kopenssl.h
00001 /* This file is part of the KDE libraries 00002 Copyright (C) 2001-2003 George Staikos <staikos@kde.org> 00003 00004 This library is free software; you can redistribute it and/or 00005 modify it under the terms of the GNU Library General Public 00006 License version 2 as published by the Free Software Foundation. 00007 00008 This library is distributed in the hope that it will be useful, 00009 but WITHOUT ANY WARRANTY; without even the implied warranty of 00010 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 00011 Library General Public License for more details. 00012 00013 You should have received a copy of the GNU Library General Public License 00014 along with this library; see the file COPYING.LIB. If not, write to 00015 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 00016 Boston, MA 02110-1301, USA. 00017 */ 00018 00019 00020 // IF YOU ARE USING THIS CLASS, YOU ARE MAKING A MISTAKE. 00021 00022 #ifndef __KOPENSSLPROXY_H 00023 #define __KOPENSSLPROXY_H 00024 00025 #define KOSSL KOpenSSLProxy 00026 class KOpenSSLProxyPrivate; 00027 00028 #include <klibloader.h> 00029 00030 #ifdef Q_WS_WIN 00031 #include "ksslconfig_win.h" 00032 #else 00033 #include "ksslconfig.h" 00034 #endif 00035 00036 #ifdef KSSL_HAVE_SSL 00037 #define crypt _openssl_crypt 00038 #include <openssl/ssl.h> 00039 #include <openssl/x509.h> 00040 #include <openssl/x509v3.h> 00041 #include <openssl/pem.h> 00042 #include <openssl/bio.h> 00043 #include <openssl/rand.h> 00044 #include <openssl/asn1.h> 00045 #include <openssl/pkcs7.h> 00046 #include <openssl/pkcs12.h> 00047 #include <openssl/evp.h> 00048 #include <openssl/stack.h> 00049 #include <openssl/bn.h> 00050 #undef crypt 00051 00052 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) 00053 #define STACK OPENSSL_STACK 00054 #else 00055 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 00056 #define STACK _STACK 00057 #endif 00058 #endif 00059 #endif 00060 00061 #include <kstaticdeleter.h> 00062 00063 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) 00064 typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); 00065 typedef int X509_LOOKUP_TYPE; 00066 #endif 00067 00076 class TDEIO_EXPORT KOpenSSLProxy { 00077 friend class KStaticDeleter<KOpenSSLProxy>; 00078 public: 00079 00084 static KOpenSSLProxy *self(); 00085 00089 bool hasLibCrypto() const; 00090 00094 bool hasLibSSL() const; 00095 00100 void destroy(); 00101 00102 // Here are the symbols that we need. 00103 #ifdef KSSL_HAVE_SSL 00104 00105 /* 00106 * SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server 00107 */ 00108 int SSL_connect(SSL *ssl); 00109 00110 /* 00111 * SSL_accept - initiate the TLS/SSL handshake with an TLS/SSL server 00112 */ 00113 int SSL_accept(SSL *ssl); 00114 00115 /* 00116 * SSL_get_error - get the error code 00117 */ 00118 int SSL_get_error(SSL *ssl, int rc); 00119 00120 /* 00121 * SSL_read - read bytes from a TLS/SSL connection. 00122 */ 00123 int SSL_read(SSL *ssl, void *buf, int num); 00124 00125 /* 00126 * SSL_write - write bytes to a TLS/SSL connection. 00127 */ 00128 int SSL_write(SSL *ssl, const void *buf, int num); 00129 00130 /* 00131 * SSL_new - create a new SSL structure for a connection 00132 */ 00133 SSL *SSL_new(SSL_CTX *ctx); 00134 00135 /* 00136 * SSL_free - free an allocated SSL structure 00137 */ 00138 void SSL_free(SSL *ssl); 00139 00140 /* 00141 * SSL_shutdown - shutdown an allocated SSL connection 00142 */ 00143 int SSL_shutdown(SSL *ssl); 00144 00145 /* 00146 * SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions 00147 */ 00148 SSL_CTX *SSL_CTX_new(SSL_METHOD *method); 00149 00150 /* 00151 * SSL_CTX_free - free an allocated SSL_CTX object 00152 */ 00153 void SSL_CTX_free(SSL_CTX *ctx); 00154 00155 /* 00156 * SSL_set_fd - connect the SSL object with a file descriptor 00157 */ 00158 int SSL_set_fd(SSL *ssl, int fd); 00159 00160 /* 00161 * SSL_pending - obtain number of readable bytes buffered in an SSL object 00162 */ 00163 int SSL_pending(SSL *ssl); 00164 00165 /* 00166 * SSL_peek - obtain bytes buffered in an SSL object 00167 */ 00168 int SSL_peek(SSL *ssl, void *buf, int num); 00169 00170 /* 00171 * SSL_CTX_set_cipher_list - choose list of available SSL_CIPHERs 00172 */ 00173 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); 00174 00175 /* 00176 * SSL_CTX_set_verify - set peer certificate verification parameters 00177 */ 00178 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 00179 int (*verify_callback)(int, X509_STORE_CTX *)); 00180 00181 /* 00182 * SSL_use_certificate - load certificate 00183 */ 00184 int SSL_use_certificate(SSL *ssl, X509 *x); 00185 00186 /* 00187 * SSL_get_current_cipher - get SSL_CIPHER of a connection 00188 */ 00189 SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); 00190 00191 /* SSL_set_options - manipulate SSL engine options */ 00192 long _SSL_set_options(SSL *ssl, long options); 00193 00194 /* Returns 0 if not reused, 1 if session id is reused */ 00195 int _SSL_session_reused(SSL *ssl); 00196 00197 /* SSL control */ 00198 long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); 00199 00200 /* 00201 * RAND_egd - set the path to the EGD 00202 */ 00203 int RAND_egd(const char *path); 00204 00205 00206 /* 00207 * RAND_file_name 00208 */ 00209 const char *RAND_file_name(char *buf, size_t num); 00210 00211 00212 /* 00213 * RAND_load_file 00214 */ 00215 int RAND_load_file(const char *filename, long max_bytes); 00216 00217 00218 /* 00219 * RAND_write_file 00220 */ 00221 int RAND_write_file(const char *filename); 00222 00223 00224 /* 00225 * TLSv1_client_method - return a TLSv1 client method object 00226 */ 00227 SSL_METHOD *TLSv1_client_method(); 00228 00229 00230 /* 00231 * SSLv2_client_method - return a SSLv2 client method object 00232 */ 00233 SSL_METHOD *SSLv2_client_method(); 00234 00235 00236 /* 00237 * SSLv3_client_method - return a SSLv3 client method object 00238 */ 00239 SSL_METHOD *SSLv3_client_method(); 00240 00241 00242 /* 00243 * TLS_client_method - return client method object 00244 */ 00245 SSL_METHOD *TLS_client_method(); 00246 00247 00248 /* 00249 * SSL_get_peer_certificate - return the peer's certificate 00250 */ 00251 X509 *SSL_get_peer_certificate(SSL *s); 00252 00253 00254 /* 00255 * SSL_get_peer_cert_chain - get the peer's certificate chain 00256 */ 00257 STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s); 00258 00259 /* 00260 * SSL_CIPHER_get_bits - get the number of bits in this cipher 00261 */ 00262 int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); 00263 00264 00265 /* 00266 * SSL_CIPHER_get_version - get the version of this cipher 00267 */ 00268 char *SSL_CIPHER_get_version(SSL_CIPHER *c); 00269 00270 00271 /* 00272 * SSL_CIPHER_get_name - get the name of this cipher 00273 */ 00274 const char *SSL_CIPHER_get_name(SSL_CIPHER *c); 00275 00276 00277 /* 00278 * SSL_CIPHER_description - get the description of this cipher 00279 */ 00280 char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); 00281 00282 00283 /* 00284 * SSL_CTX_use_PrivateKey - set the private key for the session. 00285 * - for use with client certificates 00286 */ 00287 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 00288 00289 00290 /* 00291 * SSL_CTX_use_certificate - set the client certificate for the session. 00292 */ 00293 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 00294 00295 00296 /* 00297 * d2i_X509 - Covert a text representation of X509 to an X509 object 00298 */ 00299 X509 * d2i_X509(X509 **a,unsigned char **pp,long length); 00300 00301 /* 00302 * d2i_X509 - Covert a text representation of X509 CRL to an X509_CRL object 00303 */ 00304 X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length); 00305 00306 00307 /* 00308 * i2d_X509 - Covert an X509 object into a text representation 00309 */ 00310 int i2d_X509(X509 *a,unsigned char **pp); 00311 00312 00313 /* 00314 * X509_cmp - compare two X509 objects 00315 */ 00316 int X509_cmp(X509 *a, X509 *b); 00317 00318 00319 /* 00320 * X509_subject_name_cmp - compare subject name of two X509 objects 00321 */ 00322 int X509_subject_name_cmp(const X509 *a, const X509 *b); 00323 00324 00325 /* 00326 * X509_dup - duplicate an X509 object 00327 */ 00328 X509 *X509_dup(X509 *x509); 00329 00330 00331 /* 00332 * X509_get0_signature - get signature and algorithm 00333 */ 00334 void X509_get0_signature(const ASN1_BIT_STRING **psig, 00335 const X509_ALGOR **palg, const X509 *x); 00336 00337 00338 00339 /* 00340 * 00341 */ 00342 ASN1_TIME *X509_getm_notAfter(const X509 *x); 00343 00344 00345 /* 00346 * 00347 */ 00348 ASN1_TIME *X509_getm_notBefore(const X509 *x); 00349 00350 00351 /* 00352 * X509_STORE_CTX_new - create an X509 store context 00353 */ 00354 X509_STORE_CTX *X509_STORE_CTX_new(void); 00355 00356 00357 /* 00358 * X509_STORE_CTX_free - free up an X509 store context 00359 */ 00360 void X509_STORE_CTX_free(X509_STORE_CTX *v); 00361 00362 00363 /* 00364 * X509_STORE_CTX_set0_untrusted - set the certificate chain 00365 */ 00366 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *v, STACK_OF(X509)* x); 00367 00368 00369 /* 00370 * X509_STORE_CTX_set_purpose - set the purpose of the certificate 00371 */ 00372 void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose); 00373 00374 00375 /* 00376 * 00377 */ 00378 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); 00379 00380 00381 /* 00382 * 00383 */ 00384 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); 00385 00386 00387 /* 00388 * 00389 */ 00390 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); 00391 00392 00393 /* 00394 * 00395 */ 00396 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); 00397 00398 00399 /* 00400 * 00401 */ 00402 void X509_STORE_set_verify_cb(X509_STORE *ctx, 00403 X509_STORE_CTX_verify_cb verify_cb); 00404 00405 00406 /* 00407 * 00408 */ 00409 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); 00410 00411 00412 /* 00413 * 00414 */ 00415 X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); 00416 00417 00418 /* 00419 * 00420 */ 00421 X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); 00422 00423 00424 /* 00425 * X509_verify_cert - verify the certificate 00426 */ 00427 int X509_verify_cert(X509_STORE_CTX *v); 00428 00429 00430 /* 00431 * X509_STORE_new - create an X509 store 00432 */ 00433 X509_STORE *X509_STORE_new(void); 00434 00435 00436 /* 00437 * X509_STORE_free - free up an X509 store 00438 */ 00439 void X509_STORE_free(X509_STORE *v); 00440 00441 00442 /* 00443 * X509_free - free up an X509 00444 */ 00445 void X509_free(X509 *v); 00446 00447 /* 00448 * X509_CRL_free - free up an X509 CRL 00449 */ 00450 void X509_CRL_free(X509_CRL *v); 00451 00452 00453 /* 00454 * 00455 */ 00456 const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); 00457 00458 00459 /* 00460 * 00461 */ 00462 const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); 00463 00464 00465 /* 00466 * X509_NAME_oneline - return the X509 data in a string 00467 */ 00468 char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); 00469 00470 00471 /* 00472 * X509_get_subject_name - return the X509_NAME for the subject field 00473 */ 00474 X509_NAME *X509_get_subject_name(X509 *a); 00475 00476 00477 /* 00478 * X509_get_issuer_name - return the X509_NAME for the issuer field 00479 */ 00480 X509_NAME *X509_get_issuer_name(X509 *a); 00481 00482 00483 /* 00484 * X509_STORE_add_lookup - add a lookup file/method to an X509 store 00485 */ 00486 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); 00487 00488 00489 /* 00490 * X509_LOOKUP_file - Definition of the LOOKUP_file method 00491 */ 00492 X509_LOOKUP_METHOD *X509_LOOKUP_file(void); 00493 00494 00495 /* 00496 * X509_LOOKUP_free - Free an X509_LOOKUP 00497 */ 00498 void X509_LOOKUP_free(X509_LOOKUP *x); 00499 00500 00501 /* 00502 * X509_LOOKUP_ctrl - This is not normally called directly (use macros) 00503 */ 00504 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); 00505 00506 00507 /* 00508 * X509_STORE_CTX_init - initialize an X509 STORE context 00509 */ 00510 void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain); 00511 00512 00513 /* 00514 * CRYPTO_free - free up an internally allocated object 00515 */ 00516 void CRYPTO_free(void *x); 00517 00518 /* 00519 * BIO_new - create new BIO 00520 */ 00521 BIO *BIO_new(BIO_METHOD *type); 00522 00523 /* 00524 * BIO methods - only one defined here yet 00525 */ 00526 BIO_METHOD *BIO_s_mem(void); 00527 00528 /* 00529 * BIO_new_fp - nastiness called BIO - used to create BIO* from FILE* 00530 */ 00531 BIO *BIO_new_fp(FILE *stream, int close_flag); 00532 00533 /* 00534 * BIO_new_mem_buf - read only BIO from memory region 00535 */ 00536 BIO *BIO_new_mem_buf(void *buf, int len); 00537 00538 /* 00539 * BIO_free - nastiness called BIO - used to destroy BIO* 00540 */ 00541 int BIO_free(BIO *a); 00542 00543 /* 00544 * BIO_ctrl - BIO control method 00545 */ 00546 long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); 00547 00548 /* 00549 * BIO_write - equivalent to ::write for BIO 00550 */ 00551 int BIO_write(BIO *b, const void *data, int len); 00552 00553 /* 00554 * BIO_get_data - retrieve (custom) data from BIO 00555 */ 00556 void *BIO_get_data(BIO *a); 00557 00558 /* 00559 * PEM_write_bio_X509 - write a PEM encoded cert to a BIO* 00560 */ 00561 int PEM_write_bio_X509(BIO *bp, X509 *x); 00562 00563 #if OPENSSL_VERSION_NUMBER < 0x10000000L 00564 /* 00565 * X509_asn1_meth - used for netscape output 00566 */ 00567 ASN1_METHOD *X509_asn1_meth(); 00568 #endif 00569 00570 /* 00571 * ASN1_i2d_fp - used for netscape output 00572 */ 00573 int ASN1_i2d_fp(FILE *out, unsigned char *x); 00574 00575 00576 /* 00577 * ASN1_d2i_fp - read an X509 from a DER encoded file (buf can be NULL) 00578 */ 00579 X509 *X509_d2i_fp(FILE *out, X509** buf); 00580 00581 00582 /* 00583 * X509_print - print the text form of an X509 00584 */ 00585 int X509_print(FILE *fp, X509 *x); 00586 00587 00588 /* 00589 * Read a PKCS#12 cert from fp 00590 */ 00591 PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); 00592 00593 00594 /* 00595 * Change the password on a PKCS#12 cert 00596 */ 00597 int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); 00598 00599 00600 /* 00601 * Write a PKCS#12 to mem 00602 */ 00603 int i2d_PKCS12(PKCS12 *p12, unsigned char **p); 00604 00605 00606 /* 00607 * Write a PKCS#12 to FILE* 00608 */ 00609 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); 00610 00611 00612 /* 00613 * Create a new PKCS#12 object 00614 */ 00615 PKCS12 *PKCS12_new(void); 00616 00617 00618 /* 00619 * Destroy that PKCS#12 that you created! 00620 */ 00621 void PKCS12_free(PKCS12 *a); 00622 00623 00624 /* 00625 * Parse the PKCS#12 00626 */ 00627 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, 00628 X509 **cert, STACK_OF(X509) **ca); 00629 00630 00631 /* 00632 * Free the Private Key 00633 */ 00634 void EVP_PKEY_free(EVP_PKEY *x); 00635 00636 00637 /* 00638 * Pop off the stack 00639 */ 00640 char *OPENSSL_sk_pop(STACK *s); 00641 00642 char *OPENSSL_sk_pop(void *s) { return OPENSSL_sk_pop(reinterpret_cast<STACK*>(s)); } 00643 00644 00645 /* 00646 * Free the stack 00647 */ 00648 void OPENSSL_sk_free(STACK *s); 00649 00650 void OPENSSL_sk_free(void *s) { OPENSSL_sk_free(reinterpret_cast<STACK*>(s)); } 00651 00652 /* 00653 * Number of elements in the stack 00654 */ 00655 int OPENSSL_sk_num(STACK *s); 00656 00657 int OPENSSL_sk_num(void *s) { return OPENSSL_sk_num(reinterpret_cast<STACK*>(s)); } 00658 00659 /* 00660 * Value of element n in the stack 00661 */ 00662 char *OPENSSL_sk_value(STACK *s, int n); 00663 00664 char *OPENSSL_sk_value(void *s, int n) { return OPENSSL_sk_value(reinterpret_cast<STACK*>(s), n); } 00665 00666 /* 00667 * Create a new stack 00668 */ 00669 STACK *OPENSSL_sk_new(int (*cmp)()); 00670 00671 00672 /* 00673 * Add an element to the stack 00674 */ 00675 int OPENSSL_sk_push(STACK *s, char *d); 00676 00677 int OPENSSL_sk_push(void *s, void *d) { return OPENSSL_sk_push(reinterpret_cast<STACK*>(s), reinterpret_cast<char*>(d)); } 00678 00679 /* 00680 * Duplicate the stack 00681 */ 00682 STACK *OPENSSL_sk_dup(const STACK *s); 00683 00684 STACK *OPENSSL_sk_dup(const void *s) { return OPENSSL_sk_dup(reinterpret_cast<const STACK*>(s)); } 00685 00686 /* 00687 * Convert an ASN1_INTEGER to it's text form 00688 */ 00689 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); 00690 00691 00692 /* 00693 * Get the certificate's serial number 00694 */ 00695 ASN1_INTEGER *X509_get_serialNumber(X509 *x); 00696 00697 00698 /* 00699 * Get the certificate's public key 00700 */ 00701 EVP_PKEY *X509_get_pubkey(X509 *x); 00702 00703 00704 /* 00705 * Convert the public key to a decimal form 00706 */ 00707 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); 00708 00709 00710 /* 00711 * Check the private key of a PKCS bundle against the X509 00712 */ 00713 int X509_check_private_key(X509 *x, EVP_PKEY *p); 00714 00715 00716 /* 00717 * Convert a BIGNUM to a hex string 00718 */ 00719 char *BN_bn2hex(const BIGNUM *a); 00720 00721 00722 /* 00723 * Compute the digest of an X.509 00724 */ 00725 int X509_digest(const X509 *x,const EVP_MD *t, unsigned char *md, unsigned int *len); 00726 00727 00728 /* 00729 * EVP_md5 00730 */ 00731 EVP_MD *EVP_md5(); 00732 00733 00734 /* 00735 * ASN1_INTEGER free 00736 */ 00737 void ASN1_INTEGER_free(ASN1_INTEGER *x); 00738 00739 00740 /* 00741 * ASN1_STRING_data 00742 */ 00743 unsigned char *ASN1_STRING_data(ASN1_STRING *x); 00744 00745 /* 00746 * ASN1_STRING_length 00747 */ 00748 int ASN1_STRING_length(ASN1_STRING *x); 00749 00750 /* 00751 * 00752 */ 00753 int OBJ_obj2nid(ASN1_OBJECT *o); 00754 00755 /* 00756 * 00757 */ 00758 const char * OBJ_nid2ln(int n); 00759 00760 /* 00761 * get the number of extensions 00762 */ 00763 int X509_get_ext_count(X509 *x); 00764 00765 /* 00766 * 00767 */ 00768 int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); 00769 00770 /* 00771 * 00772 */ 00773 int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); 00774 00775 /* 00776 * 00777 */ 00778 X509_EXTENSION *X509_get_ext(X509 *x, int loc); 00779 00780 /* 00781 * 00782 */ 00783 X509_EXTENSION *X509_delete_ext(X509 *x, int loc); 00784 00785 /* 00786 * 00787 */ 00788 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 00789 00790 /* 00791 * 00792 */ 00793 void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); 00794 00795 /* 00796 * 00797 */ 00798 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); 00799 00800 /* 00801 * 00802 */ 00803 int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); 00804 00805 /* 00806 * 00807 */ 00808 PKCS7 *PKCS7_new(void); 00809 00810 /* 00811 * 00812 */ 00813 void PKCS7_free(PKCS7 *a); 00814 00815 /* 00816 * 00817 */ 00818 void PKCS7_content_free(PKCS7 *a); 00819 00820 /* 00821 * 00822 */ 00823 int i2d_PKCS7(PKCS7 *a, unsigned char **pp); 00824 00825 /* 00826 * 00827 */ 00828 PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp,long length); 00829 00830 /* 00831 * 00832 */ 00833 int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); 00834 00835 /* 00836 * 00837 */ 00838 PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); 00839 00840 /* 00841 * 00842 */ 00843 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); 00844 00845 /* 00846 * 00847 */ 00848 PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); 00849 00850 /* 00851 * 00852 */ 00853 PKCS7 *PKCS7_dup(PKCS7 *p7); 00854 00855 /* 00856 * Create a PKCS7 signature / signed message 00857 */ 00858 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 00859 BIO *data, int flags); 00860 00861 /* 00862 * Verify a PKCS7 signature. 00863 */ 00864 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 00865 BIO *indata, BIO *out, int flags); 00866 00867 /* 00868 * Get signers of a verified PKCS7 signature 00869 */ 00870 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); 00871 00872 /* 00873 * PKCS7 encrypt message 00874 */ 00875 PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, 00876 int flags); 00877 00878 /* 00879 * decrypt PKCS7 message 00880 */ 00881 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); 00882 00883 00884 /* 00885 * Load a CA list file. 00886 */ 00887 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 00888 00889 /* 00890 * Load a file of PEM encoded objects. 00891 */ 00892 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, 00893 pem_password_cb *cb, void *u); 00894 00895 /* 00896 * Get the number of purposes available 00897 */ 00898 int X509_PURPOSE_get_count(); 00899 00900 00901 /* 00902 * Get the ID of a purpose 00903 */ 00904 int X509_PURPOSE_get_id(X509_PURPOSE *); 00905 00906 00907 /* 00908 * Check the existence of purpose id "id" in x. for CA, set ca = 1, else 0 00909 */ 00910 int X509_check_purpose(X509 *x, int id, int ca); 00911 00912 00913 /* 00914 * Get the purpose with index #idx 00915 */ 00916 X509_PURPOSE * X509_PURPOSE_get0(int idx); 00917 00918 00919 /* 00920 * Create a new Private KEY 00921 */ 00922 EVP_PKEY* EVP_PKEY_new(); 00923 00924 00925 /* 00926 * Get EVP private key type 00927 */ 00928 int EVP_PKEY_base_id(const EVP_PKEY *pkey); 00929 00930 00931 /* 00932 * Assign a private key 00933 */ 00934 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); 00935 00936 00937 /* 00938 * Get RSA key 00939 */ 00940 RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); 00941 00942 00943 /* 00944 * Get DSA key 00945 */ 00946 DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); 00947 00948 00949 /* 00950 * RSA_get0_key - retreive key parameters 00951 */ 00952 void RSA_get0_key(const RSA *r, 00953 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); 00954 00955 00956 /* 00957 * Generate a RSA key 00958 */ 00959 RSA *RSA_generate_key(int bits, unsigned long e, void 00960 (*callback)(int,int,void *), void *cb_arg); 00961 00962 00963 /* 00964 * DSA_get0_pqg - retreive key parameters 00965 */ 00966 void DSA_get0_pqg(const DSA *d, 00967 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); 00968 00969 00970 /* 00971 * DSA_get0_key - retreive key 00972 */ 00973 void DSA_get0_key(const DSA *d, 00974 const BIGNUM **pub_key, const BIGNUM **priv_key); 00975 00976 00977 /* 00978 * Create/destroy a certificate request 00979 */ 00980 X509_REQ *X509_REQ_new(); 00981 void X509_REQ_free(X509_REQ *a); 00982 00983 00984 /* 00985 * Set the public key in the REQ object 00986 */ 00987 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); 00988 00989 /* for testing */ 00990 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x); 00991 00992 /* SMime support */ 00993 STACK *X509_get1_email(X509 *x); 00994 void X509_email_free(STACK *sk); 00995 00996 /* Ciphers needed for SMime */ 00997 EVP_CIPHER *EVP_des_ede3_cbc(); 00998 EVP_CIPHER *EVP_des_cbc(); 00999 EVP_CIPHER *EVP_rc2_cbc(); 01000 EVP_CIPHER *EVP_rc2_64_cbc(); 01001 EVP_CIPHER *EVP_rc2_40_cbc(); 01002 01003 /* clear the current error - use this often*/ 01004 void ERR_clear_error(); 01005 01006 /* retrieve the latest error */ 01007 unsigned long ERR_get_error(); 01008 01009 /* Print the errors to this stream */ 01010 void ERR_print_errors_fp(FILE *fp); 01011 01012 /* Get a pointer to the SSL session id (reference counted) */ 01013 SSL_SESSION *SSL_get1_session(SSL *ssl); 01014 01015 /* Frees a pointer to the SSL session id (reference decremented if needed) */ 01016 void SSL_SESSION_free(SSL_SESSION *session); 01017 01018 /* Set the SSL session to reuse. */ 01019 int SSL_set_session(SSL *ssl, SSL_SESSION *session); 01020 01021 /* Decode ASN.1 to SSL_SESSION */ 01022 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length); 01023 /* Encode SSL_SESSION to ASN.1 */ 01024 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); 01025 01026 /* Write privatekey to FILE stream */ 01027 int i2d_PrivateKey_fp(FILE*, EVP_PKEY*); 01028 01029 /* Write PKCS#8privatekey to FILE stream */ 01030 int i2d_PKCS8PrivateKey_fp(FILE*, EVP_PKEY*, const EVP_CIPHER*, char*, int, pem_password_cb*, void*); 01031 01032 /* Free RSA structure */ 01033 void RSA_free(RSA*); 01034 01035 /* Get a blowfish CBC pointer */ 01036 EVP_CIPHER *EVP_bf_cbc(); 01037 01038 /* Sign a CSR */ 01039 int X509_REQ_sign(X509_REQ*, EVP_PKEY*, const EVP_MD*); 01040 01041 /* add a name entry */ 01042 int X509_NAME_add_entry_by_txt(X509_NAME*, char*, int, unsigned char*, int, int, int); 01043 01044 /* Create a name */ 01045 X509_NAME *X509_NAME_new(); 01046 01047 /* Set the subject */ 01048 int X509_REQ_set_subject_name(X509_REQ*,X509_NAME*); 01049 01050 /* get list of available SSL_CIPHER's sorted by preference */ 01051 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL* ssl); 01052 01053 01054 /* cover KOpenSSLProxy API compatibility */ 01055 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_API_COMPAT < 0x10100000L 01056 # undef sk_dup 01057 # undef sk_free 01058 # undef sk_new 01059 # undef sk_num 01060 # undef sk_pop 01061 # undef sk_push 01062 # undef sk_value 01063 # undef X509_STORE_CTX_set_chain 01064 # undef SSLv23_client_method 01065 #endif 01066 STACK *sk_dup(const STACK *s) KDE_DEPRECATED; 01067 void sk_free(STACK *s) KDE_DEPRECATED; 01068 STACK *sk_new(int (*cmp)()) KDE_DEPRECATED; 01069 int sk_num(STACK *s) KDE_DEPRECATED; 01070 char *sk_pop(STACK *s) KDE_DEPRECATED; 01071 int sk_push(STACK *s, char *d) KDE_DEPRECATED; 01072 char *sk_value(STACK *s, int n) KDE_DEPRECATED; 01073 void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) KDE_DEPRECATED; 01074 SSL_METHOD *SSLv23_client_method() KDE_DEPRECATED; 01075 01076 #endif 01077 01078 private: 01079 KOpenSSLProxy(); 01080 ~KOpenSSLProxy(); 01081 KOpenSSLProxyPrivate *d; 01082 01083 KLibrary *_sslLib; 01084 KLibrary *_cryptoLib; 01085 static KOpenSSLProxy *_me; 01086 01087 bool _ok; 01088 }; 01089 01090 #endif 01091