1 | /**************************************************************************** |
2 | ** |
3 | ** Copyright (C) 2017 The Qt Company Ltd. |
4 | ** Contact: https://www.qt.io/licensing/ |
5 | ** |
6 | ** This file is part of the QtNetwork module of the Qt Toolkit. |
7 | ** |
8 | ** $QT_BEGIN_LICENSE:LGPL$ |
9 | ** Commercial License Usage |
10 | ** Licensees holding valid commercial Qt licenses may use this file in |
11 | ** accordance with the commercial license agreement provided with the |
12 | ** Software or, alternatively, in accordance with the terms contained in |
13 | ** a written agreement between you and The Qt Company. For licensing terms |
14 | ** and conditions see https://www.qt.io/terms-conditions. For further |
15 | ** information use the contact form at https://www.qt.io/contact-us. |
16 | ** |
17 | ** GNU Lesser General Public License Usage |
18 | ** Alternatively, this file may be used under the terms of the GNU Lesser |
19 | ** General Public License version 3 as published by the Free Software |
20 | ** Foundation and appearing in the file LICENSE.LGPL3 included in the |
21 | ** packaging of this file. Please review the following information to |
22 | ** ensure the GNU Lesser General Public License version 3 requirements |
23 | ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
24 | ** |
25 | ** GNU General Public License Usage |
26 | ** Alternatively, this file may be used under the terms of the GNU |
27 | ** General Public License version 2.0 or (at your option) the GNU General |
28 | ** Public license version 3 or any later version approved by the KDE Free |
29 | ** Qt Foundation. The licenses are as published by the Free Software |
30 | ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
31 | ** included in the packaging of this file. Please review the following |
32 | ** information to ensure the GNU General Public License requirements will |
33 | ** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
34 | ** https://www.gnu.org/licenses/gpl-3.0.html. |
35 | ** |
36 | ** $QT_END_LICENSE$ |
37 | ** |
38 | ****************************************************************************/ |
39 | |
40 | /**************************************************************************** |
41 | ** |
42 | ** In addition, as a special exception, the copyright holders listed above give |
43 | ** permission to link the code of its release of Qt with the OpenSSL project's |
44 | ** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the |
45 | ** same license as the original version), and distribute the linked executables. |
46 | ** |
47 | ** You must comply with the GNU General Public License version 2 in all |
48 | ** respects for all of the code used other than the "OpenSSL" code. If you |
49 | ** modify this file, you may extend this exception to your version of the file, |
50 | ** but you are not obligated to do so. If you do not wish to do so, delete |
51 | ** this exception statement from your version of this file. |
52 | ** |
53 | ****************************************************************************/ |
54 | |
55 | #ifndef QSSLSOCKET_OPENSSL_P_H |
56 | #define QSSLSOCKET_OPENSSL_P_H |
57 | |
58 | // |
59 | // W A R N I N G |
60 | // ------------- |
61 | // |
62 | // This file is not part of the Qt API. It exists purely as an |
63 | // implementation detail. This header file may change from version to |
64 | // version without notice, or even be removed. |
65 | // |
66 | // We mean it. |
67 | // |
68 | |
69 | #include <QtNetwork/private/qtnetworkglobal_p.h> |
70 | #include "qsslsocket_p.h" |
71 | |
72 | #include <QtCore/qvector.h> |
73 | #include <QtCore/qstring.h> |
74 | |
75 | #ifdef Q_OS_WIN |
76 | #include <qt_windows.h> |
77 | #if defined(OCSP_RESPONSE) |
78 | #undef OCSP_RESPONSE |
79 | #endif |
80 | #if defined(X509_NAME) |
81 | #undef X509_NAME |
82 | #endif |
83 | #endif // Q_OS_WIN |
84 | |
85 | #include <openssl/asn1.h> |
86 | #include <openssl/bio.h> |
87 | #include <openssl/bn.h> |
88 | #include <openssl/err.h> |
89 | #include <openssl/evp.h> |
90 | #include <openssl/pem.h> |
91 | #include <openssl/pkcs12.h> |
92 | #include <openssl/pkcs7.h> |
93 | #include <openssl/rand.h> |
94 | #include <openssl/ssl.h> |
95 | #include <openssl/stack.h> |
96 | #include <openssl/x509.h> |
97 | #include <openssl/x509v3.h> |
98 | #include <openssl/x509_vfy.h> |
99 | #include <openssl/dsa.h> |
100 | #include <openssl/rsa.h> |
101 | #include <openssl/crypto.h> |
102 | #include <openssl/tls1.h> |
103 | |
104 | #if QT_CONFIG(opensslv11) |
105 | #include <openssl/dh.h> |
106 | #endif |
107 | |
108 | QT_BEGIN_NAMESPACE |
109 | |
110 | struct QSslErrorEntry { |
111 | int code; |
112 | int depth; |
113 | |
114 | static QSslErrorEntry fromStoreContext(X509_STORE_CTX *ctx); |
115 | }; |
116 | Q_DECLARE_TYPEINFO(QSslErrorEntry, Q_PRIMITIVE_TYPE); |
117 | |
118 | class QSslSocketBackendPrivate : public QSslSocketPrivate |
119 | { |
120 | Q_DECLARE_PUBLIC(QSslSocket) |
121 | public: |
122 | QSslSocketBackendPrivate(); |
123 | virtual ~QSslSocketBackendPrivate(); |
124 | |
125 | // SSL context |
126 | bool initSslContext(); |
127 | void destroySslContext(); |
128 | SSL *ssl; |
129 | BIO *readBio; |
130 | BIO *writeBio; |
131 | SSL_SESSION *session; |
132 | QVector<QSslErrorEntry> errorList; |
133 | static int ; // index used in SSL_get_ex_data to get the matching QSslSocketBackendPrivate |
134 | |
135 | bool inSetAndEmitError = false; |
136 | |
137 | bool inSslRead = false; |
138 | bool renegotiated = false; |
139 | |
140 | // Platform specific functions |
141 | void startClientEncryption() override; |
142 | void startServerEncryption() override; |
143 | void transmit() override; |
144 | bool startHandshake(); |
145 | void disconnectFromHost() override; |
146 | void disconnected() override; |
147 | QSslCipher sessionCipher() const override; |
148 | QSsl::SslProtocol sessionProtocol() const override; |
149 | void continueHandshake() override; |
150 | bool checkSslErrors(); |
151 | void storePeerCertificates(); |
152 | int handleNewSessionTicket(SSL *context); |
153 | unsigned int tlsPskClientCallback(const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len); |
154 | unsigned int tlsPskServerCallback(const char *identity, unsigned char *psk, unsigned int max_psk_len); |
155 | |
156 | bool isInSslRead() const; |
157 | void setRenegotiated(bool renegotiated); |
158 | |
159 | #ifdef Q_OS_WIN |
160 | void fetchCaRootForCert(const QSslCertificate &cert); |
161 | void _q_caRootLoaded(QSslCertificate,QSslCertificate) override; |
162 | #endif |
163 | |
164 | #if QT_CONFIG(ocsp) |
165 | bool checkOcspStatus(); |
166 | #endif |
167 | |
168 | // This decription will go to setErrorAndEmit(SslHandshakeError, ocspErrorDescription) |
169 | QString ocspErrorDescription; |
170 | // These will go to sslErrors() |
171 | QVector<QSslError> ocspErrors; |
172 | QByteArray ocspResponseDer; |
173 | |
174 | Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); |
175 | static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher); |
176 | static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509); |
177 | static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName); |
178 | static QList<QSslError> verify(const QList<QSslCertificate> &cas, const QList<QSslCertificate> &certificateChain, |
179 | const QString &hostName); |
180 | static QString getErrorsFromOpenSsl(); |
181 | static void logAndClearErrorQueue(); |
182 | static bool importPkcs12(QIODevice *device, |
183 | QSslKey *key, QSslCertificate *cert, |
184 | QList<QSslCertificate> *caCertificates, |
185 | const QByteArray &passPhrase); |
186 | static QString msgErrorsDuringHandshake(); |
187 | }; |
188 | |
189 | QT_END_NAMESPACE |
190 | |
191 | #endif |
192 | |