File indexing completed on 2024-10-13 09:31:49
0001 /* This file is part of the KDE libraries 0002 Copyright (C) 2001-2003 George Staikos <staikos@kde.org> 0003 0004 This library is free software; you can redistribute it and/or 0005 modify it under the terms of the GNU Library General Public 0006 License version 2 as published by the Free Software Foundation. 0007 0008 This library is distributed in the hope that it will be useful, 0009 but WITHOUT ANY WARRANTY; without even the implied warranty of 0010 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 0011 Library General Public License for more details. 0012 0013 You should have received a copy of the GNU Library General Public License 0014 along with this library; see the file COPYING.LIB. If not, write to 0015 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, 0016 Boston, MA 02110-1301, USA. 0017 */ 0018 0019 // IF YOU ARE USING THIS CLASS, YOU ARE MAKING A MISTAKE. 0020 0021 #ifndef __KOPENSSLPROXY_H 0022 #define __KOPENSSLPROXY_H 0023 0024 #define KOSSL KOpenSSLProxy 0025 class KOpenSSLProxyPrivate; 0026 0027 #include <ksslconfig.h> 0028 0029 #if KSSL_HAVE_SSL 0030 #define crypt _openssl_crypt 0031 #include <openssl/ssl.h> 0032 #include <openssl/x509.h> 0033 #include <openssl/x509v3.h> 0034 #include <openssl/pem.h> 0035 #include <openssl/bio.h> 0036 #include <openssl/rand.h> 0037 #include <openssl/asn1.h> 0038 #include <openssl/pkcs7.h> 0039 #include <openssl/pkcs12.h> 0040 #include <openssl/evp.h> 0041 #include <openssl/stack.h> 0042 #include <openssl/bn.h> 0043 #undef crypt 0044 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 0045 #define STACK _STACK 0046 #define OSSL_SKVALUE_RTYPE void 0047 #define OSSL_MORECONST const 0048 #else 0049 #define OSSL_SKVALUE_RTYPE char 0050 #define OSSL_MORECONST 0051 #endif 0052 #endif 0053 0054 /** 0055 * Dynamically load and wrap OpenSSL. 0056 * 0057 * @author George Staikos <staikos@kde.org> 0058 * @see KSSL 0059 * @short KDE OpenSSL Wrapper 0060 * @internal 0061 */ 0062 class KOpenSSLProxy 0063 { 0064 public: 0065 0066 /** 0067 * Return an instance of class KOpenSSLProxy * 0068 * You cannot delete this object. It is a singleton class. 0069 */ 0070 static KOpenSSLProxy *self(); 0071 0072 /** 0073 * Return true of libcrypto was found and loaded 0074 */ 0075 bool hasLibCrypto() const; 0076 0077 /** 0078 * Return true of libssl was found and loaded 0079 */ 0080 bool hasLibSSL() const; 0081 0082 /** 0083 * Destroy the class and start over - don't use this unless you know 0084 * what you are doing. 0085 */ 0086 void destroy(); 0087 0088 // Here are the symbols that we need. 0089 #if KSSL_HAVE_SSL 0090 0091 /* 0092 * SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server 0093 */ 0094 int SSL_connect(SSL *ssl); 0095 0096 /* 0097 * SSL_accept - initiate the TLS/SSL handshake with an TLS/SSL server 0098 */ 0099 int SSL_accept(SSL *ssl); 0100 0101 /* 0102 * SSL_get_error - get the error code 0103 */ 0104 int SSL_get_error(SSL *ssl, int rc); 0105 0106 /* 0107 * SSL_read - read bytes from a TLS/SSL connection. 0108 */ 0109 int SSL_read(SSL *ssl, void *buf, int num); 0110 0111 /* 0112 * SSL_write - write bytes to a TLS/SSL connection. 0113 */ 0114 int SSL_write(SSL *ssl, const void *buf, int num); 0115 0116 /* 0117 * SSL_new - create a new SSL structure for a connection 0118 */ 0119 SSL *SSL_new(SSL_CTX *ctx); 0120 0121 /* 0122 * SSL_free - free an allocated SSL structure 0123 */ 0124 void SSL_free(SSL *ssl); 0125 0126 /* 0127 * SSL_shutdown - shutdown an allocated SSL connection 0128 */ 0129 int SSL_shutdown(SSL *ssl); 0130 0131 /* 0132 * SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions 0133 */ 0134 SSL_CTX *SSL_CTX_new(SSL_METHOD *method); 0135 0136 /* 0137 * SSL_CTX_free - free an allocated SSL_CTX object 0138 */ 0139 void SSL_CTX_free(SSL_CTX *ctx); 0140 0141 /* 0142 * SSL_set_fd - connect the SSL object with a file descriptor 0143 */ 0144 int SSL_set_fd(SSL *ssl, int fd); 0145 0146 /* 0147 * SSL_pending - obtain number of readable bytes buffered in an SSL object 0148 */ 0149 int SSL_pending(SSL *ssl); 0150 0151 /* 0152 * SSL_peek - obtain bytes buffered in an SSL object 0153 */ 0154 int SSL_peek(SSL *ssl, void *buf, int num); 0155 0156 /* 0157 * SSL_CTX_set_cipher_list - choose list of available SSL_CIPHERs 0158 */ 0159 int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); 0160 0161 /* 0162 * SSL_CTX_set_verify - set peer certificate verification parameters 0163 */ 0164 void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, 0165 int (*verify_callback)(int, X509_STORE_CTX *)); 0166 0167 /* 0168 * SSL_use_certificate - load certificate 0169 */ 0170 int SSL_use_certificate(SSL *ssl, X509 *x); 0171 0172 /* 0173 * SSL_get_current_cipher - get SSL_CIPHER of a connection 0174 */ 0175 SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); 0176 0177 /* 0178 * SSL_set_options - manipulate SSL engine options 0179 * Note: These are all mapped to SSL_ctrl so call them as the comment 0180 * specifies but know that they use SSL_ctrl. They are #define 0181 * so they will map to the one in this class if called as a 0182 * member function of this class. 0183 */ 0184 /* long SSL_set_options(SSL *ssl, long options); */ 0185 /* Returns 0 if not reused, 1 if session id is reused */ 0186 /* int SSL_session_reused(SSL *ssl); */ 0187 long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg); 0188 0189 /* 0190 * RAND_egd - set the path to the EGD 0191 */ 0192 int RAND_egd(const char *path); 0193 0194 /* 0195 * RAND_file_name 0196 */ 0197 const char *RAND_file_name(char *buf, size_t num); 0198 0199 /* 0200 * RAND_load_file 0201 */ 0202 int RAND_load_file(const char *filename, long max_bytes); 0203 0204 /* 0205 * RAND_write_file 0206 */ 0207 int RAND_write_file(const char *filename); 0208 0209 /* 0210 * TLSv1_client_method - return a TLSv1 client method object 0211 */ 0212 SSL_METHOD *TLSv1_client_method(); 0213 0214 /* 0215 * SSLv23_client_method - return a SSLv23 client method object 0216 */ 0217 SSL_METHOD *SSLv23_client_method(); 0218 0219 /* 0220 * SSL_get_peer_certificate - return the peer's certificate 0221 */ 0222 X509 *SSL_get_peer_certificate(SSL *s); 0223 0224 /* 0225 * SSL_get_peer_cert_chain - get the peer's certificate chain 0226 */ 0227 STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s); 0228 0229 /* 0230 * SSL_CIPHER_get_bits - get the number of bits in this cipher 0231 */ 0232 int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits); 0233 0234 /* 0235 * SSL_CIPHER_get_version - get the version of this cipher 0236 */ 0237 char *SSL_CIPHER_get_version(SSL_CIPHER *c); 0238 0239 /* 0240 * SSL_CIPHER_get_name - get the name of this cipher 0241 */ 0242 const char *SSL_CIPHER_get_name(SSL_CIPHER *c); 0243 0244 /* 0245 * SSL_CIPHER_description - get the description of this cipher 0246 */ 0247 char *SSL_CIPHER_description(SSL_CIPHER *, char *buf, int size); 0248 0249 /* 0250 * SSL_CTX_use_PrivateKey - set the private key for the session. 0251 * - for use with client certificates 0252 */ 0253 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 0254 0255 /* 0256 * SSL_CTX_use_certificate - set the client certificate for the session. 0257 */ 0258 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 0259 0260 /* 0261 * d2i_X509 - Convert a text representation of X509 to an X509 object 0262 */ 0263 X509 *d2i_X509(X509 **a, unsigned char **pp, long length); 0264 0265 /* 0266 * i2d_X509 - Convert an X509 object into a text representation 0267 */ 0268 int i2d_X509(X509 *a, unsigned char **pp); 0269 0270 /* 0271 * X509_cmp - compare two X509 objects 0272 */ 0273 int X509_cmp(X509 *a, X509 *b); 0274 0275 /* 0276 * X509_dup - duplicate an X509 object 0277 */ 0278 X509 *X509_dup(X509 *x509); 0279 0280 /* 0281 * X509_getm_notBefore - get validity start 0282 */ 0283 ASN1_TIME *X509_getm_notBefore(const X509 *x); 0284 0285 /* 0286 * X509_getm_notAfter - get validity end 0287 */ 0288 ASN1_TIME *X509_getm_notAfter(const X509 *x); 0289 0290 /* 0291 * X509_STORE_CTX_new - create an X509 store context 0292 */ 0293 X509_STORE_CTX *X509_STORE_CTX_new(void); 0294 0295 /* 0296 * X509_STORE_CTX_free - free up an X509 store context 0297 */ 0298 void X509_STORE_CTX_free(X509_STORE_CTX *v); 0299 0300 /* 0301 * X509_STORE_CTX_set_chain - set the certificate chain 0302 */ 0303 void X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x); 0304 0305 /* 0306 * X509_STORE_CTX_set_purpose - set the purpose of the certificate 0307 */ 0308 void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose); 0309 0310 /** 0311 * X509_STORE_CTX_get_current_cert - get the current certificate 0312 */ 0313 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *v); 0314 0315 /** 0316 * X509_STORE_CTX_set_error - set certificate error 0317 */ 0318 void X509_STORE_CTX_set_error(X509_STORE_CTX *v, int error); 0319 0320 /** 0321 * X509_STORE_CTX_get_error - get certificate error 0322 */ 0323 int X509_STORE_CTX_get_error(X509_STORE_CTX *v); 0324 0325 /* 0326 * X509_verify_cert - verify the certificate 0327 */ 0328 int X509_verify_cert(X509_STORE_CTX *v); 0329 0330 /* 0331 * X509_STORE_new - create an X509 store 0332 */ 0333 X509_STORE *X509_STORE_new(void); 0334 0335 /* 0336 * X509_STORE_free - free up an X509 store 0337 */ 0338 void X509_STORE_free(X509_STORE *v); 0339 0340 /* 0341 * X509_STORE_set_verify_cb - set verify callback 0342 */ 0343 void X509_STORE_set_verify_cb(X509_STORE *v, int (*verify_cb)(int, X509_STORE_CTX *)); 0344 0345 /* 0346 * X509_free - free up an X509 0347 */ 0348 void X509_free(X509 *v); 0349 0350 /* 0351 * X509_NAME_oneline - return the X509 data in a string 0352 */ 0353 char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); 0354 0355 /* 0356 * X509_get_subject_name - return the X509_NAME for the subject field 0357 */ 0358 X509_NAME *X509_get_subject_name(X509 *a); 0359 0360 /* 0361 * X509_get_issuer_name - return the X509_NAME for the issuer field 0362 */ 0363 X509_NAME *X509_get_issuer_name(X509 *a); 0364 0365 /* 0366 * X509_get0_signature - return X509 signature and signature algorithm 0367 */ 0368 void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); 0369 0370 /* 0371 * X509_STORE_add_lookup - add a lookup file/method to an X509 store 0372 */ 0373 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); 0374 0375 /* 0376 * X509_LOOKUP_file - Definition of the LOOKUP_file method 0377 */ 0378 X509_LOOKUP_METHOD *X509_LOOKUP_file(void); 0379 0380 /* 0381 * X509_LOOKUP_free - Free an X509_LOOKUP 0382 */ 0383 void X509_LOOKUP_free(X509_LOOKUP *x); 0384 0385 /* 0386 * X509_LOOKUP_ctrl - This is not normally called directly (use macros) 0387 */ 0388 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); 0389 0390 /* 0391 * X509_STORE_CTX_init - initialize an X509 STORE context 0392 */ 0393 void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain); 0394 0395 /* 0396 * CRYPTO_free - free up an internally allocated object 0397 */ 0398 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) 0399 void CRYPTO_free(void *x); 0400 #else 0401 void CRYPTO_free(void *x, const char *file, int line); 0402 #endif 0403 0404 /* 0405 * BIO_new - create new BIO 0406 */ 0407 BIO *BIO_new(BIO_METHOD *type); 0408 0409 /* 0410 * BIO methods - only one defined here yet 0411 */ 0412 BIO_METHOD *BIO_s_mem(void); 0413 0414 /* 0415 * BIO_new_fp - nastiness called BIO - used to create BIO* from FILE* 0416 */ 0417 BIO *BIO_new_fp(FILE *stream, int close_flag); 0418 0419 /* 0420 * BIO_new_mem_buf - read only BIO from memory region 0421 */ 0422 BIO *BIO_new_mem_buf(void *buf, int len); 0423 0424 /* 0425 * BIO_free - nastiness called BIO - used to destroy BIO* 0426 */ 0427 int BIO_free(BIO *a); 0428 0429 /* 0430 * BIO_ctrl - BIO control method 0431 */ 0432 long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); 0433 0434 /* 0435 * BIO_write - equivalent to ::write for BIO 0436 */ 0437 int BIO_write(BIO *b, const void *data, int len); 0438 0439 /* 0440 * PEM_write_bio_X509 - write a PEM encoded cert to a BIO* 0441 */ 0442 int PEM_write_bio_X509(BIO *bp, X509 *x); 0443 0444 /* 0445 * ASN1_item_i2d_fp - used for netscape output 0446 */ 0447 int ASN1_item_i2d_fp(FILE *out, unsigned char *x); 0448 0449 /* 0450 * ASN1_d2i_fp - read an X509 from a DER encoded file (buf can be NULL) 0451 */ 0452 X509 *X509_d2i_fp(FILE *out, X509 **buf); 0453 0454 /* 0455 * X509_print - print the text form of an X509 0456 */ 0457 int X509_print(FILE *fp, X509 *x); 0458 0459 /* 0460 * Read a PKCS#12 cert from fp 0461 */ 0462 PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); 0463 0464 /* 0465 * Change the password on a PKCS#12 cert 0466 */ 0467 int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); 0468 0469 /* 0470 * Write a PKCS#12 to mem 0471 */ 0472 int i2d_PKCS12(PKCS12 *p12, unsigned char **p); 0473 0474 /* 0475 * Write a PKCS#12 to FILE* 0476 */ 0477 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); 0478 0479 /* 0480 * Create a new PKCS#12 object 0481 */ 0482 PKCS12 *PKCS12_new(void); 0483 0484 /* 0485 * Destroy that PKCS#12 that you created! 0486 */ 0487 void PKCS12_free(PKCS12 *a); 0488 0489 /* 0490 * Parse the PKCS#12 0491 */ 0492 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, 0493 X509 **cert, STACK_OF(X509) **ca); 0494 0495 /* 0496 * Free the Private Key 0497 */ 0498 void EVP_PKEY_free(EVP_PKEY *x); 0499 0500 /* 0501 * Pop off the stack 0502 */ 0503 char *OPENSSL_sk_pop(STACK *s); 0504 0505 /* 0506 * Free the stack 0507 */ 0508 void OPENSSL_sk_free(STACK *s); 0509 0510 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 0511 void OPENSSL_sk_free(void *s) 0512 { 0513 return OPENSSL_sk_free(reinterpret_cast<STACK *>(s)); 0514 } 0515 #endif 0516 0517 /* 0518 * Number of elements in the stack 0519 */ 0520 int OPENSSL_sk_num(STACK *s); 0521 0522 /* 0523 * Value of element n in the stack 0524 */ 0525 char *OPENSSL_sk_value(STACK *s, int n); 0526 0527 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 0528 char *OPENSSL_sk_value(void *s, int n) 0529 { 0530 return OPENSSL_sk_value(reinterpret_cast<STACK *>(s), n); 0531 } 0532 #endif 0533 0534 /* 0535 * Create a new stack 0536 */ 0537 STACK *OPENSSL_sk_new(int (*cmp)()); 0538 0539 /* 0540 * Add an element to the stack 0541 */ 0542 int OPENSSL_sk_push(STACK *s, char *d); 0543 0544 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 0545 int OPENSSL_sk_push(void *s, void *d) 0546 { 0547 return OPENSSL_sk_push(reinterpret_cast<STACK *>(s), reinterpret_cast<char *>(d)); 0548 } 0549 #endif 0550 0551 /* 0552 * Duplicate the stack 0553 */ 0554 STACK *OPENSSL_sk_dup(STACK *s); 0555 0556 /* 0557 * Convert an ASN1_INTEGER to its text form 0558 */ 0559 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); 0560 0561 /* 0562 * Get the certificate's serial number 0563 */ 0564 ASN1_INTEGER *X509_get_serialNumber(X509 *x); 0565 0566 /* 0567 * Get the certificate's public key 0568 */ 0569 EVP_PKEY *X509_get_pubkey(X509 *x); 0570 0571 /* 0572 * Convert the public key to a decimal form 0573 */ 0574 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); 0575 0576 /* 0577 * Check the private key of a PKCS bundle against the X509 0578 */ 0579 int X509_check_private_key(X509 *x, EVP_PKEY *p); 0580 0581 /* 0582 * Convert a BIGNUM to a hex string 0583 */ 0584 char *BN_bn2hex(const BIGNUM *a); 0585 0586 /* 0587 * Compute the digest of an X.509 0588 */ 0589 int X509_digest(const X509 *x, const EVP_MD *t, unsigned char *md, unsigned int *len); 0590 0591 /* 0592 * EVP_md5 0593 */ 0594 EVP_MD *EVP_md5(); 0595 0596 /* 0597 * ASN1_INTEGER free 0598 */ 0599 void ASN1_INTEGER_free(ASN1_INTEGER *x); 0600 0601 /* 0602 * ASN1_STRING_data 0603 */ 0604 unsigned char *ASN1_STRING_data(ASN1_STRING *x); 0605 0606 /* 0607 * ASN1_STRING_length 0608 */ 0609 int ASN1_STRING_length(ASN1_STRING *x); 0610 0611 /* 0612 * 0613 */ 0614 int OBJ_obj2nid(ASN1_OBJECT *o); 0615 0616 /* 0617 * 0618 */ 0619 const char *OBJ_nid2ln(int n); 0620 0621 /* 0622 * get the number of extensions 0623 */ 0624 int X509_get_ext_count(X509 *x); 0625 0626 /* 0627 * 0628 */ 0629 int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); 0630 0631 /* 0632 * 0633 */ 0634 int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos); 0635 0636 /* 0637 * 0638 */ 0639 X509_EXTENSION *X509_get_ext(X509 *x, int loc); 0640 0641 /* 0642 * 0643 */ 0644 X509_EXTENSION *X509_delete_ext(X509 *x, int loc); 0645 0646 /* 0647 * 0648 */ 0649 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); 0650 0651 /* 0652 * 0653 */ 0654 void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); 0655 0656 /* 0657 * 0658 */ 0659 char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); 0660 0661 /* 0662 * 0663 */ 0664 int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); 0665 0666 /* 0667 * 0668 */ 0669 PKCS7 *PKCS7_new(void); 0670 0671 /* 0672 * 0673 */ 0674 void PKCS7_free(PKCS7 *a); 0675 0676 /* 0677 * 0678 */ 0679 void PKCS7_content_free(PKCS7 *a); 0680 0681 /* 0682 * 0683 */ 0684 int i2d_PKCS7(PKCS7 *a, unsigned char **pp); 0685 0686 /* 0687 * 0688 */ 0689 PKCS7 *d2i_PKCS7(PKCS7 **a, unsigned char **pp, long length); 0690 0691 /* 0692 * 0693 */ 0694 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); 0695 0696 /* 0697 * 0698 */ 0699 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); 0700 0701 /* 0702 * 0703 */ 0704 int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); 0705 0706 /* 0707 * 0708 */ 0709 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); 0710 0711 /* 0712 * 0713 */ 0714 PKCS7 *PKCS7_dup(PKCS7 *p7); 0715 0716 /* 0717 * Create a PKCS7 signature / signed message 0718 */ 0719 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, 0720 BIO *data, int flags); 0721 0722 /* 0723 * Verify a PKCS7 signature. 0724 */ 0725 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, 0726 BIO *indata, BIO *out, int flags); 0727 0728 /* 0729 * Get signers of a verified PKCS7 signature 0730 */ 0731 STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); 0732 0733 /* 0734 * PKCS7 encrypt message 0735 */ 0736 PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, 0737 int flags); 0738 0739 /* 0740 * decrypt PKCS7 message 0741 */ 0742 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); 0743 0744 /* 0745 * Load a CA list file. 0746 */ 0747 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 0748 0749 /* 0750 * Load a file of PEM encoded objects. 0751 */ 0752 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, 0753 pem_password_cb *cb, void *u); 0754 0755 /* 0756 * Get the number of purposes available 0757 */ 0758 int X509_PURPOSE_get_count(); 0759 0760 /* 0761 * Get the ID of a purpose 0762 */ 0763 int X509_PURPOSE_get_id(X509_PURPOSE *); 0764 0765 /* 0766 * Check the existence of purpose id "id" in x. for CA, set ca = 1, else 0 0767 */ 0768 int X509_check_purpose(X509 *x, int id, int ca); 0769 0770 /* 0771 * Get the purpose with index #idx 0772 */ 0773 X509_PURPOSE *X509_PURPOSE_get0(int idx); 0774 0775 /* 0776 * Create a new Private KEY 0777 */ 0778 EVP_PKEY *EVP_PKEY_new(); 0779 0780 /* 0781 * Assign a private key 0782 */ 0783 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key); 0784 0785 /* 0786 * Get key type 0787 */ 0788 int EVP_PKEY_base_id(EVP_PKEY *pkey); 0789 0790 RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); 0791 void RSA_get0_key(RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); 0792 DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); 0793 void DSA_get0_pqg(DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); 0794 void DSA_get0_key(DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key); 0795 0796 /* 0797 * Generate a RSA key 0798 */ 0799 RSA *RSA_generate_key(int bits, unsigned long e, void 0800 (*callback)(int, int, void *), void *cb_arg); 0801 0802 /* 0803 * Create/destroy a certificate request 0804 */ 0805 X509_REQ *X509_REQ_new(); 0806 void X509_REQ_free(X509_REQ *a); 0807 0808 /* 0809 * Set the public key in the REQ object 0810 */ 0811 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); 0812 0813 /* for testing */ 0814 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x); 0815 0816 /* SMime support */ 0817 STACK *X509_get1_email(X509 *x); 0818 void X509_email_free(STACK *sk); 0819 0820 /* Ciphers needed for SMime */ 0821 EVP_CIPHER *EVP_des_ede3_cbc(); 0822 EVP_CIPHER *EVP_des_cbc(); 0823 EVP_CIPHER *EVP_rc2_cbc(); 0824 EVP_CIPHER *EVP_rc2_64_cbc(); 0825 EVP_CIPHER *EVP_rc2_40_cbc(); 0826 0827 /* clear the current error - use this often*/ 0828 void ERR_clear_error(); 0829 0830 /* retrieve the latest error */ 0831 unsigned long ERR_get_error(); 0832 0833 /* Print the errors to this stream */ 0834 void ERR_print_errors_fp(FILE *fp); 0835 0836 /* Get a pointer to the SSL session id (reference counted) */ 0837 SSL_SESSION *SSL_get1_session(SSL *ssl); 0838 0839 /* Frees a pointer to the SSL session id (reference decremented if needed) */ 0840 void SSL_SESSION_free(SSL_SESSION *session); 0841 0842 /* Set the SSL session to reuse. */ 0843 int SSL_set_session(SSL *ssl, SSL_SESSION *session); 0844 0845 /* Decode ASN.1 to SSL_SESSION */ 0846 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length); 0847 /* Encode SSL_SESSION to ASN.1 */ 0848 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); 0849 0850 /* Write privatekey to FILE stream */ 0851 int i2d_PrivateKey_fp(FILE *, EVP_PKEY *); 0852 0853 /* Write PKCS#8privatekey to FILE stream */ 0854 int i2d_PKCS8PrivateKey_fp(FILE *, EVP_PKEY *, const EVP_CIPHER *, char *, int, pem_password_cb *, void *); 0855 0856 /* Free RSA structure */ 0857 void RSA_free(RSA *); 0858 0859 /* Get a blowfish CBC pointer */ 0860 EVP_CIPHER *EVP_bf_cbc(); 0861 0862 /* Sign a CSR */ 0863 int X509_REQ_sign(X509_REQ *, EVP_PKEY *, const EVP_MD *); 0864 0865 /* add a name entry */ 0866 int X509_NAME_add_entry_by_txt(X509_NAME *, char *, int, unsigned char *, int, int, int); 0867 0868 /* Create a name */ 0869 X509_NAME *X509_NAME_new(); 0870 0871 /* Set the subject */ 0872 int X509_REQ_set_subject_name(X509_REQ *, X509_NAME *); 0873 0874 /* get list of available SSL_CIPHER's sorted by preference */ 0875 STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); 0876 0877 #endif 0878 0879 private: 0880 friend class KOpenSSLProxyPrivate; 0881 KOpenSSLProxy(); 0882 ~KOpenSSLProxy(); 0883 KOpenSSLProxyPrivate *const d; 0884 }; 0885 0886 #endif