kopenssl.h
00001 /* This file is part of the KDE libraries 00002 Copyright (C) 2001-2003 George Staikos <staikos@kde.org> 00003 00004 This library is free software; you can redistribute it and/or 00005 modify it under the terms of the GNU Library General Public 00006 License version 2 as published by the Free Software Foundation. 00007 00008 This library is distributed in the hope that it will be useful, 00009 but WITHOUT ANY WARRANTY; without even the implied warranty of 00010 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00011 Library General Public License for more details. 00012 00013 You should have received a copy of the GNU Library General Public License 00014 along with this library; see the file COPYING.LIB. If not, write to 00015 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 00016 Boston, MA 02110-1301, USA. 00017 */ 00018 00019 00020 // IF YOU ARE USING THIS CLASS, YOU ARE MAKING A MISTAKE. 00021 00022 #ifndef __KOPENSSLPROXY_H 00023 #define __KOPENSSLPROXY_H 00024 00025 #define KOSSL KOpenSSLProxy 00026 class KOpenSSLProxyPrivate; 00027 00028 #include <klibloader.h> 00029 00030 #ifdef Q_WS_WIN 00031 #include "ksslconfig_win.h" 00032 #else 00033 #include "ksslconfig.h" 00034 #endif 00035 00036 #ifdef KSSL_HAVE_SSL 00037 #define crypt _openssl_crypt 00038 #include <openssl/ssl.h> 00039 #include <openssl/x509.h> 00040 #include <openssl/x509v3.h> 00041 #include <openssl/pem.h> 00042 #include <openssl/bio.h> 00043 #include <openssl/rand.h> 00044 #include <openssl/asn1.h> 00045 #include <openssl/pkcs7.h> 00046 #include <openssl/pkcs12.h> 00047 #include <openssl/evp.h> 00048 #include <openssl/stack.h> 00049 #include <openssl/bn.h> 00050 #undef crypt 00051 #if OPENSSL_VERSION_NUMBER >= 0x10100000L 00052 #define STACK OPENSSL_STACK 00053 #else 00054 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 00055 #define STACK _STACK 00056 #endif 00057 #endif 00058 #endif 00059 00060 #include <kstaticdeleter.h> 00061 00062 #if OPENSSL_VERSION_NUMBER < 0x10100000L 00063 typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); 00064 typedef int X509_LOOKUP_TYPE; 00065 #endif 00066 00075 class KIO_EXPORT KOpenSSLProxy { 00076 friend class KStaticDeleter<KOpenSSLProxy>; 00077 public: 00078 00083 static KOpenSSLProxy *self(); 00084 00088 bool hasLibCrypto() const; 00089 00093 bool hasLibSSL() const; 00094 00099 void destroy(); 00100 00101 // Here are the symbols that we need. 00102 #ifdef KSSL_HAVE_SSL 00103 00104 /* 00105 * SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server 00106 */ 00107 int SSL_connect(SSL *ssl); 00108 00109 /* 00110 * SSL_accept - initiate the TLS/SSL handshake with an TLS/SSL server 00111 */ 00112 int SSL_accept(SSL *ssl); 00113 00114 /* 00115 * SSL_get_error - get the error code 00116 */ 00117 int SSL_get_error(SSL *ssl, int rc); 00118 00119 /* 00120 * SSL_read - read bytes from a TLS/SSL connection. 00121 */ 00122 int SSL_read(SSL *ssl, void *buf, int num); 00123 00124 /* 00125 * SSL_write - write bytes to a TLS/SSL connection. 00126 */ 00127 int SSL_write(SSL *ssl, const void *buf, int num); 00128 00129 /* 00130 * SSL_new - create a new SSL structure for a connection 00131 */ 00132 SSL *SSL_new(SSL_CTX *ctx); 00133 00134 /* 00135 * SSL_free - free an allocated SSL structure 00136 */ 00137 void SSL_free(SSL *ssl); 00138 00139 /* 00140 * SSL_shutdown - shutdown an allocated SSL connection 00141 */ 00142 int SSL_shutdown(SSL *ssl); 00143 00144 /* 00145 * SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions 00146 */ 00147 SSL_CTX *SSL_CTX_new(SSL_METHOD *method); 00148 00149 /* 00150 * SSL_CTX_free - free an allocated SSL_CTX object 00151 */ 00152 void SSL_CTX_free(SSL_CTX *ctx); 00153 00154 /* 00155 * SSL_set_fd - connect the SSL object with a file descriptor 00156 */ 00157 int SSL_set_fd(SSL *ssl, int fd); 00158 00159 /* 00160 * SSL_pending - obtain number of readable bytes buffered in an SSL object 00161 */ 00162 int SSL_pending(SSL *ssl); 00163 00164 /* 00165 * SSL_peek - obtain bytes buffered in an SSL object 00166 */ 00167 int SSL_peek(SSL *ssl, void *buf, int num); 00168 00169 /* 00170 * SSL_CTX_set_cipher_list - choose list of available SSL_CIPHERs 00171 */ 00172 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); 00173 00174 /* 00175 * SSL_CTX_set_verify - set peer certificate verification parameters 00176 */ 00177 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 00178 int (*verify_callback)(int, X509_STORE_CTX *)); 00179 00180 /* 00181 * SSL_use_certificate - load certificate 00182 */ 00183 int SSL_use_certificate(SSL *ssl, X509 *x); 00184 00185 /* 00186 * SSL_get_current_cipher - get SSL_CIPHER of a connection 00187 */ 00188 SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); 00189 00190 /* SSL_set_options - manipulate SSL engine options */ 00191 long _SSL_set_options(SSL *ssl, long options); 00192 00193 /* Returns 0 if not reused, 1 if session id is reused */ 00194 int _SSL_session_reused(SSL *ssl); 00195 00196 /* SSL control */ 00197 long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); 00198 00199 /* 00200 * RAND_egd - set the path to the EGD 00201 */ 00202 int RAND_egd(const char *path); 00203 00204 00205 /* 00206 * RAND_file_name 00207 */ 00208 const char *RAND_file_name(char *buf, size_t num); 00209 00210 00211 /* 00212 * RAND_load_file 00213 */ 00214 int RAND_load_file(const char *filename, long max_bytes); 00215 00216 00217 /* 00218 * RAND_write_file 00219 */ 00220 int RAND_write_file(const char *filename); 00221 00222 00223 /* 00224 * TLSv1_client_method - return a TLSv1 client method object 00225 */ 00226 SSL_METHOD *TLSv1_client_method(); 00227 00228 00229 /* 00230 * SSLv2_client_method - return a SSLv2 client method object 00231 */ 00232 SSL_METHOD *SSLv2_client_method(); 00233 00234 00235 /* 00236 * SSLv3_client_method - return a SSLv3 client method object 00237 */ 00238 SSL_METHOD *SSLv3_client_method(); 00239 00240 00241 /* 00242 * TLS_client_method - return client method object 00243 */ 00244 SSL_METHOD *TLS_client_method(); 00245 00246 00247 /* 00248 * SSL_get_peer_certificate - return the peer's certificate 00249 */ 00250 X509 *SSL_get_peer_certificate(SSL *s); 00251 00252 00253 /* 00254 * SSL_get_peer_cert_chain - get the peer's certificate chain 00255 */ 00256 STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s); 00257 00258 /* 00259 * SSL_CIPHER_get_bits - get the number of bits in this cipher 00260 */ 00261 int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); 00262 00263 00264 /* 00265 * SSL_CIPHER_get_version - get the version of this cipher 00266 */ 00267 char *SSL_CIPHER_get_version(SSL_CIPHER *c); 00268 00269 00270 /* 00271 * SSL_CIPHER_get_name - get the name of this cipher 00272 */ 00273 const char *SSL_CIPHER_get_name(SSL_CIPHER *c); 00274 00275 00276 /* 00277 * SSL_CIPHER_description - get the description of this cipher 00278 */ 00279 char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); 00280 00281 00282 /* 00283 * SSL_CTX_use_PrivateKey - set the private key for the session. 00284 * - for use with client certificates 00285 */ 00286 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 00287 00288 00289 /* 00290 * SSL_CTX_use_certificate - set the client certificate for the session. 00291 */ 00292 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 00293 00294 00295 /* 00296 * d2i_X509 - Covert a text representation of X509 to an X509 object 00297 */ 00298 X509 * d2i_X509(X509 **a,unsigned char **pp,long length); 00299 00300 /* 00301 * d2i_X509 - Covert a text representation of X509 CRL to an X509_CRL object 00302 */ 00303 X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length); 00304 00305 00306 /* 00307 * i2d_X509 - Covert an X509 object into a text representation 00308 */ 00309 int i2d_X509(X509 *a,unsigned char **pp); 00310 00311 00312 /* 00313 * X509_cmp - compare two X509 objects 00314 */ 00315 int X509_cmp(X509 *a, X509 *b); 00316 00317 00318 /* 00319 * X509_subject_name_cmp - compare subject name of two X509 objects 00320 */ 00321 int X509_subject_name_cmp(const X509 *a, const X509 *b); 00322 00323 00324 /* 00325 * X509_dup - duplicate an X509 object 00326 */ 00327 X509 *X509_dup(X509 *x509); 00328 00329 00330 /* 00331 * X509_get0_signature - get signature and algorithm 00332 */ 00333 void X509_get0_signature(const ASN1_BIT_STRING **psig, 00334 const X509_ALGOR **palg, const X509 *x); 00335 00336 00337 00338 /* 00339 * 00340 */ 00341 ASN1_TIME *X509_getm_notAfter(const X509 *x); 00342 00343 00344 /* 00345 * 00346 */ 00347 ASN1_TIME *X509_getm_notBefore(const X509 *x); 00348 00349 00350 /* 00351 * X509_STORE_CTX_new - create an X509 store context 00352 */ 00353 X509_STORE_CTX *X509_STORE_CTX_new(void); 00354 00355 00356 /* 00357 * X509_STORE_CTX_free - free up an X509 store context 00358 */ 00359 void X509_STORE_CTX_free(X509_STORE_CTX *v); 00360 00361 00362 /* 00363 * X509_STORE_CTX_set0_untrusted - set the certificate chain 00364 */ 00365 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *v, STACK_OF(X509)* x); 00366 00367 00368 /* 00369 * X509_STORE_CTX_set_purpose - set the purpose of the certificate 00370 */ 00371 void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose); 00372 00373 00374 /* 00375 * 00376 */ 00377 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); 00378 00379 00380 /* 00381 * 00382 */ 00383 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); 00384 00385 00386 /* 00387 * 00388 */ 00389 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); 00390 00391 00392 /* 00393 * 00394 */ 00395 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); 00396 00397 00398 /* 00399 * 00400 */ 00401 void X509_STORE_set_verify_cb(X509_STORE *ctx, 00402 X509_STORE_CTX_verify_cb verify_cb); 00403 00404 00405 /* 00406 * 00407 */ 00408 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); 00409 00410 00411 /* 00412 * 00413 */ 00414 X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); 00415 00416 00417 /* 00418 * 00419 */ 00420 X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); 00421 00422 00423 /* 00424 * X509_verify_cert - verify the certificate 00425 */ 00426 int X509_verify_cert(X509_STORE_CTX *v); 00427 00428 00429 /* 00430 * X509_STORE_new - create an X509 store 00431 */ 00432 X509_STORE *X509_STORE_new(void); 00433 00434 00435 /* 00436 * X509_STORE_free - free up an X509 store 00437 */ 00438 void X509_STORE_free(X509_STORE *v); 00439 00440 00441 /* 00442 * X509_free - free up an X509 00443 */ 00444 void X509_free(X509 *v); 00445 00446 /* 00447 * X509_CRL_free - free up an X509 CRL 00448 */ 00449 void X509_CRL_free(X509_CRL *v); 00450 00451 00452 /* 00453 * 00454 */ 00455 const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); 00456 00457 00458 /* 00459 * 00460 */ 00461 const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); 00462 00463 00464 /* 00465 * X509_NAME_oneline - return the X509 data in a string 00466 */ 00467 char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); 00468 00469 00470 /* 00471 * X509_get_subject_name - return the X509_NAME for the subject field 00472 */ 00473 X509_NAME *X509_get_subject_name(X509 *a); 00474 00475 00476 /* 00477 * X509_get_issuer_name - return the X509_NAME for the issuer field 00478 */ 00479 X509_NAME *X509_get_issuer_name(X509 *a); 00480 00481 00482 /* 00483 * X509_STORE_add_lookup - add a lookup file/method to an X509 store 00484 */ 00485 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); 00486 00487 00488 /* 00489 * X509_LOOKUP_file - Definition of the LOOKUP_file method 00490 */ 00491 X509_LOOKUP_METHOD *X509_LOOKUP_file(void); 00492 00493 00494 /* 00495 * X509_LOOKUP_free - Free an X509_LOOKUP 00496 */ 00497 void X509_LOOKUP_free(X509_LOOKUP *x); 00498 00499 00500 /* 00501 * X509_LOOKUP_ctrl - This is not normally called directly (use macros) 00502 */ 00503 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); 00504 00505 00506 /* 00507 * X509_STORE_CTX_init - initialize an X509 STORE context 00508 */ 00509 void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain); 00510 00511 00512 /* 00513 * CRYPTO_free - free up an internally allocated object 00514 */ 00515 void CRYPTO_free(void *x); 00516 00517 /* 00518 * BIO_new - create new BIO 00519 */ 00520 BIO *BIO_new(BIO_METHOD *type); 00521 00522 /* 00523 * BIO methods - only one defined here yet 00524 */ 00525 BIO_METHOD *BIO_s_mem(void); 00526 00527 /* 00528 * BIO_new_fp - nastiness called BIO - used to create BIO* from FILE* 00529 */ 00530 BIO *BIO_new_fp(FILE *stream, int close_flag); 00531 00532 /* 00533 * BIO_new_mem_buf - read only BIO from memory region 00534 */ 00535 BIO *BIO_new_mem_buf(void *buf, int len); 00536 00537 /* 00538 * BIO_free - nastiness called BIO - used to destroy BIO* 00539 */ 00540 int BIO_free(BIO *a); 00541 00542 /* 00543 * BIO_ctrl - BIO control method 00544 */ 00545 long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); 00546 00547 /* 00548 * BIO_write - equivalent to ::write for BIO 00549 */ 00550 int BIO_write(BIO *b, const void *data, int len); 00551 00552 /* 00553 * BIO_get_data - retrieve (custom) data from BIO 00554 */ 00555 void *BIO_get_data(BIO *a); 00556 00557 /* 00558 * PEM_write_bio_X509 - write a PEM encoded cert to a BIO* 00559 */ 00560 int PEM_write_bio_X509(BIO *bp, X509 *x); 00561 00562 #if OPENSSL_VERSION_NUMBER < 0x10000000L 00563 /* 00564 * X509_asn1_meth - used for netscape output 00565 */ 00566 ASN1_METHOD *X509_asn1_meth(); 00567 #endif 00568 00569 /* 00570 * ASN1_i2d_fp - used for netscape output 00571 */ 00572 int ASN1_i2d_fp(FILE *out, unsigned char *x); 00573 00574 00575 /* 00576 * ASN1_d2i_fp - read an X509 from a DER encoded file (buf can be NULL) 00577 */ 00578 X509 *X509_d2i_fp(FILE *out, X509** buf); 00579 00580 00581 /* 00582 * X509_print - print the text form of an X509 00583 */ 00584 int X509_print(FILE *fp, X509 *x); 00585 00586 00587 /* 00588 * Read a PKCS#12 cert from fp 00589 */ 00590 PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); 00591 00592 00593 /* 00594 * Change the password on a PKCS#12 cert 00595 */ 00596 int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); 00597 00598 00599 /* 00600 * Write a PKCS#12 to mem 00601 */ 00602 int i2d_PKCS12(PKCS12 *p12, unsigned char **p); 00603 00604 00605 /* 00606 * Write a PKCS#12 to FILE* 00607 */ 00608 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); 00609 00610 00611 /* 00612 * Create a new PKCS#12 object 00613 */ 00614 PKCS12 *PKCS12_new(void); 00615 00616 00617 /* 00618 * Destroy that PKCS#12 that you created! 00619 */ 00620 void PKCS12_free(PKCS12 *a); 00621 00622 00623 /* 00624 * Parse the PKCS#12 00625 */ 00626 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, 00627 X509 **cert, STACK_OF(X509) **ca); 00628 00629 00630 /* 00631 * Free the Private Key 00632 */ 00633 void EVP_PKEY_free(EVP_PKEY *x); 00634 00635 00636 /* 00637 * Pop off the stack 00638 */ 00639 char *OPENSSL_sk_pop(STACK *s); 00640 00641 char *OPENSSL_sk_pop(void *s) { return OPENSSL_sk_pop(reinterpret_cast<STACK*>(s)); } 00642 00643 00644 /* 00645 * Free the stack 00646 */ 00647 void OPENSSL_sk_free(STACK *s); 00648 00649 void OPENSSL_sk_free(void *s) { OPENSSL_sk_free(reinterpret_cast<STACK*>(s)); } 00650 00651 /* 00652 * Number of elements in the stack 00653 */ 00654 int OPENSSL_sk_num(STACK *s); 00655 00656 int OPENSSL_sk_num(void *s) { return OPENSSL_sk_num(reinterpret_cast<STACK*>(s)); } 00657 00658 /* 00659 * Value of element n in the stack 00660 */ 00661 char *OPENSSL_sk_value(STACK *s, int n); 00662 00663 char *OPENSSL_sk_value(void *s, int n) { return OPENSSL_sk_value(reinterpret_cast<STACK*>(s), n); } 00664 00665 /* 00666 * Create a new stack 00667 */ 00668 STACK *OPENSSL_sk_new(int (*cmp)()); 00669 00670 00671 /* 00672 * Add an element to the stack 00673 */ 00674 int OPENSSL_sk_push(STACK *s, char *d); 00675 00676 int OPENSSL_sk_push(void *s, void *d) { return OPENSSL_sk_push(reinterpret_cast<STACK*>(s), reinterpret_cast<char*>(d)); } 00677 00678 /* 00679 * Duplicate the stack 00680 */ 00681 STACK *OPENSSL_sk_dup(const STACK *s); 00682 00683 STACK *OPENSSL_sk_dup(const void *s) { return OPENSSL_sk_dup(reinterpret_cast<const STACK*>(s)); } 00684 00685 /* 00686 * Convert an ASN1_INTEGER to it's text form 00687 */ 00688 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); 00689 00690 00691 /* 00692 * Get the certificate's serial number 00693 */ 00694 ASN1_INTEGER *X509_get_serialNumber(X509 *x); 00695 00696 00697 /* 00698 * Get the certificate's public key 00699 */ 00700 EVP_PKEY *X509_get_pubkey(X509 *x); 00701 00702 00703 /* 00704 * Convert the public key to a decimal form 00705 */ 00706 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); 00707 00708 00709 /* 00710 * Check the private key of a PKCS bundle against the X509 00711 */ 00712 int X509_check_private_key(X509 *x, EVP_PKEY *p); 00713 00714 00715 /* 00716 * Convert a BIGNUM to a hex string 00717 */ 00718 char *BN_bn2hex(const BIGNUM *a); 00719 00720 00721 /* 00722 * Compute the digest of an X.509 00723 */ 00724 int X509_digest(const X509 *x,const EVP_MD *t, unsigned char *md, unsigned int *len); 00725 00726 00727 /* 00728 * EVP_md5 00729 */ 00730 EVP_MD *EVP_md5(); 00731 00732 00733 /* 00734 * ASN1_INTEGER free 00735 */ 00736 void ASN1_INTEGER_free(ASN1_INTEGER *x); 00737 00738 00739 /* 00740 * ASN1_STRING_data 00741 */ 00742 unsigned char *ASN1_STRING_data(ASN1_STRING *x); 00743 00744 /* 00745 * ASN1_STRING_length 00746 */ 00747 int ASN1_STRING_length(ASN1_STRING *x); 00748 00749 /* 00750 * 00751 */ 00752 int OBJ_obj2nid(ASN1_OBJECT *o); 00753 00754 /* 00755 * 00756 */ 00757 const char * OBJ_nid2ln(int n); 00758 00759 /* 00760 * get the number of extensions 00761 */ 00762 int X509_get_ext_count(X509 *x); 00763 00764 /* 00765 * 00766 */ 00767 int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); 00768 00769 /* 00770 * 00771 */ 00772 int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); 00773 00774 /* 00775 * 00776 */ 00777 X509_EXTENSION *X509_get_ext(X509 *x, int loc); 00778 00779 /* 00780 * 00781 */ 00782 X509_EXTENSION *X509_delete_ext(X509 *x, int loc); 00783 00784 /* 00785 * 00786 */ 00787 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 00788 00789 /* 00790 * 00791 */ 00792 void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); 00793 00794 /* 00795 * 00796 */ 00797 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); 00798 00799 /* 00800 * 00801 */ 00802 int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); 00803 00804 /* 00805 * 00806 */ 00807 PKCS7 *PKCS7_new(void); 00808 00809 /* 00810 * 00811 */ 00812 void PKCS7_free(PKCS7 *a); 00813 00814 /* 00815 * 00816 */ 00817 void PKCS7_content_free(PKCS7 *a); 00818 00819 /* 00820 * 00821 */ 00822 int i2d_PKCS7(PKCS7 *a, unsigned char **pp); 00823 00824 /* 00825 * 00826 */ 00827 PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp,long length); 00828 00829 /* 00830 * 00831 */ 00832 int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); 00833 00834 /* 00835 * 00836 */ 00837 PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); 00838 00839 /* 00840 * 00841 */ 00842 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); 00843 00844 /* 00845 * 00846 */ 00847 PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); 00848 00849 /* 00850 * 00851 */ 00852 PKCS7 *PKCS7_dup(PKCS7 *p7); 00853 00854 /* 00855 * Create a PKCS7 signature / signed message 00856 */ 00857 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 00858 BIO *data, int flags); 00859 00860 /* 00861 * Verify a PKCS7 signature. 00862 */ 00863 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 00864 BIO *indata, BIO *out, int flags); 00865 00866 /* 00867 * Get signers of a verified PKCS7 signature 00868 */ 00869 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); 00870 00871 /* 00872 * PKCS7 encrypt message 00873 */ 00874 PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, 00875 int flags); 00876 00877 /* 00878 * decrypt PKCS7 message 00879 */ 00880 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); 00881 00882 00883 /* 00884 * Load a CA list file. 00885 */ 00886 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 00887 00888 /* 00889 * Load a file of PEM encoded objects. 00890 */ 00891 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, 00892 pem_password_cb *cb, void *u); 00893 00894 /* 00895 * Get the number of purposes available 00896 */ 00897 int X509_PURPOSE_get_count(); 00898 00899 00900 /* 00901 * Get the ID of a purpose 00902 */ 00903 int X509_PURPOSE_get_id(X509_PURPOSE *); 00904 00905 00906 /* 00907 * Check the existence of purpose id "id" in x. for CA, set ca = 1, else 0 00908 */ 00909 int X509_check_purpose(X509 *x, int id, int ca); 00910 00911 00912 /* 00913 * Get the purpose with index #idx 00914 */ 00915 X509_PURPOSE * X509_PURPOSE_get0(int idx); 00916 00917 00918 /* 00919 * Create a new Private KEY 00920 */ 00921 EVP_PKEY* EVP_PKEY_new(); 00922 00923 00924 /* 00925 * Get EVP private key type 00926 */ 00927 int EVP_PKEY_base_id(const EVP_PKEY *pkey); 00928 00929 00930 /* 00931 * Assign a private key 00932 */ 00933 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); 00934 00935 00936 /* 00937 * Get RSA key 00938 */ 00939 RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); 00940 00941 00942 /* 00943 * Get DSA key 00944 */ 00945 DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); 00946 00947 00948 /* 00949 * RSA_get0_key - retreive key parameters 00950 */ 00951 void RSA_get0_key(const RSA *r, 00952 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); 00953 00954 00955 /* 00956 * Generate a RSA key 00957 */ 00958 RSA *RSA_generate_key(int bits, unsigned long e, void 00959 (*callback)(int,int,void *), void *cb_arg); 00960 00961 00962 /* 00963 * DSA_get0_pqg - retreive key parameters 00964 */ 00965 void DSA_get0_pqg(const DSA *d, 00966 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); 00967 00968 00969 /* 00970 * DSA_get0_key - retreive key 00971 */ 00972 void DSA_get0_key(const DSA *d, 00973 const BIGNUM **pub_key, const BIGNUM **priv_key); 00974 00975 00976 /* 00977 * Create/destroy a certificate request 00978 */ 00979 X509_REQ *X509_REQ_new(); 00980 void X509_REQ_free(X509_REQ *a); 00981 00982 00983 /* 00984 * Set the public key in the REQ object 00985 */ 00986 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); 00987 00988 /* for testing */ 00989 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x); 00990 00991 /* SMime support */ 00992 STACK *X509_get1_email(X509 *x); 00993 void X509_email_free(STACK *sk); 00994 00995 /* Ciphers needed for SMime */ 00996 EVP_CIPHER *EVP_des_ede3_cbc(); 00997 EVP_CIPHER *EVP_des_cbc(); 00998 EVP_CIPHER *EVP_rc2_cbc(); 00999 EVP_CIPHER *EVP_rc2_64_cbc(); 01000 EVP_CIPHER *EVP_rc2_40_cbc(); 01001 01002 /* clear the current error - use this often*/ 01003 void ERR_clear_error(); 01004 01005 /* retrieve the latest error */ 01006 unsigned long ERR_get_error(); 01007 01008 /* Print the errors to this stream */ 01009 void ERR_print_errors_fp(FILE *fp); 01010 01011 /* Get a pointer to the SSL session id (reference counted) */ 01012 SSL_SESSION *SSL_get1_session(SSL *ssl); 01013 01014 /* Frees a pointer to the SSL session id (reference decremented if needed) */ 01015 void SSL_SESSION_free(SSL_SESSION *session); 01016 01017 /* Set the SSL session to reuse. */ 01018 int SSL_set_session(SSL *ssl, SSL_SESSION *session); 01019 01020 /* Decode ASN.1 to SSL_SESSION */ 01021 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length); 01022 /* Encode SSL_SESSION to ASN.1 */ 01023 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); 01024 01025 /* Write privatekey to FILE stream */ 01026 int i2d_PrivateKey_fp(FILE*, EVP_PKEY*); 01027 01028 /* Write PKCS#8privatekey to FILE stream */ 01029 int i2d_PKCS8PrivateKey_fp(FILE*, EVP_PKEY*, const EVP_CIPHER*, char*, int, pem_password_cb*, void*); 01030 01031 /* Free RSA structure */ 01032 void RSA_free(RSA*); 01033 01034 /* Get a blowfish CBC pointer */ 01035 EVP_CIPHER *EVP_bf_cbc(); 01036 01037 /* Sign a CSR */ 01038 int X509_REQ_sign(X509_REQ*, EVP_PKEY*, const EVP_MD*); 01039 01040 /* add a name entry */ 01041 int X509_NAME_add_entry_by_txt(X509_NAME*, char*, int, unsigned char*, int, int, int); 01042 01043 /* Create a name */ 01044 X509_NAME *X509_NAME_new(); 01045 01046 /* Set the subject */ 01047 int X509_REQ_set_subject_name(X509_REQ*,X509_NAME*); 01048 01049 /* get list of available SSL_CIPHER's sorted by preference */ 01050 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL* ssl); 01051 01052 01053 /* cover KOpenSSLProxy API compatibility */ 01054 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_API_COMPAT < 0x10100000L 01055 # undef sk_dup 01056 # undef sk_free 01057 # undef sk_new 01058 # undef sk_num 01059 # undef sk_pop 01060 # undef sk_push 01061 # undef sk_value 01062 # undef X509_STORE_CTX_set_chain 01063 # undef SSLv23_client_method 01064 #endif 01065 STACK *sk_dup(const STACK *s) KDE_DEPRECATED; 01066 void sk_free(STACK *s) KDE_DEPRECATED; 01067 STACK *sk_new(int (*cmp)()) KDE_DEPRECATED; 01068 int sk_num(STACK *s) KDE_DEPRECATED; 01069 char *sk_pop(STACK *s) KDE_DEPRECATED; 01070 int sk_push(STACK *s, char *d) KDE_DEPRECATED; 01071 char *sk_value(STACK *s, int n) KDE_DEPRECATED; 01072 void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) KDE_DEPRECATED; 01073 SSL_METHOD *SSLv23_client_method() KDE_DEPRECATED; 01074 01075 #endif 01076 01077 private: 01078 KOpenSSLProxy(); 01079 ~KOpenSSLProxy(); 01080 KOpenSSLProxyPrivate *d; 01081 01082 KLibrary *_sslLib; 01083 KLibrary *_cryptoLib; 01084 static KOpenSSLProxy *_me; 01085 01086 bool _ok; 01087 }; 01088 01089 #endif 01090