qsslsocket_openssl_p.h source code [qtbase/src/network/ssl/qsslsocket_openssl_p.h]

1	/****************************************************************************
2	**
3	** Copyright (C) 2017 The Qt Company Ltd.
4	** Contact: https://www.qt.io/licensing/
5	**
6	** This file is part of the QtNetwork module of the Qt Toolkit.
7	**
8	** $QT_BEGIN_LICENSE:LGPL$
9	** Commercial License Usage
10	** Licensees holding valid commercial Qt licenses may use this file in
11	** accordance with the commercial license agreement provided with the
12	** Software or, alternatively, in accordance with the terms contained in
13	** a written agreement between you and The Qt Company. For licensing terms
14	** and conditions see https://www.qt.io/terms-conditions. For further
15	** information use the contact form at https://www.qt.io/contact-us.
16	**
17	** GNU Lesser General Public License Usage
18	** Alternatively, this file may be used under the terms of the GNU Lesser
19	** General Public License version 3 as published by the Free Software
20	** Foundation and appearing in the file LICENSE.LGPL3 included in the
21	** packaging of this file. Please review the following information to
22	** ensure the GNU Lesser General Public License version 3 requirements
23	** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
24	**
25	** GNU General Public License Usage
26	** Alternatively, this file may be used under the terms of the GNU
27	** General Public License version 2.0 or (at your option) the GNU General
28	** Public license version 3 or any later version approved by the KDE Free
29	** Qt Foundation. The licenses are as published by the Free Software
30	** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
31	** included in the packaging of this file. Please review the following
32	** information to ensure the GNU General Public License requirements will
33	** be met: https://www.gnu.org/licenses/gpl-2.0.html and
34	** https://www.gnu.org/licenses/gpl-3.0.html.
35	**
36	** $QT_END_LICENSE$
37	**
38	****************************************************************************/
39
40	/****************************************************************************
41	**
42	** In addition, as a special exception, the copyright holders listed above give
43	** permission to link the code of its release of Qt with the OpenSSL project's
44	** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the
45	** same license as the original version), and distribute the linked executables.
46	**
47	** You must comply with the GNU General Public License version 2 in all
48	** respects for all of the code used other than the "OpenSSL" code. If you
49	** modify this file, you may extend this exception to your version of the file,
50	** but you are not obligated to do so. If you do not wish to do so, delete
51	** this exception statement from your version of this file.
52	**
53	****************************************************************************/
54
55	#ifndef QSSLSOCKET_OPENSSL_P_H
56	#define QSSLSOCKET_OPENSSL_P_H
57
58	//
59	// W A R N I N G
60	// -------------
61	//
62	// This file is not part of the Qt API. It exists purely as an
63	// implementation detail. This header file may change from version to
64	// version without notice, or even be removed.
65	//
66	// We mean it.
67	//
68
69	#include <QtNetwork/private/qtnetworkglobal_p.h>
70	#include "qsslsocket_p.h"
71
72	#include <QtCore/qvector.h>
73	#include <QtCore/qstring.h>
74
75	#ifdef Q_OS_WIN
76	#include <qt_windows.h>
77	#if defined(OCSP_RESPONSE)
78	#undef OCSP_RESPONSE
79	#endif
80	#if defined(X509_NAME)
81	#undef X509_NAME
82	#endif
83	#endif // Q_OS_WIN
84
85	#include <openssl/asn1.h>
86	#include <openssl/bio.h>
87	#include <openssl/bn.h>
88	#include <openssl/err.h>
89	#include <openssl/evp.h>
90	#include <openssl/pem.h>
91	#include <openssl/pkcs12.h>
92	#include <openssl/pkcs7.h>
93	#include <openssl/rand.h>
94	#include <openssl/ssl.h>
95	#include <openssl/stack.h>
96	#include <openssl/x509.h>
97	#include <openssl/x509v3.h>
98	#include <openssl/x509_vfy.h>
99	#include <openssl/dsa.h>
100	#include <openssl/rsa.h>
101	#include <openssl/crypto.h>
102	#include <openssl/tls1.h>
103
104	#if QT_CONFIG(opensslv11)
105	#include <openssl/dh.h>
106	#endif
107
108	QT_BEGIN_NAMESPACE
109
110	struct QSslErrorEntry {
111	int code;
112	int depth;
113
114	static QSslErrorEntry fromStoreContext(X509_STORE_CTX *ctx);
115	};
116	Q_DECLARE_TYPEINFO(QSslErrorEntry, Q_PRIMITIVE_TYPE);
117
118	class QSslSocketBackendPrivate : public QSslSocketPrivate
119	{
120	Q_DECLARE_PUBLIC(QSslSocket)
121	public:
122	QSslSocketBackendPrivate();
123	virtual ~QSslSocketBackendPrivate();
124
125	// SSL context
126	bool initSslContext();
127	void destroySslContext();
128	SSL *ssl;
129	BIO *readBio;
130	BIO *writeBio;
131	SSL_SESSION *session;
132	QVector<QSslErrorEntry> errorList;
133	static int s_indexForSSLExtraData; // index used in SSL_get_ex_data to get the matching QSslSocketBackendPrivate
134
135	bool inSetAndEmitError = false;
136
137	bool inSslRead = false;
138	bool renegotiated = false;
139
140	// Platform specific functions
141	void startClientEncryption() override;
142	void startServerEncryption() override;
143	void transmit() override;
144	bool startHandshake();
145	void disconnectFromHost() override;
146	void disconnected() override;
147	QSslCipher sessionCipher() const override;
148	QSsl::SslProtocol sessionProtocol() const override;
149	void continueHandshake() override;
150	bool checkSslErrors();
151	void storePeerCertificates();
152	int handleNewSessionTicket(SSL *context);
153	unsigned int tlsPskClientCallback(const char hint, char* identity, unsigned* int max_identity_len, unsigned char psk, unsigned* int max_psk_len);
154	unsigned int tlsPskServerCallback(const char identity, unsigned* char psk, unsigned* int max_psk_len);
155
156	bool isInSslRead() const;
157	void setRenegotiated(bool renegotiated);
158
159	#ifdef Q_OS_WIN
160	void fetchCaRootForCert(const QSslCertificate &cert);
161	void _q_caRootLoaded(QSslCertificate,QSslCertificate) override;
162	#endif
163
164	#if QT_CONFIG(ocsp)
165	bool checkOcspStatus();
166	#endif
167
168	// This decription will go to setErrorAndEmit(SslHandshakeError, ocspErrorDescription)
169	QString ocspErrorDescription;
170	// These will go to sslErrors()
171	QVector<QSslError> ocspErrors;
172	QByteArray ocspResponseDer;
173
174	Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions);
175	static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher);
176	static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509);
177	static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName);
178	static QList<QSslError> verify(const QList<QSslCertificate> &cas, const QList<QSslCertificate> &certificateChain,
179	const QString &hostName);
180	static QString getErrorsFromOpenSsl();
181	static void logAndClearErrorQueue();
182	static bool importPkcs12(QIODevice *device,
183	QSslKey key, QSslCertificate cert,
184	QList<QSslCertificate> *caCertificates,
185	const QByteArray &passPhrase);
186	static QString msgErrorsDuringHandshake();
187	};
188
189	QT_END_NAMESPACE
190
191	#endif
192

source code of qtbase/src/network/ssl/qsslsocket_openssl_p.h