diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2021-03-25 12:41:08 +0100 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2021-04-22 22:51:54 +0200 |
commit | d385158d5213ef568b7629e2aa4a818016bbffac (patch) | |
tree | 2c111b462fe39dffacb3c7f5cdd8db269f87ed6c /src/plugins/tls/openssl/qtls_openssl_p.h | |
parent | 6b1a7341fed4b9456ea6bfa2de7412d45ef56c65 (diff) |
Move plugin code from QtNetwork to qtbase/plugins
All TLS (and non-TLS) backends that QSsl classes rely
on are now in plugins/tls (as openssl, securetransport,
schannel and certonly plugins).
For now, I have to disable some tests that were using OpenSSL
calls - this to be refactored/re-thought. These include:
qsslsocket auto-test (test-case where we work with private keys),
qsslkey auto-test (similar to qsslsocket - test-case working with
keys using OpenSSL calls).
qasn1element moved to plugins too, so its auto-test have to
be re-thought.
Since now we can have more than one working TLS-backend on a given
platform, the presence of OpenSSL also means I force this backend
as active before running tests, to make sure features implemented
only in OpenSSL-backend are tested.
OCSP auto test is disabled for now, since it heavily relies on
OpenSSL symbols (to be refactored).
[ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend
if it is available.
[ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore,
depending on a platform, more than one TLS backend can be built. E.g., configuring
Qt with -openssl does not prevent SecureTransport or Schannel plugin from being
built.
Fixes: QTBUG-91928
Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/plugins/tls/openssl/qtls_openssl_p.h')
-rw-r--r-- | src/plugins/tls/openssl/qtls_openssl_p.h | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/src/plugins/tls/openssl/qtls_openssl_p.h b/src/plugins/tls/openssl/qtls_openssl_p.h new file mode 100644 index 0000000000..48c9223f99 --- /dev/null +++ b/src/plugins/tls/openssl/qtls_openssl_p.h @@ -0,0 +1,170 @@ +/**************************************************************************** +** +** Copyright (C) 2021 The Qt Company Ltd. +** Contact: https://www.qt.io/licensing/ +** +** This file is part of the QtNetwork module of the Qt Toolkit. +** +** $QT_BEGIN_LICENSE:LGPL$ +** Commercial License Usage +** Licensees holding valid commercial Qt licenses may use this file in +** accordance with the commercial license agreement provided with the +** Software or, alternatively, in accordance with the terms contained in +** a written agreement between you and The Qt Company. For licensing terms +** and conditions see https://www.qt.io/terms-conditions. For further +** information use the contact form at https://www.qt.io/contact-us. +** +** GNU Lesser General Public License Usage +** Alternatively, this file may be used under the terms of the GNU Lesser +** General Public License version 3 as published by the Free Software +** Foundation and appearing in the file LICENSE.LGPL3 included in the +** packaging of this file. Please review the following information to +** ensure the GNU Lesser General Public License version 3 requirements +** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. +** +** GNU General Public License Usage +** Alternatively, this file may be used under the terms of the GNU +** General Public License version 2.0 or (at your option) the GNU General +** Public license version 3 or any later version approved by the KDE Free +** Qt Foundation. The licenses are as published by the Free Software +** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 +** included in the packaging of this file. Please review the following +** information to ensure the GNU General Public License requirements will +** be met: https://www.gnu.org/licenses/gpl-2.0.html and +** https://www.gnu.org/licenses/gpl-3.0.html. +** +** $QT_END_LICENSE$ +** +****************************************************************************/ + +#ifndef QTLS_OPENSSL_P_H +#define QTLS_OPENSSL_P_H + +// +// W A R N I N G +// ------------- +// +// This file is not part of the Qt API. It exists purely as an +// implementation detail. This header file may change from version to +// version without notice, or even be removed. +// +// We mean it. +// + +#include <QtNetwork/private/qtnetworkglobal_p.h> + +#include "qtlsbackend_openssl_p.h" +#include "qsslcontext_openssl_p.h" +#include "qopenssl_p.h" + +#include <QtNetwork/qsslcertificate.h> +#include <QtNetwork/qocspresponse.h> + +#include <QtCore/qsharedpointer.h> +#include <QtCore/qbytearray.h> +#include <QtCore/qglobal.h> +#include <QtCore/qlist.h> + +QT_BEGIN_NAMESPACE + +namespace QTlsPrivate { + +class TlsCryptographOpenSSL : public TlsCryptograph +{ +public: + enum ExDataOffset { + errorOffsetInExData = 1, + socketOffsetInExData = 2 + }; + + ~TlsCryptographOpenSSL(); + + void init(QSslSocket *qObj, QSslSocketPrivate *dObj) override; + void checkSettingSslContext(QSharedPointer<QSslContext> tlsContext) override; + QSharedPointer<QSslContext> sslContext() const override; + + QList<QSslError> tlsErrors() const override; + + void startClientEncryption() override; + void startServerEncryption() override; + bool startHandshake(); + void enableHandshakeContinuation() override; + void cancelCAFetch() override; + void continueHandshake() override; + void transmit() override; + void disconnectFromHost() override; + void disconnected() override; + QSslCipher sessionCipher() const override; + QSsl::SslProtocol sessionProtocol() const override; + QList<QOcspResponse> ocsps() const override; + + bool checkSslErrors(); + int handleNewSessionTicket(SSL *connection); + + void alertMessageSent(int encoded); + void alertMessageReceived(int encoded); + + int emitErrorFromCallback(X509_STORE_CTX *ctx); + void trySendFatalAlert(); + +#if QT_CONFIG(ocsp) + bool checkOcspStatus(); +#endif + + QSslSocket *q = nullptr; + QSslSocketPrivate *d = nullptr; + + void storePeerCertificates(); + + unsigned pskClientTlsCallback(const char *hint, char *identity, unsigned max_identity_len, + unsigned char *psk, unsigned max_psk_len); + unsigned pskServerTlsCallback(const char *identity, unsigned char *psk, + unsigned max_psk_len); + +#ifdef Q_OS_WIN + void fetchCaRootForCert(const QSslCertificate &cert); + void caRootLoaded(QSslCertificate certificate, QSslCertificate trustedRoot); +#endif + + QByteArray ocspResponseDer; +private: + // TLSTODO: names were preserved, to make comparison + // easier (see qsslsocket_openssl.cpp, while it exists). + bool initSslContext(); + void destroySslContext(); + + QSharedPointer<QSslContext> sslContextPointer; + SSL *ssl = nullptr; // TLSTODO: RAII. + + QList<QSslErrorEntry> errorList; + QList<QSslError> sslErrors; + + BIO *readBio = nullptr; + BIO *writeBio = nullptr; + + QList<QOcspResponse> ocspResponses; + + // This decription will go to setErrorAndEmit(SslHandshakeError, ocspErrorDescription) + QString ocspErrorDescription; + // These will go to sslErrors() + QList<QSslError> ocspErrors; + + bool systemOrSslErrorDetected = false; + bool handshakeInterrupted = false; + + bool fetchAuthorityInformation = false; + QSslCertificate caToFetch; + + bool inSetAndEmitError = false; + bool pendingFatalAlert = false; + bool errorsReportedFromCallback = false; + + bool shutdown = false; +}; + +} // namespace QTlsPrivate + +QT_END_NAMESPACE + +#endif // QTLS_OPENSSL_P_H + |