1
//=============================================================================
4
// Creation date : Mon May 27 2002 21:36:12 CEST by Szymon Stefanek
6
// This file is part of the KVIrc irc client distribution
7
// Copyright (C) 2002-2010 Szymon Stefanek (pragma at kvirc dot net)
9
// This program is FREE software. You can redistribute it and/or
10
// modify it under the terms of the GNU General Public License
11
// as published by the Free Software Foundation; either version 2
12
// of the License, or (at your opinion) any later version.
14
// This program is distributed in the HOPE that it will be USEFUL,
15
// but WITHOUT ANY WARRANTY; without even the implied warranty of
16
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
17
// See the GNU General Public License for more details.
19
// You should have received a copy of the GNU General Public License
20
// along with this program. If not, write to the Free Software Foundation,
21
// Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23
//=============================================================================
28
#include "KviLocale.h"
30
#ifdef COMPILE_SSL_SUPPORT
32
#include "KviThread.h"
33
#include "KviMemory.h"
34
#include "KviMemory.h"
36
#include <openssl/asn1.h>
37
#include <openssl/err.h>
38
#include <openssl/dh.h>
42
#if !(defined(COMPILE_ON_WINDOWS) || defined(COMPILE_ON_MINGW))
46
static bool g_bSSLInitialized = false;
47
static KviMutex * g_pSSLMutex = 0;
50
static inline void my_ssl_lock()
55
static inline void my_ssl_unlock()
57
g_pSSLMutex->unlock();
61
// THIS PART OF OpenSSL SUCKS
63
static DH * dh_512 = 0;
64
static DH * dh_1024 = 0;
65
static DH * dh_2048 = 0;
66
static DH * dh_4096 = 0;
68
static unsigned char dh512_p[]={
69
0x90,0x86,0xDD,0x06,0xE8,0x0F,0x10,0x86,0xF0,0x91,0xC5,0x55,
70
0x4D,0x6B,0xAF,0x69,0x4F,0x01,0xED,0xF9,0x57,0x8F,0x3B,0xB8,
71
0x9C,0x87,0xAE,0x85,0xC1,0xBF,0x57,0xA5,0xD5,0xBA,0x81,0x24,
72
0xE7,0x99,0xE3,0xF6,0xCD,0xB4,0x41,0xB7,0x7F,0x6E,0x7B,0xB1,
73
0xD2,0xF3,0xE9,0x0F,0xB9,0x0E,0x4D,0xEB,0x9D,0xD4,0xA9,0xE5,
76
static unsigned char dh512_g[]={ 0x05 };
78
static unsigned char dh1024_p[]={
79
0xA5,0x4C,0xB9,0xB9,0xC4,0x35,0x88,0x68,0x9B,0x79,0x48,0x6C,
80
0x21,0xA7,0x8E,0xE2,0x9C,0xAF,0x2F,0x04,0xBF,0x45,0xBC,0xF5,
81
0xAB,0x35,0x86,0xC8,0xBB,0x9B,0x75,0x18,0x7C,0x9B,0xAB,0xE8,
82
0x52,0x7F,0x57,0x3E,0xD8,0x65,0x7D,0x2B,0xE1,0x6D,0x3D,0xA5,
83
0x32,0xE8,0xA0,0x2B,0x7A,0x58,0x6B,0x47,0x16,0x4E,0xB1,0xFC,
84
0x09,0xB7,0x7C,0xC6,0xE9,0x6E,0xC7,0xC7,0xA1,0x42,0x0F,0x4B,
85
0x43,0xFB,0x58,0xBA,0xC7,0x66,0xD6,0xCA,0x6B,0xC7,0x45,0x7C,
86
0x99,0xE4,0x46,0x02,0x93,0x3F,0x28,0xD2,0xCE,0x0C,0x8A,0xDD,
87
0x6A,0x22,0x2E,0xA9,0x9A,0xCA,0x16,0x48,0x4E,0x67,0x4C,0xE9,
88
0xC8,0x54,0xCD,0x18,0xC9,0xF3,0x30,0x3A,0x74,0xAB,0xF9,0xAF,
89
0xE4,0xA4,0x0D,0x56,0x62,0x28,0x07,0xBF
91
static unsigned char dh1024_g[]={ 0x05 };
93
static unsigned char dh2048_p[]={
94
0xBF,0x67,0x7B,0x79,0xA5,0x22,0xD3,0xB5,0x0C,0x13,0xE6,0x92,
95
0x54,0xFD,0x64,0xBF,0x57,0x25,0xBD,0x02,0x7C,0xFD,0x72,0x97,
96
0x82,0xA4,0xA6,0x0A,0xB9,0xE6,0x4B,0xFA,0xBD,0xFA,0x71,0x8A,
97
0x2E,0x36,0xF9,0x03,0x58,0x1B,0xB6,0x3A,0xFD,0x15,0xCC,0x87,
98
0x5D,0x04,0xF7,0x45,0xE0,0xE2,0x34,0x7F,0x54,0x5F,0x5D,0x14,
99
0xD3,0xCA,0x3E,0xFD,0x2A,0x92,0x10,0x89,0xA0,0xB0,0xB4,0xE5,
100
0x80,0x05,0x13,0xBE,0xA3,0xD0,0x42,0x4B,0x98,0x44,0x54,0xB3,
101
0xE0,0x23,0x26,0xF5,0x6B,0x0E,0x4D,0x2A,0x81,0xB2,0x8A,0x06,
102
0xC8,0x00,0x9E,0xAB,0x1B,0x77,0xDC,0x87,0x9C,0x6C,0xD5,0xEE,
103
0xB4,0xB4,0xDD,0xDA,0x3F,0x40,0xA3,0xFA,0xC1,0x1E,0xC0,0xA2,
104
0x9E,0xB8,0xAC,0x31,0xE8,0x12,0x93,0x9C,0x71,0xF6,0xE7,0xF0,
105
0x65,0x7F,0xA5,0x20,0xF7,0x49,0x3D,0xD6,0xF9,0xD3,0xF0,0x3F,
106
0xB3,0xF0,0xD0,0x23,0x22,0x82,0xA5,0xDD,0xFB,0xD9,0x9C,0x7D,
107
0xE7,0xA0,0x78,0xE8,0xF9,0x02,0x0C,0x2F,0x1D,0x52,0xC7,0x61,
108
0xED,0xA0,0xC9,0x06,0x14,0xDF,0xE7,0xB1,0x1E,0x50,0x98,0x4F,
109
0x10,0xB9,0x87,0x4C,0x1C,0x9C,0xB3,0xD2,0x98,0x23,0x7C,0x47,
110
0xD2,0x3C,0xC5,0x29,0x65,0xC5,0x67,0x4E,0xC0,0x76,0x0F,0x43,
111
0x27,0x28,0x89,0x69,0x30,0x7D,0x04,0xFD,0xF7,0x89,0xE5,0xD6,
112
0xE6,0x97,0x7D,0xBB,0x54,0x5F,0xB7,0x94,0x1D,0xBC,0x82,0xAB,
113
0x9A,0xF5,0x0A,0x0C,0x89,0x68,0xE7,0x0A,0x8C,0x2D,0x0D,0x82,
114
0x44,0xA7,0xB8,0xF9,0x0B,0x8E,0xCB,0xA4,0x6A,0xA7,0xEC,0x5F,
117
static unsigned char dh2048_g[]={ 0x05 };
119
static unsigned char dh4096_p[]={
120
0xFA,0x14,0x72,0x52,0xC1,0x4D,0xE1,0x5A,0x49,0xD4,0xEF,0x09,
121
0x2D,0xC0,0xA8,0xFD,0x55,0xAB,0xD7,0xD9,0x37,0x04,0x28,0x09,
122
0xE2,0xE9,0x3E,0x77,0xE2,0xA1,0x7A,0x18,0xDD,0x46,0xA3,0x43,
123
0x37,0x23,0x90,0x97,0xF3,0x0E,0xC9,0x03,0x50,0x7D,0x65,0xCF,
124
0x78,0x62,0xA6,0x3A,0x62,0x22,0x83,0xA1,0x2F,0xFE,0x79,0xBA,
125
0x35,0xFF,0x59,0xD8,0x1D,0x61,0xDD,0x1E,0x21,0x13,0x17,0xFE,
126
0xCD,0x38,0x87,0x9E,0xF5,0x4F,0x79,0x10,0x61,0x8D,0xD4,0x22,
127
0xF3,0x5A,0xED,0x5D,0xEA,0x21,0xE9,0x33,0x6B,0x48,0x12,0x0A,
128
0x20,0x77,0xD4,0x25,0x60,0x61,0xDE,0xF6,0xB4,0x4F,0x1C,0x63,
129
0x40,0x8B,0x3A,0x21,0x93,0x8B,0x79,0x53,0x51,0x2C,0xCA,0xB3,
130
0x7B,0x29,0x56,0xA8,0xC7,0xF8,0xF4,0x7B,0x08,0x5E,0xA6,0xDC,
131
0xA2,0x45,0x12,0x56,0xDD,0x41,0x92,0xF2,0xDD,0x5B,0x8F,0x23,
132
0xF0,0xF3,0xEF,0xE4,0x3B,0x0A,0x44,0xDD,0xED,0x96,0x84,0xF1,
133
0xA8,0x32,0x46,0xA3,0xDB,0x4A,0xBE,0x3D,0x45,0xBA,0x4E,0xF8,
134
0x03,0xE5,0xDD,0x6B,0x59,0x0D,0x84,0x1E,0xCA,0x16,0x5A,0x8C,
135
0xC8,0xDF,0x7C,0x54,0x44,0xC4,0x27,0xA7,0x3B,0x2A,0x97,0xCE,
136
0xA3,0x7D,0x26,0x9C,0xAD,0xF4,0xC2,0xAC,0x37,0x4B,0xC3,0xAD,
137
0x68,0x84,0x7F,0x99,0xA6,0x17,0xEF,0x6B,0x46,0x3A,0x7A,0x36,
138
0x7A,0x11,0x43,0x92,0xAD,0xE9,0x9C,0xFB,0x44,0x6C,0x3D,0x82,
139
0x49,0xCC,0x5C,0x6A,0x52,0x42,0xF8,0x42,0xFB,0x44,0xF9,0x39,
140
0x73,0xFB,0x60,0x79,0x3B,0xC2,0x9E,0x0B,0xDC,0xD4,0xA6,0x67,
141
0xF7,0x66,0x3F,0xFC,0x42,0x3B,0x1B,0xDB,0x4F,0x66,0xDC,0xA5,
142
0x8F,0x66,0xF9,0xEA,0xC1,0xED,0x31,0xFB,0x48,0xA1,0x82,0x7D,
143
0xF8,0xE0,0xCC,0xB1,0xC7,0x03,0xE4,0xF8,0xB3,0xFE,0xB7,0xA3,
144
0x13,0x73,0xA6,0x7B,0xC1,0x0E,0x39,0xC7,0x94,0x48,0x26,0x00,
145
0x85,0x79,0xFC,0x6F,0x7A,0xAF,0xC5,0x52,0x35,0x75,0xD7,0x75,
146
0xA4,0x40,0xFA,0x14,0x74,0x61,0x16,0xF2,0xEB,0x67,0x11,0x6F,
147
0x04,0x43,0x3D,0x11,0x14,0x4C,0xA7,0x94,0x2A,0x39,0xA1,0xC9,
148
0x90,0xCF,0x83,0xC6,0xFF,0x02,0x8F,0xA3,0x2A,0xAC,0x26,0xDF,
149
0x0B,0x8B,0xBE,0x64,0x4A,0xF1,0xA1,0xDC,0xEE,0xBA,0xC8,0x03,
150
0x82,0xF6,0x62,0x2C,0x5D,0xB6,0xBB,0x13,0x19,0x6E,0x86,0xC5,
151
0x5B,0x2B,0x5E,0x3A,0xF3,0xB3,0x28,0x6B,0x70,0x71,0x3A,0x8E,
152
0xFF,0x5C,0x15,0xE6,0x02,0xA4,0xCE,0xED,0x59,0x56,0xCC,0x15,
153
0x51,0x07,0x79,0x1A,0x0F,0x25,0x26,0x27,0x30,0xA9,0x15,0xB2,
154
0xC8,0xD4,0x5C,0xCC,0x30,0xE8,0x1B,0xD8,0xD5,0x0F,0x19,0xA8,
155
0x80,0xA4,0xC7,0x01,0xAA,0x8B,0xBA,0x53,0xBB,0x47,0xC2,0x1F,
156
0x6B,0x54,0xB0,0x17,0x60,0xED,0x79,0x21,0x95,0xB6,0x05,0x84,
157
0x37,0xC8,0x03,0xA4,0xDD,0xD1,0x06,0x69,0x8F,0x4C,0x39,0xE0,
158
0xC8,0x5D,0x83,0x1D,0xBE,0x6A,0x9A,0x99,0xF3,0x9F,0x0B,0x45,
159
0x29,0xD4,0xCB,0x29,0x66,0xEE,0x1E,0x7E,0x3D,0xD7,0x13,0x4E,
160
0xDB,0x90,0x90,0x58,0xCB,0x5E,0x9B,0xCD,0x2E,0x2B,0x0F,0xA9,
161
0x4E,0x78,0xAC,0x05,0x11,0x7F,0xE3,0x9E,0x27,0xD4,0x99,0xE1,
162
0xB9,0xBD,0x78,0xE1,0x84,0x41,0xA0,0xDF
164
static unsigned char dh4096_g[]={ 0x02 };
166
static DH * my_get_dh(int keylength)
169
unsigned char * p = 0;
170
unsigned char * g = 0;
179
sp = sizeof(dh512_p);
180
sg = sizeof(dh512_g);
186
sp = sizeof(dh1024_p);
187
sg = sizeof(dh1024_g);
193
sp = sizeof(dh2048_p);
194
sg = sizeof(dh2048_g);
200
sp = sizeof(dh4096_p);
201
sg = sizeof(dh4096_g);
204
// What the hell do you want from me ?
205
qDebug("OpenSSL is asking for a DH param with keylen %d: no way :D",keylength);
213
dh->p=BN_bin2bn(p,sp,0);
214
dh->g=BN_bin2bn(g,sg,0);
215
if((dh->p == 0) || (dh->g == 0))
223
DH * my_ugly_dh_callback(SSL *, int, int keylength)
226
DH *dh = my_get_dh(keylength);
231
void KviSSL::globalInit()
233
if(g_pSSLMutex)return;
234
g_pSSLMutex = new KviMutex();
237
void KviSSL::globalDestroy()
239
if(!g_pSSLMutex)return;
240
if(dh_512)DH_free(dh_512);
241
if(dh_1024)DH_free(dh_1024);
242
if(dh_2048)DH_free(dh_2048);
243
if(dh_4096)DH_free(dh_4096);
249
void KviSSL::globalSSLInit()
252
if(!g_bSSLInitialized)
254
// FIXME: this should be done only if SSL is really needed
256
SSL_load_error_strings();
257
//needed to support SHA2 in < OpenSSL 0.9.8o and 1.0.0a
258
OpenSSL_add_all_algorithms();
259
g_bSSLInitialized = true;
264
void KviSSL::globalSSLDestroy()
267
if(g_bSSLInitialized)
270
g_bSSLInitialized = false;
287
#ifdef COMPILE_ON_WINDOWS
289
// On windows we need to override new and delete operators
290
// to ensure that always the right new/delete pair is called for an object instance
291
// This bug is present in all the classes exported by a module that
292
// can be instantiated/destroyed from external modules.
293
// (this is a well known bug described in Q122675 of MSDN)
295
void * KviSSL::operator new(size_t tSize)
297
return KviMemory::allocate(tSize);
300
void KviSSL::operator delete(void * p)
307
void KviSSL::shutdown()
311
#if !(defined(COMPILE_ON_WINDOWS) || defined(COMPILE_ON_MINGW))
312
//avoid to die on a SIGPIPE if the connection has close (SSL_shutdown can call send())
314
signal( SIGPIPE, SIG_IGN );
315
// At least attempt to shutdown the connection gracefully
316
SSL_shutdown(m_pSSL);
317
//restore normal SIGPIPE behaviour.
318
signal( SIGPIPE, SIG_DFL );
320
// At least attempt to shutdown the connection gracefully
321
SSL_shutdown(m_pSSL);
328
SSL_CTX_free(m_pSSLCtx);
334
* Used only during passive (server) mode
335
* Check the client certificate, always valid, even if it not exists
337
int verify_clientCallback(int, X509_STORE_CTX *)
339
//int preverify_ok, X509_STORE_CTX *x509_ctx
340
// From man page: If verify_callback returns 1, the verification process is continued. If verify_callback always returns 1,
341
// the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established.
345
bool KviSSL::initContext(Method m)
347
if(m_pSSL)return false;
348
m_pSSLCtx = SSL_CTX_new(m == Client ? SSLv23_client_method() : SSLv23_server_method());
349
if(!m_pSSLCtx)return false;
353
// we have to request the peer certificate, else only the client can see the peer identity, not the server
354
SSL_CTX_set_verify(m_pSSLCtx, SSL_VERIFY_PEER, verify_clientCallback);
357
// we want all ciphers to be available here, except insecure ones, orderer by strength;
358
// ADH are moved to the end since they are less secure, but they don't need a certificate
359
// (so we can use secure dcc without a cert)
360
// NOTE: see bug ticket #155
361
SSL_CTX_set_cipher_list(m_pSSLCtx,"ALL:!eNULL:!EXP:!SSLv2:+ADH@STRENGTH");
362
SSL_CTX_set_tmp_dh_callback(m_pSSLCtx,my_ugly_dh_callback);
366
bool KviSSL::initSocket(kvi_socket_t fd)
368
if(!m_pSSLCtx)return false;
369
m_pSSL = SSL_new(m_pSSLCtx);
370
if(!m_pSSL)return false;
371
if(!SSL_set_fd(m_pSSL,fd))return false;
376
static int cb(char *buf, int size, int, void *u)
378
KviCString * p = (KviCString *)u;
380
if(len >= size)return 0;
381
KviMemory::move(buf,p->ptr(),len + 1);
382
// qDebug("PASS REQYESTED: %s",p->ptr());
386
KviSSL::Result KviSSL::useCertificateFile(const char * cert,const char * pass)
388
if(!m_pSSLCtx)return NotInitialized;
390
if(m_szPass.len() < 4)m_szPass.append("xxxx");
393
FILE * f = fopen(cert,"r");
397
// qDebug("READING CERTIFICATE %s",cert);
398
if(PEM_read_X509(f,&x509,cb,&m_szPass))
400
if(!SSL_CTX_use_certificate(m_pSSLCtx,x509))
414
KviSSL::Result KviSSL::usePrivateKeyFile(const char * key,const char * pass)
416
if(!m_pSSLCtx)return NotInitialized;
418
if(m_szPass.len() < 4)m_szPass.append("xxxx");
422
FILE * f = fopen(key,"r");
426
// qDebug("READING KEY %s",key);
427
if(PEM_read_PrivateKey(f,&k,cb,&m_szPass))
429
if(!SSL_CTX_use_PrivateKey(m_pSSLCtx,k))
442
unsigned long KviSSL::getLastError(bool bPeek)
444
return bPeek ? ERR_peek_error() : ERR_get_error();
447
bool KviSSL::getLastErrorString(KviCString &buffer,bool bPeek)
449
unsigned long uErr = getLastError(bPeek);
452
const char * err = ERR_reason_error_string(uErr);
453
buffer = err ? err : "Unknown error";
459
KviSSL::Result KviSSL::connect()
461
if(!m_pSSL)return NotInitialized;
462
int ret = SSL_connect(m_pSSL);
463
return connectOrAcceptError(ret);
466
KviSSL::Result KviSSL::accept()
468
if(!m_pSSL)return NotInitialized;
469
int ret = SSL_accept(m_pSSL);
470
return connectOrAcceptError(ret);
473
KviSSL::Result KviSSL::connectOrAcceptError(int ret)
475
switch(SSL_get_error(m_pSSL,ret))
477
case SSL_ERROR_NONE: return Success; break;
478
case SSL_ERROR_WANT_READ: return WantRead; break;
479
case SSL_ERROR_WANT_WRITE: return WantWrite; break;
480
case SSL_ERROR_ZERO_RETURN: return RemoteEndClosedConnection; break;
481
case SSL_ERROR_WANT_X509_LOOKUP: return ObscureError; break;
482
case SSL_ERROR_SYSCALL:
484
if(getLastError(true) != 0)return SSLError;
485
if(ret == 0)return RemoteEndClosedConnection;
489
case SSL_ERROR_SSL: return SSLError; break;
490
default: return UnknownError; break;
495
int KviSSL::read(char * buffer,int len)
497
// if(!m_pSSL)return -1;
498
return SSL_read(m_pSSL,buffer,len);
500
int KviSSL::write(const char * buffer,int len)
502
// if(!m_pSSL)return -1;
503
return SSL_write(m_pSSL,buffer,len);
506
KviSSL::Result KviSSL::getProtocolError(int ret)
508
if(!m_pSSL)return NotInitialized;
509
switch(SSL_get_error(m_pSSL,ret))
511
case SSL_ERROR_NONE: return Success; break;
512
case SSL_ERROR_WANT_READ: return WantRead; break;
513
case SSL_ERROR_WANT_WRITE: return WantWrite; break;
514
case SSL_ERROR_ZERO_RETURN: return ZeroReturn; break;
515
case SSL_ERROR_WANT_X509_LOOKUP: return ObscureError; break;
516
case SSL_ERROR_SYSCALL: return SyscallError; break;
517
case SSL_ERROR_SSL: return SSLError; break;
518
default: return UnknownError; break;
523
KviSSLCertificate * KviSSL::getPeerCertificate()
526
X509 * x509 = SSL_get_peer_certificate(m_pSSL);
528
return new KviSSLCertificate(x509);
531
KviSSLCertificate * KviSSL::getLocalCertificate()
534
X509 * x509 = SSL_get_certificate(m_pSSL);
536
return new KviSSLCertificate(x509);
539
KviSSLCipherInfo * KviSSL::getCurrentCipherInfo()
542
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
543
const SSL_CIPHER * c = SSL_get_current_cipher(m_pSSL);
545
SSL_CIPHER * c = SSL_get_current_cipher(m_pSSL);
548
return new KviSSLCipherInfo(c);
553
KviSSLCertificate::KviSSLCertificate(X509 * x509)
555
m_pSubject = new KviPointerHashTable<const char *,KviCString>(17);
556
m_pSubject->setAutoDelete(true);
557
m_pIssuer = new KviPointerHashTable<const char *,KviCString>(17);
558
m_pIssuer->setAutoDelete(true);
563
KviSSLCertificate::~KviSSLCertificate()
570
const char * KviSSLCertificate::getX509Base64()
573
BIO* mem = BIO_new(BIO_s_mem());
574
PEM_write_bio_X509(mem, m_pX509);
575
int iLen = BIO_get_mem_data(mem, &bptr);
576
char * szTmp = (char *) KviMemory::allocate(iLen+1);
577
KviMemory::copy(szTmp, bptr, iLen);
578
*(szTmp+iLen) = '\0';
583
#ifdef COMPILE_ON_WINDOWS
585
// On windows we need to override new and delete operators
586
// to ensure that always the right new/delete pair is called for an object instance
587
// This bug is present in all the classes exported by a module that
588
// can be instantiated/destroyed from external modules.
589
// (this is a well known bug described in Q122675 of MSDN)
591
void * KviSSLCertificate::operator new(size_t tSize)
593
return KviMemory::allocate(tSize);
596
void KviSSLCertificate::operator delete(void * p)
603
void KviSSLCertificate::setX509(X509 * x509)
605
if(m_pX509)X509_free(m_pX509);
607
m_iVersion = X509_get_version(x509);
611
extractSerialNumber();
615
bool KviSSLCertificate::fingerprintIsValid()
620
EVP_PKEY * pkey = X509_get_pubkey(m_pX509);
621
int rv = X509_verify(m_pX509, pkey);
623
// careful: https://support.ntp.org/bugs/show_bug.cgi?id=1127
624
// quote: X509_verify is a call to ASN1_item_verify which can return both 0 and -1 for error cases.
625
// In particular it can return -1 when the message digest type is not known, or memory allocation failed.
629
int KviSSLCertificate::fingerprintDigestId()
634
int NID = OBJ_obj2nid(m_pX509->sig_alg->algorithm);
635
if (NID == NID_undef)
637
// unknow digest function: it means the signature can't be verified: the certificate can't be trusted
641
const EVP_MD * mdType = NULL;
642
mdType = EVP_get_digestbyname(OBJ_nid2sn(NID));
653
const char * KviSSLCertificate::fingerprintDigestStr()
655
int iDigestType = fingerprintDigestId();
660
return OBJ_nid2ln(iDigestType);
663
const char * KviSSLCertificate::fingerprintContents(QString digestName)
665
unsigned char bufferData[EVP_MAX_MD_SIZE];
666
unsigned int bufferLen = 0;
667
const char * pDigestName;
668
if (digestName.isEmpty())
670
// use the one used to create the signature
671
pDigestName = OBJ_nid2sn(fingerprintDigestId());
673
pDigestName = digestName.toUtf8().data();
676
if(getFingerprint(bufferData, &bufferLen, pDigestName) != 0)
679
QByteArray digestByteArray = QByteArray::fromRawData((char *) bufferData, bufferLen);
680
return digestByteArray.toHex().data();
683
int KviSSLCertificate::getFingerprint(unsigned char * bufferData, unsigned int * bufferLen, const char * digestName)
685
//TODO if in the future we will want to check the return value, ensure this
686
// doesn't collide with the one from openssl
690
const EVP_MD * mdType = NULL;
691
mdType = EVP_get_digestbyname(digestName);
699
if (!X509_digest(m_pX509, mdType, bufferData, bufferLen))
707
void KviSSLCertificate::extractSubject()
710
char * t = X509_NAME_oneline(X509_get_subject_name(m_pX509),buffer,1024);
713
splitX509String(m_pSubject,t);
716
void KviSSLCertificate::extractIssuer()
719
char * t = X509_NAME_oneline(X509_get_issuer_name(m_pX509),buffer,1024);
722
splitX509String(m_pIssuer,t);
725
void KviSSLCertificate::splitX509String(KviPointerHashTable<const char *,KviCString> * dict,const char * t)
729
KviCString ** arr = buf.splitToArray('/',50,&cnt);
734
for(int i=0;i<cnt;i++)
736
int idx = arr[i]->findFirstIdx('=');
739
KviCString szTok = arr[i]->left(idx);
740
arr[i]->cutLeft(idx + 1);
741
if(szTok.hasData() && arr[i]->hasData())
743
dict->replace(szTok.ptr(),new KviCString(arr[i]->ptr()));
749
KviCString::freeArray(arr);
754
const char * KviSSLCertificate::dictEntry(KviPointerHashTable<const char *,KviCString> * dict,const char * entry)
756
KviCString * t = dict->find(entry);
757
if(!t)return __tr("Unknown");
763
void KviSSLCertificate::getPKeyType(int type,KviCString &buffer)
768
case EVP_PKEY_RSA: buffer = "RSA"; break;
771
case EVP_PKEY_DSA: buffer = "DSA"; break;
774
case EVP_PKEY_DH: buffer = "DH"; break;
776
case EVP_PKEY_NONE: buffer = "NONE"; break;
781
void KviSSLCertificate::extractPubKeyInfo()
783
EVP_PKEY *p = X509_get_pubkey(m_pX509);
786
m_iPubKeyBits = EVP_PKEY_bits(p);
787
m_szPubKeyType = (p->type == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(p->type);
788
// getPKeyType(p->type,m_szPubKeyType);
791
m_szPubKeyType = "None";
796
void KviSSLCertificate::extractSerialNumber()
798
ASN1_INTEGER * i = X509_get_serialNumber(m_pX509);
799
if(i)m_iSerialNumber = ASN1_INTEGER_get(i);
800
else m_iSerialNumber = -1;
803
void KviSSLCertificate::extractSignature()
805
static char hexdigits[] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
807
//getPKeyType(X509_get_signature_type(m_pX509),m_szSignatureType);
809
int i = OBJ_obj2nid(m_pX509->sig_alg->algorithm);
810
m_szSignatureType = (i == NID_undef) ? __tr("Unknown") : OBJ_nid2ln(i);
812
m_szSignatureContents = "";
814
for(i = 0;i < m_pX509->signature->length;i++)
816
if(m_szSignatureContents.hasData())m_szSignatureContents.append(":");
817
m_szSignatureContents.append(hexdigits[(m_pX509->signature->data[i] & 0xf0) >> 4]);
818
m_szSignatureContents.append(hexdigits[(m_pX509->signature->data[i] & 0x0f)]);
823
const char * KviSSLCertificate::verify()
829
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
830
KviSSLCipherInfo::KviSSLCipherInfo(const SSL_CIPHER * c)
832
KviSSLCipherInfo::KviSSLCipherInfo(SSL_CIPHER * c)
835
m_szVersion = SSL_CIPHER_get_version(c);
836
m_iNumBitsUsed = SSL_CIPHER_get_bits(c,&m_iNumBits);
837
m_szName = SSL_CIPHER_get_name(c);
839
m_szDescription = SSL_CIPHER_description(c,buf,1024);
842
KviSSLCipherInfo::~KviSSLCipherInfo()
846
#ifdef COMPILE_ON_WINDOWS
848
// On windows we need to override new and delete operators
849
// to ensure that always the right new/delete pair is called for an object instance
850
// This bug is present in all the classes exported by a module that
851
// can be instantiated/destroyed from external modules.
852
// (this is a well known bug described in Q122675 of MSDN)
854
void * KviSSLCipherInfo::operator new(size_t tSize)
856
return KviMemory::allocate(tSize);
859
void KviSSLCipherInfo::operator delete(void * p)
866
#endif //COMPILE_SSL_SUPPORT