File indexing completed on 2024-10-13 09:31:49

0001 /* This file is part of the KDE libraries
0002    Copyright (C) 2001-2003 George Staikos <staikos@kde.org>
0003 
0004    This library is free software; you can redistribute it and/or
0005    modify it under the terms of the GNU Library General Public
0006    License version 2 as published by the Free Software Foundation.
0007 
0008    This library is distributed in the hope that it will be useful,
0009    but WITHOUT ANY WARRANTY; without even the implied warranty of
0010    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
0011    Library General Public License for more details.
0012 
0013    You should have received a copy of the GNU Library General Public License
0014    along with this library; see the file COPYING.LIB.  If not, write to
0015    the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
0016    Boston, MA 02110-1301, USA.
0017 */
0018 
0019 // IF YOU ARE USING THIS CLASS, YOU ARE MAKING A MISTAKE.
0020 
0021 #ifndef __KOPENSSLPROXY_H
0022 #define __KOPENSSLPROXY_H
0023 
0024 #define KOSSL KOpenSSLProxy
0025 class KOpenSSLProxyPrivate;
0026 
0027 #include <ksslconfig.h>
0028 
0029 #if KSSL_HAVE_SSL
0030 #define crypt _openssl_crypt
0031 #include <openssl/ssl.h>
0032 #include <openssl/x509.h>
0033 #include <openssl/x509v3.h>
0034 #include <openssl/pem.h>
0035 #include <openssl/bio.h>
0036 #include <openssl/rand.h>
0037 #include <openssl/asn1.h>
0038 #include <openssl/pkcs7.h>
0039 #include <openssl/pkcs12.h>
0040 #include <openssl/evp.h>
0041 #include <openssl/stack.h>
0042 #include <openssl/bn.h>
0043 #undef crypt
0044 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
0045 #define STACK _STACK
0046 #define OSSL_SKVALUE_RTYPE void
0047 #define OSSL_MORECONST const
0048 #else
0049 #define OSSL_SKVALUE_RTYPE char
0050 #define OSSL_MORECONST
0051 #endif
0052 #endif
0053 
0054 /**
0055  * Dynamically load and wrap OpenSSL.
0056  *
0057  * @author George Staikos <staikos@kde.org>
0058  * @see KSSL
0059  * @short KDE OpenSSL Wrapper
0060  * @internal
0061  */
0062 class KOpenSSLProxy
0063 {
0064 public:
0065 
0066     /**
0067      * Return an instance of class KOpenSSLProxy *
0068      * You cannot delete this object.  It is a singleton class.
0069      */
0070     static KOpenSSLProxy *self();
0071 
0072     /**
0073      *   Return true of libcrypto was found and loaded
0074      */
0075     bool hasLibCrypto() const;
0076 
0077     /**
0078      *   Return true of libssl was found and loaded
0079      */
0080     bool hasLibSSL() const;
0081 
0082     /**
0083      *   Destroy the class and start over - don't use this unless you know
0084      *   what you are doing.
0085      */
0086     void destroy();
0087 
0088     // Here are the symbols that we need.
0089 #if KSSL_HAVE_SSL
0090 
0091     /*
0092      *   SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
0093      */
0094     int SSL_connect(SSL *ssl);
0095 
0096     /*
0097      *   SSL_accept - initiate the TLS/SSL handshake with an TLS/SSL server
0098      */
0099     int SSL_accept(SSL *ssl);
0100 
0101     /*
0102      *   SSL_get_error - get the error code
0103      */
0104     int SSL_get_error(SSL *ssl, int rc);
0105 
0106     /*
0107      *   SSL_read - read bytes from a TLS/SSL connection.
0108      */
0109     int SSL_read(SSL *ssl, void *buf, int num);
0110 
0111     /*
0112      *   SSL_write - write bytes to a TLS/SSL connection.
0113      */
0114     int SSL_write(SSL *ssl, const void *buf, int num);
0115 
0116     /*
0117      *   SSL_new - create a new SSL structure for a connection
0118      */
0119     SSL *SSL_new(SSL_CTX *ctx);
0120 
0121     /*
0122      *   SSL_free - free an allocated SSL structure
0123      */
0124     void SSL_free(SSL *ssl);
0125 
0126     /*
0127      *   SSL_shutdown - shutdown an allocated SSL connection
0128      */
0129     int SSL_shutdown(SSL *ssl);
0130 
0131     /*
0132      *   SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
0133      */
0134     SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
0135 
0136     /*
0137      *   SSL_CTX_free - free an allocated SSL_CTX object
0138      */
0139     void SSL_CTX_free(SSL_CTX *ctx);
0140 
0141     /*
0142      *   SSL_set_fd - connect the SSL object with a file descriptor
0143      */
0144     int SSL_set_fd(SSL *ssl, int fd);
0145 
0146     /*
0147      *   SSL_pending - obtain number of readable bytes buffered in an SSL object
0148      */
0149     int SSL_pending(SSL *ssl);
0150 
0151     /*
0152      *   SSL_peek - obtain bytes buffered in an SSL object
0153      */
0154     int SSL_peek(SSL *ssl, void *buf, int num);
0155 
0156     /*
0157      *   SSL_CTX_set_cipher_list - choose list of available SSL_CIPHERs
0158      */
0159     int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
0160 
0161     /*
0162      *   SSL_CTX_set_verify - set peer certificate verification parameters
0163      */
0164     void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
0165                             int (*verify_callback)(int, X509_STORE_CTX *));
0166 
0167     /*
0168      *   SSL_use_certificate - load certificate
0169      */
0170     int SSL_use_certificate(SSL *ssl, X509 *x);
0171 
0172     /*
0173      *   SSL_get_current_cipher - get SSL_CIPHER of a connection
0174      */
0175     SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
0176 
0177     /*
0178      *   SSL_set_options - manipulate SSL engine options
0179      *   Note: These are all mapped to SSL_ctrl so call them as the comment
0180      *         specifies but know that they use SSL_ctrl.  They are #define
0181      *         so they will map to the one in this class if called as a
0182      *         member function of this class.
0183      */
0184     /* long SSL_set_options(SSL *ssl, long options); */
0185     /*   Returns 0 if not reused, 1 if session id is reused */
0186     /*   int SSL_session_reused(SSL *ssl); */
0187     long    SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
0188 
0189     /*
0190      *   RAND_egd - set the path to the EGD
0191      */
0192     int RAND_egd(const char *path);
0193 
0194     /*
0195      *   RAND_file_name
0196      */
0197     const char *RAND_file_name(char *buf, size_t num);
0198 
0199     /*
0200      *   RAND_load_file
0201      */
0202     int RAND_load_file(const char *filename, long max_bytes);
0203 
0204     /*
0205      *   RAND_write_file
0206      */
0207     int RAND_write_file(const char *filename);
0208 
0209     /*
0210      *   TLSv1_client_method - return a TLSv1 client method object
0211      */
0212     SSL_METHOD *TLSv1_client_method();
0213 
0214     /*
0215      *   SSLv23_client_method - return a SSLv23 client method object
0216      */
0217     SSL_METHOD *SSLv23_client_method();
0218 
0219     /*
0220      *   SSL_get_peer_certificate - return the peer's certificate
0221      */
0222     X509 *SSL_get_peer_certificate(SSL *s);
0223 
0224     /*
0225      *   SSL_get_peer_cert_chain - get the peer's certificate chain
0226      */
0227     STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
0228 
0229     /*
0230      *   SSL_CIPHER_get_bits - get the number of bits in this cipher
0231      */
0232     int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits);
0233 
0234     /*
0235      *   SSL_CIPHER_get_version - get the version of this cipher
0236      */
0237     char *SSL_CIPHER_get_version(SSL_CIPHER *c);
0238 
0239     /*
0240      *   SSL_CIPHER_get_name - get the name of this cipher
0241      */
0242     const char *SSL_CIPHER_get_name(SSL_CIPHER *c);
0243 
0244     /*
0245      *   SSL_CIPHER_description - get the description of this cipher
0246      */
0247     char *SSL_CIPHER_description(SSL_CIPHER *, char *buf, int size);
0248 
0249     /*
0250      *   SSL_CTX_use_PrivateKey - set the private key for the session.
0251      *                          - for use with client certificates
0252      */
0253     int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
0254 
0255     /*
0256      *   SSL_CTX_use_certificate - set the client certificate for the session.
0257      */
0258     int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
0259 
0260     /*
0261      *   d2i_X509 - Convert a text representation of X509 to an X509 object
0262      */
0263     X509 *d2i_X509(X509 **a, unsigned char **pp, long length);
0264 
0265     /*
0266      *   i2d_X509 - Convert an X509 object into a text representation
0267      */
0268     int i2d_X509(X509 *a, unsigned char **pp);
0269 
0270     /*
0271      *   X509_cmp - compare two X509 objects
0272      */
0273     int X509_cmp(X509 *a, X509 *b);
0274 
0275     /*
0276      *   X509_dup - duplicate an X509 object
0277      */
0278     X509 *X509_dup(X509 *x509);
0279 
0280     /*
0281      *   X509_getm_notBefore - get validity start
0282      */
0283     ASN1_TIME *X509_getm_notBefore(const X509 *x);
0284 
0285     /*
0286      *   X509_getm_notAfter - get validity end
0287      */
0288     ASN1_TIME *X509_getm_notAfter(const X509 *x);
0289 
0290     /*
0291      *   X509_STORE_CTX_new - create an X509 store context
0292      */
0293     X509_STORE_CTX *X509_STORE_CTX_new(void);
0294 
0295     /*
0296      *   X509_STORE_CTX_free - free up an X509 store context
0297      */
0298     void X509_STORE_CTX_free(X509_STORE_CTX *v);
0299 
0300     /*
0301      *   X509_STORE_CTX_set_chain - set the certificate chain
0302      */
0303     void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x);
0304 
0305     /*
0306      *   X509_STORE_CTX_set_purpose - set the purpose of the certificate
0307      */
0308     void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose);
0309 
0310     /**
0311      *   X509_STORE_CTX_get_current_cert - get the current certificate
0312      */
0313     X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *v);
0314 
0315     /**
0316      *   X509_STORE_CTX_set_error - set certificate error
0317      */
0318     void X509_STORE_CTX_set_error(X509_STORE_CTX *v, int error);
0319 
0320     /**
0321      *   X509_STORE_CTX_get_error - get certificate error
0322      */
0323     int X509_STORE_CTX_get_error(X509_STORE_CTX *v);
0324 
0325     /*
0326      *   X509_verify_cert - verify the certificate
0327      */
0328     int X509_verify_cert(X509_STORE_CTX *v);
0329 
0330     /*
0331      *   X509_STORE_new - create an X509 store
0332      */
0333     X509_STORE *X509_STORE_new(void);
0334 
0335     /*
0336      *   X509_STORE_free - free up an X509 store
0337      */
0338     void X509_STORE_free(X509_STORE *v);
0339 
0340     /*
0341      *   X509_STORE_set_verify_cb - set verify callback
0342      */
0343     void X509_STORE_set_verify_cb(X509_STORE *v, int (*verify_cb)(int, X509_STORE_CTX *));
0344 
0345     /*
0346      *   X509_free - free up an X509
0347      */
0348     void X509_free(X509 *v);
0349 
0350     /*
0351      *   X509_NAME_oneline - return the X509 data in a string
0352      */
0353     char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
0354 
0355     /*
0356      *   X509_get_subject_name - return the X509_NAME for the subject field
0357      */
0358     X509_NAME *X509_get_subject_name(X509 *a);
0359 
0360     /*
0361      *   X509_get_issuer_name - return the X509_NAME for the issuer field
0362      */
0363     X509_NAME *X509_get_issuer_name(X509 *a);
0364 
0365     /*
0366      *   X509_get0_signature - return X509 signature and signature algorithm
0367      */
0368     void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x);
0369 
0370     /*
0371      *   X509_STORE_add_lookup - add a lookup file/method to an X509 store
0372      */
0373     X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
0374 
0375     /*
0376      *   X509_LOOKUP_file - Definition of the LOOKUP_file method
0377      */
0378     X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
0379 
0380     /*
0381      *   X509_LOOKUP_free - Free an X509_LOOKUP
0382      */
0383     void X509_LOOKUP_free(X509_LOOKUP *x);
0384 
0385     /*
0386      *   X509_LOOKUP_ctrl - This is not normally called directly (use macros)
0387      */
0388     int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret);
0389 
0390     /*
0391      *   X509_STORE_CTX_init - initialize an X509 STORE context
0392      */
0393     void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain);
0394 
0395     /*
0396      *   CRYPTO_free - free up an internally allocated object
0397      */
0398 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
0399     void CRYPTO_free(void *x);
0400 #else
0401     void CRYPTO_free(void *x, const char *file, int line);
0402 #endif
0403 
0404     /*
0405      *   BIO_new - create new BIO
0406      */
0407     BIO *BIO_new(BIO_METHOD *type);
0408 
0409     /*
0410      *   BIO methods - only one defined here yet
0411      */
0412     BIO_METHOD *BIO_s_mem(void);
0413 
0414     /*
0415      *   BIO_new_fp - nastiness called BIO - used to create BIO* from FILE*
0416      */
0417     BIO *BIO_new_fp(FILE *stream, int close_flag);
0418 
0419     /*
0420      *   BIO_new_mem_buf - read only BIO from memory region
0421      */
0422     BIO *BIO_new_mem_buf(void *buf, int len);
0423 
0424     /*
0425      *   BIO_free - nastiness called BIO - used to destroy BIO*
0426      */
0427     int BIO_free(BIO *a);
0428 
0429     /*
0430      *   BIO_ctrl - BIO control method
0431      */
0432     long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
0433 
0434     /*
0435      *   BIO_write - equivalent to ::write for BIO
0436      */
0437     int BIO_write(BIO *b, const void *data, int len);
0438 
0439     /*
0440      *   PEM_write_bio_X509 - write a PEM encoded cert to a BIO*
0441      */
0442     int PEM_write_bio_X509(BIO *bp, X509 *x);
0443 
0444     /*
0445      *   ASN1_item_i2d_fp - used for netscape output
0446      */
0447     int ASN1_item_i2d_fp(FILE *out, unsigned char *x);
0448 
0449     /*
0450      *   ASN1_d2i_fp - read an X509 from a DER encoded file (buf can be NULL)
0451      */
0452     X509 *X509_d2i_fp(FILE *out, X509 **buf);
0453 
0454     /*
0455      *   X509_print - print the text form of an X509
0456      */
0457     int X509_print(FILE *fp, X509 *x);
0458 
0459     /*
0460      *   Read a PKCS#12 cert from fp
0461      */
0462     PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
0463 
0464     /*
0465      *   Change the password on a PKCS#12 cert
0466      */
0467     int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
0468 
0469     /*
0470      *   Write a PKCS#12 to mem
0471      */
0472     int i2d_PKCS12(PKCS12 *p12, unsigned char **p);
0473 
0474     /*
0475      *   Write a PKCS#12 to FILE*
0476      */
0477     int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
0478 
0479     /*
0480      *   Create a new PKCS#12 object
0481      */
0482     PKCS12 *PKCS12_new(void);
0483 
0484     /*
0485      *   Destroy that PKCS#12 that you created!
0486      */
0487     void PKCS12_free(PKCS12 *a);
0488 
0489     /*
0490      *   Parse the PKCS#12
0491      */
0492     int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey,
0493                      X509 **cert, STACK_OF(X509) **ca);
0494 
0495     /*
0496      *   Free the Private Key
0497      */
0498     void EVP_PKEY_free(EVP_PKEY *x);
0499 
0500     /*
0501      *   Pop off the stack
0502      */
0503     char *OPENSSL_sk_pop(STACK *s);
0504 
0505     /*
0506      *   Free the stack
0507      */
0508     void OPENSSL_sk_free(STACK *s);
0509 
0510 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
0511     void OPENSSL_sk_free(void *s)
0512     {
0513         return OPENSSL_sk_free(reinterpret_cast<STACK *>(s));
0514     }
0515 #endif
0516 
0517     /*
0518      *  Number of elements in the stack
0519      */
0520     int OPENSSL_sk_num(STACK *s);
0521 
0522     /*
0523      *  Value of element n in the stack
0524      */
0525     char *OPENSSL_sk_value(STACK *s, int n);
0526 
0527 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
0528     char *OPENSSL_sk_value(void *s, int n)
0529     {
0530         return OPENSSL_sk_value(reinterpret_cast<STACK *>(s), n);
0531     }
0532 #endif
0533 
0534     /*
0535      *  Create a new stack
0536      */
0537     STACK *OPENSSL_sk_new(int (*cmp)());
0538 
0539     /*
0540      *  Add an element to the stack
0541      */
0542     int OPENSSL_sk_push(STACK *s, char *d);
0543 
0544 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
0545     int OPENSSL_sk_push(void *s, void *d)
0546     {
0547         return OPENSSL_sk_push(reinterpret_cast<STACK *>(s), reinterpret_cast<char *>(d));
0548     }
0549 #endif
0550 
0551     /*
0552      *  Duplicate the stack
0553      */
0554     STACK *OPENSSL_sk_dup(STACK *s);
0555 
0556     /*
0557      *  Convert an ASN1_INTEGER to its text form
0558      */
0559     char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
0560 
0561     /*
0562      *  Get the certificate's serial number
0563      */
0564     ASN1_INTEGER *X509_get_serialNumber(X509 *x);
0565 
0566     /*
0567      *  Get the certificate's public key
0568      */
0569     EVP_PKEY *X509_get_pubkey(X509 *x);
0570 
0571     /*
0572      *  Convert the public key to a decimal form
0573      */
0574     int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
0575 
0576     /*
0577      *  Check the private key of a PKCS bundle against the X509
0578      */
0579     int X509_check_private_key(X509 *x, EVP_PKEY *p);
0580 
0581     /*
0582      *  Convert a BIGNUM to a hex string
0583      */
0584     char *BN_bn2hex(const BIGNUM *a);
0585 
0586     /*
0587      *  Compute the digest of an X.509
0588      */
0589     int X509_digest(const X509 *x, const EVP_MD *t, unsigned char *md, unsigned int *len);
0590 
0591     /*
0592      *  EVP_md5
0593      */
0594     EVP_MD *EVP_md5();
0595 
0596     /*
0597      *  ASN1_INTEGER free
0598      */
0599     void ASN1_INTEGER_free(ASN1_INTEGER *x);
0600 
0601     /*
0602      *  ASN1_STRING_data
0603      */
0604     unsigned char *ASN1_STRING_data(ASN1_STRING *x);
0605 
0606     /*
0607      *  ASN1_STRING_length
0608      */
0609     int ASN1_STRING_length(ASN1_STRING *x);
0610 
0611     /*
0612      *
0613      */
0614     int OBJ_obj2nid(ASN1_OBJECT *o);
0615 
0616     /*
0617      *
0618      */
0619     const char *OBJ_nid2ln(int n);
0620 
0621     /*
0622      * get the number of extensions
0623      */
0624     int X509_get_ext_count(X509 *x);
0625 
0626     /*
0627      *
0628      */
0629     int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
0630 
0631     /*
0632      *
0633      */
0634     int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
0635 
0636     /*
0637      *
0638      */
0639     X509_EXTENSION *X509_get_ext(X509 *x, int loc);
0640 
0641     /*
0642      *
0643      */
0644     X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
0645 
0646     /*
0647      *
0648      */
0649     int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
0650 
0651     /*
0652      *
0653      */
0654     void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
0655 
0656     /*
0657      *
0658      */
0659     char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
0660 
0661     /*
0662      *
0663      */
0664     int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
0665 
0666     /*
0667      *
0668      */
0669     PKCS7 *PKCS7_new(void);
0670 
0671     /*
0672      *
0673      */
0674     void PKCS7_free(PKCS7 *a);
0675 
0676     /*
0677      *
0678      */
0679     void PKCS7_content_free(PKCS7 *a);
0680 
0681     /*
0682      *
0683      */
0684     int i2d_PKCS7(PKCS7 *a, unsigned char **pp);
0685 
0686     /*
0687      *
0688      */
0689     PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length);
0690 
0691     /*
0692      *
0693      */
0694     int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
0695 
0696     /*
0697      *
0698      */
0699     PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
0700 
0701     /*
0702      *
0703      */
0704     int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7);
0705 
0706     /*
0707      *
0708      */
0709     PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7);
0710 
0711     /*
0712      *
0713      */
0714     PKCS7 *PKCS7_dup(PKCS7 *p7);
0715 
0716     /*
0717      *  Create a PKCS7 signature / signed message
0718      */
0719     PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
0720                       BIO *data, int flags);
0721 
0722     /*
0723      *  Verify a PKCS7 signature.
0724      */
0725     int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
0726                      BIO *indata, BIO *out, int flags);
0727 
0728     /*
0729      *  Get signers of a verified PKCS7 signature
0730      */
0731     STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
0732 
0733     /*
0734      *  PKCS7 encrypt message
0735      */
0736     PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
0737                          int flags);
0738 
0739     /*
0740      *  decrypt PKCS7 message
0741      */
0742     int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
0743 
0744     /*
0745      * Load a CA list file.
0746      */
0747     STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
0748 
0749     /*
0750      * Load a file of PEM encoded objects.
0751      */
0752     STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
0753                                             pem_password_cb *cb, void *u);
0754 
0755     /*
0756      * Get the number of purposes available
0757      */
0758     int X509_PURPOSE_get_count();
0759 
0760     /*
0761      * Get the ID of a purpose
0762      */
0763     int X509_PURPOSE_get_id(X509_PURPOSE *);
0764 
0765     /*
0766      * Check the existence of purpose id "id" in x.  for CA, set ca = 1, else 0
0767      */
0768     int X509_check_purpose(X509 *x, int id, int ca);
0769 
0770     /*
0771      * Get the purpose with index #idx
0772      */
0773     X509_PURPOSE *X509_PURPOSE_get0(int idx);
0774 
0775     /*
0776      * Create a new Private KEY
0777      */
0778     EVP_PKEY *EVP_PKEY_new();
0779 
0780     /*
0781      * Assign a private key
0782      */
0783     int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key);
0784 
0785     /*
0786      * Get key type
0787      */
0788     int EVP_PKEY_base_id(EVP_PKEY *pkey);
0789 
0790     RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
0791     void RSA_get0_key(RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
0792     DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
0793     void DSA_get0_pqg(DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
0794     void DSA_get0_key(DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key);
0795 
0796     /*
0797      * Generate a RSA key
0798      */
0799     RSA *RSA_generate_key(int bits, unsigned long e, void
0800                           (*callback)(int, int, void *), void *cb_arg);
0801 
0802     /*
0803      * Create/destroy a certificate request
0804      */
0805     X509_REQ *X509_REQ_new();
0806     void X509_REQ_free(X509_REQ *a);
0807 
0808     /*
0809      * Set the public key in the REQ object
0810      */
0811     int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
0812 
0813     /* for testing */
0814     int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
0815 
0816     /* SMime support */
0817     STACK *X509_get1_email(X509 *x);
0818     void X509_email_free(STACK *sk);
0819 
0820     /* Ciphers needed for SMime */
0821     EVP_CIPHER *EVP_des_ede3_cbc();
0822     EVP_CIPHER *EVP_des_cbc();
0823     EVP_CIPHER *EVP_rc2_cbc();
0824     EVP_CIPHER *EVP_rc2_64_cbc();
0825     EVP_CIPHER *EVP_rc2_40_cbc();
0826 
0827     /* clear the current error  - use this often*/
0828     void ERR_clear_error();
0829 
0830     /* retrieve the latest error */
0831     unsigned long ERR_get_error();
0832 
0833     /* Print the errors to this stream */
0834     void ERR_print_errors_fp(FILE *fp);
0835 
0836     /* Get a pointer to the SSL session id (reference counted) */
0837     SSL_SESSION *SSL_get1_session(SSL *ssl);
0838 
0839     /* Frees a pointer to the SSL session id (reference decremented if needed) */
0840     void SSL_SESSION_free(SSL_SESSION *session);
0841 
0842     /* Set the SSL session to reuse. */
0843     int SSL_set_session(SSL *ssl, SSL_SESSION *session);
0844 
0845     /* Decode ASN.1 to SSL_SESSION */
0846     SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length);
0847     /* Encode SSL_SESSION to ASN.1 */
0848     int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
0849 
0850     /* Write privatekey to FILE stream */
0851     int i2d_PrivateKey_fp(FILE *, EVP_PKEY *);
0852 
0853     /* Write PKCS#8privatekey to FILE stream */
0854     int i2d_PKCS8PrivateKey_fp(FILE *, EVP_PKEY *, const EVP_CIPHER *, char *, int, pem_password_cb *, void *);
0855 
0856     /* Free RSA structure */
0857     void RSA_free(RSA *);
0858 
0859     /* Get a blowfish CBC pointer */
0860     EVP_CIPHER *EVP_bf_cbc();
0861 
0862     /* Sign a CSR */
0863     int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *);
0864 
0865     /* add a name entry */
0866     int X509_NAME_add_entry_by_txt(X509_NAME *, char *, int, unsigned char *, int, int, int);
0867 
0868     /* Create a name */
0869     X509_NAME *X509_NAME_new();
0870 
0871     /* Set the subject */
0872     int X509_REQ_set_subject_name(X509_REQ *, X509_NAME *);
0873 
0874     /* get list of available SSL_CIPHER's sorted by preference */
0875     STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
0876 
0877 #endif
0878 
0879 private:
0880     friend class KOpenSSLProxyPrivate;
0881     KOpenSSLProxy();
0882     ~KOpenSSLProxy();
0883     KOpenSSLProxyPrivate *const d;
0884 };
0885 
0886 #endif