TDE core libraries
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1092 lines
23KB

  1. /* This file is part of the KDE libraries
  2. Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
  3. This library is free software; you can redistribute it and/or
  4. modify it under the terms of the GNU Library General Public
  5. License version 2 as published by the Free Software Foundation.
  6. This library is distributed in the hope that it will be useful,
  7. but WITHOUT ANY WARRANTY; without even the implied warranty of
  8. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  9. Library General Public License for more details.
  10. You should have received a copy of the GNU Library General Public License
  11. along with this library; see the file COPYING.LIB. If not, write to
  12. the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  13. Boston, MA 02110-1301, USA.
  14. */
  15. // IF YOU ARE USING THIS CLASS, YOU ARE MAKING A MISTAKE.
  16. #ifndef __KOPENSSLPROXY_H
  17. #define __KOPENSSLPROXY_H
  18. #define KOSSL KOpenSSLProxy
  19. class KOpenSSLProxyPrivate;
  20. #include <klibloader.h>
  21. #ifdef Q_WS_WIN
  22. #include "ksslconfig_win.h"
  23. #else
  24. #include "ksslconfig.h"
  25. #endif
  26. #ifdef KSSL_HAVE_SSL
  27. #define crypt _openssl_crypt
  28. #include <openssl/ssl.h>
  29. #include <openssl/x509.h>
  30. #include <openssl/x509v3.h>
  31. #include <openssl/pem.h>
  32. #include <openssl/bio.h>
  33. #include <openssl/rand.h>
  34. #include <openssl/asn1.h>
  35. #include <openssl/pkcs7.h>
  36. #include <openssl/pkcs12.h>
  37. #include <openssl/evp.h>
  38. #include <openssl/stack.h>
  39. #include <openssl/bn.h>
  40. #undef crypt
  41. #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
  42. #define STACK OPENSSL_STACK
  43. #else
  44. #if OPENSSL_VERSION_NUMBER >= 0x10000000L
  45. #define STACK _STACK
  46. #endif
  47. #endif
  48. #endif
  49. #include <kstaticdeleter.h>
  50. #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
  51. typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
  52. typedef int X509_LOOKUP_TYPE;
  53. #endif
  54. /**
  55. * Dynamically load and wrap OpenSSL.
  56. *
  57. * @author George Staikos <staikos@kde.org>
  58. * @see KSSL
  59. * @short KDE OpenSSL Wrapper
  60. * @internal
  61. */
  62. class TDEIO_EXPORT KOpenSSLProxy {
  63. friend class KStaticDeleter<KOpenSSLProxy>;
  64. public:
  65. /**
  66. * Return an instance of class KOpenSSLProxy *
  67. * You cannot delete this object. It is a singleton class.
  68. */
  69. static KOpenSSLProxy *self();
  70. /**
  71. * Return true of libcrypto was found and loaded
  72. */
  73. bool hasLibCrypto() const;
  74. /**
  75. * Return true of libssl was found and loaded
  76. */
  77. bool hasLibSSL() const;
  78. /**
  79. * Destroy the class and start over - don't use this unless you know
  80. * what you are doing.
  81. */
  82. void destroy();
  83. // Here are the symbols that we need.
  84. #ifdef KSSL_HAVE_SSL
  85. /*
  86. * SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
  87. */
  88. int SSL_connect(SSL *ssl);
  89. /*
  90. * SSL_accept - initiate the TLS/SSL handshake with an TLS/SSL server
  91. */
  92. int SSL_accept(SSL *ssl);
  93. /*
  94. * SSL_get_error - get the error code
  95. */
  96. int SSL_get_error(SSL *ssl, int rc);
  97. /*
  98. * SSL_read - read bytes from a TLS/SSL connection.
  99. */
  100. int SSL_read(SSL *ssl, void *buf, int num);
  101. /*
  102. * SSL_write - write bytes to a TLS/SSL connection.
  103. */
  104. int SSL_write(SSL *ssl, const void *buf, int num);
  105. /*
  106. * SSL_new - create a new SSL structure for a connection
  107. */
  108. SSL *SSL_new(SSL_CTX *ctx);
  109. /*
  110. * SSL_free - free an allocated SSL structure
  111. */
  112. void SSL_free(SSL *ssl);
  113. /*
  114. * SSL_shutdown - shutdown an allocated SSL connection
  115. */
  116. int SSL_shutdown(SSL *ssl);
  117. /*
  118. * SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
  119. */
  120. SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
  121. /*
  122. * SSL_CTX_free - free an allocated SSL_CTX object
  123. */
  124. void SSL_CTX_free(SSL_CTX *ctx);
  125. /*
  126. * SSL_set_fd - connect the SSL object with a file descriptor
  127. */
  128. int SSL_set_fd(SSL *ssl, int fd);
  129. /*
  130. * SSL_pending - obtain number of readable bytes buffered in an SSL object
  131. */
  132. int SSL_pending(SSL *ssl);
  133. /*
  134. * SSL_peek - obtain bytes buffered in an SSL object
  135. */
  136. int SSL_peek(SSL *ssl, void *buf, int num);
  137. /*
  138. * SSL_CTX_set_cipher_list - choose list of available SSL_CIPHERs
  139. */
  140. int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
  141. /*
  142. * SSL_CTX_set_verify - set peer certificate verification parameters
  143. */
  144. void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
  145. int (*verify_callback)(int, X509_STORE_CTX *));
  146. /*
  147. * SSL_use_certificate - load certificate
  148. */
  149. int SSL_use_certificate(SSL *ssl, X509 *x);
  150. /*
  151. * SSL_get_current_cipher - get SSL_CIPHER of a connection
  152. */
  153. SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
  154. /* SSL_set_options - manipulate SSL engine options */
  155. long _SSL_set_options(SSL *ssl, long options);
  156. /* Returns 0 if not reused, 1 if session id is reused */
  157. int _SSL_session_reused(SSL *ssl);
  158. /* SSL control */
  159. long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
  160. /*
  161. * RAND_egd - set the path to the EGD
  162. */
  163. int RAND_egd(const char *path);
  164. /*
  165. * RAND_file_name
  166. */
  167. const char *RAND_file_name(char *buf, size_t num);
  168. /*
  169. * RAND_load_file
  170. */
  171. int RAND_load_file(const char *filename, long max_bytes);
  172. /*
  173. * RAND_write_file
  174. */
  175. int RAND_write_file(const char *filename);
  176. /*
  177. * TLSv1_client_method - return a TLSv1 client method object
  178. */
  179. SSL_METHOD *TLSv1_client_method();
  180. /*
  181. * SSLv2_client_method - return a SSLv2 client method object
  182. */
  183. SSL_METHOD *SSLv2_client_method();
  184. /*
  185. * SSLv3_client_method - return a SSLv3 client method object
  186. */
  187. SSL_METHOD *SSLv3_client_method();
  188. /*
  189. * TLS_client_method - return client method object
  190. */
  191. SSL_METHOD *TLS_client_method();
  192. /*
  193. * SSL_get_peer_certificate - return the peer's certificate
  194. */
  195. X509 *SSL_get_peer_certificate(SSL *s);
  196. /*
  197. * SSL_get_peer_cert_chain - get the peer's certificate chain
  198. */
  199. STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
  200. /*
  201. * SSL_CIPHER_get_bits - get the number of bits in this cipher
  202. */
  203. int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
  204. /*
  205. * SSL_CIPHER_get_version - get the version of this cipher
  206. */
  207. char *SSL_CIPHER_get_version(SSL_CIPHER *c);
  208. /*
  209. * SSL_CIPHER_get_name - get the name of this cipher
  210. */
  211. const char *SSL_CIPHER_get_name(SSL_CIPHER *c);
  212. /*
  213. * SSL_CIPHER_description - get the description of this cipher
  214. */
  215. char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
  216. /*
  217. * SSL_CTX_use_PrivateKey - set the private key for the session.
  218. * - for use with client certificates
  219. */
  220. int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
  221. /*
  222. * SSL_CTX_use_certificate - set the client certificate for the session.
  223. */
  224. int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
  225. /*
  226. * d2i_X509 - Covert a text representation of X509 to an X509 object
  227. */
  228. X509 * d2i_X509(X509 **a,unsigned char **pp,long length);
  229. /*
  230. * d2i_X509 - Covert a text representation of X509 CRL to an X509_CRL object
  231. */
  232. X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
  233. /*
  234. * i2d_X509 - Covert an X509 object into a text representation
  235. */
  236. int i2d_X509(X509 *a,unsigned char **pp);
  237. /*
  238. * X509_cmp - compare two X509 objects
  239. */
  240. int X509_cmp(X509 *a, X509 *b);
  241. /*
  242. * X509_subject_name_cmp - compare subject name of two X509 objects
  243. */
  244. int X509_subject_name_cmp(const X509 *a, const X509 *b);
  245. /*
  246. * X509_dup - duplicate an X509 object
  247. */
  248. X509 *X509_dup(X509 *x509);
  249. /*
  250. * X509_get0_signature - get signature and algorithm
  251. */
  252. void X509_get0_signature(const ASN1_BIT_STRING **psig,
  253. const X509_ALGOR **palg, const X509 *x);
  254. /*
  255. *
  256. */
  257. ASN1_TIME *X509_getm_notAfter(const X509 *x);
  258. /*
  259. *
  260. */
  261. ASN1_TIME *X509_getm_notBefore(const X509 *x);
  262. /*
  263. * X509_STORE_CTX_new - create an X509 store context
  264. */
  265. X509_STORE_CTX *X509_STORE_CTX_new(void);
  266. /*
  267. * X509_STORE_CTX_free - free up an X509 store context
  268. */
  269. void X509_STORE_CTX_free(X509_STORE_CTX *v);
  270. /*
  271. * X509_STORE_CTX_set0_untrusted - set the certificate chain
  272. */
  273. void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *v, STACK_OF(X509)* x);
  274. /*
  275. * X509_STORE_CTX_set_purpose - set the purpose of the certificate
  276. */
  277. void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose);
  278. /*
  279. *
  280. */
  281. X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
  282. /*
  283. *
  284. */
  285. int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
  286. /*
  287. *
  288. */
  289. int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
  290. /*
  291. *
  292. */
  293. void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
  294. /*
  295. *
  296. */
  297. void X509_STORE_set_verify_cb(X509_STORE *ctx,
  298. X509_STORE_CTX_verify_cb verify_cb);
  299. /*
  300. *
  301. */
  302. STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
  303. /*
  304. *
  305. */
  306. X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
  307. /*
  308. *
  309. */
  310. X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
  311. /*
  312. * X509_verify_cert - verify the certificate
  313. */
  314. int X509_verify_cert(X509_STORE_CTX *v);
  315. /*
  316. * X509_STORE_new - create an X509 store
  317. */
  318. X509_STORE *X509_STORE_new(void);
  319. /*
  320. * X509_STORE_free - free up an X509 store
  321. */
  322. void X509_STORE_free(X509_STORE *v);
  323. /*
  324. * X509_free - free up an X509
  325. */
  326. void X509_free(X509 *v);
  327. /*
  328. * X509_CRL_free - free up an X509 CRL
  329. */
  330. void X509_CRL_free(X509_CRL *v);
  331. /*
  332. *
  333. */
  334. const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
  335. /*
  336. *
  337. */
  338. const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
  339. /*
  340. * X509_NAME_oneline - return the X509 data in a string
  341. */
  342. char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
  343. /*
  344. * X509_get_subject_name - return the X509_NAME for the subject field
  345. */
  346. X509_NAME *X509_get_subject_name(X509 *a);
  347. /*
  348. * X509_get_issuer_name - return the X509_NAME for the issuer field
  349. */
  350. X509_NAME *X509_get_issuer_name(X509 *a);
  351. /*
  352. * X509_STORE_add_lookup - add a lookup file/method to an X509 store
  353. */
  354. X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
  355. /*
  356. * X509_LOOKUP_file - Definition of the LOOKUP_file method
  357. */
  358. X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
  359. /*
  360. * X509_LOOKUP_free - Free an X509_LOOKUP
  361. */
  362. void X509_LOOKUP_free(X509_LOOKUP *x);
  363. /*
  364. * X509_LOOKUP_ctrl - This is not normally called directly (use macros)
  365. */
  366. int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret);
  367. /*
  368. * X509_STORE_CTX_init - initialize an X509 STORE context
  369. */
  370. void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain);
  371. /*
  372. * CRYPTO_free - free up an internally allocated object
  373. */
  374. void CRYPTO_free(void *x);
  375. /*
  376. * BIO_new - create new BIO
  377. */
  378. BIO *BIO_new(BIO_METHOD *type);
  379. /*
  380. * BIO methods - only one defined here yet
  381. */
  382. BIO_METHOD *BIO_s_mem(void);
  383. /*
  384. * BIO_new_fp - nastiness called BIO - used to create BIO* from FILE*
  385. */
  386. BIO *BIO_new_fp(FILE *stream, int close_flag);
  387. /*
  388. * BIO_new_mem_buf - read only BIO from memory region
  389. */
  390. BIO *BIO_new_mem_buf(void *buf, int len);
  391. /*
  392. * BIO_free - nastiness called BIO - used to destroy BIO*
  393. */
  394. int BIO_free(BIO *a);
  395. /*
  396. * BIO_ctrl - BIO control method
  397. */
  398. long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
  399. /*
  400. * BIO_write - equivalent to ::write for BIO
  401. */
  402. int BIO_write(BIO *b, const void *data, int len);
  403. /*
  404. * BIO_get_data - retrieve (custom) data from BIO
  405. */
  406. void *BIO_get_data(BIO *a);
  407. /*
  408. * PEM_write_bio_X509 - write a PEM encoded cert to a BIO*
  409. */
  410. int PEM_write_bio_X509(BIO *bp, X509 *x);
  411. #if OPENSSL_VERSION_NUMBER < 0x10000000L
  412. /*
  413. * X509_asn1_meth - used for netscape output
  414. */
  415. ASN1_METHOD *X509_asn1_meth();
  416. #endif
  417. /*
  418. * ASN1_i2d_fp - used for netscape output
  419. */
  420. int ASN1_i2d_fp(FILE *out, unsigned char *x);
  421. /*
  422. * ASN1_d2i_fp - read an X509 from a DER encoded file (buf can be NULL)
  423. */
  424. X509 *X509_d2i_fp(FILE *out, X509** buf);
  425. /*
  426. * X509_print - print the text form of an X509
  427. */
  428. int X509_print(FILE *fp, X509 *x);
  429. /*
  430. * Read a PKCS#12 cert from fp
  431. */
  432. PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
  433. /*
  434. * Change the password on a PKCS#12 cert
  435. */
  436. int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
  437. /*
  438. * Write a PKCS#12 to mem
  439. */
  440. int i2d_PKCS12(PKCS12 *p12, unsigned char **p);
  441. /*
  442. * Write a PKCS#12 to FILE*
  443. */
  444. int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
  445. /*
  446. * Create a new PKCS#12 object
  447. */
  448. PKCS12 *PKCS12_new(void);
  449. /*
  450. * Destroy that PKCS#12 that you created!
  451. */
  452. void PKCS12_free(PKCS12 *a);
  453. /*
  454. * Parse the PKCS#12
  455. */
  456. int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey,
  457. X509 **cert, STACK_OF(X509) **ca);
  458. /*
  459. * Free the Private Key
  460. */
  461. void EVP_PKEY_free(EVP_PKEY *x);
  462. /*
  463. * Pop off the stack
  464. */
  465. char *OPENSSL_sk_pop(STACK *s);
  466. char *OPENSSL_sk_pop(void *s) { return OPENSSL_sk_pop(reinterpret_cast<STACK*>(s)); }
  467. /*
  468. * Free the stack
  469. */
  470. void OPENSSL_sk_free(STACK *s);
  471. void OPENSSL_sk_free(void *s) { OPENSSL_sk_free(reinterpret_cast<STACK*>(s)); }
  472. /*
  473. * Number of elements in the stack
  474. */
  475. int OPENSSL_sk_num(STACK *s);
  476. int OPENSSL_sk_num(void *s) { return OPENSSL_sk_num(reinterpret_cast<STACK*>(s)); }
  477. /*
  478. * Value of element n in the stack
  479. */
  480. char *OPENSSL_sk_value(STACK *s, int n);
  481. char *OPENSSL_sk_value(void *s, int n) { return OPENSSL_sk_value(reinterpret_cast<STACK*>(s), n); }
  482. /*
  483. * Create a new stack
  484. */
  485. STACK *OPENSSL_sk_new(int (*cmp)());
  486. /*
  487. * Add an element to the stack
  488. */
  489. int OPENSSL_sk_push(STACK *s, char *d);
  490. int OPENSSL_sk_push(void *s, void *d) { return OPENSSL_sk_push(reinterpret_cast<STACK*>(s), reinterpret_cast<char*>(d)); }
  491. /*
  492. * Duplicate the stack
  493. */
  494. STACK *OPENSSL_sk_dup(const STACK *s);
  495. STACK *OPENSSL_sk_dup(const void *s) { return OPENSSL_sk_dup(reinterpret_cast<const STACK*>(s)); }
  496. /*
  497. * Convert an ASN1_INTEGER to it's text form
  498. */
  499. char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
  500. /*
  501. * Get the certificate's serial number
  502. */
  503. ASN1_INTEGER *X509_get_serialNumber(X509 *x);
  504. /*
  505. * Get the certificate's public key
  506. */
  507. EVP_PKEY *X509_get_pubkey(X509 *x);
  508. /*
  509. * Convert the public key to a decimal form
  510. */
  511. int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
  512. /*
  513. * Check the private key of a PKCS bundle against the X509
  514. */
  515. int X509_check_private_key(X509 *x, EVP_PKEY *p);
  516. /*
  517. * Convert a BIGNUM to a hex string
  518. */
  519. char *BN_bn2hex(const BIGNUM *a);
  520. /*
  521. * Compute the digest of an X.509
  522. */
  523. int X509_digest(const X509 *x,const EVP_MD *t, unsigned char *md, unsigned int *len);
  524. /*
  525. * EVP_md5
  526. */
  527. EVP_MD *EVP_md5();
  528. /*
  529. * ASN1_INTEGER free
  530. */
  531. void ASN1_INTEGER_free(ASN1_INTEGER *x);
  532. /*
  533. * ASN1_STRING_data
  534. */
  535. unsigned char *ASN1_STRING_data(ASN1_STRING *x);
  536. /*
  537. * ASN1_STRING_length
  538. */
  539. int ASN1_STRING_length(ASN1_STRING *x);
  540. /*
  541. *
  542. */
  543. int OBJ_obj2nid(ASN1_OBJECT *o);
  544. /*
  545. *
  546. */
  547. const char * OBJ_nid2ln(int n);
  548. /*
  549. * get the number of extensions
  550. */
  551. int X509_get_ext_count(X509 *x);
  552. /*
  553. *
  554. */
  555. int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
  556. /*
  557. *
  558. */
  559. int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
  560. /*
  561. *
  562. */
  563. X509_EXTENSION *X509_get_ext(X509 *x, int loc);
  564. /*
  565. *
  566. */
  567. X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
  568. /*
  569. *
  570. */
  571. int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
  572. /*
  573. *
  574. */
  575. void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
  576. /*
  577. *
  578. */
  579. char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
  580. /*
  581. *
  582. */
  583. int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
  584. /*
  585. *
  586. */
  587. PKCS7 *PKCS7_new(void);
  588. /*
  589. *
  590. */
  591. void PKCS7_free(PKCS7 *a);
  592. /*
  593. *
  594. */
  595. void PKCS7_content_free(PKCS7 *a);
  596. /*
  597. *
  598. */
  599. int i2d_PKCS7(PKCS7 *a, unsigned char **pp);
  600. /*
  601. *
  602. */
  603. PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp,long length);
  604. /*
  605. *
  606. */
  607. int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
  608. /*
  609. *
  610. */
  611. PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
  612. /*
  613. *
  614. */
  615. int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
  616. /*
  617. *
  618. */
  619. PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
  620. /*
  621. *
  622. */
  623. PKCS7 *PKCS7_dup(PKCS7 *p7);
  624. /*
  625. * Create a PKCS7 signature / signed message
  626. */
  627. PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
  628. BIO *data, int flags);
  629. /*
  630. * Verify a PKCS7 signature.
  631. */
  632. int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
  633. BIO *indata, BIO *out, int flags);
  634. /*
  635. * Get signers of a verified PKCS7 signature
  636. */
  637. STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
  638. /*
  639. * PKCS7 encrypt message
  640. */
  641. PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
  642. int flags);
  643. /*
  644. * decrypt PKCS7 message
  645. */
  646. int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
  647. /*
  648. * Load a CA list file.
  649. */
  650. STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
  651. /*
  652. * Load a file of PEM encoded objects.
  653. */
  654. STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
  655. pem_password_cb *cb, void *u);
  656. /*
  657. * Get the number of purposes available
  658. */
  659. int X509_PURPOSE_get_count();
  660. /*
  661. * Get the ID of a purpose
  662. */
  663. int X509_PURPOSE_get_id(X509_PURPOSE *);
  664. /*
  665. * Check the existence of purpose id "id" in x. for CA, set ca = 1, else 0
  666. */
  667. int X509_check_purpose(X509 *x, int id, int ca);
  668. /*
  669. * Get the purpose with index #idx
  670. */
  671. X509_PURPOSE * X509_PURPOSE_get0(int idx);
  672. /*
  673. * Create a new Private KEY
  674. */
  675. EVP_PKEY* EVP_PKEY_new();
  676. /*
  677. * Get EVP private key type
  678. */
  679. int EVP_PKEY_base_id(const EVP_PKEY *pkey);
  680. /*
  681. * Assign a private key
  682. */
  683. int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key);
  684. /*
  685. * Get RSA key
  686. */
  687. RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
  688. /*
  689. * Get DSA key
  690. */
  691. DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
  692. /*
  693. * RSA_get0_key - retreive key parameters
  694. */
  695. void RSA_get0_key(const RSA *r,
  696. const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
  697. /*
  698. * Generate a RSA key
  699. */
  700. RSA *RSA_generate_key(int bits, unsigned long e, void
  701. (*callback)(int,int,void *), void *cb_arg);
  702. /*
  703. * DSA_get0_pqg - retreive key parameters
  704. */
  705. void DSA_get0_pqg(const DSA *d,
  706. const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
  707. /*
  708. * DSA_get0_key - retreive key
  709. */
  710. void DSA_get0_key(const DSA *d,
  711. const BIGNUM **pub_key, const BIGNUM **priv_key);
  712. /*
  713. * Create/destroy a certificate request
  714. */
  715. X509_REQ *X509_REQ_new();
  716. void X509_REQ_free(X509_REQ *a);
  717. /*
  718. * Set the public key in the REQ object
  719. */
  720. int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
  721. /* for testing */
  722. int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
  723. /* SMime support */
  724. STACK *X509_get1_email(X509 *x);
  725. void X509_email_free(STACK *sk);
  726. /* Ciphers needed for SMime */
  727. EVP_CIPHER *EVP_des_ede3_cbc();
  728. EVP_CIPHER *EVP_des_cbc();
  729. EVP_CIPHER *EVP_rc2_cbc();
  730. EVP_CIPHER *EVP_rc2_64_cbc();
  731. EVP_CIPHER *EVP_rc2_40_cbc();
  732. /* clear the current error - use this often*/
  733. void ERR_clear_error();
  734. /* retrieve the latest error */
  735. unsigned long ERR_get_error();
  736. /* Print the errors to this stream */
  737. void ERR_print_errors_fp(FILE *fp);
  738. /* Get a pointer to the SSL session id (reference counted) */
  739. SSL_SESSION *SSL_get1_session(SSL *ssl);
  740. /* Frees a pointer to the SSL session id (reference decremented if needed) */
  741. void SSL_SESSION_free(SSL_SESSION *session);
  742. /* Set the SSL session to reuse. */
  743. int SSL_set_session(SSL *ssl, SSL_SESSION *session);
  744. /* Decode ASN.1 to SSL_SESSION */
  745. SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length);
  746. /* Encode SSL_SESSION to ASN.1 */
  747. int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
  748. /* Write privatekey to FILE stream */
  749. int i2d_PrivateKey_fp(FILE*, EVP_PKEY*);
  750. /* Write PKCS#8privatekey to FILE stream */
  751. int i2d_PKCS8PrivateKey_fp(FILE*, EVP_PKEY*, const EVP_CIPHER*, char*, int, pem_password_cb*, void*);
  752. /* Free RSA structure */
  753. void RSA_free(RSA*);
  754. /* Get a blowfish CBC pointer */
  755. EVP_CIPHER *EVP_bf_cbc();
  756. /* Sign a CSR */
  757. int X509_REQ_sign(X509_REQ*, EVP_PKEY*, const EVP_MD*);
  758. /* add a name entry */
  759. int X509_NAME_add_entry_by_txt(X509_NAME*, char*, int, unsigned char*, int, int, int);
  760. /* Create a name */
  761. X509_NAME *X509_NAME_new();
  762. /* Set the subject */
  763. int X509_REQ_set_subject_name(X509_REQ*,X509_NAME*);
  764. /* get list of available SSL_CIPHER's sorted by preference */
  765. STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL* ssl);
  766. /* cover KOpenSSLProxy API compatibility */
  767. #if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_API_COMPAT < 0x10100000L
  768. # undef sk_dup
  769. # undef sk_free
  770. # undef sk_new
  771. # undef sk_num
  772. # undef sk_pop
  773. # undef sk_push
  774. # undef sk_value
  775. # undef X509_STORE_CTX_set_chain
  776. # undef SSLv23_client_method
  777. #endif
  778. STACK *sk_dup(const STACK *s) KDE_DEPRECATED;
  779. void sk_free(STACK *s) KDE_DEPRECATED;
  780. STACK *sk_new(int (*cmp)()) KDE_DEPRECATED;
  781. int sk_num(STACK *s) KDE_DEPRECATED;
  782. char *sk_pop(STACK *s) KDE_DEPRECATED;
  783. int sk_push(STACK *s, char *d) KDE_DEPRECATED;
  784. char *sk_value(STACK *s, int n) KDE_DEPRECATED;
  785. void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) KDE_DEPRECATED;
  786. SSL_METHOD *SSLv23_client_method() KDE_DEPRECATED;
  787. #endif
  788. private:
  789. KOpenSSLProxy();
  790. ~KOpenSSLProxy();
  791. KOpenSSLProxyPrivate *d;
  792. KLibrary *_sslLib;
  793. KLibrary *_cryptoLib;
  794. static KOpenSSLProxy *_me;
  795. bool _ok;
  796. };
  797. #endif