryptodev();
 #endif
+#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+        ENGINE_load_capi();
+#endif
 #endif
        }
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
index a97e01e619..08066cea59 100644
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -1,5 +1,5 @@
 /* eng_cnf.c */
-/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
 /* ====================================================================
@@ -98,6 +98,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
        CONF_VALUE *ecmd;
        char *ctrlname, *ctrlvalue;
        ENGINE *e = NULL;
+        int soft = 0;
        name = skip_dot(name);
 #ifdef ENGINE_CONF_DEBUG
        fprintf(stderr, "Configuring engine %s\n", name);
@@ -125,6 +127,8 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                /* Override engine name to use */
                if (!strcmp(ctrlname, "engine_id"))
                        name = ctrlvalue;
+                else if (!strcmp(ctrlname, "soft_load"))
+                        soft = 1;
                /* Load a dynamic ENGINE */
                else if (!strcmp(ctrlname, "dynamic_path"))
                        {
@@ -147,6 +151,11 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf)
                        if (!e)
                                {
                                e = ENGINE_by_id(name);
+                                if (!e && soft)
+                                        {
+                                        ERR_clear_error();
+                                        return 1;
+                                        }
                                if (!e)
                                        return 0;
                                }
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
index 369f2e22d3..574ffbb5c0 100644
--- a/src/lib/libcrypto/engine/eng_err.c
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -1,6 +1,6 @@
 /* crypto/engine/eng_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -92,6 +92,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
 {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),    "ENGINE_load_private_key"},
 {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),     "ENGINE_load_public_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),        "ENGINE_load_ssl_client_cert"},
 {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
 {ERR_FUNC(ENGINE_F_ENGINE_REMOVE),      "ENGINE_remove"},
 {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),  "ENGINE_set_default_string"},
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
index a5b1edebf4..a66f107a44 100644
--- a/src/lib/libcrypto/engine/eng_int.h
+++ b/src/lib/libcrypto/engine/eng_int.h
@@ -170,6 +170,8 @@ struct engine_st
        ENGINE_LOAD_KEY_PTR load_privkey;
        ENGINE_LOAD_KEY_PTR load_pubkey;
+        ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
        const ENGINE_CMD_DEFN *cmd_defns;
        int flags;
        /* reference count on the structure itself */
diff --git a/src/lib/libcrypto/engine/eng_padlock.c b/src/lib/libcrypto/engine/eng_padlock.c
index 1ba9d85db4..743558ab33 100644
--- a/src/lib/libcrypto/engine/eng_padlock.c
+++ b/src/lib/libcrypto/engine/eng_padlock.c
@@ -234,8 +234,8 @@ padlock_bind_fn(ENGINE *e, const char *id)
        return 1;
 }
-IMPLEMENT_DYNAMIC_CHECK_FN ();
+IMPLEMENT_DYNAMIC_CHECK_FN ()
-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn);
+IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
 #endif /* DYNAMIC_ENGINE */
 /* ===== Here comes the "real" engine ===== */
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
index bc8b21abec..1dfa2e3664 100644
--- a/src/lib/libcrypto/engine/eng_pkey.c
+++ b/src/lib/libcrypto/engine/eng_pkey.c
@@ -69,6 +69,13 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
        return 1;
        }
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                                ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
+        {
+        e->load_ssl_client_cert = loadssl_f;
+        return 1;
+        }
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
        {
        return e->load_privkey;
@@ -79,6 +86,11 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
        return e->load_pubkey;
        }
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
+        {
+        return e->load_ssl_client_cert;
+        }
 /* API functions to load public/private keys */
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
@@ -152,3 +164,33 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
                }
        return pkey;
        }
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+        STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+        STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
+        {
+        if(e == NULL)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if(e->funct_ref == 0)
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                        ENGINE_R_NOT_INITIALISED);
+                return 0;
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        if (!e->load_ssl_client_cert)
+                {
+                ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                        ENGINE_R_NO_LOAD_FUNCTION);
+                return 0;
+                }
+        return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
+                                        ui_method, callback_data);
+        }
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index 3ec59338ff..f503595ece 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -93,6 +93,8 @@
 #include <openssl/err.h>
 #endif
+#include <openssl/x509.h>
 #include <openssl/ossl_typ.h>
 #include <openssl/symhacks.h>
@@ -278,6 +280,9 @@ typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)
 /* Generic load_key function pointer */
 typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
        UI_METHOD *ui_method, void *callback_data);
+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
+        STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+        STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
 /* These callback types are for an ENGINE's handler for cipher and digest logic.
 * These handlers have these prototypes;
 *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
@@ -334,6 +339,9 @@ void ENGINE_load_ubsec(void);
 void ENGINE_load_cryptodev(void);
 void ENGINE_load_padlock(void);
 void ENGINE_load_builtin_engines(void);
+#ifndef OPENSSL_NO_CAPIENG
+void ENGINE_load_capi(void);
+#endif
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
 * "registry" handling. */
@@ -459,6 +467,8 @@ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
 int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
 int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                                ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
 int ENGINE_set_flags(ENGINE *e, int flags);
@@ -494,6 +504,7 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
@@ -529,6 +540,10 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+        STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+        STACK_OF(X509) **pother,
+        UI_METHOD *ui_method, void *callback_data);
 /* This returns a pointer for the current ENGINE structure that
 * is (by default) performing any RSA operations. The value returned
@@ -723,6 +738,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_LIST_REMOVE                      121
 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             192
 #define ENGINE_F_ENGINE_NEW                              122
 #define ENGINE_F_ENGINE_REMOVE                           123
 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
author	djm <>	2009-01-09 12:14:11 +0000
committer	djm <>	2009-01-09 12:14:11 +0000
commit	a0fdc9ec41594852f67ec77dfad9cb06bacc4186 (patch)
tree	c43f6b3a4d93ad2cb3dcf93275295679d895a033 /src/lib/libcrypto/engine
parent	5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (diff)
download	openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.gz openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.bz2 openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.zip