3059e8e2 | 2017-01-03 13:28:16 | Slávek Banko |
kcontrol/crypto: Use KOpenSSLProxy methods instead of direct calls SSL functions Signed-off-by: Slávek Banko <slavek.banko@...> (cherry picked from commit 48c6b8ff3d2cac37dccce46db29499a14fb025b1) |
||
M kcontrol/crypto/CMakeLists.txt M kcontrol/crypto/crypto.cpp |
||
diff --git a/kcontrol/crypto/CMakeLists.txt b/kcontrol/crypto/CMakeLists.txt index 414e6d6..4f0b43a 100644 --- a/kcontrol/crypto/CMakeLists.txt +++ b/kcontrol/crypto/CMakeLists.txt @@ -44,6 +44,6 @@ tde_add_kpart( kcm_crypto AUTOMOC SOURCES crypto.cpp certexport.cpp kdatetimedlg.cpp - LINK tdeio-shared ${SSL_LIBRARIES} + LINK tdeio-shared DESTINATION ${PLUGIN_INSTALL_DIR} ) diff --git a/kcontrol/crypto/crypto.cpp b/kcontrol/crypto/crypto.cpp index b6e8a42..7c011e4 100644 --- a/kcontrol/crypto/crypto.cpp +++ b/kcontrol/crypto/crypto.cpp @@ -1875,9 +1875,6 @@ return; #ifdef HAVE_SSL -#define sk_free KOSSL::self()->sk_free -#define sk_num KOSSL::self()->sk_num -#define sk_value KOSSL::self()->sk_value // First try to load using the OpenSSL method X509_STORE *certStore = KOSSL::self()->X509_STORE_new(); @@ -1887,8 +1884,8 @@ KOSSL::self()->X509_LOOKUP_load_file(certLookup, certFile.local8Bit(), X509_FILETYPE_PEM)) { - for (int i = 0; i < sk_X509_OBJECT_num(certStore->objs); i++) { - X509_OBJECT* x5o = sk_X509_OBJECT_value(certStore->objs, i); + for (int i = 0; i < KOSSL::self()->sk_num(certStore->objs); i++) { + X509_OBJECT* x5o = reinterpret_cast<X509_OBJECT*>(KOSSL::self()->sk_value(certStore->objs, i)); if (!x5o) continue; if (x5o->type != X509_LU_X509) continue; @@ -1957,7 +1954,7 @@ qf.open(IO_ReadOnly); qf.readLine(certtext, qf.size()); - if (certStore) { KOSSL::self()->X509_STORE_free(certStore); + if (certStore) { KOSSL::self()->sk_free(certStore); certStore = NULL; } if (certtext.contains("-----BEGIN CERTIFICATE-----")) { @@ -2029,12 +2026,9 @@ } - if (certStore) KOSSL::self()->X509_STORE_free(certStore); + if (certStore) KOSSL::self()->sk_free(certStore); configChanged(); -#undef sk_free -#undef sk_num -#undef sk_value #endif offerImportToKMail( certFile ); @@ -2356,80 +2350,75 @@ #ifdef HAVE_SSL -#if OPENSSL_VERSION_NUMBER >= 0x10000000L -#define SSL_CONST const -#else -#define SSL_CONST -#endif - // This gets all the available ciphers from OpenSSL bool KCryptoConfig::loadCiphers() { -unsigned int i; +unsigned int i, cnt; SSL_CTX *ctx; SSL *ssl; -SSL_CONST SSL_METHOD *meth; +SSL_METHOD *meth; +STACK_OF(SSL_CIPHER)* sk; SSLv2Box->clear(); SSLv3Box->clear(); CipherItem *item; #ifndef OPENSSL_NO_SSL2 - meth = SSLv2_client_method(); - SSLeay_add_ssl_algorithms(); - ctx = SSL_CTX_new(meth); + meth = KOSSL::self()->SSLv2_client_method(); + ctx = KOSSL::self()->SSL_CTX_new(meth); if (ctx == NULL) return false; - ssl = SSL_new(ctx); + ssl = KOSSL::self()->SSL_new(ctx); if (!ssl) return false; + sk = KOSSL::self()->SSL_get_ciphers(ssl); + cnt = KOSSL::self()->sk_num(sk); - for (i=0; ; i++) { + for (i = 0; i < cnt; i++) { int j, k; - SSL_CONST SSL_CIPHER *sc; - sc = (meth->get_cipher)(i); + SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(KOSSL::self()->sk_value(sk, i)); if (!sc) break; // Leak of sc*? - TQString scn(sc->name); + TQString scn(KOSSL::self()->SSL_CIPHER_get_name(sc)); if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) { continue; } - k = SSL_CIPHER_get_bits(sc, &j); + k = KOSSL::self()->SSL_CIPHER_get_bits(sc, &j); - item = new CipherItem( SSLv2Box, sc->name, k, j, this ); + item = new CipherItem( SSLv2Box, scn, k, j, this ); } - if (ctx) SSL_CTX_free(ctx); - if (ssl) SSL_free(ssl); + if (ctx) KOSSL::self()->SSL_CTX_free(ctx); + if (ssl) KOSSL::self()->SSL_free(ssl); #endif # ifndef OPENSSL_NO_SSL3_METHOD // We repeat for SSLv3 - meth = SSLv3_client_method(); - SSLeay_add_ssl_algorithms(); - ctx = SSL_CTX_new(meth); + meth = KOSSL::self()->SSLv3_client_method(); + ctx = KOSSL::self()->SSL_CTX_new(meth); if (ctx == NULL) return false; - ssl = SSL_new(ctx); + ssl = KOSSL::self()->SSL_new(ctx); if (!ssl) return false; + sk = KOSSL::self()->SSL_get_ciphers(ssl); + cnt = KOSSL::self()->sk_num(sk); - for (i=0; ; i++) { + for (i = 0; i < cnt; i++) { int j, k; - SSL_CONST SSL_CIPHER *sc; - sc = (meth->get_cipher)(i); + SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(KOSSL::self()->sk_value(sk, i)); if (!sc) break; // Leak of sc*? - TQString scn(sc->name); + TQString scn(KOSSL::self()->SSL_CIPHER_get_name(sc)); if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) { continue; } - k = SSL_CIPHER_get_bits(sc, &j); + k = KOSSL::self()->SSL_CIPHER_get_bits(sc, &j); - item = new CipherItem( SSLv3Box, sc->name, k, j, this ); + item = new CipherItem( SSLv3Box, scn, k, j, this ); } - if (ctx) SSL_CTX_free(ctx); - if (ssl) SSL_free(ssl); + if (ctx) KOSSL::self()->SSL_CTX_free(ctx); + if (ssl) KOSSL::self()->SSL_free(ssl); #endif return true; |
||
30f4e82a | 2017-01-03 13:30:13 | Slávek Banko |
Added support for OpenSSL 1.1 Signed-off-by: Slávek Banko <slavek.banko@...> (cherry picked from commit d9b4ee04db7e614a59470acc38a6482c15aed032) |
||
M kcontrol/crypto/crypto.cpp |
||
diff --git a/kcontrol/crypto/crypto.cpp b/kcontrol/crypto/crypto.cpp index 7c011e4..8da5c99 100644 --- a/kcontrol/crypto/crypto.cpp +++ b/kcontrol/crypto/crypto.cpp @@ -878,7 +878,7 @@ config->setGroup("SSLv2"); mUseSSLv2->setChecked(config->readBoolEntry("Enabled", true)); -#ifdef OPENSSL_NO_SSL2 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) mUseSSLv2->setChecked(false); mUseSSLv2->setEnabled(false); #endif @@ -933,7 +933,7 @@ item = static_cast<CipherItem *>(item->nextSibling()); } -#ifdef OPENSSL_NO_SSL2 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) SSLv2Box->setEnabled( false ); #else SSLv2Box->setEnabled( mUseSSLv2->isChecked() ); @@ -1050,7 +1050,7 @@ config->writeEntry("Enabled", mUseTLS->isChecked()); config->setGroup("SSLv2"); -#ifdef OPENSSL_NO_SSL2 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) config->writeEntry("Enabled", false); #else config->writeEntry("Enabled", mUseSSLv2->isChecked()); @@ -1293,7 +1293,7 @@ } mUseTLS->setChecked(true); -#ifdef OPENSSL_NO_SSL2 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) mUseSSLv2->setChecked(false); #else mUseSSLv2->setChecked(true); @@ -1354,7 +1354,7 @@ } mUseTLS->setChecked(true); -#ifdef OPENSSL_NO_SSL2 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2) mUseSSLv2->setChecked(false); #else mUseSSLv2->setChecked(true); @@ -1884,13 +1884,14 @@ KOSSL::self()->X509_LOOKUP_load_file(certLookup, certFile.local8Bit(), X509_FILETYPE_PEM)) { - for (int i = 0; i < KOSSL::self()->sk_num(certStore->objs); i++) { - X509_OBJECT* x5o = reinterpret_cast<X509_OBJECT*>(KOSSL::self()->sk_value(certStore->objs, i)); + STACK_OF(X509_OBJECT) *certStore_objs = KOSSL::self()->X509_STORE_get0_objects(certStore); + for (int i = 0; i < KOSSL::self()->OPENSSL_sk_num(certStore_objs); i++) { + X509_OBJECT* x5o = reinterpret_cast<X509_OBJECT*>(KOSSL::self()->OPENSSL_sk_value(certStore_objs, i)); if (!x5o) continue; - if (x5o->type != X509_LU_X509) continue; + if (KOSSL::self()->X509_OBJECT_get_type(x5o) != X509_LU_X509) continue; - X509 *x5 = x5o->data.x509; + X509 *x5 = KOSSL::self()->X509_OBJECT_get0_X509(x5o); if (!x5) continue; // Easier to use in this form @@ -1954,7 +1955,7 @@ qf.open(IO_ReadOnly); qf.readLine(certtext, qf.size()); - if (certStore) { KOSSL::self()->sk_free(certStore); + if (certStore) { KOSSL::self()->OPENSSL_sk_free(certStore); certStore = NULL; } if (certtext.contains("-----BEGIN CERTIFICATE-----")) { @@ -2026,7 +2027,7 @@ } - if (certStore) KOSSL::self()->sk_free(certStore); ** Diff limit reached (max: 250 lines) ** |