From e1861cb6811f7bac405ece204407ca46c000a453 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= Date: Sun, 1 Jan 2017 19:35:39 +0100 Subject: [PATCH] Added support for OpenSSL 1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some KOpenSSLProxy methods have been renamed to be consistent with OpenSSL 1.1 API names and to prevent hidden API changes. To ensure API / ABI compatibility, the original methods are still included but have been marked as deprecated. + SSLv23_client_method => TLS_client_method + X509_STORE_CTX_set_chain => X509_STORE_CTX_set0_untrusted + sk_dup => OPENSSL_sk_dup + sk_free => OPENSSL_sk_free + sk_new => OPENSSL_sk_new + sk_num => OPENSSL_sk_num + sk_pop => OPENSSL_sk_pop + sk_push => OPENSSL_sk_push + sk_value => OPENSSL_sk_value Additional methods have been added to KOpenSSLProxy to support the new OpenSSL 1.1 API functions that provide access to the (now) opaque SSL structures. Compatibility with OpenSSL < 1.1 is handled internally in KOpenSSLProxy. + BIO_get_data + DSA_get0_key + DSA_get0_pqg + EVP_PKEY_base_id + EVP_PKEY_get0_DSA + EVP_PKEY_get0_RSA + RSA_get0_key + X509_CRL_get0_lastUpdate + X509_CRL_get0_nextUpdate + X509_OBJECT_get0_X509 + X509_OBJECT_get_type + X509_STORE_CTX_get_current_cert + X509_STORE_CTX_get_error + X509_STORE_CTX_get_error_depth + X509_STORE_CTX_set_error + X509_STORE_get0_objects + X509_STORE_set_verify_cb + X509_get0_signature + X509_getm_notAfter + X509_getm_notBefore + X509_subject_name_cmp + _SSL_session_reused + _SSL_set_options Method "KSSL::setSession" has been renamed to "KSSL::takeSession" and its functionality has changed: the session is now transferred from the argument object to the invoked object. Since it is only used internally in TDE and the functionality is different, the method with the previous name has not been preserved. Signed-off-by: Slávek Banko Signed-off-by: Michele Calgaro --- tdecert/tdecertpart.cc | 13 +- tdeio/kssl/kopenssl.cc | 724 ++++++++++++++++++++++++++++------ tdeio/kssl/kopenssl.h | 222 +++++++++-- tdeio/kssl/ksmimecrypto.cc | 29 +- tdeio/kssl/kssl.cc | 37 +- tdeio/kssl/kssl.h | 7 +- tdeio/kssl/ksslcallback.c | 15 +- tdeio/kssl/ksslcertchain.cc | 74 ++-- tdeio/kssl/ksslcertificate.cc | 104 +++-- tdeio/kssl/ksslpkcs12.cc | 29 +- tdeio/kssl/ksslpkcs7.cc | 19 - tdeio/kssl/ksslsettings.cc | 69 ++-- tdeio/kssl/ksslutils.cc | 8 +- tdeio/tdeio/tcpslavebase.cpp | 6 +- 14 files changed, 981 insertions(+), 375 deletions(-) diff --git a/tdecert/tdecertpart.cc b/tdecert/tdecertpart.cc index c6b163afb..3c937e9d6 100644 --- a/tdecert/tdecertpart.cc +++ b/tdecert/tdecertpart.cc @@ -557,9 +557,6 @@ if (whatType == "application/x-pkcs12") { return false; } -#define sk_free KOSSL::self()->sk_free -#define sk_num KOSSL::self()->sk_num -#define sk_value KOSSL::self()->sk_value STACK_OF(X509_INFO) *sx5i = KOSSL::self()->PEM_X509_INFO_read(fp, NULL, KSSLPemCallback, NULL); if (!sx5i) { @@ -569,8 +566,8 @@ if (whatType == "application/x-pkcs12") { } _ca_filenameLabel->setText(m_file); - for (int i = 0; i < sk_X509_INFO_num(sx5i); i++) { - X509_INFO* x5i = sk_X509_INFO_value(sx5i, i); + for (int i = 0; i < KOSSL::self()->OPENSSL_sk_num(sx5i); i++) { + X509_INFO* x5i = reinterpret_cast(KOSSL::self()->OPENSSL_sk_value(sx5i, i)); if (x5i->x_pkey && x5i->x509) { // a personal cert (like PKCS12) KSSLCertificate *xc = KSSLCertificate::fromX509(x5i->x509); new KX509Item(_sideList, xc); @@ -584,11 +581,7 @@ if (whatType == "application/x-pkcs12") { } } - sk_X509_INFO_free(sx5i); - -#undef sk_free -#undef sk_num -#undef sk_value + KOSSL::self()->OPENSSL_sk_free(sx5i); fclose(fp); return true; diff --git a/tdeio/kssl/kopenssl.cc b/tdeio/kssl/kopenssl.cc index d4f086d8e..8b1aa20e0 100644 --- a/tdeio/kssl/kopenssl.cc +++ b/tdeio/kssl/kopenssl.cc @@ -56,7 +56,9 @@ static void (*K_SSL_CTX_set_verify)(SSL_CTX *, int, int (*)(int, X509_STORE_CTX *)) = 0L; static int (*K_SSL_use_certificate)(SSL *, X509 *) = 0L; static SSL_CIPHER *(*K_SSL_get_current_cipher)(SSL *) = 0L; -static long (*K_SSL_ctrl) (SSL *,int, long, char *) = 0L; +static long (*K_SSL_set_options)(SSL *ssl, long options) = 0L; +static int (*K_SSL_session_reused)(SSL *ssl) = 0L; +static long (*K_SSL_ctrl) (SSL *,int, long, void *) = 0L; static int (*K_RAND_egd) (const char *) = 0L; static const char* (*K_RAND_file_name) (char *, size_t) = 0L; static int (*K_RAND_load_file) (const char *, long) = 0L; @@ -64,7 +66,7 @@ static int (*K_RAND_write_file) (const char *) = 0L; static SSL_METHOD * (*K_TLSv1_client_method) () = 0L; static SSL_METHOD * (*K_SSLv2_client_method) () = 0L; static SSL_METHOD * (*K_SSLv3_client_method) () = 0L; -static SSL_METHOD * (*K_SSLv23_client_method) () = 0L; +static SSL_METHOD * (*K_TLS_client_method) () = 0L; static X509 * (*K_SSL_get_peer_certificate) (SSL *) = 0L; static int (*K_SSL_CIPHER_get_bits) (SSL_CIPHER *,int *) = 0L; static char * (*K_SSL_CIPHER_get_version) (SSL_CIPHER *) = 0L; @@ -74,6 +76,7 @@ static X509 * (*K_d2i_X509) (X509 **,unsigned char **,long) = 0L; static X509_CRL * (*K_d2i_X509_CRL) (X509_CRL **,unsigned char **,long) = 0L; static int (*K_i2d_X509) (X509 *,unsigned char **) = 0L; static int (*K_X509_cmp) (X509 *, X509 *) = 0L; +static int (*K_X509_subject_name_cmp) (const X509 *, const X509 *) = 0L; static void (*K_X509_STORE_CTX_free) (X509_STORE_CTX *) = 0L; static int (*K_X509_verify_cert) (X509_STORE_CTX *) = 0L; static X509_STORE_CTX *(*K_X509_STORE_CTX_new) (void) = 0L; @@ -91,6 +94,8 @@ static int (*K_X509_LOOKUP_ctrl)(X509_LOOKUP *, int, const char *, long, char ** static void (*K_X509_STORE_CTX_init)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *) = 0L; static void (*K_CRYPTO_free) (void *) = 0L; static X509* (*K_X509_dup) (X509 *) = 0L; +static void (*K_X509_get0_signature)(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x) = 0L; static BIO_METHOD *(*K_BIO_s_mem) (void) = 0L; static BIO* (*K_BIO_new) (BIO_METHOD *) = 0L; static BIO* (*K_BIO_new_fp) (FILE *, int) = 0L; @@ -98,6 +103,7 @@ static BIO* (*K_BIO_new_mem_buf) (void *, int) = 0L; static int (*K_BIO_free) (BIO *) = 0L; static long (*K_BIO_ctrl) (BIO *,int,long,void *) = 0L; static int (*K_BIO_write) (BIO *b, const void *data, int len) = 0L; +static void* (*K_BIO_get_data) (BIO *a) = 0L; static int (*K_PEM_ASN1_write_bio) (int (*)(),const char *,BIO *,char *, const EVP_CIPHER *,unsigned char *,int , pem_password_cb *, void *) = 0L; @@ -120,13 +126,16 @@ static int (*K_PKCS12_parse) (PKCS12*, const char *, EVP_PKEY**, X509**, STACK_OF(X509)**) = 0L; static void (*K_EVP_PKEY_free) (EVP_PKEY *) = 0L; static EVP_PKEY* (*K_EVP_PKEY_new) () = 0L; +static int (*K_EVP_PKEY_base_id)(const EVP_PKEY *pkey) = 0L; +static RSA* (*K_EVP_PKEY_get0_RSA)(EVP_PKEY *pkey) = 0L; +static DSA* (*K_EVP_PKEY_get0_DSA)(EVP_PKEY *pkey) = 0L; static void (*K_X509_REQ_free) (X509_REQ *) = 0L; static X509_REQ* (*K_X509_REQ_new) () = 0L; static int (*K_SSL_CTX_use_PrivateKey) (SSL_CTX*, EVP_PKEY*) = 0L; static int (*K_SSL_CTX_use_certificate) (SSL_CTX*, X509*) = 0L; static int (*K_SSL_get_error) (SSL*, int) = 0L; static STACK_OF(X509)* (*K_SSL_get_peer_cert_chain) (SSL*) = 0L; -static void (*K_X509_STORE_CTX_set_chain) (X509_STORE_CTX *, STACK_OF(X509)*) = 0L; +static void (*K_X509_STORE_CTX_set0_untrusted) (X509_STORE_CTX *, STACK_OF(X509)*) = 0L; static void (*K_X509_STORE_CTX_set_purpose) (X509_STORE_CTX *, int) = 0L; static void (*K_sk_free) (STACK*) = 0L; static int (*K_sk_num) (STACK*) = 0L; @@ -134,7 +143,7 @@ static char* (*K_sk_pop) (STACK*) = 0L; static char* (*K_sk_value) (STACK*, int) = 0L; static STACK* (*K_sk_new) (int (*)()) = 0L; static int (*K_sk_push) (STACK*, char*) = 0L; -static STACK* (*K_sk_dup) (STACK *) = 0L; +static STACK* (*K_sk_dup) (const STACK *) = 0L; static char * (*K_i2s_ASN1_INTEGER) (X509V3_EXT_METHOD *, ASN1_INTEGER *) =0L; static ASN1_INTEGER * (*K_X509_get_serialNumber) (X509 *) = 0L; static EVP_PKEY *(*K_X509_get_pubkey)(X509 *) = 0L; @@ -175,7 +184,10 @@ static int (*K_X509_check_purpose)(X509*,int,int) = 0L; static X509_PURPOSE* (*K_X509_PURPOSE_get0)(int) = 0L; static int (*K_EVP_PKEY_assign)(EVP_PKEY*, int, char*) = 0L; static int (*K_X509_REQ_set_pubkey)(X509_REQ*, EVP_PKEY*) = 0L; +static void (*K_RSA_get0_key)(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) = 0L; static RSA *(*K_RSA_generate_key)(int, unsigned long, void (*)(int,int,void *), void *) = 0L; +static void (*K_DSA_get0_pqg)(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) = 0L; +static void (*K_DSA_get0_key)(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) = 0L; static int (*K_i2d_X509_REQ_fp)(FILE*, X509_REQ*) = 0L; static void (*K_ERR_clear_error)() = 0L; static unsigned long (*K_ERR_get_error)() = 0L; @@ -208,7 +220,19 @@ static int (*K_X509_REQ_set_subject_name)(X509_REQ*,X509_NAME*) = 0L; static unsigned char *(*K_ASN1_STRING_data)(ASN1_STRING*) = 0L; static int (*K_ASN1_STRING_length)(ASN1_STRING*) = 0L; static STACK_OF(SSL_CIPHER) *(*K_SSL_get_ciphers)(const SSL *ssl) = 0L; - +static const ASN1_TIME* (*K_X509_CRL_get0_lastUpdate)(const X509_CRL *crl) = 0L; +static const ASN1_TIME* (*K_X509_CRL_get0_nextUpdate)(const X509_CRL *crl) = 0L; +static X509* (*K_X509_STORE_CTX_get_current_cert)(X509_STORE_CTX *ctx) = 0L; +static int (*K_X509_STORE_CTX_get_error)(X509_STORE_CTX *ctx) = 0L; +static int (*K_X509_STORE_CTX_get_error_depth)(X509_STORE_CTX *ctx) = 0L; +static void (*K_X509_STORE_CTX_set_error)(X509_STORE_CTX *ctx, int s) = 0L; +static void (*K_X509_STORE_set_verify_cb)(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb) = 0L; +static STACK_OF(X509_OBJECT)* (*K_X509_STORE_get0_objects)(X509_STORE *v) = 0L; +static X509_LOOKUP_TYPE (*K_X509_OBJECT_get_type)(const X509_OBJECT *a) = 0L; +static X509* (*K_X509_OBJECT_get0_X509)(const X509_OBJECT *a) = 0L; +static ASN1_TIME* (*K_X509_getm_notAfter)(const X509 *x) = 0L; +static ASN1_TIME* (*K_X509_getm_notBefore)(const X509 *x) = 0L; #endif } @@ -407,6 +431,7 @@ TDEConfig *cfg; K_d2i_X509_CRL = (X509_CRL * (*)(X509_CRL **,unsigned char **,long)) GET_CRYPTOLIB_SYMBOL("d2i_X509_CRL"); K_i2d_X509 = (int (*)(X509 *,unsigned char **)) GET_CRYPTOLIB_SYMBOL("i2d_X509"); K_X509_cmp = (int (*)(X509 *, X509 *)) GET_CRYPTOLIB_SYMBOL("X509_cmp"); + K_X509_subject_name_cmp = (int (*)(const X509 *, const X509 *)) GET_CRYPTOLIB_SYMBOL("X509_subject_name_cmp"); K_X509_STORE_CTX_new = (X509_STORE_CTX * (*) (void)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_new"); K_X509_STORE_CTX_free = (void (*) (X509_STORE_CTX *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_free"); K_X509_verify_cert = (int (*) (X509_STORE_CTX *)) GET_CRYPTOLIB_SYMBOL("X509_verify_cert"); @@ -421,6 +446,8 @@ TDEConfig *cfg; K_X509_LOOKUP_ctrl = (int (*)(X509_LOOKUP *, int, const char *, long, char **)) GET_CRYPTOLIB_SYMBOL("X509_LOOKUP_ctrl"); K_X509_STORE_CTX_init = (void (*)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_init"); K_X509_dup = (X509* (*)(X509*)) GET_CRYPTOLIB_SYMBOL("X509_dup"); + K_X509_get0_signature = (void (*)(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_get0_signature"); K_BIO_s_mem = (BIO_METHOD *(*) (void)) GET_CRYPTOLIB_SYMBOL("BIO_s_mem"); K_BIO_new = (BIO* (*)(BIO_METHOD *)) GET_CRYPTOLIB_SYMBOL("BIO_new"); K_BIO_new_fp = (BIO* (*)(FILE*, int)) GET_CRYPTOLIB_SYMBOL("BIO_new_fp"); @@ -428,6 +455,7 @@ TDEConfig *cfg; K_BIO_free = (int (*)(BIO*)) GET_CRYPTOLIB_SYMBOL("BIO_free"); K_BIO_ctrl = (long (*) (BIO *,int,long,void *)) GET_CRYPTOLIB_SYMBOL("BIO_ctrl"); K_BIO_write = (int (*) (BIO *b, const void *data, int len)) GET_CRYPTOLIB_SYMBOL("BIO_write"); + K_BIO_get_data = (void* (*)(BIO *a)) GET_CRYPTOLIB_SYMBOL("BIO_get_data"); K_PEM_ASN1_write_bio = (int (*)(int (*)(), const char *,BIO*, char*, const EVP_CIPHER *, unsigned char *, int, pem_password_cb *, void *)) GET_CRYPTOLIB_SYMBOL("PEM_ASN1_write_bio"); #if OPENSSL_VERSION_NUMBER >= 0x10000000L K_ASN1_item_i2d_fp = (int (*)(ASN1_ITEM *, FILE*, unsigned char *)) GET_CRYPTOLIB_SYMBOL("ASN1_item_i2d_fp"); @@ -448,17 +476,28 @@ TDEConfig *cfg; X509**, STACK_OF(X509)**)) GET_CRYPTOLIB_SYMBOL("PKCS12_parse"); K_EVP_PKEY_free = (void (*) (EVP_PKEY *)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_free"); K_EVP_PKEY_new = (EVP_PKEY* (*)()) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_new"); + K_EVP_PKEY_base_id = (int (*)(const EVP_PKEY *pkey)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_base_id"); + K_EVP_PKEY_get0_RSA = (RSA* (*)(EVP_PKEY *pkey)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_get0_RSA"); + K_EVP_PKEY_get0_DSA = (DSA* (*)(EVP_PKEY *pkey)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_get0_DSA"); K_X509_REQ_free = (void (*)(X509_REQ*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_free"); K_X509_REQ_new = (X509_REQ* (*)()) GET_CRYPTOLIB_SYMBOL("X509_REQ_new"); - K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_chain"); + K_X509_STORE_CTX_set0_untrusted = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set0_untrusted"); + if (!K_X509_STORE_CTX_set0_untrusted) K_X509_STORE_CTX_set0_untrusted = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_chain"); K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_purpose"); - K_sk_free = (void (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_free"); - K_sk_num = (int (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_num"); - K_sk_pop = (char* (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_pop"); - K_sk_value = (char* (*) (STACK *, int)) GET_CRYPTOLIB_SYMBOL("sk_value"); - K_sk_new = (STACK* (*) (int (*)())) GET_CRYPTOLIB_SYMBOL("sk_new"); - K_sk_push = (int (*) (STACK*, char*)) GET_CRYPTOLIB_SYMBOL("sk_push"); - K_sk_dup = (STACK* (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_dup"); + K_sk_free = (void (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_free"); + if (!K_sk_free) K_sk_free = (void (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_free"); + K_sk_num = (int (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_num"); + if (!K_sk_num) K_sk_num = (int (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_num"); + K_sk_pop = (char* (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_pop"); + if (!K_sk_pop) K_sk_pop = (char* (*) (STACK *)) GET_CRYPTOLIB_SYMBOL("sk_pop"); + K_sk_value = (char* (*) (STACK *, int)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_value"); + if (!K_sk_value) K_sk_value = (char* (*) (STACK *, int)) GET_CRYPTOLIB_SYMBOL("sk_value"); + K_sk_new = (STACK* (*) (int (*)())) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_new"); + if (!K_sk_new) K_sk_new = (STACK* (*) (int (*)())) GET_CRYPTOLIB_SYMBOL("sk_new"); + K_sk_push = (int (*) (STACK*, char*)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_push"); + if (!K_sk_push) K_sk_push = (int (*) (STACK*, char*)) GET_CRYPTOLIB_SYMBOL("sk_push"); + K_sk_dup = (STACK* (*) (const STACK *)) GET_CRYPTOLIB_SYMBOL("OPENSSL_sk_dup"); + if (!K_sk_dup) K_sk_dup = (STACK* (*) (const STACK *)) GET_CRYPTOLIB_SYMBOL("sk_dup"); K_i2s_ASN1_INTEGER = (char *(*) (X509V3_EXT_METHOD *, ASN1_INTEGER *)) GET_CRYPTOLIB_SYMBOL("i2s_ASN1_INTEGER"); K_X509_get_serialNumber = (ASN1_INTEGER * (*) (X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_serialNumber"); K_X509_get_pubkey = (EVP_PKEY *(*)(X509 *)) GET_CRYPTOLIB_SYMBOL("X509_get_pubkey"); @@ -503,7 +542,10 @@ TDEConfig *cfg; K_X509_PURPOSE_get0 = (X509_PURPOSE *(*)(int)) GET_CRYPTOLIB_SYMBOL("X509_PURPOSE_get0"); K_EVP_PKEY_assign = (int (*)(EVP_PKEY*, int, char*)) GET_CRYPTOLIB_SYMBOL("EVP_PKEY_assign"); K_X509_REQ_set_pubkey = (int (*)(X509_REQ*, EVP_PKEY*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_set_pubkey"); + K_RSA_get0_key = (void (*)(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)) GET_CRYPTOLIB_SYMBOL("RSA_get0_key"); K_RSA_generate_key = (RSA* (*)(int, unsigned long, void (*)(int,int,void *), void *)) GET_CRYPTOLIB_SYMBOL("RSA_generate_key"); + K_DSA_get0_pqg = (void (*)(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)) GET_CRYPTOLIB_SYMBOL("DSA_get0_pqg"); + K_DSA_get0_key = (void (*)(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)) GET_CRYPTOLIB_SYMBOL("DSA_get0_key"); K_i2d_X509_REQ_fp = (int (*)(FILE *, X509_REQ *)) GET_CRYPTOLIB_SYMBOL("i2d_X509_REQ_fp"); K_ERR_clear_error = (void (*)()) GET_CRYPTOLIB_SYMBOL("ERR_clear_error"); K_ERR_get_error = (unsigned long (*)()) GET_CRYPTOLIB_SYMBOL("ERR_get_error"); @@ -525,6 +567,19 @@ TDEConfig *cfg; K_X509_REQ_set_subject_name = (int (*)(X509_REQ*,X509_NAME*)) GET_CRYPTOLIB_SYMBOL("X509_REQ_set_subject_name"); K_ASN1_STRING_data = (unsigned char *(*)(ASN1_STRING*)) GET_CRYPTOLIB_SYMBOL("ASN1_STRING_data"); K_ASN1_STRING_length = (int (*)(ASN1_STRING*)) GET_CRYPTOLIB_SYMBOL("ASN1_STRING_length"); + K_X509_CRL_get0_lastUpdate = (const ASN1_TIME* (*)(const X509_CRL *crl)) GET_CRYPTOLIB_SYMBOL("X509_CRL_get0_lastUpdate"); + K_X509_CRL_get0_nextUpdate = (const ASN1_TIME* (*)(const X509_CRL *crl)) GET_CRYPTOLIB_SYMBOL("X509_CRL_get0_nextUpdate"); + K_X509_STORE_CTX_get_current_cert = (X509* (*)(X509_STORE_CTX *ctx)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_get_current_cert"); + K_X509_STORE_CTX_get_error = (int (*)(X509_STORE_CTX *ctx)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_get_error"); + K_X509_STORE_CTX_get_error_depth = (int (*)(X509_STORE_CTX *ctx)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_get_error_depth"); + K_X509_STORE_CTX_set_error = (void (*)(X509_STORE_CTX *ctx, int s)) GET_CRYPTOLIB_SYMBOL("X509_STORE_CTX_set_error"); + K_X509_STORE_set_verify_cb = (void (*)(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb)) GET_CRYPTOLIB_SYMBOL("X509_STORE_set_verify_cb"); + K_X509_STORE_get0_objects = (STACK_OF(X509_OBJECT)* (*)(X509_STORE *v)) GET_CRYPTOLIB_SYMBOL("X509_STORE_get0_objects"); + K_X509_OBJECT_get_type = (X509_LOOKUP_TYPE (*)(const X509_OBJECT *a)) GET_CRYPTOLIB_SYMBOL("X509_OBJECT_get_type"); + K_X509_OBJECT_get0_X509 = (X509* (*)(const X509_OBJECT *a)) GET_CRYPTOLIB_SYMBOL("X509_OBJECT_get0_X509"); + K_X509_getm_notAfter = (ASN1_TIME* (*)(const X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_getm_notAfter"); + K_X509_getm_notBefore = (ASN1_TIME* (*)(const X509 *x)) GET_CRYPTOLIB_SYMBOL("X509_getm_notBefore"); #endif } @@ -589,12 +644,15 @@ TDEConfig *cfg; GET_SSLLIB_SYMBOL("SSL_CTX_use_certificate"); K_SSL_get_current_cipher = (SSL_CIPHER *(*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_get_current_cipher"); - K_SSL_ctrl = (long (*)(SSL * ,int, long, char *)) + K_SSL_set_options = (long (*)(SSL *ssl, long options)) GET_SSLLIB_SYMBOL("SSL_set_options"); + K_SSL_session_reused = (int (*)(SSL *ssl)) GET_SSLLIB_SYMBOL("SSL_session_reused"); + K_SSL_ctrl = (long (*)(SSL * ,int, long, void *)) GET_SSLLIB_SYMBOL("SSL_ctrl"); K_TLSv1_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("TLSv1_client_method"); K_SSLv2_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv2_client_method"); K_SSLv3_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv3_client_method"); - K_SSLv23_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv23_client_method"); + K_TLS_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("TLS_client_method"); + if (!K_TLS_client_method) K_TLS_client_method = (SSL_METHOD *(*)()) GET_SSLLIB_SYMBOL("SSLv23_client_method"); K_SSL_get_peer_certificate = (X509 *(*)(SSL *)) GET_SSLLIB_SYMBOL("SSL_get_peer_certificate"); K_SSL_CIPHER_get_bits = (int (*)(SSL_CIPHER *,int *)) GET_SSLLIB_SYMBOL("SSL_CIPHER_get_bits"); K_SSL_CIPHER_get_version = (char * (*)(SSL_CIPHER *)) GET_SSLLIB_SYMBOL("SSL_CIPHER_get_version"); @@ -692,70 +750,82 @@ KOpenSSLProxy *KOpenSSLProxy::self() { int KOpenSSLProxy::SSL_connect(SSL *ssl) { if (K_SSL_connect) return (K_SSL_connect)(ssl); + kdWarning() << "SSL_connect not defined!" << endl; return -1; } int KOpenSSLProxy::SSL_accept(SSL *ssl) { if (K_SSL_accept) return (K_SSL_accept)(ssl); + kdWarning() << "SSL_accept not defined!" << endl; return -1; } int KOpenSSLProxy::SSL_read(SSL *ssl, void *buf, int num) { if (K_SSL_read) return (K_SSL_read)(ssl, buf, num); + kdWarning() << "SSL_read not defined!" << endl; return -1; } int KOpenSSLProxy::SSL_write(SSL *ssl, const void *buf, int num) { if (K_SSL_write) return (K_SSL_write)(ssl, buf, num); + kdWarning() << "SSL_write not defined!" << endl; return -1; } SSL *KOpenSSLProxy::SSL_new(SSL_CTX *ctx) { if (K_SSL_new) return (K_SSL_new)(ctx); + kdWarning() << "SSL_new not defined!" << endl; return 0L; } void KOpenSSLProxy::SSL_free(SSL *ssl) { if (K_SSL_free) (K_SSL_free)(ssl); + else kdWarning() << "SSL_free not defined!" << endl; } int KOpenSSLProxy::SSL_shutdown(SSL *ssl) { if (K_SSL_shutdown) return (K_SSL_shutdown)(ssl); + kdWarning() << "SSL_shutdown not defined!" << endl; return -1; } SSL_CTX *KOpenSSLProxy::SSL_CTX_new(SSL_METHOD *method) { if (K_SSL_CTX_new) return (K_SSL_CTX_new)(method); + kdWarning() << "SSL_CTX_new not defined!" << endl; return 0L; } void KOpenSSLProxy::SSL_CTX_free(SSL_CTX *ctx) { if (K_SSL_CTX_free) (K_SSL_CTX_free)(ctx); + else kdWarning() << "SSL_CTX_free not defined!" << endl; } int KOpenSSLProxy::SSL_set_fd(SSL *ssl, int fd) { if (K_SSL_set_fd) return (K_SSL_set_fd)(ssl, fd); + kdWarning() << "SSL_sed_fd not defined!" << endl; return -1; } int KOpenSSLProxy::SSL_pending(SSL *ssl) { if (K_SSL_pending) return (K_SSL_pending)(ssl); + kdWarning() << "SSL_pending not defined!" << endl; return -1; } int KOpenSSLProxy::SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { if (K_SSL_CTX_set_cipher_list) return (K_SSL_CTX_set_cipher_list)(ctx, str); + kdWarning() << "SSL_CTX_set_cipher_list not defined!" << endl; return -1; } @@ -763,820 +833,1095 @@ int KOpenSSLProxy::SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) { void KOpenSSLProxy::SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) { if (K_SSL_CTX_set_verify) (K_SSL_CTX_set_verify)(ctx, mode, verify_callback); + else kdWarning() << "SSL_CTX_set_verify not defined!" << endl; } int KOpenSSLProxy::SSL_use_certificate(SSL *ssl, X509 *x) { if (K_SSL_use_certificate) return (K_SSL_use_certificate)(ssl, x); + kdWarning() << "SSL_use_certificate not defined!" << endl; return -1; } SSL_CIPHER *KOpenSSLProxy::SSL_get_current_cipher(SSL *ssl) { if (K_SSL_get_current_cipher) return (K_SSL_get_current_cipher)(ssl); + kdWarning() << "SSL_get_current_cipher not defined!" << endl; return 0L; } -long KOpenSSLProxy::SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg) { +long KOpenSSLProxy::_SSL_set_options(SSL *ssl, long options) { + if (K_SSL_set_options) return (K_SSL_set_options)(ssl, options); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return this->SSL_set_options(ssl, options); +#endif + kdWarning() << "SSL_set_options not defined!" << endl; + return -1; +} + + +int KOpenSSLProxy::_SSL_session_reused(SSL *ssl) { + if (K_SSL_session_reused) return (K_SSL_session_reused)(ssl); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return this->SSL_session_reused(ssl); +#endif + kdWarning() << "SSL_session_reused not defined!" << endl; + return -1; +} + + +long KOpenSSLProxy::SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg) { if (K_SSL_ctrl) return (K_SSL_ctrl)(ssl, cmd, larg, parg); + kdWarning() << "SSL_ctrl not defined!" << endl; return -1; } int KOpenSSLProxy::RAND_egd(const char *path) { if (K_RAND_egd) return (K_RAND_egd)(path); + kdWarning() << "RAND_egd not defined!" << endl; return -1; } SSL_METHOD *KOpenSSLProxy::TLSv1_client_method() { if (K_TLSv1_client_method) return (K_TLSv1_client_method)(); + kdWarning() << "TLSv1_client_method not defined!" << endl; return 0L; } SSL_METHOD *KOpenSSLProxy::SSLv2_client_method() { if (K_SSLv2_client_method) return (K_SSLv2_client_method)(); + kdWarning() << "SSLv2_client_method not defined!" << endl; return 0L; } SSL_METHOD *KOpenSSLProxy::SSLv3_client_method() { if (K_SSLv3_client_method) return (K_SSLv3_client_method)(); + kdWarning() << "SSLv3_client_method not defined!" << endl; return 0L; } -SSL_METHOD *KOpenSSLProxy::SSLv23_client_method() { - if (K_SSLv23_client_method) return (K_SSLv23_client_method)(); +SSL_METHOD *KOpenSSLProxy::TLS_client_method() { + if (K_TLS_client_method) return (K_TLS_client_method)(); + kdWarning() << "TLS_client_method not defined!" << endl; return 0L; } X509 *KOpenSSLProxy::SSL_get_peer_certificate(SSL *s) { if (K_SSL_get_peer_certificate) return (K_SSL_get_peer_certificate)(s); + kdWarning() << "SSL_get_peer_certificate not defined!" << endl; return 0L; } int KOpenSSLProxy::SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits) { if (K_SSL_CIPHER_get_bits) return (K_SSL_CIPHER_get_bits)(c, alg_bits); + kdWarning() << "SSL_CIPHER_get_bits not defined!" << endl; return -1; } char * KOpenSSLProxy::SSL_CIPHER_get_version(SSL_CIPHER *c) { if (K_SSL_CIPHER_get_version) return (K_SSL_CIPHER_get_version)(c); + kdWarning() << "SSL_CIPHER_get_version not defined!" << endl; return 0L; } const char * KOpenSSLProxy::SSL_CIPHER_get_name(SSL_CIPHER *c) { if (K_SSL_CIPHER_get_name) return (K_SSL_CIPHER_get_name)(c); + kdWarning() << "SSL_CIPHER_get_name not defined!" << endl; return 0L; } char * KOpenSSLProxy::SSL_CIPHER_description(SSL_CIPHER *c,char *buf,int size) { if (K_SSL_CIPHER_description) return (K_SSL_CIPHER_description)(c,buf,size); + kdWarning() << "SSL_CIPHER_description not defined!" << endl; return 0L; } X509 * KOpenSSLProxy::d2i_X509(X509 **a,unsigned char **pp,long length) { if (K_d2i_X509) return (K_d2i_X509)(a,pp,length); + kdWarning() << "d2i_X509 not defined!" << endl; return 0L; } X509_CRL * KOpenSSLProxy::d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length) { if (K_d2i_X509_CRL) return (K_d2i_X509_CRL)(a,pp,length); + kdWarning() << "d2i_X509_CRL not defined!" << endl; return 0L; } int KOpenSSLProxy::i2d_X509(X509 *a,unsigned char **pp) { if (K_i2d_X509) return (K_i2d_X509)(a,pp); + kdWarning() << "i2d_X509 not defined!" << endl; return -1; } int KOpenSSLProxy::X509_cmp(X509 *a, X509 *b) { if (K_X509_cmp) return (K_X509_cmp)(a,b); + kdWarning() << "X509_cmp not defined!" << endl; + return 0; +} + + +int KOpenSSLProxy::X509_subject_name_cmp(const X509 *a, const X509 *b) { + if (K_X509_subject_name_cmp) return (K_X509_subject_name_cmp)(a, b); + kdWarning() << "X509_subject_name_cmp not defined!" << endl; return 0; } X509_STORE *KOpenSSLProxy::X509_STORE_new(void) { if (K_X509_STORE_new) return (K_X509_STORE_new)(); + kdWarning() << "X509_STORE_new not defined!" << endl; return 0L; } void KOpenSSLProxy::X509_STORE_free(X509_STORE *v) { if (K_X509_STORE_free) (K_X509_STORE_free)(v); + else kdWarning() << "X509_STORE_free not defined!" << endl; } X509_STORE_CTX *KOpenSSLProxy::X509_STORE_CTX_new(void) { if (K_X509_STORE_CTX_new) return (K_X509_STORE_CTX_new)(); + kdWarning() << "X509_STORE_CTX_new not defined!" << endl; return 0L; } void KOpenSSLProxy::X509_STORE_CTX_free(X509_STORE_CTX *ctx) { if (K_X509_STORE_CTX_free) (K_X509_STORE_CTX_free)(ctx); + else kdWarning() << "X509_STORE_CTX_free not defined!" << endl; } int KOpenSSLProxy::X509_verify_cert(X509_STORE_CTX *ctx) { if (K_X509_verify_cert) return (K_X509_verify_cert)(ctx); + kdWarning() << "X509_verify_cert not defined!" << endl; return -1; } void KOpenSSLProxy::X509_free(X509 *a) { if (K_X509_free) (K_X509_free)(a); + else kdWarning() << "X509_free not defined!" << endl; } void KOpenSSLProxy::X509_CRL_free(X509_CRL *a) { if (K_X509_CRL_free) (K_X509_CRL_free)(a); + else kdWarning() << "X509_CRL_free not defined!" << endl; } char *KOpenSSLProxy::X509_NAME_oneline(X509_NAME *a,char *buf,int size) { if (K_X509_NAME_oneline) return (K_X509_NAME_oneline)(a,buf,size); + kdWarning() << "X509_NAME_online not defined!" << endl; return 0L; } X509_NAME *KOpenSSLProxy::X509_get_subject_name(X509 *a) { if (K_X509_get_subject_name) return (K_X509_get_subject_name)(a); + kdWarning() << "X509_get_subject not defined!" << endl; return 0L; } X509_NAME *KOpenSSLProxy::X509_get_issuer_name(X509 *a) { if (K_X509_get_issuer_name) return (K_X509_get_issuer_name)(a); + kdWarning() << "X509_get_issuer not defined!" << endl; return 0L; } X509_LOOKUP *KOpenSSLProxy::X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) { if (K_X509_STORE_add_lookup) return (K_X509_STORE_add_lookup)(v,m); + kdWarning() << "X509_STORE_add_lookup not defined!" << endl; return 0L; } X509_LOOKUP_METHOD *KOpenSSLProxy::X509_LOOKUP_file(void) { if (K_X509_LOOKUP_file) return (K_X509_LOOKUP_file)(); + kdWarning() << "X509_LOOKUP_file not defined!" << endl; return 0L; } void KOpenSSLProxy::X509_LOOKUP_free(X509_LOOKUP *x) { if (K_X509_LOOKUP_free) (K_X509_LOOKUP_free)(x); + else kdWarning() << "X509_LOOKUP_free not defined!" << endl; } int KOpenSSLProxy::X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) { if (K_X509_LOOKUP_ctrl) return (K_X509_LOOKUP_ctrl)(ctx,cmd,argc,argl,ret); + kdWarning() << "X509_LOOKUP_ctrl not defined!" << endl; return -1; } void KOpenSSLProxy::X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { if (K_X509_STORE_CTX_init) (K_X509_STORE_CTX_init)(ctx,store,x509,chain); + else kdWarning() << "X509_STORE_CTX_init not defined!" << endl; } void KOpenSSLProxy::CRYPTO_free(void *x) { if (K_CRYPTO_free) (K_CRYPTO_free)(x); + else kdWarning() << "CRYPTO_free not defined!" << endl; } X509 *KOpenSSLProxy::X509_dup(X509 *x509) { if (K_X509_dup) return (K_X509_dup)(x509); + kdWarning() << "X509_dup not defined!" << endl; return 0L; } +void KOpenSSLProxy::X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x) { + if (K_X509_get0_signature) { + (X509_get0_signature)(psig, palg, x); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!x) return; + if (psig) *psig = x->signature; + if (palg) *palg = x->sig_alg; + return; +#endif + kdWarning() << "X509_get0_signature not defined!" << endl; +} + + BIO *KOpenSSLProxy::BIO_new(BIO_METHOD *type) { if (K_BIO_new) return (K_BIO_new)(type); - else return 0L; + kdWarning() << "BIO_new not defined!" << endl; + return 0L; } BIO_METHOD *KOpenSSLProxy::BIO_s_mem(void) { if (K_BIO_s_mem) return (K_BIO_s_mem)(); - else return 0L; + kdWarning() << "BIO_s_mem not defined!" << endl; + return 0L; } BIO *KOpenSSLProxy::BIO_new_fp(FILE *stream, int close_flag) { if (K_BIO_new_fp) return (K_BIO_new_fp)(stream, close_flag); + kdWarning() << "BIO_new_fp not defined!" << endl; return 0L; } BIO *KOpenSSLProxy::BIO_new_mem_buf(void *buf, int len) { if (K_BIO_new_mem_buf) return (K_BIO_new_mem_buf)(buf,len); - else return 0L; + kdWarning() << "BIO_new_mem_buf not defined!" << endl; + return 0L; } int KOpenSSLProxy::BIO_free(BIO *a) { if (K_BIO_free) return (K_BIO_free)(a); + kdWarning() << "BIO_free not defined!" << endl; return -1; } long KOpenSSLProxy::BIO_ctrl(BIO *bp,int cmd,long larg,void *parg) { if (K_BIO_ctrl) return (K_BIO_ctrl)(bp,cmd,larg,parg); - else return 0; // failure return for BIO_ctrl is quite individual, maybe we should abort() instead + kdWarning() << "BIO_ctrl not defined!" << endl; + return 0; // failure return for BIO_ctrl is quite individual, maybe we should abort() instead } int KOpenSSLProxy::BIO_write(BIO *b, const void *data, int len) { if (K_BIO_write) return (K_BIO_write)(b, data, len); - else return -1; + kdWarning() << "BIO_write not defined!" << endl; + return -1; +} + + +void *KOpenSSLProxy::BIO_get_data(BIO *a) { + if (K_BIO_get_data) return (K_BIO_get_data)(a); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return a->ptr; +#endif + kdWarning() << "BIO_get_data not defined!" << endl; + return 0L; } int KOpenSSLProxy::PEM_write_bio_X509(BIO *bp, X509 *x) { if (K_PEM_ASN1_write_bio) return (K_PEM_ASN1_write_bio) ((int (*)())K_i2d_X509, PEM_STRING_X509, bp, (char *)x, 0L, 0L, 0, 0L, 0L); - else return -1; + kdWarning() << "PEM_write_bio_X509 not defined!" << endl; + return -1; } #if OPENSSL_VERSION_NUMBER >= 0x10000000L int KOpenSSLProxy::ASN1_i2d_fp(FILE *out,unsigned char *x) { if (K_ASN1_item_i2d_fp && K_NETSCAPE_X509_it) return (K_ASN1_item_i2d_fp)(K_NETSCAPE_X509_it, out, x); - else return -1; + kdWarning() << "ANS1_i2d_fp not defined!" << endl; + return -1; } #else ASN1_METHOD *KOpenSSLProxy::X509_asn1_meth(void) { if (K_X509_asn1_meth) return (K_X509_asn1_meth)(); - else return 0L; + kdWarning() << "X509_ans1_meth not defined!" << endl; + return 0L; } int KOpenSSLProxy::ASN1_i2d_fp(FILE *out,unsigned char *x) { if (K_ASN1_i2d_fp && K_i2d_ASN1_HEADER) return (K_ASN1_i2d_fp)((int (*)())K_i2d_ASN1_HEADER, out, x); - else return -1; + kdWarning() << "ANS1_i2d_fp not defined!" << endl; + return -1; } #endif int KOpenSSLProxy::X509_print(FILE *fp, X509 *x) { if (K_X509_print_fp) return (K_X509_print_fp)(fp, x); + kdWarning() << "X509_print not defined!" << endl; return -1; } PKCS12 *KOpenSSLProxy::d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) { if (K_d2i_PKCS12_fp) return (K_d2i_PKCS12_fp)(fp, p12); - else return 0L; + kdWarning() << "d2i_PKCS12_fp not defined!" << endl; + return 0L; } int KOpenSSLProxy::PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) { if (K_PKCS12_newpass) return (K_PKCS12_newpass)(p12, oldpass, newpass); - else return -1; + kdWarning() << "PKCS12_newpass not defined!" << endl; + return -1; } int KOpenSSLProxy::i2d_PKCS12(PKCS12 *p12, unsigned char **p) { if (K_i2d_PKCS12) return (K_i2d_PKCS12)(p12, p); - else return -1; + kdWarning() << "i2d_PKCS12 not defined!" << endl; + return -1; } int KOpenSSLProxy::i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) { if (K_i2d_PKCS12_fp) return (K_i2d_PKCS12_fp)(fp, p12); - else return -1; + kdWarning() << "i2d_PKCS12_fp not defined!" << endl; + return -1; } PKCS12 *KOpenSSLProxy::PKCS12_new(void) { if (K_PKCS12_new) return (K_PKCS12_new)(); - else return 0L; + kdWarning() << "PKCS12_new not defined!" << endl; + return 0L; } void KOpenSSLProxy::PKCS12_free(PKCS12 *a) { if (K_PKCS12_free) (K_PKCS12_free)(a); + else kdWarning() << "PKCS12_free not defined!" << endl; } int KOpenSSLProxy::PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) { if (K_PKCS12_parse) return (K_PKCS12_parse) (p12, pass, pkey, cert, ca); - else return -1; + kdWarning() << "PKCS12_parse not defined!" << endl; + return -1; } void KOpenSSLProxy::EVP_PKEY_free(EVP_PKEY *x) { if (K_EVP_PKEY_free) (K_EVP_PKEY_free)(x); + else kdWarning() << "EVP_PKEY_free not defined!" << endl; } EVP_PKEY* KOpenSSLProxy::EVP_PKEY_new() { if (K_EVP_PKEY_new) return (K_EVP_PKEY_new)(); - else return 0L; + kdWarning() << "EVP_PKEY_new not defined!" << endl; + return 0L; +} + + +int KOpenSSLProxy::EVP_PKEY_base_id(const EVP_PKEY *pkey) { + if (K_EVP_PKEY_base_id) return (K_EVP_PKEY_base_id)(pkey); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return pkey->type; +#endif + kdWarning() << "EVP_PKEY_base_id not defined!" << endl; + return -1; +} + + +RSA* KOpenSSLProxy::EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { + if (K_EVP_PKEY_get0_RSA) return (K_EVP_PKEY_get0_RSA)(pkey); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return pkey->pkey.rsa; +#endif + kdWarning() << "EVP_PKEY_get0_RSA not defined!" << endl; + return 0L; +} + + +DSA* KOpenSSLProxy::EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { + if (K_EVP_PKEY_get0_DSA) return (K_EVP_PKEY_get0_DSA)(pkey); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return pkey->pkey.dsa; +#endif + kdWarning() << "EVP_PKEY_get0_DSA not defined!" << endl; + return 0L; } void KOpenSSLProxy::X509_REQ_free(X509_REQ *x) { if (K_X509_REQ_free) (K_X509_REQ_free)(x); + else kdWarning() << "X509_REQ_free not defined!" << endl; } X509_REQ* KOpenSSLProxy::X509_REQ_new() { if (K_X509_REQ_new) return (K_X509_REQ_new)(); - else return 0L; + kdWarning() << "X509_REQ_new not defined!" << endl; + return 0L; } int KOpenSSLProxy::SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) { if (K_SSL_CTX_use_PrivateKey) return (K_SSL_CTX_use_PrivateKey)(ctx,pkey); - else return -1; + kdWarning() << "SSL_CTX_use_PrivateKey not defined!" << endl; + return -1; } int KOpenSSLProxy::SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) { if (K_SSL_CTX_use_certificate) return (K_SSL_CTX_use_certificate)(ctx,x); - else return -1; + kdWarning() << "SSL_CTX_use_certificate not defined!" << endl; + return -1; } int KOpenSSLProxy::SSL_get_error(SSL *ssl, int rc) { if (K_SSL_get_error) return (K_SSL_get_error)(ssl,rc); - else return -1; + kdWarning() << "SSL_get_error not defined!" << endl; + return -1; } STACK_OF(X509) *KOpenSSLProxy::SSL_get_peer_cert_chain(SSL *s) { if (K_SSL_get_peer_cert_chain) return (K_SSL_get_peer_cert_chain)(s); - else return 0L; + kdWarning() << "SSL_get_peer_cert_chain not defined!" << endl; + return 0L; } -void KOpenSSLProxy::sk_free(STACK *s) { +void KOpenSSLProxy::OPENSSL_sk_free(STACK *s) { if (K_sk_free) (K_sk_free)(s); + else kdWarning() << "OPENSSL_sk_free not defined!" << endl; } -int KOpenSSLProxy::sk_num(STACK *s) { +int KOpenSSLProxy::OPENSSL_sk_num(STACK *s) { if (K_sk_num) return (K_sk_num)(s); - else return -1; + kdWarning() << "OPENSSL_sk_num not defined!" << endl; + return -1; } -char *KOpenSSLProxy::sk_pop(STACK *s) { +char *KOpenSSLProxy::OPENSSL_sk_pop(STACK *s) { if (K_sk_pop) return (K_sk_pop)(s); - else return 0L; + kdWarning() << "OPENSSL_sk_pop not defined!" << endl; + return 0L; } -char *KOpenSSLProxy::sk_value(STACK *s, int n) { +char *KOpenSSLProxy::OPENSSL_sk_value(STACK *s, int n) { if (K_sk_value) return (K_sk_value)(s, n); - else return 0L; + kdWarning() << "OPENSSL_sk_value not defined!" << endl; + return 0L; } -void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) { - if (K_X509_STORE_CTX_set_chain) (K_X509_STORE_CTX_set_chain)(v,x); +void KOpenSSLProxy::X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *v, STACK_OF(X509)* x) { + if (K_X509_STORE_CTX_set0_untrusted) (K_X509_STORE_CTX_set0_untrusted)(v,x); + else kdWarning() << "X509_STORE_CTX_set0_untrusted not defined!" << endl; } void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose) { if (K_X509_STORE_CTX_set_purpose) (K_X509_STORE_CTX_set_purpose)(v,purpose); + else kdWarning() << "X509_STORE_CTX_set_purpose not defined!" << endl; } -STACK* KOpenSSLProxy::sk_dup(STACK *s) { +STACK* KOpenSSLProxy::OPENSSL_sk_dup(const STACK *s) { if (K_sk_dup) return (K_sk_dup)(s); - else return 0L; + kdWarning() << "OPENSSL_sk_dup not defined!" << endl; + return 0L; } -STACK* KOpenSSLProxy::sk_new(int (*cmp)()) { +STACK* KOpenSSLProxy::OPENSSL_sk_new(int (*cmp)()) { if (K_sk_new) return (K_sk_new)(cmp); - else return 0L; + kdWarning() << "OPENSSL_sk_new not defined!" << endl; + return 0L; } -int KOpenSSLProxy::sk_push(STACK* s, char* d) { +int KOpenSSLProxy::OPENSSL_sk_push(STACK* s, char* d) { if (K_sk_push) return (K_sk_push)(s,d); - else return -1; + kdWarning() << "OPENSSL_sk_push not defined!" << endl; + return -1; } char *KOpenSSLProxy::i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint) { if (K_i2s_ASN1_INTEGER) return (K_i2s_ASN1_INTEGER)(meth, aint); - else return 0L; + kdWarning() << "i2s_ANS1_INTEGER not defined!" << endl; + return 0L; } ASN1_INTEGER *KOpenSSLProxy::X509_get_serialNumber(X509 *x) { if (K_X509_get_serialNumber) return (K_X509_get_serialNumber)(x); - else return 0L; + kdWarning() << "X509_get_serialNumber not defined!" << endl; + return 0L; } EVP_PKEY *KOpenSSLProxy::X509_get_pubkey(X509 *x) { if (K_X509_get_pubkey) return (K_X509_get_pubkey)(x); - else return 0L; + kdWarning() << "X59_get_pubkey not defined!" << endl; + return 0L; } int KOpenSSLProxy::i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) { if (K_i2d_PublicKey) return (K_i2d_PublicKey)(a,pp); - else return 0; + kdWarning() << "i2d_PublicKey not defined!" << endl; + return 0; } int KOpenSSLProxy::X509_check_private_key(X509 *x, EVP_PKEY *p) { if (K_X509_check_private_key) return (K_X509_check_private_key)(x,p); + kdWarning() << "X509_check_private_key not defined!" << endl; return -1; } char *KOpenSSLProxy::BN_bn2hex(const BIGNUM *a) { if (K_BN_bn2hex) return (K_BN_bn2hex)(a); - else return 0L; + kdWarning() << "BN_bn2hex not defined!" << endl; + return 0L; } int KOpenSSLProxy::X509_digest(const X509 *x,const EVP_MD *t, unsigned char *md, unsigned int *len) { if (K_X509_digest) return (K_X509_digest)(x, t, md, len); - else return -1; + kdWarning() << "X509_digest not defined!" << endl; + return -1; } EVP_MD *KOpenSSLProxy::EVP_md5() { if (K_EVP_md5) return (K_EVP_md5)(); + kdWarning() << "EVP_md5 not defined!" << endl; return 0L; } void KOpenSSLProxy::ASN1_INTEGER_free(ASN1_INTEGER *a) { if (K_ASN1_INTEGER_free) (K_ASN1_INTEGER_free)(a); + else kdWarning() << "ANS1_INTEGER_free not defined!" << endl; } int KOpenSSLProxy::OBJ_obj2nid(ASN1_OBJECT *o) { if (K_OBJ_obj2nid) return (K_OBJ_obj2nid)(o); - else return -1; + kdWarning() << "OBJ_obj2nid not defined!" << endl; + return -1; } const char * KOpenSSLProxy::OBJ_nid2ln(int n) { if (K_OBJ_nid2ln) return (K_OBJ_nid2ln)(n); - else return 0L; + kdWarning() << "OBJ_nid2ln not defined!" << endl; + return 0L; } int KOpenSSLProxy::X509_get_ext_count(X509 *x) { if (K_X509_get_ext_count) return (K_X509_get_ext_count)(x); - else return -1; + kdWarning() << "X509_get_ext_count not defined!" << endl; + return -1; } int KOpenSSLProxy::X509_get_ext_by_NID(X509 *x, int nid, int lastpos) { if (K_X509_get_ext_by_NID) return (K_X509_get_ext_by_NID)(x,nid,lastpos); - else return -1; + kdWarning() << "X509_get_ext_by_NID not defined!" << endl; + return -1; } int KOpenSSLProxy::X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos) { if (K_X509_get_ext_by_OBJ) return (K_X509_get_ext_by_OBJ)(x,obj,lastpos); - else return -1; + kdWarning() << "X509_get_ext_by_OBJ not defined!" << endl; + return -1; } X509_EXTENSION *KOpenSSLProxy::X509_get_ext(X509 *x, int loc) { if (K_X509_get_ext) return (K_X509_get_ext)(x,loc); - else return 0L; + kdWarning() << "X509_get_ext not defined!" << endl; + return 0L; } X509_EXTENSION *KOpenSSLProxy::X509_delete_ext(X509 *x, int loc) { if (K_X509_delete_ext) return (K_X509_delete_ext)(x,loc); - else return 0L; + kdWarning() << "X509_delete_ext not defined!" << endl; + return 0L; } int KOpenSSLProxy::X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) { if (K_X509_add_ext) return (K_X509_add_ext)(x,ex,loc); - else return -1; + kdWarning() << "X509_add_ext not defined!" << endl; + return -1; } void *KOpenSSLProxy::X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) { if (K_X509_get_ext_d2i) return (K_X509_get_ext_d2i)(x,nid,crit,idx); - else return 0L; + kdWarning() << "X509_get_ext_d2i not defined!" << endl; + return 0L; } char *KOpenSSLProxy::i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5) { if (K_i2s_ASN1_OCTET_STRING) return (K_i2s_ASN1_OCTET_STRING)(method,ia5); - else return 0L; + kdWarning() << "i2s_ANS1_OCTET_STRING not defined!" << endl; + return 0L; } int KOpenSSLProxy::ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) { if (K_ASN1_BIT_STRING_get_bit) return (K_ASN1_BIT_STRING_get_bit)(a,n); - else return -1; + kdWarning() << "ANS1_BIT_STRING_get_bit not defined!" << endl; + return -1; } PKCS7 *KOpenSSLProxy::PKCS7_new(void) { if (K_PKCS7_new) return (K_PKCS7_new)(); - else return 0L; + kdWarning() << "PKCS7_new not defined!" << endl; + return 0L; } void KOpenSSLProxy::PKCS7_free(PKCS7 *a) { if (K_PKCS7_free) (K_PKCS7_free)(a); + else kdWarning() << "PKCS7_free not defined!" << endl; } void KOpenSSLProxy::PKCS7_content_free(PKCS7 *a) { if (K_PKCS7_content_free) (K_PKCS7_content_free)(a); + else kdWarning() << "PKCS7_content_free not defined!" << endl; } int KOpenSSLProxy::i2d_PKCS7(PKCS7 *a, unsigned char **pp) { if (K_i2d_PKCS7) return (K_i2d_PKCS7)(a,pp); - else return -1; + kdWarning() << "i2d_PKCS7 not defined!" << endl; + return -1; } PKCS7 *KOpenSSLProxy::d2i_PKCS7(PKCS7 **a, unsigned char **pp,long length) { if (K_d2i_PKCS7) return (K_d2i_PKCS7)(a,pp,length); - else return 0L; + kdWarning() << "d2i_PKCS7 not defined!" << endl; + return 0L; } int KOpenSSLProxy::i2d_PKCS7_fp(FILE *fp,PKCS7 *p7) { if (K_i2d_PKCS7_fp) return (K_i2d_PKCS7_fp)(fp,p7); - else return -1; + kdWarning() << "i2d_PKCS7_fd not defined!" << endl; + return -1; } PKCS7 *KOpenSSLProxy::d2i_PKCS7_fp(FILE *fp,PKCS7 **p7) { if (K_d2i_PKCS7_fp) return (K_d2i_PKCS7_fp)(fp,p7); - else return 0L; + kdWarning() << "d2i_PKCS7_fp not defined!" << endl; + return 0L; } int KOpenSSLProxy::i2d_PKCS7_bio(BIO *bp,PKCS7 *p7) { if (K_i2d_PKCS7_bio) return (K_i2d_PKCS7_bio)(bp, p7); - else return -1; + kdWarning() << "i2d_PKCS7_bio not defined!" << endl; + return -1; } PKCS7 *KOpenSSLProxy::d2i_PKCS7_bio(BIO *bp,PKCS7 **p7) { if (K_d2i_PKCS7_bio) return (K_d2i_PKCS7_bio)(bp, p7); - else return 0L; + kdWarning() << "d2i_PKCS7_bio not defined!" << endl; + return 0L; } PKCS7 *KOpenSSLProxy::PKCS7_dup(PKCS7 *p7) { if (K_PKCS7_dup) return (K_PKCS7_dup)(p7); - else return 0L; + kdWarning() << "PKCS7_dup not defined!" << endl; + return 0L; } PKCS7 *KOpenSSLProxy::PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags) { if (K_PKCS7_sign) return (K_PKCS7_sign)(signcert,pkey,certs,data,flags); - else return 0L; + kdWarning() << "PKCS7_sign not defined!" << endl; + return 0L; } int KOpenSSLProxy::PKCS7_verify(PKCS7* p, STACK_OF(X509)* st, X509_STORE* s, BIO* in, BIO *out, int flags) { if (K_PKCS7_verify) return (K_PKCS7_verify)(p,st,s,in,out,flags); - else return 0; + kdWarning() << "PKCS7_verify not defined!" << endl; + return 0; } STACK_OF(X509) *KOpenSSLProxy::PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) { if (K_PKCS7_get0_signers) return (K_PKCS7_get0_signers)(p7,certs,flags); - else return 0L; + kdWarning() << "PKCS7_get0_signers not defined!" << endl; + return 0L; } PKCS7 *KOpenSSLProxy::PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, int flags) { if (K_PKCS7_encrypt) return (K_PKCS7_encrypt)(certs,in,cipher,flags); - else return 0L; + kdWarning() << "PKCS7_encrypt not defined!" << endl; + return 0L; } int KOpenSSLProxy::PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { if (K_PKCS7_decrypt) return (K_PKCS7_decrypt)(p7,pkey,cert,data,flags); - else return 0; + kdWarning() << "PKCS7_decrypt not defined!" << endl; + return 0; } STACK_OF(X509_NAME) *KOpenSSLProxy::SSL_load_client_CA_file(const char *file) { if (K_SSL_load_client_CA_file) return (K_SSL_load_client_CA_file)(file); - else return 0L; + kdWarning() << "SSL_load_client_CA_file not defined!" << endl; + return 0L; } STACK_OF(X509_INFO) *KOpenSSLProxy::PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) { if (K_PEM_X509_INFO_read) return (K_PEM_X509_INFO_read)(fp,sk,cb,u); - else return 0L; + kdWarning() << "PEM_X509_INFO_read not defined!" << endl; + return 0L; } X509 *KOpenSSLProxy::X509_d2i_fp(FILE *out, X509** buf) { if (K_ASN1_d2i_fp) return reinterpret_cast((K_ASN1_d2i_fp)(reinterpret_cast(K_X509_new), reinterpret_cast(K_d2i_X509), out, reinterpret_cast(buf))); - else return 0L; + kdWarning() << "X509_d2i_fp not defined!" << endl; + return 0L; } int KOpenSSLProxy::SSL_peek(SSL *ssl,void *buf,int num) { if (K_SSL_peek) return (K_SSL_peek)(ssl,buf,num); - else return -1; + kdWarning() << "SSL_peek not defined!" << endl; + return -1; } const char *KOpenSSLProxy::RAND_file_name(char *buf, size_t num) { if (K_RAND_file_name) return (K_RAND_file_name)(buf, num); - else return 0L; + kdWarning() << "RAND_file_name not defined!" << endl; + return 0L; } int KOpenSSLProxy::RAND_load_file(const char *filename, long max_bytes) { if (K_RAND_load_file) return (K_RAND_load_file)(filename, max_bytes); - else return -1; + kdWarning() << "REND_load_file not defined!" << endl; + return -1; } int KOpenSSLProxy::RAND_write_file(const char *filename) { if (K_RAND_write_file) return (K_RAND_write_file)(filename); - else return -1; + kdWarning() << "RAND_write_file not defined!" << endl; + return -1; } int KOpenSSLProxy::X509_PURPOSE_get_count() { if (K_X509_PURPOSE_get_count) return (K_X509_PURPOSE_get_count)(); - else return -1; + kdWarning() << "X509_PURPOSE_get_count not defined!" << endl; + return -1; } int KOpenSSLProxy::X509_PURPOSE_get_id(X509_PURPOSE *p) { if (K_X509_PURPOSE_get_id) return (K_X509_PURPOSE_get_id)(p); - else return -1; + kdWarning() << "X509_PURPOSE_get_id not defined!" << endl; + return -1; } int KOpenSSLProxy::X509_check_purpose(X509 *x, int id, int ca) { if (K_X509_check_purpose) return (K_X509_check_purpose)(x, id, ca); - else return -1; + kdWarning() << "X509_check_purpose not defined!" << endl; + return -1; } X509_PURPOSE *KOpenSSLProxy::X509_PURPOSE_get0(int idx) { if (K_X509_PURPOSE_get0) return (K_X509_PURPOSE_get0)(idx); - else return 0L; + kdWarning() << "X509_PURPOSE_get0 not defined!" << endl; + return 0L; } int KOpenSSLProxy::EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) { if (K_EVP_PKEY_assign) return (K_EVP_PKEY_assign)(pkey, type, key); - else return -1; + kdWarning() << "EVP_PKEY_assign not defined!" << endl; + return -1; } int KOpenSSLProxy::X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) { if (K_X509_REQ_set_pubkey) return (K_X509_REQ_set_pubkey)(x, pkey); - else return -1; + kdWarning() << "X509_REQ_set_pubkey not defined!" << endl; + return -1; +} + + +void KOpenSSLProxy::RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { + if (K_RSA_get0_key) { + (K_RSA_get0_key)(r, n, e, d); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!r) return; + if (n) *n = r->n; + if (e) *e = r->e; + if (d) *d = r->d; + return; +#endif + kdWarning() << "REG_get0_key not defined!" << endl; } RSA* KOpenSSLProxy::RSA_generate_key(int bits, unsigned long e, void (*callback)(int,int,void *), void *cb_arg) { if (K_RSA_generate_key) return (K_RSA_generate_key)(bits, e, callback, cb_arg); - else return 0L; + kdWarning() << "RSA_generate_key not defined!" << endl; + return 0L; +} + + +void KOpenSSLProxy::DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { + if (K_DSA_get0_pqg) { + (K_DSA_get0_pqg)(d, p, q, g); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!d) return; + if (p) *p = d->p; + if (q) *q = d->q; + if (g) *g = d->g; + return; +#endif + kdWarning() << "DSA_get0_pqg not defined!" << endl; } + +void KOpenSSLProxy::DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key) { + if (K_DSA_get0_key) { + (K_DSA_get0_key)(d, pub_key, priv_key); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (!d) return; + if (pub_key) *pub_key = d->pub_key; + if (priv_key) *priv_key = d->priv_key; + return; +#endif + kdWarning() << "DSA_get0_key not defined!" << endl; +} + + STACK *KOpenSSLProxy::X509_get1_email(X509 *x) { if (K_X509_get1_email) return (K_X509_get1_email)(x); - else return 0L; + kdWarning() << "X509_get1_email not defined!" << endl; + return 0L; } void KOpenSSLProxy::X509_email_free(STACK *sk) { if (K_X509_email_free) (K_X509_email_free)(sk); + else kdWarning() << "X509_email_free not defined!" << endl; } EVP_CIPHER *KOpenSSLProxy::EVP_des_ede3_cbc() { if (K_EVP_des_ede3_cbc) return (K_EVP_des_ede3_cbc)(); - else return 0L; + kdWarning() << "EVM_des_ede3_cbc not defined!" << endl; + return 0L; } EVP_CIPHER *KOpenSSLProxy::EVP_des_cbc() { if (K_EVP_des_cbc) return (K_EVP_des_cbc)(); - else return 0L; + kdWarning() << "EVP_des_cbc not defined!" << endl; + return 0L; } EVP_CIPHER *KOpenSSLProxy::EVP_rc2_cbc() { if (K_EVP_rc2_cbc) return (K_EVP_rc2_cbc)(); - else return 0L; + kdWarning() << "EVP_rc2_cbc not defined!" << endl; + return 0L; } EVP_CIPHER *KOpenSSLProxy::EVP_rc2_64_cbc() { if (K_EVP_rc2_64_cbc) return (K_EVP_rc2_64_cbc)(); - else return 0L; + kdWarning() << "EVP_rc2_64_cbc not defined!" << endl; + return 0L; } EVP_CIPHER *KOpenSSLProxy::EVP_rc2_40_cbc() { if (K_EVP_rc2_40_cbc) return (K_EVP_rc2_40_cbc)(); - else return 0L; + kdWarning() << "EVP_rc2_40_cbc not defined!" << endl; + return 0L; } int KOpenSSLProxy::i2d_X509_REQ_fp(FILE *fp, X509_REQ *x) { if (K_i2d_X509_REQ_fp) return (K_i2d_X509_REQ_fp)(fp,x); - else return -1; + kdWarning() << "i2d_X509_REQ_fp not defined!" << endl; + return -1; } void KOpenSSLProxy::ERR_clear_error() { if (K_ERR_clear_error) (K_ERR_clear_error)(); + else kdWarning() << "ERR_clear_error not defined!" << endl; } unsigned long KOpenSSLProxy::ERR_get_error() { if (K_ERR_get_error) return (K_ERR_get_error)(); - else return 0xffffffff; + kdWarning() << "ERR_get_error not defined!" << endl; + return 0xffffffff; } void KOpenSSLProxy::ERR_print_errors_fp(FILE* fp) { if (K_ERR_print_errors_fp) (K_ERR_print_errors_fp)(fp); + else kdWarning() << "ERR_print_errors_fp not defined!" << endl; } SSL_SESSION *KOpenSSLProxy::SSL_get1_session(SSL *ssl) { if (K_SSL_get1_session) return (K_SSL_get1_session)(ssl); - else return 0L; + kdWarning() << "SSL_get1_session not defined!" << endl; + return 0L; } void KOpenSSLProxy::SSL_SESSION_free(SSL_SESSION *session) { if (K_SSL_SESSION_free) (K_SSL_SESSION_free)(session); + else kdWarning() << "SSL_SESSION_free not defined!" << endl; } int KOpenSSLProxy::SSL_set_session(SSL *ssl, SSL_SESSION *session) { if (K_SSL_set_session) return (K_SSL_set_session)(ssl, session); - else return -1; + kdWarning() << "SSL_set_session not defined!" << endl; + return -1; } SSL_SESSION *KOpenSSLProxy::d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length) { if (K_d2i_SSL_SESSION) return (K_d2i_SSL_SESSION)(a, pp, length); - else return 0L; + kdWarning() << "d2i_SSL_SESSION not defined!" << endl; + return 0L; } int KOpenSSLProxy::i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) { if (K_i2d_SSL_SESSION) return (K_i2d_SSL_SESSION)(in, pp); - else return -1; + kdWarning() << "i2d_SSL_SESSION not defined!" << endl; + return -1; } int KOpenSSLProxy::i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *p) { if (K_i2d_PrivateKey_fp) return (K_i2d_PrivateKey_fp)(fp, p); - else return -1; + kdWarning() << "i2d_PrivateKey not defined!" << endl; + return -1; } int KOpenSSLProxy::i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *p, const EVP_CIPHER *c, char *k, int klen, pem_password_cb *cb, void *u) { if (K_i2d_PKCS8PrivateKey_fp) return (K_i2d_PKCS8PrivateKey_fp)(fp, p, c, k, klen, cb, u); - else return -1; + kdWarning() << "i2d_PKCS8PrivateKey_fp not defined!" << endl; + return -1; } void KOpenSSLProxy::RSA_free(RSA *rsa) { if (K_RSA_free) (K_RSA_free)(rsa); + else kdWarning() << "RSA_free not defined!" << endl; } EVP_CIPHER *KOpenSSLProxy::EVP_bf_cbc() { if (K_EVP_bf_cbc) return (K_EVP_bf_cbc)(); + kdWarning() << "EVP_bf_cbc not defined!" << endl; return 0L; } int KOpenSSLProxy::X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { if (K_X509_REQ_sign) return (K_X509_REQ_sign)(x, pkey, md); + kdWarning() << "X509_REQ_sign not defined!" << endl; return -1; } @@ -1584,36 +1929,191 @@ int KOpenSSLProxy::X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) int KOpenSSLProxy::X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set) { if (K_X509_NAME_add_entry_by_txt) return (K_X509_NAME_add_entry_by_txt)(name, field, type, bytes, len, loc, set); + kdWarning() << "X509_NAME_add_entry not defined!" << endl; return -1; } X509_NAME *KOpenSSLProxy::X509_NAME_new() { if (K_X509_NAME_new) return (K_X509_NAME_new)(); + kdWarning() << "X509_NAME_new not defined!" << endl; return 0L; } int KOpenSSLProxy::X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name) { if (K_X509_REQ_set_subject_name) return (K_X509_REQ_set_subject_name)(req, name); + kdWarning() << "X509_REQ_set_subject_name not defined!" << endl; return -1; } unsigned char *KOpenSSLProxy::ASN1_STRING_data(ASN1_STRING *x) { if (K_ASN1_STRING_data) return (K_ASN1_STRING_data)(x); + kdWarning() << "ASN1_STRING_data not defined!" << endl; return 0L; } int KOpenSSLProxy::ASN1_STRING_length(ASN1_STRING *x) { if (K_ASN1_STRING_length) return (K_ASN1_STRING_length)(x); + kdWarning() << "ASN1_STRING_length not defined!" << endl; return 0L; } STACK_OF(SSL_CIPHER) *KOpenSSLProxy::SSL_get_ciphers(const SSL* ssl) { if (K_SSL_get_ciphers) return (K_SSL_get_ciphers)(ssl); + kdWarning() << "SSL_get_ciphers not defined!" << endl; return 0L; } +const ASN1_TIME* KOpenSSLProxy::X509_CRL_get0_lastUpdate(const X509_CRL *crl) { + if (K_X509_CRL_get0_lastUpdate) return (K_X509_CRL_get0_lastUpdate)(crl); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return X509_CRL_get_lastUpdate(crl); #endif + kdWarning() << "X509_CRL_get_lastUpdate not defined!" << endl; + return 0L; +} + +const ASN1_TIME* KOpenSSLProxy::X509_CRL_get0_nextUpdate(const X509_CRL *crl) { + if (K_X509_CRL_get0_nextUpdate) return (K_X509_CRL_get0_nextUpdate)(crl); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return X509_CRL_get_nextUpdate(crl); +#endif + kdWarning() << "X509_CRL_get_nextUpdate not defined!" << endl; + return 0L; +} + +X509* KOpenSSLProxy::X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) { + if (K_X509_STORE_CTX_get_current_cert) return (K_X509_STORE_CTX_get_current_cert)(ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return ctx->current_cert; +#endif + kdWarning() << "X509_STORE_CTX_get_current_cert not defined!" << endl; + return 0L; +} + +int KOpenSSLProxy::X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) { + if (K_X509_STORE_CTX_get_error) return (K_X509_STORE_CTX_get_error)(ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return ctx->error; +#endif + kdWarning() << "X509k_STORE_CTX_get_error not defined!" << endl; + return -1; +} +int KOpenSSLProxy::X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) { + if (K_X509_STORE_CTX_get_error_depth) return (K_X509_STORE_CTX_get_error_depth)(ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return ctx->error_depth; +#endif + kdWarning() << "X509_STORE_CTX_get_error_depth not defined!" << endl; + return -1; +} + +void KOpenSSLProxy::X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s) { + if (K_X509_STORE_CTX_set_error) { + (K_X509_STORE_CTX_set_error)(ctx, s); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + ctx->error = s; + return; +#endif + kdWarning() << "X509_STORE_CTX_set_error not defined!" << endl; +} + +void KOpenSSLProxy::X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb) { + if (K_X509_STORE_set_verify_cb) { + (K_X509_STORE_set_verify_cb)(ctx, verify_cb); + return; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000L + X509_STORE_set_verify_cb_func(ctx, verify_cb); + return; +#endif + kdWarning() << "X590_STORE_set_verify_cb not defined!" << endl; +} + +STACK_OF(X509_OBJECT)* KOpenSSLProxy::X509_STORE_get0_objects(X509_STORE *v) { + if (K_X509_STORE_get0_objects) return (K_X509_STORE_get0_objects)(v); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return v->objs; +#endif + kdWarning() << "X509_STORE_get0_objects not defined!" << endl; +} + +X509_LOOKUP_TYPE KOpenSSLProxy::X509_OBJECT_get_type(const X509_OBJECT *a) { + if (K_X509_OBJECT_get_type) return (K_X509_OBJECT_get_type)(a); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return a->type; +#endif + kdWarning() << "X509_OBJECT_get_type not defined!" << endl; +} + +X509* KOpenSSLProxy::X509_OBJECT_get0_X509(const X509_OBJECT *a) { + if (K_X509_OBJECT_get0_X509) return (K_X509_OBJECT_get0_X509)(a); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return a->data.x509; +#endif + kdWarning() << "X509_OBJECT_get0_X509 not defined!" << endl; +} + + +ASN1_TIME* KOpenSSLProxy::X509_getm_notAfter(const X509 *x) { + if (K_X509_getm_notAfter) return (K_X509_getm_notAfter)(x); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return X509_get_notAfter(x); +#endif + kdWarning() << "X509_get_notAfter not defined!" << endl; + return 0L; +} + +ASN1_TIME* KOpenSSLProxy::X509_getm_notBefore(const X509 *x) { + if (K_X509_getm_notBefore) return (K_X509_getm_notBefore)(x); +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return X509_get_notBefore(x); +#endif + kdWarning() << "X509_get_notBefore not defined!" << endl; + return 0L; +} + +/* cover KOpenSSLProxy API compatibility */ +STACK* KOpenSSLProxy::sk_dup(const STACK *s) { + return OPENSSL_sk_dup(s); +} + +void KOpenSSLProxy::sk_free(STACK *s) { + OPENSSL_sk_free(s); +} + +STACK* KOpenSSLProxy::sk_new(int (*cmp)()) { + return OPENSSL_sk_new(cmp); +} + +int KOpenSSLProxy::sk_num(STACK *s) { + return OPENSSL_sk_num(s); +} + +char* KOpenSSLProxy::sk_pop(STACK *s) { + return OPENSSL_sk_pop(s); +} + +int KOpenSSLProxy::sk_push(STACK *s, char *d) { + return OPENSSL_sk_push(s, d); +} + +char* KOpenSSLProxy::sk_value(STACK *s, int n) { + return OPENSSL_sk_value(s, n); +} + +void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) { + X509_STORE_CTX_set0_untrusted(v, x); +} + +SSL_METHOD* KOpenSSLProxy::SSLv23_client_method() { + return TLS_client_method(); +} + +#endif diff --git a/tdeio/kssl/kopenssl.h b/tdeio/kssl/kopenssl.h index 6185821a4..be335b199 100644 --- a/tdeio/kssl/kopenssl.h +++ b/tdeio/kssl/kopenssl.h @@ -48,13 +48,22 @@ class KOpenSSLProxyPrivate; #include #include #undef crypt +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#define STACK OPENSSL_STACK +#else #if OPENSSL_VERSION_NUMBER >= 0x10000000L #define STACK _STACK #endif #endif +#endif #include +#if OPENSSL_VERSION_NUMBER < 0x10100000L +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +typedef int X509_LOOKUP_TYPE; +#endif + /** * Dynamically load and wrap OpenSSL. * @@ -178,17 +187,14 @@ public: */ SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); - /* - * SSL_set_options - manipulate SSL engine options - * Note: These are all mapped to SSL_ctrl so call them as the comment - * specifies but know that they use SSL_ctrl. They are #define - * so they will map to the one in this class if called as a - * member function of this class. - */ - /* long SSL_set_options(SSL *ssl, long options); */ - /* Returns 0 if not reused, 1 if session id is reused */ - /* int SSL_session_reused(SSL *ssl); */ - long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); + /* SSL_set_options - manipulate SSL engine options */ + long _SSL_set_options(SSL *ssl, long options); + + /* Returns 0 if not reused, 1 if session id is reused */ + int _SSL_session_reused(SSL *ssl); + + /* SSL control */ + long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); /* * RAND_egd - set the path to the EGD @@ -233,9 +239,9 @@ public: /* - * SSLv23_client_method - return a SSLv23 client method object + * TLS_client_method - return client method object */ - SSL_METHOD *SSLv23_client_method(); + SSL_METHOD *TLS_client_method(); /* @@ -309,12 +315,38 @@ public: int X509_cmp(X509 *a, X509 *b); + /* + * X509_subject_name_cmp - compare subject name of two X509 objects + */ + int X509_subject_name_cmp(const X509 *a, const X509 *b); + + /* * X509_dup - duplicate an X509 object */ X509 *X509_dup(X509 *x509); + /* + * X509_get0_signature - get signature and algorithm + */ + void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); + + + + /* + * + */ + ASN1_TIME *X509_getm_notAfter(const X509 *x); + + + /* + * + */ + ASN1_TIME *X509_getm_notBefore(const X509 *x); + + /* * X509_STORE_CTX_new - create an X509 store context */ @@ -328,15 +360,66 @@ public: /* - * X509_STORE_CTX_set_chain - set the certificate chain + * X509_STORE_CTX_set0_untrusted - set the certificate chain */ - void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x); + void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *v, STACK_OF(X509)* x); + /* * X509_STORE_CTX_set_purpose - set the purpose of the certificate */ void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose); + + /* + * + */ + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + + + /* + * + */ + int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + + + /* + * + */ + int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + + + /* + * + */ + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); + + + /* + * + */ + void X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb); + + + /* + * + */ + STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); + + + /* + * + */ + X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); + + + /* + * + */ + X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); + + /* * X509_verify_cert - verify the certificate */ @@ -366,6 +449,18 @@ public: void X509_CRL_free(X509_CRL *v); + /* + * + */ + const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); + + + /* + * + */ + const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); + + /* * X509_NAME_oneline - return the X509 data in a string */ @@ -454,6 +549,11 @@ public: */ int BIO_write(BIO *b, const void *data, int len); + /* + * BIO_get_data - retrieve (custom) data from BIO + */ + void *BIO_get_data(BIO *a); + /* * PEM_write_bio_X509 - write a PEM encoded cert to a BIO* */ @@ -536,53 +636,51 @@ public: /* * Pop off the stack */ - char *sk_pop(STACK *s); + char *OPENSSL_sk_pop(STACK *s); + + char *OPENSSL_sk_pop(void *s) { return OPENSSL_sk_pop(reinterpret_cast(s)); } /* * Free the stack */ - void sk_free(STACK *s); + void OPENSSL_sk_free(STACK *s); -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - void sk_free(void *s) { return sk_free(reinterpret_cast(s)); } -#endif + void OPENSSL_sk_free(void *s) { OPENSSL_sk_free(reinterpret_cast(s)); } /* * Number of elements in the stack */ - int sk_num(STACK *s); + int OPENSSL_sk_num(STACK *s); + int OPENSSL_sk_num(void *s) { return OPENSSL_sk_num(reinterpret_cast(s)); } /* * Value of element n in the stack */ - char *sk_value(STACK *s, int n); + char *OPENSSL_sk_value(STACK *s, int n); -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - char *sk_value(void *s, int n) { return sk_value(reinterpret_cast(s), n); } -#endif + char *OPENSSL_sk_value(void *s, int n) { return OPENSSL_sk_value(reinterpret_cast(s), n); } /* * Create a new stack */ - STACK *sk_new(int (*cmp)()); + STACK *OPENSSL_sk_new(int (*cmp)()); /* * Add an element to the stack */ - int sk_push(STACK *s, char *d); + int OPENSSL_sk_push(STACK *s, char *d); -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - int sk_push(void *s, void *d) { return sk_push(reinterpret_cast(s), reinterpret_cast(d)); } -#endif + int OPENSSL_sk_push(void *s, void *d) { return OPENSSL_sk_push(reinterpret_cast(s), reinterpret_cast(d)); } /* * Duplicate the stack */ - STACK *sk_dup(STACK *s); + STACK *OPENSSL_sk_dup(const STACK *s); + STACK *OPENSSL_sk_dup(const void *s) { return OPENSSL_sk_dup(reinterpret_cast(s)); } /* * Convert an ASN1_INTEGER to it's text form @@ -823,12 +921,37 @@ public: EVP_PKEY* EVP_PKEY_new(); + /* + * Get EVP private key type + */ + int EVP_PKEY_base_id(const EVP_PKEY *pkey); + + /* * Assign a private key */ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); + /* + * Get RSA key + */ + RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); + + + /* + * Get DSA key + */ + DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); + + + /* + * RSA_get0_key - retreive key parameters + */ + void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); + + /* * Generate a RSA key */ @@ -836,6 +959,20 @@ public: (*callback)(int,int,void *), void *cb_arg); + /* + * DSA_get0_pqg - retreive key parameters + */ + void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); + + + /* + * DSA_get0_key - retreive key + */ + void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key); + + /* * Create/destroy a certificate request */ @@ -912,6 +1049,29 @@ public: /* get list of available SSL_CIPHER's sorted by preference */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL* ssl); + + /* cover KOpenSSLProxy API compatibility */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_API_COMPAT < 0x10100000L +# undef sk_dup +# undef sk_free +# undef sk_new +# undef sk_num +# undef sk_pop +# undef sk_push +# undef sk_value +# undef X509_STORE_CTX_set_chain +# undef SSLv23_client_method +#endif + STACK *sk_dup(const STACK *s) KDE_DEPRECATED; + void sk_free(STACK *s) KDE_DEPRECATED; + STACK *sk_new(int (*cmp)()) KDE_DEPRECATED; + int sk_num(STACK *s) KDE_DEPRECATED; + char *sk_pop(STACK *s) KDE_DEPRECATED; + int sk_push(STACK *s, char *d) KDE_DEPRECATED; + char *sk_value(STACK *s, int n) KDE_DEPRECATED; + void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) KDE_DEPRECATED; + SSL_METHOD *SSLv23_client_method() KDE_DEPRECATED; + #endif private: diff --git a/tdeio/kssl/ksmimecrypto.cc b/tdeio/kssl/ksmimecrypto.cc index 1a9e37e60..92318b9f0 100644 --- a/tdeio/kssl/ksmimecrypto.cc +++ b/tdeio/kssl/ksmimecrypto.cc @@ -38,15 +38,6 @@ #endif -// forward included macros to KOpenSSLProxy -#define sk_new kossl->sk_new -#define sk_free kossl->sk_free -#define sk_push kossl->sk_push -#define sk_value kossl->sk_value -#define sk_num kossl->sk_num -#define BIO_ctrl kossl->BIO_ctrl - - #ifdef KSSL_HAVE_SSL static const char eot = 0; @@ -87,10 +78,10 @@ KSMIMECryptoPrivate::KSMIMECryptoPrivate(KOpenSSLProxy *kossl): kossl(kossl) { STACK_OF(X509) *KSMIMECryptoPrivate::certsToX509(TQPtrList &certs) { - STACK_OF(X509) *x509 = reinterpret_cast(sk_new(NULL)); + STACK_OF(X509) *x509 = reinterpret_cast(kossl->OPENSSL_sk_new(NULL)); KSSLCertificate *cert = certs.first(); while(cert) { - sk_X509_push(x509, cert->getCert()); + kossl->OPENSSL_sk_push(x509, cert->getCert()); cert = certs.next(); } return x509; @@ -111,7 +102,7 @@ KSMIMECrypto::rc KSMIMECryptoPrivate::signMessage(BIO *clearText, PKCS7 *p7 = kossl->PKCS7_sign(privKey.getCertificate()->getCert(), privKey.getPrivateKey(), other, clearText, flags); - if (other) sk_X509_free(other); + if (other) kossl->OPENSSL_sk_free(other); if (!p7) return sslErrToRc(); @@ -154,7 +145,7 @@ KSMIMECrypto::rc KSMIMECryptoPrivate::encryptMessage(BIO *clearText, PKCS7 *p7 = kossl->PKCS7_encrypt(certs, clearText, cipher, 0); - sk_X509_free(certs); + kossl->OPENSSL_sk_free(certs); if (!p7) return sslErrToRc(); @@ -192,14 +183,14 @@ KSMIMECrypto::rc KSMIMECryptoPrivate::checkSignature(BIO *clearText, X509_STORE *dummystore = kossl->X509_STORE_new(); if (kossl->PKCS7_verify(p7, NULL, dummystore, in, out, PKCS7_NOVERIFY)) { STACK_OF(X509) *signers = kossl->PKCS7_get0_signers(p7, 0, PKCS7_NOVERIFY); - int num = sk_X509_num(signers); + int num = kossl->OPENSSL_sk_num(signers); for(int n=0; n(kossl->OPENSSL_sk_value(signers, n))); recip.append(signer); } - sk_X509_free(signers); + kossl->OPENSSL_sk_free(signers); rc = KSMIMECrypto::KSC_R_OK; } else { rc = sslErrToRc(); @@ -236,13 +227,14 @@ KSMIMECrypto::rc KSMIMECryptoPrivate::decryptMessage(BIO *cipherText, void KSMIMECryptoPrivate::MemBIOToQByteArray(BIO *src, TQByteArray &dest) { char *buf; - long len = BIO_get_mem_data(src, &buf); + long len = kossl->BIO_get_mem_data(src, &buf); dest.assign(buf, len); /* Now this goes quite a bit into openssl internals. We assume that openssl uses malloc() (it does in default config) and rip out the buffer. */ - reinterpret_cast(src->ptr)->data = NULL; + void *ptr = kossl->BIO_get_data(src); + reinterpret_cast(ptr)->data = NULL; } @@ -422,3 +414,4 @@ KSMIMECrypto::rc KSMIMECrypto::decryptMessage(const TQByteArray &cipherText, return KSC_R_NO_SSL; #endif } + diff --git a/tdeio/kssl/kssl.cc b/tdeio/kssl/kssl.cc index 874da6aa6..c579471b0 100644 --- a/tdeio/kssl/kssl.cc +++ b/tdeio/kssl/kssl.cc @@ -51,7 +51,6 @@ #include #include -#define sk_dup d->kossl->sk_dup class KSSLPrivate { public: @@ -180,7 +179,7 @@ bool KSSL::initialize() { d->m_meth = d->kossl->TLSv1_client_method(); else if (!m_cfg->tlsv1() && m_cfg->sslv3() && !m_cfg->sslv2()) d->m_meth = d->kossl->SSLv3_client_method(); - else d->m_meth = d->kossl->SSLv23_client_method(); + else d->m_meth = d->kossl->TLS_client_method(); /* if (m_cfg->sslv2() && m_cfg->sslv3()) kdDebug(7029) << "Double method" << endl; @@ -207,7 +206,7 @@ return false; } -bool KSSL::setSession(const KSSLSession *session) { +bool KSSL::takeSession(KSSLSession *session) { #ifdef KSSL_HAVE_SSL if (!session) { delete d->session; @@ -215,11 +214,10 @@ bool KSSL::setSession(const KSSLSession *session) { return true; } - // Obtain a reference by incrementing the reference count. Yuck. - static_cast(session->_session)->references++; - + // Take session reference d->session = new KSSLSession; d->session->_session = session->_session; + session->_session = 0L; return true; #else @@ -284,12 +282,16 @@ int rc; return -1; if (d->session) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L if (static_cast(d->session->_session)->sess_cert == 0) { kdDebug(7029) << "Can't reuse session, no certificate." << endl; delete d->session; d->session = 0; - } else if (1 == d->kossl->SSL_set_session(d->m_ssl, + } + else +#endif + if (1 == d->kossl->SSL_set_session(d->m_ssl, static_cast(d->session->_session))) { kdDebug(7029) << "Session ID is being reused." << endl; } else { @@ -316,7 +318,7 @@ int rc; if (!m_cfg->sslv2()) off |= SSL_OP_NO_SSLv2; - d->kossl->SSL_set_options(d->m_ssl, off); + d->kossl->_SSL_set_options(d->m_ssl, off); rc = d->kossl->SSL_set_fd(d->m_ssl, sock); if (rc == 0) { @@ -341,7 +343,7 @@ int rc; return -1; } - if (!d->kossl->SSL_session_reused(d->m_ssl)) { + if (!d->kossl->_SSL_session_reused(d->m_ssl)) { if (d->session) { kdDebug(7029) << "Session reuse failed. New session used instead." << endl; delete d->session; @@ -375,12 +377,16 @@ int rc; return -1; if (d->session) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L if (static_cast(d->session->_session)->sess_cert == 0) { kdDebug(7029) << "Can't reuse session, no certificate." << endl; delete d->session; d->session = 0; - } else if (1 == d->kossl->SSL_set_session(d->m_ssl, + } + else +#endif + if (1 == d->kossl->SSL_set_session(d->m_ssl, static_cast(d->session->_session))) { kdDebug(7029) << "Session ID is being reused." << endl; } else { @@ -407,7 +413,7 @@ int rc; if (!m_cfg->sslv2()) off |= SSL_OP_NO_SSLv2; - d->kossl->SSL_set_options(d->m_ssl, off); + d->kossl->_SSL_set_options(d->m_ssl, off); rc = d->kossl->SSL_set_fd(d->m_ssl, sock); if (rc == 0) { @@ -441,7 +447,7 @@ connect_again: } } - if (!d->kossl->SSL_session_reused(d->m_ssl)) { + if (!d->kossl->_SSL_session_reused(d->m_ssl)) { if (d->session) { kdDebug(7029) << "Session reuse failed. New session used instead." << endl; delete d->session; @@ -613,7 +619,7 @@ void KSSL::setPeerInfo() { m_pi.m_cert.setCert(d->kossl->SSL_get_peer_certificate(d->m_ssl)); STACK_OF(X509) *xs = d->kossl->SSL_get_peer_cert_chain(d->m_ssl); if (xs) - xs = sk_X509_dup(xs); // Leak? + xs = reinterpret_cast(d->kossl->OPENSSL_sk_dup(xs)); // Leak? m_pi.m_cert.setChain((void *)xs); #endif } @@ -671,18 +677,15 @@ EVP_PKEY *k = pkcs->getPrivateKey(); #endif } -#undef sk_dup - const KSSLSession* KSSL::session() const { return d->session; } bool KSSL::reusingSession() const { #ifdef KSSL_HAVE_SSL - return (d->m_ssl && d->kossl->SSL_session_reused(d->m_ssl)); + return (d->m_ssl && d->kossl->_SSL_session_reused(d->m_ssl)); #else return false; #endif } - diff --git a/tdeio/kssl/kssl.h b/tdeio/kssl/kssl.h index e10b10eaf..37ee5017b 100644 --- a/tdeio/kssl/kssl.h +++ b/tdeio/kssl/kssl.h @@ -82,16 +82,15 @@ public: bool TLSInit(); /** - * Set an SSL session to use. This deep copies the session so it - * doesn't have to remain valid. You need to call it after calling - * initialize or reInitialize. The ID is cleared in close(). + * Set an SSL session to use. This takes the session from the original + * KSSL object, so it is in fact a session move operation. * * @param session A valid session to reuse. If 0L, it will clear the * session ID in memory. * * @return true on success */ - bool setSession(const KSSLSession *session); + bool takeSession(KSSLSession *session); /** * Close the SSL session. diff --git a/tdeio/kssl/ksslcallback.c b/tdeio/kssl/ksslcallback.c index 59f342584..1a105db3f 100644 --- a/tdeio/kssl/ksslcallback.c +++ b/tdeio/kssl/ksslcallback.c @@ -27,8 +27,9 @@ bool KSSL_X509CallBack_ca_found; extern "C" { static int X509Callback(int ok, X509_STORE_CTX *ctx) { - - kdDebug(7029) << "X509Callback: ok = " << ok << " error = " << ctx->error << " depth = " << ctx->error_depth << endl; + + kdDebug(7029) << "X509Callback: ok = " << ok << " error = " << KOSSL::self()->X509_STORE_CTX_get_error(ctx) << " depth = " + << KOSSL::self()->X509_STORE_CTX_get_error_depth(ctx) << endl; // Here is how this works. We put "ok = 1;" in any case that we // don't consider to be an error. In that case, it will return OK // for the certificate check as long as there are no other critical @@ -39,14 +40,20 @@ static int X509Callback(int ok, X509_STORE_CTX *ctx) { if (KSSL_X509CallBack_ca) { - if (KOSSL::self()->X509_cmp(ctx->current_cert, KSSL_X509CallBack_ca) != 0) + if (KOSSL::self()->X509_cmp(KOSSL::self()->X509_STORE_CTX_get_current_cert(ctx), KSSL_X509CallBack_ca) != 0 && + /* + * With OpenSSL >= 1.1 certificate in chain can be replaced by a certificate from the local certificate store. + * It is therefore necessary to compare the subject name, rather than the entire certificate. + */ + KOSSL::self()->X509_subject_name_cmp(KOSSL::self()->X509_STORE_CTX_get_current_cert(ctx), KSSL_X509CallBack_ca) != 0) { return 1; // Ignore errors for this certificate + } KSSL_X509CallBack_ca_found = true; } if (!ok) { - switch (ctx->error) { + switch (KOSSL::self()->X509_STORE_CTX_get_error(ctx)) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: case X509_V_ERR_UNABLE_TO_GET_CRL: case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: diff --git a/tdeio/kssl/ksslcertchain.cc b/tdeio/kssl/ksslcertchain.cc index a401aec3d..4f14e4be1 100644 --- a/tdeio/kssl/ksslcertchain.cc +++ b/tdeio/kssl/ksslcertchain.cc @@ -44,17 +44,6 @@ #include - -#ifdef KSSL_HAVE_SSL -#define sk_new d->kossl->sk_new -#define sk_push d->kossl->sk_push -#define sk_free d->kossl->sk_free -#define sk_value d->kossl->sk_value -#define sk_num d->kossl->sk_num -#define sk_dup d->kossl->sk_dup -#define sk_pop d->kossl->sk_pop -#endif - class KSSLCertChainPrivate { public: KSSLCertChainPrivate() { @@ -79,11 +68,11 @@ KSSLCertChain::~KSSLCertChain() { STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; for (;;) { - X509* x5 = sk_X509_pop(x); + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(x)); if (!x5) break; d->kossl->X509_free(x5); } - sk_X509_free(x); + d->kossl->OPENSSL_sk_free(x); } #endif delete d; @@ -107,7 +96,7 @@ return x; int KSSLCertChain::depth() { #ifdef KSSL_HAVE_SSL - return sk_X509_num((STACK_OF(X509)*)_chain); + return d->kossl->OPENSSL_sk_num((STACK_OF(X509)*)_chain); #endif return 0; } @@ -119,8 +108,8 @@ if (!_chain) return cl; #ifdef KSSL_HAVE_SSL STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; - for (int i = 0; i < sk_X509_num(x); i++) { - X509* x5 = sk_X509_value(x, i); + for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) { + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_value(x, i)); if (!x5) continue; KSSLCertificate *nc = new KSSLCertificate; nc->setCert(d->kossl->X509_dup(x5)); @@ -138,18 +127,18 @@ if (_chain) { STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; for (;;) { - X509* x5 = sk_X509_pop(x); + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(x)); if (!x5) break; d->kossl->X509_free(x5); } - sk_X509_free(x); + d->kossl->OPENSSL_sk_free(x); _chain = NULL; } if (chain.count() == 0) return; - _chain = (void *)sk_new(NULL); + _chain = reinterpret_cast(d->kossl->OPENSSL_sk_new(NULL)); for (KSSLCertificate *x = chain.first(); x != 0; x = chain.next()) { - sk_X509_push((STACK_OF(X509)*)_chain, d->kossl->X509_dup(x->getCert())); + d->kossl->OPENSSL_sk_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x->getCert())); } #endif @@ -158,31 +147,31 @@ if (_chain) { void KSSLCertChain::setChain(void *stack_of_x509) { #ifdef KSSL_HAVE_SSL -if (_chain) { - STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; - - for (;;) { - X509* x5 = sk_X509_pop(x); - if (!x5) break; - d->kossl->X509_free(x5); + if (_chain) { + STACK_OF(X509) *x = (STACK_OF(X509) *)_chain; + + for (;;) { + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_pop(x)); + if (!x5) break; + d->kossl->X509_free(x5); + } + d->kossl->OPENSSL_sk_free(x); + _chain = NULL; } - sk_X509_free(x); - _chain = NULL; -} -if (!stack_of_x509) return; + if (!stack_of_x509) return; -_chain = (void *)sk_new(NULL); -STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509; + _chain = reinterpret_cast(d->kossl->OPENSSL_sk_new(NULL)); + STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509; - for (int i = 0; i < sk_X509_num(x); i++) { - X509* x5 = sk_X509_value(x, i); + for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) { + X509* x5 = reinterpret_cast(d->kossl->OPENSSL_sk_value(x, i)); if (!x5) continue; - sk_X509_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5)); + d->kossl->OPENSSL_sk_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5)); } #else -_chain = NULL; + _chain = NULL; #endif } @@ -203,14 +192,3 @@ void KSSLCertChain::setCertChain(const TQStringList& chain) { setChain(cl); } - -#ifdef KSSL_HAVE_SSL -#undef sk_new -#undef sk_push -#undef sk_free -#undef sk_value -#undef sk_num -#undef sk_dup -#undef sk_pop -#endif - diff --git a/tdeio/kssl/ksslcertificate.cc b/tdeio/kssl/ksslcertificate.cc index 2b7bed2bb..2df78fef7 100644 --- a/tdeio/kssl/ksslcertificate.cc +++ b/tdeio/kssl/ksslcertificate.cc @@ -198,7 +198,7 @@ TQString rc = ""; if (!t) return rc; rc = t; - d->kossl->OPENSSL_free(t); + d->kossl->CRYPTO_free(t); #endif return rc; } @@ -225,14 +225,17 @@ TQString rc = ""; char *s; int n, i; - i = d->kossl->OBJ_obj2nid(d->m_cert->sig_alg->algorithm); + const ASN1_BIT_STRING *signature = 0L; + const X509_ALGOR *sig_alg = 0L; + d->kossl->X509_get0_signature(&signature, &sig_alg, d->m_cert); + i = d->kossl->OBJ_obj2nid(sig_alg->algorithm); rc = i18n("Signature Algorithm: "); rc += (i == NID_undef)?i18n("Unknown"):TQString(d->kossl->OBJ_nid2ln(i)); rc += "\n"; rc += i18n("Signature Contents:"); - n = d->m_cert->signature->length; - s = (char *)d->m_cert->signature->data; + n = signature->length; + s = (char *)signature->data; for (i = 0; i < n; i++) { if (i%20 != 0) rc += ":"; else rc += "\n"; @@ -254,8 +257,8 @@ void KSSLCertificate::getEmails(TQStringList &to) const { STACK *s = d->kossl->X509_get1_email(d->m_cert); if (s) { - for(int n=0; n < s->num; n++) { - to.append(d->kossl->sk_value(s,n)); + for(int n=0; n < d->kossl->OPENSSL_sk_num(s); n++) { + to.append(d->kossl->OPENSSL_sk_value(s,n)); } d->kossl->X509_email_free(s); } @@ -336,12 +339,12 @@ TQString rc = ""; EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert); if (pkey) { #ifndef NO_RSA - if (pkey->type == EVP_PKEY_RSA) + if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) rc = "RSA"; else #endif #ifndef NO_DSA - if (pkey->type == EVP_PKEY_DSA) + if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) rc = "DSA"; else #endif @@ -364,10 +367,14 @@ char *x = NULL; if (pkey) { rc = i18n("Unknown", "Unknown key algorithm"); #ifndef NO_RSA - if (pkey->type == EVP_PKEY_RSA) { + if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) { rc = i18n("Key type: RSA (%1 bit)") + "\n"; - x = d->kossl->BN_bn2hex(pkey->pkey.rsa->n); + RSA *pkey_rsa = d->kossl->EVP_PKEY_get0_RSA(pkey); + const BIGNUM *bn_n = 0L; + const BIGNUM *bn_e = 0L; + d->kossl->RSA_get0_key(pkey_rsa, &bn_n, &bn_e, NULL); + x = d->kossl->BN_bn2hex(bn_n); rc += i18n("Modulus: "); rc = rc.arg(strlen(x)*4); for (unsigned int i = 0; i < strlen(x); i++) { @@ -378,18 +385,26 @@ char *x = NULL; rc += x[i]; } rc += "\n"; - d->kossl->OPENSSL_free(x); + d->kossl->CRYPTO_free(x); - x = d->kossl->BN_bn2hex(pkey->pkey.rsa->e); + x = d->kossl->BN_bn2hex(bn_e); rc += i18n("Exponent: 0x") + x + "\n"; - d->kossl->OPENSSL_free(x); + d->kossl->CRYPTO_free(x); } #endif #ifndef NO_DSA - if (pkey->type == EVP_PKEY_DSA) { + if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) { rc = i18n("Key type: DSA (%1 bit)") + "\n"; - x = d->kossl->BN_bn2hex(pkey->pkey.dsa->p); + DSA *pkey_dsa = d->kossl->EVP_PKEY_get0_DSA(pkey); + const BIGNUM *bn_p = 0L; + const BIGNUM *bn_q = 0L; + const BIGNUM *bn_g = 0L; + const BIGNUM *bn_pub_key = 0L; + d->kossl->DSA_get0_pqg(pkey_dsa, &bn_p, &bn_q, &bn_g); + d->kossl->DSA_get0_key(pkey_dsa, &bn_pub_key, NULL); + + x = d->kossl->BN_bn2hex(bn_p); rc += i18n("Prime: "); // hack - this may not be always accurate rc = rc.arg(strlen(x)*4) ; @@ -401,9 +416,9 @@ char *x = NULL; rc += x[i]; } rc += "\n"; - d->kossl->OPENSSL_free(x); + d->kossl->CRYPTO_free(x); - x = d->kossl->BN_bn2hex(pkey->pkey.dsa->q); + x = d->kossl->BN_bn2hex(bn_q); rc += i18n("160 bit prime factor: "); for (unsigned int i = 0; i < strlen(x); i++) { if (i%40 != 0 && i%2 == 0) @@ -413,9 +428,9 @@ char *x = NULL; rc += x[i]; } rc += "\n"; - d->kossl->OPENSSL_free(x); + d->kossl->CRYPTO_free(x); - x = d->kossl->BN_bn2hex(pkey->pkey.dsa->g); + x = d->kossl->BN_bn2hex(bn_g); rc += TQString("g: "); for (unsigned int i = 0; i < strlen(x); i++) { if (i%40 != 0 && i%2 == 0) @@ -425,9 +440,9 @@ char *x = NULL; rc += x[i]; } rc += "\n"; - d->kossl->OPENSSL_free(x); + d->kossl->CRYPTO_free(x); - x = d->kossl->BN_bn2hex(pkey->pkey.dsa->pub_key); + x = d->kossl->BN_bn2hex(bn_pub_key); rc += i18n("Public key: "); for (unsigned int i = 0; i < strlen(x); i++) { if (i%40 != 0 && i%2 == 0) @@ -437,7 +452,7 @@ char *x = NULL; rc += x[i]; } rc += "\n"; - d->kossl->OPENSSL_free(x); + d->kossl->CRYPTO_free(x); } #endif d->kossl->EVP_PKEY_free(pkey); @@ -459,7 +474,7 @@ TQString rc = ""; return rc; rc = t; - d->kossl->OPENSSL_free(t); + d->kossl->CRYPTO_free(t); #endif return rc; @@ -696,7 +711,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi return errors; } - X509_STORE_set_verify_cb_func(certStore, X509Callback); + d->kossl->X509_STORE_set_verify_cb(certStore, X509Callback); certLookup = d->kossl->X509_STORE_add_lookup(certStore, d->kossl->X509_LOOKUP_file()); if (!certLookup) { @@ -727,7 +742,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi d->kossl->X509_STORE_CTX_init(certStoreCTX, certStore, d->m_cert, NULL); if (d->_chain.isValid()) { - d->kossl->X509_STORE_CTX_set_chain(certStoreCTX, (STACK_OF(X509)*)d->_chain.rawChain()); + d->kossl->X509_STORE_CTX_set0_untrusted(certStoreCTX, (STACK_OF(X509)*)d->_chain.rawChain()); } //kdDebug(7029) << "KSSL setting CRL.............." << endl; @@ -738,9 +753,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi KSSL_X509CallBack_ca = ca ? ca->d->m_cert : 0; KSSL_X509CallBack_ca_found = false; - certStoreCTX->error = X509_V_OK; + d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK); d->kossl->X509_verify_cert(certStoreCTX); - int errcode = certStoreCTX->error; + int errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX); if (ca && !KSSL_X509CallBack_ca_found) { ksslv = KSSLCertificate::Irrelevant; } else { @@ -753,9 +768,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, X509_PURPOSE_NS_SSL_SERVER); - certStoreCTX->error = X509_V_OK; + d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK); d->kossl->X509_verify_cert(certStoreCTX); - errcode = certStoreCTX->error; + errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX); ksslv = processError(errcode); } d->kossl->X509_STORE_CTX_free(certStoreCTX); @@ -888,7 +903,7 @@ return rc; TQString KSSLCertificate::getNotBefore() const { #ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QString(X509_get_notBefore(d->m_cert)); +return ASN1_UTCTIME_QString(d->kossl->X509_getm_notBefore(d->m_cert)); #else return TQString::null; #endif @@ -897,7 +912,7 @@ return TQString::null; TQString KSSLCertificate::getNotAfter() const { #ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QString(X509_get_notAfter(d->m_cert)); +return ASN1_UTCTIME_QString(d->kossl->X509_getm_notAfter(d->m_cert)); #else return TQString::null; #endif @@ -906,7 +921,7 @@ return TQString::null; TQDateTime KSSLCertificate::getQDTNotBefore() const { #ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QDateTime(X509_get_notBefore(d->m_cert), NULL); +return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notBefore(d->m_cert), NULL); #else return TQDateTime::currentDateTime(); #endif @@ -915,7 +930,7 @@ return TQDateTime::currentDateTime(); TQDateTime KSSLCertificate::getQDTNotAfter() const { #ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QDateTime(X509_get_notAfter(d->m_cert), NULL); +return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notAfter(d->m_cert), NULL); #else return TQDateTime::currentDateTime(); #endif @@ -924,7 +939,7 @@ return TQDateTime::currentDateTime(); TQDateTime KSSLCertificate::getQDTLastUpdate() const { #ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QDateTime(X509_CRL_get_lastUpdate(d->m_cert_crl), NULL); +return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_lastUpdate(d->m_cert_crl), NULL); #else return TQDateTime::currentDateTime(); #endif @@ -933,7 +948,7 @@ return TQDateTime::currentDateTime(); TQDateTime KSSLCertificate::getQDTNextUpdate() const { #ifdef KSSL_HAVE_SSL -return ASN1_UTCTIME_QDateTime(X509_CRL_get_nextUpdate(d->m_cert_crl), NULL); +return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_nextUpdate(d->m_cert_crl), NULL); #else return TQDateTime::currentDateTime(); #endif @@ -1053,6 +1068,15 @@ return qba; #define NETSCAPE_CERT_HDR "certificate" +#ifdef KSSL_HAVE_SSL +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +typedef struct NETSCAPE_X509_st +{ + ASN1_OCTET_STRING *header; + X509 *cert; +} NETSCAPE_X509; +#endif +#endif // what a piece of crap this is TQByteArray KSSLCertificate::toNetscape() { @@ -1062,8 +1086,8 @@ TQByteArray qba; NETSCAPE_X509 nx; ASN1_OCTET_STRING hdr; #else - ASN1_HEADER ah; - ASN1_OCTET_STRING os; + ASN1_HEADER ah; + ASN1_OCTET_STRING os; #endif KTempFile ktf; @@ -1159,10 +1183,10 @@ TQStringList KSSLCertificate::subjAltNames() const { return rc; } - int cnt = d->kossl->sk_GENERAL_NAME_num(names); + int cnt = d->kossl->OPENSSL_sk_num(names); for (int i = 0; i < cnt; i++) { - const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->sk_value(names, i); + const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->OPENSSL_sk_value(names, i); if (val->type != GEN_DNS) { continue; } @@ -1174,7 +1198,7 @@ TQStringList KSSLCertificate::subjAltNames() const { rc += s; } } - d->kossl->sk_free(names); + d->kossl->OPENSSL_sk_free(names); #endif return rc; } diff --git a/tdeio/kssl/ksslpkcs12.cc b/tdeio/kssl/ksslpkcs12.cc index 9521e907b..08bc54a0b 100644 --- a/tdeio/kssl/ksslpkcs12.cc +++ b/tdeio/kssl/ksslpkcs12.cc @@ -34,16 +34,6 @@ #include -#ifdef KSSL_HAVE_SSL -#define sk_new kossl->sk_new -#define sk_push kossl->sk_push -#define sk_free kossl->sk_free -#define sk_value kossl->sk_value -#define sk_num kossl->sk_num -#define sk_dup kossl->sk_dup -#define sk_pop kossl->sk_pop -#endif - KSSLPKCS12::KSSLPKCS12() { _pkcs = NULL; @@ -60,11 +50,11 @@ KSSLPKCS12::~KSSLPKCS12() { if (_pkey) kossl->EVP_PKEY_free(_pkey); if (_caStack) { for (;;) { - X509* x5 = sk_X509_pop(_caStack); + X509* x5 = reinterpret_cast(kossl->OPENSSL_sk_pop(_caStack)); if (!x5) break; kossl->X509_free(x5); } - sk_X509_free(_caStack); + kossl->OPENSSL_sk_free(_caStack); } if (_pkcs) kossl->PKCS12_free(_pkcs); #endif @@ -151,11 +141,11 @@ X509 *x = NULL; if (_pkey) kossl->EVP_PKEY_free(_pkey); if (_caStack) { for (;;) { - X509* x5 = sk_X509_pop(_caStack); + X509* x5 = reinterpret_cast(kossl->OPENSSL_sk_pop(_caStack)); if (!x5) break; kossl->X509_free(x5); } - sk_X509_free(_caStack); + kossl->OPENSSL_sk_free(_caStack); } _pkey = NULL; _caStack = NULL; @@ -282,14 +272,3 @@ TQString KSSLPKCS12::name() { return _cert->getSubject(); } - -#ifdef KSSL_HAVE_SSL -#undef sk_new -#undef sk_push -#undef sk_free -#undef sk_value -#undef sk_num -#undef sk_pop -#undef sk_dup -#endif - diff --git a/tdeio/kssl/ksslpkcs7.cc b/tdeio/kssl/ksslpkcs7.cc index cb66eb468..bced75e80 100644 --- a/tdeio/kssl/ksslpkcs7.cc +++ b/tdeio/kssl/ksslpkcs7.cc @@ -34,15 +34,6 @@ #include -#ifdef KSSL_HAVE_SSL -#define sk_new kossl->sk_new -#define sk_push kossl->sk_push -#define sk_free kossl->sk_free -#define sk_value kossl->sk_value -#define sk_num kossl->sk_num -#define sk_dup kossl->sk_dup -#endif - KSSLPKCS7::KSSLPKCS7() { _pkcs = NULL; @@ -196,13 +187,3 @@ TQString KSSLPKCS7::name() { return TQString(); } - -#ifdef KSSL_HAVE_SSL -#undef sk_new -#undef sk_push -#undef sk_free -#undef sk_value -#undef sk_num -#undef sk_dup -#endif - diff --git a/tdeio/kssl/ksslsettings.cc b/tdeio/kssl/ksslsettings.cc index fbf10b476..090eaef4f 100644 --- a/tdeio/kssl/ksslsettings.cc +++ b/tdeio/kssl/ksslsettings.cc @@ -46,29 +46,20 @@ #endif #include -#ifdef KSSL_HAVE_SSL -#define sk_new d->kossl->sk_new -#define sk_push d->kossl->sk_push -#define sk_free d->kossl->sk_free -#define sk_value d->kossl->sk_value -#define sk_num d->kossl->sk_num -#define sk_dup d->kossl->sk_dup -#define sk_pop d->kossl->sk_pop -#endif - class CipherNode { - public: - CipherNode(const char *_name, int _keylen) : - name(_name), keylen(_keylen) {} - TQString name; - int keylen; - inline int operator==(CipherNode &x) - { return ((x.keylen == keylen) && (x.name == name)); } - inline int operator< (CipherNode &x) { return keylen < x.keylen; } - inline int operator<=(CipherNode &x) { return keylen <= x.keylen; } - inline int operator> (CipherNode &x) { return keylen > x.keylen; } - inline int operator>=(CipherNode &x) { return keylen >= x.keylen; } - }; +class CipherNode { +public: + CipherNode(const char *_name, int _keylen) : + name(_name), keylen(_keylen) {} + TQString name; + int keylen; + inline int operator==(CipherNode &x) + { return ((x.keylen == keylen) && (x.name == name)); } + inline int operator< (CipherNode &x) { return keylen < x.keylen; } + inline int operator<=(CipherNode &x) { return keylen <= x.keylen; } + inline int operator> (CipherNode &x) { return keylen > x.keylen; } + inline int operator>=(CipherNode &x) { return keylen >= x.keylen; } +}; class KSSLSettingsPrivate { @@ -145,7 +136,7 @@ TQString KSSLSettings::getCipherList() { d->kossl = KOSSL::self(); if (m_bUseSSLv3 && m_bUseSSLv2) - meth = d->kossl->SSLv23_client_method(); + meth = d->kossl->TLS_client_method(); else if(m_bUseSSLv3) meth = d->kossl->SSLv3_client_method(); else if (m_bUseSSLv2) @@ -154,9 +145,9 @@ TQString KSSLSettings::getCipherList() { SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth); SSL* ssl = d->kossl->SSL_new(ctx); STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl); - int cnt = sk_SSL_CIPHER_num(sk); + int cnt = d->kossl->OPENSSL_sk_num(sk); for (int i=0; i< cnt; i++) { - SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i); + SSL_CIPHER *sc = reinterpret_cast(d->kossl->OPENSSL_sk_value(sk,i)); if (!sc) break; @@ -165,10 +156,10 @@ TQString KSSLSettings::getCipherList() { else m_cfg->setGroup("SSLv3"); - tcipher.sprintf("cipher_%s", sc->name); + tcipher.sprintf("cipher_%s", d->kossl->SSL_CIPHER_get_name(sc)); int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL); if (m_cfg->readBoolEntry(tcipher, bits >= 56)) { - CipherNode *xx = new CipherNode(sc->name,bits); + CipherNode *xx = new CipherNode(d->kossl->SSL_CIPHER_get_name(sc),bits); if (!cipherList.contains(xx)) cipherList.prepend(xx); else @@ -212,13 +203,21 @@ void KSSLSettings::load() { m_cfg->setGroup("TLS"); m_bUseTLSv1 = m_cfg->readBoolEntry("Enabled", true); - + +#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) + m_bUseSSLv2 = false; +#else m_cfg->setGroup("SSLv2"); m_bUseSSLv2 = m_cfg->readBoolEntry("Enabled", false); - +#endif + +#if defined(OPENSSL_NO_SSL3) + m_bUseSSLv3 = false; +#else m_cfg->setGroup("SSLv3"); m_bUseSSLv3 = m_cfg->readBoolEntry("Enabled", true); - +#endif + m_cfg->setGroup("Warnings"); m_bWarnOnEnter = m_cfg->readBoolEntry("OnEnter", false); m_bWarnOnLeave = m_cfg->readBoolEntry("OnLeave", true); @@ -344,13 +343,3 @@ void KSSLSettings::setSSLv3(bool enabled) { m_bUseSSLv3 = enabled; } TQString& KSSLSettings::getEGDPath() { return d->m_EGDPath; } -#ifdef KSSL_HAVE_SSL -#undef sk_new -#undef sk_push -#undef sk_free -#undef sk_value -#undef sk_num -#undef sk_pop -#undef sk_dup -#endif - diff --git a/tdeio/kssl/ksslutils.cc b/tdeio/kssl/ksslutils.cc index 2e4a95d75..2e6e3a303 100644 --- a/tdeio/kssl/ksslutils.cc +++ b/tdeio/kssl/ksslutils.cc @@ -92,10 +92,10 @@ TQString ASN1_UTCTIME_QString(ASN1_UTCTIME *tm) { TQString ASN1_INTEGER_QString(ASN1_INTEGER *aint) { -char *rep = KOSSL::self()->i2s_ASN1_INTEGER(NULL, aint); -TQString yy = rep; -KOSSL::self()->OPENSSL_free(rep); -return yy; + char *rep = KOSSL::self()->i2s_ASN1_INTEGER(NULL, aint); + TQString yy = rep; + KOSSL::self()->CRYPTO_free(rep); + return yy; } diff --git a/tdeio/tdeio/tcpslavebase.cpp b/tdeio/tdeio/tcpslavebase.cpp index b4b3fa656..0237c9fd5 100644 --- a/tdeio/tdeio/tcpslavebase.cpp +++ b/tdeio/tdeio/tcpslavebase.cpp @@ -471,7 +471,7 @@ int TCPSlaveBase::startTLS() if (hasMetaData("ssl_session_id")) { KSSLSession *s = KSSLSession::fromString(metaData("ssl_session_id")); if (s) { - d->kssl->setSession(s); + d->kssl->takeSession(s); delete s; } } @@ -1301,9 +1301,9 @@ bool TCPSlaveBase::doSSLHandShake( bool sendError ) if (hasMetaData("ssl_session_id")) { KSSLSession *s = KSSLSession::fromString(metaData("ssl_session_id")); if (s) { - d->kssl->setSession(s); + d->kssl->takeSession(s); delete s; - } + } } certificatePrompt();