From e1861cb6811f7bac405ece204407ca46c000a453 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sl=C3=A1vek=20Banko?= <slavek.banko@axis.cz>
Date: Sun, 1 Jan 2017 19:35:39 +0100
Subject: Added support for OpenSSL 1.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Some KOpenSSLProxy methods have been renamed to be consistent
with OpenSSL 1.1 API names and to prevent hidden API changes.
To ensure API / ABI compatibility, the original methods are
still included but have been marked as deprecated.

+ SSLv23_client_method => TLS_client_method
+ X509_STORE_CTX_set_chain => X509_STORE_CTX_set0_untrusted
+ sk_dup => OPENSSL_sk_dup
+ sk_free => OPENSSL_sk_free
+ sk_new => OPENSSL_sk_new
+ sk_num => OPENSSL_sk_num
+ sk_pop => OPENSSL_sk_pop
+ sk_push => OPENSSL_sk_push
+ sk_value => OPENSSL_sk_value

Additional methods have been added to KOpenSSLProxy to support
the new OpenSSL 1.1 API functions that provide access to the
(now) opaque SSL structures. Compatibility with OpenSSL < 1.1
is handled internally in KOpenSSLProxy.

+ BIO_get_data
+ DSA_get0_key
+ DSA_get0_pqg
+ EVP_PKEY_base_id
+ EVP_PKEY_get0_DSA
+ EVP_PKEY_get0_RSA
+ RSA_get0_key
+ X509_CRL_get0_lastUpdate
+ X509_CRL_get0_nextUpdate
+ X509_OBJECT_get0_X509
+ X509_OBJECT_get_type
+ X509_STORE_CTX_get_current_cert
+ X509_STORE_CTX_get_error
+ X509_STORE_CTX_get_error_depth
+ X509_STORE_CTX_set_error
+ X509_STORE_get0_objects
+ X509_STORE_set_verify_cb
+ X509_get0_signature
+ X509_getm_notAfter
+ X509_getm_notBefore
+ X509_subject_name_cmp
+ _SSL_session_reused
+ _SSL_set_options

Method "KSSL::setSession" has been renamed to "KSSL::takeSession"
and its functionality has changed: the session is now transferred
from the argument object to the invoked object. Since it is only
used internally in TDE and the functionality is different, the
method with the previous name has not been preserved.

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
---
 tdeio/kssl/ksmimecrypto.cc | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

(limited to 'tdeio/kssl/ksmimecrypto.cc')

diff --git a/tdeio/kssl/ksmimecrypto.cc b/tdeio/kssl/ksmimecrypto.cc
index 1a9e37e60..92318b9f0 100644
--- a/tdeio/kssl/ksmimecrypto.cc
+++ b/tdeio/kssl/ksmimecrypto.cc
@@ -38,15 +38,6 @@
 #endif
 
 
-// forward included macros to KOpenSSLProxy
-#define sk_new kossl->sk_new
-#define sk_free kossl->sk_free
-#define sk_push kossl->sk_push
-#define sk_value kossl->sk_value
-#define sk_num kossl->sk_num
-#define BIO_ctrl kossl->BIO_ctrl
-
-
 #ifdef KSSL_HAVE_SSL
 static const char eot = 0;
 
@@ -87,10 +78,10 @@ KSMIMECryptoPrivate::KSMIMECryptoPrivate(KOpenSSLProxy *kossl): kossl(kossl) {
 
 
 STACK_OF(X509) *KSMIMECryptoPrivate::certsToX509(TQPtrList<KSSLCertificate> &certs) {
-    STACK_OF(X509) *x509 = reinterpret_cast<STACK_OF(X509)*>(sk_new(NULL));
+    STACK_OF(X509) *x509 = reinterpret_cast<STACK_OF(X509)*>(kossl->OPENSSL_sk_new(NULL));
     KSSLCertificate *cert = certs.first();
     while(cert) {
-	sk_X509_push(x509, cert->getCert());
+	kossl->OPENSSL_sk_push(x509, cert->getCert());
 	cert = certs.next();
     }
     return x509;
@@ -111,7 +102,7 @@ KSMIMECrypto::rc KSMIMECryptoPrivate::signMessage(BIO *clearText,
     PKCS7 *p7 = kossl->PKCS7_sign(privKey.getCertificate()->getCert(), privKey.getPrivateKey(),
 				  other, clearText, flags);
 
-    if (other) sk_X509_free(other);
+    if (other) kossl->OPENSSL_sk_free(other);
 
     if (!p7) return sslErrToRc();
 
@@ -154,7 +145,7 @@ KSMIMECrypto::rc KSMIMECryptoPrivate::encryptMessage(BIO *clearText,
 
     PKCS7 *p7 = kossl->PKCS7_encrypt(certs, clearText, cipher, 0);
 
-    sk_X509_free(certs);
+    kossl->OPENSSL_sk_free(certs);
 
     if (!p7) return sslErrToRc();
 
@@ -192,14 +183,14 @@ KSMIMECrypto::rc KSMIMECryptoPrivate::checkSignature(BIO *clearText,
     X509_STORE *dummystore = kossl->X509_STORE_new();
     if (kossl->PKCS7_verify(p7, NULL, dummystore, in, out, PKCS7_NOVERIFY)) {
 	STACK_OF(X509) *signers = kossl->PKCS7_get0_signers(p7, 0, PKCS7_NOVERIFY);
-	int num = sk_X509_num(signers);
+	int num = kossl->OPENSSL_sk_num(signers);
 
 	for(int n=0; n<num; n++) {
-	    KSSLCertificate *signer = KSSLCertificate::fromX509(sk_X509_value(signers, n));
+	    KSSLCertificate *signer = KSSLCertificate::fromX509(reinterpret_cast<X509*>(kossl->OPENSSL_sk_value(signers, n)));
 	    recip.append(signer);
 	}
 
-	sk_X509_free(signers);
+	kossl->OPENSSL_sk_free(signers);
 	rc = KSMIMECrypto::KSC_R_OK;
     } else {
 	rc = sslErrToRc();
@@ -236,13 +227,14 @@ KSMIMECrypto::rc KSMIMECryptoPrivate::decryptMessage(BIO *cipherText,
 
 void KSMIMECryptoPrivate::MemBIOToQByteArray(BIO *src, TQByteArray &dest) {
     char *buf;
-    long len = BIO_get_mem_data(src, &buf);
+    long len = kossl->BIO_get_mem_data(src, &buf);
     dest.assign(buf, len);
     /* Now this goes quite a bit into openssl internals.
        We assume that openssl uses malloc() (it does in
        default config) and rip out the buffer.
     */
-    reinterpret_cast<BUF_MEM *>(src->ptr)->data = NULL;
+    void *ptr = kossl->BIO_get_data(src);
+    reinterpret_cast<BUF_MEM *>(ptr)->data = NULL;
 }
 
     
@@ -422,3 +414,4 @@ KSMIMECrypto::rc KSMIMECrypto::decryptMessage(const TQByteArray &cipherText,
     return KSC_R_NO_SSL;
 #endif
 }
+
-- 
cgit v1.2.1