1 /**************************************************************************** 2 ** 3 ** Copyright (C) 2017 The Qt Company Ltd. 4 ** Contact: https://www.qt.io/licensing/ 5 ** 6 ** This file is part of the QtNetwork module of the Qt Toolkit. 7 ** 8 ** $QT_BEGIN_LICENSE:LGPL$ 9 ** Commercial License Usage 10 ** Licensees holding valid commercial Qt licenses may use this file in 11 ** accordance with the commercial license agreement provided with the 12 ** Software or, alternatively, in accordance with the terms contained in 13 ** a written agreement between you and The Qt Company. For licensing terms 14 ** and conditions see https://www.qt.io/terms-conditions. For further 15 ** information use the contact form at https://www.qt.io/contact-us. 16 ** 17 ** GNU Lesser General Public License Usage 18 ** Alternatively, this file may be used under the terms of the GNU Lesser 19 ** General Public License version 3 as published by the Free Software 20 ** Foundation and appearing in the file LICENSE.LGPL3 included in the 21 ** packaging of this file. Please review the following information to 22 ** ensure the GNU Lesser General Public License version 3 requirements 23 ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. 24 ** 25 ** GNU General Public License Usage 26 ** Alternatively, this file may be used under the terms of the GNU 27 ** General Public License version 2.0 or (at your option) the GNU General 28 ** Public license version 3 or any later version approved by the KDE Free 29 ** Qt Foundation. The licenses are as published by the Free Software 30 ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 31 ** included in the packaging of this file. Please review the following 32 ** information to ensure the GNU General Public License requirements will 33 ** be met: https://www.gnu.org/licenses/gpl-2.0.html and 34 ** https://www.gnu.org/licenses/gpl-3.0.html. 35 ** 36 ** $QT_END_LICENSE$ 37 ** 38 ****************************************************************************/ 39 40 /**************************************************************************** 41 ** 42 ** In addition, as a special exception, the copyright holders listed above give 43 ** permission to link the code of its release of Qt with the OpenSSL project's 44 ** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the 45 ** same license as the original version), and distribute the linked executables. 46 ** 47 ** You must comply with the GNU General Public License version 2 in all 48 ** respects for all of the code used other than the "OpenSSL" code. If you 49 ** modify this file, you may extend this exception to your version of the file, 50 ** but you are not obligated to do so. If you do not wish to do so, delete 51 ** this exception statement from your version of this file. 52 ** 53 ****************************************************************************/ 54 55 #ifndef QSSLSOCKET_OPENSSL_P_H 56 #define QSSLSOCKET_OPENSSL_P_H 57 58 // 59 // W A R N I N G 60 // ------------- 61 // 62 // This file is not part of the Qt API. It exists purely as an 63 // implementation detail. This header file may change from version to 64 // version without notice, or even be removed. 65 // 66 // We mean it. 67 // 68 69 #include <QtNetwork/private/qtnetworkglobal_p.h> 70 #include "qsslsocket_p.h" 71 72 #include <QtCore/qvector.h> 73 #include <QtCore/qstring.h> 74 75 #ifdef Q_OS_WIN 76 #include <qt_windows.h> 77 #if defined(OCSP_RESPONSE) 78 #undef OCSP_RESPONSE 79 #endif 80 #if defined(X509_NAME) 81 #undef X509_NAME 82 #endif 83 #endif // Q_OS_WIN 84 85 #include <openssl/asn1.h> 86 #include <openssl/bio.h> 87 #include <openssl/bn.h> 88 #include <openssl/err.h> 89 #include <openssl/evp.h> 90 #include <openssl/pem.h> 91 #include <openssl/pkcs12.h> 92 #include <openssl/pkcs7.h> 93 #include <openssl/rand.h> 94 #include <openssl/ssl.h> 95 #include <openssl/stack.h> 96 #include <openssl/x509.h> 97 #include <openssl/x509v3.h> 98 #include <openssl/x509_vfy.h> 99 #include <openssl/dsa.h> 100 #include <openssl/rsa.h> 101 #include <openssl/crypto.h> 102 #include <openssl/tls1.h> 103 104 #if QT_CONFIG(opensslv11) 105 #include <openssl/dh.h> 106 #endif 107 108 QT_BEGIN_NAMESPACE 109 110 struct QSslErrorEntry { 111 int code; 112 int depth; 113 114 static QSslErrorEntry fromStoreContext(X509_STORE_CTX *ctx); 115 }; 116 Q_DECLARE_TYPEINFO(QSslErrorEntry, Q_PRIMITIVE_TYPE); 117 118 class QSslSocketBackendPrivate : public QSslSocketPrivate 119 { 120 Q_DECLARE_PUBLIC(QSslSocket) 121 public: 122 QSslSocketBackendPrivate(); 123 virtual ~QSslSocketBackendPrivate(); 124 125 // SSL context 126 bool initSslContext(); 127 void destroySslContext(); 128 SSL *ssl; 129 BIO *readBio; 130 BIO *writeBio; 131 SSL_SESSION *session; 132 QVector<QSslErrorEntry> errorList; 133 static int s_indexForSSLExtraData; // index used in SSL_get_ex_data to get the matching QSslSocketBackendPrivate 134 135 bool inSetAndEmitError = false; 136 137 // Platform specific functions 138 void startClientEncryption() override; 139 void startServerEncryption() override; 140 void transmit() override; 141 bool startHandshake(); 142 void disconnectFromHost() override; 143 void disconnected() override; 144 QSslCipher sessionCipher() const override; 145 QSsl::SslProtocol sessionProtocol() const override; 146 void continueHandshake() override; 147 bool checkSslErrors(); 148 void storePeerCertificates(); 149 int handleNewSessionTicket(SSL *context); 150 unsigned int tlsPskClientCallback(const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len); 151 unsigned int tlsPskServerCallback(const char *identity, unsigned char *psk, unsigned int max_psk_len); 152 #ifdef Q_OS_WIN 153 void fetchCaRootForCert(const QSslCertificate &cert); 154 void _q_caRootLoaded(QSslCertificate,QSslCertificate) override; 155 #endif 156 157 #if QT_CONFIG(ocsp) 158 bool checkOcspStatus(); 159 #endif 160 161 // This decription will go to setErrorAndEmit(SslHandshakeError, ocspErrorDescription) 162 QString ocspErrorDescription; 163 // These will go to sslErrors() 164 QVector<QSslError> ocspErrors; 165 QByteArray ocspResponseDer; 166 167 Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); 168 static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher); 169 static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509); 170 static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName); 171 static QList<QSslError> verify(const QList<QSslCertificate> &cas, const QList<QSslCertificate> &certificateChain, 172 const QString &hostName); 173 static QString getErrorsFromOpenSsl(); 174 static void logAndClearErrorQueue(); 175 static bool importPkcs12(QIODevice *device, 176 QSslKey *key, QSslCertificate *cert, 177 QList<QSslCertificate> *caCertificates, 178 const QByteArray &passPhrase); 179 static QString msgErrorsDuringHandshake(); 180 }; 181 182 QT_END_NAMESPACE 183 184 #endif 185