diff options
Diffstat (limited to 'src/network/ssl/qdtls_openssl.cpp')
-rw-r--r-- | src/network/ssl/qdtls_openssl.cpp | 44 |
1 files changed, 18 insertions, 26 deletions
diff --git a/src/network/ssl/qdtls_openssl.cpp b/src/network/ssl/qdtls_openssl.cpp index a60a6cb53c..374839458c 100644 --- a/src/network/ssl/qdtls_openssl.cpp +++ b/src/network/ssl/qdtls_openssl.cpp @@ -44,7 +44,6 @@ #include "qsslpresharedkeyauthenticator_p.h" #include "qsslsocket_openssl_symbols_p.h" -#include "qsslsocket_openssl_p.h" #include "qsslcertificate_p.h" #include "qdtls_openssl_p.h" #include "qx509_openssl_p.h" @@ -198,7 +197,7 @@ extern "C" int q_generate_cookie_callback(SSL *ssl, unsigned char *dst, return 0; } - void *generic = q_SSL_get_ex_data(ssl, QSslSocketBackendPrivate::s_indexForSSLExtraData); + void *generic = q_SSL_get_ex_data(ssl, QTlsBackendOpenSSL::s_indexForSSLExtraData); if (!generic) { qCWarning(lcSsl, "SSL_get_ex_data returned nullptr, cannot generate cookie"); return 0; @@ -252,7 +251,7 @@ extern "C" int q_X509DtlsCallback(int ok, X509_STORE_CTX *ctx) return 0; } - void *generic = q_SSL_get_ex_data(ssl, QSslSocketBackendPrivate::s_indexForSSLExtraData); + void *generic = q_SSL_get_ex_data(ssl, QTlsBackendOpenSSL::s_indexForSSLExtraData); if (!generic) { qCWarning(lcSsl, "SSL_get_ex_data returned nullptr, handshake failure"); return 0; @@ -273,7 +272,7 @@ extern "C" unsigned q_PSK_client_callback(SSL *ssl, const char *hint, char *iden unsigned max_psk_len) { auto *dtls = static_cast<dtlsopenssl::DtlsState *>(q_SSL_get_ex_data(ssl, - QSslSocketBackendPrivate::s_indexForSSLExtraData)); + QTlsBackendOpenSSL::s_indexForSSLExtraData)); if (!dtls) return 0; @@ -285,7 +284,7 @@ extern "C" unsigned q_PSK_server_callback(SSL *ssl, const char *identity, unsign unsigned max_psk_len) { auto *dtls = static_cast<dtlsopenssl::DtlsState *>(q_SSL_get_ex_data(ssl, - QSslSocketBackendPrivate::s_indexForSSLExtraData)); + QTlsBackendOpenSSL::s_indexForSSLExtraData)); if (!dtls) return 0; @@ -693,7 +692,7 @@ bool DtlsState::initCtxAndConnection(QDtlsBasePrivate *dtlsBase) } const int set = q_SSL_set_ex_data(newConnection.data(), - QSslSocketBackendPrivate::s_indexForSSLExtraData, + QTlsBackendOpenSSL::s_indexForSSLExtraData, this); if (set != 1 && configurationCopy->peerVerifyMode != QSslSocket::VerifyNone) { @@ -815,7 +814,7 @@ bool QDtlsClientVerifierOpenSSL::verifyClient(QUdpSocket *socket, const QByteArr const int ret = q_DTLSv1_listen(dtls.tlsConnection.data(), peer.data()); if (ret < 0) { // Since 1.1 - it's a fatal error (not so in 1.0.2 for non-blocking socket) - setDtlsError(QDtlsError::TlsFatalError, QSslSocketBackendPrivate::getErrorsFromOpenSsl()); + setDtlsError(QDtlsError::TlsFatalError, QTlsBackendOpenSSL::getErrorsFromOpenSsl()); return false; } @@ -1031,7 +1030,7 @@ bool QDtlsPrivateOpenSSL::continueHandshake(QUdpSocket *socket, const QByteArray default: storePeerCertificates(); setDtlsError(QDtlsError::TlsFatalError, - QSslSocketBackendPrivate::msgErrorsDuringHandshake()); + QTlsBackendOpenSSL::msgErrorsDuringHandshake()); dtls.reset(); handshakeState = QDtls::HandshakeNotStarted; return false; @@ -1192,7 +1191,7 @@ qint64 QDtlsPrivateOpenSSL::writeDatagramEncrypted(QUdpSocket *socket, // DTLSTODO: we don't know yet what to do. Tests needed - probably, // some errors can be just ignored (it's UDP, not TCP after all). // Unlike QSslSocket we do not abort though. - QString description(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); + QString description(QTlsBackendOpenSSL::getErrorsFromOpenSsl()); if (socket->error() != QAbstractSocket::UnknownSocketError && description.isEmpty()) { setDtlsError(QDtlsError::UnderlyingSocketError, socket->errorString()); } else { @@ -1258,7 +1257,7 @@ QByteArray QDtlsPrivateOpenSSL::decryptDatagram(QUdpSocket *socket, const QByteA default: setDtlsError(QDtlsError::TlsNonFatalError, QDtls::tr("Error while reading: %1") - .arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl())); + .arg(QTlsBackendOpenSSL::getErrorsFromOpenSsl())); return dgram; } } @@ -1276,15 +1275,10 @@ unsigned QDtlsPrivateOpenSSL::pskClientCallback(const char *hint, char *identity if (hint) { identityHint.clear(); identityHint.append(hint); - // From the original code in QSslSocket: - // "it's NULL terminated, but do not include the NULL" == this fromRawData(ptr/size). - authenticator.d->identityHint = QByteArray::fromRawData(identityHint.constData(), - int(std::strlen(hint))); } - authenticator.d->maximumIdentityLength = int(max_identity_len) - 1; // needs to be NULL terminated - authenticator.d->maximumPreSharedKeyLength = int(max_psk_len); - + QTlsBackend::setupClientPskAuth(&authenticator, hint ? identityHint.constData() : nullptr, + hint ? std::strlen(hint) : 0, max_identity_len, max_psk_len); pskAuthenticator.swap(authenticator); } @@ -1314,11 +1308,8 @@ unsigned QDtlsPrivateOpenSSL::pskServerCallback(const char *identity, unsigned c { QSslPreSharedKeyAuthenticator authenticator; // Fill in some read-only fields (for the user) - authenticator.d->identityHint = dtlsConfiguration.preSharedKeyIdentityHint; - authenticator.d->identity = identity; - authenticator.d->maximumIdentityLength = 0; // user cannot set an identity - authenticator.d->maximumPreSharedKeyLength = int(max_psk_len); - + QTlsBackend::setupServerPskAuth(&authenticator, identity, dtlsConfiguration.preSharedKeyIdentityHint, + max_psk_len); pskAuthenticator.swap(authenticator); } @@ -1367,7 +1358,7 @@ bool QDtlsPrivateOpenSSL::verifyPeer() name = dtls.udpSocket->peerName(); } - if (!QSslSocketPrivate::isMatchingHostname(dtlsConfiguration.peerCertificate, name)) + if (!QTlsPrivate::TlsCryptograph::isMatchingHostname(dtlsConfiguration.peerCertificate, name)) errors << QSslError(QSslError::HostNameMismatch, dtlsConfiguration.peerCertificate); } @@ -1418,9 +1409,10 @@ void QDtlsPrivateOpenSSL::fetchNegotiatedParameters() { Q_ASSERT(dtls.tlsConnection.data()); - const SSL_CIPHER *cipher = q_SSL_get_current_cipher(dtls.tlsConnection.data()); - sessionCipher = cipher ? QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher) - : QSslCipher(); + if (const SSL_CIPHER *cipher = q_SSL_get_current_cipher(dtls.tlsConnection.data())) + sessionCipher = QTlsBackendOpenSSL::qt_OpenSSL_cipher_to_QSslCipher(cipher); + else + sessionCipher = {}; // Note: cipher's protocol version will be reported as either TLS 1.0 or // TLS 1.2, that's how it's set by OpenSSL (and that's what they are?). |