qtls_openssl_p.h

Go to the documentation of this file.

// Copyright (C) 2021 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
 
#ifndef QTLS_OPENSSL_P_H
#define QTLS_OPENSSL_P_H
 
//
//  W A R N I N G
//  -------------
//
// This file is not part of the Qt API.  It exists purely as an
// implementation detail.  This header file may change from version to
// version without notice, or even be removed.
//
// We mean it.
//
 
#include <QtNetwork/private/qtnetworkglobal_p.h>
 
#include "qtlsbackend_openssl_p.h"
#include "qsslcontext_openssl_p.h"
#include "qopenssl_p.h"
 
#include <QtNetwork/qsslcertificate.h>
#include <QtNetwork/qocspresponse.h>
 
#include <QtCore/qsharedpointer.h>
#include <QtCore/qbytearray.h>
#include <QtCore/qglobal.h>
#include <QtCore/qlist.h>
 
QT_BEGIN_NAMESPACE
 
namespace QTlsPrivate {
 
class TlsCryptographOpenSSL : public TlsCryptograph
{
public:
    enum ExDataOffset {
        errorOffsetInExData = 1,
        socketOffsetInExData = 2
    };
 
    ~TlsCryptographOpenSSL();
 
    void init(QSslSocket *qObj, QSslSocketPrivate *dObj) override;
    void checkSettingSslContext(std::shared_ptr<QSslContext> tlsContext) override;
    std::shared_ptr<QSslContext> sslContext() const override;
 
    QList<QSslError> tlsErrors() const override;
 
    void startClientEncryption() override;
    void startServerEncryption() override;
    bool startHandshake();
    void enableHandshakeContinuation() override;
    void cancelCAFetch() override;
    void continueHandshake() override;
    void transmit() override;
    void disconnectFromHost() override;
    void disconnected() override;
    QSslCipher sessionCipher() const override;
    QSsl::SslProtocol sessionProtocol() const override;
    QList<QOcspResponse> ocsps() const override;
 
    bool checkSslErrors();
    int handleNewSessionTicket(SSL *connection);
 
    void alertMessageSent(int encoded);
    void alertMessageReceived(int encoded);
 
    int emitErrorFromCallback(X509_STORE_CTX *ctx);
    void trySendFatalAlert();
 
#if QT_CONFIG(ocsp)
    bool checkOcspStatus();
#endif
 
    QSslSocket *q = nullptr;
    QSslSocketPrivate *d = nullptr;
 
    void storePeerCertificates();
 
    unsigned pskClientTlsCallback(const char *hint, char *identity, unsigned max_identity_len,
                                 unsigned char *psk, unsigned max_psk_len);
    unsigned pskServerTlsCallback(const char *identity, unsigned char *psk,
                                  unsigned max_psk_len);
 
    bool isInSslRead() const;
    void setRenegotiated(bool renegotiated);
 
#ifdef Q_OS_WIN
    void fetchCaRootForCert(const QSslCertificate &cert);
    void caRootLoaded(QSslCertificate certificate, QSslCertificate trustedRoot);
#endif
 
    QByteArray ocspResponseDer;
private:
    // TLSTODO: names were preserved, to make comparison
    // easier (see qsslsocket_openssl.cpp, while it exists).
    bool initSslContext();
    void destroySslContext();
 
    std::shared_ptr<QSslContext> sslContextPointer;
    SSL *ssl = nullptr; // TLSTODO: RAII.
 
    QList<QSslErrorEntry> errorList;
    QList<QSslError> sslErrors;
 
    BIO *readBio = nullptr;
    BIO *writeBio = nullptr;
 
    QList<QOcspResponse> ocspResponses;
 
    // This description will go to setErrorAndEmit(SslHandshakeError, ocspErrorDescription)
    QString ocspErrorDescription;
    // These will go to sslErrors()
    QList<QSslError> ocspErrors;
 
    bool systemOrSslErrorDetected = false;
    bool handshakeInterrupted = false;
 
    bool fetchAuthorityInformation = false;
    std::optional<QSslCertificate> caToFetch;
 
    bool inSetAndEmitError = false;
    bool pendingFatalAlert = false;
    bool errorsReportedFromCallback = false;
 
    bool shutdown = false;
 
    bool inSslRead = false;
    bool renegotiated = false;
};
 
} // namespace QTlsPrivate
 
QT_END_NAMESPACE
 
#endif // QTLS_OPENSSL_P_H