Move plugin code from QtNetwork to qtbase/plugins

All TLS (and non-TLS) backends that QSsl classes rely on are now in plugins/tls (as openssl, securetransport, schannel and certonly plugins). For now, I have to disable some tests that were using OpenSSL calls - this to be refactored/re-thought. These include: qsslsocket auto-test (test-case where we work with private keys), qsslkey auto-test (similar to qsslsocket - test-case working with keys using OpenSSL calls). qasn1element moved to plugins too, so its auto-test have to be re-thought. Since now we can have more than one working TLS-backend on a given platform, the presence of OpenSSL also means I force this backend as active before running tests, to make sure features implemented only in OpenSSL-backend are tested. OCSP auto test is disabled for now, since it heavily relies on OpenSSL symbols (to be refactored). [ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend if it is available. [ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore, depending on a platform, more than one TLS backend can be built. E.g., configuring Qt with -openssl does not prevent SecureTransport or Schannel plugin from being built. Fixes: QTBUG-91928 Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2021-03-25 12:41:08 +0100
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2021-04-22 22:51:54 +0200
commit: d385158d5213ef568b7629e2aa4a818016bbffac (patch)
tree: 2c111b462fe39dffacb3c7f5cdd8db269f87ed6c /src/plugins/tls/openssl/qtls_openssl_p.h
parent: 6b1a7341fed4b9456ea6bfa2de7412d45ef56c65 (diff)
1 files changed, 170 insertions, 0 deletions
diff --git a/src/plugins/tls/openssl/qtls_openssl_p.h b/src/plugins/tls/openssl/qtls_openssl_p.h
new file mode 100644
index 0000000000..48c9223f99
--- /dev/null
+++ b/src/plugins/tls/openssl/qtls_openssl_p.h
@@ -0,0 +1,170 @@
+/****************************************************************************
+**
+** Copyright (C) 2021 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtNetwork module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPL3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or (at your option) the GNU General
+** Public license version 3 or any later version approved by the KDE Free
+** Qt Foundation. The licenses are as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-2.0.html and
+** https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef QTLS_OPENSSL_P_H
+#define QTLS_OPENSSL_P_H
+
+//
+//  W A R N I N G
+//  -------------
+//
+// This file is not part of the Qt API.  It exists purely as an
+// implementation detail.  This header file may change from version to
+// version without notice, or even be removed.
+//
+// We mean it.
+//
+
+#include <QtNetwork/private/qtnetworkglobal_p.h>
+
+#include "qtlsbackend_openssl_p.h"
+#include "qsslcontext_openssl_p.h"
+#include "qopenssl_p.h"
+
+#include <QtNetwork/qsslcertificate.h>
+#include <QtNetwork/qocspresponse.h>
+
+#include <QtCore/qsharedpointer.h>
+#include <QtCore/qbytearray.h>
+#include <QtCore/qglobal.h>
+#include <QtCore/qlist.h>
+
+QT_BEGIN_NAMESPACE
+
+namespace QTlsPrivate {
+
+class TlsCryptographOpenSSL : public TlsCryptograph
+{
+public:
+    enum ExDataOffset {
+        errorOffsetInExData = 1,
+        socketOffsetInExData = 2
+    };
+
+    ~TlsCryptographOpenSSL();
+
+    void init(QSslSocket *qObj, QSslSocketPrivate *dObj) override;
+    void checkSettingSslContext(QSharedPointer<QSslContext> tlsContext) override;
+    QSharedPointer<QSslContext> sslContext() const override;
+
+    QList<QSslError> tlsErrors() const override;
+
+    void startClientEncryption() override;
+    void startServerEncryption() override;
+    bool startHandshake();
+    void enableHandshakeContinuation() override;
+    void cancelCAFetch() override;
+    void continueHandshake() override;
+    void transmit() override;
+    void disconnectFromHost() override;
+    void disconnected() override;
+    QSslCipher sessionCipher() const override;
+    QSsl::SslProtocol sessionProtocol() const override;
+    QList<QOcspResponse> ocsps() const override;
+
+    bool checkSslErrors();
+    int handleNewSessionTicket(SSL *connection);
+
+    void alertMessageSent(int encoded);
+    void alertMessageReceived(int encoded);
+
+    int emitErrorFromCallback(X509_STORE_CTX *ctx);
+    void trySendFatalAlert();
+
+#if QT_CONFIG(ocsp)
+    bool checkOcspStatus();
+#endif
+
+    QSslSocket *q = nullptr;
+    QSslSocketPrivate *d = nullptr;
+
+    void storePeerCertificates();
+
+    unsigned pskClientTlsCallback(const char *hint, char *identity, unsigned max_identity_len,
+                                 unsigned char *psk, unsigned max_psk_len);
+    unsigned pskServerTlsCallback(const char *identity, unsigned char *psk,
+                                  unsigned max_psk_len);
+
+#ifdef Q_OS_WIN
+    void fetchCaRootForCert(const QSslCertificate &cert);
+    void caRootLoaded(QSslCertificate certificate, QSslCertificate trustedRoot);
+#endif
+
+    QByteArray ocspResponseDer;
+private:
+    // TLSTODO: names were preserved, to make comparison
+    // easier (see qsslsocket_openssl.cpp, while it exists).
+    bool initSslContext();
+    void destroySslContext();
+
+    QSharedPointer<QSslContext> sslContextPointer;
+    SSL *ssl = nullptr; // TLSTODO: RAII.
+
+    QList<QSslErrorEntry> errorList;
+    QList<QSslError> sslErrors;
+
+    BIO *readBio = nullptr;
+    BIO *writeBio = nullptr;
+
+    QList<QOcspResponse> ocspResponses;
+
+    // This decription will go to setErrorAndEmit(SslHandshakeError, ocspErrorDescription)
+    QString ocspErrorDescription;
+    // These will go to sslErrors()
+    QList<QSslError> ocspErrors;
+
+    bool systemOrSslErrorDetected = false;
+    bool handshakeInterrupted = false;
+
+    bool fetchAuthorityInformation = false;
+    QSslCertificate caToFetch;
+
+    bool inSetAndEmitError = false;
+    bool pendingFatalAlert = false;
+    bool errorsReportedFromCallback = false;
+
+    bool shutdown = false;
+};
+
+} // namespace QTlsPrivate
+
+QT_END_NAMESPACE
+
+#endif // QTLS_OPENSSL_P_H
+
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2021-03-25 12:41:08 +0100
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2021-04-22 22:51:54 +0200
commit	d385158d5213ef568b7629e2aa4a818016bbffac (patch)
tree	2c111b462fe39dffacb3c7f5cdd8db269f87ed6c /src/plugins/tls/openssl/qtls_openssl_p.h
parent	6b1a7341fed4b9456ea6bfa2de7412d45ef56c65 (diff)