| 3059e8e2 | 2017-01-03 13:28:16 | Slávek Banko |
kcontrol/crypto: Use KOpenSSLProxy methods instead of direct calls SSL functions Signed-off-by: Slávek Banko <slavek.banko@...> (cherry picked from commit 48c6b8ff3d2cac37dccce46db29499a14fb025b1) |
||
|
M kcontrol/crypto/CMakeLists.txt M kcontrol/crypto/crypto.cpp |
||
diff --git a/kcontrol/crypto/CMakeLists.txt b/kcontrol/crypto/CMakeLists.txt
index 414e6d6..4f0b43a 100644
--- a/kcontrol/crypto/CMakeLists.txt
+++ b/kcontrol/crypto/CMakeLists.txt
@@ -44,6 +44,6 @@
tde_add_kpart( kcm_crypto AUTOMOC
SOURCES crypto.cpp certexport.cpp kdatetimedlg.cpp
- LINK tdeio-shared ${SSL_LIBRARIES}
+ LINK tdeio-shared
DESTINATION ${PLUGIN_INSTALL_DIR}
)
diff --git a/kcontrol/crypto/crypto.cpp b/kcontrol/crypto/crypto.cpp
index b6e8a42..7c011e4 100644
--- a/kcontrol/crypto/crypto.cpp
+++ b/kcontrol/crypto/crypto.cpp
@@ -1875,9 +1875,6 @@
return;
#ifdef HAVE_SSL
-#define sk_free KOSSL::self()->sk_free
-#define sk_num KOSSL::self()->sk_num
-#define sk_value KOSSL::self()->sk_value
// First try to load using the OpenSSL method
X509_STORE *certStore = KOSSL::self()->X509_STORE_new();
@@ -1887,8 +1884,8 @@
KOSSL::self()->X509_LOOKUP_load_file(certLookup,
certFile.local8Bit(),
X509_FILETYPE_PEM)) {
- for (int i = 0; i < sk_X509_OBJECT_num(certStore->objs); i++) {
- X509_OBJECT* x5o = sk_X509_OBJECT_value(certStore->objs, i);
+ for (int i = 0; i < KOSSL::self()->sk_num(certStore->objs); i++) {
+ X509_OBJECT* x5o = reinterpret_cast<X509_OBJECT*>(KOSSL::self()->sk_value(certStore->objs, i));
if (!x5o) continue;
if (x5o->type != X509_LU_X509) continue;
@@ -1957,7 +1954,7 @@
qf.open(IO_ReadOnly);
qf.readLine(certtext, qf.size());
- if (certStore) { KOSSL::self()->X509_STORE_free(certStore);
+ if (certStore) { KOSSL::self()->sk_free(certStore);
certStore = NULL; }
if (certtext.contains("-----BEGIN CERTIFICATE-----")) {
@@ -2029,12 +2026,9 @@
}
- if (certStore) KOSSL::self()->X509_STORE_free(certStore);
+ if (certStore) KOSSL::self()->sk_free(certStore);
configChanged();
-#undef sk_free
-#undef sk_num
-#undef sk_value
#endif
offerImportToKMail( certFile );
@@ -2356,80 +2350,75 @@
#ifdef HAVE_SSL
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-#define SSL_CONST const
-#else
-#define SSL_CONST
-#endif
-
// This gets all the available ciphers from OpenSSL
bool KCryptoConfig::loadCiphers() {
-unsigned int i;
+unsigned int i, cnt;
SSL_CTX *ctx;
SSL *ssl;
-SSL_CONST SSL_METHOD *meth;
+SSL_METHOD *meth;
+STACK_OF(SSL_CIPHER)* sk;
SSLv2Box->clear();
SSLv3Box->clear();
CipherItem *item;
#ifndef OPENSSL_NO_SSL2
- meth = SSLv2_client_method();
- SSLeay_add_ssl_algorithms();
- ctx = SSL_CTX_new(meth);
+ meth = KOSSL::self()->SSLv2_client_method();
+ ctx = KOSSL::self()->SSL_CTX_new(meth);
if (ctx == NULL) return false;
- ssl = SSL_new(ctx);
+ ssl = KOSSL::self()->SSL_new(ctx);
if (!ssl) return false;
+ sk = KOSSL::self()->SSL_get_ciphers(ssl);
+ cnt = KOSSL::self()->sk_num(sk);
- for (i=0; ; i++) {
+ for (i = 0; i < cnt; i++) {
int j, k;
- SSL_CONST SSL_CIPHER *sc;
- sc = (meth->get_cipher)(i);
+ SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(KOSSL::self()->sk_value(sk, i));
if (!sc)
break;
// Leak of sc*?
- TQString scn(sc->name);
+ TQString scn(KOSSL::self()->SSL_CIPHER_get_name(sc));
if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) {
continue;
}
- k = SSL_CIPHER_get_bits(sc, &j);
+ k = KOSSL::self()->SSL_CIPHER_get_bits(sc, &j);
- item = new CipherItem( SSLv2Box, sc->name, k, j, this );
+ item = new CipherItem( SSLv2Box, scn, k, j, this );
}
- if (ctx) SSL_CTX_free(ctx);
- if (ssl) SSL_free(ssl);
+ if (ctx) KOSSL::self()->SSL_CTX_free(ctx);
+ if (ssl) KOSSL::self()->SSL_free(ssl);
#endif
# ifndef OPENSSL_NO_SSL3_METHOD
// We repeat for SSLv3
- meth = SSLv3_client_method();
- SSLeay_add_ssl_algorithms();
- ctx = SSL_CTX_new(meth);
+ meth = KOSSL::self()->SSLv3_client_method();
+ ctx = KOSSL::self()->SSL_CTX_new(meth);
if (ctx == NULL) return false;
- ssl = SSL_new(ctx);
+ ssl = KOSSL::self()->SSL_new(ctx);
if (!ssl) return false;
+ sk = KOSSL::self()->SSL_get_ciphers(ssl);
+ cnt = KOSSL::self()->sk_num(sk);
- for (i=0; ; i++) {
+ for (i = 0; i < cnt; i++) {
int j, k;
- SSL_CONST SSL_CIPHER *sc;
- sc = (meth->get_cipher)(i);
+ SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(KOSSL::self()->sk_value(sk, i));
if (!sc)
break;
// Leak of sc*?
- TQString scn(sc->name);
+ TQString scn(KOSSL::self()->SSL_CIPHER_get_name(sc));
if (scn.contains("ADH-") || scn.contains("NULL-") || scn.contains("DES-CBC3-SHA") || scn.contains("FZA-")) {
continue;
}
- k = SSL_CIPHER_get_bits(sc, &j);
+ k = KOSSL::self()->SSL_CIPHER_get_bits(sc, &j);
- item = new CipherItem( SSLv3Box, sc->name, k, j, this );
+ item = new CipherItem( SSLv3Box, scn, k, j, this );
}
- if (ctx) SSL_CTX_free(ctx);
- if (ssl) SSL_free(ssl);
+ if (ctx) KOSSL::self()->SSL_CTX_free(ctx);
+ if (ssl) KOSSL::self()->SSL_free(ssl);
#endif
return true;
|
||
| 30f4e82a | 2017-01-03 13:30:13 | Slávek Banko |
Added support for OpenSSL 1.1 Signed-off-by: Slávek Banko <slavek.banko@...> (cherry picked from commit d9b4ee04db7e614a59470acc38a6482c15aed032) |
||
|
M kcontrol/crypto/crypto.cpp |
||
diff --git a/kcontrol/crypto/crypto.cpp b/kcontrol/crypto/crypto.cpp
index 7c011e4..8da5c99 100644
--- a/kcontrol/crypto/crypto.cpp
+++ b/kcontrol/crypto/crypto.cpp
@@ -878,7 +878,7 @@
config->setGroup("SSLv2");
mUseSSLv2->setChecked(config->readBoolEntry("Enabled", true));
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
mUseSSLv2->setChecked(false);
mUseSSLv2->setEnabled(false);
#endif
@@ -933,7 +933,7 @@
item = static_cast<CipherItem *>(item->nextSibling());
}
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
SSLv2Box->setEnabled( false );
#else
SSLv2Box->setEnabled( mUseSSLv2->isChecked() );
@@ -1050,7 +1050,7 @@
config->writeEntry("Enabled", mUseTLS->isChecked());
config->setGroup("SSLv2");
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
config->writeEntry("Enabled", false);
#else
config->writeEntry("Enabled", mUseSSLv2->isChecked());
@@ -1293,7 +1293,7 @@
}
mUseTLS->setChecked(true);
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
mUseSSLv2->setChecked(false);
#else
mUseSSLv2->setChecked(true);
@@ -1354,7 +1354,7 @@
}
mUseTLS->setChecked(true);
-#ifdef OPENSSL_NO_SSL2
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
mUseSSLv2->setChecked(false);
#else
mUseSSLv2->setChecked(true);
@@ -1884,13 +1884,14 @@
KOSSL::self()->X509_LOOKUP_load_file(certLookup,
certFile.local8Bit(),
X509_FILETYPE_PEM)) {
- for (int i = 0; i < KOSSL::self()->sk_num(certStore->objs); i++) {
- X509_OBJECT* x5o = reinterpret_cast<X509_OBJECT*>(KOSSL::self()->sk_value(certStore->objs, i));
+ STACK_OF(X509_OBJECT) *certStore_objs = KOSSL::self()->X509_STORE_get0_objects(certStore);
+ for (int i = 0; i < KOSSL::self()->OPENSSL_sk_num(certStore_objs); i++) {
+ X509_OBJECT* x5o = reinterpret_cast<X509_OBJECT*>(KOSSL::self()->OPENSSL_sk_value(certStore_objs, i));
if (!x5o) continue;
- if (x5o->type != X509_LU_X509) continue;
+ if (KOSSL::self()->X509_OBJECT_get_type(x5o) != X509_LU_X509) continue;
- X509 *x5 = x5o->data.x509;
+ X509 *x5 = KOSSL::self()->X509_OBJECT_get0_X509(x5o);
if (!x5) continue;
// Easier to use in this form
@@ -1954,7 +1955,7 @@
qf.open(IO_ReadOnly);
qf.readLine(certtext, qf.size());
- if (certStore) { KOSSL::self()->sk_free(certStore);
+ if (certStore) { KOSSL::self()->OPENSSL_sk_free(certStore);
certStore = NULL; }
if (certtext.contains("-----BEGIN CERTIFICATE-----")) {
@@ -2026,7 +2027,7 @@
}
- if (certStore) KOSSL::self()->sk_free(certStore);
** Diff limit reached (max: 250 lines) **
|
||