Add support for ENGINE supplied SSL client auth.

diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
index f7c382c37ecc614387a6f5d59167896d2c0612da..451ef8feb820dc36132b9f2d8286419706a1da09 100644 (file)
--- a/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
@@ -180,6 +180,8 @@ struct engine_st
        ENGINE_LOAD_KEY_PTR load_privkey;
        ENGINE_LOAD_KEY_PTR load_pubkey;
 
+       ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+
        const ENGINE_CMD_DEFN *cmd_defns;
        int flags;
        /* reference count on the structure itself */

diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c
index bc8b21abec5a6225faeb7f9df1d2baa9edd6386a..9b5169c46e1d9d309eaa0037a644d52df4aac017 100644 (file)
--- a/crypto/engine/eng_pkey.c
+++ b/crypto/engine/eng_pkey.c
@@ -69,6 +69,13 @@ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
        return 1;
        }
 
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                               ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
+       {
+       e->load_ssl_client_cert = loadssl_f;
+       return 1;
+       }
+
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
        {
        return e->load_privkey;
@@ -79,6 +86,11 @@ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
        return e->load_pubkey;
        }
 
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
+       {
+       return e->load_ssl_client_cert;
+       }
+
 /* API functions to load public/private keys */
 
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
@@ -152,3 +164,34 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
                }
        return pkey;
        }
+
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+       UI_METHOD *ui_method, void *callback_data)
+       {
+       int ret;
+
+       if(e == NULL)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                       ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+       if(e->funct_ref == 0)
+               {
+               CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                       ENGINE_R_NOT_INITIALISED);
+               return 0;
+               }
+       CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+       if (!e->load_ssl_client_cert)
+               {
+               ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                       ENGINE_R_NO_LOAD_FUNCTION);
+               return 0;
+               }
+       return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey,
+                                       ui_method, callback_data);
+       }

diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
index 8dfc4561d1ca0c2ce3315eb235bbeccc33d8a950..3a729020ce02d68661fbd0bb755d83460601f53b 100644 (file)
--- a/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
@@ -280,6 +280,9 @@ typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void)
 /* Generic load_key function pointer */
 typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
        UI_METHOD *ui_method, void *callback_data);
+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
+       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
+       UI_METHOD *ui_method, void *callback_data);
 /* These callback types are for an ENGINE's handler for cipher and digest logic.
  * These handlers have these prototypes;
  *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
@@ -476,6 +479,8 @@ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
 int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
 int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                               ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
 int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
@@ -513,6 +518,7 @@ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
 ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
@@ -556,6 +562,9 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
        UI_METHOD *ui_method, void *callback_data);
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+       STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
+       UI_METHOD *ui_method, void *callback_data);
 
 /* This returns a pointer for the current ENGINE structure that
  * is (by default) performing any RSA operations. The value returned

diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h
index 0acc34dbff3540a7fa53f21a8c0b5d666c037746..b8f4a9d665f806098ee47e95c9b6037061108eef 100644 (file)
--- a/crypto/ossl_typ.h
+++ b/crypto/ossl_typ.h
@@ -165,6 +165,8 @@ typedef struct ui_method_st UI_METHOD;
 typedef struct st_ERR_FNS ERR_FNS;
 
 typedef struct engine_st ENGINE;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
 
 typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
 typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;