diff options
author | Slávek Banko <slavek.banko@axis.cz> | 2017-01-01 19:35:39 +0100 |
---|---|---|
committer | Slávek Banko <slavek.banko@axis.cz> | 2017-01-01 19:41:30 +0100 |
commit | b8802de2c09b31fce7717a500cd5ffe8bada1b27 (patch) | |
tree | 09883851645f923083be5b862eacde360446f727 /tdeio/kssl/kopenssl.h | |
parent | 855198315f7a52466fa51368fbd703815cbab429 (diff) | |
download | tdelibs-b8802de2c09b31fce7717a500cd5ffe8bada1b27.tar.gz tdelibs-b8802de2c09b31fce7717a500cd5ffe8bada1b27.zip |
Added support for OpenSSL 1.1
Some KOpenSSLProxy methods have been renamed to be consistent
with OpenSSL 1.1 API names and to prevent hidden API changes.
To ensure API / ABI compatibility, the original methods are
still included but have been marked as deprecated.
+ SSLv23_client_method => TLS_client_method
+ X509_STORE_CTX_set_chain => X509_STORE_CTX_set0_untrusted
+ sk_dup => OPENSSL_sk_dup
+ sk_free => OPENSSL_sk_free
+ sk_new => OPENSSL_sk_new
+ sk_num => OPENSSL_sk_num
+ sk_pop => OPENSSL_sk_pop
+ sk_push => OPENSSL_sk_push
+ sk_value => OPENSSL_sk_value
Additional methods have been added to KOpenSSLProxy to support
the new OpenSSL 1.1 API functions that provide access to the
(now) opaque SSL structures. Compatibility with OpenSSL < 1.1
is handled internally in KOpenSSLProxy.
+ BIO_get_data
+ DSA_get0_key
+ DSA_get0_pqg
+ EVP_PKEY_base_id
+ EVP_PKEY_get0_DSA
+ EVP_PKEY_get0_RSA
+ RSA_get0_key
+ X509_CRL_get0_lastUpdate
+ X509_CRL_get0_nextUpdate
+ X509_OBJECT_get0_X509
+ X509_OBJECT_get_type
+ X509_STORE_CTX_get_current_cert
+ X509_STORE_CTX_get_error
+ X509_STORE_CTX_get_error_depth
+ X509_STORE_CTX_set_error
+ X509_STORE_get0_objects
+ X509_STORE_set_verify_cb
+ X509_get0_signature
+ X509_getm_notAfter
+ X509_getm_notBefore
+ X509_subject_name_cmp
+ _SSL_session_reused
+ _SSL_set_options
Method "KSSL::setSession" has been renamed to "KSSL::takeSession"
and its functionality has changed: the session is now transferred
from the argument object to the invoked object. Since it is only
used internally in TDE and the functionality is different, the
method with the previous name has not been preserved.
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
(cherry picked from commit e1861cb6811f7bac405ece204407ca46c000a453)
Diffstat (limited to 'tdeio/kssl/kopenssl.h')
-rw-r--r-- | tdeio/kssl/kopenssl.h | 222 |
1 files changed, 191 insertions, 31 deletions
diff --git a/tdeio/kssl/kopenssl.h b/tdeio/kssl/kopenssl.h index 6185821a4..be335b199 100644 --- a/tdeio/kssl/kopenssl.h +++ b/tdeio/kssl/kopenssl.h @@ -48,13 +48,22 @@ class KOpenSSLProxyPrivate; #include <openssl/stack.h> #include <openssl/bn.h> #undef crypt +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#define STACK OPENSSL_STACK +#else #if OPENSSL_VERSION_NUMBER >= 0x10000000L #define STACK _STACK #endif #endif +#endif #include <kstaticdeleter.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +typedef int X509_LOOKUP_TYPE; +#endif + /** * Dynamically load and wrap OpenSSL. * @@ -178,17 +187,14 @@ public: */ SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); - /* - * SSL_set_options - manipulate SSL engine options - * Note: These are all mapped to SSL_ctrl so call them as the comment - * specifies but know that they use SSL_ctrl. They are #define - * so they will map to the one in this class if called as a - * member function of this class. - */ - /* long SSL_set_options(SSL *ssl, long options); */ - /* Returns 0 if not reused, 1 if session id is reused */ - /* int SSL_session_reused(SSL *ssl); */ - long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); + /* SSL_set_options - manipulate SSL engine options */ + long _SSL_set_options(SSL *ssl, long options); + + /* Returns 0 if not reused, 1 if session id is reused */ + int _SSL_session_reused(SSL *ssl); + + /* SSL control */ + long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); /* * RAND_egd - set the path to the EGD @@ -233,9 +239,9 @@ public: /* - * SSLv23_client_method - return a SSLv23 client method object + * TLS_client_method - return client method object */ - SSL_METHOD *SSLv23_client_method(); + SSL_METHOD *TLS_client_method(); /* @@ -310,12 +316,38 @@ public: /* + * X509_subject_name_cmp - compare subject name of two X509 objects + */ + int X509_subject_name_cmp(const X509 *a, const X509 *b); + + + /* * X509_dup - duplicate an X509 object */ X509 *X509_dup(X509 *x509); /* + * X509_get0_signature - get signature and algorithm + */ + void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); + + + + /* + * + */ + ASN1_TIME *X509_getm_notAfter(const X509 *x); + + + /* + * + */ + ASN1_TIME *X509_getm_notBefore(const X509 *x); + + + /* * X509_STORE_CTX_new - create an X509 store context */ X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -328,15 +360,66 @@ public: /* - * X509_STORE_CTX_set_chain - set the certificate chain + * X509_STORE_CTX_set0_untrusted - set the certificate chain */ - void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x); + void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *v, STACK_OF(X509)* x); + /* * X509_STORE_CTX_set_purpose - set the purpose of the certificate */ void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose); + + /* + * + */ + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + + + /* + * + */ + int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + + + /* + * + */ + int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + + + /* + * + */ + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); + + + /* + * + */ + void X509_STORE_set_verify_cb(X509_STORE *ctx, + X509_STORE_CTX_verify_cb verify_cb); + + + /* + * + */ + STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); + + + /* + * + */ + X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); + + + /* + * + */ + X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); + + /* * X509_verify_cert - verify the certificate */ @@ -367,6 +450,18 @@ public: /* + * + */ + const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); + + + /* + * + */ + const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); + + + /* * X509_NAME_oneline - return the X509 data in a string */ char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); @@ -455,6 +550,11 @@ public: int BIO_write(BIO *b, const void *data, int len); /* + * BIO_get_data - retrieve (custom) data from BIO + */ + void *BIO_get_data(BIO *a); + + /* * PEM_write_bio_X509 - write a PEM encoded cert to a BIO* */ int PEM_write_bio_X509(BIO *bp, X509 *x); @@ -536,53 +636,51 @@ public: /* * Pop off the stack */ - char *sk_pop(STACK *s); + char *OPENSSL_sk_pop(STACK *s); + + char *OPENSSL_sk_pop(void *s) { return OPENSSL_sk_pop(reinterpret_cast<STACK*>(s)); } /* * Free the stack */ - void sk_free(STACK *s); + void OPENSSL_sk_free(STACK *s); -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - void sk_free(void *s) { return sk_free(reinterpret_cast<STACK*>(s)); } -#endif + void OPENSSL_sk_free(void *s) { OPENSSL_sk_free(reinterpret_cast<STACK*>(s)); } /* * Number of elements in the stack */ - int sk_num(STACK *s); + int OPENSSL_sk_num(STACK *s); + int OPENSSL_sk_num(void *s) { return OPENSSL_sk_num(reinterpret_cast<STACK*>(s)); } /* * Value of element n in the stack */ - char *sk_value(STACK *s, int n); + char *OPENSSL_sk_value(STACK *s, int n); -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - char *sk_value(void *s, int n) { return sk_value(reinterpret_cast<STACK*>(s), n); } -#endif + char *OPENSSL_sk_value(void *s, int n) { return OPENSSL_sk_value(reinterpret_cast<STACK*>(s), n); } /* * Create a new stack */ - STACK *sk_new(int (*cmp)()); + STACK *OPENSSL_sk_new(int (*cmp)()); /* * Add an element to the stack */ - int sk_push(STACK *s, char *d); + int OPENSSL_sk_push(STACK *s, char *d); -#if OPENSSL_VERSION_NUMBER >= 0x10000000L - int sk_push(void *s, void *d) { return sk_push(reinterpret_cast<STACK*>(s), reinterpret_cast<char*>(d)); } -#endif + int OPENSSL_sk_push(void *s, void *d) { return OPENSSL_sk_push(reinterpret_cast<STACK*>(s), reinterpret_cast<char*>(d)); } /* * Duplicate the stack */ - STACK *sk_dup(STACK *s); + STACK *OPENSSL_sk_dup(const STACK *s); + STACK *OPENSSL_sk_dup(const void *s) { return OPENSSL_sk_dup(reinterpret_cast<const STACK*>(s)); } /* * Convert an ASN1_INTEGER to it's text form @@ -824,12 +922,37 @@ public: /* + * Get EVP private key type + */ + int EVP_PKEY_base_id(const EVP_PKEY *pkey); + + + /* * Assign a private key */ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); /* + * Get RSA key + */ + RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); + + + /* + * Get DSA key + */ + DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); + + + /* + * RSA_get0_key - retreive key parameters + */ + void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); + + + /* * Generate a RSA key */ RSA *RSA_generate_key(int bits, unsigned long e, void @@ -837,6 +960,20 @@ public: /* + * DSA_get0_pqg - retreive key parameters + */ + void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); + + + /* + * DSA_get0_key - retreive key + */ + void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key); + + + /* * Create/destroy a certificate request */ X509_REQ *X509_REQ_new(); @@ -912,6 +1049,29 @@ public: /* get list of available SSL_CIPHER's sorted by preference */ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL* ssl); + + /* cover KOpenSSLProxy API compatibility */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_API_COMPAT < 0x10100000L +# undef sk_dup +# undef sk_free +# undef sk_new +# undef sk_num +# undef sk_pop +# undef sk_push +# undef sk_value +# undef X509_STORE_CTX_set_chain +# undef SSLv23_client_method +#endif + STACK *sk_dup(const STACK *s) KDE_DEPRECATED; + void sk_free(STACK *s) KDE_DEPRECATED; + STACK *sk_new(int (*cmp)()) KDE_DEPRECATED; + int sk_num(STACK *s) KDE_DEPRECATED; + char *sk_pop(STACK *s) KDE_DEPRECATED; + int sk_push(STACK *s, char *d) KDE_DEPRECATED; + char *sk_value(STACK *s, int n) KDE_DEPRECATED; + void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) KDE_DEPRECATED; + SSL_METHOD *SSLv23_client_method() KDE_DEPRECATED; + #endif private: |