diff --git a/IdCompilerDefines.inc b/IdCompilerDefines.inc index 151ca97..cc1bdd8 100644 --- a/IdCompilerDefines.inc +++ b/IdCompilerDefines.inc @@ -11,14 +11,6 @@ // or DEFINE to use the 256 color Indy versions {.$DEFINE Borland} -// S.G. 4/9/2002: IPv4/IPv6 general switch (for defaults only) -{$DEFINE IdIPv4} // use IPv4 by default -{.$IFDEF IdIPv6} // use IPv6 by default - -{$DEFINE INDY100} -{$DEFINE 10_6_3} //so developers can IFDEF for this product version -{$DEFINE 10_6_3_4} //so developers can IFDEF for this specific version - // When generating C++Builder output files, certain workarounds to compiler // problems need to be enabled! When invoking DCC on the command-line, use // the -DBCB parameter. When invoking MSBUILD, include the DCC_Define="BCB" @@ -29,46 +21,13 @@ {$DEFINE DELPHI} {$ENDIF} -{$UNDEF USE_OPENSSL} {$UNDEF STATICLOAD_OPENSSL} -{$UNDEF USE_ZLIB_UNIT} -{$UNDEF USE_SSPI} - -// $DEFINE the following if the global objects in the IdStack and IdThread -// units should be freed on finalization -{.$DEFINE FREE_ON_FINAL} -{$UNDEF FREE_ON_FINAL} - -// Make sure the following is $DEFINE'd only for suitable environments -// as specified further below. This works in conjunction with the -// FREE_ON_FINAL define above. -{$UNDEF REGISTER_EXPECTED_MEMORY_LEAK} -{$UNDEF HAS_System_RegisterExpectedMemoryLeak} - -// FastMM is natively available in BDS 2006 and higher. $DEFINE the -// following if FastMM has been installed manually in earlier versions -{.$DEFINE USE_FASTMM4} -{$UNDEF USE_FASTMM4} - -// $DEFINE the following if MadExcept has been installed manually in -// BDS 2005 or earlier (System.RegisterExpectedMemoryLeak() was introduced -// in BDS 2006) -{.$DEFINE USE_MADEXCEPT} -{$UNDEF USE_MADEXCEPT} - -// $DEFINE the following if LeakCheck has been installed manually in -// BDS 2005 or earlier (System.RegisterExpectedMemoryLeak() was introduced -// in BDS 2006) -{.$DEFINE USE_LEAKCHECK} -{$UNDEF USE_LEAKCHECK} - // Make sure the following are $DEFINE'd only for Delphi/C++Builder 2009 onwards // as specified further below. The VCL is fully Unicode, where the 'String' // type maps to System.UnicodeString, not System.AnsiString anymore {$UNDEF STRING_IS_UNICODE} {$UNDEF STRING_IS_ANSI} -{$UNDEF STRING_UNICODE_MISMATCH} // Make sure the following are $DEFINE'd only for suitable environments // as specified further below. Delphi/C++Builder Mobile/NextGen compilers @@ -77,10 +36,7 @@ // // UPDATE: in Delphi/C++Builder 10.4, all Ansi types are supported again on // all platforms, including the mobile compilers. -{$DEFINE HAS_AnsiString} -{$DEFINE HAS_AnsiChar} {$DEFINE HAS_PAnsiChar} -{$UNDEF HAS_PPAnsiChar} {$UNDEF NO_ANSI_TYPES} // Make sure the following are $DEFINE'd only for suitable environments @@ -91,63 +47,10 @@ // Delphi/C++Builder 10.4 mobile compilers. All platforms now use a single // unified memory management model! {$UNDEF USE_MARSHALLED_PTRS} -{$UNDEF HAS_MarshaledAString} {$UNDEF USE_OBJECT_ARC} -// Make sure the following is $DEFINE'd only for suitable environments -// as specified further below. -{$UNDEF STRING_IS_IMMUTABLE} -{$UNDEF HAS_DIRECTIVE_ZEROBASEDSTRINGS} - -// Make sure the following are $DEFINE'd only for suitable environments -// as specified further below. -{$UNDEF HAS_TEncoding} -{$UNDEF HAS_TEncoding_GetEncoding_ByEncodingName} -{$UNDEF HAS_Exception_RaiseOuterException} -{$UNDEF HAS_System_ReturnAddress} -{$UNDEF HAS_TCharacter} -{$UNDEF HAS_TInterlocked} -{$UNDEF HAS_TNetEncoding} - -// Make sure that this is defined only for environments where we are using -// the iconv library to charactor conversions. -{.$UNDEF USE_ICONV} -{.$UNDEF USE_LCONVENC} - //Define for Delphi cross-compiler targetting Posix {$UNDEF USE_VCL_POSIX} -{$UNDEF HAS_ComponentPlatformsAttribute} -{$UNDEF HAS_ComponentPlatformsAttribute_Win32} -{$UNDEF HAS_ComponentPlatformsAttribute_Win64} -{$UNDEF HAS_ComponentPlatformsAttribute_OSX32} -{$UNDEF HAS_ComponentPlatformsAttribute_iOS_Simulator} -{$UNDEF HAS_ComponentPlatformsAttribute_iOS_Simulator32} -{$UNDEF HAS_ComponentPlatformsAttribute_Android} -{$UNDEF HAS_ComponentPlatformsAttribute_Android32Arm} -{$UNDEF HAS_ComponentPlatformsAttribute_Linux32} -{$UNDEF HAS_ComponentPlatformsAttribute_iOS_Device} -{$UNDEF HAS_ComponentPlatformsAttribute_iOS_Device32} -{$UNDEF HAS_ComponentPlatformsAttribute_Linux64} -{$UNDEF HAS_ComponentPlatformsAttribute_WinNX32} -{$UNDEF HAS_ComponentPlatformsAttribute_WinIoT32} -{$UNDEF HAS_ComponentPlatformsAttribute_iOS_Device64} -{$UNDEF HAS_ComponentPlatformsAttribute_WinARM} -{$UNDEF HAS_ComponentPlatformsAttribute_WinARM32} -{$UNDEF HAS_ComponentPlatformsAttribute_OSX64} -{$UNDEF HAS_ComponentPlatformsAttribute_OSXNX64} -{$UNDEF HAS_ComponentPlatformsAttribute_Linux32Arm} -{$UNDEF HAS_ComponentPlatformsAttribute_Linux64Arm} -{$UNDEF HAS_ComponentPlatformsAttribute_Android64} -{$UNDEF HAS_ComponentPlatformsAttribute_Android64Arm} -{$UNDEF HAS_ComponentPlatformsAttribute_iOS_Simulator64} -{$UNDEF HAS_ComponentPlatformsAttribute_AndroidArm32} -{$UNDEF HAS_ComponentPlatformsAttribute_AndroidArm64} -{$UNDEF HAS_ComponentPlatformsAttribute_OSXArm64} -{$UNDEF HAS_ComponentPlatformsAttribute_AllPlatforms} -{$UNDEF HAS_DIRECTIVE_WARN_DEFAULT} - -// Define for Delphi to auto-generate platform-appropriate '#pragma link' statements in HPP files -{$UNDEF HAS_DIRECTIVE_HPPEMIT_LINKUNIT} // detect compiler versions @@ -479,19 +382,10 @@ // Platform specific conditional. Used for platform specific code. {$DEFINE DOTNET} {$DEFINE STRING_IS_UNICODE} - {$DEFINE STRING_IS_IMMUTABLE} - {.$DEFINE HAS_Int8} - {.$DEFINE HAS_UInt8} - {$DEFINE HAS_Int16} - {$DEFINE HAS_UInt16} - {$DEFINE HAS_Int32} - {$DEFINE HAS_UInt32} - {$DEFINE HAS_UInt64} {$ENDIF} {$IFDEF KYLIX} {$DEFINE VCL_60} - {$DEFINE INT_THREAD_PRIORITY} {$DEFINE CPUI386} {$UNDEF USE_BASEUNIX} @@ -518,10 +412,6 @@ {$IFNDEF KYLIX_3_OR_ABOVE} {$DEFINE KYLIXCOMPAT} {$ENDIF} - - {$IFDEF KYLIX_2_OR_ABOVE} - {$DEFINE USE_ZLIB_UNIT} - {$ENDIF} {$ENDIF} // FPC (2+) @@ -764,23 +654,17 @@ {$IFDEF VCL_11_OR_ABOVE} {$DEFINE VCL_10_4_OR_ABOVE} - {$DEFINE VCL_10_4_UPDATE2_OR_ABOVE} {$ELSE} {$IFDEF VCL_10_4} {$DEFINE VCL_10_4_OR_ABOVE} - // TODO: figure out how to detect this version - {.$DEFINE VCL_10_4_UPDATE2_OR_ABOVE} {$ENDIF} {$ENDIF} {$IFDEF VCL_10_4_OR_ABOVE} {$DEFINE VCL_10_3_OR_ABOVE} - {$DEFINE VCL_10_3_UPDATE2_OR_ABOVE} {$ELSE} {$IFDEF VCL_10_3} {$DEFINE VCL_10_3_OR_ABOVE} - // TODO: figure out how to detect this version - {.$DEFINE VCL_10_3_UPDATE2_OR_ABOVE} {$ENDIF} {$ENDIF} @@ -834,12 +718,9 @@ {$IFDEF VCL_XE6_OR_ABOVE} {$DEFINE VCL_XE5_OR_ABOVE} - {$DEFINE VCL_XE5_UPDATE2_OR_ABOVE} {$ELSE} {$IFDEF VCL_XE5} {$DEFINE VCL_XE5_OR_ABOVE} - // TODO: figure out how to detect this version - {.$DEFINE VCL_XE5_UPDATE2_OR_ABOVE} {$ENDIF} {$ENDIF} @@ -1060,259 +941,32 @@ // Check for available features -{$IFDEF CBUILDER} - // When generating a C++ HPP file, if a class has no explicit constructor - // defined and contains compiler-managed members (xxxString, TDateTime, - // Variant, DelphiInterface, etc), the HPP will contain a forwarding - // inline constructor that implicitly initializes those managed members, - // which will overwrite any non-default initializations performed inside - // of InitComponent() overrides! In this situation, the workaround is to - // define an explicit constructor that calls the base class constructor - // manually, allowing those managed members to be initialized by the - // compiler before InitComponent() overrides then re-assign them. - {$DEFINE WORKAROUND_INLINE_CONSTRUCTORS} -{$ENDIF} - -{$IFDEF VCL_5_OR_ABOVE} - {$IFNDEF FPC} - {$IFNDEF KYLIX} - {$DEFINE HAS_RemoveFreeNotification} - {$ENDIF} - {$ENDIF} - {$DEFINE HAS_GetObjectProp} - {$DEFINE HAS_TObjectList} - {$DEFINE HAS_StrToInt64Def} -{$ENDIF} - {$IFDEF VCL_6_OR_ABOVE} - {$DEFINE HAS_PCardinal} - {$DEFINE HAS_PByte} - {$DEFINE HAS_PWord} {$DEFINE HAS_PPointer} - {$DEFINE HAS_TList_Assign} - {$DEFINE HAS_sLineBreak} - {$DEFINE HAS_RaiseLastOSError} - {$DEFINE HAS_SysUtils_IncludeExcludeTrailingPathDelimiter} - {$DEFINE HAS_SysUtils_DirectoryExists} - {$DEFINE HAS_UNIT_DateUtils} - {$DEFINE HAS_UNIT_StrUtils} - {$DEFINE HAS_UNIT_Types} - {$DEFINE HAS_TryStrToInt} - {$DEFINE HAS_TryStrToInt64} - {$DEFINE HAS_TryEncodeDate} - {$DEFINE HAS_TryEncodeTime} - {$DEFINE HAS_ENUM_ELEMENT_VALUES} {$IFNDEF FPC} - {$DEFINE HAS_IInterface} {$DEFINE HAS_TSelectionEditor} - {$DEFINE HAS_TStringList_CaseSensitive} - {$DEFINE HAS_AcquireExceptionObject} - {$IFNDEF KYLIX} - {$DEFINE HAS_DEPRECATED} - {$DEFINE HAS_SYMBOL_PLATFORM} - {$DEFINE HAS_UNIT_PLATFORM} - {$IFNDEF VCL_8_OR_ABOVE} - // Delphi 6 and 7 have an annoying bug that if a class method is declared as - // deprecated, the compiler will emit a "symbol is deprecated" warning - // on the method's implementation! So we will have to wrap implementations - // of deprecated methods with {$WARN SYMBOL_DEPRECATED OFF} directives - // to disable that warning. - {$DEFINE DEPRECATED_IMPL_BUG} - {$ENDIF} - {$ENDIF} - {$ENDIF} - {$IFNDEF DOTNET} - //Widget defines are omitted in .NET - {$DEFINE VCL_60_PLUS} - {$ENDIF} -{$ENDIF} - -{$IFDEF VCL_7_OR_ABOVE} - {$IFNDEF FPC} - {$DEFINE HAS_UInt64} // Note: it was just an alias for Int64 until D2006! - {$DEFINE HAS_NAMED_THREADS} - {$DEFINE HAS_TStrings_NameValueSeparator} - {$DEFINE HAS_TStrings_ValueFromIndex} - {$ENDIF} - {$DEFINE HAS_TFormatSettings} - {$DEFINE HAS_PosEx} - {$IFNDEF VCL_70} - // not implemented in D7 - {$DEFINE HAS_STATIC_TThread_Queue} - {$ENDIF} - {$IFNDEF CIL} - {$IFNDEF VCL_80} - // not implemented in D8 or .NET - {$DEFINE HAS_STATIC_TThread_Synchronize} - {$ENDIF} - {$ENDIF} -{$ELSE} - {$IFDEF CBUILDER_6} - {$DEFINE HAS_NAMED_THREADS} - {$ENDIF} -{$ENDIF} - -{$IFNDEF VCL_2005_OR_ABOVE} - {$IFDEF DCC} - // InterlockedCompareExchange() was declared in the Windows unit using Pointer - // parameters until Delphi 2005, when it was switched to Longint parameters - // instead to match the actual Win32 API declaration. - {$DEFINE HAS_InterlockedCompareExchange_Pointers} {$ENDIF} {$ENDIF} {$IFDEF VCL_2006_OR_ABOVE} {$DEFINE USE_INLINE} - {$DEFINE HAS_2PARAM_FileAge} - {$DEFINE HAS_TStrings_LineBreak} // TODO: when was LineBreak introduced? - {$IFDEF WINDOWS} - // System.RegisterExpectedMemoryLeak() is only available on Windows at this time - {$DEFINE HAS_System_RegisterExpectedMemoryLeak} - {$ENDIF} - // In C++Builder 2006 and 2007, UInt64 is emitted as signed __int64 in HPP - // files instead of as unsigned __int64. This causes conflicts in overloaded - // routines that have (U)Int64 parameters. This was fixed in C++Builder 2009... - {$IFDEF CBUILDER} - {$DEFINE BROKEN_UINT64_HPPEMIT} - {$ENDIF} -{$ENDIF} - -{$IFDEF VCL_2007_OR_ABOVE} - {$IFNDEF CBUILDER_2007} - // class properties are broken in C++Builder 2007, causing AVs at compile-time - {$DEFINE HAS_CLASSPROPERTIES} - {$ENDIF} - // Native(U)Int exist but are buggy, so do not use them yet - {.$DEFINE HAS_NativeInt} - {.$DEFINE HAS_NativeUInt} - {$DEFINE HAS_DWORD_PTR} - {$DEFINE HAS_ULONG_PTR} - {$DEFINE HAS_ULONGLONG} - {$DEFINE HAS_PGUID} - {$DEFINE HAS_PPAnsiChar} - {$DEFINE HAS_CurrentYear} - {$IFNDEF DOTNET} - {$DEFINE HAS_TIMEUNITS} - {$ENDIF} {$ENDIF} {$IFDEF VCL_2009_OR_ABOVE} {$IFNDEF DOTNET} {$DEFINE STRING_IS_UNICODE} - {$DEFINE HAS_UnicodeString} - {$DEFINE HAS_TEncoding} - {$DEFINE HAS_TCharacter} - {$DEFINE HAS_InterlockedCompareExchangePointer} - {$DEFINE HAS_WIDE_TCharArray} - {$DEFINE HAS_PUInt64} - {$IFDEF VCL_2009} - // TODO: need to differentiate between RTM and Update 1 - // FmtStr() is broken in RTM but was fixed in Update 1 - {$DEFINE BROKEN_FmtStr} - {$ENDIF} - {$ENDIF} - {$DEFINE HAS_CLASSVARS} - {$DEFINE HAS_DEPRECATED_MSG} - {$DEFINE HAS_TBytes} - // Native(U)Int are still buggy, so do not use them yet - {.$DEFINE HAS_NativeInt} - {.$DEFINE HAS_NativeUInt} - {$DEFINE HAS_Int8} - {$DEFINE HAS_UInt8} - {$DEFINE HAS_Int16} - {$DEFINE HAS_UInt16} - {$DEFINE HAS_Int32} - {$DEFINE HAS_UInt32} - {$DEFINE HAS_UIntToStr} - // UInt64 is now emitted as unsigned __int64 in HPP files - {$IFDEF CBUILDER} - {$UNDEF BROKEN_UINT64_HPPEMIT} - {$ENDIF} - {$IFDEF DCC} - {$IFDEF WINDOWS} - // Exception.RaiseOuterException() is only available on Windows at this time - {$DEFINE HAS_Exception_RaiseOuterException} - {$ENDIF} - {$ENDIF} - {$DEFINE HAS_SetCodePage} - {$DEFINE HAS_PRawByteString} - {$DEFINE HAS_TThreadProcedure} -{$ENDIF} - -{$IFDEF VCL_2010_OR_ABOVE} - {$DEFINE HAS_CLASSCONSTRUCTOR} - {$DEFINE HAS_CLASSDESTRUCTOR} - {$DEFINE HAS_DELAYLOAD} - {$DEFINE HAS_TThread_NameThreadForDebugging} - {$DEFINE DEPRECATED_TThread_SuspendResume} - // Native(U)Int are finally ok to use now - {$DEFINE HAS_NativeInt} - {$DEFINE HAS_NativeUInt} - {$DEFINE HAS_USHORT} - {$DEFINE HAS_IOUtils_TPath} -{$ENDIF} - -{$IFDEF VCL_XE_OR_ABOVE} - {$DEFINE HAS_TFormatSettings_Object} - {$DEFINE HAS_LocaleCharsFromUnicode} - {$DEFINE HAS_UnicodeFromLocaleChars} - {$DEFINE HAS_PLongBool} - {$DEFINE HAS_PVOID} - {$DEFINE HAS_ULONG64} - {$DEFINE HAS_TEncoding_GetEncoding_ByEncodingName} - {$DEFINE HAS_DateUtils_TTimeZone} - {$IFDEF DCC} - // Exception.RaiseOuterException() is now available on all platforms - {$DEFINE HAS_Exception_RaiseOuterException} - {$ENDIF} - {$IFNDEF DOTNET} - {$DEFINE HAS_TInterlocked} {$ENDIF} {$ENDIF} -{$IFDEF VCL_XE2_OR_ABOVE} - {$DEFINE HAS_SIZE_T} - {$DEFINE HAS_PSIZE_T} - {$DEFINE HAS_SSIZE_T} - {$DEFINE HAS_PSSIZE_T} - {$DEFINE HAS_LONG} - {$DEFINE HAS_ComponentPlatformsAttribute} - {$DEFINE HAS_ComponentPlatformsAttribute_Win32} - {$DEFINE HAS_ComponentPlatformsAttribute_Win64} - {$DEFINE HAS_ComponentPlatformsAttribute_OSX32} - {$DEFINE HAS_System_ReturnAddress} - {$DEFINE HAS_DIRECTIVE_WARN_DEFAULT} -{$ENDIF} - {$IFDEF VCL_XE3_OR_ABOVE} {$DEFINE HAS_DIRECTIVE_ZEROBASEDSTRINGS} - {$DEFINE HAS_SysUtils_TStringHelper} {$IFDEF NEXTGEN} {$DEFINE DCC_NEXTGEN} - {$DEFINE HAS_MarshaledAString} {$DEFINE USE_MARSHALLED_PTRS} {$IFDEF AUTOREFCOUNT} {$DEFINE USE_OBJECT_ARC} {$ENDIF} {$ENDIF} - // technically, these are present in XE3, but they are not used yet - {.$DEFINE HAS_ComponentPlatformsAttribute_iOS_Simulator} - {.$DEFINE HAS_ComponentPlatformsAttribute_Android} - {.$DEFINE HAS_ComponentPlatformsAttribute_Linux32} - {.$DEFINE HAS_ComponentPlatformsAttribute_iOS_Device} - {.$DEFINE HAS_ComponentPlatformsAttribute_WinNX32} -{$ENDIF} - -{$IFDEF VCL_XE4_OR_ABOVE} - {$DEFINE HAS_AnsiStrings_StrPLCopy} - {$DEFINE HAS_AnsiStrings_StrLen} - {$DEFINE HAS_Character_TCharHelper} - {$DEFINE HAS_ComponentPlatformsAttribute_iOS_Simulator} - {$DEFINE HAS_ComponentPlatformsAttribute_iOS_Device} -{$ENDIF} - -{$IFDEF VCL_XE5_OR_ABOVE} - {$DEFINE HAS_ComponentPlatformsAttribute_Android} {$ENDIF} {$IFDEF VCL_XE5_UPDATE2_OR_ABOVE} @@ -1320,72 +974,10 @@ {$DEFINE HAS_DIRECTIVE_HPPEMIT_NAMESPACE} {$ENDIF} -{$IFDEF VCL_XE7_OR_ABOVE} - {$DEFINE HAS_TNetEncoding} -{$ENDIF} - -{$IFDEF VCL_XE8_OR_ABOVE} - {$DEFINE HAS_ComponentPlatformsAttribute_iOS_Device32} - {$DEFINE HAS_ComponentPlatformsAttribute_iOS_Device64} - // technically, these are present in XE8, but they are not used yet - {.$DEFINE HAS_ComponentPlatformsAttribute_Linux64} - {.$DEFINE HAS_ComponentPlatformsAttribute_WinIoT32} -{$ENDIF} - -{$IFDEF VCL_10_0_OR_ABOVE} - {$IFDEF ANDROID} - {$DEFINE HAS_TAndroidHelper} - {$ENDIF} - // technically, these are present in 10.0 Seattle, but they are not used yet - {.$DEFINE HAS_ComponentPlatformsAttribute_WinARM} -{$ENDIF} - -{$IFDEF VCL_10_1_OR_ABOVE} - {$DEFINE HAS_DIRECTIVE_HPPEMIT_LEGACYHPP} - {$DEFINE HAS_TStrings_AddPair} - // technically, these are present in 10.1 Berlin, but they are not used yet - {.$DEFINE HAS_ComponentPlatformsAttribute_OSX64} - {.$DEFINE HAS_ComponentPlatformsAttribute_OSXNX64} - {.$DEFINE HAS_ComponentPlatformsAttribute_Linux32Arm} - {.$DEFINE HAS_ComponentPlatformsAttribute_Linux64Arm} - {.$DEFINE HAS_ComponentPlatformsAttribute_Android64} -{$ENDIF} - {$IFDEF VCL_10_2_OR_ABOVE} {.$WARN IMPLICIT_INTEGER_CAST_LOSS OFF} {.$WARN IMPLICIT_CONVERSION_LOSS OFF} {.$WARN COMBINING_SIGNED_UNSIGNED64 OFF} - {$DEFINE HAS_STATIC_TThread_ForceQueue} - // In Delphi 10.2 Tokyo, TThread.ForceQueue() is broken on Android, the - // passed in procedure is called immediately instead of being delayed! - {$IFDEF ANDROID} - {$DEFINE BROKEN_TThread_ForceQueue} - {$ENDIF} -{$ENDIF} - -{$IFDEF VCL_10_3_OR_ABOVE} - {$DEFINE HAS_ComponentPlatformsAttribute_iOS_Simulator32} - {$DEFINE HAS_ComponentPlatformsAttribute_Android32Arm} - {$DEFINE HAS_ComponentPlatformsAttribute_WinARM32} - {$UNDEF HAS_ComponentPlatformsAttribute_OSXNX64} // removed in 10.3 Rio - // technically, these are present in 10.3 Rio, but they are not used yet - {.$DEFINE HAS_ComponentPlatformsAttribute_iOS_Simulator64} - {$IFDEF DCC} - {$IFDEF LINUX} - // RLebeau 9/25/2019: there is a bug in the IDE when debugging Linux projects - // where the EThreadNameException exception raised by TThread.NameThreadForDebugging() - // is not handled correctly. - {$UNDEF HAS_NAMED_THREADS} - {$ENDIF} - {$ENDIF} - {$IFDEF ANDROID} - {$UNDEF BROKEN_TThread_ForceQueue} - {$ENDIF} -{$ENDIF} - -{$IFDEF VCL_10_3_UPDATE2_OR_ABOVE} - {$DEFINE HAS_ComponentPlatformsAttribute_AllPlatforms} - {$DEFINE HAS_ComponentPlatformsAttribute_OSX64} {$ENDIF} {$IFDEF VCL_10_4_OR_ABOVE} @@ -1396,12 +988,6 @@ {.$UNDEF HAS_DIRECTIVE_ZEROBASEDSTRINGS} {$ENDIF} -{$IFDEF VCL_11_OR_ABOVE} - {$DEFINE HAS_ComponentPlatformsAttribute_AndroidArm32} - {$DEFINE HAS_ComponentPlatformsAttribute_AndroidArm64} - {$DEFINE HAS_ComponentPlatformsAttribute_OSXArm64} -{$ENDIF} - // Delphi XE+ cross-compiling {$IFNDEF FPC} {$IFDEF POSIX} @@ -1432,145 +1018,21 @@ {$IFDEF FPC} {$DEFINE USE_INLINE} - {$DEFINE USE_CLASSINLINE} - {$DEFINE USE_TBitBtn} //use Bit Buttons instead of Buttons - {$DEFINE FPC_REINTRODUCE_BUG} - {$DEFINE FPC_CIRCULAR_BUG} - {$DEFINE NO_REDECLARE} - {$DEFINE BYTE_COMPARE_SETS} - {$DEFINE HAS_QWord} // TODO: when was QWord introduced? - {$DEFINE HAS_PQWord} // TODO: when was PQWord introduced? - {$IFDEF FPC_2_1_5_OR_ABOVE} - {$DEFINE HAS_UInt64} - {.$DEFINE HAS_PUInt64} // TODO: is this defined? - {$ENDIF} - {$IFDEF FPC_2_2_0_OR_ABOVE} - {$DEFINE HAS_InterlockedCompareExchange_Pointers} - {$ENDIF} - {$IFDEF FPC_2_2_2_OR_ABOVE} - {$DEFINE HAS_SharedSuffix} - {$ENDIF} - {$IFDEF FPC_2_2_4_OR_ABOVE} - // these types are only available on Unix systems (FreeBSD, Linux, etc) - {$IFDEF UNIX} - {$DEFINE HAS_UNIT_UnixType} - {$DEFINE HAS_SIZE_T} - {$DEFINE HAS_PSIZE_T} - {$DEFINE HAS_SSIZE_T} - {$DEFINE HAS_PSSIZE_T} - {$DEFINE HAS_TIME_T} - {$DEFINE HAS_PTIME_T} - {$ENDIF} - {$ENDIF} - {$DEFINE HAS_PtrInt} - {$DEFINE HAS_PtrUInt} - {$DEFINE HAS_PGUID} - {$DEFINE HAS_LPGUID} - {$DEFINE HAS_PPAnsiChar} - {$DEFINE HAS_ENUM_ELEMENT_VALUES} - {$DEFINE HAS_AcquireExceptionObject} // TODO: when was AcquireExceptionObject introduced? - {$IFDEF WINDOWS} - {$DEFINE HAS_ULONG_PTR} - {.$DEFINE HAS_ULONGLONG} // TODO: is this defined? - {$ENDIF} - {$DEFINE HAS_UNIT_ctypes} - {$DEFINE HAS_sLineBreak} - {$DEFINE HAS_TStrings_LineBreak} // TODO: when was LineBreak introduced? - {$IFDEF FPC_HAS_UNICODESTRING} - {$DEFINE HAS_UnicodeString} - {$ELSE} - {$IFDEF FPC_2_4_0_OR_ABOVE} - {$DEFINE HAS_UnicodeString} - {$ENDIF} - {$ENDIF} - {$IFDEF FPC_2_4_4_OR_ABOVE} - {$DEFINE DEPRECATED_TThread_SuspendResume} - {$DEFINE HAS_DEPRECATED} // TODO: when was deprecated introduced? Possibly 1.9.x - {$DEFINE HAS_DEPRECATED_MSG} // TODO: when was message support added? Possibly 2.4.x - {$DEFINE HAS_STATIC_TThread_Synchronize} - {$IFNDEF FPC_2_6_2_OR_ABOVE} - {$DEFINE USE_SEMICOLON_BEFORE_DEPRECATED} // TODO: which earlier versions require a semicolon? - {$ENDIF} - {$ENDIF} - {$IFDEF FPC_2_6_0_OR_ABOVE} - {$DEFINE HAS_NativeInt} - {$DEFINE HAS_NativeUInt} - {$ENDIF} - {$IFDEF FPC_2_6_2_OR_ABOVE} - {$DEFINE HAS_Int8} - {$DEFINE HAS_UInt8} - {$DEFINE HAS_Int16} - {$DEFINE HAS_UInt16} - {$DEFINE HAS_Int32} - {$DEFINE HAS_UInt32} - {$DEFINE HAS_GetLocalTimeOffset} - {$DEFINE HAS_UniversalTimeToLocal} - {$DEFINE HAS_LocalTimeToUniversal} - {$ENDIF} - {$IFDEF FPC_2_6_4_OR_ABOVE} - {$DEFINE HAS_PInt8} - {$DEFINE HAS_PUInt8} - {$DEFINE HAS_PInt16} - {$DEFINE HAS_PUInt16} - {$DEFINE HAS_PInt32} - {$DEFINE HAS_PUInt32} - {$ENDIF} - {$IFDEF FPC_3_0_0_OR_ABOVE} - {$DEFINE HAS_STATIC_TThread_Queue} - {$DEFINE HAS_SetCodePage} - {$ENDIF} {$IFDEF FPC_UNICODESTRINGS} {$DEFINE STRING_IS_UNICODE} {$ENDIF} - {$IFDEF FPC_3_1_1_OR_ABOVE} - {$DEFINE HAS_STATIC_TThread_ForceQueue} // requires rev 37359+ - {$DEFINE HAS_PRawByteString} - {$DEFINE HAS_UIntToStr} // requires rev 40529+ - {$ENDIF} -{$ENDIF} - -{$IFDEF DOTNET} - {$DEFINE WIDGET_WINFORMS} -{$ELSE} - {$DEFINE WIDGET_VCL_LIKE} // LCL included. - {$DEFINE WIDGET_VCL_LIKE_OR_KYLIX} - {$IFDEF FPC} - {$DEFINE WIDGET_LCL} - {$ELSE} - {$IFDEF KYLIX} - {$DEFINE WIDGET_KYLIX} - {$ELSE} - {$DEFINE WIDGET_VCL} - {$ENDIF} - {$ENDIF} {$ENDIF} // .NET and Delphi 2009+ support UNICODE strings natively! // -// FreePascal 2.4.0+ supports UnicodeString, but does not map its -// native String type to UnicodeString except when {$MODE DelphiUnicode} -// or {$MODESWITCH UnicodeStrings} is enabled. However, UNICODE is not -// defined in that mode yet until its RTL has been updated to support -// UnicodeString. STRING_UNICODE_MISMATCH is defined when the native -// String/Char types do not map to the same types that APIs are expecting -// based on whether UNICODE is defined or not. -// // NOTE: Do not define UNICODE here. The compiler defines // the symbol automatically. -{$IFDEF STRING_IS_UNICODE} - {$IFNDEF UNICODE} - {$DEFINE STRING_UNICODE_MISMATCH} - {$ENDIF} -{$ELSE} +{$IFNDEF STRING_IS_UNICODE} {$DEFINE STRING_IS_ANSI} - {$IFDEF UNICODE} - {$DEFINE STRING_UNICODE_MISMATCH} - {$ENDIF} {$ENDIF} {$IFDEF DCC_NEXTGEN} {$DEFINE NO_ANSI_TYPES} - {.$DEFINE STRING_IS_IMMUTABLE} // Strings are NOT immutable in NEXTGEN yet {$IFDEF USE_OBJECT_ARC} // TODO: move these to an appropriate section. Not doing this yet because // it is a major interface change to switch to Generics and we should @@ -1579,19 +1041,8 @@ // of these classes have become deprecated by ARC and so we need to start // taking advantage of the Generics versions... {$DEFINE HAS_UNIT_Generics_Collections} - {$DEFINE HAS_UNIT_Generics_Defaults} - {$DEFINE HAS_GENERICS_TDictionary} {$DEFINE HAS_GENERICS_TList} - {$DEFINE HAS_GENERICS_TObjectList} {$DEFINE HAS_GENERICS_TThreadList} - // TArray.Copy() was introduced in XE7 but was buggy. It was fixed in XE8: - // - // RSP-9763 TArray.Copy copies from destination to source for unmanaged types - // https://quality.embarcadero.com/browse/RSP-9763 - // - {$IFDEF VCL_XE8_OR_ABOVE} - {$DEFINE HAS_GENERICS_TArray_Copy} - {$ENDIF} {$ENDIF} {$ENDIF} @@ -1602,12 +1053,7 @@ // UPDATE: In 10.4 Sydney, AnsiChar and AnsiString were re-enabled on // mobile platforms! NEXTGEN is no longer defined in the mobile compilers. {$IFDEF NO_ANSI_TYPES} - {$UNDEF HAS_AnsiString} - {$UNDEF HAS_AnsiChar} {$UNDEF HAS_PAnsiChar} - {$UNDEF HAS_PPAnsiChar} - {$UNDEF HAS_AnsiStrings_StrPLCopy} - {$UNDEF HAS_AnsiStrings_StrLen} {$ENDIF} {$IFDEF WIN32} @@ -1617,56 +1063,7 @@ {$DEFINE WIN32_OR_WIN64} {$ENDIF} -{$IFDEF WIN32_OR_WIN64} - {$DEFINE USE_ZLIB_UNIT} - {$IFNDEF DCC_NEXTGEN} - {$DEFINE USE_OPENSSL} // !!!·MOVED·HERE·BY·EMBT - {$DEFINE USE_SSPI} - {$IFDEF STRING_IS_UNICODE} - {$DEFINE SSPI_UNICODE} - {$ENDIF} - {$ENDIF} -{$ENDIF} -{$IFDEF WINCE} - {$DEFINE USE_OPENSSL} - // RLebeau: not sure if the above Win32/64 defines also apply to WinCE, - // so keeping them separate for now... -{$ENDIF} - -// High-performance counters are not reliable on multi-core systems, and have -// been known to cause problems with TIdIOHandler.ReadLn() timeouts in Windows -// XP SP3, both 32-bit and 64-bit. Refer to these discussions for more info: -// -// http://www.virtualdub.org/blog/pivot/entry.php?id=106 -// http://blogs.msdn.com/oldnewthing/archive/2008/09/08/8931563.aspx -// -// Do not enable thus unless you know it will work correctly on your systems! -{$IFDEF WINDOWS} - {.$DEFINE USE_HI_PERF_COUNTER_FOR_TICKS} -{$ENDIF} - -{$IFDEF UNIX} - {$DEFINE USE_OPENSSL} - {$DEFINE USE_ZLIB_UNIT} - {$DEFINE HAS_getifaddrs} -{$ENDIF} - -{$IFDEF MACOS} - {$DEFINE HAS_getifaddrs} -{$ENDIF} - -{$IFDEF DARWIN} - {$DEFINE HAS_getifaddrs} -{$ENDIF} - -{$IFDEF LINUX} - {$DEFINE HAS_getifaddrs} -{$ENDIF} - {$IFDEF IOS} - {$DEFINE HAS_getifaddrs} - {$DEFINE USE_OPENSSL} - // Support for 64-bit ARM iOS Simulator was added in Delphi 11.2 // TODO: how to detect iOS Simulator in FPC? Does it support 64-bit ARM? {$IFDEF CPUARM} @@ -1682,60 +1079,7 @@ {$ENDIF} {$ENDIF} -{$IFDEF FREEBSD} - {$DEFINE HAS_getifaddrs} -{$ENDIF} - -{$IFDEF ANDROID} - {$UNDEF HAS_getifaddrs} -{$ENDIF} - -{$IFDEF FPC_REQUIRES_PROPER_ALIGNMENT} - {$DEFINE REQUIRES_PROPER_ALIGNMENT} -{$ENDIF} - -// -//iconv defines section. -{$DEFINE USE_ICONV_UNIT} -{$DEFINE USE_ICONV_ENC} -{$IFDEF UNIX} - {$DEFINE USE_ICONV} - {$IFDEF USE_BASEUNIX} - {$IFDEF FPC} - {$UNDEF USE_ICONV_UNIT} - {$ELSE} - {$UNDEF USE_ICONV_ENC} - {$ENDIF} - {$ENDIF} - {$IFDEF KYLIXCOMPAT} - //important!! Iconv functions are defined in the libc.pas Kylix compatible unit. - {$UNDEF USE_ICONV_ENC} - {$UNDEF USE_ICONV_UNIT} - {$ENDIF} -{$ENDIF} -{$IFDEF NETWARELIBC} - {$DEFINE USE_ICONV} - //important!!! iconv functions are defined in the libc.pas Novell Netware header. - //Do not define USE_ICONV_UNIT - {$UNDEF USE_ICONV_UNIT} - {$UNDEF USE_ICONV_ENC} -{$ENDIF} - -{$UNDEF USE_SAFELOADLIBRARY} -{$IFDEF WINDOWS} - {$UNDEF USE_ICONV_ENC} - {$DEFINE USE_SAFELOADLIBRARY} -{$ENDIF} -// Use here for all *nix systems that you do not want to use iconv library -{$IFDEF FPC} - {$IFDEF ANDROID} - {$UNDEF USE_ICONV} - {$DEFINE USE_LCONVENC} - {$ENDIF} -{$ENDIF} - {$UNDEF USE_INVALIDATE_MOD_CACHE} -{$UNDEF USE_SAFELOADLIBRARY} //This must come after the iconv defines because this compiler targets a Unix-like //operating system. One key difference is that it does have a TEncoding class. //If this comes before the ICONV defines, it creates problems. @@ -1745,20 +1089,8 @@ {$IFNDEF LINUX} {$DEFINE BSD} {$ENDIF} - {$DEFINE USE_SAFELOADLIBRARY} {$DEFINE USE_INVALIDATE_MOD_CACHE} {$ENDIF} - //important!!! iconv functions are defined in the libc.pas Novell Netware header. - //Do not define USE_ICONVUNIT - {$UNDEF USE_ICONV} - {$UNDEF USE_ICONV_UNIT} - {$UNDEF USE_ICONV_ENC} - {$DEFINE INT_THREAD_PRIORITY} -{$ENDIF} - -{$IFNDEF USE_ICONV} - {$UNDEF USE_ICONV_UNIT} - {$UNDEF USE_ICONV_ENC} {$ENDIF} //IMPORTANT!!!! @@ -1786,270 +1118,34 @@ {$ENDIF} {$ENDIF} -{ -BSD 4.4 introduced a minor API change. sa_family was changed from a 16bit -word to an 8 bit byte and an 8 bit byte field named sa_len was added. -} -//Place this only after DARWIN has been defined for Delphi MACOS -{$IFDEF FREEBSD} - {$DEFINE SOCK_HAS_SINLEN} -{$ENDIF} -{$IFDEF DARWIN} - {$DEFINE SOCK_HAS_SINLEN} -{$ENDIF} -{$IFDEF HAIKU} - {$DEFINE SOCK_HAS_SINLEN} -{$ENDIF} -{$IFDEF MORPHOS} - {$DEFINE SOCK_HAS_SINLEN} -{$ENDIF} - -// Do NOT remove these IFDEF's. They are here because InterlockedExchange -// only handles 32bit values. Some Operating Systems may have 64bit -// THandles. This is not always tied to the platform architecture. - -{$IFDEF AMIGA} - {$DEFINE THANDLE_CPUBITS} -{$ENDIF} -{$IFDEF ATARI} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF BEOS} - {$DEFINE THANDLE_32} -{$ENDIF} {$IFDEF BSD} //I think BSD might handle FreeBSD, NetBSD, OpenBSD, and Darwin {$IFDEF IOS} {$IFDEF CPUARM64} {$DEFINE CPU64} - {$DEFINE THANDLE_64} {$ELSE} {$IFDEF CPUARM32} {$DEFINE CPU32} {$ENDIF} - {$DEFINE THANDLE_32} {$ENDIF} {$ENDIF} - {$IFDEF OSX} - {$IFDEF FPC} - {$DEFINE THANDLE_32} - {$ELSE} - {$DEFINE THANDLE_CPUBITS} // !!! ADDED OSX BY EMBT - {$ENDIF} - {$ENDIF} -{$ENDIF} -{$IFDEF EMBEDDED} - {$DEFINE THANDLE_CPUBITS} -{$ENDIF} -{$IFDEF EMX} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF GBA} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF GO32} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF HAIKU} - {$DEFINE THANDLE_32} {$ENDIF} {$IFDEF LINUX} {$IFDEF LINUX64} {$DEFINE CPU64} - {$DEFINE THANDLE_64} {$ELSE} {$IFDEF LINUX32} {$DEFINE CPU32} {$ENDIF} - {$DEFINE THANDLE_32} - {$ENDIF} -{$ENDIF} -{$IFDEF MACOS_CLASSIC} - {$DEFINE THANDLE_CPUBITS} -{$ENDIF} -{$IFDEF MORPHOS} - {$DEFINE THANDLE_CPUBITS} -{$ENDIF} -{$IFDEF NATIVENT} //Native NT for kernel level drivers - {$DEFINE THANDLE_CPUBITS} -{$ENDIF} -{$IFDEF NDS} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF NETWARE} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF NETWARELIBC} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF OS2} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF PALMOS} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF SOLARIS} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF SYMBIAN} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF WII} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF WATCOM} - {$DEFINE THANDLE_32} -{$ENDIF} -{$IFDEF WINDOWS} - {$DEFINE THANDLE_CPUBITS} -{$ENDIF} - -// end platform specific stuff for THandle size - -{$IFDEF THANDLE_CPUBITS} - {$IFDEF CPU64} - {$DEFINE THANDLE_64} - {$ELSE} - {$DEFINE THANDLE_32} - {$ENDIF} -{$ENDIF} - -{$IFDEF DOTNET} - {$DEFINE DOTNET_OR_ICONV} -{$ENDIF} -{$IFDEF USE_ICONV} - {$DEFINE DOTNET_OR_ICONV} -{$ENDIF} - -{$UNDEF STREAM_SIZE_64} -{$IFDEF FPC} - {$DEFINE STREAM_SIZE_64} -{$ELSE} - {$IFDEF VCL_6_OR_ABOVE} - {$DEFINE STREAM_SIZE_64} - {$ENDIF} -{$ENDIF} - -{$IFNDEF FREE_ON_FINAL} - {$IFNDEF DOTNET} - {$IFDEF HAS_System_RegisterExpectedMemoryLeak} - {$DEFINE REGISTER_EXPECTED_MEMORY_LEAK} - {$ENDIF} - {$IFDEF USE_FASTMM4} - {$DEFINE REGISTER_EXPECTED_MEMORY_LEAK} - {$ENDIF} - {$IFDEF USE_MADEXCEPT} - {$DEFINE REGISTER_EXPECTED_MEMORY_LEAK} - {$ENDIF} - {$IFDEF USE_LEAKCHECK} - {$DEFINE REGISTER_EXPECTED_MEMORY_LEAK} - {$ENDIF} {$ENDIF} {$ENDIF} -{ -We must determine what the SocketType parameter is for the Socket function. -In DotNET, it's SocketType. In Kylix and the libc.pas Kylix-compatibility -library, it's a __socket_type. In BaseUnix, it's a C-type Integer. In Windows, -it's a LongInt. - -} -{$UNDEF SOCKETTYPE_IS_SOCKETTYPE} -{$UNDEF SOCKETTYPE_IS_CINT} -{$UNDEF SOCKETTYPE_IS___SOCKETTYPE} -{$UNDEF SOCKETTYPE_IS_LONGINT} -{$UNDEF SOCKETTYPE_IS_NUMERIC} -{$UNDEF SOCKET_LEN_IS_socklen_t} -{$IFDEF DOTNET} - {$DEFINE SOCKETTYPE_IS_SOCKETTYPE} -{$ENDIF} -{$IFDEF USE_BASEUNIX} - {$DEFINE SOCKETTYPE_IS_CINT} - {$DEFINE SOCKETTYPE_IS_NUMERIC} -{$ENDIF} -{$IFDEF KYLIXCOMPAT} - {$DEFINE SOCKETTYPE_IS___SOCKETTYPE} -{$ENDIF} -{$IFDEF USE_VCL_POSIX} - {$DEFINE SOCKETTYPE_IS_NUMERIC} - {$DEFINE SOCKETTYPE_IS_LONGINT} - {$DEFINE SOCKET_LEN_IS_socklen_t} -{$ENDIF} -{$IFDEF WINDOWS} - {$DEFINE SOCKETTYPE_IS_LONGINT} - {$DEFINE SOCKETTYPE_IS_NUMERIC} -{$ENDIF} -{$IFDEF OS2} - {$DEFINE SOCKETTYPE_IS_LONGINT} - {$DEFINE SOCKETTYPE_IS_NUMERIC} -{$ENDIF} -{$IFDEF NETWARE} - {$DEFINE SOCKETTYPE_IS_LONGINT} - {$DEFINE SOCKETTYPE_IS_NUMERIC} -{$ENDIF} - -{Take advantage of some TCP features specific to some stacks. -They work somewhat similarly but there's a key difference. -In Linux, TCP_CORK is turned on to send fixed packet sizes and -when turned-off (uncorked), any remaining data is sent. With -TCP_NOPUSH, this might not happen and remaining data is only sent -before disconnect. TCP_KEEPIDLE and TCP_KEEPINTVL so the IFDEF LINUX and IFDEF -SOLARIS instead of IFDEF UNIX is not an error, it's deliberate.} -{$UNDEF HAS_TCP_NOPUSH} -{$UNDEF HAS_TCP_CORK} -{$UNDEF HAS_TCP_KEEPIDLE} -{$UNDEF HAS_TCP_KEEPINTVL} -{$UNDEF HAS_SOCKET_NOSIGPIPE} -{$IFDEF BSD} - {$DEFINE HAS_TCP_NOPUSH} -{$ENDIF} -{$IFDEF HAIKU} - {$DEFINE HAS_TCP_NOPUSH} -{$ENDIF} -{$IFDEF LINUX} - {$DEFINE HAS_TCP_CORK} - {$DEFINE HAS_TCP_KEEPIDLE} - {$DEFINE HAS_TCP_KEEPINTVL} -{$ENDIF} -{$IFDEF SOLARIS} - {$DEFINE HAS_TCP_CORK} -{$ENDIF} -{$IFDEF NETBSD} - {$DEFINE HAS_TCP_CORK} - {$DEFINE HAS_TCP_KEEPIDLE} - {$DEFINE HAS_TCP_KEEPINTVL} -{$ENDIF} -{$IFDEF USE_VCL_POSIX} - // TODO: which platforms actually have SO_NOSIGPIPE available? - {$DEFINE HAS_SOCKET_NOSIGPIPE} - {$IFDEF ANDROID} - {$UNDEF HAS_SOCKET_NOSIGPIPE} - {$ENDIF} - {$IFDEF LINUX} - {$UNDEF HAS_SOCKET_NOSIGPIPE} - {$ENDIF} -{$ENDIF} {end Unix OS specific stuff} + {$IFDEF DEBUG} {$UNDEF USE_INLINE} {$ENDIF} -// RLebeau 5/24/2015: In C++Builder 2006 and 2007, UInt64 is emitted as -// signed __int64 in HPP files instead of as unsigned __int64. This causes -// conflicts in overloaded routines that have (U)Int64 parameters. This -// was fixed in C++Builder 2009. For compilers that do not have a native -// UInt64 type, or for C++Builder 2006/2007, let's define a record type -// that can hold UInt64 values... -{$IFDEF HAS_UInt64} - {$IFDEF BROKEN_UINT64_HPPEMIT} - {$DEFINE TIdUInt64_HAS_QuadPart} - {$ENDIF} -{$ELSE} - {$IFNDEF HAS_QWord} - {$DEFINE TIdUInt64_HAS_QuadPart} - {$ENDIF} -{$ENDIF} - // RLebeau 9/5/2013: it would take a lot of work to re-write Indy to support // both 0-based and 1-based string indexing, so we'll just turn off 0-based // indexing for now... diff --git a/IdNTLMOpenSSL.pas b/IdNTLMOpenSSL.pas new file mode 100644 index 0000000..e15ea85 --- /dev/null +++ b/IdNTLMOpenSSL.pas @@ -0,0 +1,160 @@ +{ + This file is part of the Indy (Internet Direct) project, and is offered + under the dual-licensing agreement described on the Indy website. + (http://www.indyproject.org/) + + Copyright: + (c) 1993-2024, Chad Z. Hower and the Indy Pit Crew. All rights reserved. +} + +unit IdNTLMOpenSSL; + +interface + +implementation + +uses + IdGlobal, IdFIPS, IdSSLOpenSSLHeaders, IdHashMessageDigest, + SysUtils; + +{$I IdCompilerDefines.inc} + +function LoadOpenSSL: Boolean; +begin + Result := IdSSLOpenSSLHeaders.Load; +end; + +function IsNTLMFuncsAvail: Boolean; +begin + Result := Assigned(DES_set_odd_parity) and + Assigned(DES_set_key) and + Assigned(DES_ecb_encrypt); +end; + +type + Pdes_key_schedule = ^des_key_schedule; + +{/* + * turns a 56 bit key into the 64 bit, odd parity key and sets the key. + * The key schedule ks is also set. + */} +procedure setup_des_key(key_56: des_cblock; Var ks: des_key_schedule); +Var + key: des_cblock; +begin + key[0] := key_56[0]; + + key[1] := ((key_56[0] SHL 7) and $FF) or (key_56[1] SHR 1); + key[2] := ((key_56[1] SHL 6) and $FF) or (key_56[2] SHR 2); + key[3] := ((key_56[2] SHL 5) and $FF) or (key_56[3] SHR 3); + key[4] := ((key_56[3] SHL 4) and $FF) or (key_56[4] SHR 4); + key[5] := ((key_56[4] SHL 3) and $FF) or (key_56[5] SHR 5); + key[6] := ((key_56[5] SHL 2) and $FF) or (key_56[6] SHR 6); + key[7] := (key_56[6] SHL 1) and $FF; + + DES_set_odd_parity(@key); + DES_set_key(@key, ks); +end; + +{/* + * takes a 21 byte array and treats it as 3 56-bit DES keys. The + * 8 byte plaintext is encrypted with each key and the resulting 24 + * bytes are stored in the results array. + */} +procedure calc_resp(keys: PDES_cblock; const ANonce: TIdBytes; results: Pdes_key_schedule); +Var + ks: des_key_schedule; + nonce: des_cblock; +begin + setup_des_key(keys^, ks); + Move(ANonce[0], nonce, 8); + des_ecb_encrypt(@nonce, Pconst_DES_cblock(results), ks, DES_ENCRYPT); + + setup_des_key(PDES_cblock(PtrUInt(keys) + 7)^, ks); + des_ecb_encrypt(@nonce, Pconst_DES_cblock(PtrUInt(results) + 8), ks, DES_ENCRYPT); + + setup_des_key(PDES_cblock(PtrUInt(keys) + 14)^, ks); + des_ecb_encrypt(@nonce, Pconst_DES_cblock(PtrUInt(results) + 16), ks, DES_ENCRYPT); +end; + +Const + Magic: des_cblock = ($4B, $47, $53, $21, $40, $23, $24, $25 ); + +//* setup LanManager password */ +function SetupLanManagerPassword(const APassword: String; const ANonce: TIdBytes): TIdBytes; +var + lm_hpw: array[0..20] of Byte; + lm_pw: array[0..13] of Byte; + idx, len: Integer; + ks: des_key_schedule; + lm_resp: array [0..23] of Byte; + lPassword: {$IFDEF STRING_IS_UNICODE}TIdBytes{$ELSE}AnsiString{$ENDIF}; +begin + {$IFDEF STRING_IS_UNICODE} + lPassword := IndyTextEncoding_OSDefault.GetBytes(UpperCase(APassword)); + {$ELSE} + lPassword := UpperCase(APassword); + {$ENDIF} + + len := IndyMin(Length(lPassword), 14); + if len > 0 then begin + Move(lPassword[{$IFDEF STRING_IS_UNICODE}0{$ELSE}1{$ENDIF}], lm_pw[0], len); + end; + if len < 14 then begin + for idx := len to 13 do begin + lm_pw[idx] := $0; + end; + end; + + //* create LanManager hashed password */ + + setup_des_key(pdes_cblock(@lm_pw[0])^, ks); + des_ecb_encrypt(@magic, Pconst_DES_cblock(@lm_hpw[0]), ks, DES_ENCRYPT); + + setup_des_key(pdes_cblock(PtrUInt(@lm_pw[0]) + 7)^, ks); + des_ecb_encrypt(@magic, Pconst_DES_cblock(PtrUInt(@lm_hpw[0]) + 8), ks, DES_ENCRYPT); + + FillChar(lm_hpw[16], 5, 0); + + calc_resp(PDes_cblock(@lm_hpw[0]), ANonce, Pdes_key_schedule(@lm_resp[0])); + + SetLength(Result, SizeOf(lm_resp)); + Move(lm_resp[0], Result[0], SizeOf(lm_resp)); +end; + +//* create NT hashed password */ +function CreateNTPassword(const APassword: String; const ANonce: TIdBytes): TIdBytes; +var + nt_hpw: array [1..21] of Byte; + nt_hpw128: TIdBytes; + nt_resp: array [1..24] of Byte; + LMD4: TIdHashMessageDigest4; +begin + CheckMD4Permitted; + LMD4 := TIdHashMessageDigest4.Create; + try + {$IFDEF STRING_IS_UNICODE} + nt_hpw128 := LMD4.HashString(APassword, IndyTextEncoding_UTF16LE); + {$ELSE} + nt_hpw128 := LMD4.HashBytes(BuildUnicode(APassword)); + {$ENDIF} + finally + LMD4.Free; + end; + + Move(nt_hpw128[0], nt_hpw[1], 16); + FillChar(nt_hpw[17], 5, 0); + + calc_resp(pdes_cblock(@nt_hpw[1]), ANonce, Pdes_key_schedule(@nt_resp[1])); + + SetLength(Result, SizeOf(nt_resp)); + Move(nt_resp[1], Result[0], SizeOf(nt_resp)); +end; + +initialization + IdFIPS.LoadNTLMLibrary := LoadOpenSSL; + IdFIPS.IsNTLMFuncsAvail := IsNTLMFuncsAvail; + IdFIPS.NTLMGetLmChallengeResponse := SetupLanManagerPassword; + IdFIPS.NTLMGetNtChallengeResponse := CreateNTPassword; + +end. \ No newline at end of file diff --git a/IdRegisterOpenSSL.dcr b/IdRegisterOpenSSL.dcr new file mode 100644 index 0000000..d37266b Binary files /dev/null and b/IdRegisterOpenSSL.dcr differ diff --git a/IdRegisterOpenSSL.lrs b/IdRegisterOpenSSL.lrs new file mode 100644 index 0000000..892a939 --- /dev/null +++ b/IdRegisterOpenSSL.lrs @@ -0,0 +1,54 @@ +LazarusResources.Add('TIdServerIOHandlerSSLOpenSSL','XPM',[ + '/* XPM */'#13#10'static char *Pixmap[] = {'#13#10'"24 24 16 2",'#13#10'"00 c' + +' black",'#13#10'"01 c #800000",'#13#10'"02 c #008000",'#13#10'"03 c #808000' + +'",'#13#10'"04 c #000080",'#13#10'"05 c none",'#13#10'"06 c #008080",'#13#10 + +'"07 c #808080",'#13#10'"08 c #C0C0C0",'#13#10'"09 c red",'#13#10'"10 c gree' + +'n",'#13#10'"11 c yellow",'#13#10'"12 c blue",'#13#10'"13 c magenta",'#13#10 + +'"14 c cyan",'#13#10'"15 c Gray100",'#13#10'"0505000000000000000505050505050' + +'50505050505050505",'#13#10'"05050015151515150004040404040404040404040404040' + +'5",'#13#10'"050400151414141500151515151515151515151515150404",'#13#10'"0504' + +'00151414141500151515151515151515151515150404",'#13#10'"05040015070707070015' + +'1515151515151515151515150404",'#13#10'"050400000000000000151500000000151515' + +'151515150404",'#13#10'"000000151508080800000008080808001515151515150404",' + +#13#10'"001515080808080808070000000008070715151515150404",'#13#10'"001507070' + +'707070707070015151500080015151515150404",'#13#10'"0000000000000000000000151' + +'51500080015151515150404",'#13#10'"05041515151515150008001515150008001515151' + +'5150404",'#13#10'"050415151515150000000000000000000000151515150404",'#13#10 + +'"050415151515000808080808080808080808001515150404",'#13#10'"050415151515000' + +'707070700000007070707001515150404",'#13#10'"0504151515150008080808000000080' + +'80808001515150404",'#13#10'"05041515151500070707080800080807070700151515040' + +'4",'#13#10'"050415151515000808080807000708080808001515150404",'#13#10'"0504' + +'15151515150007070807000708070700151515150404",'#13#10'"05041515151515150000' + +'0808080808000015151515150404",'#13#10'"050415151515151515150000000000151515' + +'151515150404",'#13#10'"050415151515151515151515151515151515151515150404",' + +#13#10'"050415151515151515151515151515151515151515150404",'#13#10'"050404040' + +'404040404040404040404040404040404040404",'#13#10'"0505040404040404040404040' + +'40404040404040404040405"'#13#10'};'#13#10 +]); +LazarusResources.Add('TIdSSLIOHandlerSocketOpenSSL','XPM',[ + '/* XPM */'#13#10'static char *Pixmap[] = {'#13#10'"24 24 16 2",'#13#10'"00 c' + +' black",'#13#10'"01 c #800000",'#13#10'"02 c #008000",'#13#10'"03 c #808000' + +'",'#13#10'"04 c #000080",'#13#10'"05 c none",'#13#10'"06 c #008080",'#13#10 + +'"07 c #C0C0C0",'#13#10'"08 c #808080",'#13#10'"09 c red",'#13#10'"10 c gree' + +'n",'#13#10'"11 c yellow",'#13#10'"12 c blue",'#13#10'"13 c magenta",'#13#10 + +'"14 c cyan",'#13#10'"15 c Gray100",'#13#10'"0505050505050505050505050505050' + +'50505050505050505",'#13#10'"05050404040404040404040404040404040404040404040' + +'5",'#13#10'"050415151515151515151515151515151515151515150404",'#13#10'"0504' + +'15151515151515151515151515151515151515150404",'#13#10'"05041515151515151515' + +'1515151515151515151515150404",'#13#10'"050415151515151515150000000000151515' + +'151515150404",'#13#10'"050415151515151515000707070707001515151515150404",' + +#13#10'"050415151515151508080700000007080815151515150404",'#13#10'"050415151' + +'515151500070015151500070015151515150404",'#13#10'"0504151515151515000700151' + +'51500070015151515150404",'#13#10'"05041515151515150007001515150007001515151' + +'5150404",'#13#10'"050415151515150000000000000000000000151515150404",'#13#10 + +'"050415151515000707070707070707070707001515150404",'#13#10'"050415151515000' + +'808080800000008080808001515150404",'#13#10'"0504151515150007070707000000070' + +'70707001515150404",'#13#10'"05041515151500080808070700070708080800151515040' + +'4",'#13#10'"050415151515000707070708000807070707001515150404",'#13#10'"0504' + +'15151515150008080708000807080800151515150404",'#13#10'"05041515151515150000' + +'0707070707000015151515150404",'#13#10'"050415151515151515150000000000151515' + +'151515150404",'#13#10'"050415151515151515151515151515151515151515150404",' + +#13#10'"050415151515151515151515151515151515151515150404",'#13#10'"050404040' + +'404040404040404040404040404040404040404",'#13#10'"0505040404040404040404040' + +'40404040404040404040405"'#13#10'};'#13#10 +]); diff --git a/IdResourceStringsOpenSSL.pas b/IdResourceStringsOpenSSL.pas index b6bc296..e4fb94a 100644 --- a/IdResourceStringsOpenSSL.pas +++ b/IdResourceStringsOpenSSL.pas @@ -15,6 +15,8 @@ interface RSOSSLConnectionDropped = 'SSL connection has dropped.'; RSOSSLCertificateLookup = 'SSL certificate request error.'; RSOSSLInternal = 'SSL library internal error.'; + RSOSSLCouldNotSetMinProtocolVersion = 'Could not set min protocol version'; + RSOSSLCouldNotSetMaxProtocolVersion = 'Could not set max protocol version'; //callback where strings RSOSSLAlert = '%s Alert'; RSOSSLReadAlert = '%s Read Alert'; diff --git a/IdSSLOpenSSL.pas b/IdSSLOpenSSL.pas index c5124a5..de42c57 100644 --- a/IdSSLOpenSSL.pas +++ b/IdSSLOpenSSL.pas @@ -1,148 +1,10 @@ { - $Project$ - $Workfile$ - $Revision$ - $DateUTC$ - $Id$ - This file is part of the Indy (Internet Direct) project, and is offered under the dual-licensing agreement described on the Indy website. (http://www.indyproject.org/) Copyright: - (c) 1993-2005, Chad Z. Hower and the Indy Pit Crew. All rights reserved. -} -{ - $Log$ -} -{ - Rev 1.40 03/11/2009 09:04:00 AWinkelsdorf - Implemented fix for Vista+ SSL_Read and SSL_Write to allow connection - timeout. - - Rev 1.39 16/02/2005 23:26:08 CCostelloe - Changed OnVerifyPeer. Breaks existing implementation of OnVerifyPeer. See - long comment near top of file. - - Rev 1.38 1/31/05 6:02:28 PM RLebeau - Updated _GetThreadId() callback to reflect changes in IdGlobal unit - - Rev 1.37 7/27/2004 1:54:26 AM JPMugaas - Now should use the Intercept property for sends. - - Rev 1.36 2004-05-18 21:38:36 Mattias - Fixed unload bug - - Rev 1.35 2004-05-07 16:34:26 Mattias - Implemented OpenSSL locking callbacks - - Rev 1.34 27/04/2004 9:38:48 HHariri - Added compiler directive so it works in BCB - - Rev 1.33 4/26/2004 12:41:10 AM BGooijen - Fixed WriteDirect - - Rev 1.32 2004.04.08 10:55:30 PM czhower - IOHandler changes. - - Rev 1.31 3/7/2004 9:02:58 PM JPMugaas - Fixed compiler warning about visibility. - - Rev 1.30 2004.03.07 11:46:40 AM czhower - Flushbuffer fix + other minor ones found - - Rev 1.29 2/7/2004 5:50:50 AM JPMugaas - Fixed Copyright. - - Rev 1.28 2/6/2004 3:45:56 PM JPMugaas - Only a start on NET porting. This is not finished and will not compile on - DotNET> - - Rev 1.27 2004.02.03 5:44:24 PM czhower - Name changes - - Rev 1.26 1/21/2004 4:03:48 PM JPMugaas - InitComponent - - Rev 1.25 1/14/2004 11:39:10 AM JPMugaas - Server IOHandler now works. Accept was commented out. - - Rev 1.24 2003.11.29 10:19:28 AM czhower - Updated for core change to InputBuffer. - - Rev 1.23 10/21/2003 10:09:14 AM JPMugaas - Intercept enabled. - - Rev 1.22 10/21/2003 09:41:38 AM JPMugaas - Updated for new API. Verified with TIdFTP with active and passive transfers - as well as clear and protected data channels. - - Rev 1.21 10/21/2003 07:32:38 AM JPMugaas - Checked in what I have. Porting still continues. - - Rev 1.20 10/17/2003 1:08:08 AM DSiders - Added localization comments. - - Rev 1.19 2003.10.12 6:36:44 PM czhower - Now compiles. - - Rev 1.18 9/19/2003 11:24:58 AM JPMugaas - Should compile. - - Rev 1.17 9/18/2003 10:20:32 AM JPMugaas - Updated for new API. - - Rev 1.16 2003.07.16 3:26:52 PM czhower - Fixed for a core change. - - Rev 1.15 6/30/2003 1:52:22 PM BGooijen - Changed for new buffer interface - - Rev 1.14 6/29/2003 5:42:02 PM BGooijen - fixed problem in TIdSSLIOHandlerSocketOpenSSL.SetPassThrough that Henrick - Hellstrom reported - - Rev 1.13 5/7/2003 7:13:00 PM BGooijen - changed Connected to BindingAllocated in ReadFromSource - - Rev 1.12 3/30/2003 12:16:40 AM BGooijen - bugfixed+ added MakeFTPSvrPort/MakeFTPSvrPasv - - Rev 1.11 3/14/2003 06:56:08 PM JPMugaas - Added a clone method to the SSLContext. - - Rev 1.10 3/14/2003 05:29:10 PM JPMugaas - Change to prevent an AV when shutting down the FTP Server. - - Rev 1.9 3/14/2003 10:00:38 PM BGooijen - Removed TIdServerIOHandlerSSLBase.PeerPassthrough, the ssl is now enabled in - the server-protocol-files - - Rev 1.8 3/13/2003 11:55:38 AM JPMugaas - Updated registration framework to give more information. - - Rev 1.7 3/13/2003 11:07:14 AM JPMugaas - OpenSSL classes renamed. - - Rev 1.6 3/13/2003 10:28:16 AM JPMugaas - Forgot the reegistration - OOPS!!! - - Rev 1.5 3/13/2003 09:49:42 AM JPMugaas - Now uses an abstract SSL base class instead of OpenSSL so 3rd-party vendors - can plug-in their products. - - Rev 1.4 3/13/2003 10:20:08 AM BGooijen - Server side fibers - - Rev 1.3 2003.02.25 3:56:22 AM czhower - - Rev 1.2 2/5/2003 10:27:46 PM BGooijen - Fixed bug in OpenEncodedConnection - - Rev 1.1 2/4/2003 6:31:22 PM BGooijen - Fixed for Indy 10 - - Rev 1.0 11/13/2002 08:01:24 AM JPMugaas + (c) 1993-2024, Chad Z. Hower and the Indy Pit Crew. All rights reserved. } unit IdSSLOpenSSL; { @@ -201,10 +63,6 @@ interface {$I IdCompilerDefines.inc} -{$IFNDEF USE_OPENSSL} - {$message error Should not compile if USE_OPENSSL is not defined!!!} -{$ENDIF} - {$TYPEDADDRESS OFF} uses @@ -234,7 +92,8 @@ interface IdYarn; type - TIdSSLVersion = (sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2); + TIdSSLVersion = (sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1, sslvTLSv1_1, + sslvTLSv1_2, sslvTLSv1_3); TIdSSLVersions = set of TIdSSLVersion; TIdSSLMode = (sslmUnassigned, sslmClient, sslmServer, sslmBoth); TIdSSLVerifyMode = (sslvrfPeer, sslvrfFailIfNoPeerCert, sslvrfClientOnce); @@ -243,18 +102,22 @@ interface TIdSSLAction = (sslRead, sslWrite); const - DEF_SSLVERSION = sslvTLSv1; - DEF_SSLVERSIONS = [sslvTLSv1]; + DEF_SSLVERSION = sslvTLSv1_3; + DEF_SSLVERSIONS = [sslvTLSv1_3]; P12_FILETYPE = 3; MAX_SSL_PASSWORD_LENGTH = 128; type TIdSSLULong = packed record case Byte of - 0: (B1, B2, B3, B4: UInt8); - 1: (W1, W2: UInt16); - 2: (L1: Int32); - 3: (C1: UInt32); + 0: + (B1, B2, B3, B4: UInt8); + 1: + (W1, W2: UInt16); + 2: + (L1: Int32); + 3: + (C1: UInt32); end; TIdSSLEVP_MD = record @@ -270,12 +133,14 @@ TIdSSLByteArray = record TIdX509 = class; TIdSSLIOHandlerSocketOpenSSL = class; TIdSSLCipher = class; - TCallbackEvent = procedure(const AMsg: String) of object; - TCallbackExEvent = procedure(ASender : TObject; const AsslSocket: PSSL; - const AWhere, Aret: TIdC_INT; const AType, AMsg : String ) of object; - TPasswordEvent = procedure(var Password: String) of object; - TPasswordEventEx = procedure( ASender : TObject; var VPassword: String; const AIsWrite : Boolean) of object; - TVerifyPeerEvent = function(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean of object; + TCallbackEvent = procedure(const AMsg: String) of object; + TCallbackExEvent = procedure(ASender: TObject; const AsslSocket: PSSL; + const AWhere, Aret: TIdC_INT; const AType, AMsg: String) of object; + TPasswordEvent = procedure(var Password: String) of object; + TPasswordEventEx = procedure(ASender: TObject; var VPassword: String; + const AIsWrite: Boolean) of object; + TVerifyPeerEvent = function(Certificate: TIdX509; AOk: Boolean; + ADepth, AError: Integer): Boolean of object; TIOHandlerNotify = procedure(ASender: TIdSSLIOHandlerSocketOpenSSL) of object; TIdSSLOptions = class(TPersistent) @@ -308,7 +173,7 @@ TIdSSLOptions = class(TPersistent) property Mode: TIdSSLMode read fMode write fMode; property VerifyMode: TIdSSLVerifyModeSet read fVerifyMode write fVerifyMode; property VerifyDepth: Integer read fVerifyDepth write fVerifyDepth; -// property VerifyFile: String read fVerifyFile write fVerifyFile; + // property VerifyFile: String read fVerifyFile write fVerifyFile; property VerifyDirs: String read fVerifyDirs write fVerifyDirs; property CipherList: String read fCipherList write fCipherList; end; @@ -316,17 +181,17 @@ TIdSSLOptions = class(TPersistent) TIdSSLContext = class(TObject) protected fMethod: TIdSSLVersion; - fSSLVersions : TIdSSLVersions; + fSSLVersions: TIdSSLVersions; fMode: TIdSSLMode; fsRootCertFile, fsCertFile, fsKeyFile, fsDHParamsFile: String; fVerifyDepth: Integer; fVerifyMode: TIdSSLVerifyModeSet; -// fVerifyFile: String; + // fVerifyFile: String; fVerifyDirs: String; fCipherList: String; fContext: PSSL_CTX; fStatusInfoOn: Boolean; -// fPasswordRoutineOn: Boolean; + // fPasswordRoutineOn: Boolean; fVerifyOn: Boolean; fSessionId: Integer; fCtxMode: TIdSSLCtxMode; @@ -336,20 +201,21 @@ TIdSSLContext = class(TObject) function GetVerifyMode: TIdSSLVerifyModeSet; procedure InitContext(CtxMode: TIdSSLCtxMode); public - {$IFDEF USE_OBJECT_ARC}[Weak]{$ENDIF} Parent: TObject; +{$IFDEF USE_OBJECT_ARC}[Weak] +{$ENDIF} Parent: TObject; constructor Create; destructor Destroy; override; - function Clone : TIdSSLContext; + function Clone: TIdSSLContext; function LoadRootCert: Boolean; function LoadCert: Boolean; function LoadKey: Boolean; function LoadDHParams: Boolean; property StatusInfoOn: Boolean read fStatusInfoOn write fStatusInfoOn; -// property PasswordRoutineOn: Boolean read fPasswordRoutineOn write fPasswordRoutineOn; + // property PasswordRoutineOn: Boolean read fPasswordRoutineOn write fPasswordRoutineOn; property VerifyOn: Boolean read fVerifyOn write fVerifyOn; -//THese can't be published in a TObject without a compiler warning. - // published - property SSLVersions : TIdSSLVersions read fSSLVersions write fSSLVersions; + // THese can't be published in a TObject without a compiler warning. + // published + property SSLVersions: TIdSSLVersions read fSSLVersions write fSSLVersions; property Method: TIdSSLVersion read fMethod write fMethod; property Mode: TIdSSLMode read fMode write fMode; property RootCertFile: String read fsRootCertFile write fsRootCertFile; @@ -357,8 +223,8 @@ TIdSSLContext = class(TObject) property CipherList: String read fCipherList write fCipherList; property KeyFile: String read fsKeyFile write fsKeyFile; property DHParamsFile: String read fsDHParamsFile write fsDHParamsFile; -// property VerifyMode: TIdSSLVerifyModeSet read GetVerifyMode write SetVerifyMode; -// property VerifyFile: String read fVerifyFile write fVerifyFile; + // property VerifyMode: TIdSSLVerifyModeSet read GetVerifyMode write SetVerifyMode; + // property VerifyFile: String read fVerifyFile write fVerifyFile; property VerifyDirs: String read fVerifyDirs write fVerifyDirs; property VerifyMode: TIdSSLVerifyModeSet read fVerifyMode write fVerifyMode; property VerifyDepth: Integer read fVerifyDepth write fVerifyDepth; @@ -367,7 +233,8 @@ TIdSSLContext = class(TObject) TIdSSLSocket = class(TObject) protected - {$IFDEF USE_OBJECT_ARC}[Weak]{$ENDIF} fParent: TObject; +{$IFDEF USE_OBJECT_ARC}[Weak] +{$ENDIF} fParent: TObject; fPeerCert: TIdX509; fSSL: PSSL; fSSLCipher: TIdSSLCipher; @@ -381,10 +248,10 @@ TIdSSLSocket = class(TObject) destructor Destroy; override; procedure Accept(const pHandle: TIdStackSocketHandle); procedure Connect(const pHandle: TIdStackSocketHandle); - function Send(const ABuffer : TIdBytes; AOffset, ALength: Integer): Integer; - function Recv(var ABuffer : TIdBytes): Integer; + function Send(const ABuffer: TIdBytes; AOffset, ALength: Integer): Integer; + function Recv(var ABuffer: TIdBytes): Integer; function GetSessionID: TIdSSLByteArray; - function GetSessionIDAsString:String; + function GetSessionIDAsString: String; procedure SetCipherList(CipherList: String); // property PeerCert: TIdX509 read GetPeerCert; @@ -397,100 +264,119 @@ TIdSSLSocket = class(TObject) // bridge the gap... IIdSSLOpenSSLCallbackHelper = interface(IInterface) ['{583F1209-10BA-4E06-8810-155FAEC415FE}'] - function GetPassword(const AIsWrite : Boolean): string; - procedure StatusInfo(const ASSL: PSSL; AWhere, ARet: TIdC_INT; const AStatusStr: string); - function VerifyPeer(ACertificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean; + function GetPassword(const AIsWrite: Boolean): string; + procedure StatusInfo(const ASSL: PSSL; AWhere, Aret: TIdC_INT; + const AStatusStr: string); + function VerifyPeer(ACertificate: TIdX509; AOk: Boolean; + ADepth, AError: Integer): Boolean; function GetIOHandlerSelf: TIdSSLIOHandlerSocketOpenSSL; end; - TIdSSLIOHandlerSocketOpenSSL = class(TIdSSLIOHandlerSocketBase, IIdSSLOpenSSLCallbackHelper) + TIdSSLIOHandlerSocketOpenSSL = class(TIdSSLIOHandlerSocketBase, + IIdSSLOpenSSLCallbackHelper) protected fSSLContext: TIdSSLContext; fxSSLOptions: TIdSSLOptions; fSSLSocket: TIdSSLSocket; - //fPeerCert: TIdX509; + // fPeerCert: TIdX509; fOnStatusInfo: TCallbackEvent; - FOnStatusInfoEx : TCallbackExEvent; + FOnStatusInfoEx: TCallbackExEvent; fOnGetPassword: TPasswordEvent; - fOnGetPasswordEx : TPasswordEventEx; + fOnGetPasswordEx: TPasswordEventEx; fOnVerifyPeer: TVerifyPeerEvent; fSSLLayerClosed: Boolean; fOnBeforeConnect: TIOHandlerNotify; // function GetPeerCert: TIdX509; - //procedure CreateSSLContext(axMode: TIdSSLMode); + // procedure CreateSSLContext(axMode: TIdSSLMode); // procedure SetPassThrough(const Value: Boolean); override; procedure DoBeforeConnect(ASender: TIdSSLIOHandlerSocketOpenSSL); virtual; procedure DoStatusInfo(const AMsg: String); virtual; procedure DoStatusInfoEx(const AsslSocket: PSSL; - const AWhere, Aret: TIdC_INT; const AWhereStr, ARetStr : String ); + const AWhere, Aret: TIdC_INT; const AWhereStr, ARetStr: String); procedure DoGetPassword(var Password: String); virtual; - procedure DoGetPasswordEx(var VPassword: String; const AIsWrite : Boolean); virtual; + procedure DoGetPasswordEx(var VPassword: String; + const AIsWrite: Boolean); virtual; - function DoVerifyPeer(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean; virtual; + function DoVerifyPeer(Certificate: TIdX509; AOk: Boolean; + ADepth, AError: Integer): Boolean; virtual; function RecvEnc(var VBuffer: TIdBytes): Integer; override; - function SendEnc(const ABuffer: TIdBytes; const AOffset, ALength: Integer): Integer; override; + function SendEnc(const ABuffer: TIdBytes; const AOffset, ALength: Integer) + : Integer; override; procedure Init; procedure OpenEncodedConnection; virtual; - //some overrides from base classes + // some overrides from base classes procedure InitComponent; override; procedure ConnectClient; override; function CheckForError(ALastResult: Integer): Integer; override; procedure RaiseError(AError: Integer); override; { IIdSSLOpenSSLCallbackHelper } - function GetPassword(const AIsWrite : Boolean): string; - procedure StatusInfo(const ASslSocket: PSSL; AWhere, ARet: TIdC_INT; const AStatusStr: string); - function VerifyPeer(ACertificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean; + function GetPassword(const AIsWrite: Boolean): string; + procedure StatusInfo(const AsslSocket: PSSL; AWhere, Aret: TIdC_INT; + const AStatusStr: string); + function VerifyPeer(ACertificate: TIdX509; AOk: Boolean; + ADepth, AError: Integer): Boolean; function GetIOHandlerSelf: TIdSSLIOHandlerSocketOpenSSL; public destructor Destroy; override; // TODO: add an AOwner parameter - function Clone : TIdSSLIOHandlerSocketBase; override; + function Clone: TIdSSLIOHandlerSocketBase; override; procedure StartSSL; override; procedure AfterAccept; override; procedure Close; override; procedure Open; override; function Readable(AMSec: Integer = IdTimeoutDefault): Boolean; override; property SSLSocket: TIdSSLSocket read fSSLSocket write fSSLSocket; - property OnBeforeConnect: TIOHandlerNotify read fOnBeforeConnect write fOnBeforeConnect; + property OnBeforeConnect: TIOHandlerNotify read fOnBeforeConnect + write fOnBeforeConnect; property SSLContext: TIdSSLContext read fSSLContext write fSSLContext; published property SSLOptions: TIdSSLOptions read fxSSLOptions write fxSSLOptions; - property OnStatusInfo: TCallbackEvent read fOnStatusInfo write fOnStatusInfo; - property OnStatusInfoEx: TCallbackExEvent read fOnStatusInfoEx write fOnStatusInfoEx; - property OnGetPassword: TPasswordEvent read fOnGetPassword write fOnGetPassword; - property OnGetPasswordEx : TPasswordEventEx read fOnGetPasswordEx write fOnGetPasswordEx; - property OnVerifyPeer: TVerifyPeerEvent read fOnVerifyPeer write fOnVerifyPeer; - end; - - TIdServerIOHandlerSSLOpenSSL = class(TIdServerIOHandlerSSLBase, IIdSSLOpenSSLCallbackHelper) + property OnStatusInfo: TCallbackEvent read fOnStatusInfo + write fOnStatusInfo; + property OnStatusInfoEx: TCallbackExEvent read FOnStatusInfoEx + write FOnStatusInfoEx; + property OnGetPassword: TPasswordEvent read fOnGetPassword + write fOnGetPassword; + property OnGetPasswordEx: TPasswordEventEx read fOnGetPasswordEx + write fOnGetPasswordEx; + property OnVerifyPeer: TVerifyPeerEvent read fOnVerifyPeer + write fOnVerifyPeer; + end; + + TIdServerIOHandlerSSLOpenSSL = class(TIdServerIOHandlerSSLBase, + IIdSSLOpenSSLCallbackHelper) protected fxSSLOptions: TIdSSLOptions; fSSLContext: TIdSSLContext; fOnStatusInfo: TCallbackEvent; - FOnStatusInfoEx : TCallbackExEvent; + FOnStatusInfoEx: TCallbackExEvent; fOnGetPassword: TPasswordEvent; - fOnGetPasswordEx : TPasswordEventEx; + fOnGetPasswordEx: TPasswordEventEx; fOnVerifyPeer: TVerifyPeerEvent; // - //procedure CreateSSLContext(axMode: TIdSSLMode); - //procedure CreateSSLContext; + // procedure CreateSSLContext(axMode: TIdSSLMode); + // procedure CreateSSLContext; // procedure DoStatusInfo(const AMsg: String); virtual; procedure DoStatusInfoEx(const AsslSocket: PSSL; - const AWhere, Aret: TIdC_INT; const AWhereStr, ARetStr : String ); + const AWhere, Aret: TIdC_INT; const AWhereStr, ARetStr: String); procedure DoGetPassword(var Password: String); virtual; -//TPasswordEventEx - procedure DoGetPasswordEx(var VPassword: String; const AIsWrite : Boolean); virtual; - function DoVerifyPeer(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean; virtual; + // TPasswordEventEx + procedure DoGetPasswordEx(var VPassword: String; + const AIsWrite: Boolean); virtual; + function DoVerifyPeer(Certificate: TIdX509; AOk: Boolean; + ADepth, AError: Integer): Boolean; virtual; procedure InitComponent; override; { IIdSSLOpenSSLCallbackHelper } - function GetPassword(const AIsWrite : Boolean): string; - procedure StatusInfo(const ASslSocket: PSSL; AWhere, ARet: TIdC_INT; const AStatusStr: string); - function VerifyPeer(ACertificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean; + function GetPassword(const AIsWrite: Boolean): string; + procedure StatusInfo(const AsslSocket: PSSL; AWhere, Aret: TIdC_INT; + const AStatusStr: string); + function VerifyPeer(ACertificate: TIdX509; AOk: Boolean; + ADepth, AError: Integer): Boolean; function GetIOHandlerSelf: TIdSSLIOHandlerSocketOpenSSL; public @@ -499,21 +385,26 @@ TIdServerIOHandlerSSLOpenSSL = class(TIdServerIOHandlerSSLBase, IIdSSLOpenSSLC // AListenerThread is a thread and not a yarn. Its the listener thread. function Accept(ASocket: TIdSocketHandle; AListenerThread: TIdThread; AYarn: TIdYarn): TIdIOHandler; override; -// function Accept(ASocket: TIdSocketHandle; AThread: TIdThread) : TIdIOHandler; override; + // function Accept(ASocket: TIdSocketHandle; AThread: TIdThread) : TIdIOHandler; override; destructor Destroy; override; - function MakeClientIOHandler : TIdSSLIOHandlerSocketBase; override; + function MakeClientIOHandler: TIdSSLIOHandlerSocketBase; override; // - function MakeFTPSvrPort : TIdSSLIOHandlerSocketBase; override; - function MakeFTPSvrPasv : TIdSSLIOHandlerSocketBase; override; + function MakeFTPSvrPort: TIdSSLIOHandlerSocketBase; override; + function MakeFTPSvrPasv: TIdSSLIOHandlerSocketBase; override; // property SSLContext: TIdSSLContext read fSSLContext; published property SSLOptions: TIdSSLOptions read fxSSLOptions write fxSSLOptions; - property OnStatusInfo: TCallbackEvent read fOnStatusInfo write fOnStatusInfo; - property OnStatusInfoEx: TCallbackExEvent read fOnStatusInfoEx write fOnStatusInfoEx; - property OnGetPassword: TPasswordEvent read fOnGetPassword write fOnGetPassword; - property OnGetPasswordEx : TPasswordEventEx read fOnGetPasswordEx write fOnGetPasswordEx; - property OnVerifyPeer: TVerifyPeerEvent read fOnVerifyPeer write fOnVerifyPeer; + property OnStatusInfo: TCallbackEvent read fOnStatusInfo + write fOnStatusInfo; + property OnStatusInfoEx: TCallbackExEvent read FOnStatusInfoEx + write FOnStatusInfoEx; + property OnGetPassword: TPasswordEvent read fOnGetPassword + write fOnGetPassword; + property OnGetPasswordEx: TPasswordEventEx read fOnGetPasswordEx + write fOnGetPasswordEx; + property OnVerifyPeer: TVerifyPeerEvent read fOnVerifyPeer + write fOnVerifyPeer; end; TIdX509Name = class(TObject) @@ -534,11 +425,11 @@ TIdX509Name = class(TObject) TIdX509Info = class(TObject) protected - //Do not free this here because it belongs - //to the X509 or something else. - FX509 : PX509; + // Do not free this here because it belongs + // to the X509 or something else. + FX509: PX509; public - constructor Create( aX509: PX509); + constructor Create(aX509: PX509); // property Certificate: PX509 read FX509; end; @@ -546,79 +437,79 @@ TIdX509Info = class(TObject) TIdX509Fingerprints = class(TIdX509Info) protected function GetMD5: TIdSSLEVP_MD; - function GetMD5AsString:String; + function GetMD5AsString: String; function GetSHA1: TIdSSLEVP_MD; - function GetSHA1AsString:String; - function GetSHA224 : TIdSSLEVP_MD; - function GetSHA224AsString : String; - function GetSHA256 : TIdSSLEVP_MD; - function GetSHA256AsString : String; - function GetSHA384 : TIdSSLEVP_MD; - function GetSHA384AsString : String; - function GetSHA512 : TIdSSLEVP_MD; - function GetSHA512AsString : String; + function GetSHA1AsString: String; + function GetSHA224: TIdSSLEVP_MD; + function GetSHA224AsString: String; + function GetSHA256: TIdSSLEVP_MD; + function GetSHA256AsString: String; + function GetSHA384: TIdSSLEVP_MD; + function GetSHA384AsString: String; + function GetSHA512: TIdSSLEVP_MD; + function GetSHA512AsString: String; public - property MD5 : TIdSSLEVP_MD read GetMD5; - property MD5AsString : String read GetMD5AsString; -{IMPORTANT!!! - -FIPS approves only these algorithms for hashing. -SHA-1 -SHA-224 -SHA-256 -SHA-384 -SHA-512 - -http://csrc.nist.gov/CryptoToolkit/tkhash.html -} - property SHA1 : TIdSSLEVP_MD read GetSHA1; - property SHA1AsString : String read GetSHA1AsString; - property SHA224 : TIdSSLEVP_MD read GetSHA224; - property SHA224AsString : String read GetSHA224AsString; - property SHA256 : TIdSSLEVP_MD read GetSHA256; - property SHA256AsString : String read GetSHA256AsString; - property SHA384 : TIdSSLEVP_MD read GetSHA384; - property SHA384AsString : String read GetSHA384AsString; - property SHA512 : TIdSSLEVP_MD read GetSHA512; - property SHA512AsString : String read GetSHA512AsString; + property MD5: TIdSSLEVP_MD read GetMD5; + property MD5AsString: String read GetMD5AsString; + { IMPORTANT!!! + + FIPS approves only these algorithms for hashing. + SHA-1 + SHA-224 + SHA-256 + SHA-384 + SHA-512 + + http://csrc.nist.gov/CryptoToolkit/tkhash.html + } + property SHA1: TIdSSLEVP_MD read GetSHA1; + property SHA1AsString: String read GetSHA1AsString; + property SHA224: TIdSSLEVP_MD read GetSHA224; + property SHA224AsString: String read GetSHA224AsString; + property SHA256: TIdSSLEVP_MD read GetSHA256; + property SHA256AsString: String read GetSHA256AsString; + property SHA384: TIdSSLEVP_MD read GetSHA384; + property SHA384AsString: String read GetSHA384AsString; + property SHA512: TIdSSLEVP_MD read GetSHA512; + property SHA512AsString: String read GetSHA512AsString; end; TIdX509SigInfo = class(TIdX509Info) protected - function GetSignature : String; - function GetSigType : TIdC_INT; - function GetSigTypeAsString : String; + function GetSignature: String; + function GetSigType: TIdC_INT; + function GetSigTypeAsString: String; public - property Signature : String read GetSignature; - property SigType : TIdC_INT read GetSigType ; - property SigTypeAsString : String read GetSigTypeAsString; + property Signature: String read GetSignature; + property SigType: TIdC_INT read GetSigType; + property SigTypeAsString: String read GetSigTypeAsString; end; TIdX509 = class(TObject) protected - FFingerprints : TIdX509Fingerprints; - FSigInfo : TIdX509SigInfo; - FCanFreeX509 : Boolean; - FX509 : PX509; - FSubject : TIdX509Name; - FIssuer : TIdX509Name; - FDisplayInfo : TStrings; - function RSubject:TIdX509Name; - function RIssuer:TIdX509Name; - function RnotBefore:TDateTime; - function RnotAfter:TDateTime; - function RFingerprint:TIdSSLEVP_MD; - function RFingerprintAsString:String; + FFingerprints: TIdX509Fingerprints; + FSigInfo: TIdX509SigInfo; + FCanFreeX509: Boolean; + FX509: PX509; + FSubject: TIdX509Name; + FIssuer: TIdX509Name; + FDisplayInfo: TStrings; + function RSubject: TIdX509Name; + function RIssuer: TIdX509Name; + function RnotBefore: TDateTime; + function RnotAfter: TDateTime; + function RFingerprint: TIdSSLEVP_MD; + function RFingerprintAsString: String; function GetSerialNumber: String; - function GetVersion : TIdC_LONG; - function GetDisplayInfo : TStrings; + function GetVersion: TIdC_LONG; + function GetDisplayInfo: TStrings; public Constructor Create(aX509: PX509; aCanFreeX509: Boolean = True); virtual; Destructor Destroy; override; - property Version : TIdC_LONG read GetVersion; + property Version: TIdC_LONG read GetVersion; // - property SigInfo : TIdX509SigInfo read FSigInfo; - property Fingerprints : TIdX509Fingerprints read FFingerprints; + property SigInfo: TIdX509SigInfo read FSigInfo; + property Fingerprints: TIdX509Fingerprints read FFingerprints; // property Fingerprint: TIdSSLEVP_MD read RFingerprint; property FingerprintAsString: String read RFingerprintAsString; @@ -626,15 +517,15 @@ TIdX509 = class(TObject) property Issuer: TIdX509Name read RIssuer; property notBefore: TDateTime read RnotBefore; property notAfter: TDateTime read RnotAfter; - property SerialNumber : string read GetSerialNumber; - property DisplayInfo : TStrings read GetDisplayInfo; + property SerialNumber: string read GetSerialNumber; + property DisplayInfo: TStrings read GetDisplayInfo; // property Certificate: PX509 read FX509; end; TIdSSLCipher = class(TObject) protected - FSSLSocket: TIdSSLSocket; + fSSLSocket: TIdSSLSocket; function GetDescription: String; function GetName: String; function GetBits: Integer; @@ -642,18 +533,18 @@ TIdSSLCipher = class(TObject) public constructor Create(AOwner: TIdSSLSocket); destructor Destroy; override; - //These can't be published without a compiler warning. - // published + // These can't be published without a compiler warning. + // published property Description: String read GetDescription; property Name: String read GetName; property Bits: Integer read GetBits; property Version: String read GetVersion; end; + EIdOSSLCouldNotLoadSSLLibrary = class(EIdOpenSSLError); - EIdOSSLModeNotSet = class(EIdOpenSSLError); - EIdOSSLGetMethodError = class(EIdOpenSSLError); - EIdOSSLCreatingSessionError = class(EIdOpenSSLError); - EIdOSSLCreatingContextError = class(EIdOpenSSLAPICryptoError); + EIdOSSLModeNotSet = class(EIdOpenSSLError); + EIdOSSLCreatingSessionError = class(EIdOpenSSLError); + EIdOSSLCreatingContextError = class(EIdOpenSSLAPICryptoError); EIdOSSLLoadingRootCertError = class(EIdOpenSSLAPICryptoError); EIdOSSLLoadingCertError = class(EIdOpenSSLAPICryptoError); EIdOSSLLoadingKeyError = class(EIdOpenSSLAPICryptoError); @@ -663,9 +554,11 @@ EIdOSSLFDSetError = class(EIdOpenSSLAPISSLError); EIdOSSLDataBindingError = class(EIdOpenSSLAPISSLError); EIdOSSLAcceptError = class(EIdOpenSSLAPISSLError); EIdOSSLConnectError = class(EIdOpenSSLAPISSLError); - {$IFNDEF OPENSSL_NO_TLSEXT} +{$IFNDEF OPENSSL_NO_TLSEXT} EIdOSSLSettingTLSHostNameError = class(EIdOpenSSLAPISSLError); - {$ENDIF} +{$ENDIF} + EIdOSSLCouldNotSetMinProtocolVersion = class(EIdOpenSSLAPISSLError); + EIdOSSLCouldNotSetMaxProtocolVersion = class(EIdOpenSSLAPISSLError); function LoadOpenSSLLibrary: Boolean; procedure UnLoadOpenSSLLibrary; @@ -675,14 +568,14 @@ function OpenSSLVersion: string; implementation uses - {$IFDEF HAS_UNIT_Generics_Collections} +{$IFDEF HAS_UNIT_Generics_Collections} System.Generics.Collections, - {$ENDIF} - {$IFDEF USE_VCL_POSIX} +{$ENDIF} +{$IFDEF USE_VCL_POSIX} Posix.SysTime, Posix.Time, Posix.Unistd, - {$ENDIF} +{$ENDIF} IdFIPS, IdResourceStringsCore, IdResourceStringsProtocols, @@ -698,23 +591,28 @@ implementation SysUtils, SyncObjs; +const + INDY_CALLBACK_USERDATA = 0; + INDY_PASSWORD_CALLBACK = 1; + type // TODO: TIdThreadSafeObjectList instead? - {$IFDEF HAS_GENERICS_TThreadList} +{$IFDEF HAS_GENERICS_TThreadList} TIdCriticalSectionThreadList = TThreadList; TIdCriticalSectionList = TList; - {$ELSE} +{$ELSE} // TODO: flesh out to match TThreadList and TList on non-Generics compilers TIdCriticalSectionThreadList = TThreadList; TIdCriticalSectionList = TList; - {$ENDIF} +{$ENDIF} // RLebeau 1/24/2019: defining this as a private implementation for now to // avoid a change in the public interface above. This should be rolled into // the public interface at some point... TIdSSLOptions_Internal = class(TIdSSLOptions) public - {$IFDEF USE_OBJECT_ARC}[Weak]{$ENDIF} Parent: TObject; +{$IFDEF USE_OBJECT_ARC}[Weak] +{$ENDIF} Parent: TObject; end; var @@ -724,187 +622,211 @@ TIdSSLOptions_Internal = class(TIdSSLOptions) LockVerifyCB: TIdCriticalSection = nil; CallbackLockList: TIdCriticalSectionThreadList = nil; -procedure GetStateVars(const sslSocket: PSSL; AWhere, Aret: TIdC_INT; var VTypeStr, VMsg : String); - {$IFDEF USE_INLINE}inline;{$ENDIF} +procedure GetStateVars(const SSLSocket: PSSL; AWhere, Aret: TIdC_INT; + var VTypeStr, VMsg: String); +{$IFDEF USE_INLINE}inline; {$ENDIF} begin case AWhere of - SSL_CB_ALERT : - begin - VTypeStr := IndyFormat( RSOSSLAlert,[SSL_alert_type_string_long(Aret)]); - VMsg := String(SSL_alert_type_string_long(Aret)); - end; - SSL_CB_READ_ALERT : - begin - VTypeStr := IndyFormat(RSOSSLReadAlert,[SSL_alert_type_string_long(Aret)]); - VMsg := String( SSL_alert_desc_string_long(Aret)); - end; - SSL_CB_WRITE_ALERT : - begin - VTypeStr := IndyFormat(RSOSSLWriteAlert,[SSL_alert_type_string_long(Aret)]); - VMsg := String( SSL_alert_desc_string_long(Aret)); - end; - SSL_CB_ACCEPT_LOOP : - begin - VTypeStr := RSOSSLAcceptLoop; - VMsg := String( SSL_state_string_long(sslSocket)); - end; - SSL_CB_ACCEPT_EXIT : - begin - if ARet < 0 then begin - VTypeStr := RSOSSLAcceptError; - end else begin - if ARet = 0 then begin - VTypeStr := RSOSSLAcceptFailed; - end else begin - VTypeStr := RSOSSLAcceptExit; + SSL_CB_ALERT: + begin + VTypeStr := IndyFormat(RSOSSLAlert, [SSL_alert_type_string_long(Aret)]); + VMsg := String(SSL_alert_type_string_long(Aret)); + end; + SSL_CB_READ_ALERT: + begin + VTypeStr := IndyFormat(RSOSSLReadAlert, + [SSL_alert_type_string_long(Aret)]); + VMsg := String(SSL_alert_desc_string_long(Aret)); + end; + SSL_CB_WRITE_ALERT: + begin + VTypeStr := IndyFormat(RSOSSLWriteAlert, + [SSL_alert_type_string_long(Aret)]); + VMsg := String(SSL_alert_desc_string_long(Aret)); + end; + SSL_CB_ACCEPT_LOOP: + begin + VTypeStr := RSOSSLAcceptLoop; + VMsg := String(SSL_state_string_long(SSLSocket)); + end; + SSL_CB_ACCEPT_EXIT: + begin + if Aret < 0 then + begin + VTypeStr := RSOSSLAcceptError; + end + else + begin + if Aret = 0 then + begin + VTypeStr := RSOSSLAcceptFailed; + end + else + begin + VTypeStr := RSOSSLAcceptExit; + end; end; + VMsg := String(SSL_state_string_long(SSLSocket)); end; - VMsg := String( SSL_state_string_long(sslSocket) ); - end; - SSL_CB_CONNECT_LOOP : - begin - VTypeStr := RSOSSLConnectLoop; - VMsg := String( SSL_state_string_long(sslSocket) ); - end; - SSL_CB_CONNECT_EXIT : - begin - if ARet < 0 then begin - VTypeStr := RSOSSLConnectError; - end else begin - if ARet = 0 then begin - VTypeStr := RSOSSLConnectFailed - end else begin - VTypeStr := RSOSSLConnectExit; + SSL_CB_CONNECT_LOOP: + begin + VTypeStr := RSOSSLConnectLoop; + VMsg := String(SSL_state_string_long(SSLSocket)); + end; + SSL_CB_CONNECT_EXIT: + begin + if Aret < 0 then + begin + VTypeStr := RSOSSLConnectError; + end + else + begin + if Aret = 0 then + begin + VTypeStr := RSOSSLConnectFailed + end + else + begin + VTypeStr := RSOSSLConnectExit; + end; end; + VMsg := String(SSL_state_string_long(SSLSocket)); + end; + SSL_CB_HANDSHAKE_START: + begin + VTypeStr := RSOSSLHandshakeStart; + VMsg := String(SSL_state_string_long(SSLSocket)); + end; + SSL_CB_HANDSHAKE_DONE: + begin + VTypeStr := RSOSSLHandshakeDone; + VMsg := String(SSL_state_string_long(SSLSocket)); end; - VMsg := String( SSL_state_string_long(sslSocket) ); - end; - SSL_CB_HANDSHAKE_START : - begin - VTypeStr := RSOSSLHandshakeStart; - VMsg := String( SSL_state_string_long(sslSocket) ); - end; - SSL_CB_HANDSHAKE_DONE : - begin - VTypeStr := RSOSSLHandshakeDone; - VMsg := String( SSL_state_string_long(sslSocket) ); - end; end; -{var LW : TIdC_INT; -begin - VMsg := ''; - LW := Awhere and (not SSL_ST_MASK); - if (LW and SSL_ST_CONNECT) > 0 then begin + { var LW : TIdC_INT; + begin + VMsg := ''; + LW := Awhere and (not SSL_ST_MASK); + if (LW and SSL_ST_CONNECT) > 0 then begin VWhereStr := 'SSL_connect:'; - end else begin + end else begin if (LW and SSL_ST_ACCEPT) > 0 then begin - VWhereStr := ' SSL_accept:'; + VWhereStr := ' SSL_accept:'; end else begin - VWhereStr := ' undefined:'; + VWhereStr := ' undefined:'; end; - end; -// IdSslStateStringLong - if (Awhere and SSL_CB_LOOP) > 0 then begin - VMsg := IdSslStateStringLong(sslSocket); - end else begin + end; + // IdSslStateStringLong + if (Awhere and SSL_CB_LOOP) > 0 then begin + VMsg := IdSslStateStringLong(sslSocket); + end else begin if (Awhere and SSL_CB_ALERT) > 0 then begin - if (Awhere and SSL_CB_READ > 0) then begin - VWhereStr := VWhereStr + ' read:'+ IdSslAlertTypeStringLong(Aret); - end else begin - VWhereStr := VWhereStr + 'write:'+ IdSslAlertTypeStringLong(Aret); - end;; - VMsg := IdSslAlertDescStringLong(Aret); + if (Awhere and SSL_CB_READ > 0) then begin + VWhereStr := VWhereStr + ' read:'+ IdSslAlertTypeStringLong(Aret); + end else begin + VWhereStr := VWhereStr + 'write:'+ IdSslAlertTypeStringLong(Aret); + end;; + VMsg := IdSslAlertDescStringLong(Aret); end else begin - if (Awhere and SSL_CB_EXIT) > 0 then begin - if ARet = 0 then begin - - VWhereStr := VWhereStr +'failed'; - VMsg := IdSslStateStringLong(sslSocket); - end else begin - if ARet < 0 then begin - VWhereStr := VWhereStr +'error'; - VMsg := IdSslStateStringLong(sslSocket); - end; - end; - end; + if (Awhere and SSL_CB_EXIT) > 0 then begin + if ARet = 0 then begin + + VWhereStr := VWhereStr +'failed'; + VMsg := IdSslStateStringLong(sslSocket); + end else begin + if ARet < 0 then begin + VWhereStr := VWhereStr +'error'; + VMsg := IdSslStateStringLong(sslSocket); + end; + end; end; - end; } + end; + end; } end; -function PasswordCallback(buf: PIdAnsiChar; size: TIdC_INT; rwflag: TIdC_INT; userdata: Pointer): TIdC_INT; cdecl; +function PasswordCallback(buf: PIdAnsiChar; size: TIdC_INT; rwflag: TIdC_INT; + userdata: Pointer): TIdC_INT; cdecl; {$IFDEF USE_MARSHALLED_PTRS} type TBytesPtr = ^TBytes; {$ENDIF} var Password: String; - {$IFDEF STRING_IS_UNICODE} +{$IFDEF STRING_IS_UNICODE} LPassword: TIdBytes; - {$ENDIF} +{$ENDIF} IdSSLContext: TIdSSLContext; - LErr : Integer; + LErr: Integer; LHelper: IIdSSLOpenSSLCallbackHelper; begin - //Preserve last eror just in case OpenSSL is using it and we do something that - //clobers it. CYA. + // Preserve last eror just in case OpenSSL is using it and we do something that + // clobers it. CYA. LErr := GStack.WSGetLastError; try LockPassCB.Enter; try - Password := ''; {Do not Localize} + Password := ''; { Do not Localize } IdSSLContext := TIdSSLContext(userdata); - if Supports(IdSSLContext.Parent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin + if Supports(IdSSLContext.Parent, IIdSSLOpenSSLCallbackHelper, + IInterface(LHelper)) then + begin Password := LHelper.GetPassword(rwflag > 0); LHelper := nil; end; FillChar(buf^, size, 0); - {$IFDEF STRING_IS_UNICODE} +{$IFDEF STRING_IS_UNICODE} LPassword := IndyTextEncoding_OSDefault.GetBytes(Password); - if Length(LPassword) > 0 then begin - {$IFDEF USE_MARSHALLED_PTRS} - TMarshal.Copy(TBytesPtr(@LPassword)^, 0, TPtrWrapper.Create(buf), IndyMin(Length(LPassword), size)); - {$ELSE} + if Length(LPassword) > 0 then + begin +{$IFDEF USE_MARSHALLED_PTRS} + TMarshal.Copy(TBytesPtr(@LPassword)^, 0, TPtrWrapper.Create(buf), + IndyMin(Length(LPassword), size)); +{$ELSE} Move(LPassword[0], buf^, IndyMin(Length(LPassword), size)); - {$ENDIF} +{$ENDIF} end; Result := Length(LPassword); - {$ELSE} +{$ELSE} StrPLCopy(buf, Password, size); Result := Length(Password); - {$ENDIF} - buf[size-1] := #0; // RLebeau: truncate the password if needed +{$ENDIF} + buf[size - 1] := #0; // RLebeau: truncate the password if needed finally LockPassCB.Leave; end; finally - GStack.WSSetLastError(LErr); + GStack.WSSetLastError(LErr); end; end; -procedure InfoCallback(const sslSocket: PSSL; where, ret: TIdC_INT); cdecl; +procedure InfoCallback(const SSLSocket: PSSL; where, ret: TIdC_INT); cdecl; var IdSSLSocket: TIdSSLSocket; - StatusStr : String; - LErr : Integer; + StatusStr: String; + LErr: Integer; LHelper: IIdSSLOpenSSLCallbackHelper; begin -{ -You have to save the value of WSGetLastError as some Operating System API -function calls will reset that value and we can't know what a programmer will -do in this event. We need the value of WSGetLastError so we can report -an underlying socket error when the OpenSSL function returns. + { + You have to save the value of WSGetLastError as some Operating System API + function calls will reset that value and we can't know what a programmer will + do in this event. We need the value of WSGetLastError so we can report + an underlying socket error when the OpenSSL function returns. -JPM. -} + JPM. + } LErr := GStack.WSGetLastError; try LockInfoCB.Enter; try - IdSSLSocket := TIdSSLSocket(SSL_get_app_data(sslSocket)); - if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin - StatusStr := IndyFormat(RSOSSLStatusString, [String(SSL_state_string_long(sslSocket))]); - LHelper.StatusInfo(sslSocket, where, ret, StatusStr); - LHelper := nil; + IdSSLSocket := TIdSSLSocket(SSL_get_app_data(SSLSocket)); + if Assigned(IdSSLSocket) then begin + if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, + IInterface(LHelper)) then begin + StatusStr := IndyFormat(RSOSSLStatusString, + [String(SSL_state_string_long(SSLSocket))]); + LHelper.StatusInfo(SSLSocket, where, ret, StatusStr); + LHelper := nil; + end; end; finally LockInfoCB.Leave; @@ -918,13 +840,16 @@ function TranslateInternalVerifyToSSL(Mode: TIdSSLVerifyModeSet): Integer; {$IFDEF USE_INLINE} inline; {$ENDIF} begin Result := SSL_VERIFY_NONE; - if sslvrfPeer in Mode then begin + if sslvrfPeer in Mode then + begin Result := Result or SSL_VERIFY_PEER; end; - if sslvrfFailIfNoPeerCert in Mode then begin + if sslvrfFailIfNoPeerCert in Mode then + begin Result := Result or SSL_VERIFY_FAIL_IF_NO_PEER_CERT; end; - if sslvrfClientOnce in Mode then begin + if sslvrfClientOnce in Mode then + begin Result := Result or SSL_VERIFY_CLIENT_ONCE; end; end; @@ -946,30 +871,42 @@ function VerifyCallback(Ok: TIdC_INT; ctx: PX509_STORE_CTX): TIdC_INT; cdecl; try VerifiedOK := True; try - hSSL := X509_STORE_CTX_get_app_data(ctx); - if hSSL = nil then begin + if Assigned(X509_STORE_CTX_get_ex_data) then begin + hSSL := X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx); + end else begin + hSSL := X509_STORE_CTX_get_app_data(ctx); + end; + if hSSL = nil then + begin Result := Ok; Exit; end; hcert := X509_STORE_CTX_get_current_cert(ctx); - Certificate := TIdX509.Create(hcert, False); // the certificate is owned by the store + Certificate := TIdX509.Create(hcert, False); + // the certificate is owned by the store try IdSSLSocket := TIdSSLSocket(SSL_get_app_data(hSSL)); - Error := X509_STORE_CTX_get_error(ctx); - Depth := X509_STORE_CTX_get_error_depth(ctx); - if not ((Ok > 0) and (IdSSLSocket.fSSLContext.VerifyDepth >= Depth)) then begin - Ok := 0; - {if Error = X509_V_OK then begin + if Assigned(IdSSLSocket) then begin + Error := X509_STORE_CTX_get_error(ctx); + Depth := X509_STORE_CTX_get_error_depth(ctx); + if not((Ok > 0) and (IdSSLSocket.fSSLContext.VerifyDepth >= Depth)) then + begin + Ok := 0; + { if Error = X509_V_OK then begin Error := X509_V_ERR_CERT_CHAIN_TOO_LONG; - end;} - end; - LOk := False; - if Ok = 1 then begin - LOk := True; - end; - if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin - VerifiedOK := LHelper.VerifyPeer(Certificate, LOk, Depth, Error); - LHelper := nil; + end; } + end; + LOk := False; + if Ok = 1 then + begin + LOk := True; + end; + if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, + IInterface(LHelper)) then + begin + VerifiedOK := LHelper.VerifyPeer(Certificate, LOk, Depth, Error); + LHelper := nil; + end; end; finally FreeAndNil(Certificate); @@ -977,51 +914,55 @@ function VerifyCallback(Ok: TIdC_INT; ctx: PX509_STORE_CTX): TIdC_INT; cdecl; except VerifiedOK := False; end; - //if VerifiedOK and (Ok > 0) then begin - if VerifiedOK {and (Ok > 0)} then begin + // if VerifiedOK and (Ok > 0) then begin + if VerifiedOK { and (Ok > 0) } then + begin Result := 1; end - else begin + else + begin Result := 0; end; - // Result := Ok; // testing + // Result := Ok; // testing finally LockVerifyCB.Leave; end; end; -////////////////////////////////////////////////////// -// Utilities -////////////////////////////////////////////////////// +/// /////////////////////////////////////////////////// +// Utilities +/// /////////////////////////////////////////////////// -function IndySSL_load_client_CA_file(const AFileName: String) : PSTACK_OF_X509_NAME; forward; +function IndySSL_load_client_CA_file(const AFileName: String) + : PSTACK_OF_X509_NAME; forward; function IndySSL_CTX_use_PrivateKey_file(ctx: PSSL_CTX; const AFileName: String; AType: Integer): TIdC_INT; forward; -function IndySSL_CTX_use_certificate_file(ctx: PSSL_CTX; const AFileName: String; - AType: Integer): TIdC_INT; forward; -function IndySSL_CTX_use_certificate_chain_file(ctx :PSSL_CTX; - const AFileName: String) : TIdC_INT; forward; +function IndySSL_CTX_use_certificate_file(ctx: PSSL_CTX; + const AFileName: String; AType: Integer): TIdC_INT; forward; +function IndySSL_CTX_use_certificate_chain_file(ctx: PSSL_CTX; + const AFileName: String): TIdC_INT; forward; function IndyX509_STORE_load_locations(ctx: PX509_STORE; const AFileName, APathName: String): TIdC_INT; forward; function IndySSL_CTX_load_verify_locations(ctx: PSSL_CTX; const ACAFile, ACAPath: String): TIdC_INT; forward; -function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; - const AFileName: String; AType: Integer): TIdC_INT; forward; +function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; const AFileName: String; + AType: Integer): TIdC_INT; forward; // TODO { -function d2i_DHparams_bio(bp: PBIO; x: PPointer): PDH; inline; -begin + function d2i_DHparams_bio(bp: PBIO; x: PPointer): PDH; inline; + begin Result := PDH(ASN1_d2i_bio(@DH_new, @d2i_DHparams, bp, x)); -end; + end; } // SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file() do not // natively support PKCS12 certificates/keys, only PEM/ASN1, so load them // manually... -function IndySSL_CTX_use_PrivateKey_file_PKCS12(ctx: PSSL_CTX; const AFileName: String): TIdC_INT; +function IndySSL_CTX_use_PrivateKey_file_PKCS12(ctx: PSSL_CTX; + const AFileName: String): TIdC_INT; var LM: TMemoryStream; B: PBIO; @@ -1031,6 +972,8 @@ function IndySSL_CTX_use_PrivateKey_file_PKCS12(ctx: PSSL_CTX; const AFileName: CertChain: PSTACK_OF_X509; LPassword: array of TIdAnsiChar; LPasswordPtr: PIdAnsiChar; + LPWCallback : function(buf: PIdAnsiChar; size: TIdC_INT; rwflag: TIdC_INT; + userdata: Pointer): TIdC_INT; cdecl; begin Result := 0; @@ -1047,37 +990,47 @@ function IndySSL_CTX_use_PrivateKey_file_PKCS12(ctx: PSSL_CTX; const AFileName: end; try - B := BIO_new_mem_buf(LM.Memory, LM.Size); - if not Assigned(B) then begin + B := BIO_new_mem_buf(LM.Memory, LM.size); + if not Assigned(B) then + begin SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); Exit; end; try - SetLength(LPassword, MAX_SSL_PASSWORD_LENGTH+1); + SetLength(LPassword, MAX_SSL_PASSWORD_LENGTH + 1); LPassword[MAX_SSL_PASSWORD_LENGTH] := TIdAnsiChar(0); LPasswordPtr := PIdAnsiChar(LPassword); - if Assigned(ctx^.default_passwd_callback) then begin - ctx^.default_passwd_callback(LPasswordPtr, MAX_SSL_PASSWORD_LENGTH, 0, ctx^.default_passwd_callback_userdata); + @LPWCallback := SSL_CTX_get_ex_data(ctx, INDY_PASSWORD_CALLBACK); + if Assigned(LPWCallback) then + begin + LPWCallback(LPasswordPtr, MAX_SSL_PASSWORD_LENGTH, 0, + SSL_CTX_get_ex_data(ctx, INDY_CALLBACK_USERDATA)); // TODO: check return value for failure - end else begin + end + else + begin // TODO: call PEM_def_callback(), like PEM_read_bio_X509() does // when default_passwd_callback is nil end; P12 := d2i_PKCS12_bio(B, nil); - if not Assigned(P12) then begin + if not Assigned(P12) then + begin SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_PKCS12_LIB); Exit; end; try CertChain := nil; - if PKCS12_parse(P12, LPasswordPtr, LKey, LCert, @CertChain) <> 1 then begin + if PKCS12_parse(P12, LPasswordPtr, LKey, LCert, @CertChain) <> 1 then + begin SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PKCS12_LIB); Exit; end; try Result := SSL_CTX_use_PrivateKey(ctx, LKey); finally - sk_pop_free(CertChain, @X509_free); + if Assigned(CertChain) then begin + sk_pop_free(CertChain, @X509_free); + end; X509_free(LCert); EVP_PKEY_free(LKey); end; @@ -1092,7 +1045,8 @@ function IndySSL_CTX_use_PrivateKey_file_PKCS12(ctx: PSSL_CTX; const AFileName: end; end; -function IndySSL_CTX_use_certificate_file_PKCS12(ctx: PSSL_CTX; const AFileName: String): TIdC_INT; +function IndySSL_CTX_use_certificate_file_PKCS12(ctx: PSSL_CTX; + const AFileName: String): TIdC_INT; var LM: TMemoryStream; B: PBIO; @@ -1102,6 +1056,8 @@ function IndySSL_CTX_use_certificate_file_PKCS12(ctx: PSSL_CTX; const AFileName: CertChain: PSTACK_OF_X509; LPassword: array of TIdAnsiChar; LPasswordPtr: PIdAnsiChar; + LPWCallback : function(buf: PIdAnsiChar; size: TIdC_INT; rwflag: TIdC_INT; + userdata: Pointer): TIdC_INT; cdecl; begin Result := 0; @@ -1118,19 +1074,25 @@ function IndySSL_CTX_use_certificate_file_PKCS12(ctx: PSSL_CTX; const AFileName: end; try - B := BIO_new_mem_buf(LM.Memory, LM.Size); - if not Assigned(B) then begin + B := BIO_new_mem_buf(LM.Memory, LM.size); + if not Assigned(B) then + begin SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); Exit; end; try - SetLength(LPassword, MAX_SSL_PASSWORD_LENGTH+1); + SetLength(LPassword, MAX_SSL_PASSWORD_LENGTH + 1); LPassword[MAX_SSL_PASSWORD_LENGTH] := TIdAnsiChar(0); LPasswordPtr := PIdAnsiChar(LPassword); - if Assigned(ctx^.default_passwd_callback) then begin - ctx^.default_passwd_callback(LPasswordPtr, MAX_SSL_PASSWORD_LENGTH, 0, ctx^.default_passwd_callback_userdata); + @LPWCallback := SSL_CTX_get_ex_data(ctx, INDY_PASSWORD_CALLBACK); + if Assigned(LPWCallback) then + begin + LPWCallback(LPasswordPtr, MAX_SSL_PASSWORD_LENGTH, 0, + SSL_CTX_get_ex_data(ctx, INDY_CALLBACK_USERDATA)); // TODO: check return value for failure - end else begin + end + else + begin // TODO: call PEM_def_callback(), like PEM_read_bio_X509() does // when default_passwd_callback is nil end; @@ -1142,14 +1104,17 @@ function IndySSL_CTX_use_certificate_file_PKCS12(ctx: PSSL_CTX; const AFileName: end; try CertChain := nil; - if PKCS12_parse(P12, LPasswordPtr, PKey, LCert, @CertChain) <> 1 then begin + if PKCS12_parse(P12, LPasswordPtr, PKey, LCert, @CertChain) <> 1 then + begin SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PKCS12_LIB); Exit; end; try Result := SSL_CTX_use_certificate(ctx, LCert); finally - sk_pop_free(CertChain, @X509_free); + if Assigned(CertChain) then begin + sk_pop_free(CertChain, @X509_free); + end; X509_free(LCert); EVP_PKEY_free(PKey); end; @@ -1176,13 +1141,11 @@ function IndySSL_CTX_use_certificate_file_PKCS12(ctx: PSSL_CTX; const AFileName: } {$IFDEF STRING_IS_UNICODE} - - {$IFDEF WINDOWS} - -function Indy_unicode_X509_load_cert_crl_file(ctx: PX509_LOOKUP; const AFileName: String; - const _type: TIdC_INT): TIdC_INT; forward; -function Indy_unicode_X509_load_cert_file(ctx: PX509_LOOKUP; const AFileName: String; - _type: TIdC_INT): TIdC_INT; forward; +{$IFDEF WINDOWS} +function Indy_unicode_X509_load_cert_crl_file(ctx: PX509_LOOKUP; + const AFileName: String; const _type: TIdC_INT): TIdC_INT; forward; +function Indy_unicode_X509_load_cert_file(ctx: PX509_LOOKUP; + const AFileName: String; _type: TIdC_INT): TIdC_INT; forward; { This is for some file lookup definitions for a LOOKUP method that @@ -1195,12 +1158,10 @@ function by_Indy_unicode_file_ctrl(ctx: PX509_LOOKUP; cmd: TIdC_INT; const Indy_x509_unicode_file_lookup: X509_LOOKUP_METHOD = - ( - name: PAnsiChar('Load file into cache'); - new_item: nil; // * new */ - free: nil; // * free */ - init: nil; // * init */ - shutdown: nil; // * shutdown */ + (name: PAnsiChar('Load file into cache'); new_item: nil; // * new */ + Free: nil; // * free */ + Init: nil; // * init */ + Shutdown: nil; // * shutdown */ ctrl: by_Indy_unicode_file_ctrl; // * ctrl */ get_by_subject: nil; // * get_by_subject */ get_by_issuer_serial: nil; // * get_by_issuer_serial */ @@ -1232,31 +1193,37 @@ function by_Indy_unicode_file_ctrl(ctx: PX509_LOOKUP; cmd: TIdC_INT; case argl of X509_FILETYPE_DEFAULT: begin - LFileName := GetEnvironmentVariable(String(X509_get_default_cert_file_env)); - if LFileName = '' then begin + LFileName := GetEnvironmentVariable + (String(X509_get_default_cert_file_env)); + if LFileName = '' then + begin LFileName := String(X509_get_default_cert_file); end; - LOk := Ord(Indy_unicode_X509_load_cert_crl_file(ctx, LFileName, X509_FILETYPE_PEM) <> 0); - if LOk = 0 then begin + LOk := Ord(Indy_unicode_X509_load_cert_crl_file(ctx, LFileName, + X509_FILETYPE_PEM) <> 0); + if LOk = 0 then + begin X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS); end; end; X509_FILETYPE_PEM: begin LFileName := PWideChar(Pointer(argc)); - LOk := Ord(Indy_unicode_X509_load_cert_crl_file(ctx, LFileName, X509_FILETYPE_PEM) <> 0); + LOk := Ord(Indy_unicode_X509_load_cert_crl_file(ctx, LFileName, + X509_FILETYPE_PEM) <> 0); end; else LFileName := PWideChar(Pointer(argc)); - LOk := Ord(Indy_unicode_X509_load_cert_file(ctx, LFileName, TIdC_INT(argl)) <> 0); + LOk := Ord(Indy_unicode_X509_load_cert_file(ctx, LFileName, + TIdC_INT(argl)) <> 0); end; end; end; Result := LOk; end; -function Indy_unicode_X509_load_cert_file(ctx: PX509_LOOKUP; const AFileName: String; - _type: TIdC_INT): TIdC_INT; +function Indy_unicode_X509_load_cert_file(ctx: PX509_LOOKUP; + const AFileName: String; _type: TIdC_INT): TIdC_INT; var LM: TMemoryStream; Lin: PBIO; @@ -1266,7 +1233,8 @@ function Indy_unicode_X509_load_cert_file(ctx: PX509_LOOKUP; const AFileName: St Result := 0; count := 0; - if AFileName = '' then begin + if AFileName = '' then + begin Result := 1; Exit; end; @@ -1284,8 +1252,9 @@ function Indy_unicode_X509_load_cert_file(ctx: PX509_LOOKUP; const AFileName: St end; try - Lin := BIO_new_mem_buf(LM.Memory, LM.Size); - if not Assigned(Lin) then begin + Lin := BIO_new_mem_buf(LM.Memory, LM.size); + if not Assigned(Lin) then + begin X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB); Exit; end; @@ -1295,34 +1264,41 @@ function Indy_unicode_X509_load_cert_file(ctx: PX509_LOOKUP; const AFileName: St begin repeat LX := PEM_read_bio_X509_AUX(Lin, nil, nil, nil); - if not Assigned(LX) then begin + if not Assigned(LX) then + begin if ((ERR_GET_REASON(ERR_peek_last_error()) - = PEM_R_NO_START_LINE) and (count > 0)) then begin + = PEM_R_NO_START_LINE) and (count > 0)) then + begin ERR_clear_error(); Break; - end else begin + end + else + begin X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB); Exit; end; end; - i := X509_STORE_add_cert(ctx^.store_ctx, LX); - if i = 0 then begin + i := X509_STORE_add_cert(X509_LOOKUP_get_store(ctx),LX); + if i = 0 then + begin Exit; end; Inc(count); - X509_Free(LX); + X509_free(LX); until False; Result := count; end; X509_FILETYPE_ASN1: begin LX := d2i_X509_bio(Lin, nil); - if not Assigned(LX) then begin + if not Assigned(LX) then + begin X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB); Exit; end; - i := X509_STORE_add_cert(ctx^.store_ctx, LX); - if i = 0 then begin + i := X509_STORE_add_cert(X509_LOOKUP_get_store(ctx),LX); + if i = 0 then + begin Exit; end; Result := i; @@ -1339,8 +1315,8 @@ function Indy_unicode_X509_load_cert_file(ctx: PX509_LOOKUP; const AFileName: St end; end; -function Indy_unicode_X509_load_cert_crl_file(ctx: PX509_LOOKUP; const AFileName: String; - const _type: TIdC_INT): TIdC_INT; +function Indy_unicode_X509_load_cert_crl_file(ctx: PX509_LOOKUP; + const AFileName: String; const _type: TIdC_INT): TIdC_INT; var LM: TMemoryStream; Linf: PSTACK_OF_X509_INFO; @@ -1352,7 +1328,8 @@ function Indy_unicode_X509_load_cert_crl_file(ctx: PX509_LOOKUP; const AFileName count := 0; LM := nil; - if _type <> X509_FILETYPE_PEM then begin + if _type <> X509_FILETYPE_PEM then + begin Result := Indy_unicode_X509_load_cert_file(ctx, AFileName, _type); Exit; end; @@ -1369,8 +1346,9 @@ function Indy_unicode_X509_load_cert_crl_file(ctx: PX509_LOOKUP; const AFileName end; try - Lin := BIO_new_mem_buf(LM.Memory, LM.Size); - if not Assigned(Lin) then begin + Lin := BIO_new_mem_buf(LM.Memory, LM.size); + if not Assigned(Lin) then + begin X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); Exit; end; @@ -1382,19 +1360,23 @@ function Indy_unicode_X509_load_cert_crl_file(ctx: PX509_LOOKUP; const AFileName finally FreeAndNil(LM); end; - if not Assigned(Linf) then begin + if not Assigned(Linf) then + begin X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); Exit; end; try - for i := 0 to sk_X509_INFO_num(Linf) - 1 do begin + for i := 0 to sk_X509_INFO_num(Linf) - 1 do + begin Litmp := sk_X509_INFO_value(Linf, i); - if Assigned(Litmp^.x509) then begin - X509_STORE_add_cert(ctx^.store_ctx, Litmp^.x509); + if Assigned(Litmp^.x509) and assigned(ctx) then + begin + X509_STORE_add_cert(X509_LOOKUP_get_store(ctx),Litmp^.x509); Inc(count); end; - if Assigned(Litmp^.crl) then begin - X509_STORE_add_crl(ctx^.store_ctx, Litmp^.crl); + if Assigned(Litmp^.crl) and assigned(ctx) then + begin + X509_STORE_add_cert(X509_LOOKUP_get_store(ctx),Litmp^.x509); Inc(count); end; end; @@ -1407,18 +1389,20 @@ function Indy_unicode_X509_load_cert_crl_file(ctx: PX509_LOOKUP; const AFileName procedure IndySSL_load_client_CA_file_err(var VRes: PSTACK_OF_X509_NAME); {$IFDEF USE_INLINE} inline; {$ENDIF} begin - if Assigned(VRes) then begin + if Assigned(VRes) then + begin sk_X509_NAME_pop_free(VRes, @X509_NAME_free); VRes := nil; end; end; -function xname_cmp(const a, b: PPX509_NAME): TIdC_INT; cdecl; +function xname_cmp(const a, B: PPX509_NAME): TIdC_INT; cdecl; begin - Result := X509_NAME_cmp(a^, b^); + Result := X509_NAME_cmp(a^, B^); end; -function IndySSL_load_client_CA_file(const AFileName: String): PSTACK_OF_X509_NAME; +function IndySSL_load_client_CA_file(const AFileName: String) + : PSTACK_OF_X509_NAME; var LM: TMemoryStream; LB: PBIO; @@ -1431,7 +1415,8 @@ function IndySSL_load_client_CA_file(const AFileName: String): PSTACK_OF_X509_NA Failed := False; LX := nil; Lsk := sk_X509_NAME_new(@xname_cmp); - if Assigned(Lsk) then begin + if Assigned(Lsk) then + begin try LM := nil; try @@ -1445,25 +1430,30 @@ function IndySSL_load_client_CA_file(const AFileName: String): PSTACK_OF_X509_NA Exit; end; try - LB := BIO_new_mem_buf(LM.Memory, LM.Size); - if Assigned(LB) then begin + LB := BIO_new_mem_buf(LM.Memory, LM.size); + if Assigned(LB) then + begin try try repeat LX := PEM_read_bio_X509(LB, nil, nil, nil); - if LX = nil then begin + if LX = nil then + begin Break; end; - if not Assigned(Result) then begin + if not Assigned(Result) then + begin Result := sk_X509_NAME_new_null; - if not Assigned(Result) then begin + if not Assigned(Result) then + begin SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); Failed := True; Exit; end; end; LXN := X509_get_subject_name(LX); - if not Assigned(LXN) then begin + if not Assigned(LXN) then + begin // error IndySSL_load_client_CA_file_err(Result); Failed := True; @@ -1471,15 +1461,19 @@ function IndySSL_load_client_CA_file(const AFileName: String): PSTACK_OF_X509_NA end; // * check for duplicates */ LXNDup := X509_NAME_dup(LXN); - if not Assigned(LXNDup) then begin + if not Assigned(LXNDup) then + begin // error IndySSL_load_client_CA_file_err(Result); Failed := True; Exit; end; - if (sk_X509_NAME_find(Lsk, LXNDup) >= 0) then begin + if (sk_X509_NAME_find(Lsk, LXNDup) >= 0) then + begin X509_NAME_free(LXNDup); - end else begin + end + else + begin sk_X509_NAME_push(Lsk, LXNDup); sk_X509_NAME_push(Result, LXNDup); end; @@ -1487,10 +1481,12 @@ function IndySSL_load_client_CA_file(const AFileName: String): PSTACK_OF_X509_NA LX := nil; until False; finally - if Assigned(LX) then begin + if Assigned(LX) then + begin X509_free(LX); end; - if Failed and Assigned(Result) then begin + if Failed and Assigned(Result) then + begin sk_X509_NAME_pop_free(Result, @X509_NAME_free); Result := nil; end; @@ -1499,7 +1495,8 @@ function IndySSL_load_client_CA_file(const AFileName: String): PSTACK_OF_X509_NA BIO_free(LB); end; end - else begin + else + begin SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); end; finally @@ -1509,10 +1506,12 @@ function IndySSL_load_client_CA_file(const AFileName: String): PSTACK_OF_X509_NA sk_X509_NAME_free(Lsk); end; end - else begin + else + begin SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); end; - if Assigned(Result) then begin + if Assigned(Result) then + begin ERR_clear_error; end; end; @@ -1540,8 +1539,9 @@ function IndySSL_CTX_use_PrivateKey_file(ctx: PSSL_CTX; const AFileName: String; end; try - B := BIO_new_mem_buf(LM.Memory, LM.Size); - if not Assigned(B) then begin + B := BIO_new_mem_buf(LM.Memory, LM.size); + if not Assigned(B) then + begin SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB); Exit; end; @@ -1551,8 +1551,8 @@ function IndySSL_CTX_use_PrivateKey_file(ctx: PSSL_CTX; const AFileName: String; begin j := ERR_R_PEM_LIB; LKey := PEM_read_bio_PrivateKey(B, nil, - ctx^.default_passwd_callback, - ctx^.default_passwd_callback_userdata); + SSL_CTX_get_ex_data(ctx, INDY_PASSWORD_CALLBACK), + SSL_CTX_get_ex_data(ctx, INDY_CALLBACK_USERDATA)); end; SSL_FILETYPE_ASN1: begin @@ -1563,7 +1563,8 @@ function IndySSL_CTX_use_PrivateKey_file(ctx: PSSL_CTX; const AFileName: String; SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE); Exit; end; - if not Assigned(LKey) then begin + if not Assigned(LKey) then + begin SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j); Exit; end; @@ -1600,8 +1601,9 @@ function IndySSL_CTX_use_certificate_file(ctx: PSSL_CTX; end; try - B := BIO_new_mem_buf(LM.Memory, LM.Size); - if not Assigned(B) then begin + B := BIO_new_mem_buf(LM.Memory, LM.size); + if not Assigned(B) then + begin SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); Exit; end; @@ -1615,15 +1617,17 @@ function IndySSL_CTX_use_certificate_file(ctx: PSSL_CTX; SSL_FILETYPE_PEM: begin j := ERR_R_PEM_LIB; - LX := PEM_read_bio_X509(B, nil, ctx^.default_passwd_callback, - ctx^.default_passwd_callback_userdata); + LX := PEM_read_bio_X509(B, nil, SSL_CTX_get_ex_data(ctx, INDY_PASSWORD_CALLBACK), + SSL_CTX_get_ex_data(ctx, INDY_CALLBACK_USERDATA)); end - else begin + else + begin SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE); Exit; end; end; - if not Assigned(LX) then begin + if not Assigned(LX) then + begin SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j); Exit; end; @@ -1637,21 +1641,21 @@ function IndySSL_CTX_use_certificate_file(ctx: PSSL_CTX; end; end; -function IndySSL_CTX_use_certificate_chain_file(ctx :PSSL_CTX; - const AFileName: String) : TIdC_INT; +function IndySSL_CTX_use_certificate_chain_file(ctx: PSSL_CTX; + const AFileName: String): TIdC_INT; var LM: TMemoryStream; B: PBIO; LX: PX509; - ca :PX509; + ca: PX509; r: TIdC_INT; - LErr :TIdC_ULONG; + LErr: TIdC_ULONG; begin Result := 0; - ERR_clear_error(); //* clear error stack for - //* SSL_CTX_use_certificate() */ + ERR_clear_error(); // * clear error stack for + // * SSL_CTX_use_certificate() */ LM := nil; try @@ -1665,57 +1669,71 @@ function IndySSL_CTX_use_certificate_chain_file(ctx :PSSL_CTX; Exit; end; try - B := BIO_new_mem_buf(LM.Memory, LM.Size); - if not Assigned(B) then begin + B := BIO_new_mem_buf(LM.Memory, LM.size); + if not Assigned(B) then + begin SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); Exit; end; try - LX := PEM_read_bio_X509_AUX(B, nil, ctx^.default_passwd_callback, - ctx^.default_passwd_callback_userdata); - if (Lx = nil) then begin + LX := PEM_read_bio_X509_AUX(B, nil, SSL_CTX_get_ex_data(ctx, INDY_PASSWORD_CALLBACK), + SSL_CTX_get_ex_data(ctx, INDY_CALLBACK_USERDATA)); + if (LX = nil) then + begin SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); - end else begin - Result := SSL_CTX_use_certificate(ctx, Lx); - if (ERR_peek_error() <> 0) then begin - Result := 0; //* Key/certificate mismatch doesn't imply - //* ret==0 ... */ + end + else + begin + Result := SSL_CTX_use_certificate(ctx, LX); + if (ERR_peek_error() <> 0) then + begin + Result := 0; // * Key/certificate mismatch doesn't imply + // * ret==0 ... */ end; - if Result <> 0 then begin + if Result <> 0 then + begin SSL_CTX_clear_chain_certs(ctx); repeat - ca := PEM_read_bio_X509(B, nil, - ctx^.default_passwd_callback, - ctx^.default_passwd_callback_userdata); - if ca = nil then begin - break; +//JPM - Todo: somehow fix this so we don't use the feilds in SSL_CTX. +//We weren't supposed to do that since Open SSL 1.0.2 and probably earlier. + ca := PEM_read_bio_X509(B, nil, SSL_CTX_get_ex_data(ctx, INDY_PASSWORD_CALLBACK), + SSL_CTX_get_ex_data(ctx, INDY_CALLBACK_USERDATA)); + if ca = nil then + begin + Break; end; r := SSL_CTX_add0_chain_cert(ctx, ca); - if (r = 0) then begin - X509_free(ca); - Result := 0; - break; -// goto end; + if (r = 0) then + begin + X509_free(ca); + Result := 0; + Break; + // goto end; end; - //* - //* Note that we must not free r if it was successfully added to - //* the chain (while we must free the main certificate, since its - //* reference count is increased by SSL_CTX_use_certificate). + // * + // * Note that we must not free r if it was successfully added to + // * the chain (while we must free the main certificate, since its + // * reference count is increased by SSL_CTX_use_certificate). // */ until False; - if ca <> nil then begin - //* When the while loop ends, it's usually just EOF. */ + if ca <> nil then + begin + // * When the while loop ends, it's usually just EOF. */ LErr := ERR_peek_last_error(); - if (ERR_GET_LIB(Lerr) = ERR_LIB_PEM) - and (ERR_GET_REASON(Lerr) = PEM_R_NO_START_LINE) then begin + if (ERR_GET_LIB(LErr) = ERR_LIB_PEM) and + (ERR_GET_REASON(LErr) = PEM_R_NO_START_LINE) then + begin ERR_clear_error(); - end else begin - Result := 0; //* some real error */ + end + else + begin + Result := 0; // * some real error */ end; end; end; - //err: - if LX <> nil then begin + // err: + if LX <> nil then + begin X509_free(LX); end; end; @@ -1733,9 +1751,11 @@ function IndyX509_STORE_load_locations(ctx: PX509_STORE; lookup: PX509_LOOKUP; begin Result := 0; - if AFileName <> '' then begin + if AFileName <> '' then + begin lookup := X509_STORE_add_lookup(ctx, Indy_Unicode_X509_LOOKUP_file); - if not Assigned(lookup) then begin + if not Assigned(lookup) then + begin Exit; end; // RLebeau: the PAnsiChar(Pointer(...)) cast below looks weird, but it is @@ -1743,17 +1763,23 @@ function IndyX509_STORE_load_locations(ctx: PX509_STORE; // we are using Unicode strings here. So casting the UnicodeString to a // raw Pointer and then passing that to X509_LOOKUP_load_file() as PAnsiChar. // Indy_Unicode_X509_LOOKUP_file will cast it back to PWideChar for processing... - if (X509_LOOKUP_load_file(lookup, PAnsiChar(Pointer(AFileName)), X509_FILETYPE_PEM) <> 1) then begin + if (X509_LOOKUP_load_file(lookup, PAnsiChar(Pointer(AFileName)), + X509_FILETYPE_PEM) <> 1) then + begin Exit; end; end; - if APathName <> '' then begin + if APathName <> '' then + begin { TODO: Figure out how to do the hash dir lookup with a Unicode path. } - if (X509_STORE_load_locations(ctx, nil, PAnsiChar(AnsiString(APathName))) <> 1) then begin + if (X509_STORE_load_locations(ctx, nil, PAnsiChar(AnsiString(APathName))) + <> 1) then + begin Exit; end; end; - if (AFileName = '') and (APathName = '') then begin + if (AFileName = '') and (APathName = '') then + begin Exit; end; Result := 1; @@ -1763,11 +1789,11 @@ function IndySSL_CTX_load_verify_locations(ctx: PSSL_CTX; const ACAFile, ACAPath: String): TIdC_INT; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := IndyX509_STORE_load_locations(ctx^.cert_store, ACAFile, ACAPath); + Result := IndyX509_STORE_load_locations(SSL_CTX_get_cert_store(ctx), ACAFile, ACAPath); end; -function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; - const AFileName: String; AType: Integer): TIdC_INT; +function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; const AFileName: String; + AType: Integer): TIdC_INT; var LM: TMemoryStream; B: PBIO; @@ -1789,8 +1815,9 @@ function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; end; try - B := BIO_new_mem_buf(LM.Memory, LM.Size); - if not Assigned(B) then begin + B := BIO_new_mem_buf(LM.Memory, LM.size); + if not Assigned(B) then + begin SSLerr(SSL_F_SSL3_CTRL, ERR_R_BUF_LIB); Exit; end; @@ -1798,24 +1825,26 @@ function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; case AType of // TODO { - SSL_FILETYPE_ASN1: + SSL_FILETYPE_ASN1: begin - j := ERR_R_ASN1_LIB; - LDH := d2i_DHparams_bio(B, nil); + j := ERR_R_ASN1_LIB; + LDH := d2i_DHparams_bio(B, nil); end; } SSL_FILETYPE_PEM: begin j := ERR_R_DH_LIB; - LDH := PEM_read_bio_DHparams(B, nil, ctx^.default_passwd_callback, - ctx^.default_passwd_callback_userdata); + LDH := PEM_read_bio_DHparams(B, nil, SSL_CTX_get_ex_data(ctx, INDY_PASSWORD_CALLBACK), + SSL_CTX_get_ex_data(ctx, INDY_CALLBACK_USERDATA)); end - else begin + else + begin SSLerr(SSL_F_SSL3_CTRL, SSL_R_BAD_SSL_FILETYPE); Exit; end; end; - if not Assigned(LDH) then begin + if not Assigned(LDH) then + begin SSLerr(SSL_F_SSL3_CTRL, j); Exit; end; @@ -1829,23 +1858,24 @@ function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; end; end; - {$ENDIF} // WINDOWS +{$ENDIF} // WINDOWS - {$IFDEF UNIX} +{$IFDEF UNIX} -function IndySSL_load_client_CA_file(const AFileName: String) : PSTACK_OF_X509_NAME; +function IndySSL_load_client_CA_file(const AFileName: String) + : PSTACK_OF_X509_NAME; {$IFDEF USE_MARSHALLED_PTRS} var M: TMarshaller; {$ENDIF} begin Result := SSL_load_client_CA_file( - {$IFDEF USE_MARSHALLED_PTRS} +{$IFDEF USE_MARSHALLED_PTRS} M.AsUtf8(AFileName).ToPointer - {$ELSE} +{$ELSE} PAnsiChar(UTF8String(AFileName)) - {$ENDIF} - ); +{$ENDIF} + ); end; function IndySSL_CTX_use_PrivateKey_file(ctx: PSSL_CTX; const AFileName: String; @@ -1857,11 +1887,11 @@ function IndySSL_CTX_use_PrivateKey_file(ctx: PSSL_CTX; const AFileName: String; {$ENDIF} begin Result := SSL_CTX_use_PrivateKey_file(ctx, - {$IFDEF USE_MARSHALLED_PTRS} +{$IFDEF USE_MARSHALLED_PTRS} M.AsUtf8(AFileName).ToPointer - {$ELSE} +{$ELSE} PAnsiChar(UTF8String(AFileName)) - {$ENDIF} +{$ENDIF} , AType); end; @@ -1874,16 +1904,16 @@ function IndySSL_CTX_use_certificate_file(ctx: PSSL_CTX; {$ENDIF} begin Result := SSL_CTX_use_certificate_file(ctx, - {$IFDEF USE_MARSHALLED_PTRS} +{$IFDEF USE_MARSHALLED_PTRS} M.AsUtf8(AFileName).ToPointer - {$ELSE} +{$ELSE} PAnsiChar(UTF8String(AFileName)) - {$ENDIF} +{$ENDIF} , AType); end; -function IndySSL_CTX_use_certificate_chain_file(ctx :PSSL_CTX; - const AFileName: String) : TIdC_INT; +function IndySSL_CTX_use_certificate_chain_file(ctx: PSSL_CTX; + const AFileName: String): TIdC_INT; {$IFDEF USE_INLINE} inline; {$ENDIF} {$IFDEF USE_MARSHALLED_PTRS} var @@ -1891,20 +1921,24 @@ function IndySSL_CTX_use_certificate_chain_file(ctx :PSSL_CTX; {$ENDIF} begin Result := SSL_CTX_use_certificate_chain_file(ctx, - {$IFDEF USE_MARSHALLED_PTRS} +{$IFDEF USE_MARSHALLED_PTRS} M.AsUtf8(AFileName).ToPointer - {$ELSE} +{$ELSE} PAnsiChar(UTF8String(AFileName)) - {$ENDIF}); +{$ENDIF}); end; {$IFDEF USE_MARSHALLED_PTRS} + function AsUtf8OrNil(var M: TMarshaller; const S: String): Pointer; - {$IFDEF USE_INLINE} inline; {$ENDIF} +{$IFDEF USE_INLINE} inline; {$ENDIF} begin - if S <> '' then begin + if S <> '' then + begin Result := M.AsUtf8(S).ToPointer; - end else begin + end + else + begin Result := nil; end; end; @@ -1929,14 +1963,13 @@ function IndyX509_STORE_load_locations(ctx: PX509_STORE; // strings as well... // Result := X509_STORE_load_locations(ctx, - {$IFDEF USE_MARSHALLED_PTRS} - AsUtf8OrNil(M, AFileName), - AsUtf8OrNil(M, APathName) - {$ELSE} +{$IFDEF USE_MARSHALLED_PTRS} + AsUtf8OrNil(M, AFileName), AsUtf8OrNil(M, APathName) +{$ELSE} PAnsiChar(Pointer(UTF8String(AFileName))), PAnsiChar(Pointer(UTF8String(APathName))) - {$ENDIF} - ); +{$ENDIF} + ); end; function IndySSL_CTX_load_verify_locations(ctx: PSSL_CTX; @@ -1947,46 +1980,47 @@ function IndySSL_CTX_load_verify_locations(ctx: PSSL_CTX; // instead of just calling SSL_CTX_load_verify_locations() with // UTF-8 input? - //Result := SSL_CTX_load_verify_locations(ctx, - // {$IFDEF USE_MARSHALLED_PTRS} - // AsUtf8OrNl(ACAFile), - // AsUtf8OrNil(ACAPath) - // {$ELSE} - // PAnsiChar(Pointer(UTF8String(ACAFile))), - // PAnsiChar(Pointer(UTF8String(ACAPath))) - // {$ENDIF} - //); + // Result := SSL_CTX_load_verify_locations(ctx, + // {$IFDEF USE_MARSHALLED_PTRS} + // AsUtf8OrNl(ACAFile), + // AsUtf8OrNil(ACAPath) + // {$ELSE} + // PAnsiChar(Pointer(UTF8String(ACAFile))), + // PAnsiChar(Pointer(UTF8String(ACAPath))) + // {$ENDIF} + // ); Result := IndyX509_STORE_load_locations(ctx^.cert_store, ACAFile, ACAPath); end; -function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; - const AFileName: String; AType: Integer): TIdC_INT; +function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; const AFileName: String; + AType: Integer): TIdC_INT; var B: PBIO; LDH: PDH; j: Integer; - {$IFDEF USE_MARSHALLED_PTRS} +{$IFDEF USE_MARSHALLED_PTRS} M: TMarshaller; - {$ENDIF} +{$ENDIF} begin Result := 0; B := BIO_new_file( - {$IFDEF USE_MARSHALLED_PTRS} +{$IFDEF USE_MARSHALLED_PTRS} M.AsUtf8(AFileName).ToPointer - {$ELSE} +{$ELSE} PAnsiChar(UTF8String(AFileName)) - {$ENDIF} +{$ENDIF} , 'r'); - if Assigned(B) then begin + if Assigned(B) then + begin try case AType of // TODO { - SSL_FILETYPE_ASN1: + SSL_FILETYPE_ASN1: begin - j := ERR_R_ASN1_LIB; - LDH := d2i_DHparams_bio(B, nil); + j := ERR_R_ASN1_LIB; + LDH := d2i_DHparams_bio(B, nil); end; } SSL_FILETYPE_PEM: @@ -1995,12 +2029,14 @@ function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; LDH := PEM_read_bio_DHparams(B, nil, ctx^.default_passwd_callback, ctx^.default_passwd_callback_userdata); end - else begin + else + begin SSLerr(SSL_F_SSL3_CTRL, SSL_R_BAD_SSL_FILETYPE); Exit; end; end; - if not Assigned(LDH) then begin + if not Assigned(LDH) then + begin SSLerr(SSL_F_SSL3_CTRL, j); Exit; end; @@ -2012,11 +2048,12 @@ function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; end; end; - {$ENDIF} // UNIX +{$ENDIF} // UNIX {$ELSE} // STRING_IS_UNICODE -function IndySSL_load_client_CA_file(const AFileName: String) : PSTACK_OF_X509_NAME; +function IndySSL_load_client_CA_file(const AFileName: String) + : PSTACK_OF_X509_NAME; {$IFDEF USE_INLINE} inline; {$ENDIF} begin Result := SSL_load_client_CA_file(PAnsiChar(AFileName)); @@ -2036,8 +2073,8 @@ function IndySSL_CTX_use_certificate_file(ctx: PSSL_CTX; Result := SSL_CTX_use_certificate_file(ctx, PAnsiChar(AFileName), AType); end; -function IndySSL_CTX_use_certificate_chain_file(ctx :PSSL_CTX; - const AFileName: String) : TIdC_INT; +function IndySSL_CTX_use_certificate_chain_file(ctx: PSSL_CTX; + const AFileName: String): TIdC_INT; {$IFDEF USE_INLINE} inline; {$ENDIF} begin Result := SSL_CTX_use_certificate_chain_file(ctx, PAnsiChar(AFileName)); @@ -2053,8 +2090,7 @@ function IndyX509_STORE_load_locations(ctx: PX509_STORE; // to fail. Need to cast the string to an intermediate Pointer so the // PAnsiChar cast is applied to the raw data and thus can be nil... // - Result := X509_STORE_load_locations(ctx, - PAnsiChar(Pointer(AFileName)), + Result := X509_STORE_load_locations(ctx, PAnsiChar(Pointer(AFileName)), PAnsiChar(Pointer(APathName))); end; @@ -2067,13 +2103,12 @@ function IndySSL_CTX_load_verify_locations(ctx: PSSL_CTX; // to fail. Need to cast the string to an intermediate Pointer so the // PAnsiChar cast is applied to the raw data and thus can be nil... // - Result := SSL_CTX_load_verify_locations(ctx, - PAnsiChar(Pointer(ACAFile)), + Result := SSL_CTX_load_verify_locations(ctx, PAnsiChar(Pointer(ACAFile)), PAnsiChar(Pointer(ACAPath))); end; -function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; - const AFileName: String; AType: Integer): TIdC_INT; +function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; const AFileName: String; + AType: Integer): TIdC_INT; var B: PBIO; LDH: PDH; @@ -2081,15 +2116,16 @@ function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; begin Result := 0; B := BIO_new_file(PAnsiChar(AFileName), 'r'); - if Assigned(B) then begin + if Assigned(B) then + begin try case AType of // TODO { - SSL_FILETYPE_ASN1: + SSL_FILETYPE_ASN1: begin - j := ERR_R_ASN1_LIB; - LDH := d2i_DHparams_bio(B, nil); + j := ERR_R_ASN1_LIB; + LDH := d2i_DHparams_bio(B, nil); end; } SSL_FILETYPE_PEM: @@ -2098,12 +2134,14 @@ function IndySSL_CTX_use_DHparams_file(ctx: PSSL_CTX; LDH := PEM_read_bio_DHparams(B, nil, ctx^.default_passwd_callback, ctx^.default_passwd_callback_userdata); end - else begin + else + begin SSLerr(SSL_F_SSL3_CTRL, SSL_R_BAD_SSL_FILETYPE); Exit; end; end; - if not Assigned(LDH) then begin + if not Assigned(LDH) then + begin SSLerr(SSL_F_SSL3_CTRL, j); Exit; end; @@ -2158,33 +2196,36 @@ procedure IdSslCryptoMallocInit; Assert(r <> 0); end; {$ENDIF} - {$IFNDEF OPENSSL_NO_BIO} -procedure DumpCert(AOut: TStrings; AX509: PX509); + +procedure DumpCert(AOut: TStrings; aX509: PX509); var LMem: PBIO; - LLen : TIdC_INT; - LBufPtr : PIdAnsiChar; + LLen: TIdC_INT; + LBufPtr: PIdAnsiChar; begin - if Assigned(X509_print) then begin + if Assigned(X509_print) then + begin LMem := BIO_new(BIO_s_mem); - if LMem <> nil then begin + if LMem <> nil then + begin try - X509_print(LMem, AX509); + X509_print(LMem, aX509); LLen := BIO_get_mem_data(LMem, LBufPtr); - if (LLen > 0) and (LBufPtr <> nil) then begin + if (LLen > 0) and (LBufPtr <> nil) then + begin AOut.Text := IndyTextEncoding_UTF8.GetString( - {$IFNDEF VCL_6_OR_ABOVE} +{$IFNDEF VCL_6_OR_ABOVE} // RLebeau: for some reason, Delphi 5 causes a "There is no overloaded // version of 'GetString' that can be called with these arguments" compiler // error if the PByte type-cast is used, even though GetString() actually // expects a PByte as input. Must be a compiler bug, as it compiles fine // in Delphi 6. So, converting to TIdBytes until I find a better solution... RawToBytes(LBufPtr^, LLen) - {$ELSE} +{$ELSE} PByte(LBufPtr), LLen - {$ENDIF} - ); +{$ENDIF} + ); end; finally BIO_free(LMem); @@ -2195,16 +2236,16 @@ procedure DumpCert(AOut: TStrings; AX509: PX509); {$ELSE} -procedure DumpCert(AOut: TStrings; AX509: PX509); +procedure DumpCert(AOut: TStrings; aX509: PX509); begin end; {$ENDIF} -{$IFNDEF WIN32_OR_WIN64} -procedure _threadid_func(id : PCRYPTO_THREADID) cdecl; +procedure _threadid_func(id: PCRYPTO_THREADID)cdecl; begin - if Assigned(CRYPTO_THREADID_set_numeric) then begin + if Assigned(CRYPTO_THREADID_set_numeric) then + begin CRYPTO_THREADID_set_numeric(id, TIdC_ULONG(CurrentThreadId)); end; end; @@ -2215,9 +2256,8 @@ function _GetThreadID: TIdC_ULONG; cdecl; // thread to thread or many on the same thread. Result := TIdC_ULONG(CurrentThreadId); end; -{$ENDIF} -procedure SslLockingCallback(mode, n: TIdC_INT; Afile: PIdAnsiChar; +procedure SslLockingCallback(Mode, n: TIdC_INT; Afile: PIdAnsiChar; line: TIdC_INT)cdecl; var Lock: TIdCriticalSection; @@ -2228,16 +2268,21 @@ procedure SslLockingCallback(mode, n: TIdC_INT; Afile: PIdAnsiChar; LList := CallbackLockList.LockList; try - if n < LList.Count then begin - Lock := {$IFDEF HAS_GENERICS_TList}LList.Items[n]{$ELSE}TIdCriticalSection(LList.Items[n]){$ENDIF}; + if n < LList.count then + begin + Lock := {$IFDEF HAS_GENERICS_TList}LList.Items[n]{$ELSE}TIdCriticalSection + (LList.Items[n]){$ENDIF}; end; finally CallbackLockList.UnlockList; end; Assert(Lock <> nil); - if (mode and CRYPTO_LOCK) = CRYPTO_LOCK then begin + if (Mode and CRYPTO_LOCK) = CRYPTO_LOCK then + begin Lock.Acquire; - end else begin + end + else + begin Lock.Release; end; end; @@ -2251,7 +2296,8 @@ procedure PrepareOpenSSLLocking; LList := CallbackLockList.LockList; try cnt := _CRYPTO_num_locks; - for i := 0 to cnt - 1 do begin + for i := 0 to cnt - 1 do + begin Lock := TIdCriticalSection.Create; try LList.Add(Lock); @@ -2279,7 +2325,9 @@ function UTCTime2DateTime(UCTTime: PASN1_UTCTIME): TDateTime; tz_m: Integer; begin Result := 0; - if UTC_Time_Decode(UCTTime, year, month, day, hour, min, sec, tz_h, tz_m) > 0 then begin + if UTC_Time_Decode(UCTTime, year, month, day, hour, min, sec, tz_h, tz_m) > 0 + then + begin Result := EncodeDate(year, month, day) + EncodeTime(hour, min, sec, 0); AddMins(Result, tz_m); AddHrs(Result, tz_h); @@ -2288,27 +2336,27 @@ function UTCTime2DateTime(UCTTime: PASN1_UTCTIME): TDateTime; end; { -function RSACallback(sslSocket: PSSL; e: Integer; KeyLength: Integer):PRSA; cdecl; -const + function RSACallback(sslSocket: PSSL; e: Integer; KeyLength: Integer):PRSA; cdecl; + const RSA: PRSA = nil; -var + var SSLSocket: TSSLWSocket; IdSSLSocket: TIdSSLSocket; -begin + begin IdSSLSocket := TIdSSLSocket(IdSslGetAppData(sslSocket)); if Assigned(IdSSLSocket) then begin - IdSSLSocket.TriggerSSLRSACallback(KeyLength); + IdSSLSocket.TriggerSSLRSACallback(KeyLength); end; Result := RSA_generate_key(KeyLength, RSA_F4, @RSAProgressCallback, ssl); -end; + end; } -function LogicalAnd(A, B: Integer): Boolean; +function LogicalAnd(a, B: Integer): Boolean; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := (A and B) = B; + Result := (a and B) = B; end; function BytesToHexString(APtr: Pointer; ALen: Integer): String; @@ -2319,8 +2367,10 @@ function BytesToHexString(APtr: Pointer; ALen: Integer): String; begin Result := ''; LPtr := PByte(APtr); - for i := 0 to (ALen - 1) do begin - if i <> 0 then begin + for i := 0 to (ALen - 1) do + begin + if i <> 0 then + begin Result := Result + ':'; { Do not Localize } end; Result := Result + IndyFormat('%.2x', [LPtr^]); @@ -2334,8 +2384,10 @@ function MDAsString(const AMD: TIdSSLEVP_MD): String; i: Integer; begin Result := ''; - for i := 0 to AMD.Length - 1 do begin - if i <> 0 then begin + for i := 0 to AMD.Length - 1 do + begin + if i <> 0 then + begin Result := Result + ':'; { Do not Localize } end; Result := Result + IndyFormat('%.2x', [Byte(AMD.MD[i])]); @@ -2348,12 +2400,14 @@ function LoadOpenSSLLibrary: Boolean; Assert(SSLIsLoaded <> nil); SSLIsLoaded.Lock; try - if SSLIsLoaded.Value then begin + if SSLIsLoaded.Value then + begin Result := True; Exit; end; Result := IdSSLOpenSSLHeaders.Load; - if not Result then begin + if not Result then + begin Exit; end; {$IFDEF OPENSSL_SET_MEMORY_FUNCS} @@ -2361,14 +2415,44 @@ function LoadOpenSSLLibrary: Boolean; IdSslCryptoMallocInit; {$ENDIF} // required eg to encrypt a private key when writing - OpenSSL_add_all_ciphers; - OpenSSL_add_all_digests; + if Assigned(OpenSSL_add_all_ciphers) then + begin + OpenSSL_add_all_ciphers; + end + else + begin + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, nil); + end; + if Assigned(OpenSSL_add_all_digests) then + begin + OpenSSL_add_all_digests; + end + else + begin + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, nil); + end; InitializeRandom; // IdSslRandScreen; - SSL_load_error_strings; + if Assigned(SSL_load_error_strings) then + begin + SSL_load_error_strings; + end + else + begin + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS or + OPENSSL_INIT_LOAD_CRYPTO_STRINGS, nil); + end; // Successful loading if true - Result := SSLeay_add_ssl_algorithms > 0; - if not Result then begin + if Assigned(SSLeay_add_ssl_algorithms) then + begin + Result := SSLeay_add_ssl_algorithms > 0; + end + else + begin + Result := OPENSSL_init_ssl(0, nil) > 0; + end; + if not Result then + begin Exit; end; // Create locking structures, we need them for callback routines @@ -2379,14 +2463,20 @@ function LoadOpenSSLLibrary: Boolean; // Handle internal OpenSSL locking CallbackLockList := TIdCriticalSectionThreadList.Create; PrepareOpenSSLLocking; - CRYPTO_set_locking_callback(@SslLockingCallback); -{$IFNDEF WIN32_OR_WIN64} - if Assigned(CRYPTO_THREADID_set_callback) then begin + if Assigned(CRYPTO_set_locking_callback) then + begin + CRYPTO_set_locking_callback(@SslLockingCallback); + end; + if Assigned(CRYPTO_THREADID_set_callback) then + begin CRYPTO_THREADID_set_callback(@_threadid_func); - end else begin - CRYPTO_set_id_callback(@_GetThreadID); + end + else + begin + if Assigned(CRYPTO_set_id_callback) then begin + CRYPTO_set_id_callback(@_GetThreadID); + end; end; -{$ENDIF} SSLIsLoaded.Value := True; Result := True; finally @@ -2404,30 +2494,34 @@ procedure UnLoadOpenSSLLibrary; {$ENDIF} begin // ssl was never loaded - if Assigned(CRYPTO_set_locking_callback) then begin + if Assigned(CRYPTO_set_locking_callback) then + begin CRYPTO_set_locking_callback(nil); end; - CleanupRandom; // <-- RLebeau: why is this here and not in IdSSLOpenSSLHeaders.Unload()? + CleanupRandom; + // <-- RLebeau: why is this here and not in IdSSLOpenSSLHeaders.Unload()? IdSSLOpenSSLHeaders.Unload; FreeAndNil(LockInfoCB); FreeAndNil(LockPassCB); FreeAndNil(LockVerifyCB); - if Assigned(CallbackLockList) then begin - {$IFDEF USE_OBJECT_ARC} + if Assigned(CallbackLockList) then + begin +{$IFDEF USE_OBJECT_ARC} CallbackLockList.Clear; // Items are auto-freed - {$ELSE} +{$ELSE} LList := CallbackLockList.LockList; begin try - for i := 0 to LList.Count - 1 do begin - {$IFDEF HAS_GENERICS_TList}LList.Items[i]{$ELSE}TIdCriticalSection(LList.Items[i]){$ENDIF}.Free; + for i := 0 to LList.count - 1 do + begin +{$IFDEF HAS_GENERICS_TList}LList.Items[i]{$ELSE}TIdCriticalSection(LList.Items[i]){$ENDIF}.Free; end; LList.Clear; finally CallbackLockList.UnlockList; end; end; - {$ENDIF} +{$ENDIF} FreeAndNil(CallbackLockList); end; SSLIsLoaded.Value := False; @@ -2440,14 +2534,15 @@ function OpenSSLVersion: string; // might have been loaded OK before the failure occured. LoadOpenSSLLibrary() // does not unload .. IdSSLOpenSSL.LoadOpenSSLLibrary; - if Assigned(_SSLeay_version) then begin + if Assigned(_SSLeay_version) then + begin Result := String(_SSLeay_version(SSLEAY_VERSION)); end; end; -////////////////////////////////////////////////////// -// TIdSSLOptions -/////////////////////////////////////////////////////// +/// /////////////////////////////////////////////////// +// TIdSSLOptions +/// //////////////////////////////////////////////////// constructor TIdSSLOptions.Create; begin @@ -2459,9 +2554,12 @@ constructor TIdSSLOptions.Create; procedure TIdSSLOptions.SetMethod(const AValue: TIdSSLVersion); begin fMethod := AValue; - if AValue = sslvSSLv23 then begin - fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2]; - end else begin + if AValue = sslvSSLv23 then + begin + fSSLVersions := [sslvSSLv2, sslvSSLv3, sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2, sslvTLSv1_3]; + end + else + begin fSSLVersions := [AValue]; end; end; @@ -2469,27 +2567,38 @@ procedure TIdSSLOptions.SetMethod(const AValue: TIdSSLVersion); procedure TIdSSLOptions.SetSSLVersions(const AValue: TIdSSLVersions); begin fSSLVersions := AValue; - if fSSLVersions = [sslvSSLv2] then begin + if fSSLVersions = [sslvSSLv2] then + begin fMethod := sslvSSLv2; end - else if fSSLVersions = [sslvSSLv3] then begin + else if fSSLVersions = [sslvSSLv3] then + begin fMethod := sslvSSLv3; end - else if fSSLVersions = [sslvTLSv1] then begin + else if fSSLVersions = [sslvTLSv1] then + begin fMethod := sslvTLSv1; end - else if fSSLVersions = [sslvTLSv1_1 ] then begin + else if fSSLVersions = [sslvTLSv1_1] then + begin fMethod := sslvTLSv1_1; end - else if fSSLVersions = [sslvTLSv1_2 ] then begin + else if fSSLVersions = [sslvTLSv1_2] then + begin fMethod := sslvTLSv1_2; end - else begin + else if fSSLVersions = [sslvTLSv1_3] then begin + fMethod := sslvTLSv1_3; + end + else + begin fMethod := sslvSSLv23; - if sslvSSLv23 in fSSLVersions then begin + if sslvSSLv23 in fSSLVersions then + begin Exclude(fSSLVersions, sslvSSLv23); - if fSSLVersions = [] then begin - fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2]; + if fSSLVersions = [] then + begin + fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2,sslvTLSv1_3]; end; end; end; @@ -2499,7 +2608,8 @@ procedure TIdSSLOptions.AssignTo(Destination: TPersistent); var LDest: TIdSSLOptions; begin - if Destination is TIdSSLOptions then begin + if Destination is TIdSSLOptions then + begin LDest := TIdSSLOptions(Destination); LDest.RootCertFile := RootCertFile; LDest.CertFile := CertFile; @@ -2512,14 +2622,16 @@ procedure TIdSSLOptions.AssignTo(Destination: TPersistent); LDest.VerifyDepth := VerifyDepth; LDest.VerifyDirs := VerifyDirs; LDest.CipherList := CipherList; - end else begin + end + else + begin inherited AssignTo(Destination); end; end; -/////////////////////////////////////////////////////// -// TIdServerIOHandlerSSLOpenSSL -/////////////////////////////////////////////////////// +/// //////////////////////////////////////////////////// +// TIdServerIOHandlerSSLOpenSSL +/// //////////////////////////////////////////////////// { TIdServerIOHandlerSSLOpenSSL } @@ -2537,9 +2649,9 @@ destructor TIdServerIOHandlerSSLOpenSSL.Destroy; end; procedure TIdServerIOHandlerSSLOpenSSL.Init; -//see also TIdSSLIOHandlerSocketOpenSSL.Init +// see also TIdSSLIOHandlerSocketOpenSSL.Init begin - //ensure Init isn't called twice + // ensure Init isn't called twice Assert(fSSLContext = nil); fSSLContext := TIdSSLContext.Create; fSSLContext.Parent := Self; @@ -2553,9 +2665,10 @@ procedure TIdServerIOHandlerSSLOpenSSL.Init; fSSLContext.fVerifyDirs := SSLOptions.fVerifyDirs; fSSLContext.fCipherList := SSLOptions.fCipherList; fSSLContext.VerifyOn := Assigned(fOnVerifyPeer); - fSSLContext.StatusInfoOn := Assigned(fOnStatusInfo) or Assigned(FOnStatusInfoEx); - //fSSLContext.PasswordRoutineOn := Assigned(fOnGetPassword); - fSSLContext.fMethod := SSLOptions.Method; + fSSLContext.StatusInfoOn := Assigned(fOnStatusInfo) or + Assigned(FOnStatusInfoEx); + // fSSLContext.PasswordRoutineOn := Assigned(fOnGetPassword); + fSSLContext.fMethod := SSLOptions.Method; fSSLContext.fMode := SSLOptions.Mode; fSSLContext.fSSLVersions := SSLOptions.SSLVersions; @@ -2564,24 +2677,28 @@ procedure TIdServerIOHandlerSSLOpenSSL.Init; function TIdServerIOHandlerSSLOpenSSL.Accept(ASocket: TIdSocketHandle; // This is a thread and not a yarn. Its the listener thread. - AListenerThread: TIdThread; AYarn: TIdYarn ): TIdIOHandler; + AListenerThread: TIdThread; AYarn: TIdYarn): TIdIOHandler; var LIO: TIdSSLIOHandlerSocketOpenSSL; begin - //using a custom scheduler, AYarn may be nil, so don't assert - Assert(ASocket<>nil); - Assert(fSSLContext<>nil); - Assert(AListenerThread<>nil); + // using a custom scheduler, AYarn may be nil, so don't assert + Assert(ASocket <> nil); + Assert(fSSLContext <> nil); + Assert(AListenerThread <> nil); Result := nil; LIO := TIdSSLIOHandlerSocketOpenSSL.Create(nil); try LIO.PassThrough := True; LIO.Open; - while not AListenerThread.Stopped do begin - if ASocket.Select(250) then begin - if (not AListenerThread.Stopped) and LIO.Binding.Accept(ASocket.Handle) then begin - //we need to pass the SSLOptions for the socket from the server + while not AListenerThread.Stopped do + begin + if ASocket.Select(250) then + begin + if (not AListenerThread.Stopped) and LIO.Binding.Accept(ASocket.Handle) + then + begin + // we need to pass the SSLOptions for the socket from the server // TODO: wouldn't it be easier to just Assign() the server's SSLOptions // here? Do we really need to share ownership of it? // LIO.fxSSLOptions.Assign(fxSSLOptions); @@ -2594,9 +2711,9 @@ function TIdServerIOHandlerSSLOpenSSL.Accept(ASocket: TIdSocketHandle; // - Set up an additional SSL_CTX for each different certificate; // - Add a servername callback to each SSL_CTX using SSL_CTX_set_tlsext_servername_callback(); // - In the callback, retrieve the client-supplied servername with - // SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name). Figure out the right - // SSL_CTX to go with that host name, then switch the SSL object to that - // SSL_CTX with SSL_set_SSL_CTX(). + // SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name). Figure out the right + // SSL_CTX to go with that host name, then switch the SSL object to that + // SSL_CTX with SSL_set_SSL_CTX(). // RLebeau 2/1/2022: note, the following call is basically a no-op for OpenSSL, // because PassThrough=True and fSSLContext are both assigned above, so there @@ -2620,7 +2737,8 @@ function TIdServerIOHandlerSSLOpenSSL.Accept(ASocket: TIdSocketHandle; procedure TIdServerIOHandlerSSLOpenSSL.DoStatusInfo(const AMsg: String); begin - if Assigned(fOnStatusInfo) then begin + if Assigned(fOnStatusInfo) then + begin fOnStatusInfo(AMsg); end; end; @@ -2628,23 +2746,26 @@ procedure TIdServerIOHandlerSSLOpenSSL.DoStatusInfo(const AMsg: String); procedure TIdServerIOHandlerSSLOpenSSL.DoStatusInfoEx(const AsslSocket: PSSL; const AWhere, Aret: TIdC_INT; const AWhereStr, ARetStr: String); begin - if Assigned(FOnStatusInfoEx) then begin - FOnStatusInfoEx(Self,AsslSocket,AWhere,Aret,AWHereStr,ARetStr); + if Assigned(FOnStatusInfoEx) then + begin + FOnStatusInfoEx(Self, AsslSocket, AWhere, Aret, AWhereStr, ARetStr); end; end; procedure TIdServerIOHandlerSSLOpenSSL.DoGetPassword(var Password: String); begin - if Assigned(fOnGetPassword) then begin + if Assigned(fOnGetPassword) then + begin fOnGetPassword(Password); end; end; -procedure TIdServerIOHandlerSSLOpenSSL.DoGetPasswordEx( - var VPassword: String; const AIsWrite: Boolean); +procedure TIdServerIOHandlerSSLOpenSSL.DoGetPasswordEx(var VPassword: String; + const AIsWrite: Boolean); begin - if Assigned(fOnGetPasswordEx) then begin - fOnGetPasswordEx(Self,VPassword,AIsWrite); + if Assigned(fOnGetPasswordEx) then + begin + fOnGetPasswordEx(Self, VPassword, AIsWrite); end; end; @@ -2652,14 +2773,15 @@ function TIdServerIOHandlerSSLOpenSSL.DoVerifyPeer(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean; begin Result := True; - if Assigned(fOnVerifyPeer) then begin + if Assigned(fOnVerifyPeer) then + begin Result := fOnVerifyPeer(Certificate, AOk, ADepth, AError); end; end; -function TIdServerIOHandlerSSLOpenSSL.MakeFTPSvrPort : TIdSSLIOHandlerSocketBase; +function TIdServerIOHandlerSSLOpenSSL.MakeFTPSvrPort: TIdSSLIOHandlerSocketBase; var - LIO : TIdSSLIOHandlerSocketOpenSSL; + LIO: TIdSSLIOHandlerSocketOpenSSL; begin LIO := TIdSSLIOHandlerSocketOpenSSL.Create(nil); try @@ -2668,7 +2790,7 @@ function TIdServerIOHandlerSSLOpenSSL.MakeFTPSvrPort : TIdSSLIOHandlerSocketBase LIO.OnGetPasswordEx := OnGetPasswordEx; LIO.IsPeer := True; // RLebeau 1/24/2019: is this still needed now? LIO.SSLOptions.Assign(SSLOptions); - LIO.SSLOptions.Mode := sslmBoth;{or sslmClient}{doesn't really matter} + LIO.SSLOptions.Mode := sslmBoth; { or sslmClient }{ doesn't really matter } LIO.SSLContext := SSLContext; except LIO.Free; @@ -2683,9 +2805,9 @@ procedure TIdServerIOHandlerSSLOpenSSL.Shutdown; inherited Shutdown; end; -function TIdServerIOHandlerSSLOpenSSL.MakeFTPSvrPasv : TIdSSLIOHandlerSocketBase; +function TIdServerIOHandlerSSLOpenSSL.MakeFTPSvrPasv: TIdSSLIOHandlerSocketBase; var - LIO : TIdSSLIOHandlerSocketOpenSSL; + LIO: TIdSSLIOHandlerSocketOpenSSL; begin LIO := TIdSSLIOHandlerSocketOpenSSL.Create(nil); try @@ -2694,7 +2816,7 @@ function TIdServerIOHandlerSSLOpenSSL.MakeFTPSvrPasv : TIdSSLIOHandlerSocketBase LIO.OnGetPasswordEx := OnGetPasswordEx; LIO.IsPeer := True; LIO.SSLOptions.Assign(SSLOptions); - LIO.SSLOptions.Mode := sslmBoth;{or sslmServer} + LIO.SSLOptions.Mode := sslmBoth; { or sslmServer } LIO.SSLContext := nil; except LIO.Free; @@ -2705,23 +2827,26 @@ function TIdServerIOHandlerSSLOpenSSL.MakeFTPSvrPasv : TIdSSLIOHandlerSocketBase { IIdSSLOpenSSLCallbackHelper } -function TIdServerIOHandlerSSLOpenSSL.GetPassword(const AIsWrite : Boolean): string; +function TIdServerIOHandlerSSLOpenSSL.GetPassword(const AIsWrite + : Boolean): string; begin DoGetPasswordEx(Result, AIsWrite); - if Result = '' then begin + if Result = '' then + begin DoGetPassword(Result); end; end; -procedure TIdServerIOHandlerSSLOpenSSL.StatusInfo(const ASslSocket: PSSL; - AWhere, ARet: TIdC_INT; const AStatusStr: string); +procedure TIdServerIOHandlerSSLOpenSSL.StatusInfo(const AsslSocket: PSSL; + AWhere, Aret: TIdC_INT; const AStatusStr: string); var LType, LMsg: string; begin DoStatusInfo(AStatusStr); - if Assigned(fOnStatusInfoEx) then begin - GetStateVars(ASslSocket, AWhere, ARet, LType, LMsg); - DoStatusInfoEx(ASslSocket, AWhere, ARet, LType, LMsg); + if Assigned(FOnStatusInfoEx) then + begin + GetStateVars(AsslSocket, AWhere, Aret, LType, LMsg); + DoStatusInfoEx(AsslSocket, AWhere, Aret, LType, LMsg); end; end; @@ -2731,28 +2856,31 @@ function TIdServerIOHandlerSSLOpenSSL.VerifyPeer(ACertificate: TIdX509; Result := DoVerifyPeer(ACertificate, AOk, ADepth, AError); end; -function TIdServerIOHandlerSSLOpenSSL.GetIOHandlerSelf: TIdSSLIOHandlerSocketOpenSSL; +function TIdServerIOHandlerSSLOpenSSL.GetIOHandlerSelf + : TIdSSLIOHandlerSocketOpenSSL; begin Result := nil; end; -/////////////////////////////////////////////////////// -// TIdSSLIOHandlerSocketOpenSSL -/////////////////////////////////////////////////////// +/// //////////////////////////////////////////////////// +// TIdSSLIOHandlerSocketOpenSSL +/// //////////////////////////////////////////////////// -function TIdServerIOHandlerSSLOpenSSL.MakeClientIOHandler: TIdSSLIOHandlerSocketBase; +function TIdServerIOHandlerSSLOpenSSL.MakeClientIOHandler + : TIdSSLIOHandlerSocketBase; var - LIO : TIdSSLIOHandlerSocketOpenSSL; + LIO: TIdSSLIOHandlerSocketOpenSSL; begin LIO := TIdSSLIOHandlerSocketOpenSSL.Create(nil); try LIO.PassThrough := True; - // LIO.SSLOptions.Free; - // LIO.SSLOptions := SSLOptions; - // LIO.SSLContext := SSLContext; + // LIO.SSLOptions.Free; + // LIO.SSLOptions := SSLOptions; + // LIO.SSLContext := SSLContext; LIO.SSLOptions.Assign(SSLOptions); - // LIO.SSLContext := SSLContext; - LIO.SSLContext := nil;//SSLContext.Clone; // BGO: clone does not work, it must be either NIL, or SSLContext + // LIO.SSLContext := SSLContext; + LIO.SSLContext := nil; + // SSLContext.Clone; // BGO: clone does not work, it must be either NIL, or SSLContext LIO.OnGetPassword := DoGetPassword; LIO.OnGetPasswordEx := OnGetPasswordEx; except @@ -2777,14 +2905,14 @@ procedure TIdSSLIOHandlerSocketOpenSSL.InitComponent; destructor TIdSSLIOHandlerSocketOpenSSL.Destroy; begin FreeAndNil(fSSLSocket); - //we do not destroy these if their Parent is not Self - //because these do not belong to us when we are in a server. - if (fSSLContext <> nil) and (fSSLContext.Parent = Self) then begin + // we do not destroy these if their Parent is not Self + // because these do not belong to us when we are in a server. + if (fSSLContext <> nil) and (fSSLContext.Parent = Self) then + begin FreeAndNil(fSSLContext); end; - if (fxSSLOptions <> nil) and - (fxSSLOptions is TIdSSLOptions_Internal) and - (TIdSSLOptions_Internal(fxSSLOptions).Parent = Self) then + if (fxSSLOptions <> nil) and (fxSSLOptions is TIdSSLOptions_Internal) and + (TIdSSLOptions_Internal(fxSSLOptions).Parent = Self) then begin FreeAndNil(fxSSLOptions); end; @@ -2799,8 +2927,10 @@ procedure TIdSSLIOHandlerSocketOpenSSL.ConnectClient; try Init; except - on EIdOSSLCouldNotLoadSSLLibrary do begin - if not PassThrough then raise; + on EIdOSSLCouldNotLoadSSLLibrary do + begin + if not PassThrough then + raise; end; end; // RLebeau 1/11/07: In case a proxy is being used, pass through @@ -2822,7 +2952,8 @@ procedure TIdSSLIOHandlerSocketOpenSSL.ConnectClient; procedure TIdSSLIOHandlerSocketOpenSSL.StartSSL; begin - if not PassThrough then begin + if not PassThrough then + begin OpenEncodedConnection; end; end; @@ -2830,10 +2961,14 @@ procedure TIdSSLIOHandlerSocketOpenSSL.StartSSL; procedure TIdSSLIOHandlerSocketOpenSSL.Close; begin FreeAndNil(fSSLSocket); - if fSSLContext <> nil then begin - if fSSLContext.Parent = Self then begin + if fSSLContext <> nil then + begin + if fSSLContext.Parent = Self then + begin FreeAndNil(fSSLContext); - end else begin + end + else + begin fSSLContext := nil; end; end; @@ -2846,41 +2981,53 @@ procedure TIdSSLIOHandlerSocketOpenSSL.Open; inherited Open; end; -function TIdSSLIOHandlerSocketOpenSSL.Readable(AMSec: Integer = IdTimeoutDefault): Boolean; +function TIdSSLIOHandlerSocketOpenSSL.Readable + (AMSec: Integer = IdTimeoutDefault): Boolean; begin if not fPassThrough then begin Result := (fSSLSocket <> nil) and (ssl_pending(fSSLSocket.fSSL) > 0); - if Result then Exit; + if Result then + Exit; end; Result := inherited Readable(AMSec); end; procedure TIdSSLIOHandlerSocketOpenSSL.SetPassThrough(const Value: Boolean); begin - if fPassThrough <> Value then begin - if not Value then begin - if BindingAllocated then begin - if Assigned(fSSLContext) then begin + if fPassThrough <> Value then + begin + if not Value then + begin + if BindingAllocated then + begin + if Assigned(fSSLContext) then + begin OpenEncodedConnection; - end else begin - raise EIdOSSLCouldNotLoadSSLLibrary.Create(RSOSSLCouldNotLoadSSLLibrary); + end + else + begin + raise EIdOSSLCouldNotLoadSSLLibrary.Create + (RSOSSLCouldNotLoadSSLLibrary); end; end; end - else begin + else + begin // RLebeau 8/16/2019: need to call SSL_shutdown() here if the SSL/TLS session is active. // This is for FTP when handling CCC and REIN commands. The SSL/TLS session needs to be // shutdown cleanly on both ends without closing the underlying socket connection because // it is going to be used for continued unsecure communications! - if (fSSLSocket <> nil) and (fSSLSocket.fSSL <> nil) then begin + if (fSSLSocket <> nil) and (fSSLSocket.fSSL <> nil) then + begin // if SSL_shutdown() returns 0, a "close notify" was sent to the peer and SSL_shutdown() // needs to be called again to receive the peer's "close notify" in response... - if SSL_shutdown(fSSLSocket.fSSL) = 0 then begin + if SSL_shutdown(fSSLSocket.fSSL) = 0 then + begin SSL_shutdown(fSSLSocket.fSSL); end; end; - {$IFDEF WIN32_OR_WIN64} +{$IFDEF WIN32_OR_WIN64} // begin bug fix if BindingAllocated and IndyCheckWindowsVersion(6) then begin @@ -2889,7 +3036,7 @@ procedure TIdSSLIOHandlerSocketOpenSSL.SetPassThrough(const Value: Boolean); Binding.SetSockOpt(Id_SOL_SOCKET, Id_SO_SNDTIMEO, 0); end; // end bug fix - {$ENDIF} +{$ENDIF} end; fPassThrough := Value; end; @@ -2914,8 +3061,10 @@ procedure TIdSSLIOHandlerSocketOpenSSL.AfterAccept; try Init; except - on EIdOSSLCouldNotLoadSSLLibrary do begin - if not PassThrough then raise; + on EIdOSSLCouldNotLoadSSLLibrary do + begin + if not PassThrough then + raise; end; end; StartSSL; @@ -2926,9 +3075,10 @@ procedure TIdSSLIOHandlerSocketOpenSSL.AfterAccept; end; procedure TIdSSLIOHandlerSocketOpenSSL.Init; -//see also TIdServerIOHandlerSSLOpenSSL.Init +// see also TIdServerIOHandlerSSLOpenSSL.Init begin - if not Assigned(fSSLContext) then begin + if not Assigned(fSSLContext) then + begin fSSLContext := TIdSSLContext.Create; fSSLContext.Parent := Self; fSSLContext.RootCertFile := SSLOptions.RootCertFile; @@ -2941,35 +3091,38 @@ procedure TIdSSLIOHandlerSocketOpenSSL.Init; fSSLContext.fVerifyDirs := SSLOptions.fVerifyDirs; fSSLContext.fCipherList := SSLOptions.fCipherList; fSSLContext.VerifyOn := Assigned(fOnVerifyPeer); - fSSLContext.StatusInfoOn := Assigned(fOnStatusInfo) or Assigned(fOnStatusInfoEx); - //fSSLContext.PasswordRoutineOn := Assigned(fOnGetPassword); - fSSLContext.fMethod := SSLOptions.Method; + fSSLContext.StatusInfoOn := Assigned(fOnStatusInfo) or + Assigned(FOnStatusInfoEx); + // fSSLContext.PasswordRoutineOn := Assigned(fOnGetPassword); + fSSLContext.fMethod := SSLOptions.Method; fSSLContext.fSSLVersions := SSLOptions.SSLVersions; fSSLContext.fMode := SSLOptions.Mode; fSSLContext.InitContext(sslCtxClient); end; end; -//} +// } procedure TIdSSLIOHandlerSocketOpenSSL.DoStatusInfo(const AMsg: String); begin - if Assigned(fOnStatusInfo) then begin + if Assigned(fOnStatusInfo) then + begin fOnStatusInfo(AMsg); end; end; -procedure TIdSSLIOHandlerSocketOpenSSL.DoStatusInfoEx( - const AsslSocket: PSSL; const AWhere, Aret: TIdC_INT; const AWhereStr, - ARetStr: String); +procedure TIdSSLIOHandlerSocketOpenSSL.DoStatusInfoEx(const AsslSocket: PSSL; + const AWhere, Aret: TIdC_INT; const AWhereStr, ARetStr: String); begin - if Assigned(FOnStatusInfoEx) then begin - FOnStatusInfoEx(Self,AsslSocket,AWhere,Aret,AWHereStr,ARetStr); + if Assigned(FOnStatusInfoEx) then + begin + FOnStatusInfoEx(Self, AsslSocket, AWhere, Aret, AWhereStr, ARetStr); end; end; procedure TIdSSLIOHandlerSocketOpenSSL.DoGetPassword(var Password: String); begin - if Assigned(fOnGetPassword) then begin + if Assigned(fOnGetPassword) then + begin fOnGetPassword(Password); end; end; @@ -2977,8 +3130,9 @@ procedure TIdSSLIOHandlerSocketOpenSSL.DoGetPassword(var Password: String); procedure TIdSSLIOHandlerSocketOpenSSL.DoGetPasswordEx(var VPassword: String; const AIsWrite: Boolean); begin - if Assigned(fOnGetPasswordEx) then begin - fOnGetPasswordEx(Self,VPassword,AIsWrite); + if Assigned(fOnGetPasswordEx) then + begin + fOnGetPasswordEx(Self, VPassword, AIsWrite); end; end; @@ -2986,16 +3140,17 @@ function TIdSSLIOHandlerSocketOpenSSL.DoVerifyPeer(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean; begin Result := True; - if Assigned(fOnVerifyPeer) then begin + if Assigned(fOnVerifyPeer) then + begin Result := fOnVerifyPeer(Certificate, AOk, ADepth, AError); end; end; procedure TIdSSLIOHandlerSocketOpenSSL.OpenEncodedConnection; var - {$IFDEF WIN32_OR_WIN64} +{$IFDEF WIN32_OR_WIN64} LTimeout: Integer; - {$ENDIF} +{$ENDIF} LMode: TIdSSLMode; LHost: string; @@ -3032,8 +3187,10 @@ procedure TIdSSLIOHandlerSocketOpenSSL.OpenEncodedConnection; begin repeat LNextTransparentProxy := LTransparentProxy.ChainedProxy; - if not Assigned(LNextTransparentProxy) then Break; - if not LNextTransparentProxy.Enabled then Break; + if not Assigned(LNextTransparentProxy) then + Break; + if not LNextTransparentProxy.Enabled then + Break; LTransparentProxy := LNextTransparentProxy; until False; Result := LTransparentProxy.Host; @@ -3042,27 +3199,29 @@ procedure TIdSSLIOHandlerSocketOpenSSL.OpenEncodedConnection; end; begin - Assert(Binding<>nil); - if not Assigned(fSSLSocket) then begin + Assert(Binding <> nil); + if not Assigned(fSSLSocket) then + begin fSSLSocket := TIdSSLSocket.Create(Self); end; - Assert(fSSLSocket.fSSLContext=nil); + Assert(fSSLSocket.fSSLContext = nil); fSSLSocket.fSSLContext := fSSLContext; - {$IFDEF WIN32_OR_WIN64} +{$IFDEF WIN32_OR_WIN64} // begin bug fix if IndyCheckWindowsVersion(6) then begin // Note: Fix needed to allow SSL_Read and SSL_Write to timeout under // Vista+ when connection is dropped LTimeout := FReadTimeOut; - if LTimeout <= 0 then begin + if LTimeout <= 0 then + begin LTimeout := 30000; // 30 seconds end; Binding.SetSockOpt(Id_SOL_SOCKET, Id_SO_RCVTIMEO, LTimeout); Binding.SetSockOpt(Id_SOL_SOCKET, Id_SO_SNDTIMEO, LTimeout); end; // end bug fix - {$ENDIF} +{$ENDIF} // RLebeau 7/2/2015: do not rely on IsPeer to decide whether to call Connect() // or Accept(). SSLContext.Mode controls whether a client or server method is // used to handle the connection, so that same value should be used here as well. @@ -3075,51 +3234,61 @@ procedure TIdSSLIOHandlerSocketOpenSSL.OpenEncodedConnection; // in client components! IsPeer is intended to be set to True only in server // components... LMode := fSSLContext.Mode; - if not (LMode in [sslmClient, sslmServer]) then begin + if not(LMode in [sslmClient, sslmServer]) then + begin // Mode must be sslmBoth (or else TIdSSLContext.SetSSLMethod() would have // raised an exception), so just fall back to previous behavior for now, // until we can figure out a better way to handle this scenario... - if IsPeer then begin + if IsPeer then + begin LMode := sslmServer; - end else begin + end + else + begin LMode := sslmClient; end; end; - if LMode = sslmClient then begin + if LMode = sslmClient then + begin LHost := GetURIHost; if LHost = '' then begin LHost := GetProxyTargetHost; - if LHost = '' then begin + if LHost = '' then + begin LHost := Self.Host; end; end; fSSLSocket.fHostName := LHost; fSSLSocket.Connect(Binding.Handle); - end else begin + end + else + begin fSSLSocket.fHostName := ''; fSSLSocket.Accept(Binding.Handle); end; fPassThrough := False; end; -procedure TIdSSLIOHandlerSocketOpenSSL.DoBeforeConnect(ASender: TIdSSLIOHandlerSocketOpenSSL); +procedure TIdSSLIOHandlerSocketOpenSSL.DoBeforeConnect + (ASender: TIdSSLIOHandlerSocketOpenSSL); begin - if Assigned(OnBeforeConnect) then begin + if Assigned(OnBeforeConnect) then + begin OnBeforeConnect(Self); end; end; - // TODO: add an AOwner parameter function TIdSSLIOHandlerSocketOpenSSL.Clone: TIdSSLIOHandlerSocketBase; var - LIO : TIdSSLIOHandlerSocketOpenSSL; + LIO: TIdSSLIOHandlerSocketOpenSSL; begin LIO := TIdSSLIOHandlerSocketOpenSSL.Create(nil); try - LIO.SSLOptions.Assign( SSLOptions ); + LIO.SSLOptions.Assign(SSLOptions); LIO.OnStatusInfo := DoStatusInfo; + LIO.OnStatusInfoEx := Self.OnStatusInfoEx; LIO.OnGetPassword := DoGetPassword; LIO.OnGetPasswordEx := OnGetPasswordEx; LIO.OnVerifyPeer := DoVerifyPeer; @@ -3131,19 +3300,25 @@ function TIdSSLIOHandlerSocketOpenSSL.Clone: TIdSSLIOHandlerSocketBase; Result := LIO; end; -function TIdSSLIOHandlerSocketOpenSSL.CheckForError(ALastResult: Integer): Integer; -//var -// err: Integer; +function TIdSSLIOHandlerSocketOpenSSL.CheckForError + (ALastResult: Integer): Integer; +// var +// err: Integer; begin - if PassThrough then begin + if PassThrough then + begin Result := inherited CheckForError(ALastResult); - end else begin + end + else + begin Result := fSSLSocket.GetSSLError(ALastResult); - if Result = SSL_ERROR_NONE then begin + if Result = SSL_ERROR_NONE then + begin Result := 0; Exit; end; - if Result = SSL_ERROR_SYSCALL then begin + if Result = SSL_ERROR_SYSCALL then + begin Result := inherited CheckForError(Integer(Id_SOCKET_ERROR)); Exit; end; @@ -3153,32 +3328,39 @@ function TIdSSLIOHandlerSocketOpenSSL.CheckForError(ALastResult: Integer): Integ procedure TIdSSLIOHandlerSocketOpenSSL.RaiseError(AError: Integer); begin - if (PassThrough) or (AError = Id_WSAESHUTDOWN) or (AError = Id_WSAECONNABORTED) or (AError = Id_WSAECONNRESET) then begin + if (PassThrough) or (AError = Id_WSAESHUTDOWN) or + (AError = Id_WSAECONNABORTED) or (AError = Id_WSAECONNRESET) then + begin inherited RaiseError(AError); - end else begin + end + else + begin EIdOpenSSLAPISSLError.RaiseException(fSSLSocket.fSSL, AError, ''); end; end; { IIdSSLOpenSSLCallbackHelper } -function TIdSSLIOHandlerSocketOpenSSL.GetPassword(const AIsWrite : Boolean): string; +function TIdSSLIOHandlerSocketOpenSSL.GetPassword(const AIsWrite + : Boolean): string; begin DoGetPasswordEx(Result, AIsWrite); - if Result = '' then begin + if Result = '' then + begin DoGetPassword(Result); end; end; -procedure TIdSSLIOHandlerSocketOpenSSL.StatusInfo(const ASslSocket: PSSL; - AWhere, ARet: TIdC_INT; const AStatusStr: string); +procedure TIdSSLIOHandlerSocketOpenSSL.StatusInfo(const AsslSocket: PSSL; + AWhere, Aret: TIdC_INT; const AStatusStr: string); var LType, LMsg: string; begin DoStatusInfo(AStatusStr); - if Assigned(fOnStatusInfoEx) then begin - GetStateVars(ASslSocket, AWhere, ARet, LType, LMsg); - DoStatusInfoEx(ASslSocket, AWhere, ARet, LType, LMsg); + if Assigned(FOnStatusInfoEx) then + begin + GetStateVars(AsslSocket, AWhere, Aret, LType, LMsg); + DoStatusInfoEx(AsslSocket, AWhere, Aret, LType, LMsg); end; end; @@ -3188,7 +3370,8 @@ function TIdSSLIOHandlerSocketOpenSSL.VerifyPeer(ACertificate: TIdX509; Result := DoVerifyPeer(ACertificate, AOk, ADepth, AError); end; -function TIdSSLIOHandlerSocketOpenSSL.GetIOHandlerSelf: TIdSSLIOHandlerSocketOpenSSL; +function TIdSSLIOHandlerSocketOpenSSL.GetIOHandlerSelf + : TIdSSLIOHandlerSocketOpenSSL; begin Result := Self; end; @@ -3198,9 +3381,10 @@ function TIdSSLIOHandlerSocketOpenSSL.GetIOHandlerSelf: TIdSSLIOHandlerSocketOpe constructor TIdSSLContext.Create; begin inherited Create; - //an exception here probably means that you are using the wrong version - //of the openssl libraries. refer to comments at the top of this file. - if not LoadOpenSSLLibrary then begin + // an exception here probably means that you are using the wrong version + // of the openssl libraries. refer to comments at the top of this file. + if not LoadOpenSSLLibrary then + begin raise EIdOSSLCouldNotLoadSSLLibrary.Create(RSOSSLCouldNotLoadSSLLibrary); end; fVerifyMode := []; @@ -3216,7 +3400,8 @@ destructor TIdSSLContext.Destroy; procedure TIdSSLContext.DestroyContext; begin - if fContext <> nil then begin + if fContext <> nil then + begin SSL_CTX_free(fContext); fContext := nil; end; @@ -3225,18 +3410,22 @@ procedure TIdSSLContext.DestroyContext; procedure TIdSSLContext.InitContext(CtxMode: TIdSSLCtxMode); var SSLMethod: PSSL_METHOD; - error: TIdC_INT; -// pCAname: PSTACK_X509_NAME; - {$IFDEF USE_MARSHALLED_PTRS} + Error: TIdC_INT; + // pCAname: PSTACK_X509_NAME; +{$IFDEF USE_MARSHALLED_PTRS} M: TMarshaller; - {$ENDIF} +{$ENDIF} begin // Destroy the context first DestroyContext; - if fMode = sslmUnassigned then begin - if CtxMode = sslCtxServer then begin + if fMode = sslmUnassigned then + begin + if CtxMode = sslCtxServer then + begin fMode := sslmServer; - end else begin + end + else + begin fMode := sslmClient; end end; @@ -3244,152 +3433,169 @@ procedure TIdSSLContext.InitContext(CtxMode: TIdSSLCtxMode); SSLMethod := SetSSLMethod; // create new SSL context fContext := SSL_CTX_new(SSLMethod); - if fContext = nil then begin + if fContext = nil then + begin EIdOSSLCreatingContextError.RaiseException(RSSSLCreatingContextError); end; - //set SSL Versions we will use - - // in OpenSSL 1.0.2g onwards, SSLv2 is disabled and not exported by default - // at compile-time. If OpenSSL is compiled with "enable-ssl2" enabled so the - // SSLv2_xxx_method() functions are exported, SSLv2 is still disabled by - // default in the SSLv23_xxx_method() functions and must be enabled explicitly... - if IsOpenSSL_SSLv2_Available then begin - if not (sslvSSLv2 in SSLVersions) then begin - SSL_CTX_set_options(fContext, SSL_OP_NO_SSLv2); - end - else if (fMethod = sslvSSLv23) then begin - SSL_CTX_clear_options(fContext, SSL_OP_NO_SSLv2); - end; - end; - // SSLv3 might also be disabled as well.. - if IsOpenSSL_SSLv3_Available then begin - if not (sslvSSLv3 in SSLVersions) then begin - SSL_CTX_set_options(fContext, SSL_OP_NO_SSLv3); - end - else if (fMethod = sslvSSLv23) then begin - SSL_CTX_clear_options(fContext, SSL_OP_NO_SSLv3); - end; - end; - // may as well do the same for all of them... - if IsOpenSSL_TLSv1_0_Available then begin - if not (sslvTLSv1 in SSLVersions) then begin +{ if not(sslvTLSv1 in SSLVersions) then + begin SSL_CTX_set_options(fContext, SSL_OP_NO_TLSv1); end - else if (fMethod = sslvSSLv23) then begin + else if (fMethod = sslvSSLv23) then + begin SSL_CTX_clear_options(fContext, SSL_OP_NO_TLSv1); end; - end; -{IMPORTANT!!! Do not set SSL_CTX_set_options SSL_OP_NO_TLSv1_1 and -SSL_OP_NO_TLSv1_2 if that functionality is not available. OpenSSL 1.0 and -earlier do not support those flags. Those flags would only cause -an invalid MAC when doing SSL.} - if IsOpenSSL_TLSv1_1_Available then begin - if not (sslvTLSv1_1 in SSLVersions) then begin +{ if not(sslvTLSv1_1 in SSLVersions) then + begin SSL_CTX_set_options(fContext, SSL_OP_NO_TLSv1_1); end - else if (fMethod = sslvSSLv23) then begin + else if (fMethod = sslvSSLv23) then + begin SSL_CTX_clear_options(fContext, SSL_OP_NO_TLSv1_1); end; - end; - if IsOpenSSL_TLSv1_2_Available then begin - if not (sslvTLSv1_2 in SSLVersions) then begin + if not(sslvTLSv1_2 in SSLVersions) then + begin SSL_CTX_set_options(fContext, SSL_OP_NO_TLSv1_2); end - else if (fMethod = sslvSSLv23) then begin + else if (fMethod = sslvSSLv23) then + begin SSL_CTX_clear_options(fContext, SSL_OP_NO_TLSv1_2); + end; } + if sslvTLSv1 in SSLVersions then begin + if SSL_CTX_set_min_proto_version(fContext, TLS1_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMinProtocolVersion.Create(RSOSSLCouldNotSetMinProtocolVersion); + end; + end else if sslvTLSv1_1 in SSLVersions then begin + if SSL_CTX_set_min_proto_version(fContext, TLS1_1_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMinProtocolVersion.Create(RSOSSLCouldNotSetMinProtocolVersion); + end; + end else if sslvTLSv1_2 in SSLVersions then begin + if SSL_CTX_set_min_proto_version(fContext, TLS1_2_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMinProtocolVersion.Create(RSOSSLCouldNotSetMinProtocolVersion); + end; + end else if sslvTLSv1_3 in SSLVersions then begin + if SSL_CTX_set_min_proto_version(fContext, TLS1_3_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMinProtocolVersion.Create(RSOSSLCouldNotSetMinProtocolVersion); end; end; - + if SSL_CTX_set_max_proto_version(fContext, TLS1_3_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMaxProtocolVersion.Create(RSOSSLCouldNotSetMaxProtocolVersion); + end; SSL_CTX_set_mode(fContext, SSL_MODE_AUTO_RETRY); // assign a password lookup routine -// if PasswordRoutineOn then begin - SSL_CTX_set_default_passwd_cb(fContext, @PasswordCallback); - SSL_CTX_set_default_passwd_cb_userdata(fContext, Self); -// end; + // if PasswordRoutineOn then begin + SSL_CTX_set_default_passwd_cb(fContext, @PasswordCallback); + SSL_CTX_set_ex_data(fContext, INDY_PASSWORD_CALLBACK, @PasswordCallback); + SSL_CTX_set_default_passwd_cb_userdata(fContext, Self); + SSL_CTX_set_ex_data(fContext, INDY_CALLBACK_USERDATA, Self); + // end; SSL_CTX_set_default_verify_paths(fContext); // load key and certificate files - if (RootCertFile <> '') or (VerifyDirs <> '') then begin {Do not Localize} - if not LoadRootCert then begin - EIdOSSLLoadingRootCertError.RaiseException(RSSSLLoadingRootCertError); + if (RootCertFile <> '') or (VerifyDirs <> '') then + begin { Do not Localize } + if not LoadRootCert then + begin + EIdOSSLLoadingRootCertError.RaiseException(RSSSLLoadingRootCertError); end; end; - if CertFile <> '' then begin {Do not Localize} - if not LoadCert then begin + if CertFile <> '' then + begin { Do not Localize } + if not LoadCert then + begin EIdOSSLLoadingCertError.RaiseException(RSSSLLoadingCertError); end; end; - if KeyFile <> '' then begin {Do not Localize} - if not LoadKey then begin + if KeyFile <> '' then + begin { Do not Localize } + if not LoadKey then + begin EIdOSSLLoadingKeyError.RaiseException(RSSSLLoadingKeyError); end; end; - if DHParamsFile <> '' then begin {Do not Localize} - if not LoadDHParams then begin + if DHParamsFile <> '' then + begin { Do not Localize } + if not LoadDHParams then + begin EIdOSSLLoadingDHParamsError.RaiseException(RSSSLLoadingDHParamsError); end; end; - if StatusInfoOn then begin + if StatusInfoOn then + begin SSL_CTX_set_info_callback(fContext, InfoCallback); end; - //if_SSL_CTX_set_tmp_rsa_callback(hSSLContext, @RSACallback); - if fCipherList <> '' then begin {Do not Localize} - error := SSL_CTX_set_cipher_list(fContext, - {$IFDEF USE_MARSHALLED_PTRS} + // if_SSL_CTX_set_tmp_rsa_callback(hSSLContext, @RSACallback); + if fCipherList <> '' then + begin { Do not Localize } + Error := SSL_CTX_set_cipher_list(fContext, +{$IFDEF USE_MARSHALLED_PTRS} M.AsAnsi(fCipherList).ToPointer - {$ELSE} +{$ELSE} PAnsiChar( - {$IFDEF STRING_IS_ANSI} - fCipherList - {$ELSE} - AnsiString(fCipherList) // explicit cast to Ansi - {$ENDIF} +{$IFDEF STRING_IS_ANSI} + fCipherList +{$ELSE} + AnsiString(fCipherList) // explicit cast to Ansi +{$ENDIF} ) - {$ENDIF} - ); - end else begin +{$ENDIF} + ); + end + else + begin // RLebeau: don't override OpenSSL's default. As OpenSSL evolves, the // SSL_DEFAULT_CIPHER_LIST constant defined in the C/C++ SDK may change, // while Indy's define of it might take some time to catch up. We don't // want users using an older default with newer DLLs... (* - error := SSL_CTX_set_cipher_list(fContext, + error := SSL_CTX_set_cipher_list(fContext, {$IFDEF USE_MARSHALLED_PTRS} M.AsAnsi(SSL_DEFAULT_CIPHER_LIST).ToPointer {$ELSE} SSL_DEFAULT_CIPHER_LIST {$ENDIF} - ); + ); *) - error := 1; + Error := 1; end; - if error <= 0 then begin + if Error <= 0 then + begin // TODO: should this be using EIdOSSLSettingCipherError.RaiseException() instead? raise EIdOSSLSettingCipherError.Create(RSSSLSettingCipherError); end; - if fVerifyMode <> [] then begin + if fVerifyMode <> [] then + begin SetVerifyMode(fVerifyMode, VerifyOn); end; - if CtxMode = sslCtxServer then begin - SSL_CTX_set_session_id_context(fContext, PByte(@fSessionId), SizeOf(fSessionId)); + if CtxMode = sslCtxServer then + begin + SSL_CTX_set_session_id_context(fContext, PByte(@fSessionId), + SizeOf(fSessionId)); end; // CA list - if RootCertFile <> '' then begin {Do not Localize} - SSL_CTX_set_client_CA_list(fContext, IndySSL_load_client_CA_file(RootCertFile)); + if RootCertFile <> '' then + begin { Do not Localize } + SSL_CTX_set_client_CA_list(fContext, + IndySSL_load_client_CA_file(RootCertFile)); end // TODO: provide an event so users can apply their own settings as needed... end; -procedure TIdSSLContext.SetVerifyMode(Mode: TIdSSLVerifyModeSet; CheckRoutine: Boolean); +procedure TIdSSLContext.SetVerifyMode(Mode: TIdSSLVerifyModeSet; + CheckRoutine: Boolean); var Func: TSSL_CTX_set_verify_callback; begin - if fContext<>nil then begin -// SSL_CTX_set_default_verify_paths(fContext); - if CheckRoutine then begin + if fContext <> nil then + begin + // SSL_CTX_set_default_verify_paths(fContext); + if CheckRoutine then + begin Func := VerifyCallback; - end else begin + end + else + begin Func := nil; end; SSL_CTX_set_verify(fContext, TranslateInternalVerifyToSSL(Mode), Func); @@ -3401,210 +3607,114 @@ function TIdSSLContext.GetVerifyMode: TIdSSLVerifyModeSet; begin Result := fVerifyMode; end; + { -function TIdSSLContext.LoadVerifyLocations(FileName: String; Dirs: String): Boolean; -begin + function TIdSSLContext.LoadVerifyLocations(FileName: String; Dirs: String): Boolean; + begin Result := False; if (Dirs <> '') or (FileName <> '') then begin - if IndySSL_CTX_load_verify_locations(fContext, FileName, Dirs) <= 0 then begin - raise EIdOSSLCouldNotLoadSSLLibrary.Create(RSOSSLCouldNotLoadSSLLibrary); - end; + if IndySSL_CTX_load_verify_locations(fContext, FileName, Dirs) <= 0 then begin + raise EIdOSSLCouldNotLoadSSLLibrary.Create(RSOSSLCouldNotLoadSSLLibrary); + end; end; Result := True; -end; + end; } -function SelectTLS1Method(const AMode : TIdSSLMode) : PSSL_METHOD; +function SelectTLS1Method(const AMode: TIdSSLMode): PSSL_METHOD; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := nil; case AMode of - sslmServer : begin - if Assigned(TLSv1_server_method) then begin - Result := TLSv1_server_method(); + sslmServer: + begin + Result := TLS_server_method(); end; - end; - sslmClient : begin - if Assigned(TLSv1_client_method) then begin - Result := TLSv1_client_method(); + sslmClient: + begin + Result := TLS_client_method(); end; - end; else - if Assigned(TLSv1_method) then begin - Result := TLSv1_method(); - end; + Result := TLS_method(); end; end; function TIdSSLContext.SetSSLMethod: PSSL_METHOD; begin - Result := nil; - if fMode = sslmUnassigned then begin + if fMode = sslmUnassigned then + begin raise EIdOSSLModeNotSet.Create(RSOSSLModeNotSet); end; - case fMethod of - sslvSSLv2: - case fMode of - sslmServer : begin - if Assigned(SSLv2_server_method) then begin - Result := SSLv2_server_method(); - end; - end; - sslmClient : begin - if Assigned(SSLv2_client_method) then begin - Result := SSLv2_client_method(); - end; - end; - else - if Assigned(SSLv2_method) then begin - Result := SSLv2_method(); - end; - end; - sslvSSLv23: - case fMode of - sslmServer : begin - if Assigned(SSLv23_server_method) then begin - Result := SSLv23_server_method(); - end; - end; - sslmClient : begin - if Assigned(SSLv23_client_method) then begin - Result := SSLv23_client_method(); - end; - end; - else - if Assigned(SSLv23_method) then begin - Result := SSLv23_method(); - end; - end; - sslvSSLv3: - case fMode of - sslmServer : begin - if Assigned(SSLv3_server_method) then begin - Result := SSLv3_server_method(); - end; - end; - sslmClient : begin - if Assigned(SSLv3_client_method) then begin - Result := SSLv3_client_method(); - end; - end; - else - if Assigned(SSLv3_method) then begin - Result := SSLv3_method(); - end; - end; - {IMPORTANT!!! fallback to TLS 1.0 if TLS 1.1 or 1.2 is not available. - This is important because OpenSSL earlier than 1.0.1 does not support this - functionality. - - Todo: Figure out a better fallback. - } - // TODO: get rid of this fallack! If the user didn't choose TLS 1.0, then - // don't falback to it, just fail instead, like with all of the other SSL/TLS - // versions... - sslvTLSv1: - Result := SelectTLS1Method(fMode); - sslvTLSv1_1: - case fMode of - sslmServer : begin - if Assigned(TLSv1_1_server_method) then begin - Result := TLSv1_1_server_method(); - end else begin - Result := SelectTLS1Method(fMode); - end; - end; - sslmClient : begin - if Assigned(TLSv1_1_client_method) then begin - Result := TLSv1_1_client_method(); - end else begin - Result := SelectTLS1Method(fMode); - end; - end; - else - if Assigned(TLSv1_1_method) then begin - Result := TLSv1_1_method(); - end else begin - Result := SelectTLS1Method(fMode); - end; - end; - sslvTLSv1_2: - case fMode of - sslmServer : begin - if Assigned(TLSv1_2_server_method) then begin - Result := TLSv1_2_server_method(); - end else begin - // TODO: fallback to TLSv1.1 if available? - Result := SelectTLS1Method(fMode); - end; - end; - sslmClient : begin - if Assigned(TLSv1_2_client_method) then begin - Result := TLSv1_2_client_method(); - end else begin - // TODO: fallback to TLSv1.1 if available? - Result := SelectTLS1Method(fMode); - end; - end; - else - if Assigned(TLSv1_2_method) then begin - Result := TLSv1_2_method(); - end else begin - // TODO: fallback to TLSv1.1 if available? - Result := SelectTLS1Method(fMode); - end; - end; - end; - if Result = nil then begin - raise EIdOSSLGetMethodError.Create(RSSSLGetMethodError); + case Mode of + sslmServer : begin + Result := TLS_server_method; + end; + sslmClient : begin + Result := TLS_client_method; + end; + else + Result := TLS_client_method; end; end; function TIdSSLContext.LoadRootCert: Boolean; begin - Result := IndySSL_CTX_load_verify_locations(fContext, RootCertFile, VerifyDirs) > 0; + Result := IndySSL_CTX_load_verify_locations(fContext, RootCertFile, + VerifyDirs) > 0; end; function TIdSSLContext.LoadCert: Boolean; begin - if PosInStrArray(ExtractFileExt(CertFile), ['.p12', '.pfx'], False) <> -1 then begin + if PosInStrArray(ExtractFileExt(CertFile), ['.p12', '.pfx'], False) <> -1 then + begin Result := IndySSL_CTX_use_certificate_file_PKCS12(fContext, CertFile) > 0; - end else begin - //OpenSSL 1.0.2 has a new function, SSL_CTX_use_certificate_chain_file - //that handles a chain of certificates in a PEM file. That is prefered. - if Assigned(SSL_CTX_use_certificate_chain_file) then begin - Result := IndySSL_CTX_use_certificate_chain_file(fContext, CertFile) > 0; - end else begin - Result := IndySSL_CTX_use_certificate_file(fContext, CertFile, SSL_FILETYPE_PEM) > 0; + end + else + begin + // OpenSSL 1.0.2 has a new function, SSL_CTX_use_certificate_chain_file + // that handles a chain of certificates in a PEM file. That is prefered. + if Assigned(SSL_CTX_use_certificate_chain_file) then + begin + Result := IndySSL_CTX_use_certificate_chain_file(fContext, CertFile) > 0; + end + else + begin + Result := IndySSL_CTX_use_certificate_file(fContext, CertFile, + SSL_FILETYPE_PEM) > 0; end; end; end; function TIdSSLContext.LoadKey: Boolean; begin - if PosInStrArray(ExtractFileExt(KeyFile), ['.p12', '.pfx'], False) <> -1 then begin + if PosInStrArray(ExtractFileExt(KeyFile), ['.p12', '.pfx'], False) <> -1 then + begin Result := IndySSL_CTX_use_PrivateKey_file_PKCS12(fContext, KeyFile) > 0; - end else begin - Result := IndySSL_CTX_use_PrivateKey_file(fContext, KeyFile, SSL_FILETYPE_PEM) > 0; + end + else + begin + Result := IndySSL_CTX_use_PrivateKey_file(fContext, KeyFile, + SSL_FILETYPE_PEM) > 0; end; - if Result then begin + if Result then + begin Result := SSL_CTX_check_private_key(fContext) > 0; end; end; function TIdSSLContext.LoadDHParams: Boolean; begin - Result := IndySSL_CTX_use_DHparams_file(fContext, fsDHParamsFile, SSL_FILETYPE_PEM) > 0; + Result := IndySSL_CTX_use_DHparams_file(fContext, fsDHParamsFile, + SSL_FILETYPE_PEM) > 0; end; -////////////////////////////////////////////////////////////// +/// /////////////////////////////////////////////////////////// function TIdSSLContext.Clone: TIdSSLContext; begin Result := TIdSSLContext.Create; Result.StatusInfoOn := StatusInfoOn; -// property PasswordRoutineOn: Boolean read fPasswordRoutineOn write fPasswordRoutineOn; + // property PasswordRoutineOn: Boolean read fPasswordRoutineOn write fPasswordRoutineOn; Result.VerifyOn := VerifyOn; Result.Method := Method; Result.SSLVersions := SSLVersions; @@ -3626,16 +3736,17 @@ constructor TIdSSLSocket.Create(Parent: TObject); destructor TIdSSLSocket.Destroy; begin - if fSSL <> nil then begin + if fSSL <> nil then + begin // TODO: should this be moved to TIdSSLContext instead? Is this here // just to make sure the SSL shutdown does not log any messages? { - if (fSSLContext <> nil) and (fSSLContext.StatusInfoOn) and - (fSSLContext.fContext <> nil) then begin + if (fSSLContext <> nil) and (fSSLContext.StatusInfoOn) and + (fSSLContext.fContext <> nil) then begin SSL_CTX_set_info_callback(fSSLContext.fContext, nil); - end; + end; } - //SSL_set_shutdown(fSSL, SSL_SENT_SHUTDOWN); + // SSL_set_shutdown(fSSL, SSL_SENT_SHUTDOWN); SSL_shutdown(fSSL); SSL_free(fSSL); fSSL := nil; @@ -3661,68 +3772,91 @@ function TIdSSLSocket.GetSSLError(retCode: Integer): Integer; Result := SSL_ERROR_WANT_READ; SSL_ERROR_ZERO_RETURN: Result := SSL_ERROR_ZERO_RETURN; - //Result := SSL_ERROR_NONE; - { + // Result := SSL_ERROR_NONE; + { // ssl layer has been disconnected, it is not necessary that also // socked has been closed case Mode of - sslemClient: begin - case Action of - sslWrite: begin - if retCode = 0 then begin - Result := 0; - end - else begin - raise EIdException.Create(RSOSSLConnectionDropped); // TODO: create a new Exception class for this - end; - end; - end; - end;} + sslemClient: begin + case Action of + sslWrite: begin + if retCode = 0 then begin + Result := 0; + end + else begin + raise EIdException.Create(RSOSSLConnectionDropped); // TODO: create a new Exception class for this + end; + end; + end; + end; } - //raise EIdException.Create(RSOSSLConnectionDropped); // TODO: create a new Exception class for this - // X509_LOOKUP event is not really an error, just an event + // raise EIdException.Create(RSOSSLConnectionDropped); // TODO: create a new Exception class for this + // X509_LOOKUP event is not really an error, just an event // SSL_ERROR_WANT_X509_LOOKUP: - // raise EIdException.Create(RSOSSLCertificateLookup); // TODO: create a new Exception class for this + // raise EIdException.Create(RSOSSLCertificateLookup); // TODO: create a new Exception class for this SSL_ERROR_SYSCALL: Result := SSL_ERROR_SYSCALL; - // Result := SSL_ERROR_NONE; + // Result := SSL_ERROR_NONE; - {//raise EIdException.Create(RSOSSLInternal); // TODO: create a new Exception class for this - if (retCode <> 0) or (DataLen <> 0) then begin - raise EIdException.Create(RSOSSLConnectionDropped); // TODO: create a new Exception class for this - end - else begin - Result := 0; - end;} + { //raise EIdException.Create(RSOSSLInternal); // TODO: create a new Exception class for this + if (retCode <> 0) or (DataLen <> 0) then begin + raise EIdException.Create(RSOSSLConnectionDropped); // TODO: create a new Exception class for this + end + else begin + Result := 0; + end; } SSL_ERROR_SSL: // raise EIdException.Create(RSOSSLInternal); // TODO: create a new Exception class for this Result := SSL_ERROR_SSL; - // Result := SSL_ERROR_NONE; + // Result := SSL_ERROR_NONE; end; end; procedure TIdSSLSocket.Accept(const pHandle: TIdStackSocketHandle); -//Accept and Connect have a lot of duplicated code +// Accept and Connect have a lot of duplicated code var - error: Integer; + Error: Integer; StatusStr: String; LParentIO: TIdSSLIOHandlerSocketOpenSSL; LHelper: IIdSSLOpenSSLCallbackHelper; begin - Assert(fSSL=nil); - Assert(fSSLContext<>nil); + Assert(fSSL = nil); + Assert(fSSLContext <> nil); fSSL := SSL_new(fSSLContext.fContext); - if fSSL = nil then begin + if sslvTLSv1 in fSSLContext.SSLVersions then begin + if SSL_set_min_proto_version(fSSL, TLS1_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMinProtocolVersion.Create(RSOSSLCouldNotSetMinProtocolVersion); + end; + end else if sslvTLSv1_1 in fSSLContext.SSLVersions then begin + if SSL_set_min_proto_version(fSSL, TLS1_1_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMinProtocolVersion.Create(RSOSSLCouldNotSetMinProtocolVersion); + end; + end else if sslvTLSv1_2 in fSSLContext.SSLVersions then begin + if SSL_set_min_proto_version(fSSL, TLS1_2_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMinProtocolVersion.Create(RSOSSLCouldNotSetMinProtocolVersion); + end; + end else if sslvTLSv1_3 in fSSLContext.SSLVersions then begin + if SSL_set_min_proto_version(fSSL, TLS1_3_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMinProtocolVersion.Create(RSOSSLCouldNotSetMinProtocolVersion); + end; + end; + if SSL_set_max_proto_version(fSSL, TLS1_3_VERSION) <> 1 then begin + raise EIdOSSLCouldNotSetMaxProtocolVersion.Create(RSOSSLCouldNotSetMaxProtocolVersion); + end; + if fSSL = nil then + begin raise EIdOSSLCreatingSessionError.Create(RSSSLCreatingSessionError); end; - error := SSL_set_app_data(fSSL, Self); - if error <= 0 then begin - EIdOSSLDataBindingError.RaiseException(fSSL, error, RSSSLDataBindingError); + Error := SSL_set_app_data(fSSL, Self); + if Error <= 0 then + begin + EIdOSSLDataBindingError.RaiseException(fSSL, Error, RSSSLDataBindingError); end; - error := SSL_set_fd(fSSL, pHandle); - if error <= 0 then begin - EIdOSSLFDSetError.RaiseException(fSSL, error, RSSSLFDSetError); + Error := SSL_set_fd(fSSL, pHandle); + if Error <= 0 then + begin + EIdOSSLFDSetError.RaiseException(fSSL, Error, RSSSLFDSetError); end; // RLebeau: if this socket's IOHandler was cloned, no need to reuse the // original IOHandler's active session ID, since this is a server socket @@ -3732,23 +3866,26 @@ procedure TIdSSLSocket.Accept(const pHandle: TIdStackSocketHandle); // IOHandler's active session ID regardless of whether this is a client // or server socket? What about FTP in non-passive mode, for example? { - if (LParentIO <> nil) and (LParentIO.fSSLSocket <> nil) and - (LParentIO.fSSLSocket <> Self) then - begin + if (LParentIO <> nil) and (LParentIO.fSSLSocket <> nil) and + (LParentIO.fSSLSocket <> Self) then + begin SSL_copy_session_id(fSSL, LParentIO.fSSLSocket.fSSL); - end; + end; } - error := SSL_accept(fSSL); - if error <= 0 then begin - EIdOSSLAcceptError.RaiseException(fSSL, error, RSSSLAcceptError); + Error := SSL_accept(fSSL); + if Error <= 0 then + begin + EIdOSSLAcceptError.RaiseException(fSSL, Error, RSSSLAcceptError); end; - if Supports(fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin + if Supports(fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then + begin LParentIO := LHelper.GetIOHandlerSelf; - if LParentIO <> nil then begin - StatusStr := 'Cipher: name = ' + Cipher.Name + '; ' + {Do not Localize} - 'description = ' + Cipher.Description + '; ' + {Do not Localize} - 'bits = ' + IntToStr(Cipher.Bits) + '; ' + {Do not Localize} - 'version = ' + Cipher.Version + '; '; {Do not Localize} + if LParentIO <> nil then + begin + StatusStr := 'Cipher: name = ' + Cipher.Name + '; ' + { Do not Localize } + 'description = ' + Cipher.Description + '; ' + { Do not Localize } + 'bits = ' + IntToStr(Cipher.Bits) + '; ' + { Do not Localize } + 'version = ' + Cipher.Version + '; '; { Do not Localize } LParentIO.DoStatusInfo(StatusStr); end; LHelper := nil; @@ -3757,53 +3894,61 @@ procedure TIdSSLSocket.Accept(const pHandle: TIdStackSocketHandle); procedure TIdSSLSocket.Connect(const pHandle: TIdStackSocketHandle); var - error: Integer; + Error: Integer; StatusStr: String; LParentIO: TIdSSLIOHandlerSocketOpenSSL; LHelper: IIdSSLOpenSSLCallbackHelper; begin - Assert(fSSL=nil); - Assert(fSSLContext<>nil); - if Supports(fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin + Assert(fSSL = nil); + Assert(fSSLContext <> nil); + if Supports(fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then + begin LParentIO := LHelper.GetIOHandlerSelf; - end else begin + end + else + begin LParentIO := nil; end; fSSL := SSL_new(fSSLContext.fContext); - if fSSL = nil then begin + if fSSL = nil then + begin raise EIdOSSLCreatingSessionError.Create(RSSSLCreatingSessionError); end; - error := SSL_set_app_data(fSSL, Self); - if error <= 0 then begin - EIdOSSLDataBindingError.RaiseException(fSSL, error, RSSSLDataBindingError); + Error := SSL_set_app_data(fSSL, Self); + if Error <= 0 then + begin + EIdOSSLDataBindingError.RaiseException(fSSL, Error, RSSSLDataBindingError); end; - error := SSL_set_fd(fSSL, pHandle); - if error <= 0 then begin - EIdOSSLFDSetError.RaiseException(fSSL, error, RSSSLFDSetError); + Error := SSL_set_fd(fSSL, pHandle); + if Error <= 0 then + begin + EIdOSSLFDSetError.RaiseException(fSSL, Error, RSSSLFDSetError); end; // RLebeau: if this socket's IOHandler was cloned, reuse the // original IOHandler's active session ID... if (LParentIO <> nil) and (LParentIO.fSSLSocket <> nil) and - (LParentIO.fSSLSocket <> Self) then + (LParentIO.fSSLSocket <> Self) then begin SSL_copy_session_id(fSSL, LParentIO.fSSLSocket.fSSL); end; - {$IFNDEF OPENSSL_NO_TLSEXT} - error := SSL_set_tlsext_host_name(fSSL, fHostName); - if error <= 0 then begin +{$IFNDEF OPENSSL_NO_TLSEXT} + Error := SSL_set_tlsext_host_name(fSSL, fHostName); + if Error <= 0 then + begin // RLebeau: for the time being, not raising an exception on error, as I don't // know which OpenSSL versions support this extension, and which error code(s) // are safe to ignore on those versions... - //EIdOSSLSettingTLSHostNameError.RaiseException(fSSL, error, RSSSLSettingTLSHostNameError); + // EIdOSSLSettingTLSHostNameError.RaiseException(fSSL, error, RSSSLSettingTLSHostNameError); end; - {$ENDIF} - error := SSL_connect(fSSL); - if error <= 0 then begin +{$ENDIF} + Error := SSL_connect(fSSL); + if Error <= 0 then + begin // TODO: if sslv23 is being used, but sslv23 is not being used on the // remote side, SSL_connect() will fail. In that case, before giving up, // try re-connecting using a version-specific method for each enabled // version, maybe one will succeed... - EIdOSSLConnectError.RaiseException(fSSL, error, RSSSLConnectError); + EIdOSSLConnectError.RaiseException(fSSL, Error, RSSSLConnectError); end; // TODO: even if SSL_connect() returns success, the connection might // still be insecure if SSL_connect() detected that certificate validation @@ -3811,30 +3956,31 @@ procedure TIdSSLSocket.Connect(const pHandle: TIdStackSocketHandle); // It would report such a failure via SSL_get_verify_result() instead of // returning an error code, so we should call SSL_get_verify_result() here // to make sure... - if LParentIO <> nil then begin - StatusStr := 'Cipher: name = ' + Cipher.Name + '; ' + {Do not Localize} - 'description = ' + Cipher.Description + '; ' + {Do not Localize} - 'bits = ' + IntToStr(Cipher.Bits) + '; ' + {Do not Localize} - 'version = ' + Cipher.Version + '; '; {Do not Localize} + if LParentIO <> nil then + begin + StatusStr := 'Cipher: name = ' + Cipher.Name + '; ' + { Do not Localize } + 'description = ' + Cipher.Description + '; ' + { Do not Localize } + 'bits = ' + IntToStr(Cipher.Bits) + '; ' + { Do not Localize } + 'version = ' + Cipher.Version + '; '; { Do not Localize } LParentIO.DoStatusInfo(StatusStr); end; // TODO: enable this { - var + var peercert: PX509; lHostName: AnsiString; - peercert := SSL_get_peer_certificate(fSSL); - try + peercert := SSL_get_peer_certificate(fSSL); + try lHostName := AnsiString(fHostName); if (X509_check_host(peercert, PByte(PAnsiChar(lHostName)), Length(lHostName), 0) != 1) and - (not certificate_host_name_override(peercert, PAnsiChar(lHostName)) then + (not certificate_host_name_override(peercert, PAnsiChar(lHostName)) then begin - EIdOSSLCertificateError.RaiseException(fSSL, error, 'SSL certificate does not match host name'); + EIdOSSLCertificateError.RaiseException(fSSL, error, 'SSL certificate does not match host name'); end; - finally + finally X509_free(peercert); - end; -} + end; + } end; function TIdSSLSocket.Recv(var ABuffer: TIdBytes): Integer; @@ -3843,46 +3989,58 @@ function TIdSSLSocket.Recv(var ABuffer: TIdBytes): Integer; begin repeat ret := SSL_read(fSSL, PByte(ABuffer), Length(ABuffer)); - if ret > 0 then begin + if ret > 0 then + begin Result := ret; Exit; end; err := GetSSLError(ret); - if (err = SSL_ERROR_WANT_READ) or (err = SSL_ERROR_WANT_WRITE) then begin + if (err = SSL_ERROR_WANT_READ) or (err = SSL_ERROR_WANT_WRITE) then + begin Continue; end; - if err = SSL_ERROR_ZERO_RETURN then begin + if err = SSL_ERROR_ZERO_RETURN then + begin Result := 0; - end else begin + end + else + begin Result := ret; end; Exit; until False; end; -function TIdSSLSocket.Send(const ABuffer: TIdBytes; AOffset, ALength: Integer): Integer; +function TIdSSLSocket.Send(const ABuffer: TIdBytes; + AOffset, ALength: Integer): Integer; var ret, err: Integer; begin Result := 0; repeat ret := SSL_write(fSSL, @ABuffer[AOffset], ALength); - if ret > 0 then begin + if ret > 0 then + begin Inc(Result, ret); Inc(AOffset, ret); Dec(ALength, ret); - if ALength < 1 then begin + if ALength < 1 then + begin Exit; end; Continue; end; err := GetSSLError(ret); - if (err = SSL_ERROR_WANT_READ) or (err = SSL_ERROR_WANT_WRITE) then begin + if (err = SSL_ERROR_WANT_READ) or (err = SSL_ERROR_WANT_WRITE) then + begin Continue; end; - if err = SSL_ERROR_ZERO_RETURN then begin + if err = SSL_ERROR_ZERO_RETURN then + begin Result := 0; - end else begin + end + else + begin Result := ret; end; Exit; @@ -3893,9 +4051,11 @@ function TIdSSLSocket.GetPeerCert: TIdX509; var LX509: PX509; begin - if fPeerCert = nil then begin + if fPeerCert = nil then + begin LX509 := SSL_get_peer_certificate(fSSL); - if LX509 <> nil then begin + if LX509 <> nil then + begin fPeerCert := TIdX509.Create(LX509, False); end; end; @@ -3904,7 +4064,8 @@ function TIdSSLSocket.GetPeerCert: TIdX509; function TIdSSLSocket.GetSSLCipher: TIdSSLCipher; begin - if (fSSLCipher = nil) and (fSSL<>nil) then begin + if (fSSLCipher = nil) and (fSSL <> nil) then + begin fSSLCipher := TIdSSLCipher.Create(Self); end; Result := fSSLCipher; @@ -3918,86 +4079,103 @@ function TIdSSLSocket.GetSessionID: TIdSSLByteArray; Result.Data := nil; if Assigned(SSL_get_session) and Assigned(SSL_SESSION_get_id) then begin - if fSSL <> nil then begin + if fSSL <> nil then + begin pSession := SSL_get_session(fSSL); - if pSession <> nil then begin + if pSession <> nil then + begin Result.Data := PByte(SSL_SESSION_get_id(pSession, @Result.Length)); end; end; end; end; -function TIdSSLSocket.GetSessionIDAsString:String; +function TIdSSLSocket.GetSessionIDAsString: String; var Data: TIdSSLByteArray; i: TIdC_UINT; LDataPtr: PByte; begin - Result := ''; {Do not Localize} + Result := ''; { Do not Localize } Data := GetSessionID; - if Data.Length > 0 then begin - for i := 0 to Data.Length-1 do begin + if Data.Length > 0 then + begin + for i := 0 to Data.Length - 1 do + begin // RLebeau: not all Delphi versions support indexed access using PByte LDataPtr := Data.Data; - Inc(LDataPtr, I); - Result := Result + IndyFormat('%.2x', [LDataPtr^]);{do not localize} + Inc(LDataPtr, i); + Result := Result + IndyFormat('%.2x', [LDataPtr^]); { do not localize } end; end; end; procedure TIdSSLSocket.SetCipherList(CipherList: String); -//var -// tmpPStr: PAnsiChar; +// var +// tmpPStr: PAnsiChar; begin -{ - fCipherList := CipherList; - fCipherList_Ch := True; - aCipherList := aCipherList+#0; - if hSSL <> nil then f_SSL_set_cipher_list(hSSL, @aCipherList[1]); -} + { + fCipherList := CipherList; + fCipherList_Ch := True; + aCipherList := aCipherList+#0; + if hSSL <> nil then f_SSL_set_cipher_list(hSSL, @aCipherList[1]); + } end; -/////////////////////////////////////////////////////////////// -// X509 Certificate -/////////////////////////////////////////////////////////////// +/// //////////////////////////////////////////////////////////// +// X509 Certificate +/// //////////////////////////////////////////////////////////// { TIdX509Name } function TIdX509Name.CertInOneLine: String; var - LOneLine: array[0..2048] of TIdAnsiChar; + LOneLine: array [0 .. 2048] of TIdAnsiChar; begin - if FX509Name = nil then begin - Result := ''; {Do not Localize} - end else begin - Result := String(X509_NAME_oneline(FX509Name, @LOneLine[0], SizeOf(LOneLine))); + if fX509Name = nil then + begin + Result := ''; { Do not Localize } + end + else + begin + Result := String(X509_NAME_oneline(fX509Name, @LOneLine[0], + SizeOf(LOneLine))); end; end; function TIdX509Name.GetHash: TIdSSLULong; begin - if FX509Name = nil then begin + if fX509Name = nil then + begin FillChar(Result, SizeOf(Result), 0) - end else begin - Result.C1 := X509_NAME_hash(FX509Name); + end + else + begin + if Assigned(X509_NAME_hash) then + begin + Result.C1 := X509_NAME_hash(fX509Name); + end + else + begin + Result.C1 := X509_NAME_hash_ex(fX509Name, nil, nil, nil); + end; end; end; function TIdX509Name.GetHashAsString: String; begin - Result := IndyFormat('%.8x', [Hash.L1]); {do not localize} + Result := IndyFormat('%.8x', [Hash.L1]); { do not localize } end; constructor TIdX509Name.Create(aX509Name: PX509_NAME); begin Inherited Create; - FX509Name := aX509Name; + fX509Name := aX509Name; end; - -/////////////////////////////////////////////////////////////// -// X509 Certificate -/////////////////////////////////////////////////////////////// +/// //////////////////////////////////////////////////////////// +// X509 Certificate +/// //////////////////////////////////////////////////////////// { TIdX509Info } @@ -4030,74 +4208,98 @@ function TIdX509Fingerprints.GetSHA1AsString: String; Result := MDAsString(SHA1); end; -function TIdX509Fingerprints.GetSHA224 : TIdSSLEVP_MD; +function TIdX509Fingerprints.GetSHA224: TIdSSLEVP_MD; begin - if Assigned(EVP_sha224) then begin + if Assigned(EVP_sha224) then + begin X509_digest(FX509, EVP_sha224, PByte(@Result.MD), Result.Length); - end else begin + end + else + begin FillChar(Result, SizeOf(Result), 0); end; end; -function TIdX509Fingerprints.GetSHA224AsString : String; +function TIdX509Fingerprints.GetSHA224AsString: String; begin - if Assigned(EVP_sha224) then begin + if Assigned(EVP_sha224) then + begin Result := MDAsString(SHA224); - end else begin + end + else + begin Result := ''; end; end; -function TIdX509Fingerprints.GetSHA256 : TIdSSLEVP_MD; +function TIdX509Fingerprints.GetSHA256: TIdSSLEVP_MD; begin - if Assigned(EVP_sha256) then begin + if Assigned(EVP_sha256) then + begin X509_digest(FX509, EVP_sha256, PByte(@Result.MD), Result.Length); - end else begin + end + else + begin FillChar(Result, SizeOf(Result), 0); end; end; -function TIdX509Fingerprints.GetSHA256AsString : String; +function TIdX509Fingerprints.GetSHA256AsString: String; begin - if Assigned(EVP_sha256) then begin + if Assigned(EVP_sha256) then + begin Result := MDAsString(SHA256); - end else begin + end + else + begin Result := ''; end; end; -function TIdX509Fingerprints.GetSHA384 : TIdSSLEVP_MD; +function TIdX509Fingerprints.GetSHA384: TIdSSLEVP_MD; begin - if Assigned(EVP_SHA384) then begin + if Assigned(EVP_SHA384) then + begin X509_digest(FX509, EVP_SHA384, PByte(@Result.MD), Result.Length); - end else begin + end + else + begin FillChar(Result, SizeOf(Result), 0); end; end; -function TIdX509Fingerprints.GetSHA384AsString : String; +function TIdX509Fingerprints.GetSHA384AsString: String; begin - if Assigned(EVP_SHA384) then begin + if Assigned(EVP_SHA384) then + begin Result := MDAsString(SHA384); - end else begin + end + else + begin Result := ''; end; end; -function TIdX509Fingerprints.GetSHA512 : TIdSSLEVP_MD; +function TIdX509Fingerprints.GetSHA512: TIdSSLEVP_MD; begin - if Assigned(EVP_sha512) then begin + if Assigned(EVP_sha512) then + begin X509_digest(FX509, EVP_sha512, PByte(@Result.MD), Result.Length); - end else begin + end + else + begin FillChar(Result, SizeOf(Result), 0); end; end; -function TIdX509Fingerprints.GetSHA512AsString : String; +function TIdX509Fingerprints.GetSHA512AsString: String; begin - if Assigned(EVP_sha512) then begin + if Assigned(EVP_sha512) then + begin Result := MDAsString(SHA512); - end else begin + end + else + begin Result := ''; end; end; @@ -4105,8 +4307,10 @@ function TIdX509Fingerprints.GetSHA512AsString : String; { TIdX509SigInfo } function TIdX509SigInfo.GetSignature: String; +var LASN1String : ASN1_BIT_STRING; begin - Result := BytesToHexString(FX509^.signature^.data, FX509^.signature^.length); + X509_get0_signature(@LASN1String, nil, FX509); + Result := BytesToHexString(LASN1String.data, LASN1String.length); end; function TIdX509SigInfo.GetSigType: TIdC_INT; @@ -4124,7 +4328,7 @@ function TIdX509SigInfo.GetSigTypeAsString: String; constructor TIdX509.Create(aX509: PX509; aCanFreeX509: Boolean = True); begin inherited Create; - //don't create FDisplayInfo unless specifically requested. + // don't create FDisplayInfo unless specifically requested. FDisplayInfo := nil; FX509 := aX509; FCanFreeX509 := aCanFreeX509; @@ -4142,19 +4346,20 @@ destructor TIdX509.Destroy; FreeAndNil(FFingerprints); FreeAndNil(FSigInfo); { If the X.509 certificate handle was obtained from a certificate - store or from the SSL connection as a peer certificate, then DO NOT - free it here! The memory is owned by the OpenSSL library and will - crash the library if Indy tries to free its private memory here } - if FCanFreeX509 then begin + store or from the SSL connection as a peer certificate, then DO NOT + free it here! The memory is owned by the OpenSSL library and will + crash the library if Indy tries to free its private memory here } + if FCanFreeX509 then + begin X509_free(FX509); end; inherited Destroy; end; - function TIdX509.GetDisplayInfo: TStrings; begin - if not Assigned(FDisplayInfo) then begin + if not Assigned(FDisplayInfo) then + begin FDisplayInfo := TStringList.Create; DumpCert(FDisplayInfo, FX509); end; @@ -4163,17 +4368,20 @@ function TIdX509.GetDisplayInfo: TStrings; function TIdX509.GetSerialNumber: String; var - LSN : PASN1_INTEGER; + LSN: PASN1_INTEGER; begin - if FX509 <> nil then begin + if FX509 <> nil then + begin LSN := X509_get_serialNumber(FX509); - Result := BytesToHexString(LSN.data, LSN.length); - end else begin + Result := BytesToHexString(LSN.Data, LSN.Length); + end + else + begin Result := ''; end; end; -function TIdX509.GetVersion : TIdC_LONG; +function TIdX509.GetVersion: TIdC_LONG; begin Result := X509_get_version(FX509); end; @@ -4182,10 +4390,14 @@ function TIdX509.RSubject: TIdX509Name; var Lx509_name: PX509_NAME; Begin - if not Assigned(FSubject) then begin - if FX509 <> nil then begin + if not Assigned(FSubject) then + begin + if FX509 <> nil then + begin Lx509_name := X509_get_subject_name(FX509); - end else begin + end + else + begin Lx509_name := nil; end; FSubject := TIdX509Name.Create(Lx509_name); @@ -4197,10 +4409,14 @@ function TIdX509.RIssuer: TIdX509Name; var Lx509_name: PX509_NAME; begin - if not Assigned(FIssuer) then begin - if FX509 <> nil then begin + if not Assigned(FIssuer) then + begin + if FX509 <> nil then + begin Lx509_name := X509_get_issuer_name(FX509); - end else begin + end + else + begin Lx509_name := nil; end; FIssuer := TIdX509Name.Create(Lx509_name); @@ -4220,31 +4436,37 @@ function TIdX509.RFingerprintAsString: String; function TIdX509.RnotBefore: TDateTime; begin - if FX509 = nil then begin + if FX509 = nil then + begin Result := 0 - end else begin - //This is a safe typecast since PASN1_UTCTIME and PASN1_TIME are really - //pointers to ASN1 strings since ASN1_UTCTIME amd ASM1_TIME are ASN1_STRING. + end + else + begin + // This is a safe typecast since PASN1_UTCTIME and PASN1_TIME are really + // pointers to ASN1 strings since ASN1_UTCTIME amd ASM1_TIME are ASN1_STRING. Result := UTCTime2DateTime(PASN1_UTCTIME(X509_get_notBefore(FX509))); end; end; -function TIdX509.RnotAfter:TDateTime; +function TIdX509.RnotAfter: TDateTime; begin - if FX509 = nil then begin + if FX509 = nil then + begin Result := 0 - end else begin + end + else + begin Result := UTCTime2DateTime(PASN1_UTCTIME(X509_get_notAfter(FX509))); end; end; -/////////////////////////////////////////////////////////////// -// TIdSSLCipher -/////////////////////////////////////////////////////////////// +/// //////////////////////////////////////////////////////////// +// TIdSSLCipher +/// //////////////////////////////////////////////////////////// constructor TIdSSLCipher.Create(AOwner: TIdSSLSocket); begin inherited Create; - FSSLSocket := AOwner; + fSSLSocket := AOwner; end; destructor TIdSSLCipher.Destroy; @@ -4254,47 +4476,49 @@ destructor TIdSSLCipher.Destroy; function TIdSSLCipher.GetDescription; var - Buf: array[0..1024] of TIdAnsiChar; + buf: array [0 .. 1024] of TIdAnsiChar; begin - Result := String(SSL_CIPHER_description(SSL_get_current_cipher(FSSLSocket.fSSL), @Buf[0], SizeOf(Buf)-1)); + Result := String(SSL_CIPHER_description(SSL_get_current_cipher + (fSSLSocket.fSSL), @buf[0], SizeOf(buf) - 1)); end; -function TIdSSLCipher.GetName:String; +function TIdSSLCipher.GetName: String; begin - Result := String(SSL_CIPHER_get_name(SSL_get_current_cipher(FSSLSocket.fSSL))); + Result := String(SSL_CIPHER_get_name(SSL_get_current_cipher + (fSSLSocket.fSSL))); end; -function TIdSSLCipher.GetBits:TIdC_INT; +function TIdSSLCipher.GetBits: TIdC_INT; begin - SSL_CIPHER_get_bits(SSL_get_current_cipher(FSSLSocket.fSSL), Result); + SSL_CIPHER_get_bits(SSL_get_current_cipher(fSSLSocket.fSSL), Result); end; -function TIdSSLCipher.GetVersion:String; +function TIdSSLCipher.GetVersion: String; begin - Result := String(SSL_CIPHER_get_version(SSL_get_current_cipher(FSSLSocket.fSSL))); + Result := String(SSL_CIPHER_get_version(SSL_get_current_cipher + (fSSLSocket.fSSL))); end; -{$I IdSymbolDeprecatedOff.inc} - initialization - Assert(SSLIsLoaded=nil); - SSLIsLoaded := TIdThreadSafeBoolean.Create; - - {$I IdSymbolDeprecatedOff.inc} - RegisterSSL('OpenSSL','Indy Pit Crew', {do not localize} - 'Copyright '+Char(169)+' 1993 - 2023'#10#13 + {do not localize} - 'Chad Z. Hower (Kudzu) and the Indy Pit Crew. All rights reserved.', {do not localize} - 'Open SSL Support DLL Delphi and C++Builder interface', {do not localize} - 'http://www.indyproject.org/'#10#13 + {do not localize} - 'Original Author - Gregor Ibic', {do not localize} - TIdSSLIOHandlerSocketOpenSSL, - TIdServerIOHandlerSSLOpenSSL); - {$I IdSymbolDeprecatedOn.inc} - - TIdSSLIOHandlerSocketOpenSSL.RegisterIOHandler; + +Assert(SSLIsLoaded = nil); +SSLIsLoaded := TIdThreadSafeBoolean.Create; + +RegisterSSL('OpenSSL', 'Indy Pit Crew', { do not localize } + 'Copyright ' + Char(169) + ' 1993 - 2023'#10#13 + { do not localize } + 'Chad Z. Hower (Kudzu) and the Indy Pit Crew. All rights reserved.', + { do not localize } + 'Open SSL Support DLL Delphi and C++Builder interface', { do not localize } + 'http://www.indyproject.org/'#10#13 + { do not localize } + 'Original Author - Gregor Ibic', { do not localize } + TIdSSLIOHandlerSocketOpenSSL, TIdServerIOHandlerSSLOpenSSL); +TIdSSLIOHandlerSocketOpenSSL.RegisterIOHandler; + finalization - // TODO: TIdSSLIOHandlerSocketOpenSSL.UnregisterIOHandler; - UnLoadOpenSSLLibrary; - //free the lock last as unload makes calls that use it - FreeAndNil(SSLIsLoaded); + +// TODO: TIdSSLIOHandlerSocketOpenSSL.UnregisterIOHandler; +UnLoadOpenSSLLibrary; +// free the lock last as unload makes calls that use it +FreeAndNil(SSLIsLoaded); + end. diff --git a/IdSSLOpenSSLHeaders.pas b/IdSSLOpenSSLHeaders.pas index aa006c1..5a5a0ad 100644 --- a/IdSSLOpenSSLHeaders.pas +++ b/IdSSLOpenSSLHeaders.pas @@ -155,9 +155,6 @@ interface {$I IdCompilerDefines.inc} -{$IFNDEF USE_OPENSSL} - {$message error Should not compile if USE_OPENSSL is not defined!!!} -{$ENDIF} {$WRITEABLECONST OFF} {$IFNDEF FPC} @@ -822,6 +819,63 @@ interface cNull: TIdAnsiChar = 0; {$ENDIF} + + //* Standard initialisation options */ + {$EXTERNALSYM OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS} + OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS = $00000001; + {$EXTERNALSYM OPENSSL_INIT_LOAD_CRYPTO_STRINGS} + OPENSSL_INIT_LOAD_CRYPTO_STRINGS = $00000002; + {$EXTERNALSYM OPENSSL_INIT_ADD_ALL_CIPHERS} + OPENSSL_INIT_ADD_ALL_CIPHERS = $00000004; + {$EXTERNALSYM OPENSSL_INIT_ADD_ALL_DIGESTS} + OPENSSL_INIT_ADD_ALL_DIGESTS = $00000008; + {$EXTERNALSYM OPENSSL_INIT_NO_ADD_ALL_CIPHERS} + OPENSSL_INIT_NO_ADD_ALL_CIPHERS = $00000010; + {$EXTERNALSYM OPENSSL_INIT_NO_ADD_ALL_DIGESTS} + OPENSSL_INIT_NO_ADD_ALL_DIGESTS = $00000020; + {$EXTERNALSYM OPENSSL_INIT_LOAD_CONFIG} + OPENSSL_INIT_LOAD_CONFIG = $00000040; + {$EXTERNALSYM OPENSSL_INIT_NO_LOAD_CONFIG} + OPENSSL_INIT_NO_LOAD_CONFIG = $00000080; + {$EXTERNALSYM OPENSSL_INIT_ASYNC} + OPENSSL_INIT_ASYNC = $00000100; + {$EXTERNALSYM OPENSSL_INIT_ENGINE_RDRAND} + OPENSSL_INIT_ENGINE_RDRAND = $00000200; + {$EXTERNALSYM OPENSSL_INIT_ENGINE_DYNAMIC} + OPENSSL_INIT_ENGINE_DYNAMIC = $00000400; + {$EXTERNALSYM OPENSSL_INIT_ENGINE_OPENSSL} + OPENSSL_INIT_ENGINE_OPENSSL = $00000800; + {$EXTERNALSYM OPENSSL_INIT_ENGINE_CRYPTODEV} + OPENSSL_INIT_ENGINE_CRYPTODEV = $00001000; + {$EXTERNALSYM OPENSSL_INIT_ENGINE_CAPI} + OPENSSL_INIT_ENGINE_CAPI = $00002000; + {$EXTERNALSYM OPENSSL_INIT_ENGINE_PADLOCK} + OPENSSL_INIT_ENGINE_PADLOCK = $00004000; + {$EXTERNALSYM OPENSSL_INIT_ENGINE_AFALG} + OPENSSL_INIT_ENGINE_AFALG = $00008000; +//* OPENSSL_INIT_ZLIB 0x00010000L */ + {$EXTERNALSYM OPENSSL_INIT_ATFORK} + OPENSSL_INIT_ATFORK = $00020000; +//* OPENSSL_INIT_BASE_ONLY 0x00040000L */ + {$EXTERNALSYM OPENSSL_INIT_NO_ATEXIT} + OPENSSL_INIT_NO_ATEXIT = $00080000; +//* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ +//* Max OPENSSL_INIT flag value is 0x80000000 */ + +//* openssl and dasync not counted as builtin */ + {$EXTERNALSYM OPENSSL_INIT_ENGINE_ALL_BUILTIN} + OPENSSL_INIT_ENGINE_ALL_BUILTIN = (OPENSSL_INIT_ENGINE_RDRAND or + OPENSSL_INIT_ENGINE_DYNAMIC or OPENSSL_INIT_ENGINE_CRYPTODEV or + OPENSSL_INIT_ENGINE_CAPI or OPENSSL_INIT_ENGINE_PADLOCK); + + // OPENSSL_INIT flag 0x010000 reserved for internal use + {$EXTERNALSYM OPENSSL_INIT_LOAD_SSL_STRINGS} + OPENSSL_INIT_LOAD_SSL_STRINGS = $00200000; + {$EXTERNALSYM OPENSSL_INIT_NO_LOAD_SSL_STRINGS} + OPENSSL_INIT_NO_LOAD_SSL_STRINGS = $00100000; + {$EXTERNALSYM OPENSSL_INIT_SSL_DEFAULT} + OPENSSL_INIT_SSL_DEFAULT = (OPENSSL_INIT_LOAD_SSL_STRINGS or OPENSSL_INIT_LOAD_CRYPTO_STRINGS); + {$EXTERNALSYM CONF_MFLAGS_IGNORE_ERRORS} CONF_MFLAGS_IGNORE_ERRORS = $1; {$EXTERNALSYM CONF_MFLAGS_IGNORE_RETURN_CODES} @@ -6938,9 +6992,6 @@ interface {$EXTERNALSYM SSL_AD_UNKNOWN_PSK_IDENTITY} SSL_AD_UNKNOWN_PSK_IDENTITY = TLS1_AD_UNKNOWN_PSK_IDENTITY; //* fatal */ - - - {$EXTERNALSYM SSL_CTRL_NEED_TMP_RSA} SSL_CTRL_NEED_TMP_RSA = 1; {$EXTERNALSYM SSL_CTRL_SET_TMP_RSA} @@ -7030,6 +7081,10 @@ interface {$EXTERNALSYM DTLS_CTRL_LISTEN} DTLS_CTRL_LISTEN = 75; + {$EXTERNALSYM SSL_CTRL_SET_MIN_PROTO_VERSION} + SSL_CTRL_SET_MIN_PROTO_VERSION = 123; //OpenSSL 1.1.0 + {$EXTERNALSYM SSL_CTRL_SET_MAX_PROTO_VERSION} + SSL_CTRL_SET_MAX_PROTO_VERSION = 124; //OpenSSL 1.1.0 {$EXTERNALSYM SSL_CTRL_GET_RI_SUPPORT} SSL_CTRL_GET_RI_SUPPORT = 76; {$EXTERNALSYM SSL_CTRL_CLEAR_OPTIONS} @@ -7645,6 +7700,8 @@ interface SSL_OP_NO_TLSv1_2 = $08000000; {$EXTERNALSYM SSL_OP_NO_TLSv1_1} SSL_OP_NO_TLSv1_1 = $10000000; + {$EXTERNALSYM SSL_OP_NO_TLSv1_3} + SSL_OP_NO_TLSv1_3 = $20000000; {$EXTERNALSYM SSL_OP_PKCS1_CHECK_1} SSL_OP_PKCS1_CHECK_1 = $00; //was $08000000; {$EXTERNALSYM SSL_OP_PKCS1_CHECK_2} @@ -8344,6 +8401,8 @@ interface TLS1_2_VERSION_MAJOR = $03; {$EXTERNALSYM TLS1_2_VERSION_MINOR} TLS1_2_VERSION_MINOR = $03; + {$EXTERNALSYM TLS1_3_VERSION} + TLS1_3_VERSION = $0304; {$EXTERNALSYM TLS1_1_VERSION} TLS1_1_VERSION = $0302; {$EXTERNALSYM TLS1_1_VERSION_MAJOR} @@ -11156,6 +11215,10 @@ interface PPointer = ^Pointer; {$ENDIF} + {$EXTERNALSYM POSSL_LIB_CTX} + POSSL_LIB_CTX = pointer; + {$EXTERNALSYM POPENSSL_INIT_SETTINGS} + POPENSSL_INIT_SETTINGS = pointer; //This is just a synthasis since Pascal probably has what we need. //In C, the OpenSSL developers were using the PQ_64BIT moniker //to ensure that they had a value that is always 64bit. @@ -11183,7 +11246,7 @@ STACK = record {$EXTERNALSYM PSTACK_OF_POINTER} PSTACK_OF_POINTER = Pointer; {$NODEFINE PSSL} - PSSL = ^SSL; + PSSL = Pointer; //opensslconf.h {$IFNDEF OPENSSL_NO_MD2} {$EXTERNALSYM MD2_INT} @@ -11263,13 +11326,8 @@ OPENSSL_ITEM = record value_size : size_t; //* Max size of value for output, length for input */ value_length : Psize_t; //* Returned length of value for output */ end; - {$EXTERNALSYM CRYPTO_EX_DATA} - CRYPTO_EX_DATA = record - sk : PSTACK; - dummy : TIdC_INT; // gcc is screwing up this data structure :-( - end; {$EXTERNALSYM PCRYPTO_EX_DATA} - PCRYPTO_EX_DATA = ^CRYPTO_EX_DATA; + PCRYPTO_EX_DATA = pointer; { /* Some applications as well as some parts of OpenSSL need to allocate and deallocate locks in a dynamic fashion. The following typedef @@ -11289,12 +11347,12 @@ CRYPTO_dynlock = record //typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, // int idx, long argl, void *argp); {$EXTERNALSYM CRYPTO_EX_new} - CRYPTO_EX_new = function(parent : Pointer; ptr : Pointer; ad : CRYPTO_EX_DATA; + CRYPTO_EX_new = function(parent : Pointer; ptr : Pointer; ad : PCRYPTO_EX_DATA; idx : TIdC_INT; arg1 : TIdC_LONG; argp : Pointer) : TIdC_INT; cdecl; //typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, // int idx, long argl, void *argp); {$EXTERNALSYM CRYPTO_EX_free} - CRYPTO_EX_free = procedure (parent : Pointer; ptr : Pointer; ad : CRYPTO_EX_DATA; + CRYPTO_EX_free = procedure (parent : Pointer; ptr : Pointer; ad : PCRYPTO_EX_DATA; idx : TIdC_INT; arg1 : TIdC_LONG; argp : Pointer); cdecl; //typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, // int idx, long argl, void *argp); @@ -11353,15 +11411,6 @@ ERR_STATE = record {$EXTERNALSYM FIPS_RAND_SIZE_T} FIPS_RAND_SIZE_T = TIdC_int; {$ENDIF} - {$EXTERNALSYM RAND_METHOD} - RAND_METHOD = record - seed : procedure (const buf : Pointer; num : TIdC_INT) cdecl; - bytes : function(const buf : PIdAnsiChar; num : TIdC_INT) : TIdC_INT cdecl; - cleanup : procedure cdecl; - add : procedure (const buf : Pointer; num : TIdC_INT; entropy : TIdC_DOUBLE) cdecl; - pseudorand : function(buf : PIdAnsiChar; num : TIdC_INT) : TIdC_INT cdecl; - status : function : TIdC_INT cdecl; - end; //bn.h {$IFDEF SIXTY_FOUR_BIT_LONG} {$EXTERNALSYM BN_ULLONG} @@ -11395,17 +11444,8 @@ RAND_METHOD = record PBN_LONG = ^BN_LONG; {$EXTERNALSYM PBN_ULONG} PBN_ULONG = ^BN_ULONG; - {$EXTERNALSYM BIGNUM} - BIGNUM = record - d : PBN_ULONG; // Pointer to an array of 'BN_BITS2' bit chunks. - top : TIdC_INT; // Index of last used d +1. - // The next are internal book keeping for bn_expand. - dmax : TIdC_INT; // Size of the d array. - neg : TIdC_INT; // one if the number is negative - flags : TIdC_INT; - end; {$EXTERNALSYM PBIGNUM} - PBIGNUM = ^BIGNUM; + PBIGNUM = Pointer; // BN_CTX = record //This is defined internally. I don't want to do anything with an internal structure. // end; @@ -11414,46 +11454,17 @@ // BN_CTX = record {$EXTERNALSYM PPBN_CTX} PPBN_CTX = ^PBN_CTX; // Used for montgomery multiplication - {$EXTERNALSYM BN_MONT_CTX} - BN_MONT_CTX = record - ri : TIdC_INT; // number of bits in R - RR : BIGNUM; // used to convert to montgomery form - N : BIGNUM; // The modulus - Ni : BIGNUM; // R*(1/R mod N) - N*Ni = 1 - // (Ni is only stored for bignum algorithm) -{#if 0 - /* OpenSSL 0.9.9 preview: */ - BN_ULONG n0[2];/* least significant word(s) of Ni */ -#else - BN_ULONG n0; /* least significant word of Ni */ -#endif} - {$IFNDEF USE_THIS} - //* OpenSSL 0.9.9 preview: */ - n0 : array [0..1] of BN_ULONG; - {$ELSE} - n0 : BN_ULONG; // least significant word of Ni - {$ENDIF} - flags : TIdC_INT; - end; {$EXTERNALSYM PBN_MONT_CTX} - PBN_MONT_CTX = ^BN_MONT_CTX; + PBN_MONT_CTX = Pointer; // BN_BLINDING = record //I can't locate any information about the record fields in this. // end; {$EXTERNALSYM PBN_BLINDING} PBN_BLINDING = pointer;//^BN_BLINDING; - {$EXTERNALSYM BN_RECP_CTX} - BN_RECP_CTX = record - N : BIGNUM; // the divisor - Nr : BIGNUM; // the reciprocal - num_bits : TIdC_INT; - shift : TIdC_INT; - flags : TIdC_INT; - end; {$EXTERNALSYM PBN_RECP_CTX} - PBN_RECP_CTX = ^BN_RECP_CTX; + PBN_RECP_CTX = pointer; {$EXTERNALSYM PBN_GENCB} - PBN_GENCB = ^BN_GENCB; + PBN_GENCB = pointer; {$EXTERNALSYM PPBN_GENCB} PPBN_GENCB = ^PBN_GENCB; {$EXTERNALSYM BN_cb_1} @@ -11468,12 +11479,6 @@ BN_GENCB_union = record // if(ver==2) - new callback style 1 : (cb_2 : BN_cb_2); end; - {$EXTERNALSYM BN_GENCB} - BN_GENCB = record - ver : TIdC_UINT; // To handle binary (in)compatibility - arg : Pointer; // callback-specific data - cb : BN_GENCB_union; - end; //aes.h //seed.h @@ -11643,7 +11648,7 @@ STACK_OF_UI_STRING = record //bio.h //http://www.openssl.org/docs/crypto/bio.html {$EXTERNALSYM PBIO} - PBIO = ^BIO; + PBIO = Pointer; {$EXTERNALSYM PBIO_METHOD} PBIO_METHOD = ^BIO_METHOD; {$EXTERNALSYM Pbio_info_cb} @@ -11662,26 +11667,6 @@ BIO_METHOD = record destroy : function (_para1 : PBIO) : TIdC_INT; cdecl; callback_ctrl : function (_para1 : PBIO; _para2 : TIdC_INT; _para3 : pbio_info_cb): TIdC_LONG; cdecl; end; - BIO = record - method : PBIO_METHOD; - // bio, mode, argp, argi, argl, ret - callback : function (_para1 : PBIO; _para2 : TIdC_INT; _para3 : PIdAnsiChar; - _para4 : TIdC_INT; _para5, _para6 : TIdC_LONG) : TIdC_LONG cdecl; - cb_arg : PIdAnsiChar; // first argument for the callback - init : TIdC_INT; - shutdown : TIdC_INT; - flags : TIdC_INT; // extra storage - retry_reason : TIdC_INT; - num : TIdC_INT; - ptr : Pointer; - next_bio : PBIO; // used by filter BIOs - prev_bio : PBIO; // used by filter BIOs - references : TIdC_INT; - num_read : TIdC_ULONG; - num_write : TIdC_ULONG; - ex_data : CRYPTO_EX_DATA; - end; - {$EXTERNALSYM BIO} {$EXTERNALSYM BIO_F_BUFFER_CTX} BIO_F_BUFFER_CTX = record { @@ -11712,9 +11697,6 @@ BIO_F_BUFFER_CTX = record {$EXTERNALSYM asn1_ps_function} asn1_ps_function = function (b : PBIO; pbuf : PPIdAnsiChar; plen : PIdC_INT; parg : Pointer) : TIdC_INT cdecl; //struct from engine.h -// ENGINE = record - //I don't have any info about record fields. -// end; {$EXTERNALSYM PENGINE} PENGINE = Pointer;//^ENGINE; {$EXTERNALSYM PPENGINE} @@ -12075,87 +12057,18 @@ STACK_OF_ASN1_STRING_TABLE = record FIPS_RSA_SIZE_T = TIdC_int; {$ENDIF} {$EXTERNALSYM PRSA} - PRSA = ^RSA; + PRSA = Pointer; {$EXTERNALSYM PPRSA} PPRSA =^PRSA; - {$EXTERNALSYM RSA_METHOD} - RSA_METHOD = record - name : PIdAnsiChar; - rsa_pub_enc : function (flen : TIdC_INT; const from : PIdAnsiChar; - _to : PIdAnsiChar; rsa : PRSA; padding : TIdC_INT) : TIdC_INT; cdecl; - rsa_pub_dec : function (flen : TIdC_INT; const from : PIdAnsiChar; - _to : PIdAnsiChar; rsa : PRSA; padding : TIdC_INT) : TIdC_INT; cdecl; - rsa_priv_enc : function (flen : TIdC_INT; const from : PIdAnsiChar; - _to : PIdAnsiChar; rsa : PRSA; padding : TIdC_INT) : TIdC_INT; cdecl; - rsa_priv_dec : function (flen : TIdC_INT; const from : PIdAnsiChar; - _to : PIdAnsiChar; rsa : PRSA; padding : TIdC_INT) : TIdC_INT; cdecl; - rsa_mod_exp : function (r0 : PBIGNUM; const I : PBIGNUM; - rsa : PRSA; ctx : PBN_CTX) : TIdC_INT cdecl; // Can be null / - bn_mod_exp : function (r : PBIGNUM; const a : PBIGNUM; - const p : PBIGNUM; const m: PBIGNUM; ctx : PBN_CTX; - m_ctx : PBN_MONT_CTX ) : TIdC_INT; cdecl; // Can be null - init : function (rsa : PRSA) : TIdC_INT; cdecl; // called at new - finish : function (rsa : PRSA) : TIdC_INT; cdecl; // called at free - flags : TIdC_INT; // RSA_METHOD_FLAG_* things - app_data : PIdAnsiChar; // may be needed! - // New sign and verify functions: some libraries don't allow arbitrary data - // to be signed/verified: this allows them to be used. Note: for this to work - // the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used - // RSA_sign(), RSA_verify() should be used instead. Note: for backwards - // compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER - // option is set in 'flags'. - // - rsa_sign : function (_type : TIdC_INT; const m : PIdAnsiChar; m_length : TIdC_UINT; - sigret : PIdAnsiChar; siglen : PIdC_UINT; const rsa : PRSA) : TIdC_INT; cdecl; - rsa_verify : function(dtype : TIdC_INT; const m : PIdAnsiChar; m_length : PIdC_UINT; - sigbuf : PIdAnsiChar; siglen : PIdC_UINT; const rsa :PRSA) : TIdC_INT; cdecl; - // If this callback is NULL, the builtin software RSA key-gen will be used. - // This is for behavioural compatibility whilst the code gets rewired, but - // one day it would be nice to assume there are no such things as "builtin - // software" implementations. - rsa_keygen : function (rsa : PRSA; bits : TIdC_INT; e : PBIGNUM; cb : PBN_GENCB) : TIdC_INT; cdecl; - end; {$EXTERNALSYM PRSA_METHOD} - PRSA_METHOD = ^RSA_METHOD; - - {$EXTERNALSYM rsa_st} - rsa_st = record - // The first parameter is used to pickup errors where - // this is passed instead of aEVP_PKEY, it is set to 0 - pad : TIdC_INT; - version : TIdC_LONG; - meth : PRSA_METHOD; // const RSA_METHOD *meth; - // functional reference if 'meth' is ENGINE-provided - engine : PENGINE; - n : PBIGNUM; - e : PBIGNUM; - d : PBIGNUM; - p : PBIGNUM; - q : PBIGNUM; - dmp1 : PBIGNUM; - dmq1 : PBIGNUM; - iqmp : PBIGNUM; - // be careful using this if the RSA structure is shared - ex_data : CRYPTO_EX_DATA; - references : TIdC_INT; - flags : TIdC_INT; - // Used to cache montgomery values - _method_mod_n : PBN_MONT_CTX; - _method_mod_p : PBN_MONT_CTX; - _method_mod_q : PBN_MONT_CTX; - // all BIGNUM values are actually in the following data, if it is not NULL - bignum_data : PIdAnsiChar; - blinding : PBN_BLINDING; - mt_blinding : PBN_BLINDING; - end; - {$EXTERNALSYM RSA} - RSA = rsa_st; + PRSA_METHOD = Pointer; + {$EXTERNALSYM Prsa_st} - Prsa_st = PRSA; + Prsa_st = Pointer; {$ENDIF} //dso.h {$EXTERNALSYM PDSO} - PDSO = ^DSO; + PDSO = Pointer; ///* The function prototype used for method functions (or caller-provided // * callbacks) that transform filenames. They are passed a DSO structure pointer // * (or NULL if they are to be used independantly of a DSO object) and a @@ -12223,99 +12136,13 @@ DSO_METHOD = record //* Perform global symbol lookup, i.e. among *all* modules */ globallookup : function (symname : PIdAnsiChar) : Pointer stdcall; end; - {$EXTERNALSYM DSO} - DSO = record - meth : PDSO_METHOD; - ///* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS - // * doesn't use anything but will need to cache the filename - // * for use in the dso_bind handler. All in all, let each - // * method control its own destiny. "Handles" and such go in - // * a STACK. */ - meth_data : PSTACK_OF_POINTER; - references : TIdC_INT; - flags : TIdC_INT; - ///* For use by applications etc ... use this for your bits'n'pieces, - // * don't touch meth_data! */ - ex_data : CRYPTO_EX_DATA; - ///* If this callback function pointer is set to non-NULL, then it will - // * be used in DSO_load() in place of meth->dso_name_converter. NB: This - // * should normally set using DSO_set_name_converter(). */ - name_converter : DSO_NAME_CONVERTER_FUNC; - ///* If this callback function pointer is set to non-NULL, then it will - // * be used in DSO_load() in place of meth->dso_merger. NB: This - // * should normally set using DSO_set_merger(). */ - merger : DSO_MERGER_FUNC; - ///* This is populated with (a copy of) the platform-independant - // * filename used for this DSO. */ - filename : PIdAnsiChar; - ///* This is populated with (a copy of) the translated filename by which - // * the DSO was actually loaded. It is NULL iff the DSO is not currently - // * loaded. NB: This is here because the filename translation process - // * may involve a callback being invoked more than once not only to - // * convert to a platform-specific form, but also to try different - // * filenames in the process of trying to perform a load. As such, this - // * variable can be used to indicate (a) whether this DSO structure - // * corresponds to a loaded library or not, and (b) the filename with - // * which it was actually loaded. */ - loaded_filename : PIdAnsiChar; - end; //dh.h - {$IFNDEF OPENSSL_NO_DH} {$EXTERNALSYM PDH} - PDH = ^DH; - {$EXTERNALSYM DH_METHOD} - DH_METHOD = record - name : PIdAnsiChar; - // Methods here - generate_key : function (dh : PDH) : TIdC_INT; cdecl; - compute_key : function (key : PIdAnsiChar; const pub_key : PBIGNUM; dh : PDH) : TIdC_INT; cdecl; - bn_mod_exp : function (const dh : PDH; r : PBIGNUM; const e : PBIGNUM; - const p : PBIGNUM; const m : PBIGNUM; ctx : PBN_CTX; - m_ctx : PBN_MONT_CTX) : TIdC_INT; cdecl; // Can be null - init : function (dh : PDH) : TIdC_INT; cdecl; - finish : function (dh : PDH) : TIdC_INT; cdecl; - flags : TIdC_INT; - app_data : PIdAnsiChar; - // If this is non-NULL, it will be used to generate parameters - generate_params : function(dh : PDH; prime_len, generator : TIdC_INT; cb : PBN_GENCB) : TIdC_INT; cdecl; - end; - {$EXTERNALSYM dh_st} - dh_st = record - // The first parameter is used to pickup errors where - // this is passed instead of aEVP_PKEY, it is set to 0 - pad : TIdC_INT; - version : TIdC_LONG; - meth : PRSA_METHOD; - // functional reference if 'meth' is ENGINE-provided - engine: PENGINE; - n : PBIGNUM; - e : PBIGNUM; - d : PBIGNUM; - p : PBIGNUM; - q : PBIGNUM; - dmp1 : PBIGNUM; - dmq1 : PBIGNUM; - iqmp : PBIGNUM; - // be careful using this if the RSA structure is shared - ex_data : CRYPTO_EX_DATA; - references : TIdC_INT; - flags : TIdC_INT; - // Used to cache montgomery values - _method_mod_n : BN_MONT_CTX; - _method_mod_p : BN_MONT_CTX; - _method_mod_q : BN_MONT_CTX; - // all BIGNUM values are actually in the following data, if it is not NULL - bignum_data : PIdAnsiChar; - blinding : PBN_BLINDING; - mt_blinding : PBN_BLINDING; - end; - {$EXTERNALSYM DH} - DH = dh_st; + PDH = Pointer; {$EXTERNALSYM Pdh_st} - Pdh_st = PDH; + Pdh_st = Pointer; {$EXTERNALSYM PPDH} PPDH =^PDH; - {$ENDIF} // dsa.h {$IFNDEF OPENSSL_NO_DSA} {$IFDEF OPENSSL_FIPS} @@ -12330,58 +12157,10 @@ DSA_SIG = record {$EXTERNALSYM PDSA_SIG} PDSA_SIG = ^DSA_SIG; {$EXTERNALSYM PDSA} - PDSA = ^DSA; - {$EXTERNALSYM DSA_METHOD} - DSA_METHOD = record - name : PIdAnsiChar; - dsa_do_sign : function (const dgst : PIdAnsiChar; dlen : TIdC_INT; dsa : PDSA) : PDSA_SIG; cdecl; - dsa_sign_setup : function (dsa : PDSA; ctx_in : PBN_CTX; kinvp, rp : PPBN_CTX) : TIdC_INT; cdecl; - dsa_do_verify : function(dgst : PIdAnsiChar; dgst_len : TIdC_INT; - sig : PDSA_SIG; dsa : PDSA) : TIdC_INT; cdecl; - dsa_mod_exp : function(dsa : PDSA; rr, a1, p1, - a2, p2, m : PBIGNUM; ctx : PBN_CTX; - in_mont : PBN_MONT_CTX) : TIdC_INT; cdecl; - bn_mod_exp : function (dsa : PDSA; r, a : PBIGNUM; const p, m : PBIGNUM; - ctx : PBN_CTX; m_ctx : PBN_CTX): TIdC_INT; cdecl; // Can be null - init : function (dsa : PDSA) : TIdC_INT; cdecl; - finish : function (dsa : PDSA) : TIdC_INT; cdecl; - flags : TIdC_INT; - app_data : PIdAnsiChar; - // If this is non-NULL, it is used to generate DSA parameters - dsa_paramgen : function (dsa : PDSA; bits : TIdC_INT; seed : PIdAnsiChar; - seed_len : TIdC_INT; counter_ret : PIdC_INT; h_ret : PIdC_ULONG; - cb : PBN_GENCB ) : TIdC_INT; cdecl; - // If this is non-NULL, it is used to generate DSA keys - dsa_keygen : function(dsa : PDSA) : TIdC_INT; cdecl; - end; + PDSA = ^Pointer; {$EXTERNALSYM PDSA_METHOD} - PDSA_METHOD = ^DSA_METHOD; - - {$EXTERNALSYM dsa_st} - dsa_st = record - // This first variable is used to pick up errors where - // a DSA is passed instead of of a EVP_PKEY - pad : TIdC_INT; - version : TIdC_LONG; - write_params : TIdC_INT; - p : PBIGNUM; - q : PBIGNUM; // == 20 - g : PBIGNUM; - pub_key : PBIGNUM; // y public key - priv_key : PBIGNUM; // x private key - kinv : BIGNUM; // Signing pre-calc - r : PBIGNUM; // Signing pre-calc - flags : TIdC_INT; - // Normally used to cache montgomery values - method_mont_p : PBN_MONT_CTX; - references : TIdC_INT; - ex_data : CRYPTO_EX_DATA; - meth : PDSA_METHOD; - // functional reference if 'meth' is ENGINE-provided - engine : PENGINE; - end; - {$EXTERNALSYM DSA} - DSA = dsa_st; + PDSA_METHOD = Pointer; + {$EXTERNALSYM Pdsa_st} Pdsa_st = PDSA; {$EXTERNALSYM PPDSA} @@ -12444,7 +12223,7 @@ // EVP_PBE_KEYGEN = record {$EXTERNALSYM PPEVP_PKEY} PPEVP_PKEY = ^PEVP_PKEY; {$EXTERNALSYM PEVP_PKEY} - PEVP_PKEY = ^EVP_PKEY; + PEVP_PKEY = Pointer; {$EXTERNALSYM EVP_PKEY_union} EVP_PKEY_union = record case byte of @@ -12480,33 +12259,12 @@ STACK_OF_X509_ATTRIBUTE = record {$ENDIF} {$EXTERNALSYM PPSTACK_OF_X509_ATTRIBUTE} PPSTACK_OF_X509_ATTRIBUTE = ^PSTACK_OF_X509_ATTRIBUTE; - {$EXTERNALSYM EVP_PKEY} - EVP_PKEY = record - _type : TIdC_INT; - save_type : TIdC_INT; - references : TIdC_INT; - ameth : PEVP_PKEY_ASN1_METHOD; - pkey : EVP_PKEY_union; - attributes : PSTACK_OF_X509_ATTRIBUTE; // [ 0 ] - end; {$EXTERNALSYM PEVP_MD} - PEVP_MD = ^EVP_MD; + PEVP_MD = ^Pointer; {$EXTERNALSYM PEVP_MD_CTX} - PEVP_MD_CTX = ^EVP_MD_CTX; + PEVP_MD_CTX = ^Pointer; {$EXTERNALSYM PPEVP_MD_CTX} PPEVP_MD_CTX = ^PEVP_MD_CTX; - {$EXTERNALSYM EVP_MD_CTX} - EVP_MD_CTX = record - digest : PEVP_MD; - engine : PENGINE; // functional reference if 'digest' is ENGINE-provided - flags : TIdC_ULONG; - md_data : Pointer; - //* Public key context for sign/verify */ - pctx : PEVP_PKEY_CTX; - //* Update function: usually copied from EVP_MD */ -// int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count); - update : function (ctx : PEVP_MD_CTX; const data : Pointer; count : size_t) : TIdC_INT cdecl; - end; {$EXTERNALSYM EVP_MD_SVCTX} EVP_MD_SVCTX = record mctx : PEVP_MD_CTX; @@ -12514,69 +12272,13 @@ EVP_MD_SVCTX = record end; {$EXTERNALSYM PEVP_MD_SVCTX} PEVP_MD_SVCTX = ^EVP_MD_SVCTX; - {$EXTERNALSYM EVP_MD} - EVP_MD = record - _type : TIdC_INT; - pkey_type : TIdC_INT; - md_size : TIdC_INT; - flags : TIdC_ULONG; - init : function (ctx : PEVP_MD_CTX) : TIdC_INT; cdecl; - update : function (ctx : PEVP_MD_CTX; data : Pointer; count : size_t):TIdC_INT; cdecl; - _final : function (ctx : PEVP_MD_CTX; md : PIdAnsiChar) : TIdC_INT; cdecl; - copy : function (_to : PEVP_MD_CTX; from : PEVP_MD_CTX ) : TIdC_INT; cdecl; - cleanup : function(ctx : PEVP_MD_CTX) : TIdC_INT; cdecl; - // FIXME: prototype these some day - sign : function(_type : TIdC_INT; m : PIdAnsiChar; m_length : TIdC_UINT; - sigret : PIdAnsiChar; siglen : TIdC_UINT; key : Pointer) : TIdC_INT; cdecl; - verify : function(_type : TIdC_INT; m : PIdAnsiChar; m_length : PIdAnsiChar; - sigbuf : PIdAnsiChar; siglen : TIdC_UINT; key : Pointer) : TIdC_INT; cdecl; - required_pkey_type : array [0..4] of TIdC_INT; // EVP_PKEY_xxx - block_size : TIdC_INT; - ctx_size : TIdC_INT; // how big does the ctx->md_data need to be - end; {$EXTERNALSYM PPEVP_CIPHER_CTX} PPEVP_CIPHER_CTX = ^PEVP_CIPHER_CTX; {$EXTERNALSYM PEVP_CIPHER_CTX} - PEVP_CIPHER_CTX = ^EVP_CIPHER_CTX; + PEVP_CIPHER_CTX = Pointer; {$EXTERNALSYM PEVP_CIPHER} - PEVP_CIPHER = ^EVP_CIPHER; - {$EXTERNALSYM EVP_CIPHER} - EVP_CIPHER = record - nid : TIdC_INT; - block_size : TIdC_INT; - key_len : TIdC_INT; // Default value for variable length ciphers - iv_len : TIdC_INT; - flags : TIdC_UINT; // Various flags - init : function (ctx : PEVP_CIPHER_CTX; key : PIdAnsiChar; iv : PIdAnsiChar; enc : TIdC_INT): TIdC_INT; cdecl; - do_cipher : function (ctx : PEVP_CIPHER_CTX; _out : PIdAnsiChar; _in : PIdAnsiChar; inl : size_t) : TIdC_INT; cdecl; - cleanup : function (_para1 : PEVP_CIPHER_CTX): TIdC_INT; cdecl; // cleanup ctx - ctx_size : TIdC_INT; // how big ctx->cipher_data needs to be - set_asn1_parameters : function (_para1 : PEVP_CIPHER_CTX; - _para2 : PASN1_TYPE) : TIdC_INT; cdecl; // Populate a ASN1_TYPE with parameters - get_asn1_parameters :function (_para1 : PEVP_CIPHER_CTX; - _para2 : PASN1_TYPE) : TIdC_INT; cdecl; // Get parameters from a ASN1_TYPE - ctrl : function (_para1 : PEVP_CIPHER_CTX; _type : TIdC_INT; arg : TIdC_INT; - ptr : Pointer): TIdC_INT; cdecl; // Miscellaneous operations - app_data : Pointer; // Application data - end; - {$EXTERNALSYM EVP_CIPHER_CTX} - EVP_CIPHER_CTX = record - cipher : PEVP_CIPHER; - engine : PENGINE; // functional reference if 'cipher' is ENGINE-provided - encrypt: TIdC_INT; // encrypt or decrypt - buf_len : TIdC_INT; // number we have left - oiv : array [0..EVP_MAX_IV_LENGTH-1] of TIdAnsiChar; // original iv - iv : array [0..EVP_MAX_IV_LENGTH -1] of TIdAnsiChar; // working iv - buf : array [0..EVP_MAX_BLOCK_LENGTH -1] of TIdAnsiChar; // saved partial block - num : TIdC_INT; // used by cfb/ofb mode - app_data : Pointer; // application stuff - key_len : TIdC_INT; // May change for variable length cipher - flags : TIdC_ULONG; // Various flags - cipher_data : Pointer; // per EVP data - final_used : TIdC_INT; - block_mask : TIdC_INT; - _final : array [0..EVP_MAX_BLOCK_LENGTH-1] of TIdAnsiChar; // possible final block - end; + PEVP_CIPHER = Pointer; + {$EXTERNALSYM EVP_CIPHER_INFO} EVP_CIPHER_INFO = record cipher : PEVP_CIPHER; @@ -12584,29 +12286,17 @@ EVP_CIPHER_INFO = record end; {$EXTERNALSYM PEVP_CIPHER_INFO} PEVP_CIPHER_INFO = ^EVP_CIPHER_INFO; - {$EXTERNALSYM EVP_ENCODE_CTX} - EVP_ENCODE_CTX = record - num : TIdC_INT; // number saved in a partial encode/decode - length: TIdC_INT; // The length is either the output line length - // (in input bytes) or the shortest input line - // length that is ok. Once decoding begins, - // the length is adjusted up each time a longer - // line is decoded - enc_data:array [0..79] of TIdAnsiChar; - line_num: TIdC_INT; // number read on current line - expect_nl: TIdC_INT; - end; {$EXTERNALSYM PEVP_ENCODE_CTX} - PEVP_ENCODE_CTX = ^EVP_ENCODE_CTX; + PEVP_ENCODE_CTX = Pointer; //forward declarations from x509.h to make sure this compiles. {$NODEFINE PX509} - PX509 = ^X509; + PX509 = Pointer; {$EXTERNALSYM PPX509} PPX509 = ^PX509; {$EXTERNALSYM PX509_CRL} PX509_CRL = ^X509_CRL; {$NODEFINE PX509_NAME} - PX509_NAME = ^X509_NAME; + PX509_NAME = Pointer; {$EXTERNALSYM PX509_NAME_ENTRY} PX509_NAME_ENTRY = ^X509_NAME_ENTRY; {$EXTERNALSYM PX509_REQ} @@ -12968,16 +12658,8 @@ BIT_STRING_BITNAME = record PBIT_STRING_BITNAME = ^BIT_STRING_BITNAME; {$EXTERNALSYM PPBIT_STRING_BITNAME} PPBIT_STRING_BITNAME = ^PBIT_STRING_BITNAME; - {$EXTERNALSYM buf_mem_st} - buf_mem_st = record - length : TIdC_INT; // current number of bytes - data : PIdAnsiChar; - max: TIdC_INT; // size of buffer - end; - {$EXTERNALSYM BUF_MEM} - BUF_MEM = buf_mem_st; {$EXTERNALSYM PBUF_MEM} - PBUF_MEM = ^BUF_MEM; + PBUF_MEM = Pointer; {$EXTERNALSYM PPBUF_MEM} PPBUF_MEM = ^PBUF_MEM; {$EXTERNALSYM PFILE} @@ -13145,17 +12827,9 @@ ASN1_AUX = record //hmac.h //This has to come after the EVP definitions {$IFNDEF OPENSSL_NO_HMAC} - {$EXTERNALSYM HMAC_CTX} - HMAC_CTX = record - md : PEVP_MD; - md_ctx : EVP_MD_CTX; - i_ctx : EVP_MD_CTX; - o_ctx : EVP_MD_CTX; - key_length : TIdC_UINT; - key : array[0..(HMAC_MAX_MD_CBLOCK - 1)] of byte; - end; + {$EXTERNALSYM PHMAC_CTX} - PHMAC_CTX = ^HMAC_CTX; + PHMAC_CTX = ^Pointer; {$EXTERNALSYM PPHMAC_CTX} PPHMAC_CTX = ^PHMAC_CTX; {$ENDIF} @@ -13351,13 +13025,6 @@ DIST_POINT_NAME = record end; {$EXTERNALSYM PDIST_POINT_NAME} PDIST_POINT_NAME = ^DIST_POINT_NAME; - {$EXTERNALSYM DIST_POINT} - DIST_POINT = record - distpoint : PDIST_POINT_NAME; - reasons : PASN1_BIT_STRING; - CRLissuer : PGENERAL_NAMES; - dp_reasons : TIdC_INT; - end; {$IFDEF DEBUG_SAFESTACK} {$EXTERNALSYM STACK_OF_DIST_POINT} STACK_OF_DIST_POINT = record @@ -13370,14 +13037,8 @@ STACK_OF_DIST_POINT = record {$EXTERNALSYM PSTACK_OF_DIST_POINT} PSTACK_OF_DIST_POINT = PSTACK; {$ENDIF} - {$EXTERNALSYM AUTHORITY_KEYID} - AUTHORITY_KEYID = record - keyid : PASN1_OCTET_STRING; - issuer : PGENERAL_NAMES; - serial : PASN1_INTEGER; - end; {$EXTERNALSYM PAUTHORITY_KEYID} - PAUTHORITY_KEYID = ^AUTHORITY_KEYID; + PAUTHORITY_KEYID = pointer; // Strong extranet structures {$EXTERNALSYM SXNETID} SXNETID = record @@ -13493,13 +13154,8 @@ STACK_OF_GENERAL_SUBTREE = record {$EXTERNALSYM PSTACK_OF_GENERAL_SUBTREE} PSTACK_OF_GENERAL_SUBTREE = PSTACK; {$ENDIF} - {$EXTERNALSYM NAME_CONSTRAINTS} - NAME_CONSTRAINTS = record - permittedSubtrees : PSTACK_OF_GENERAL_SUBTREE; - excludedSubtrees : PSTACK_OF_GENERAL_SUBTREE; - end; {$EXTERNALSYM PNAME_CONSTRAINTS} - PNAME_CONSTRAINTS = ^NAME_CONSTRAINTS; + PNAME_CONSTRAINTS = pointer; {$EXTERNALSYM POLICY_CONSTRAINTS} POLICY_CONSTRAINTS = record requireExplicitPolicy : PASN1_INTEGER; @@ -13519,15 +13175,6 @@ PROXY_POLICY = record PROXY_CERT_INFO_EXTENSION = record pcPathLengthConstraint : PASN1_INTEGER; proxyPolicy : PPROXY_POLICY; - end; - {$EXTERNALSYM ISSUING_DIST_POINT} - ISSUING_DIST_POINT = record - distpoint : PDIST_POINT_NAME; - onlyuser : TIdC_INT; - onlyCA : TIdC_INT; - onlysomereasons : PASN1_BIT_STRING; - indirectCRL : TIdC_INT; - onlyattr : TIdC_INT; end; {$IFDEF DEBUG_SAFESTACK} //These are cut and paste but the duplication is for type checking. @@ -13552,7 +13199,7 @@ STACK_OF_GENERAL_NAMES = record {$ENDIF} {.$ENDIF} {$EXTERNALSYM PISSUING_DIST_POINT} - PISSUING_DIST_POINT = ^ISSUING_DIST_POINT; + PISSUING_DIST_POINT = pointer; {$EXTERNALSYM PPROXY_CERT_INFO_EXTENSION} PPROXY_CERT_INFO_EXTENSION = ^PROXY_CERT_INFO_EXTENSION; {$EXTERNALSYM PX509_PURPOSE} @@ -13723,21 +13370,8 @@ X509_CERT_FILE_CTX = record end; {$EXTERNALSYM PX509_CERT_FILE_CTX} PX509_CERT_FILE_CTX = ^X509_CERT_FILE_CTX; - {$EXTERNALSYM x509_object_union} - x509_object_union = record - case byte of - 0: (ptr : PIdAnsiChar); - 1: (_x509 : Px509); - 2: (crl : PX509_CRL); - 3: (pkey : PEVP_PKEY); - end; - {$EXTERNALSYM X509_OBJECT} - X509_OBJECT = record - _type : TIdC_INT; - data : x509_object_union; - end; {$EXTERNALSYM PX509_OBJECT} - PX509_OBJECT = ^X509_OBJECT; + PX509_OBJECT = Pointer; {$EXTERNALSYM PPX509_OBJECT} PPX509_OBJECT = ^PX509_OBJECT; {$IFDEF DEBUG_SAFESTACK} @@ -13784,14 +13418,8 @@ X509_VAL = record PX509_VAL = ^X509_VAL; {$EXTERNALSYM PPX509_VAL} PPX509_VAL =^PX509_VAL; - {$EXTERNALSYM X509_PUBKEY} - X509_PUBKEY = record - algor : PX509_ALGOR; - public_key : PASN1_BIT_STRING; - pkey : PEVP_PKEY; - end; {$EXTERNALSYM PX509_PUBKEY} - PX509_PUBKEY = ^X509_PUBKEY; + PX509_PUBKEY = pointer; {$EXTERNALSYM PPX509_PUBKEY} PPX509_PUBKEY =^PX509_PUBKEY; {$EXTERNALSYM X509_SIG} @@ -13810,19 +13438,6 @@ X509_NAME_ENTRY = record _set : TIdC_INT; size : TIdC_INT; // temp variable end; - {$NODEFINE X509_NAME} - X509_NAME = record - entries : PSTACK_OF_X509_NAME_ENTRY; - modified : TIdC_INT; // true if 'bytes' needs to be built - {$IFNDEF OPENSSL_NO_BUFFER} - bytes : PBUF_MEM; - {$else} - bytes : PIdAnsiChar; - {$ENDIF} - //* unsigned long hash; Keep the hash around for lookups */ - canon_enc : PIdAnsiChar; - canon_enclen : TIdC_INT; - end; {$EXTERNALSYM X509_EXTENSION} X509_EXTENSION = record _object : PASN1_OBJECT; @@ -13911,36 +13526,16 @@ X509_CERT_AUX = record end; {$EXTERNALSYM PX509_CERT_AUX} PX509_CERT_AUX = ^X509_CERT_AUX; - {$NODEFINE X509} - X509 = record - cert_info: PX509_CINF; - sig_alg : PX509_ALGOR; - signature : PASN1_BIT_STRING; - valid : TIdC_INT; - references : TIdC_INT; - name : PIdAnsiChar; - ex_data : CRYPTO_EX_DATA; - // These contain copies of various extension values - ex_pathlen : TIdC_LONG; - ex_pcpathlen : TIdC_LONG; - ex_flags : TIdC_ULONG; - ex_kusage : TIdC_ULONG; - ex_xkusage : TIdC_ULONG; - ex_nscert : TIdC_ULONG; - skid : PASN1_OCTET_STRING; - akid : PAUTHORITY_KEYID; - policy_cache : PX509_POLICY_CACHE; - crldp : PSTACK_OF_DIST_POINT; - altname : PSTACK_OF_GENERAL_NAME; - nc : PNAME_CONSTRAINTS; - {$IFNDEF OPENSSL_NO_RFC3779} - rfc3779_addr : PSTACK_OF_IPAddressFamily; - rfc3779_asid : PASIdentifiers; - {$ENDIF} - {$IFNDEF OPENSSL_NO_SHA} - sha1_hash : array [0..SHA_DIGEST_LENGTH-1] of TIdAnsiChar; - {$ENDIF} - aux : PX509_CERT_AUX; + {$NODEFINE X509_SIG_INFO} + X509_SIG_INFO = record + mdnid: TIdC_INT; + pknid: TIdC_INT; + secbits: TIdC_INT; + flags: TIdC_INT; + end; + {$NODEFINE CRYPTO_REF_COUNT} + CRYPTO_REF_COUNT = record + val: TIdC_INT; end; {$EXTERNALSYM X509_CRL_INFO} X509_CRL_INFO = record @@ -13970,7 +13565,7 @@ STACK_OF_X509_CRL_INFO = record PSTACK_OF_X509_CRL_INFO = PSTACK; {$ENDIF} {$EXTERNALSYM PX509_LOOKUP} - PX509_LOOKUP = ^X509_LOOKUP; + PX509_LOOKUP = pointer; //This has to be declared ehre for a reference in the next type. {$IFDEF DEBUG_SAFESTACK} {$EXTERNALSYM STACK_OF_X509_LOOKUP} @@ -14000,34 +13595,11 @@ STACK_OF_X509_CRL = record {$EXTERNALSYM PX509_VERIFY_PARAM} PX509_VERIFY_PARAM = ^X509_VERIFY_PARAM; {$EXTERNALSYM PX509_STORE_CTX} - PX509_STORE_CTX = ^X509_STORE_CTX; + PX509_STORE_CTX = Pointer; {$EXTERNALSYM PPX509_CRL} PPX509_CRL = ^PX509_CRL; - {$EXTERNALSYM X509_STORE} - X509_STORE = record - // The following is a cache of trusted certs - cache : TIdC_INT; // if true, stash any hits - objs : PSTACK_OF_X509_OBJECT; // Cache of all objects - // These are external lookup methods - get_cert_methods : PSTACK_OF_X509_LOOKUP; - param : PX509_VERIFY_PARAM; - // Callbacks for various operations - verify : function (ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; // called to verify a certificate - verify_cb : function (ok : TIdC_INT; ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; // error callback - get_issuer : function (issuer : PPX509; ctx : PX509_STORE_CTX; x : PX509) : TIdC_INT; cdecl; // get issuers cert from ctx - check_issued : function (ctx : PX509_STORE_CTX; x : PX509; issuer : PX509) : TIdC_INT; cdecl; // check issued - check_revocation : function (ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; // Check revocation status of chain - get_crl : function (ctx : PX509_STORE_CTX; crl : PPX509_CRL; x : PX509) : TIdC_INT; cdecl;// retrieve CRL - check_crl : function(ctx : PX509_STORE_CTX; crl : PX509_CRL) : TIdC_INT; cdecl; // Check CRL validity - cert_crl : function(ctx : PX509_STORE_CTX; crl : PX509_CRL; x : PX509) : TIdC_INT; cdecl; // Check certificate against CRL - lookup_certs : function(ctx : PX509_STORE_CTX; nm : PX509_NAME) : PSTACK_OF_X509 cdecl; - lookup_crls : function(ctx : PX509_STORE_CTX; nm : PX509_NAME) : PSTACK_OF_X509_CRL cdecl; - cleanup : function(ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; - ex_data : CRYPTO_EX_DATA; - references : TIdC_INT; - end; {$EXTERNALSYM PX509_STORE} - PX509_STORE = ^X509_STORE; + PX509_STORE = Pointer; {$EXTERNALSYM PX509_CRL_METHOD} PX509_CRL_METHOD = Pointer; {$EXTERNALSYM X509_CRL} @@ -14065,6 +13637,8 @@ X509_LOOKUP_METHOD = record get_by_issuer_serial : function(ctx : PX509_LOOKUP; _type : TIdC_INT; name : PX509_NAME; serial : PASN1_INTEGER; ret : PX509_OBJECT) : TIdC_INT; cdecl; get_by_fingerprint : function (ctx : PX509_LOOKUP; _type : TIdC_INT; bytes : PIdAnsiChar; len : TIdC_INT; ret : PX509_OBJECT): TIdC_INT; cdecl; get_by_alias : function(ctx : PX509_LOOKUP; _type : TIdC_INT; str : PIdAnsiChar; ret : PX509_OBJECT) : TIdC_INT; cdecl; + get_by_subject_ex : function(ctx : PX509_LOOKUP; _type : TIdC_INT; name : PX509_NAME; ret : PX509_OBJECT; libctx: Pointer; str : PIdAnsiChar) : TIdC_INT; cdecl; + ctrl_ex : function(ctx : PX509_LOOKUP; cmd: TIdC_INT; argc: PIdAnsiChar; argl: TIdC_LONG; ret: PPIdAnsiChar; libctx: Pointer; propq: PIdAnsiChar) : TIdC_INT; cdecl; end; {$EXTERNALSYM PX509_LOOKUP_METHOD} PX509_LOOKUP_METHOD = ^X509_LOOKUP_METHOD; @@ -14093,65 +13667,10 @@ STACK_OF_X509_VERIFY_PARAM = record {$EXTERNALSYM PSTACK_OF_X509_VERIFY_PARAM} PSTACK_OF_X509_VERIFY_PARAM = PSTACK; {$ENDIF} - {$EXTERNALSYM X509_LOOKUP} - X509_LOOKUP = record - init : TIdC_INT; // have we been started - skip : TIdC_INT; // don't use us. - method : PX509_LOOKUP_METHOD; // the functions - method_data : PIdAnsiChar; // method data - store_ctx : PX509_STORE; // who owns us - end; {$EXTERNALSYM PX509_POLICY_TREE} PX509_POLICY_TREE = Pointer; {$EXTERNALSYM PPSTACK_OF_X509_LOOKUP} PPSTACK_OF_X509_LOOKUP = ^PSTACK_OF_X509_LOOKUP; - // This is used when verifying cert chains. Since the - // gathering of the cert chain can take some time (and have to be - // 'retried', this needs to be kept and passed around. - X509_STORE_CTX = record // X509_STORE_CTX - ctx : PX509_STORE; - current_method : TIdC_INT; // used when looking up certs - // The following are set by the caller - cert : PX509; // The cert to check - untrusted : PSTACK_OF_X509; // chain of X509s - untrusted - passed in - crls : PSTACK_OF_X509_CRL; // set of CRLs passed in - param : PX509_VERIFY_PARAM; - other_ctx : Pointer; // Other info for use with get_issuer() - // Callbacks for various operations - verify : function (ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; // called to verify a certificate - verify_cb : function (ok : TIdC_INT; ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; // error callback - get_issuer : function (var issuer : PX509; ctx : PX509_STORE_CTX; x : PX509) : TIdC_INT; cdecl; // get issuers cert from ctx - check_issued : function(ctx : PX509_STORE_CTX; x, issuer : PX509) : TIdC_INT; cdecl; // check issued - check_revocation : function (ctx : PX509_STORE_CTX): TIdC_INT; cdecl; // Check revocation status of chain - get_crl : function (ctx : PX509_STORE_CTX; var crl : X509_CRL; x : PX509): TIdC_INT; cdecl; // retrieve CRL - check_crl : function (ctx : PX509_STORE_CTX; var crl : X509_CRL) : TIdC_INT; cdecl; // Check CRL validity - cert_crl : function (ctx : PX509_STORE_CTX; crl : PX509_CRL; x : PX509) : TIdC_INT; cdecl; // Check certificate against CRL - check_policy : function (ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; - cleanup : function (ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; - //* The following is built up */ - valid : TIdC_INT; //* if 0, rebuild chain */ - last_untrusted : TIdC_INT; //* index of last untrusted cert */ - chain : PSTACK_OF_X509; //* chain of X509s - built up and trusted */ - tree : PX509_POLICY_TREE; //* Valid policy tree */ - - explicit_policy : TIdC_INT; //* Require explicit policy value */ - - //* When something goes wrong, this is why */ - error_depth : TIdC_INT; - error : TIdC_INT; - current_cert : PX509; - current_issuer : PX509; //* cert currently being tested as valid issuer */ - current_crl : PX509_CRL; //* current CRL */ - - current_crl_score : TIdC_INT; //* score of current CRL */ - current_reasons : TIdC_UINT; //* Reason mask */ - - parent : PX509_STORE_CTX; //* For CRL path validation: parent context */ - - ex_data : CRYPTO_EX_DATA; - end; - {$EXTERNALSYM X509_STORE_CTX} - {$EXTERNALSYM PX509_EXTENSION_METHOD} PX509_EXTENSION_METHOD = Pointer; {$EXTERNALSYM PX509_TRUST} @@ -14733,14 +14252,6 @@ // MS_TM = record //PEVP_PBE_KEYGEN = Pointer; {$EXTERNALSYM ppem_password_cb} ppem_password_cb = function (buf : PIdAnsiChar; size : TIdC_INT; rwflag : TIdC_INT; userdata : Pointer) : TIdC_INT; cdecl; - {$EXTERNALSYM PEM_ENCODE_SEAL_CTX} - PEM_ENCODE_SEAL_CTX = record - encode : EVP_ENCODE_CTX; - md : EVP_MD_CTX; - cipher : EVP_CIPHER_CTX; - end; - {$EXTERNALSYM PPEM_ENCODE_SEAL_CTX} - PPEM_ENCODE_SEAL_CTX = ^PEM_ENCODE_SEAL_CTX; {$IFDEF DEBUG_SAFESTACK} {$EXTERNALSYM STACK_OF_SSL_COMP} STACK_OF_SSL_COMP = record @@ -14756,7 +14267,7 @@ STACK_OF_SSL_COMP = record {$EXTERNALSYM PPSTACK_OF_SSL_COMP} PPSTACK_OF_SSL_COMP = ^PSTACK_OF_SSL_COMP; {$EXTERNALSYM PSSL_COMP} - PSSL_COMP = ^SSL_COMP; + PSSL_COMP = Pointer; {$EXTERNALSYM lhash_of_SSL_SESSION} lhash_of_SSL_SESSION = record dummy : TIdC_INT; @@ -15177,7 +14688,7 @@ ESS_SIGNING_CERT = record {$EXTERNALSYM PESS_SIGNING_CERT} PESS_SIGNING_CERT = ^ESS_SIGNING_CERT; {$EXTERNALSYM PTS_resp_ctx} - PTS_resp_ctx = ^TS_resp_ctx; + PTS_resp_ctx = Pointer; //* This must return a unique number less than 160 bits long. */ //typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); {$EXTERNALSYM TS_serial_cb} @@ -15196,95 +14707,13 @@ ESS_SIGNING_CERT = record //typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); {$EXTERNALSYM TS_extension_cb} TS_extension_cb = function (p1 : PTS_resp_ctx; p2 : PX509_EXTENSION; p3 : Pointer) : TIdC_INT cdecl; - {$EXTERNALSYM TS_RESP_CTX} - TS_RESP_CTX = record - signer_cert : PX509; - signer_key : PEVP_PKEY; - certs : PSTACK_OF_X509; //* Certs to include in signed data. */ - policies : PSTACK_OF_ASN1_OBJECT; //* Acceptable policies. */ - default_policy : PASN1_OBJECT; //* It may appear in policies, too. */ - mds : PSTACK_OF_EVP_MD; //* Acceptable message digests. */ - seconds : PASN1_INTEGER; //* accuracy, 0 means not specified. */ - millis : PASN1_INTEGER; //* accuracy, 0 means not specified. */ - micros : PASN1_INTEGER; //* accuracy, 0 means not specified. */ - clock_precision_digits : TIdC_UNSIGNED; //* fraction of seconds in - //time stamp token. */ - flags : TIdC_UNSIGNED; //* Optional info, see values above. */ - - //* Callback functions. */ - serial_cb : TS_serial_cb; - serial_cb_data : Pointer; //* User data for serial_cb. */ - - time_cb : TS_time_cb; - time_cb_data : Pointer; //* User data for time_cb. */ - - extension_cb : TS_extension_cb; - extension_cb_data : Pointer; //* User data for extension_cb. */ - - //* These members are used only while creating the response. */ - request : PTS_REQ; - response : PTS_RESP; - tst_info : PTS_TST_INFO; - end; - {$EXTERNALSYM TS_VERIFY_CTX} - TS_VERIFY_CTX = record - //* Set this to the union of TS_VFY_... flags you want to carry out. */ - flags : TIdC_UNSIGNED; - - //* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ - store : PX509_STORE; - certs : PSTACK_OF_X509; - - //* Must be set only with TS_VFY_POLICY. */ - policy : PASN1_OBJECT; - -// /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, -// the algorithm from the response is used. */ - md_alg : PX509_ALGOR; - imprint : PIdAnsiChar; - imprint_len : TIdC_UNSIGNED; - - //* Must be set only with TS_VFY_DATA. */ - data : PBIO; - - //* Must be set only with TS_VFY_TSA_NAME. */ - nonce : PASN1_INTEGER; - - //* Must be set only with TS_VFY_TSA_NAME. */ - tsa_name : PGENERAL_NAME; - end; {$EXTERNALSYM PTS_VERIFY_CTX} - PTS_VERIFY_CTX = ^TS_VERIFY_CTX; + PTS_VERIFY_CTX = Pointer; //comp.h {$EXTERNALSYM PCOMP_CTX} - PCOMP_CTX = ^COMP_CTX; - {$EXTERNALSYM COMP_METHOD} - COMP_METHOD = record - _type : TIdC_INT; // NID for compression library - name : PIdAnsiChar; // A text string to identify the library - init : function (ctx : PCOMP_CTX) : TIdC_INT; cdecl; - finish : procedure (ctx : PCOMP_CTX); cdecl; - compress : function (ctx : PCOMP_CTX; - _out : PIdAnsiChar; olen : TIdC_UINT; - _in : PIdAnsiChar; ilen : TIdC_UINT) : TIdC_INT; cdecl; - expand : function (ctx : PCOMP_CTX; - _out : PIdAnsiChar; olen : TIdC_UINT; - _in : PIdAnsiChar; ilen : TIdC_UINT) : TIdC_INT; cdecl; - // The following two do NOTHING, but are kept for backward compatibility - ctrl : function : TIdC_INT; cdecl; - callback_ctrl : function : TIdC_INT; cdecl; - end; + PCOMP_CTX = Pointer; {$EXTERNALSYM PCOMP_METHOD} - PCOMP_METHOD = ^COMP_METHOD; - {$EXTERNALSYM COMP_CTX} - COMP_CTX = record - meth : PCOMP_METHOD; - compress_in : TIdC_ULONG; - compress_out : TIdC_ULONG; - expand_in : TIdC_ULONG; - expand_out : TIdC_ULONG; - ex_data : PCRYPTO_EX_DATA; - end; + PCOMP_METHOD = Pointer; //srp.h {$EXTERNALSYM SRP_gN_cache} SRP_gN_cache = record @@ -15416,76 +14845,7 @@ STACK_OF_SSL_CIPHER = record {$ENDIF} {$EXTERNALSYM PSSL_SESSION} - PSSL_SESSION = ^SSL_SESSION; - {$EXTERNALSYM SSL_SESSION} - SSL_SESSION = record - ssl_version : TIdC_INT; // what ssl version session info is being kept in here? - // only really used in SSLv2 - key_arg_length: TIdC_UINT; - key_arg: Array[0..SSL_MAX_KEY_ARG_LENGTH-1] of Byte; - master_key_length: TIdC_INT; - master_key: Array[0..SSL_MAX_MASTER_KEY_LENGTH-1] of Byte; - // session_id - valid? - session_id_length: TIdC_UINT; - session_id: Array[0..SSL_MAX_SSL_SESSION_ID_LENGTH-1] of Byte; - // this is used to determine whether the session is being reused in - // the appropriate context. It is up to the application to set this, - // via SSL_new - sid_ctx_length: TIdC_UINT; - sid_ctx: array[0..SSL_MAX_SID_CTX_LENGTH-1] of Byte; - {$IFNDEF OPENSSL_NO_KRB5} - krb5_client_princ_len: TIdC_UINT; - krb5_client_princ: array[0..SSL_MAX_KRB5_PRINCIPAL_LENGTH-1] of Byte; - {$ENDIF} -{$ifndef OPENSSL_NO_PSK} - psk_identity_hint : PIdAnsiChar; - psk_identity : PIdAnsiChar; -{$endif} - not_resumable: TIdC_INT; - // The cert is the certificate used to establish this connection - sess_cert : PSESS_CERT; - - //* This is the cert for the other end. - // * On clients, it will be the same as sess_cert->peer_key->x509 - // * (the latter is not enough as sess_cert is not retained - // * in the external representation of sessions, see ssl_asn1.c). */ - peer : PX509; - //* when app_verify_callback accepts a session where the peer's certificate - // * is not ok, we must remember the error for session reuse: */ - verify_result : TIdC_LONG; //* only for servers */ - references : TIdC_INT; - timeout : TIdC_LONG; - time : TIdC_LONG; - compress_meth : TIdC_UINT; //* Need to lookup the method */ - - cipher : PSSL_CIPHER; - cipher_id : TIdC_ULONG; //* when ASN.1 loaded, this - // * needs to be used to load - // * the 'cipher' structure */ - ciphers : PSTACK_OF_SSL_CIPHER; //* shared ciphers? */ - ex_data : CRYPTO_EX_DATA; // application specific data */ - //* These are used to make removal of session-ids more - // * efficient and to implement a maximum cache size. */ - prev, next : PSSL_SESSION; - - {$IFNDEF OPENSSL_NO_TLSEXT} - tlsext_hostname : PIdAnsiChar; - {$IFDEF OPENSSL_NO_EC} - tlsext_ecpointformatlist_length : size_t; - tlsext_ecpointformatlist : PIdAnsiChar; //* peer's list */ - tlsext_ellipticcurvelist_length : size_t; - tlsext_ellipticcurvelist : PIdAnsiChar; //* peer's list */ - {$ENDIF} //* OPENSSL_NO_EC */ - - //* RFC4507 info */ - tlsext_tick : PIdAnsiChar;//* Session ticket */ - tlsext_ticklen : size_t;//* Session ticket length */ - tlsext_tick_lifetime_hint : TIdC_LONG;//* Session lifetime hint in seconds */ - {$ENDIF} -{$ifndef OPENSSL_NO_SRP} - srp_username : PIdAnsiChar; -{$endif} - end; + PSSL_SESSION = Pointer; {$ENDIF} {$ifndef OPENSSL_NO_SRP} @@ -15518,7 +14878,7 @@ SRP_CTX = record {$ENDIF} // typedef struct ssl_method_st {$NODEFINE PSSL_CTX} - PSSL_CTX = ^SSL_CTX; + PSSL_CTX = Pointer; {$EXTERNALSYM SRTP_PROTECTION_PROFILE} SRTP_PROTECTION_PROFILE = record name : PIdAnsiChar; @@ -15594,16 +14954,6 @@ SSL_METHOD = record // zero. {$EXTERNALSYM PGEN_SESSION_CB} PGEN_SESSION_CB = function (const SSL : PSSL; id : PByte; id_len : TIdC_UINT) : TIdC_INT; cdecl; - {$EXTERNALSYM SSL_COMP} - SSL_COMP = record - id : TIdC_INT; - name : PIdAnsiChar; - {$IFNDEF OPENSSL_NO_COMP} - method : PCOMP_METHOD; - {$ELSE} - method : PIdAnsiChar; - {$ENDIF} - end; {$IFDEF DEBUG_SAFESTACK} {$EXTERNALSYM STACK_OF_COMP} STACK_OF_COMP = record @@ -15674,393 +15024,16 @@ STACK_OF_SRTP_PROTECTION_PROFILE = record {$EXTERNALSYM PSTACK_OF_SRTP_PROTECTION_PROFILE} PSTACK_OF_SRTP_PROTECTION_PROFILE = PSTACK; {$ENDIF} - {$NODEFINE SSL_CTX} - SSL_CTX = record - method: PSSL_METHOD; - cipher_list: PSTACK_OF_SSL_CIPHER; - // same as above but sorted for lookup - cipher_list_by_id: PSTACK_OF_SSL_CIPHER; - cert_store: PX509_STORE; - sessions: Plash_of_SSL_SESSION; - // a set of SSL_SESSIONs - // Most session-ids that will be cached, default is - // SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. - session_cache_size: TIdC_ULONG; - session_cache_head: PSSL_SESSION; - session_cache_tail: PSSL_SESSION; - // This can have one of 2 values, ored together, - // SSL_SESS_CACHE_CLIENT, - // SSL_SESS_CACHE_SERVER, - // Default is SSL_SESSION_CACHE_SERVER, which means only - // SSL_accept which cache SSL_SESSIONS. - session_cache_mode: TIdC_INT; - session_timeout: TIdC_LONG; - // If this callback is not null, it will be called each - // time a session id is added to the cache. If this function - // returns 1, it means that the callback will do a - // SSL_SESSION_free() when it has finished using it. Otherwise, - // on 0, it means the callback has finished with it. - // If remove_session_cb is not null, it will be called when - // a session-id is removed from the cache. After the call, - // OpenSSL will SSL_SESSION_free() it. - new_session_cb: function (ssl : PSSL; sess: PSSL_SESSION): TIdC_INT; cdecl; - remove_session_cb: procedure (ctx : PSSL_CTX; sess : PSSL_SESSION); cdecl; - get_session_cb: function (ssl : PSSL; data : PByte; len: TIdC_INT; copy : PIdC_INT) : PSSL_SESSION; cdecl; - stats : SSL_CTX_stats; - - references: TIdC_INT; - // if defined, these override the X509_verify_cert() calls - app_verify_callback: function (_para1 : PX509_STORE_CTX; _para2 : Pointer) : TIdC_INT; cdecl; - app_verify_arg: Pointer; - // before OpenSSL 0.9.7, 'app_verify_arg' was ignored - // ('app_verify_callback' was called with just one argument) - // Default password callback. - default_passwd_callback: ppem_password_cb; - // Default password callback user data. - default_passwd_callback_userdata: Pointer; - // get client cert callback - client_cert_cb: function (SSL : PSSL; x509 : PPX509; pkey : PPEVP_PKEY) : TIdC_INT; cdecl; - // verify cookie callback - app_gen_cookie_cb: function (ssl : PSSL; cookie : PByte; cookie_len : TIdC_UINT) : TIdC_INT; cdecl; - app_verify_cookie_cb: Pointer; - ex_data : CRYPTO_EX_DATA; - rsa_md5 : PEVP_MD; // For SSLv2 - name is 'ssl2-md5' - md5: PEVP_MD; // For SSLv3/TLSv1 'ssl3-md5' - sha1: PEVP_MD; // For SSLv3/TLSv1 'ssl3->sha1' - extra_certs: PSTACK_OF_X509; - comp_methods: PSTACK_OF_COMP; // stack of SSL_COMP, SSLv3/TLSv1 - // Default values used when no per-SSL value is defined follow - info_callback: PSSL_CTX_info_callback; // used if SSL's info_callback is NULL - // what we put in client cert requests - client_CA : PSTACK_OF_X509_NAME; - // Default values to use in SSL structures follow (these are copied by SSL_new) - options : TIdC_ULONG; - mode : TIdC_ULONG; - max_cert_list : TIdC_LONG; - cert : PCERT; - read_ahead : TIdC_INT; - // callback that allows applications to peek at protocol messages - msg_callback : procedure (write_p, version, content_type : TIdC_INT; const buf : Pointer; len : size_t; ssl : PSSL; arg : Pointer); cdecl; - msg_callback_arg : Pointer; - verify_mode : TIdC_INT; - sid_ctx_length : TIdC_UINT; - sid_ctx : array[0..SSL_MAX_SID_CTX_LENGTH - 1] of TIdAnsiChar; - default_verify_callback : function(ok : TIdC_INT; ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; // called 'verify_callback' in the SSL - // Default generate session ID callback. - generate_session_id : PGEN_SESSION_CB; - param : PX509_VERIFY_PARAM; - {$IFDEF OMIT_THIS} - purpose : TIdC_INT; // Purpose setting - trust : TIdC_INT; // Trust setting - {$ENDIF} - - quiet_shutdown : TIdC_INT; - //* Maximum amount of data to send in one fragment. - // * actual record size can be more than this due to - // * padding and MAC overheads. - // */ - max_send_fragment : TIdC_UINT; - {$IFNDEF OPENSSL_ENGINE} - ///* Engine to pass requests for client certs to - // */ - client_cert_engine : PENGINE; - {$ENDIF} - {$IFNDEF OPENSSL_NO_TLSEXT} -//* TLS extensions servername callback */ - tlsext_servername_callback : PSSL_CTEX_tlsext_servername_callback; - tlsext_servername_arg : Pointer; - //* RFC 4507 session ticket keys */ - tlsext_tick_key_name : array [0..(16-1)] of TIdAnsiChar; - tlsext_tick_hmac_key : array [0..(16-1)] of TIdAnsiChar; - tlsext_tick_aes_key : array [0..(16-1)] of TIdAnsiChar; - //* Callback to support customisation of ticket key setting */ - // int (*tlsext_ticket_key_cb)(SSL *ssl, - // unsigned char *name, unsigned char *iv, - // EVP_CIPHER_CTX *ectx, - // HMAC_CTX *hctx, int enc); - tlsext_ticket_key_cb : Ptlsext_ticket_key_cb; - //* certificate status request info */ - //* Callback for status request */ - //int (*tlsext_status_cb)(SSL *ssl, void *arg); - tlsext_status_cb : Ptlsext_status_cb; - tlsext_status_arg : Pointer; - {$ENDIF} - //* draft-rescorla-tls-opaque-prf-input-00.txt information */ - tlsext_opaque_prf_input_callback : function(para1 : PSSL; peerinput : Pointer; len : size_t; arg : Pointer ) : TIdC_INT cdecl; - //int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); - tlsext_opaque_prf_input_callback_arg : Pointer; - -{$ifndef OPENSSL_NO_PSK} - psk_identity_hint : PIdAnsiChar; - psk_client_callback : function (ssl : PSSL; hint : PIdAnsiChar; - identity : PIdAnsiChar; max_identity_len : TIdC_UINT; - psk : PIdAnsiChar; max_psk_len : TIdC_UINT ) : TIdC_UINT cdecl; - // unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, -// unsigned int max_identity_len, unsigned char *psk, -// unsigned int max_psk_len); - psk_server_callback : function (ssl : PSSL; identity, psk : PIdAnsiChar; max_psk_len : TIdC_UINT) : TIdC_UINT cdecl; -// unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, -// unsigned char *psk, unsigned int max_psk_len); -{$endif} - -{$ifndef OPENSSL_NO_BUF_FREELISTS} - freelist_max_len : TIdC_UINT; - wbuf_freelist : Pssl3_buf_freelist_st; - rbuf_freelist : Pssl3_buf_freelist_st; -{$endif} -{$ifndef OPENSSL_NO_SRP} - srp_ctx : SRP_CTX; //* ctx for SRP authentication */ -{$endif} - -{$ifndef OPENSSL_NO_TLSEXT} -//# ifndef OPENSSL_NO_NEXTPROTONEG - //* Next protocol negotiation information */ - //* (for experimental NPN extension). */ - - //* For a server, this contains a callback function by which the set of - // * advertised protocols can be provided. */ - next_protos_advertised_cb : function(s : PSSL; out but : PIdAnsiChar; - out len : TIdC_UINT; arg : Pointer) : TIdC_INT cdecl; -// int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, -// unsigned int *len, void *arg); - next_protos_advertised_cb_arg : Pointer; - //* For a client, this contains a callback function that selects the - // * next protocol from the list provided by the server. */ - next_proto_select_cb : function(s : PSSL; out _out : PIdAnsiChar; - outlen : PIdAnsiChar; - _in : PIdAnsiChar; - inlen : TIdC_UINT; - arg : Pointer) : TIdC_INT cdecl; -// int (*next_proto_select_cb)(SSL *s, unsigned char **out, -// unsigned char *outlen, -// const unsigned char *in, -// unsigned int inlen, -// void *arg); - next_proto_select_cb_arg : Pointer; -//# endif - //* SRTP profiles we are willing to do from RFC 5764 */ - srtp_profiles : PSTACK_OF_SRTP_PROTECTION_PROFILE; -{$endif} - end; {$EXTERNALSYM PSSL2_STATE} PSSL2_STATE = ^SSL2_STATE; {$EXTERNALSYM PSSL3_STATE} PSSL3_STATE = ^SSL3_STATE; {$EXTERNALSYM PDTLS1_STATE} - PDTLS1_STATE = ^DTLS1_STATE; + PDTLS1_STATE = Pointer; //* TLS extension debug callback */ {$EXTERNALSYM PSSL_tlsext_debug_cb} PSSL_tlsext_debug_cb = procedure (s : PSSL; client_server : TIdC_INT; _type : TIdC_INT; data : PIdAnsiChar; len : TIdC_INT; arg : Pointer); cdecl; - {$NODEFINE SSL} - SSL = record - // protocol version - // (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION) - version : TIdC_INT; - _type : TIdC_INT; //* SSL_ST_CONNECT or SSL_ST_ACCEPT */ - method : PSSL_METHOD; //* SSLv3 */ - // There are 2 BIO's even though they are normally both the - // same. This is so data can be read and written to different - // handlers - {$IFNDEF OPENSSL_NO_BIO} - rbio : PBIO; // used by SSL_read - wbio : PBIO; // used by SSL_write - bbio : PBIO; // used during session-id reuse to concatenate messages - {$ELSE} - rbio : PIdAnsiChar; // used by SSL_read - wbio : PIdAnsiChar; // used by SSL_write - bbio : PIdAnsiChar; - {$ENDIF} - // This holds a variable that indicates what we were doing - // when a 0 or -1 is returned. This is needed for - // non-blocking IO so we know what request needs re-doing when - // in SSL_accept or SSL_connect - rwstate : TIdC_INT; - // true when we are actually in SSL_accept() or SSL_connect() - in_handshake : TIdC_INT; - handshake_func : function (_para1 : PSSL) : TIdC_INT; cdecl; - // Imagine that here's a boolean member "init" that is - // switched as soon as SSL_set_{accept/connect}_state - // is called for the first time, so that "state" and - // handshake_func" are properly initialized. But as - // handshake_func is == 0 until then, we use this - // test instead of an "init" member. - server : TIdC_INT; // are we the server side? - mostly used by SSL_clear - new_session : TIdC_INT;//* Generate a new session or reuse an old one. - //* NB: For servers, the 'new' session may actually be a previously - //* cached session or even the previous session unless - //* SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - quiet_shutdown : TIdC_INT; // don't send shutdown packets - shutdown : TIdC_INT; // we have shut things down, 0x01 sent, 0x02 - // for received - state : TIdC_INT; // where we are - rstate : TIdC_INT; // where we are when reading - init_buf : PBUF_MEM; // buffer used during init - init_msg : Pointer; // pointer to handshake message body, set by ssl3_get_message() - init_num : TIdC_INT; // amount read/written - init_off : TIdC_INT; // amount read/written - // used internally to point at a raw packet - packet : PIdAnsiChar; - packet_length : TIdC_UINT; - s2 : Pssl2_state; // SSLv2 variables - s3 : Pssl3_state; // SSLv3 variables - d1 : Pdtls1_state; // DTLSv1 variables - read_ahead : TIdC_INT; // Read as many input bytes as possible (for non-blocking reads) - // callback that allows applications to peek at protocol messages - msg_callback : procedure(write_p, version, content_type : TIdC_INT; - const buf : Pointer; len : size_t; ssl : PSSL; arg : Pointer); cdecl; - msg_callback_arg : Pointer; - hit : TIdC_INT; //* reusing a previous session */ - param : PX509_VERIFY_PARAM; - {$IFDEF OMIT_THIS} - purpose : TIdC_INT; // Purpose setting - trust : TIdC_INT; // Trust setting - {$ENDIF} - // crypto - cipher_list : PSTACK_OF_SSL_CIPHER; - cipher_list_by_id : PSTACK_OF_SSL_CIPHER; - - //* These are the ones being used, the ones in SSL_SESSION are - // * the ones to be 'copied' into these ones */ - mac_flags : TIdC_INT; - // These are the ones being used, the ones in SSL_SESSION are - // the ones to be 'copied' into these ones - enc_read_ctx : PEVP_CIPHER_CTX; // cryptographic state - read_hash : PEVP_MD_CTX; // used for mac generation - {$IFNDEF OPENSSL_NO_COMP} - expand : PCOMP_CTX; // uncompress - {$ELSE} - expand : PIdAnsiChar; - {$ENDIF} - enc_write_ctx : PEVP_CIPHER_CTX; // cryptographic state - write_hash : PEVP_MD_CTX; // used for mac generation - {$IFNDEF OPENSSL_NO_COMP} - compress : PCOMP_CTX; // compression - {$ELSE} - compress : PIdAnsiChar; - {$ENDIF} - // session info - // client cert? - // This is used to hold the server certificate used - cert : PCERT; - // the session_id_context is used to ensure sessions are only reused - // in the appropriate context - sid_ctx_length : TIdC_UINT; - sid_ctx : array [0..SSL_MAX_SID_CTX_LENGTH -1] of TIdAnsiChar; - // This can also be in the session once a session is established - session : PSSL_SESSION; - // Default generate session ID callback. - generate_session_id : PGEN_SESSION_CB; - // Used in SSL2 and SSL3 - verify_mode : TIdC_INT; // 0 don't care about verify failure. - // 1 fail if verify fails - verify_callback : function (ok : TIdC_INT; ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; // fail if callback returns 0 - info_callback : procedure(const ssl : PSSL; _type, val : TIdC_INT) ; cdecl; - error : TIdC_INT; // error bytes to be written - error_code : TIdC_INT; // actual code - {$IFNDEF OPENSSL_NO_KRB5} - kssl_ctx : PKSSL_CTX; // Kerberos 5 context - {$ENDIF} -{$ifndef OPENSSL_NO_PSK} - psk_client_callback : function(ssl : PSSL; hint : PIdAnsiChar; - identity : PIdAnsiChar; - max_identity_len : TIdC_UINT; - psk : PIdAnsiChar; - max_psk_len : TIdC_UINT) : TIdC_UINT cdecl; -// unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, -// unsigned int max_identity_len, unsigned char *psk, -// unsigned int max_psk_len); - psk_server_callback : function(ssl : PSSL; identity : PIdAnsiChar; - psk : PIdAnsiChar; max_psk_len : TIdC_UINT) : TIdC_UINT cdecl; -// unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, -// unsigned char *psk, unsigned int max_psk_len); -{$endif} - ctx : PSSL_CTX; - // set this flag to 1 and a sleep(1) is put into all SSL_read() - // and SSL_write() calls, good for nbio debuging :-) - debug : TIdC_INT; - // extra application data - verify_result : TIdC_LONG; - ex_data : CRYPTO_EX_DATA; - // for server side, keep the list of CA_dn we can use - client_CA : PSTACK_OF_X509_NAME; - references : TIdC_INT; - options : TIdC_ULONG; // protocol behaviour - mode : TIdC_ULONG; // API behaviour - max_cert_list : TIdC_LONG; - first_packet : TIdC_INT; - client_version : TIdC_INT; // what was passed, used for - // SSLv3/TLS rollback check - max_send_fragment : TIdC_UINT; - {$IFNDEF OPENSSL_NO_TLSEXT} - //* TLS extension debug callback */ - tlsext_debug_cb : PSSL_tlsext_debug_cb; - tlsext_debug_arg : Pointer; - tlsext_hostname : PIdAnsiChar; - servername_done : TIdC_INT; //* no further mod of servername - // 0 : call the servername extension callback. - // 1 : prepare 2, allow last ack just after in server callback. - // 2 : don't call servername callback, no ack in server hello - //*/ - //* certificate status request info */ - //* Status type or -1 if no status type */ - tlsext_status_type : TIdC_INT; - //* Expect OCSP CertificateStatus message */ - tlsext_status_expected : TIdC_INT; - -{$ifndef OPENSSL_NO_EC} - tlsext_ecpointformatlist_length : size_t; - tlsext_ecpointformatlist : PIdAnsiChar; //* our list */ - tlsext_ellipticcurvelist_length : size_t; - tlsext_ellipticcurvelist : PIdAnsiChar; //* our list */ -{$endif} //* OPENSSL_NO_EC */ - - - //* draft-rescorla-tls-opaque-prf-input-00.txt information to be used for handshakes */ - tlsext_opaque_prf_input : Pointer; - tlsext_opaque_prf_input_len : size_t; - - //* TLS Session Ticket extension override */ - tlsext_session_ticket : PTLS_SESSION_TICKET_EXT; - - //* TLS Session Ticket extension callback */ - tls_session_ticket_ext_cb : tls_session_ticket_ext_cb_fn; - tls_session_ticket_ext_cb_arg : Pointer; - - //* TLS pre-shared secret session resumption */ - tls_session_secret_cb : tls_session_secret_cb_fn; - tls_session_secret_cb_arg : Pointer; - - initial_ctx : PSSL_CTX; //* initial ctx, used to store sessions */ - -{$ifndef OPENSSL_NO_NEXTPROTONEG} - ///* Next protocol negotiation. For the client, this is the protocol that - // * we sent in NextProtocol and is set when handling ServerHello - // * extensions. - // * - // * For a server, this is the client's selected_protocol from - // * NextProtocol and is set when handling the NextProtocol message, - // * before the Finished message. */ - next_proto_negotiated : PIdAnsiChar; - next_proto_negotiated_len : Byte; -{$endif} - - //* OCSP status request only */ - tlsext_ocsp_ids : PSTACK_OF_OCSP_RESPID;//STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; - tlsext_ocsp_exts : PX509_EXTENSIONS; - //* OCSP response received or to be sent */ - tlsext_ocsp_resp : PIdAnsiChar; - tlsext_ocsp_resplen : TIdC_INT; - //* RFC4507 session ticket expected to be received or sent */ - tlsext_ticket_expected : TIdC_INT; - _initial_ctx : PSSL_CTX; //* initial ctx, used to store sessions */ - {$DEFINE session_ctx} - {$DEFINE initial_ctx} -{$ELSE} - {$DEFINE ctx} - {$DEFINE session_ctx} -{$ENDIF} - end; //ssl2.h {$EXTERNALSYM SSL2_STATE} SSL2_STATE = record @@ -16266,133 +15239,8 @@ pitem = record next : ppitem; end; //ssl/dtls1.h - //for some reason, this header is refering to crypto/pqueue/pqueue.c - //which is in the OpenSSL headers. - {$EXTERNALSYM pqueue} - pqueue = record - items : ppitem; - count : TIdC_INT; - end; - // - {$EXTERNALSYM dtls1_retransmit_state} - dtls1_retransmit_state = record - enc_write_ctx : PEVP_CIPHER_CTX; //* cryptographic state */ - write_hash : PEVP_MD; //* used for mac generation */ -{$IFNDEF OPENSSL_NO_COMP} - compress : COMP_CTX; //* compression */ -{$ELSE} - compress : PIdAnsiChar; -{$ENDIF} - session : PSSL_SESSION; - epoch : TIdC_USHORT; - end; - {$EXTERNALSYM Pdtls1_retransmit_state} - Pdtls1_retransmit_state = ^dtls1_retransmit_state; - {$EXTERNALSYM DTLS1_BITMAP} - DTLS1_BITMAP = record - map : PQ_64BIT; - length : TIdC_ULONG; // sizeof the bitmap in bits - max_seq_num : PQ_64BIT; // max record number seen so far - end; - {$EXTERNALSYM PDTLS1_BITMAP} - PDTLS1_BITMAP = ^DTLS1_BITMAP; - {$EXTERNALSYM hm_header} - hm_header = record - _type : PIdAnsiChar; - msg_len : TIdC_ULONG; - seq : TIdC_USHORT; - frag_off : TIdC_ULONG; - frag_len : TIdC_ULONG; - is_ccs : TIdC_UINT; - // struct dtls1_retransmit_state saved_retransmit_state; - saved_retransmit_state : dtls1_retransmit_state; - end; - {$EXTERNALSYM ccs_header_st} - ccs_header_st = record - _type : PIdAnsiChar; - seq : TIdC_USHORT; - end; - {$EXTERNALSYM dtls1_timeout_st} - dtls1_timeout_st = record - // Number of read timeouts so far - read_timeouts : TIdC_UINT; - // Number of write timeouts so far - write_timeouts : TIdC_UINT; - // Number of alerts received so far - num_alerts : TIdC_UINT; - end; - {$EXTERNALSYM record_pqueue} - record_pqueue = record - epoch : TIdC_USHORT; - q : pqueue; - end; - {$EXTERNALSYM hm_fragment} - hm_fragment = record - msg_header : hm_header; - fragment : PIdAnsiChar; - reassembly : PIdAnsiChar; - end; - {$EXTERNALSYM DTLS1_STATE} - DTLS1_STATE = record - send_cookie : TIdC_UINT; - cookie : array [0..DTLS1_COOKIE_LENGTH - 1 ] of TIdAnsiChar; - rcvd_cookie : array [0..DTLS1_COOKIE_LENGTH -1] of TIdAnsiChar; - cookie_len : TIdC_UINT; - // The current data and handshake epoch. This is initially - // undefined, and starts at zero once the initial handshake is - // completed - r_epoch : TIdC_USHORT; - w_epoch : TIdC_USHORT; - // records being received in the current epoch - bitmap : DTLS1_BITMAP; - // renegotiation starts a new set of sequence numbers - next_bitmap : DTLS1_BITMAP; - // handshake message numbers - handshake_write_seq : TIdC_USHORT; - next_handshake_write_seq : TIdC_USHORT; - handshake_read_seq : TIdC_USHORT; - //* save last sequence number for retransmissions */ - last_write_sequence : array [0..8-1] of byte; - - // Received handshake records (processed and unprocessed) - unprocessed_rcds : record_pqueue; - processed_rcds : record_pqueue; - // Buffered handshake messages - buffered_messages : pqueue; - // Buffered (sent) handshake records - sent_messages : pqueue; - ///* Buffered application records. - //* Only for records between CCS and Finished - //* to prevent either protocol violation or - //* unnecessary message loss. - //*/ - buffered_app_data : record_pqueue; - - ///* Is set when listening for new connections with dtls1_listen() */ - listen : TIdC_UINT; - - mtu : TIdC_UINT; // max wire packet size - w_msg_hdr : hm_header; - r_msg_hdr : hm_header; - timeout : dtls1_timeout_st; - //* Indicates when the last handshake msg sent will timeout */ - next_timeout : timeval; - - //* Timeout duration */ - timeout_duration : TIdC_USHORT; - - // storage for Alert/Handshake protocol data received but not - // yet processed by ssl3_read_bytes: - alert_fragment : array [0..DTLS1_AL_HEADER_LENGTH-1] of TIdAnsiChar; - alert_fragment_len : TIdC_UINT; - handshake_fragment : array[0..DTLS1_HM_HEADER_LENGTH -1] of TIdAnsiChar; - handshake_fragment_len : TIdC_UINT; - retransmitting : TIdC_UINT; - change_cipher_spec_ok : TIdC_UINT; - end; - {$EXTERNALSYM X509V3_CTX} - X509V3_CTX = V3_EXT_CTX; + X509V3_CTX = Pointer; {$EXTERNALSYM PX509V3_CTX} PX509V3_CTX = ^X509V3_CTX; @@ -16470,8 +15318,6 @@ DTLS1_STATE = record pder : PPIdAnsiChar; derlen : TIdC_INT): TIdC_INT cdecl; {$EXTERNALSYM EVP_PKEY_asn1_set_param_param_encode} EVP_PKEY_asn1_set_param_param_encode = function(pkey : PEVP_PKEY; pder : PPIdAnsiChar) : TIdC_INT cdecl; - {$EXTERNALSYM EVP_PKEY_asn1_set_param_param_missing} - EVP_PKEY_asn1_set_param_param_missing = function(pk : EVP_PKEY) : TIdC_INT cdecl; {$EXTERNALSYM EVP_PKEY_asn1_set_param_param_copy} EVP_PKEY_asn1_set_param_param_copy = function(_to : PEVP_PKEY; from : PEVP_PKEY) : TIdC_INT cdecl; {$EXTERNALSYM EVP_PKEY_asn1_set_param_param_cmp} @@ -16562,7 +15408,6 @@ DTLS1_STATE = record //SSL Version function {$EXTERNALSYM _SSLeay_version} _SSLeay_version : function(_type : TIdC_INT) : PIdAnsiChar cdecl = nil; - //SSLeay {$EXTERNALSYM SSLeay} SSLeay : function : TIdC_ULONG cdecl = nil; {$EXTERNALSYM _CRYPTO_lock} @@ -16605,6 +15450,8 @@ DTLS1_STATE = record CRYPTO_THREADID_set_pointer : procedure(id : PCRYPTO_THREADID; ptr : Pointer) cdecl = nil; {$EXTERNALSYM CRYPTO_THREADID_set_callback} CRYPTO_THREADID_set_callback : function(threadid_func : TCRYPTO_THREADID_set_callback_threadid_func) : TIdC_INT cdecl = nil; + {$EXTERNALSYM OPENSSL_init_crypto} + OPENSSL_init_crypto : function (opts : TIdC_UINT64; const settings : POPENSSL_INIT_SETTINGS) : TIdC_INT cdecl = nil; {$EXTERNALSYM sk_num} sk_num : function (const x : PSTACK) : TIdC_INT cdecl = nil; {$EXTERNALSYM sk_value} @@ -16907,6 +15754,10 @@ DTLS1_STATE = record EVP_MD_CTX_create: function : PEVP_MD_CTX cdecl = nil; {$EXTERNALSYM EVP_MD_CTX_destroy} EVP_MD_CTX_destroy : procedure(ctx : PEVP_MD_CTX) cdecl = nil; + {$EXTERNALSYM EVP_MD_CTX_new} + EVP_MD_CTX_new: function : PEVP_MD_CTX cdecl = nil; + {$EXTERNALSYM EVP_MD_CTX_free} + EVP_MD_CTX_free : function(ctx : PEVP_MD_CTX) : TIdC_Int cdecl = nil; {$EXTERNALSYM EVP_MD_CTX_copy} EVP_MD_CTX_copy : function(_out : PEVP_MD_CTX; _in: PEVP_MD_CTX): TIdC_INT cdecl = nil; {$EXTERNALSYM EVP_MD_CTX_copy_ex} @@ -16942,7 +15793,7 @@ DTLS1_STATE = record {$EXTERNALSYM EVP_CIPHER_block_size} EVP_CIPHER_block_size : function(cipher : PEVP_CIPHER) : TIdC_INT cdecl = nil; {$EXTERNALSYM EVP_CIPHER_key_length} - EVP_CIPHER_key_length : function(cipher : EVP_CIPHER) : TIdC_INT cdecl = nil; + EVP_CIPHER_key_length : function(cipher : PEVP_CIPHER) : TIdC_INT cdecl = nil; {$EXTERNALSYM EVP_CIPHER_iv_length} EVP_CIPHER_iv_length : function(cipher: PEVP_CIPHER) : TIdC_INT cdecl = nil; {$EXTERNALSYM EVP_CIPHER_flags} @@ -16967,6 +15818,8 @@ DTLS1_STATE = record EVP_CIPHER_CTX_set_app_data : procedure(ctx : PEVP_CIPHER_CTX; data : Pointer) cdecl =nil; {$EXTERNALSYM EVP_CIPHER_CTX_flags} EVP_CIPHER_CTX_flags : function(ctx : PEVP_CIPHER_CTX) : TIdC_ULONG cdecl = nil; + {$EXTERNALSYM EVP_CIPHER_CTX_get0_cipher} + EVP_CIPHER_CTX_get0_cipher : function(ctx : PEVP_CIPHER_CTX): PEVP_CIPHER cdecl = nil; {$EXTERNALSYM ASN1_INTEGER_set} ASN1_INTEGER_set : function(a: PASN1_INTEGER; v: TIdC_LONG): TIdC_INT cdecl = nil; {$EXTERNALSYM ASN1_INTEGER_get} @@ -16996,6 +15849,16 @@ DTLS1_STATE = record i2d_X509_CRL : function(x: PX509_CRL; buf: PPByte): TIdC_INT cdecl = nil; {$EXTERNALSYM d2i_X509_CRL} d2i_X509_CRL : function(pr : PX509_CRL; _in : PPByte; len : TIdC_INT): PX509_REQ cdecl = nil; + {$EXTERNALSYM _X509_CRL_get_version} + _X509_CRL_get_version : function(crl : PX509_CRL) : TIdC_ULONG cdecl = nil; + {$EXTERNALSYM _X509_CRL_get_lastUpdate} + _X509_CRL_get_lastUpdate : function(crl : PX509_CRL) : PASN1_TIME cdecl = nil; + {$EXTERNALSYM _X509_CRL_get_lastUpdate} + _X509_CRL_get_nextUpdate : function(crl : PX509_CRL) : PASN1_TIME cdecl = nil; + {$EXTERNALSYM _X509_CRL_get_issuer} + _X509_CRL_get_issuer : function(crl : PX509_CRL) : PX509_NAME cdecl = nil; + {$EXTERNALSYM _X509_CRL_get_REVOKED} + _X509_CRL_get_REVOKED : function(crl : PX509_CRL) : PSTACK_OF_X509_REVOKED cdecl = nil; {$EXTERNALSYM i2d_RSAPrivateKey} i2d_RSAPrivateKey : function(x: PRSA; buf: PPByte): TIdC_INT cdecl = nil; {$EXTERNALSYM d2i_RSAPrivateKey} @@ -17062,6 +15925,8 @@ DTLS1_STATE = record X509_REQ_new : function :PX509_REQ cdecl = nil; {$EXTERNALSYM X509_REQ_free} X509_REQ_free : procedure(x:PX509_REQ) cdecl = nil; + {$EXTERNALSYM X509_REQ_get_version} + _X509_REQ_get_version : function(req : PX509_REQ) : TIdC_LONG cdecl = nil; {$EXTERNALSYM X509_to_X509_REQ} X509_to_X509_REQ : function(x: PX509; pkey: PEVP_PKEY; const md: PEVP_MD): PX509_REQ cdecl = nil; {$EXTERNALSYM X509_NAME_add_entry_by_txt} @@ -17069,6 +15934,8 @@ DTLS1_STATE = record const bytes: PIdAnsiChar; len, loc, _set: TIdC_INT): TIdC_INT cdecl = nil; {$EXTERNALSYM X509_INFO_free} X509_INFO_free : procedure (a : PX509_INFO) cdecl = nil; + {$EXTERNALSYM X509_get0_signature} + X509_get0_signature : procedure(psig : PPASN1_BIT_STRING; palg : PPX509_ALGOR; x : PX509) cdecl = nil; {$EXTERNALSYM X509_set_version} X509_set_version : function(x: PX509; version: TIdC_LONG): TIdC_INT cdecl = nil; {$EXTERNALSYM X509_get_serialNumber} @@ -17083,16 +15950,28 @@ DTLS1_STATE = record X509_set_pubkey : function(x: PX509; pkey: PEVP_PKEY): TIdC_INT cdecl = nil; {$EXTERNALSYM X509_REQ_set_pubkey} X509_REQ_set_pubkey : function(x: PX509_REQ; pkey: PEVP_PKEY): TIdC_INT cdecl = nil; + {$EXTERNALSYM X509_verify_cert_error_string} + X509_verify_cert_error_string : function(n: TIdC_LONG): PIdAnsiChar cdecl = nil; {$EXTERNALSYM X509_PUBKEY_get} X509_PUBKEY_get : function(key: PX509_PUBKEY): PEVP_PKEY cdecl = nil; {$EXTERNALSYM X509_verify} X509_verify : function(x509: PX509; pkey: PEVP_PKEY): TIdC_INT cdecl = nil; + {$EXTERNALSYM X509_get_version} + X509_get_version : function(x : PX509) : TIdC_LONG cdecl = nil; + {$EXTERNALSYM X509_get_signature_type} + X509_get_signature_type : function(x : PX509) : TIdC_INT cdecl = nil; + {$EXTERNALSYM X509_getm_notBefore} + X509_getm_notBefore : function(x : PX509) : PASN1_TIME cdecl = nil; + {$EXTERNALSYM X509_getm_notAfter} + X509_getm_notAfter : function(x : PX509) : PASN1_TIME cdecl = nil; {$EXTERNALSYM X509_sign} X509_sign : function(x: PX509; pkey: PEVP_PKEY; const md: PEVP_MD): TIdC_INT cdecl = nil; {$EXTERNALSYM X509_REQ_sign} X509_REQ_sign : function(x: PX509_REQ; pkey: PEVP_PKEY; const md: PEVP_MD): TIdC_INT cdecl = nil; {$EXTERNALSYM X509_REQ_add_extensions} X509_REQ_add_extensions : function(req: PX509_REQ; exts: PSTACK_OF_X509_EXTENSION): TIdC_INT cdecl = nil; + {$EXTERNALSYM _X509_REQ_get_subject_name} + _X509_REQ_get_subject_name : function(req : PX509_REQ) : PX509_NAME cdecl = nil; {$EXTERNALSYM X509V3_EXT_conf_nid} X509V3_EXT_conf_nid : function(conf: PLHASH; ctx: PX509V3_CTX; ext_nid: TIdC_INT; value: PIdAnsiChar): PX509_EXTENSION cdecl = nil; {$EXTERNALSYM X509_EXTENSION_create_by_NID} @@ -17130,6 +16009,8 @@ DTLS1_STATE = record SSL_CTX_use_certificate_file : function(ctx: PSSL_CTX; const _file: PIdAnsiChar; _type: TIdC_INT): TIdC_INT cdecl = nil; {$EXTERNALSYM SSL_CTX_use_certificate_chain_file} //OpenSSL 1.0.2 SSL_CTX_use_certificate_chain_file : function(ctx : PSSL_CTX; _file : PIdAnsiChar) : TIdC_INT cdecl = nil; + {$EXTERNALSYM OPENSSL_init_ssl} + OPENSSL_init_ssl : function (opts : TIdC_UINT64; const settings : POPENSSL_INIT_SETTINGS) : TIdC_INT cdecl; {$EXTERNALSYM SSL_load_error_strings} SSL_load_error_strings : procedure cdecl = nil; {$EXTERNALSYM SSL_state_string_long} @@ -17152,8 +16033,10 @@ DTLS1_STATE = record SSL_CTX_set_default_passwd_cb_userdata: procedure(ctx: PSSL_CTX; u: Pointer) cdecl = nil; {$EXTERNALSYM SSL_CTX_check_private_key} SSL_CTX_check_private_key : function(ctx: PSSL_CTX): TIdC_INT cdecl = nil; - - + {$EXTERNALSYM SSL_CTX_get_cert_store} + SSL_CTX_get_cert_store : function(const Ctx: PSSL_CTX): PX509_STORE; cdecl = nil; + {$EXTERNALSYM SSL_get_ex_data_X509_STORE_CTX_idx} + SSL_get_ex_data_X509_STORE_CTX_idx : function: Integer; cdecl = nil; {$EXTERNALSYM SSL_new} SSL_new : function(ctx: PSSL_CTX): PSSL cdecl = nil; {$EXTERNALSYM SSL_free} @@ -17184,43 +16067,6 @@ DTLS1_STATE = record SSL_CTX_callback_ctrl : function(ssl : PSSL_CTX; cmd : TIdC_INT; fp : SSL_callback_ctrl_fp) : TIdC_LONG cdecl = nil; {$EXTERNALSYM SSL_get_error} SSL_get_error : function(s: PSSL; ret_code: TIdC_INT): TIdC_INT cdecl = nil; - {$EXTERNALSYM SSLv2_method} - SSLv2_method : function: PSSL_METHOD cdecl = nil; // SSLv2 - {$EXTERNALSYM SSLv2_server_method} - SSLv2_server_method : function: PSSL_METHOD cdecl = nil; // SSLv2 - {$EXTERNALSYM SSLv2_client_method} - SSLv2_client_method : function: PSSL_METHOD cdecl = nil; // SSLv2 - {$EXTERNALSYM SSLv3_method} - SSLv3_method : function: PSSL_METHOD cdecl = nil; // SSLv3 - {$EXTERNALSYM SSLv3_server_method} - SSLv3_server_method : function: PSSL_METHOD cdecl = nil; // SSLv3 - {$EXTERNALSYM SSLv3_client_method} - SSLv3_client_method : function: PSSL_METHOD cdecl = nil; // SSLv3 - {$EXTERNALSYM SSLv23_method} - SSLv23_method : function: PSSL_METHOD cdecl = nil; // SSLv3 but can rollback to v2 - {$EXTERNALSYM SSLv23_server_method} - SSLv23_server_method : function: PSSL_METHOD cdecl = nil; // SSLv3 but can rollback to v2 - {$EXTERNALSYM SSLv23_client_method} - SSLv23_client_method : function: PSSL_METHOD cdecl = nil; // SSLv3 but can rollback to v2 - {$EXTERNALSYM TLSv1_method} - TLSv1_method : function: PSSL_METHOD cdecl = nil; // TLSv1.0 - {$EXTERNALSYM TLSv1_server_method} - TLSv1_server_method : function: PSSL_METHOD cdecl = nil; // TLSv1.0 - {$EXTERNALSYM TLSv1_client_method} - TLSv1_client_method : function: PSSL_METHOD cdecl = nil; // TLSv1.0 - {$EXTERNALSYM TLSv1_1_method} - TLSv1_1_method : function : PSSL_METHOD cdecl = nil; //TLS1.1 - {$EXTERNALSYM TLSv1_1_server_method} - TLSv1_1_server_method : function : PSSL_METHOD cdecl = nil; //TLS1.1 - {$EXTERNALSYM TLSv1_1_client_method} - TLSv1_1_client_method : function : PSSL_METHOD cdecl = nil; //TLS1.1 - {$EXTERNALSYM TLSv1_2_method} - TLSv1_2_method : function : PSSL_METHOD cdecl = nil; //* TLSv1.2 */ - {$EXTERNALSYM TLSv1_2_server_method} - TLSv1_2_server_method : function : PSSL_METHOD cdecl = nil; //* TLSv1.2 */ - {$EXTERNALSYM TLSv1_2_client_method} - TLSv1_2_client_method : function : PSSL_METHOD cdecl = nil; //* TLSv1.2 */ - {$EXTERNALSYM DTLSv1_method} DTLSv1_method : function: PSSL_METHOD cdecl = nil; // DTLSv1.0 {$EXTERNALSYM DTLSv1_server_method} @@ -17253,6 +16099,8 @@ DTLS1_STATE = record X509_NAME_cmp : function(const a, b: PX509_NAME): TIdC_INT cdecl = nil; {$EXTERNALSYM X509_NAME_hash} X509_NAME_hash : function(x: PX509_NAME): TIdC_ULONG cdecl = nil; + {$EXTERNALSYM X509_NAME_hash_ex} + X509_NAME_hash_ex : function(x: PX509_NAME; libctx : POSSL_LIB_CTX; propq : PIdAnsiChar; ok : PIdC_INT) : TIdC_ULONG cdecl = nil; {$EXTERNALSYM X509_set_issuer_name} X509_set_issuer_name : function(x: PX509; name: PX509_NAME): TIdC_INT cdecl = nil; {$EXTERNALSYM X509_get_issuer_name} @@ -17759,7 +16607,6 @@ DTLS1_STATE = record EVP_PKEY_asn1_set_param : procedure(ameth : PEVP_PKEY_ASN1_METHOD; param_decode : EVP_PKEY_asn1_set_param_param_decode; param_encode : EVP_PKEY_asn1_set_param_param_encode; - param_missing : EVP_PKEY_asn1_set_param_param_missing; param_copy : EVP_PKEY_asn1_set_param_param_copy; param_cmp : EVP_PKEY_asn1_set_param_param_cmp; param_print : EVP_PKEY_asn1_set_param_param_print) cdecl = nil; @@ -17940,6 +16787,8 @@ DTLS1_STATE = record X509_STORE_CTX_get_error_depth : function(ctx: PX509_STORE_CTX): TIdC_INT cdecl = nil; {$EXTERNALSYM X509_STORE_CTX_get_current_cert} X509_STORE_CTX_get_current_cert : function(ctx: PX509_STORE_CTX): PX509 cdecl = nil; + {$EXTERNALSYM X509_LOOKUP_get_store} + X509_LOOKUP_get_store : function(ctx : PX509_STORE_CTX) : PX509_STORE cdecl = nil; {$EXTERNALSYM _CRYPTO_num_locks} _CRYPTO_num_locks : function: TIdC_INT cdecl = nil; // return CRYPTO_NUM_LOCKS (shared libs!) {$EXTERNALSYM CRYPTO_set_locking_callback} @@ -17965,6 +16814,10 @@ DTLS1_STATE = record SSL_set_ex_data: function(ssl: PSSL; idx: TIdC_INT; data: Pointer): TIdC_INT cdecl = nil; {$EXTERNALSYM SSL_get_ex_data} SSL_get_ex_data: function(ssl: PSSL; idx: TIdC_INT): Pointer cdecl = nil; + {$EXTERNALSYM SSL_CTX_get_ex_data} + SSL_CTX_get_ex_data : function(ssl : PSSL_CTX; idx : TIdC_INT) : Pointer cdecl = nil; + {$EXTERNALSYM SSL_CTX_set_ex_data} + SSL_CTX_set_ex_data : function(ssl : PSSL_CTX; idx : TIdC_INT; data : Pointer) : TIdC_INT cdecl = nil; {$EXTERNALSYM PKCS12_create} PKCS12_create: function(pass, name: PIdAnsiChar; pkey: PEVP_PKEY; cert : PX509; ca: PSTACK_OF_X509; nid_key, nid_cert, iter, mac_iter, keytype : TIdC_INT) : PPKCS12 cdecl = nil; @@ -17974,6 +16827,8 @@ DTLS1_STATE = record PKCS12_free: procedure(p12: PPKCS12) cdecl = nil; {$EXTERNALSYM SSL_load_client_CA_file} SSL_load_client_CA_file: function(const _file: PIdAnsiChar): PSTACK_OF_X509_NAME cdecl = nil; + {$EXTERNALSYM SSL_CTX_set_info_callback} + SSL_CTX_set_info_callback : procedure(ctx: PSSL_CTX; cb: PSSL_CTX_info_callback) cdecl = nil; {$EXTERNALSYM SSL_CTX_set_client_CA_list} SSL_CTX_set_client_CA_list: procedure(ctx: PSSL_CTX; list: PSTACK_OF_X509_NAME) cdecl = nil; {$EXTERNALSYM SSL_CTX_set_default_verify_paths} @@ -17984,6 +16839,10 @@ DTLS1_STATE = record SSL_CIPHER_description: function(_para1: PSSL_CIPHER; buf: PIdAnsiChar; size: TIdC_INT): PIdAnsiChar cdecl = nil; {$EXTERNALSYM SSL_get_current_cipher} SSL_get_current_cipher: function(const s: PSSL): PSSL_CIPHER cdecl = nil; + {$EXTERNALSYM SSL_get_current_cipher} + SSL_version : function(ssl : PSSL): TIdC_INT cdecl = nil; + {$EXTERNALSYM SSL_client_version} + SSL_client_version : function(ssl : PSSL): TIdC_INT cdecl = nil; {$EXTERNALSYM SSL_CIPHER_get_name} SSL_CIPHER_get_name: function(const c: PSSL_CIPHER): PIdAnsiChar cdecl = nil; {$EXTERNALSYM SSL_CIPHER_get_version} @@ -17994,7 +16853,13 @@ DTLS1_STATE = record {$EXTERNALSYM ERR_error_string_n} ERR_error_string_n: procedure(e: TIdC_ULONG; buf: PIdAnsiChar; len : size_t) cdecl = nil; {$EXTERNALSYM ERR_put_error} - ERR_put_error : procedure (lib, func, reason : TIdC_INT; _file : PIdAnsiChar; line : TIdC_INT) cdecl = nil; + _ERR_put_error : procedure (lib, func, reason : TIdC_INT; _file : PIdAnsiChar; line : TIdC_INT) cdecl = nil; + {$EXTERNALSYM ERR_new} + Err_new : procedure cdecl = nil; + {$EXTERNALSYM ERR_set_debug} + ERR_set_debug : procedure (_file : PIdAnsiChar; line: TIdC_INT; func: PIdAnsiChar) cdecl = nil; + {$EXTERNALSYM ERR_set_error} + ERR_set_error : procedure (lib, reason : TIdC_INT; fmt : PIdAnsiChar) cdecl = nil; {$EXTERNALSYM ERR_get_error} ERR_get_error : function: TIdC_ULONG cdecl = nil; {$EXTERNALSYM ERR_peek_error} @@ -18043,56 +16908,28 @@ DTLS1_STATE = record _FIPS_mode : function () : TIdC_INT cdecl = nil; {$ENDIF} -{$IFNDEF OPENSSL_NO_HMAC} -{ -NOTE: - -There is breakage between OpenSSL 0.9.x and OpenSSL 1.0x. Some HMAC functions -were changed to return a result code. MOst of this is ugly but necessary to -work around the issues involved. Basically, the result of the C functions is -changed from "void" to "int" so that they can return failure. -} //void HMAC_CTX_init(HMAC_CTX *ctx); - {$EXTERNALSYM HMAC_CTX_init} - HMAC_CTX_init : procedure(ctx : PHMAC_CTX) cdecl = nil; - -//void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, -// const EVP_MD *md, ENGINE *impl); - {$EXTERNALSYM _HMAC_Init_ex} - _HMAC_Init_ex : procedure(ctx : PHMAC_CTX; key : Pointer; len : TIdC_INT; - md : PEVP_MD; impl : PENGINE) cdecl = nil; -//OpenSSL 1.0 -//int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, -// const EVP_MD *md, ENGINE *impl); - {$EXTERNALSYM _1_0_HMAC_Init_ex} - _1_0_HMAC_Init_ex : function(ctx : PHMAC_CTX; key : Pointer; len : TIdC_INT; + {$EXTERNALSYM HMAC_CTX_new} + HMAC_CTX_new : function : PHMAC_CTX; + {$EXTERNALSYM HMAC_CTX_reset} + HMAC_CTX_reset : function(ctx : PHMAC_CTX) : TIdC_INT cdecl = nil; + {$EXTERNALSYM HMAC_Init_ex} + HMAC_Init_ex : function(ctx : PHMAC_CTX; key : Pointer; len : TIdC_INT; md : PEVP_MD; impl : PENGINE) : TIdC_INT cdecl = nil; -//void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); - {$EXTERNALSYM _HMAC_Update} - _HMAC_Update : procedure(ctx : PHMAC_CTX; data : PIdAnsiChar; len : size_t) cdecl = nil; - //OpenSSL 1.0 - {$EXTERNALSYM _1_0_HMAC_Update} -//int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); - _1_0_HMAC_Update : function(ctx : PHMAC_CTX; data : PIdAnsiChar; len : size_t) : TIdC_INT cdecl = nil; - //void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); - {$EXTERNALSYM _HMAC_Final} - _HMAC_Final : procedure(ctx : PHMAC_CTX; md : PIdAnsiChar; len : PIdC_UINT) cdecl = nil; -//OpenSSL 1.0 - {$EXTERNALSYM _1_0_HMAC_Final} -// int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); - _1_0_HMAC_Final : function(ctx : PHMAC_CTX; md : PIdAnsiChar; len : PIdC_UINT) : TIdC_INT cdecl = nil; -//void HMAC_CTX_cleanup(HMAC_CTX *ctx); + {$EXTERNALSYM HMAC_Update} + HMAC_Update : function(ctx : PHMAC_CTX; data : PIdAnsiChar; len : size_t) : TIdC_INT cdecl = nil; + {$EXTERNALSYM HMAC_Final} + HMAC_Final : function(ctx : PHMAC_CTX; md : PIdAnsiChar; len : PIdC_UINT) : TIdC_INT cdecl = nil; {$EXTERNALSYM HMAC_CTX_cleanup} HMAC_CTX_cleanup : procedure (ctx : PHMAC_CTX) cdecl = nil; - {$EXTERNALSYM HMAC_Init_ex} -procedure HMAC_Init_ex(ctx : PHMAC_CTX; key : Pointer; len : TIdC_INT; - md : PEVP_MD; impl : PENGINE); - {$EXTERNALSYM HMAC_Update} -procedure HMAC_Update(ctx : PHMAC_CTX; data : PIdAnsiChar; len : size_t); - {$EXTERNALSYM HMAC_Final} -procedure HMAC_Final(ctx : PHMAC_CTX; md : PIdAnsiChar; len : PIdC_UINT); -{$ENDIF} +var + {$EXTERNALSYM TLS_method} + TLS_method : function: PSSL_METHOD cdecl = nil; + {$EXTERNALSYM TLS_client_method} + TLS_client_method : function : PSSL_METHOD cdecl = nil; + {$EXTERNALSYM TLS_server_method} + TLS_server_method : function : PSSL_METHOD cdecl = nil; {begin stack fancy stuff} { @@ -18209,10 +17046,6 @@ function M_ASN1_STRING_data(x : PASN1_STRING) : PIdAnsiChar; function X509_NAME_dup(xn : PX509_NAME) : PX509_NAME; {$EXTERNALSYM X509_STORE_CTX_get_app_data} function X509_STORE_CTX_get_app_data(ctx: PX509_STORE_CTX):Pointer; - {$EXTERNALSYM X509_get_version} -function X509_get_version(x : PX509): TIdC_LONG; - {$EXTERNALSYM X509_get_signature_type} -function X509_get_signature_type(x : PX509) : TIdC_INT; {$EXTERNALSYM X509_REQ_get_subject_name} function X509_REQ_get_subject_name(x:PX509_REQ):PX509_NAME; {$EXTERNALSYM X509_get_notBefore} @@ -18231,14 +17064,20 @@ function X509_CRL_get_nextUpdate(x : PX509_CRL) : PASN1_TIME; function X509_CRL_get_issuer(x : PX509_CRL) : PX509_NAME; {$EXTERNALSYM X509_CRL_get_REVOKED} function X509_CRL_get_REVOKED(x : PX509_CRL) : PSTACK_OF_X509_REVOKED; - {$EXTERNALSYM SSL_CTX_set_info_callback} -procedure SSL_CTX_set_info_callback(ctx: PSSL_CTX; cb: PSSL_CTX_info_callback); {$EXTERNALSYM SSL_CTX_set_options} function SSL_CTX_set_options(ctx: PSSL_CTX; op: TIdC_LONG):TIdC_LONG; + {$EXTERNALSYM SSL_CTX_set_min_proto_version} +function SSL_CTX_set_min_proto_version(ctx: PSSL_CTX; op: TIdC_LONG): TIdC_LONG; + {$EXTERNALSYM SSL_CTX_set_max_proto_version} +function SSL_CTX_set_max_proto_version(ctx: PSSL_CTX; op: TIdC_LONG): TIdC_LONG; {$EXTERNALSYM SSL_CTX_clear_options} function SSL_CTX_clear_options(ctx : PSSL_CTX; op : TIdC_LONG):TIdC_LONG; {$EXTERNALSYM SSL_CTX_get_options} function SSL_CTX_get_options(ctx: PSSL_CTX) : TIdC_LONG; + {$EXTERNALSYM SSL_set_min_proto_version} +function SSL_set_min_proto_version(s : PSSL; version : TIdC_LONG) : TIdC_INT; + {$EXTERNALSYM SSL_set_max_proto_version} +function SSL_set_max_proto_version(s : PSSL; version : TIdC_LONG) : TIdC_INT; {$EXTERNALSYM SSL_set_options} function SSL_set_options(ssl: PSSL; op : TIdC_LONG): TIdC_LONG; {$EXTERNALSYM SSL_clear_mode} @@ -18255,6 +17094,10 @@ function SSL_CTX_get_mode(ctx : PSSL_CTX) : TIdC_LONG; function SSL_set_mtu(ssl : PSSL; mtu : TIdC_LONG) : TIdC_LONG; {$EXTERNALSYM SSL_get_secure_renegotiation_support} function SSL_get_secure_renegotiation_support(ssl : PSSL) : TIdC_LONG; + {$EXTERNALSYM SSL_CTX_set_app_data} +function SSL_CTX_set_app_data(ctx : PSSL_CTX; arg : Pointer) : TIdC_INT; + {$EXTERNALSYM SSL_CTX_get_app_data} +function SSL_CTX_get_app_data(ctx : PSSL_CTX) : Pointer; {$EXTERNALSYM SSL_CTX_sess_number} function SSL_CTX_sess_number(ctx : PSSL_CTX) : TIdC_LONG; {$EXTERNALSYM SSL_CTX_sess_connect} @@ -18401,8 +17244,6 @@ function SSL_set_tlsext_heartbeat_no_requests(ssl : PSSL; arg : TIdC_LONG) : TId function TLS1_get_version(s : PSSL) : TIdC_INT; {$EXTERNALSYM TLS1_get_client_version} function TLS1_get_client_version(s : PSSL) : TIdC_INT; - {$EXTERNALSYM SSL_CTX_get_version} -function SSL_CTX_get_version(ctx: PSSL_CTX):TIdC_INT; //* BIO_s_connect() and BIO_s_socks4a_connect() */ {$EXTERNALSYM BIO_set_conn_hostname} function BIO_set_conn_hostname(b : PBIO; name : PIdAnsiChar) : TIdC_LONG; @@ -18757,8 +17598,8 @@ procedure SSLeay_add_all_ciphers; {$EXTERNALSYM SSLeay_add_all_digests} procedure SSLeay_add_all_digests; - {$EXTERNALSYM X509V3_set_ctx_nodb} -procedure X509V3_set_ctx_nodb(ctx: X509V3_CTX); +// {$EXTERNALSYM X509V3_set_ctx_nodb} +//procedure X509V3_set_ctx_nodb(ctx: X509V3_CTX); // {$EXTERNALSYM ErrMsg} function ErrMsg(AErr : TIdC_ULONG) : string; @@ -18875,15 +17716,6 @@ EIdDigestFinalEx = class(EIdDigestError); EIdDigestInitEx = class(EIdDigestError); EIdDigestUpdate = class(EIdDigestError); -function IsOpenSSL_1x : Boolean; -function IsOpenSSL_SSLv2_Available : Boolean; -function IsOpenSSL_SSLv3_Available : Boolean; -function IsOpenSSL_SSLv23_Available : Boolean; -function IsOpenSSL_TLSv1_0_Available : Boolean; -function IsOpenSSL_TLSv1_1_Available : Boolean; -function IsOpenSSL_TLSv1_2_Available : Boolean; -function IsOpenSSL_DTLSv1_Available : Boolean; - // RLebeau: should these be declared as EXTERNALSYM? procedure RAND_cleanup; function RAND_bytes(buf : PIdAnsiChar; num : integer) : integer; @@ -18911,111 +17743,18 @@ implementation {$ENDIF} {$ENDIF}; -{$IFNDEF OPENSSL_NO_HMAC} -procedure HMAC_Init_ex(ctx : PHMAC_CTX; key : Pointer; len : TIdC_INT; - md : PEVP_MD; impl : PENGINE); - {$IFDEF USE_INLINE} inline; {$ENDIF} -begin - if Assigned(_HMAC_Init_ex) then begin - _HMAC_Init_ex(ctx, key, len, md, impl ); - end else begin - if Assigned(_1_0_HMAC_Init_ex) then begin - _1_0_HMAC_Init_ex(ctx, key, len, md, impl ); - end; - end; -end; - -procedure HMAC_Update(ctx : PHMAC_CTX; data : PIdAnsiChar; len : size_t); - {$IFDEF USE_INLINE} inline; {$ENDIF} -begin - if Assigned(_HMAC_Update) then begin - _HMAC_Update(ctx, data, len ); - end else begin - if Assigned(_1_0_HMAC_Update) then begin - _1_0_HMAC_Update(ctx, data, len ); - end; - end; -end; - -procedure HMAC_Final(ctx : PHMAC_CTX; md : PIdAnsiChar; len : PIdC_UINT); - {$IFDEF USE_INLINE} inline; {$ENDIF} -begin - if Assigned(_HMAC_Final) then begin - _HMAC_Final(ctx, md, len ); - end else begin - if Assigned(_1_0_HMAC_Update) then begin - _1_0_HMAC_Final(ctx, md, len ); - end; - end; -end; -{$ENDIF} - -function IsOpenSSL_1x : Boolean; - {$IFDEF USE_INLINE} inline; {$ENDIF} +procedure ERR_put_error(lib, func, reason : TIdC_INT; _file : PIdAnsiChar; line : TIdC_INT); +{$IFDEF USE_INLINE} inline; {$ENDIF} begin - if Assigned( SSLeay ) then begin - Result := (SSLeay and $F0000000) = $10000000; + if Assigned(_ERR_put_error) then begin + _ERR_put_error(lib,func, reason, _file, line); end else begin - Result := False; + Err_new(); + ERR_set_debug(_file, line, nil); + ERR_set_error(lib, reason, nil); end; end; -function IsOpenSSL_SSLv2_Available : Boolean; -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Result := Assigned(SSLv2_method) and - Assigned(SSLv2_server_method) and - Assigned(SSLv2_client_method); -end; - -function IsOpenSSL_SSLv3_Available : Boolean; -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Result := Assigned(SSLv3_method) and - Assigned(SSLv3_server_method) and - Assigned(SSLv3_client_method); -end; - -function IsOpenSSL_SSLv23_Available : Boolean; -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Result := Assigned(SSLv23_method) and - Assigned(SSLv23_server_method) and - Assigned(SSLv23_client_method); -end; - -function IsOpenSSL_TLSv1_0_Available : Boolean; -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Result := Assigned(TLSv1_method) and - Assigned(TLSv1_server_method) and - Assigned(TLSv1_client_method); -end; - -function IsOpenSSL_TLSv1_1_Available : Boolean; -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Result := Assigned(TLSv1_1_method) and - Assigned(TLSv1_1_server_method) and - Assigned(TLSv1_1_client_method); -end; - -function IsOpenSSL_TLSv1_2_Available : Boolean; -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Result := Assigned(TLSv1_2_method) and - Assigned(TLSv1_2_server_method) and - Assigned(TLSv1_2_client_method); -end; - -function IsOpenSSL_DTLSv1_Available : Boolean; -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Result := Assigned(DTLSv1_method) and - Assigned(DTLSv1_server_method) and - Assigned(DTLSv1_client_method); -end; - //**************** FIPS Support backend ******************* function OpenSSLIsHashingIntfAvail : Boolean; begin @@ -19043,9 +17782,7 @@ function OpenSSLGetDigestCtx( AInst : PEVP_MD) : TIdHashIntCtx; {$IFDEF USE_INLINE} inline; {$ENDIF} var LRet : Integer; begin - Result := AllocMem(SizeOf(EVP_MD_CTX)); - EVP_MD_CTX_init(Result); - + Result := EVP_MD_CTX_new; LRet := EVP_DigestInit_ex(Result, AInst, nil); if LRet <> 1 then begin EIdDigestInitEx.RaiseException('EVP_DigestInit_ex error'); @@ -19237,8 +17974,9 @@ function OpenSSLFinalHashInst(ACtx: TIdHashIntCtx): TIdBytes; EIdDigestFinalEx.RaiseException('EVP_DigestFinal_ex error'); end; SetLength(Result,LLen); - EVP_MD_CTX_cleanup(ACtx); - FreeMem(ACtx,SizeOf(EVP_MD_CTX)); + if Assigned(EVP_MD_CTX_free) then begin + EVP_MD_CTX_free(ACtx); + end; end; function OpenSSLIsHMACAvail : Boolean; @@ -19246,10 +17984,10 @@ function OpenSSLIsHMACAvail : Boolean; {$IFDEF OPENSSL_NO_HMAC} Result := False; {$ELSE} - Result := Assigned(HMAC_CTX_init) and - ( Assigned(_HMAC_Init_ex) or Assigned(_1_0_HMAC_Init_ex) ) and - ( Assigned(_HMAC_Update) or Assigned(_1_0_HMAC_Update) ) and - ( Assigned(_HMAC_Final) or Assigned(_1_0_HMAC_Final) ) and + Result := Assigned(HMAC_CTX_reset) and + Assigned(HMAC_Init_ex) and + Assigned(HMAC_Update) and + Assigned(HMAC_Final) and Assigned(HMAC_CTX_cleanup); {$ENDIF} end; @@ -19268,8 +18006,8 @@ function OpenSSLGetHMACMD5Inst(const AKey : TIdBytes) : TIdHMACIntCtx; {$IFDEF OPENSSL_NO_MD5} Result := nil; {$ELSE} - Result := AllocMem(SizeOf(HMAC_CTX)); - HMAC_CTX_init(Result); + Result := HMAC_CTX_new; + HMAC_CTX_reset(Result); HMAC_Init_ex(Result, PByte(AKey), Length(AKey), EVP_md5, nil); {$ENDIF} end; @@ -19288,8 +18026,8 @@ function OpenSSLGetHMACSHA1Inst(const AKey : TIdBytes) : TIdHMACIntCtx; {$IFDEF OPENSSL_NO_SHA} Result := nil; {$ELSE} - Result := AllocMem(SizeOf(HMAC_CTX)); - HMAC_CTX_init(Result); + Result := HMAC_CTX_new; + HMAC_CTX_reset(Result); HMAC_Init_ex(Result, PByte(AKey), Length(AKey), EVP_sha1, nil); {$ENDIF} end; @@ -19309,8 +18047,8 @@ function OpenSSLGetHMACSHA224Inst(const AKey : TIdBytes) : TIdHMACIntCtx; {$IFDEF OPENSSL_NO_SHA256} Result := nil; {$ELSE} - Result := AllocMem(SizeOf(HMAC_CTX)); - HMAC_CTX_init(Result); + Result := HMAC_CTX_new; + HMAC_CTX_reset(Result); HMAC_Init_ex(Result, PByte(AKey), Length(AKey), EVP_sha224, nil); {$ENDIF} end; @@ -19329,8 +18067,8 @@ function OpenSSLGetHMACSHA256Inst(const AKey : TIdBytes) : TIdHMACIntCtx; {$IFDEF OPENSSL_NO_SHA256} Result := nil; {$ELSE} - Result := AllocMem(SizeOf(HMAC_CTX)); - HMAC_CTX_init(Result); + Result := HMAC_CTX_new; + HMAC_CTX_reset(Result); HMAC_Init_ex(Result, PByte(AKey), Length(AKey), EVP_sha256, nil); {$ENDIF} end; @@ -19349,8 +18087,8 @@ function OpenSSLGetHMACSHA384Inst(const AKey : TIdBytes) : TIdHMACIntCtx; {$IFDEF OPENSSL_NO_SHA512} Result := nil; {$ELSE} - Result := AllocMem(SizeOf(HMAC_CTX)); - HMAC_CTX_init(Result); + Result := HMAC_CTX_new; + HMAC_CTX_reset(Result); HMAC_Init_ex(Result, PByte(AKey), Length(AKey), EVP_sha384, nil); {$ENDIF} end; @@ -19369,8 +18107,8 @@ function OpenSSLGetHMACSHA512Inst(const AKey : TIdBytes) : TIdHMACIntCtx; {$IFDEF OPENSSL_NO_SHA512} Result := nil; {$ELSE} - Result := AllocMem(SizeOf(HMAC_CTX)); - HMAC_CTX_init(Result); + Result := HMAC_CTX_new; + HMAC_CTX_reset(Result); HMAC_Init_ex(Result, PByte(AKey), Length(AKey), EVP_sha512, nil); {$ENDIF} end; @@ -19389,9 +18127,15 @@ function OpenSSLFinalHMACInst(ACtx: TIdHMACIntCtx): TIdBytes; HMAC_Final(ACtx, PIdAnsiChar(@Result[0]), @LLen); SetLength(Result,LLen); HMAC_CTX_cleanup(ACtx); - FreeMem(ACtx,SizeOf(HMAC_CTX)); +// FreeMem(ACtx,SizeOf(HMAC_CTX)); +end; + +function LoadOpenSSL: Boolean; +begin + Result := Load; end; + //**************************************************** function FIPS_mode_set(onoff : TIdC_INT) : TIdC_INT; {$IFDEF INLINE}inline;{$ENDIF} begin @@ -19553,13 +18297,25 @@ class procedure EIdOpenSSLAPISSLError.RaiseExceptionCode(const AErrCode, ARetCod {$ENDIF} {$IFDEF WINDOWS} const - SSL_DLL_name = 'ssleay32.dll'; {Do not localize} - //The following is a workaround for an alternative name for - //one of the OpenSSL .DLL's. If you compile the .DLL's using - //mingw32, the SSL .dll might be named 'libssl32.dll' instead of - //ssleay32.dll like you would expect. - SSL_DLL_name_alt = 'libssl32.dll'; {Do not localize} + {$IFDEF WIN64} + SSL_DLL_1_1_name = 'libssl-1_1-x64.dll'; {Do not localize} + SSL_DLL_3_name = 'libssl-3-x64.dll'; {Do not localize} + {$ELSE} + SSL_DLL_1_1_name = 'libssl-1_1.dll'; {Do not localize} + SSL_DLL_3_name = 'libssl-3.dll'; {Do not localize} + {$ENDIF} SSLCLIB_DLL_name = 'libeay32.dll'; {Do not localize} + {$IFDEF WIN64} + SSLCLIB_DLL_1_1_name = 'libcrypto-1_1-x64.dll'; {Do not localize} + SSLCLIB_DLL_3_name = 'libcrypto-3-x64.dll'; {Do not localize} + {$ELSE} + SSLCLIB_DLL_1_1_name = 'libcrypto-1_1.dll'; {Do not localize} + SSLCLIB_DLL_3_name = 'libcrypto-3.dll'; {Do not localize} + {$ENDIF} + SSLCLIBS_LAST = 1; + SSLCLIBS : array [0..SSLCLIBS_LAST] of string = (SSLCLIB_DLL_3_name, SSLCLIB_DLL_1_1_name); + SSLLIBS_LAST = 1; + SSLLIBS : array [0..SSLLIBS_LAST] of string = (SSL_DLL_3_name, SSL_DLL_1_1_name); {$ENDIF} {$ENDIF} @@ -19601,23 +18357,23 @@ function GetCryptLibHandle : TIdLibHandle; const {most of these are commented out because we aren't using them now. I am keeping them in case we use them later.} - fn_sk_num = 'sk_num'; {Do not localize} - fn_sk_value = 'sk_value'; {Do not localize} + fn_sk_num = 'OPENSSL_sk_num'; {Do not localize} + fn_sk_value = 'OPENSSL_sk_value'; {Do not localize} {CH fn_sk_set = 'sk_set'; } {Do not localize} - fn_sk_new = 'sk_new'; {Do not localize} - fn_sk_new_null = 'sk_new_null'; {Do not localize} - fn_sk_free = 'sk_free'; {Do not localize} - fn_sk_pop_free = 'sk_pop_free'; {Do not localize} + fn_sk_new = 'OPENSSL_sk_new'; {Do not localize} + fn_sk_new_null = 'OPENSSL_sk_new_null'; {Do not localize} + fn_sk_free = 'OPENSSL_sk_free'; {Do not localize} + fn_sk_pop_free = 'OPENSSL_sk_pop_free'; {Do not localize} {CH fn_sk_insert = 'sk_insert'; } {Do not localize} {CH fn_sk_delete = 'sk_delete'; } {Do not localize} {CH fn_sk_delete_ptr = 'sk_delete_ptr'; } {Do not localize} - fn_sk_find = 'sk_find'; {Do not localize} - fn_sk_push = 'sk_push'; {Do not localize} + fn_sk_find = 'OPENSSL_sk_find'; {Do not localize} + fn_sk_push = 'OPENSSL_sk_push'; {Do not localize} {CH fn_sk_unshift = 'sk_unshift'; } {Do not localize} {CH fn_sk_shift = 'sk_shift'; } {Do not localize} {CH fn_sk_pop = 'sk_pop'; } {Do not localize} {CH fn_sk_zero = 'sk_zero'; } {Do not localize} - fn_sk_dup = 'sk_dup'; {Do not localize} + fn_sk_dup = 'OPENSSL_sk_dup'; {Do not localize} {CH fn_sk_sort = 'sk_sort'; } {Do not localize} fn_SSLeay_version = 'SSLeay_version'; {Do not localize} fn_SSLeay = 'SSLeay'; {Do not localize} @@ -19697,6 +18453,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_CRYPTO_get_mem_debug_functions = 'CRYPTO_get_mem_debug_functions'; }{Do not localize} {CH fn_CRYPTO_realloc_clean = 'CRYPTO_realloc_clean'; } {Do not localize} {CH fn_OPENSSL_cleanse = 'OPENSSL_cleanse'; } {Do not localize} + fn_OPENSSL_init_ssl = 'OPENSSL_init_ssl'; {Do not localize} {CH fn_CRYPTO_set_mem_debug_options = 'CRYPTO_set_mem_debug_options'; } {Do not localize} {CH fn_CRYPTO_get_mem_debug_options = 'CRYPTO_get_mem_debug_options'; } {Do not localize} {CH fn_CRYPTO_push_info_ = 'CRYPTO_push_info_'; } {Do not localize} @@ -19718,6 +18475,7 @@ function GetCryptLibHandle : TIdLibHandle; fn_CRYPTO_THREADID_set_numeric = 'CRYPTO_THREADID_set_numeric'; {Do not localize} fn_CRYPTO_THREADID_set_pointer = 'CRYPTO_THREADID_set_pointer'; {Do not localize} fn_CRYPTO_THREADID_set_callback = 'CRYPTO_THREADID_set_callback'; {Do not localize} + fn_OPENSSL_init_crypto = 'OPENSSL_init_crypto'; {Do not localize} //end section fn_CRYPTO_set_mem_functions = 'CRYPTO_set_mem_functions'; {Do not localize} {CH fn_CRYPTO_set_mem_info_functions = 'CRYPTO_set_mem_info_functions'; } {Do not localize} @@ -19925,7 +18683,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_RIPEMD160_Transform = 'RIPEMD160_Transform'; } {Do not localize} {$ENDIF} {$IFNDEF OPENSSL_NO_HMAC} - fn_HMAC_CTX_init = 'HMAC_CTX_init'; {Do not localize} + fn_HMAC_CTX_reset = 'HMAC_CTX_reset'; {Do not localize} fn_HMAC_CTX_cleanup = 'HMAC_CTX_cleanup'; {Do not localize} {CH fn_HMAC_Init = 'HMAC_Init'; } {Do not localize} fn_HMAC_Init_ex = 'HMAC_Init_ex'; {Do not localize} @@ -20794,11 +19552,14 @@ function GetCryptLibHandle : TIdLibHandle; fn_EVP_CIPHER_CTX_get_app_data = 'EVP_CIPHER_CTX_get_app_data'; {Do not localize} fn_EVP_CIPHER_CTX_set_app_data = 'EVP_CIPHER_CTX_set_app_data'; {Do not localize} fn_EVP_CIPHER_CTX_flags = 'EVP_CIPHER_CTX_flags'; {Do not localize} + fn_EVP_CIPHER_CTX_get0_cipher = 'EVP_CIPHER_CTX_get0_cipher'; {Do not localize} fn_EVP_Cipher = 'EVP_Cipher'; {Do not localize} fn_EVP_MD_CTX_init = 'EVP_MD_CTX_init'; {Do not localize} fn_EVP_MD_CTX_cleanup = 'EVP_MD_CTX_cleanup'; {Do not localize} fn_EVP_MD_CTX_create = 'EVP_MD_CTX_create'; {Do not localize} fn_EVP_MD_CTX_destroy = 'EVP_MD_CTX_destroy'; {Do not localize} + fn_EVP_MD_CTX_new = 'EVP_MD_CTX_new'; {Do not localize} + fn_EVP_MD_CTX_free = 'EVP_MD_CTX_free'; {Do not localize} fn_EVP_MD_CTX_copy_ex = 'EVP_MD_CTX_copy_ex'; {Do not localize} fn_EVP_MD_CTX_set_flags = 'EVP_MD_CTX_set_flags'; {Do not localize} fn_EVP_MD_CTX_clear_flags = 'EVP_MD_CTX_clear_flags'; {Do not localize} @@ -20919,18 +19680,18 @@ function GetCryptLibHandle : TIdLibHandle; fn_EVP_desx_cbc = 'EVP_desx_cbc'; {Do not localize} fn_EVP_des_ede3_cfb8 = 'EVP_des_ede3_cfb8'; {Do not localize} fn_EVP_des_ede_ecb = 'EVP_des_ede_ecb'; {Do not localize} - fn_EVP_des_ede3_ecb = 'EVP_des_ede3_ecb'; - fn_EVP_des_cfb64 = 'EVP_des_cfb64'; + fn_EVP_des_ede3_ecb = 'EVP_des_ede3_ecb'; {Do not localize} + fn_EVP_des_cfb64 = 'EVP_des_cfb64'; {Do not localize} - fn_EVP_des_cfb1 = 'EVP_des_cfb1'; - fn_EVP_des_cfb8 = 'EVP_des_cfb8'; - fn_EVP_des_ede_cfb64 = 'EVP_des_ede_cfb64'; + fn_EVP_des_cfb1 = 'EVP_des_cfb1'; {Do not localize} + fn_EVP_des_cfb8 = 'EVP_des_cfb8'; {Do not localize} + fn_EVP_des_ede_cfb64 = 'EVP_des_ede_cfb64'; {Do not localize} //#if 0 - fn_EVP_des_ede_cfb1 = 'EVP_des_ede_cfb1'; - fn_EVP_des_ede_cfb8 = 'EVP_des_ede_cfb8'; + fn_EVP_des_ede_cfb1 = 'EVP_des_ede_cfb1'; {Do not localize} + fn_EVP_des_ede_cfb8 = 'EVP_des_ede_cfb8'; {Do not localize} //#endif - fn_EVP_des_ede3_cfb64 = 'EVP_des_ede3_cfb64'; - fn_EVP_des_ede3_cfb1 = 'EVP_des_ede3_cfb1'; + fn_EVP_des_ede3_cfb64 = 'EVP_des_ede3_cfb64'; {Do not localize} + fn_EVP_des_ede3_cfb1 = 'EVP_des_ede3_cfb1'; {Do not localize} {$ENDIF} {$IFNDEF OPENSSL_NO_RC4} fn_EVP_rc4 = 'EVP_rc4'; {Do not localize} @@ -21114,75 +19875,75 @@ function GetCryptLibHandle : TIdLibHandle; fn_EVP_PBE_alg_add_type = 'EVP_PBE_alg_add_type'; {Do not localize} fn_EVP_PBE_find = 'EVP_PBE_find'; {Do not localize} fn_EVP_PBE_cleanup = 'EVP_PBE_cleanup'; {Do not localize} - fn_EVP_PKEY_asn1_get_count = 'EVP_PKEY_asn1_get_count'; - fn_EVP_PKEY_asn1_get0 = 'EVP_PKEY_asn1_get0'; - fn_EVP_PKEY_asn1_find = 'EVP_PKEY_asn1_find'; - fn_EVP_PKEY_asn1_find_str = 'EVP_PKEY_asn1_find_str'; - fn_EVP_PKEY_asn1_add0 = 'EVP_PKEY_asn1_add0'; - fn_EVP_PKEY_asn1_add_alias = 'EVP_PKEY_asn1_add_alias'; - fn_EVP_PKEY_asn1_get0_info = 'EVP_PKEY_asn1_get0_info'; - fn_EVP_PKEY_get0_asn1 = 'EVP_PKEY_get0_asn1'; - fn_EVP_PKEY_asn1_new = 'EVP_PKEY_asn1_new'; - fn_EVP_PKEY_asn1_copy = 'EVP_PKEY_asn1_copy'; - fn_EVP_PKEY_asn1_free = 'EVP_PKEY_asn1_free'; - fn_EVP_PKEY_asn1_set_public = 'EVP_PKEY_asn1_set_public'; - fn_EVP_PKEY_asn1_set_private = 'EVP_PKEY_asn1_set_private'; - fn_EVP_PKEY_asn1_set_param = 'EVP_PKEY_asn1_set_param'; - fn_EVP_PKEY_asn1_set_free = 'EVP_PKEY_asn1_set_free'; - fn_EVP_PKEY_asn1_set_ctrl = 'EVP_PKEY_asn1_set_ctrl'; - fn_EVP_PKEY_meth_find = 'EVP_PKEY_meth_find'; - fn_EVP_PKEY_meth_new = 'EVP_PKEY_meth_new'; - fn_EVP_PKEY_meth_get0_info = 'EVP_PKEY_meth_get0_info'; - fn_EVP_PKEY_meth_copy = 'EVP_PKEY_meth_copy'; - fn_EVP_PKEY_meth_free = 'EVP_PKEY_meth_free'; - fn_EVP_PKEY_meth_add0 = 'EVP_PKEY_meth_add0'; - fn_EVP_PKEY_CTX_new = 'EVP_PKEY_CTX_new'; - fn_EVP_PKEY_CTX_new_id = 'EVP_PKEY_CTX_new_id'; - fn_EVP_PKEY_CTX_dup = 'EVP_PKEY_CTX_dup'; - fn_EVP_PKEY_CTX_free = 'EVP_PKEY_CTX_free'; - fn_EVP_PKEY_CTX_ctrl = 'EVP_PKEY_CTX_ctrl'; - fn_EVP_PKEY_CTX_ctrl_str = 'EVP_PKEY_CTX_ctrl_str'; - fn_EVP_PKEY_CTX_get_operation = 'EVP_PKEY_CTX_get_operation'; - fn_EVP_PKEY_CTX_set0_keygen_info = 'EVP_PKEY_CTX_set0_keygen_info'; - fn_EVP_PKEY_new_mac_key = 'EVP_PKEY_new_mac_key'; - fn_EVP_PKEY_CTX_set_data = 'EVP_PKEY_CTX_set_data'; - fn_EVP_PKEY_CTX_get_data = 'EVP_PKEY_CTX_get_data'; - fn_EVP_PKEY_CTX_get0_pkey = 'EVP_PKEY_CTX_get0_pkey'; - fn_EVP_PKEY_CTX_get0_peerkey = 'EVP_PKEY_CTX_get0_peerkey'; - fn_EVP_PKEY_CTX_set_app_data = 'EVP_PKEY_CTX_set_app_data'; - fn_EVP_PKEY_CTX_get_app_data = 'EVP_PKEY_CTX_get_app_data'; - fn_EVP_PKEY_sign_init = 'EVP_PKEY_sign_init'; - fn_EVP_PKEY_sign = 'EVP_PKEY_sign'; - fn_EVP_PKEY_verify_init = 'EVP_PKEY_verify_init'; - fn_EVP_PKEY_verify = 'EVP_PKEY_verify'; - fn_EVP_PKEY_verify_recover_init = 'EVP_PKEY_verify_recover_init'; - fn_EVP_PKEY_verify_recover = 'EVP_PKEY_verify_recover'; - fn_EVP_PKEY_encrypt_init = 'EVP_PKEY_encrypt_init'; - fn_EVP_PKEY_decrypt_init = 'EVP_PKEY_decrypt_init'; - fn_EVP_PKEY_derive_init = 'EVP_PKEY_derive_init'; - fn_EVP_PKEY_derive_set_peer = 'EVP_PKEY_derive_set_peer'; - fn_EVP_PKEY_derive = 'EVP_PKEY_derive'; - fn_EVP_PKEY_paramgen_init = 'EVP_PKEY_paramgen_init'; - fn_EVP_PKEY_paramgen = 'EVP_PKEY_paramgen'; - fn_EVP_PKEY_keygen_init = 'EVP_PKEY_keygen_init'; - fn_EVP_PKEY_keygen = 'EVP_PKEY_keygen'; - fn_EVP_PKEY_CTX_set_cb = 'EVP_PKEY_CTX_set_cb'; - fn_EVP_PKEY_CTX_get_cb = 'EVP_PKEY_CTX_get_cb'; - fn_EVP_PKEY_CTX_get_keygen_info = 'EVP_PKEY_CTX_get_keygen_info'; - fn_EVP_PKEY_meth_set_init = 'EVP_PKEY_meth_set_init'; - fn_EVP_PKEY_meth_set_copy = 'EVP_PKEY_meth_set_copy'; - fn_EVP_PKEY_meth_set_cleanup = 'EVP_PKEY_meth_set_cleanup'; - fn_EVP_PKEY_meth_set_paramgen = 'EVP_PKEY_meth_set_paramgen'; - fn_EVP_PKEY_meth_set_keygen = 'EVP_PKEY_meth_set_keygen'; - fn_EVP_PKEY_meth_set_sign = 'EVP_PKEY_meth_set_sign'; - fn_EVP_PKEY_meth_set_verify = 'EVP_PKEY_meth_set_verify'; - fn_EVP_PKEY_meth_set_verify_recover = 'EVP_PKEY_meth_set_verify_recover'; - fn_EVP_PKEY_meth_set_signctx = 'EVP_PKEY_meth_set_signctx'; - fn_EVP_PKEY_meth_set_verifyctx = 'EVP_PKEY_meth_set_verifyctx'; - fn_EVP_PKEY_meth_set_encrypt = 'EVP_PKEY_meth_set_encrypt'; - fn_EVP_PKEY_meth_set_decrypt = 'EVP_PKEY_meth_set_decrypt'; - fn_EVP_PKEY_meth_set_derive = 'EVP_PKEY_meth_set_derive'; - fn_EVP_PKEY_meth_set_ctrl = 'EVP_PKEY_meth_set_ctrl'; + fn_EVP_PKEY_asn1_get_count = 'EVP_PKEY_asn1_get_count'; {Do not localize} + fn_EVP_PKEY_asn1_get0 = 'EVP_PKEY_asn1_get0'; {Do not localize} + fn_EVP_PKEY_asn1_find = 'EVP_PKEY_asn1_find'; {Do not localize} + fn_EVP_PKEY_asn1_find_str = 'EVP_PKEY_asn1_find_str'; {Do not localize} + fn_EVP_PKEY_asn1_add0 = 'EVP_PKEY_asn1_add0'; {Do not localize} + fn_EVP_PKEY_asn1_add_alias = 'EVP_PKEY_asn1_add_alias'; {Do not localize} + fn_EVP_PKEY_asn1_get0_info = 'EVP_PKEY_asn1_get0_info'; {Do not localize} + fn_EVP_PKEY_get0_asn1 = 'EVP_PKEY_get0_asn1'; {Do not localize} + fn_EVP_PKEY_asn1_new = 'EVP_PKEY_asn1_new'; {Do not localize} + fn_EVP_PKEY_asn1_copy = 'EVP_PKEY_asn1_copy'; {Do not localize} + fn_EVP_PKEY_asn1_free = 'EVP_PKEY_asn1_free'; {Do not localize} + fn_EVP_PKEY_asn1_set_public = 'EVP_PKEY_asn1_set_public'; {Do not localize} + fn_EVP_PKEY_asn1_set_private = 'EVP_PKEY_asn1_set_private'; {Do not localize} + fn_EVP_PKEY_asn1_set_param = 'EVP_PKEY_asn1_set_param'; {Do not localize} + fn_EVP_PKEY_asn1_set_free = 'EVP_PKEY_asn1_set_free'; {Do not localize} + fn_EVP_PKEY_asn1_set_ctrl = 'EVP_PKEY_asn1_set_ctrl'; {Do not localize} + fn_EVP_PKEY_meth_find = 'EVP_PKEY_meth_find'; {Do not localize} + fn_EVP_PKEY_meth_new = 'EVP_PKEY_meth_new'; {Do not localize} + fn_EVP_PKEY_meth_get0_info = 'EVP_PKEY_meth_get0_info'; {Do not localize} + fn_EVP_PKEY_meth_copy = 'EVP_PKEY_meth_copy'; {Do not localize} + fn_EVP_PKEY_meth_free = 'EVP_PKEY_meth_free'; {Do not localize} + fn_EVP_PKEY_meth_add0 = 'EVP_PKEY_meth_add0'; {Do not localize} + fn_EVP_PKEY_CTX_new = 'EVP_PKEY_CTX_new'; {Do not localize} + fn_EVP_PKEY_CTX_new_id = 'EVP_PKEY_CTX_new_id'; {Do not localize} + fn_EVP_PKEY_CTX_dup = 'EVP_PKEY_CTX_dup'; {Do not localize} + fn_EVP_PKEY_CTX_free = 'EVP_PKEY_CTX_free'; {Do not localize} + fn_EVP_PKEY_CTX_ctrl = 'EVP_PKEY_CTX_ctrl'; {Do not localize} + fn_EVP_PKEY_CTX_ctrl_str = 'EVP_PKEY_CTX_ctrl_str'; {Do not localize} + fn_EVP_PKEY_CTX_get_operation = 'EVP_PKEY_CTX_get_operation'; {Do not localize} + fn_EVP_PKEY_CTX_set0_keygen_info = 'EVP_PKEY_CTX_set0_keygen_info'; {Do not localize} + fn_EVP_PKEY_new_mac_key = 'EVP_PKEY_new_mac_key'; {Do not localize} + fn_EVP_PKEY_CTX_set_data = 'EVP_PKEY_CTX_set_data'; {Do not localize} + fn_EVP_PKEY_CTX_get_data = 'EVP_PKEY_CTX_get_data'; {Do not localize} + fn_EVP_PKEY_CTX_get0_pkey = 'EVP_PKEY_CTX_get0_pkey'; {Do not localize} + fn_EVP_PKEY_CTX_get0_peerkey = 'EVP_PKEY_CTX_get0_peerkey'; {Do not localize} + fn_EVP_PKEY_CTX_set_app_data = 'EVP_PKEY_CTX_set_app_data'; {Do not localize} + fn_EVP_PKEY_CTX_get_app_data = 'EVP_PKEY_CTX_get_app_data'; {Do not localize} + fn_EVP_PKEY_sign_init = 'EVP_PKEY_sign_init'; {Do not localize} + fn_EVP_PKEY_sign = 'EVP_PKEY_sign'; {Do not localize} + fn_EVP_PKEY_verify_init = 'EVP_PKEY_verify_init'; {Do not localize} + fn_EVP_PKEY_verify = 'EVP_PKEY_verify'; {Do not localize} + fn_EVP_PKEY_verify_recover_init = 'EVP_PKEY_verify_recover_init'; {Do not localize} + fn_EVP_PKEY_verify_recover = 'EVP_PKEY_verify_recover'; {Do not localize} + fn_EVP_PKEY_encrypt_init = 'EVP_PKEY_encrypt_init'; {Do not localize} + fn_EVP_PKEY_decrypt_init = 'EVP_PKEY_decrypt_init'; {Do not localize} + fn_EVP_PKEY_derive_init = 'EVP_PKEY_derive_init'; {Do not localize} + fn_EVP_PKEY_derive_set_peer = 'EVP_PKEY_derive_set_peer'; {Do not localize} + fn_EVP_PKEY_derive = 'EVP_PKEY_derive'; {Do not localize} + fn_EVP_PKEY_paramgen_init = 'EVP_PKEY_paramgen_init'; {Do not localize} + fn_EVP_PKEY_paramgen = 'EVP_PKEY_paramgen'; {Do not localize} + fn_EVP_PKEY_keygen_init = 'EVP_PKEY_keygen_init'; {Do not localize} + fn_EVP_PKEY_keygen = 'EVP_PKEY_keygen'; {Do not localize} + fn_EVP_PKEY_CTX_set_cb = 'EVP_PKEY_CTX_set_cb'; {Do not localize} + fn_EVP_PKEY_CTX_get_cb = 'EVP_PKEY_CTX_get_cb'; {Do not localize} + fn_EVP_PKEY_CTX_get_keygen_info = 'EVP_PKEY_CTX_get_keygen_info'; {Do not localize} + fn_EVP_PKEY_meth_set_init = 'EVP_PKEY_meth_set_init'; {Do not localize} + fn_EVP_PKEY_meth_set_copy = 'EVP_PKEY_meth_set_copy'; {Do not localize} + fn_EVP_PKEY_meth_set_cleanup = 'EVP_PKEY_meth_set_cleanup'; {Do not localize} + fn_EVP_PKEY_meth_set_paramgen = 'EVP_PKEY_meth_set_paramgen'; {Do not localize} + fn_EVP_PKEY_meth_set_keygen = 'EVP_PKEY_meth_set_keygen'; {Do not localize} + fn_EVP_PKEY_meth_set_sign = 'EVP_PKEY_meth_set_sign'; {Do not localize} + fn_EVP_PKEY_meth_set_verify = 'EVP_PKEY_meth_set_verify'; {Do not localize} + fn_EVP_PKEY_meth_set_verify_recover = 'EVP_PKEY_meth_set_verify_recover'; {Do not localize} + fn_EVP_PKEY_meth_set_signctx = 'EVP_PKEY_meth_set_signctx'; {Do not localize} + fn_EVP_PKEY_meth_set_verifyctx = 'EVP_PKEY_meth_set_verifyctx'; {Do not localize} + fn_EVP_PKEY_meth_set_encrypt = 'EVP_PKEY_meth_set_encrypt'; {Do not localize} + fn_EVP_PKEY_meth_set_decrypt = 'EVP_PKEY_meth_set_decrypt'; {Do not localize} + fn_EVP_PKEY_meth_set_derive = 'EVP_PKEY_meth_set_derive'; {Do not localize} + fn_EVP_PKEY_meth_set_ctrl = 'EVP_PKEY_meth_set_ctrl'; {Do not localize} {$IFDEF OPENSSL_FIPS} {$IFNDEF OPENSSL_NO_ENGINE} @@ -21455,6 +20216,7 @@ function GetCryptLibHandle : TIdLibHandle; fn_X509_STORE_CTX_set_error = 'X509_STORE_CTX_set_error'; {Do not localize} fn_X509_STORE_CTX_get_error_depth = 'X509_STORE_CTX_get_error_depth'; {Do not localize} fn_X509_STORE_CTX_get_current_cert = 'X509_STORE_CTX_get_current_cert'; {Do not localize} + fn_X509_LOOKUP_get_store = 'X509_LOOKUP_get_store'; {Do not localize{ {CH fn_X509_STORE_CTX_get_chain = 'X509_STORE_CTX_get_chain'; } {Do not localize} {CH fn_X509_STORE_CTX_set_cert = 'X509_STORE_CTX_set_cert'; } {Do not localize} {CH fn_X509_STORE_CTX_set_chain = 'X509_STORE_CTX_set_chain'; } {Do not localize} @@ -21576,8 +20338,13 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_PKCS7_get_signed_attribute = 'PKCS7_get_signed_attribute'; } {Do not localize} {CH fn_PKCS7_set_signed_attributes = 'PKCS7_set_signed_attributes'; } {Do not localize} {CH fn_PKCS7_set_attributes = 'PKCS7_set_attributes'; } {Do not localize} - {CH fn_X509_verify_cert_error_string = 'X509_verify_cert_error_string'; } {Do not localize} + fn_X509_verify_cert_error_string = 'X509_verify_cert_error_string'; {Do not localize} fn_X509_verify = 'X509_verify'; {Do not localize} + fn_X509_get_version = 'X509_get_version'; {Do not localize} + fn_X509_get_signature_type = 'X509_get_signature_type'; {Do not localize} + fn_X509_getm_notBefore = 'X509_getm_notBefore'; {Do not localize} + fn_X509_getm_notAfter = 'X509_getm_notAfter'; {Do not localize{ + {CH fn_X509_REQ_verify = 'X509_REQ_verify'; } {Do not localize} {CH fn_X509_CRL_verify = 'X509_CRL_verify'; } {Do not localize} {CH fn_NETSCAPE_SPKI_verify = 'NETSCAPE_SPKI_verify'; } {Do not localize} @@ -21586,6 +20353,7 @@ function GetCryptLibHandle : TIdLibHandle; fn_X509V3_set_ctx = 'X509V3_set_ctx'; {Do not localize} fn_X509V3_EXT_conf_nid = 'X509V3_EXT_conf_nid'; {Do not localize} fn_X509_REQ_add_extensions = 'X509_REQ_add_extensions'; {Do not localize} + fn_X509_REQ_get_version = 'X509_REQ_get_version'; {Do not localize} {CH fn_X509_CRL_sign = 'X509_CRL_sign'; } {Do not localize} {CH fn_NETSCAPE_SPKI_sign = 'NETSCAPE_SPKI_sign'; } {Do not localize} fn_X509_digest = 'X509_digest'; {Do not localize} @@ -21620,6 +20388,11 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_i2d_PKCS8_fp = 'i2d_PKCS8_fp'; } {Do not localize} {CH fn_d2i_PKCS8_PRIV_KEY_INFO_fp = 'd2i_PKCS8_PRIV_KEY_INFO_fp'; } {Do not localize} {CH fn_i2d_PKCS8_PRIV_KEY_INFO_fp = 'i2d_PKCS8_PRIV_KEY_INFO_fp'; } {Do not localize} + fn_X509_CRL_get_version = 'X509_CRL_get_version'; {Do not localize} + fn_X509_CRL_get_lastUpdate = 'X509_CRL_get_lastUpdate'; {Do not localize} + fn_X509_CRL_get_nextUpdate = 'X509_CRL_get_nextUpdate'; {Do not localize} + fn_X509_CRL_get_issuer = 'X509_CRL_get_issuer'; {Do not localize} + fn_X509_CRL_get_REVOKED = 'X509_CRL_get_REVOKED'; {Do not localize} {$IFNDEF OPENSSL_NO_BIO} fn_d2i_X509_bio = 'd2i_X509_bio'; {Do not localize} fn_i2d_X509_bio = 'i2d_X509_bio'; {Do not localize} @@ -21735,6 +20508,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_X509_REVOKED_free = 'X509_REVOKED_free'; } {Do not localize} {CH fn_i2d_X509_REVOKED = 'i2d_X509_REVOKED'; } {Do not localize} {CH fn_d2i_X509_REVOKED = 'd2i_X509_REVOKED'; } {Do not localize} + _X509_CRL_get_versio = 'X509_CRL_get_versio'; {Do not localize} {CH fn_X509_CRL_INFO_new = 'X509_CRL_INFO_new'; } {Do not localize} {CH fn_X509_CRL_INFO_free = 'X509_CRL_INFO_free'; } {Do not localize} {CH fn_i2d_X509_CRL_INFO = 'i2d_X509_CRL_INFO'; } {Do not localize} @@ -21769,6 +20543,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_ASN1_digest = 'ASN1_digest'; } {Do not localize} {CH fn_ASN1_sign = 'ASN1_sign'; } {Do not localize} fn_X509_set_version = 'X509_set_version'; {Do not localize} + fn_X509_get0_signature = 'X509_get0_signature'; {Do not localize} {CH fn_X509_set_serialNumber = 'X509_set_serialNumber'; } {Do not localize} fn_X509_get_serialNumber = 'X509_get_serialNumber'; {Do not localize} fn_X509_set_issuer_name = 'X509_set_issuer_name'; {Do not localize} @@ -21793,6 +20568,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_X509_subject_name_hash = 'X509_subject_name_hash'; } {Do not localize} fn_X509_NAME_cmp = 'X509_NAME_cmp'; {Do not localize} fn_X509_NAME_hash = 'X509_NAME_hash'; {Do not localize} + fn_X509_NAME_hash_ex = 'X509_NAME_hash_ex'; {Do not localize} {CH fn_X509_CRL_cmp = 'X509_CRL_cmp'; } {Do not localize} {$IFNDEF OPENSSL_NO_FP_API} {CH fn_X509_print_ex_fp = 'X509_print_ex_fp'; } {Do not localize} @@ -21811,6 +20587,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_X509_CRL_print = 'X509_CRL_print'; } {Do not localize} {CH fn_X509_REQ_print = 'X509_REQ_print'; } {Do not localize} {CH fn_X509_REQ_print_ex = 'X509_REQ_print_ex'; } {Do not localize} + fn_X509_REQ_get_subject_name = 'X509_REQ_get_subject_name'; {Do not localize} {$ENDIF} {CH fn_X509_NAME_entry_count = 'X509_NAME_entry_count'; } {Do not localize} {CH fn_X509_NAME_get_text_by_NID = 'X509_NAME_get_text_by_NID'; } {Do not localize} @@ -22020,12 +20797,13 @@ function GetCryptLibHandle : TIdLibHandle; fn_SSL_CTX_callback_ctrl = 'SSL_CTX_callback_ctrl'; {Do not localize} {CH fn_SSL_CTX_set_timeout = 'SSL_CTX_set_timeout'; } {Do not localize} {CH fn_SSL_CTX_get_timeout = 'SSL_CTX_get_timeout'; } {Do not localize} - {CH fn_SSL_CTX_get_cert_store = 'SSL_CTX_get_cert_store'; } {Do not localize} + fn_SSL_CTX_get_cert_store = 'SSL_CTX_get_cert_store'; {Do not localize} {CH fn_SSL_CTX_set_cert_store = 'SSL_CTX_set_cert_store'; } {Do not localize} {CH fn_SSL_want = 'SSL_want'; } {Do not localize} {CH fn_SSL_clear = 'SSL_clear'; } {Do not localize} {CH fn_SSL_CTX_flush_sessions = 'SSL_CTX_flush_sessions'; } {Do not localize} fn_SSL_get_current_cipher = 'SSL_get_current_cipher'; {Do not localize} + fn_SSL_client_version = 'SSL_client_version'; {Do not localize} fn_SSL_CIPHER_get_bits = 'SSL_CIPHER_get_bits'; {Do not localize} fn_SSL_CIPHER_get_version = 'SSL_CIPHER_get_version'; {Do not localize} fn_SSL_CIPHER_get_name = 'SSL_CIPHER_get_name'; {Do not localize} @@ -22071,6 +20849,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_SSL_CTX_set_client_cert_engine = 'SSL_CTX_set_client_cert_engine'; } {Do not localize} {$endif} {CH fn_SSL_CTX_use_certificate_chain_file = 'SSL_CTX_use_certificate_chain_file'; } {Do not localize} + fn_SSL_CTX_set_info_callback = 'SSL_CTX_set_info_callback'; {Do not localize} fn_SSL_load_client_CA_file = 'SSL_load_client_CA_file'; {Do not localize} {CH fn_SSL_add_file_cert_subjects_to_stack = 'SSL_add_file_cert_subjects_to_stack'; } {Do not localize} {CH fn_ERR_load_SSL_strings = 'ERR_load_SSL_strings'; } {Do not localize} @@ -22151,6 +20930,9 @@ function GetCryptLibHandle : TIdLibHandle; fn_DTLSv1_method = 'DTLSv1_method'; {Do not localize} fn_DTLSv1_server_method = 'DTLSv1_server_method'; {Do not localize} fn_DTLSv1_client_method = 'DTLSv1_client_method'; {Do not localize} + fn_TLS_method = 'TLS_method'; {Do not localize} + fn_TLS_client_method = 'TLS_client_method'; {Do not localize} + fn_TLS_server_method = 'TLS_server_method'; {Do not localize} {CH fn_SSL_get_ciphers = 'SSL_get_ciphers'; } {Do not localize} {CH fn_SSL_do_handshake = 'SSL_do_handshake'; } {Do not localize} {CH fn_SSL_renegotiate = 'SSL_renegotiate'; } {Do not localize} @@ -22182,7 +20964,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_SSL_get_quiet_shutdown = 'SSL_get_quiet_shutdown'; } {Do not localize} fn_SSL_set_shutdown = 'SSL_set_shutdown'; {Do not localize} {CH fn_SSL_get_shutdown = 'SSL_get_shutdown'; } {Do not localize} - {CH fn_SSL_version = 'SSL_version'; } {Do not localize} + fn_SSL_version = 'SSL_version'; {Do not localize} fn_SSL_CTX_set_default_verify_paths = 'SSL_CTX_set_default_verify_paths'; {Do not localize} fn_SSL_CTX_load_verify_locations = 'SSL_CTX_load_verify_locations'; {Do not localize} fn_SSL_get_session = 'SSL_get_session'; {Do not localize} @@ -22200,10 +20982,10 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_SSL_SESSION_set_ex_data = 'SSL_SESSION_set_ex_data'; } {Do not localize} {CH fn_SSL_SESSION_get_ex_data = 'SSL_SESSION_get_ex_data'; } {Do not localize} {CH fn_SSL_SESSION_get_ex_new_index = 'SSL_SESSION_get_ex_new_index'; } {Do not localize} - {CH fn_SSL_CTX_set_ex_data = 'SSL_CTX_set_ex_data'; } {Do not localize} - {CH fn_SSL_CTX_get_ex_data = 'SSL_CTX_get_ex_data'; } {Do not localize} + fn_SSL_CTX_set_ex_data = 'SSL_CTX_set_ex_data'; {Do not localize} + fn_SSL_CTX_get_ex_data = 'SSL_CTX_get_ex_data'; {Do not localize} {CH fn_SSL_CTX_get_ex_new_index = 'SSL_CTX_get_ex_new_index'; } {Do not localize} - {CH fn_SSL_get_ex_data_X509_STORE_CTX_idx = 'SSL_get_ex_data_X509_STORE_CTX_idx'; } {Do not localize} + fn_SSL_get_ex_data_X509_STORE_CTX_idx = 'SSL_get_ex_data_X509_STORE_CTX_idx'; {Do not localize} {$IFNDEF OPENSSL_NO_RSA} {CH fn_SSL_CTX_set_tmp_rsa_callback = 'SSL_CTX_set_tmp_rsa_callback'; } {Do not localize} {CH fn_SSL_set_tmp_rsa_callback = 'SSL_set_tmp_rsa_callback'; } {Do not localize} @@ -22267,6 +21049,9 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_ERR_load_RAND_strings = 'ERR_load_RAND_strings'; } {Do not localize} //experimental fn_ERR_put_error = 'ERR_put_error'; {Do not localize} + fn_ERR_new = 'ERR_new'; {Do not localize} + fn_ERR_set_error = 'ERR_set_error'; {Do not localize} + fn_ERR_set_debug = 'ERR_set_debug'; {Do not localize} fn_ERR_get_error = 'ERR_get_error'; {Do not localize} {CH fn_ERR_get_error_line = 'ERR_get_error_line'; } {Do not localize} {CH fn_ERR_get_error_line_data = 'ERR_get_error_line_data'; } {Do not localize} @@ -22697,6 +21482,7 @@ function LoadSSLCryptoLibrary: TIdLibHandle; {$IFDEF WINDOWS} var Err: DWORD; + i : Integer; {$ELSE} {$IFDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // TODO: use {$IF DEFINED(UNIX)} instead? var @@ -22709,10 +21495,13 @@ function LoadSSLCryptoLibrary: TIdLibHandle; {$IFDEF WINDOWS} //On Windows, you should use SafeLoadLibrary because //the LoadLibrary API call messes with the FPU control word. - Result := SafeLoadLibrary(GIdOpenSSLPath + SSLCLIB_DLL_name); - if Result <> IdNilHandle then begin - Exit; + for i := 0 to SSLCLIBS_LAST do begin + Result := SafeLoadLibrary(GIdOpenSSLPath + SSLCLIBS[i]); + if Result <> IdNilHandle then begin + Exit; + end; end; + {$ELSE} {$IFDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // TODO: use {$IF DEFINED(UNIX)} instead? // Workaround that is required under Linux (changed RTLD_GLOBAL with RTLD_LAZY Note: also work with LoadLibrary()) @@ -22760,6 +21549,7 @@ function LoadSSLLibrary: TIdLibHandle; {$IFDEF WINDOWS} var Err: DWORD; + i : Integer; {$ELSE} {$IFDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // TODO: use {$IF DEFINED(UNIX)} instead? var @@ -22772,16 +21562,11 @@ function LoadSSLLibrary: TIdLibHandle; {$IFDEF WINDOWS} //On Windows, you should use SafeLoadLibrary because //the LoadLibrary API call messes with the FPU control word. - Result := SafeLoadLibrary(GIdOpenSSLPath + SSL_DLL_name); - if Result <> IdNilHandle then begin - Exit; - end; - // TODO: exit here if the error is anything other than the file not being found... - //This is a workaround for mingw32-compiled SSL .DLL which - //might be named 'libssl32.dll'. - Result := SafeLoadLibrary(GIdOpenSSLPath + SSL_DLL_name_alt); - if Result <> IdNilHandle then begin - Exit; + for i := 0 to SSLLIBS_LAST do begin + Result := SafeLoadLibrary(GIdOpenSSLPath + SSLLIBS[i]); + if Result <> IdNilHandle then begin + Exit; + end; end; {$ELSE} {$IFDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // TODO: use {$IF DEFINED(UNIX)} instead? @@ -22819,7 +21604,7 @@ function LoadSSLLibrary: TIdLibHandle; {$ENDIF} {$IFDEF WINDOWS} Err := GetLastError; - FFailedLoadList.Add(IndyFormat(RSOSSFailedToLoad_WithErrCode, [GIdOpenSSLPath + SSL_DLL_name, Err])); + FFailedLoadList.Add(IndyFormat(RSOSSFailedToLoad_WithErrCode, [GIdOpenSSLPath + SSL_DLL_1_1_name, Err])); {$ELSE} // TODO: add error code to message... FFailedLoadList.Add(IndyFormat(RSOSSFailedToLoad, [GIdOpenSSLPath + SSL_DLL_name {$IFDEF UNIX}+ LIBEXT{$ENDIF}])); @@ -22860,12 +21645,17 @@ procedure Indy_SSL_copy_session_id(sslTo: PSSL; const sslFrom: PSSL) cdecl; // TODO: what to do here? end; +{$ENDIF} + procedure Indy_CRYPTO_lock(mode, _type : TIdC_INT; const _file : PIdAnsiChar; line : TIdC_INT) cdecl; begin // TODO: what to do here? end; -{$ENDIF} +function Indy_CRYPTO_num_locks : TIdC_INT cdecl; +begin + result := 1; +end; {$IFDEF STATICLOAD_OPENSSL} function Load: Boolean; @@ -22907,12 +21697,10 @@ function Load: Boolean; // RLebeau 6/8/2021: verify the type of library is supported... - @_SSLeay_version := LoadOldCLib(fn_SSLeay_version, 'OpenSSL_version'); {Do not localize} //Used by Indy + @_SSLeay_version := LoadOldCLib(fn_SSLeay_version, 'OpenSSL_version'); {Do not localize} //Used by Indy @SSLeay := LoadOldCLib(fn_SSLeay, 'OpenSSL_version_num'); {Do not localize} //Used by Indy - if Assigned(_SSLeay_version) then begin - LVersionStr := String(_SSLeay_version(SSLEAY_VERSION)); - end; + LVersionStr := String(_SSLeay_version(SSLEAY_VERSION)); if TextStartsWith(LVersionStr, 'LibreSSL') then {do not localize} begin @@ -22938,10 +21726,11 @@ function Load: Boolean; LMajor := (LVersion and $F0000000) shr 28; LMinor := (LVersion and $0FF00000) shr 20; if (LMajor = 0) and (LMinor = 0) then begin // < 0.9.3 - LMajor := (LVersion and $F000) shr 12; - LMinor := (LVersion and $0F00) shr 8; + LMajor := ((LVersion and $F000) shr 12); +// LMinor := (LVersion and $0F00) shr 8; +SSLeay end; - if (LMajor > 1) or ((LMajor = 1) and (LMinor > 0)) then // OpenSSL 1.1.0 or higher + if (LMajor > 3) then // OpenSSL 3.x or higher begin FFailedLoadList.Add(IndyFormat(RSOSSUnsupportedVersion, [LVersion])); Exit; @@ -22966,15 +21755,22 @@ function Load: Boolean; @SSL_CTX_use_certificate := LoadFunction(fn_SSL_CTX_use_certificate); //Used by Indy @SSL_CTX_use_certificate_file := LoadFunction(fn_SSL_CTX_use_certificate_file); //Used by Indy @SSL_CTX_use_certificate_chain_file := LoadFunction(fn_SSL_CTX_use_certificate_chain_file,False); //Used by Indy - @SSL_load_error_strings := LoadFunction(fn_SSL_load_error_strings); //Used by Indy + + @SSL_load_error_strings := LoadFunction(fn_SSL_load_error_strings,False); //Used by Indy + @OPENSSL_init_ssl := LoadFunction(fn_OPENSSL_init_ssl,(@SSL_load_error_strings=nil)); //Used by Indy @SSL_state_string_long := LoadFunction(fn_SSL_state_string_long); //Used by Indy @SSL_alert_desc_string_long := LoadFunction(fn_SSL_alert_desc_string_long); //Used by Indy @SSL_alert_type_string_long := LoadFunction(fn_SSL_alert_type_string_long); //Used by Indy - @SSL_get_peer_certificate := LoadFunction(fn_SSL_get_peer_certificate); //Used by Indy + @SSL_get_peer_certificate := LoadFunction(fn_SSL_get_peer_certificate,False); //Used by Indy + if @SSL_get_peer_certificate = nil then begin + @SSL_get_peer_certificate := LoadFunction('SSL_get1_peer_certificate'); //Used by Indy {Do not localize} + end; @SSL_CTX_set_verify := LoadFunction(fn_SSL_CTX_set_verify); //Used by Indy @SSL_CTX_set_verify_depth := LoadFunction(fn_SSL_CTX_set_verify_depth); //Used by Indy @SSL_CTX_get_verify_depth := LoadFunction(fn_SSL_CTX_get_verify_depth); + @SSL_CTX_get_cert_store := LoadFunction(fn_SSL_CTX_get_cert_store); + @SSL_get_ex_data_X509_STORE_CTX_idx := LoadFunction(fn_SSL_get_ex_data_X509_STORE_CTX_idx, True); @SSL_CTX_set_default_passwd_cb := LoadFunction(fn_SSL_CTX_set_default_passwd_cb); //Used by Indy @SSL_CTX_set_default_passwd_cb_userdata:= LoadFunction(fn_SSL_CTX_set_default_passwd_cb_userdata); //Used by Indy @SSL_CTX_check_private_key := LoadFunction(fn_SSL_CTX_check_private_key); //Used by Indy @@ -23002,31 +21798,6 @@ function Load: Boolean; {$ENDIF} @SSL_get_error := LoadFunction(fn_SSL_get_error); //Used by Indy - // RLebeau 9/7/2015 - making all of the "..._method()" functions optional. If - // a user wants to disable a given SSL/TLS version at runtime, there is no need - // for it to be marked as "critical" at load time, in case it is not available - // in their version of OpenSSL. For instance, some vendors disable SSLv2 so - // it is not even exported. If a user wants to use a given version and it is - // not available in their version of OpenSSL, TIdSSLContext.SetSSLMethod() will - // now raise a runtime error... - @SSLv2_method := LoadFunction(fn_SSLv2_method,False); //Used by Indy - @SSLv2_server_method := LoadFunction(fn_SSLv2_server_method,False); //Used by Indy - @SSLv2_client_method := LoadFunction(fn_SSLv2_client_method,False); //Used by Indy - @SSLv3_method := LoadFunction(fn_SSLv3_method,False); //Used by Indy - @SSLv3_server_method := LoadFunction(fn_SSLv3_server_method,False); //Used by Indy - @SSLv3_client_method := LoadFunction(fn_SSLv3_client_method,False); //Used by Indy - @SSLv23_method := LoadFunction(fn_SSLv23_method,False); //Used by Indy - @SSLv23_server_method := LoadFunction(fn_SSLv23_server_method,False); //Used by Indy - @SSLv23_client_method := LoadFunction(fn_SSLv23_client_method,False); //Used by Indy - @TLSv1_method := LoadFunction(fn_TLSv1_method,False); //Used by Indy - @TLSv1_server_method := LoadFunction(fn_TLSv1_server_method,False); //Used by Indy - @TLSv1_client_method := LoadFunction(fn_TLSv1_client_method,False); //Used by Indy - @TLSv1_1_method := LoadFunction(fn_TLSv1_1_method,False); //Used by Indy - @TLSv1_1_server_method := LoadFunction(fn_TLSv1_1_server_method,False); //Used by Indy - @TLSv1_1_client_method := LoadFunction(fn_TLSv1_1_client_method,False); //Used by Indy - @TLSv1_2_method := LoadFunction(fn_TLSv1_2_method,False); //Used by Indy - @TLSv1_2_server_method := LoadFunction(fn_TLSv1_2_server_method,False); //Used by Indy - @TLSv1_2_client_method := LoadFunction(fn_TLSv1_2_client_method,False); //Used by Indy @DTLSv1_method := LoadFunction(fn_DTLSv1_method, False); @DTLSv1_server_method := LoadFunction(fn_DTLSv1_server_method, False); @DTLSv1_client_method := LoadFunction(fn_DTLSv1_client_method, False); @@ -23038,7 +21809,8 @@ function Load: Boolean; @SSL_set_shutdown := LoadFunction(fn_SSL_set_shutdown); //Used by Indy @SSL_CTX_load_verify_locations := LoadFunction(fn_SSL_CTX_load_verify_locations); //Used by Indy @SSL_get_session := LoadFunction(fn_SSL_get_session); //Used by Indy - @SSLeay_add_ssl_algorithms := LoadFunction(fn_SSLeay_add_ssl_algorithms); //Used by Indy + @SSLeay_add_ssl_algorithms := LoadFunction(fn_SSLeay_add_ssl_algorithms,False); //Used by Indy + @SSL_SESSION_get_id := LoadFunction(fn_SSL_SESSION_get_id); //Used by Indy @SSL_copy_session_id := LoadFunction(fn_SSL_copy_session_id{$IFDEF ANDROID}, False{$ENDIF}); //Used by Indy {$IFDEF ANDROID} @@ -23050,14 +21822,18 @@ function Load: Boolean; @d2i_X509_NAME := LoadFunctionCLib(fn_d2i_X509_NAME); @i2d_X509_NAME := LoadFunctionCLib(fn_i2d_X509_NAME); @X509_NAME_oneline := LoadFunctionCLib(fn_X509_NAME_oneline);//Used by Indy + @X509_get_version := LoadFunctionCLib(fn_X509_get_version); + @X509_get_signature_type := LoadFunctionCLib(fn_X509_get_signature_type); @X509_NAME_cmp := LoadFunctionCLib(fn_X509_NAME_cmp); //Used by Indy - @X509_NAME_hash := LoadFunctionCLib(fn_X509_NAME_hash); //Used by Indy + @X509_NAME_hash := LoadFunctionCLib(fn_X509_NAME_hash,False); //Used by Indy + @X509_NAME_hash_ex := LoadFunctionCLib(fn_X509_NAME_hash_ex,@X509_NAME_hash = nil); //Used by Indy @X509_set_issuer_name := LoadFunctionCLib(fn_X509_set_issuer_name,False); @X509_get_issuer_name := LoadFunctionCLib(fn_X509_get_issuer_name); //Used by Indy @X509_set_subject_name := LoadFunctionCLib(fn_X509_set_subject_name,False); @X509_get_subject_name := LoadFunctionCLib(fn_X509_get_subject_name); //Used by Indy @X509_digest := LoadFunctionCLib(fn_X509_digest);//Used by Indy @X509_LOOKUP_ctrl := LoadFunctionCLib( fn_X509_LOOKUP_ctrl, False ); + @X509_LOOKUP_get_store := LoadFunctionCLib(fn_X509_LOOKUP_get_store); //Used by Indy @X509_STORE_add_cert := LoadFunctionCLib(fn_X509_STORE_add_cert); //Used by Indy @X509_STORE_add_crl := LoadFunctionCLib(fn_X509_STORE_add_crl); //Used by Indy @X509_STORE_CTX_get_ex_data := LoadFunctionCLib(fn_X509_STORE_CTX_get_ex_data,False); @@ -23070,6 +21846,7 @@ function Load: Boolean; @X509_sign := LoadFunctionCLib(fn_X509_sign,False); @X509_REQ_sign := LoadFunctionCLib(fn_X509_REQ_sign,False); @X509_REQ_add_extensions := LoadFunctionCLib(fn_X509_REQ_add_extensions,False); + @_X509_REQ_get_version := LoadFunctionCLib(fn_X509_REQ_get_version); @X509V3_EXT_conf_nid := LoadFunctionCLib(fn_X509V3_EXT_conf_nid,False); @X509_EXTENSION_create_by_NID := LoadFunctionCLib(fn_X509_EXTENSION_create_by_NID,False); @X509V3_set_ctx := LoadFunctionCLib(fn_X509V3_set_ctx); @@ -23079,6 +21856,10 @@ function Load: Boolean; //X509_print @X509_print := LoadFunctionCLib(fn_X509_print, False ); //Used by Indy {$ENDIF} + @X509_verify := nil; + @X509_getm_notBefore := nil; + @X509_getm_notAfter := nil; + @_RAND_cleanup := LoadFunctionCLib(fn_RAND_cleanup, False); //Used by Indy @_RAND_bytes := LoadFunctionCLib(fn_RAND_bytes); //Used by Indy @_RAND_pseudo_bytes := LoadFunctionCLib(fn_RAND_pseudo_bytes); //Used by Indy @@ -23101,40 +21882,54 @@ function Load: Boolean; // More SSL functions @SSL_set_ex_data := LoadFunction(fn_SSL_set_ex_data,False); @SSL_get_ex_data := LoadFunction(fn_SSL_get_ex_data,False); + @SSL_CTX_get_ex_data := LoadFunction(fn_SSL_CTX_get_ex_data); //Used by Indy + @SSL_CTX_set_ex_data := LoadFunction(fn_SSL_CTX_set_ex_data); //Used by Indy + @SSL_CTX_set_info_callback := LoadFunction(fn_SSL_CTX_set_info_callback); @SSL_load_client_CA_file := LoadFunction(fn_SSL_load_client_CA_file); //Used by Indy @SSL_CTX_set_client_CA_list := LoadFunction(fn_SSL_CTX_set_client_CA_list); //Used by Indy @SSL_CTX_set_default_verify_paths := LoadFunction(fn_SSL_CTX_set_default_verify_paths); //Used by Indy @SSL_CTX_set_session_id_context := LoadFunction(fn_SSL_CTX_set_session_id_context); //Used by Indy @SSL_CIPHER_description := LoadFunction(fn_SSL_CIPHER_description); //Used by Indy @SSL_get_current_cipher := LoadFunction(fn_SSL_get_current_cipher); //Used by Indy + @SSL_version := LoadFunction(fn_SSL_version); + @SSL_client_version := LoadFunction(fn_SSL_client_version); @SSL_CIPHER_get_name := LoadFunction(fn_SSL_CIPHER_get_name); //Used by Indy @SSL_CIPHER_get_version := LoadFunction(fn_SSL_CIPHER_get_version); //Used by Indy - @SSL_CIPHER_get_bits := LoadFunction(fn_SSL_CIPHER_get_bits); //Used by Indy + @SSL_CIPHER_get_bits := LoadFunction(fn_SSL_CIPHER_get_bits); //Used by Indy + @TLS_method := LoadFunction(fn_TLS_method); + @TLS_client_method := LoadFunction(fn_TLS_client_method); //Used by Indy + @TLS_server_method := LoadFunction(fn_TLS_server_method); //Used by Indy // Thread safe - @_CRYPTO_lock := LoadFunctionCLib(fn_CRYPTO_lock{$IFDEF ANDROID}, False{$ENDIF}); //Used by Indy + @_CRYPTO_lock := LoadFunctionCLib(fn_CRYPTO_lock, False); //Used by Indy {$IFDEF ANDROID} if not Assigned(_CRYPTO_lock) then begin @_CRYPTO_lock := @Indy_CRYPTO_lock; end; {$ENDIF} - @_CRYPTO_num_locks := LoadFunctionCLib(fn_CRYPTO_num_locks); //Used by Indy - @CRYPTO_set_locking_callback := LoadFunctionCLib(fn_CRYPTO_set_locking_callback); //Used by Indy + @_CRYPTO_num_locks := LoadFunctionCLib(fn_CRYPTO_num_locks, false); //Used by Indy + if not Assigned(_CRYPTO_num_locks) then begin + @_CRYPTO_num_locks := @Indy_CRYPTO_num_locks; + end; + @CRYPTO_set_locking_callback := LoadFunctionCLib(fn_CRYPTO_set_locking_callback,false); //Used by Indy {$IFNDEF WIN32_OR_WIN64} { In OpenSSL 1.0.0, you should use these callback functions instead of the depreciated set_id_callback. They are not in the older 0.9.8 OpenSSL series so we have to handle both cases. } - @CRYPTO_THREADID_set_callback := LoadFunctionCLib(fn_CRYPTO_THREADID_set_callback,False); //Used by Indy - @CRYPTO_THREADID_set_numeric := LoadFunctionClib(fn_CRYPTO_THREADID_set_numeric,False); //Used by Indy - @CRYPTO_THREADID_set_pointer := LoadFunctionClib(fn_CRYPTO_THREADID_set_pointer,False); + @CRYPTO_THREADID_set_callback := LoadFunctionCLib(fn_CRYPTO_THREADID_set_callback, False); //Used by Indy + @CRYPTO_THREADID_set_numeric := LoadFunctionClib(fn_CRYPTO_THREADID_set_numeric, False); //Used by Indy + @CRYPTO_THREADID_set_pointer := LoadFunctionClib(fn_CRYPTO_THREADID_set_pointer, False); if not Assigned(CRYPTO_THREADID_set_callback) then begin //Used by Indy - @CRYPTO_set_id_callback := LoadFunctionCLib(fn_CRYPTO_set_id_callback); //Used by Indy + @CRYPTO_set_id_callback := LoadFunctionCLib(fn_CRYPTO_set_id_callback,false); //Used by Indy end else begin @CRYPTO_set_id_callback := nil; end; {$ENDIF} - @ERR_put_error := LoadFunctionCLib(fn_ERR_put_error,False); + @_ERR_put_error := LoadFunctionCLib(fn_ERR_put_error,False); + @ERR_new := LoadFunctionCLib(fn_ERR_new,False); + @ERR_set_debug := LoadFunctionCLib(fn_ERR_set_debug,False); + @ERR_set_error := LoadFunctionCLib(fn_ERR_set_error,False); @ERR_get_error := LoadFunctionCLib(fn_ERR_get_error,False); @ERR_peek_error := LoadFunctionCLib(fn_ERR_peek_error,False); @ERR_peek_last_error := LoadFunctionCLib(fn_ERR_peek_last_error); //Used by Indy @@ -23146,7 +21941,7 @@ function Load: Boolean; @ERR_reason_error_string := LoadFunctionCLib( fn_ERR_reason_error_string, False ); @ERR_load_ERR_strings := LoadFunctionCLib( fn_ERR_load_ERR_strings,False); @ERR_load_crypto_strings := LoadFunctionCLib(fn_ERR_load_crypto_strings,False); - @ERR_free_strings := LoadFunctionCLib(fn_ERR_free_strings); //Used by Indy + @ERR_free_strings := LoadFunctionCLib(fn_ERR_free_strings,False); //Used by Indy @ERR_remove_thread_state := LoadFunctionCLib(fn_ERR_remove_thread_state,False); //Used by Indy if not Assigned(ERR_remove_thread_state) then begin @ERR_remove_state := LoadFunctionCLib(fn_ERR_remove_state); //Used by Indy @@ -23156,7 +21951,7 @@ function Load: Boolean; @CRYPTO_cleanup_all_ex_data := LoadFunctionCLib(fn_CRYPTO_cleanup_all_ex_data,False); //Used by Indy @SSL_COMP_get_compression_methods := LoadFunction(fn_SSL_COMP_get_compression_methods,False); @SSL_COMP_free_compression_methods := LoadFunction(fn_SSL_COMP_free_compression_methods,False); - @sk_pop_free := LoadFunctionCLib(fn_sk_pop_free,False); + @sk_pop_free := LoadFunctionCLib(fn_sk_pop_free); //RSA @RSA_free := LoadFunctionCLib(fn_RSA_free,False); @RSA_generate_key_ex := LoadFunctionCLib(fn_RSA_generate_key_ex, False); @@ -23211,6 +22006,11 @@ function Load: Boolean; @d2i_X509_REQ := LoadFunctionCLib(fn_d2i_X509_REQ, False ); @i2d_X509_CRL := LoadFunctionCLib(fn_i2d_X509_CRL, False ); @d2i_X509_CRL := LoadFunctionCLib(fn_d2i_X509_CRL,False ); + @_X509_CRL_get_version := LoadFunctionCLib(fn_X509_CRL_get_version); + @_X509_CRL_get_lastUpdate := LoadFunctionCLib(fn_X509_CRL_get_lastUpdate); + @_X509_CRL_get_nextUpdate := LoadFunctionCLib(fn_X509_CRL_get_nextUpdate); + @_X509_CRL_get_issuer := LoadFunctionCLib(fn_X509_CRL_get_issuer); + @_X509_CRL_get_REVOKED := LoadFunctionCLib(fn_X509_CRL_get_REVOKED); @i2d_RSAPrivateKey := LoadFunctionCLib(fn_i2d_RSAPrivateKey,False ); @d2i_RSAPrivateKey := LoadFunctionCLib(fn_d2i_RSAPrivateKey, False ); @i2d_RSAPublicKey := LoadFunctionCLib(fn_i2d_RSAPublicKey,False); @@ -23242,15 +22042,20 @@ function Load: Boolean; @X509_NAME_free := LoadFunctionCLib(fn_X509_NAME_free); //Used by Indy @X509_NAME_add_entry_by_txt := LoadFunctionCLib(fn_X509_NAME_add_entry_by_txt); @X509_INFO_free := LoadFunctionCLib(fn_X509_INFO_free); //Used by Indy + @X509_get0_signature := LoadFunctionCLib(fn_X509_get0_signature); @X509_set_version := LoadFunctionCLib(fn_X509_set_version,False); @X509_get_serialNumber := LoadFunctionCLib(fn_X509_get_serialNumber); //USED by Indy @X509_gmtime_adj := LoadFunctionCLib(fn_X509_gmtime_adj,False); + @_X509_REQ_get_subject_name := LoadFunctionCLib(fn_X509_REQ_get_subject_name); @X509_set_notBefore := LoadFunctionCLib(fn_X509_set_notBefore,False); @X509_set_notAfter := LoadFunctionCLib(fn_X509_set_notAfter,False); @X509_set_pubkey := LoadFunctionCLib(fn_X509_set_pubkey,False); @X509_REQ_set_pubkey := LoadFunctionCLib(fn_X509_REQ_set_pubkey,False); @X509_PUBKEY_get := LoadFunctionCLib(fn_X509_PUBKEY_get,False); @X509_verify := LoadFunctionCLib(fn_X509_verify,False); + @X509_verify_cert_error_string := LoadFunctionCLib(fn_X509_verify_cert_error_string,False); + @X509_getm_notBefore := LoadFunctionCLib(fn_X509_getm_notBefore); + @X509_getm_notAfter := LoadFunctionCLib(fn_X509_getm_notAfter); //PEM {$IFNDEF SSLEAY_MACROS} @_PEM_read_bio_X509 := LoadFunctionCLib(fn_PEM_read_bio_X509, False); @@ -23465,10 +22270,15 @@ function Load: Boolean; @EVP_seed_ofb := LoadFunctionCLib(fn_EVP_seed_ofb,False); {$endif} - @EVP_MD_CTX_init := LoadFunctionCLib(fn_EVP_MD_CTX_init); - @EVP_MD_CTX_cleanup := LoadFunctionCLib(fn_EVP_MD_CTX_cleanup); + @EVP_MD_CTX_init := LoadFunctionCLib(fn_EVP_MD_CTX_init, false); + if @EVP_MD_CTX_init = nil then begin + @EVP_MD_CTX_init := LoadFunctionCLib('EVP_MD_CTX_reset'); {Do not localize} + end; + @EVP_MD_CTX_cleanup := LoadFunctionCLib(fn_EVP_MD_CTX_cleanup, false); @EVP_MD_CTX_create := LoadFunctionCLib(fn_EVP_MD_CTX_create, False); @EVP_MD_CTX_destroy := LoadFunctionCLib(fn_EVP_MD_CTX_destroy, False); + @EVP_MD_CTX_new := LoadFunctionCLib(fn_EVP_MD_CTX_new); + @EVP_MD_CTX_free := LoadFunctionCLib(fn_EVP_MD_CTX_free, False); @EVP_MD_CTX_copy := LoadFunctionCLib(fn_EVP_MD_CTX_copy, False); @EVP_MD_CTX_copy_ex := LoadFunctionCLib(fn_EVP_MD_CTX_copy_ex, False); //@EVP_MD_CTX_set_flags := LoadFunctionCLib(fn_EVP_MD_CTX_set_flags, False); @@ -23538,17 +22348,32 @@ function Load: Boolean; @EVP_PKEY_assign := LoadFunctionCLib(fn_EVP_PKEY_assign); @EVP_get_cipherbyname := LoadFunctionCLib(fn_EVP_get_cipherbyname); @EVP_get_digestbyname := LoadFunctionCLib(fn_EVP_get_digestbyname); - @EVP_MD_type := LoadFunctionCLib(fn_EVP_MD_type); - @EVP_MD_size := LoadFunctionCLib(fn_EVP_MD_size); - @EVP_MD_block_size := LoadFunctionCLib(fn_EVP_MD_block_size); + @EVP_MD_type := LoadFunctionCLib(fn_EVP_MD_type, false); + if @EVP_MD_type = nil then begin + @EVP_MD_type := LoadFunctionCLib('EVP_MD_get_type'); {Do not localize} + end; + @EVP_MD_size := LoadFunctionCLib(fn_EVP_MD_size, false); + if @EVP_MD_size = nil then begin + @EVP_MD_size := LoadFunctionCLib('EVP_MD_get_type'); {Do not localize} + end; + @EVP_MD_block_size := LoadFunctionCLib(fn_EVP_MD_block_size, false); + if @EVP_MD_block_size = nil then begin + @EVP_MD_block_size := LoadFunctionCLib('EVP_MD_get_block_size'); {Do not localize} + end; @EVP_MD_flags := LoadFunctionCLib(fn_EVP_MD_flags,False); @EVP_MD_CTX_md := LoadFunctionCLib(fn_EVP_MD_CTX_md); @EVP_CIPHER_nid := LoadFunctionCLib(fn_EVP_CIPHER_nid,False); @EVP_CIPHER_block_size := LoadFunctionCLib(fn_EVP_CIPHER_block_size,False); @EVP_CIPHER_key_length := LoadFunctionCLib(fn_EVP_CIPHER_key_length,False); @EVP_CIPHER_iv_length := LoadFunctionCLib(fn_EVP_CIPHER_iv_length,False); - @EVP_CIPHER_flags := LoadFunctionCLib(fn_EVP_CIPHER_flags); - @EVP_CIPHER_type := LoadFunctionCLib(fn_EVP_CIPHER_type); + @EVP_CIPHER_flags := LoadFunctionCLib(fn_EVP_CIPHER_flags, false); + if @EVP_CIPHER_flags = nil then begin + @EVP_CIPHER_flags := LoadFunctionCLib('EVP_CIPHER_get_flags'); {Do not localize} + end; + @EVP_CIPHER_type := LoadFunctionCLib(fn_EVP_CIPHER_type, false); + if @EVP_CIPHER_type = nil then begin + @EVP_CIPHER_type := LoadFunctionCLib('EVP_CIPHER_get_type'); {Do not localize} + end; @EVP_CIPHER_CTX_cipher := LoadFunctionCLib(fn_EVP_CIPHER_CTX_cipher); @EVP_CIPHER_CTX_nid := LoadFunctionCLib(fn_EVP_CIPHER_CTX_nid,False); @EVP_CIPHER_CTX_block_size := LoadFunctionCLib(fn_EVP_CIPHER_CTX_block_size, False ); @@ -23557,8 +22382,8 @@ function Load: Boolean; @EVP_CIPHER_CTX_copy := LoadFunctionCLib(fn_EVP_CIPHER_CTX_copy,False ); @EVP_CIPHER_CTX_get_app_data := LoadFunctionCLib(fn_EVP_CIPHER_CTX_get_app_data ); @EVP_CIPHER_CTX_set_app_data := LoadFunctionCLib(fn_EVP_CIPHER_CTX_set_app_data ); - @EVP_CIPHER_CTX_flags := LoadFunctionCLib(fn_EVP_CIPHER_CTX_flags); - + @EVP_CIPHER_CTX_flags := LoadFunctionCLib(fn_EVP_CIPHER_CTX_flags, false); + @EVP_CIPHER_CTX_get0_cipher := LoadFunctionCLib(fn_EVP_CIPHER_CTX_get0_cipher, @EVP_CIPHER_CTX_cipher = nil); @EVP_add_cipher := LoadFunctionCLib(fn_EVP_add_cipher,False); @EVP_add_digest := LoadFunctionCLib(fn_EVP_add_digest,False); @@ -23692,23 +22517,11 @@ function Load: Boolean; @EVP_PKEY_meth_set_ctrl := LoadFunctionCLib(fn_EVP_PKEY_meth_set_ctrl,False); //HMAC {$IFNDEF OPENSSL_NO_HMAC} - @HMAC_CTX_init := LoadFunctionCLib(fn_HMAC_CTX_init); - if IsOpenSSL_1x then begin - @_HMAC_Init_ex := nil; - @_HMAC_Update := nil; - @_HMAC_Final := nil; - @_1_0_HMAC_Init_ex := LoadFunctionCLib(fn_HMAC_Init_ex); - @_1_0_HMAC_Update := LoadFunctionCLib(fn_HMAC_Update); - @_1_0_HMAC_Final := LoadFunctionCLib(fn_HMAC_Final); - end else begin - @_HMAC_Init_ex := LoadFunctionCLib(fn_HMAC_Init_ex); - @_HMAC_Update := LoadFunctionCLib(fn_HMAC_Update); - @_HMAC_Final := LoadFunctionCLib(fn_HMAC_Final); - @_1_0_HMAC_Init_ex := nil; - @_1_0_HMAC_Update := nil; - @_1_0_HMAC_Final := nil; - end; - @HMAC_CTX_cleanup := LoadFunctionCLib(fn_HMAC_CTX_cleanup); + @HMAC_CTX_reset := LoadFunctionCLib(fn_HMAC_CTX_reset, false); + @HMAC_Init_ex := LoadFunctionCLib(fn_HMAC_Init_ex); + @HMAC_Update := LoadFunctionCLib(fn_HMAC_Update); + @HMAC_Final := LoadFunctionCLib(fn_HMAC_Final); + @HMAC_CTX_cleanup := LoadFunctionCLib(fn_HMAC_CTX_cleanup, false); {$ENDIF} //OBJ @OBJ_obj2nid := LoadFunctionCLib(fn_OBJ_obj2nid); @@ -23725,9 +22538,9 @@ function Load: Boolean; @CRYPTO_set_mem_functions := LoadFunctionCLib(fn_CRYPTO_set_mem_functions); @CRYPTO_malloc := LoadFunctionCLib(fn_CRYPTO_malloc); @CRYPTO_free := LoadFunctionCLib(fn_CRYPTO_free); - @CRYPTO_mem_leaks := LoadFunctionCLib(fn_CRYPTO_mem_leaks); - @CRYPTO_mem_ctrl := LoadFunctionCLib(fn_CRYPTO_mem_ctrl); - @CRYPTO_set_mem_debug_functions := LoadFunctionCLib(fn_CRYPTO_set_mem_debug_functions); + @CRYPTO_mem_leaks := LoadFunctionCLib(fn_CRYPTO_mem_leaks, false); + @CRYPTO_mem_ctrl := LoadFunctionCLib(fn_CRYPTO_mem_ctrl, false); + @CRYPTO_set_mem_debug_functions := LoadFunctionCLib(fn_CRYPTO_set_mem_debug_functions, false); //@CRYPTO_dbg_malloc := LoadFunctionCLib(fn_CRYPTO_dbg_malloc); //@CRYPTO_dbg_realloc := LoadFunctionCLib(fn_CRYPTO_dbg_realloc); //@CRYPTO_dbg_free := LoadFunctionCLib(fn_CRYPTO_dbg_free); @@ -23737,19 +22550,45 @@ function Load: Boolean; @i2d_PKCS12_bio := LoadFunctionCLib(fn_i2d_PKCS12_bio); @PKCS12_free := LoadFunctionCLib(fn_PKCS12_free); @OpenSSL_add_all_algorithms := LoadOldCLib(fn_OpenSSL_add_all_algorithms, - fn_OPENSSL_add_all_algorithms_noconf); - @OpenSSL_add_all_ciphers := LoadFunctionCLib(fn_OpenSSL_add_all_ciphers); - @OpenSSL_add_all_digests := LoadFunctionCLib(fn_OpenSSL_add_all_digests); - @EVP_cleanup := LoadFunctionCLib(fn_EVP_cleanup); - - @sk_num := LoadFunctionCLib(fn_sk_num); - @sk_new := LoadFunctionCLib(fn_sk_new); - @sk_new_null := LoadFunctionCLib(fn_sk_new_null); - @sk_free := LoadFunctionCLib(fn_sk_free); - @sk_push := LoadFunctionCLib(fn_sk_push); - @sk_dup := LoadFunctionCLib(fn_sk_dup); - @sk_find := LoadFunctionCLib(fn_sk_find); - @sk_value := LoadFunctionCLib(fn_sk_value); + fn_OPENSSL_add_all_algorithms_noconf,False); + @OpenSSL_add_all_ciphers := LoadFunctionCLib(fn_OpenSSL_add_all_ciphers,False); + @OpenSSL_add_all_digests := LoadFunctionCLib(fn_OpenSSL_add_all_digests,False); + @OPENSSL_init_crypto := LoadFunctionCLib(fn_OPENSSL_init_crypto, + (@OpenSSL_add_all_digests = nil) or (@OpenSSL_add_all_ciphers = nil)); + @EVP_cleanup := LoadFunctionCLib(fn_EVP_cleanup, false); + + @sk_num := LoadFunctionCLib(fn_sk_num, false); + if @sk_num = nil then begin + @sk_num := LoadFunctionCLib('OPENSSL_sk_num'); {Do not localize} + end; + @sk_new := LoadFunctionCLib(fn_sk_new, false); + if @sk_new = nil then begin + @sk_new := LoadFunctionCLib('OPENSSL_sk_new'); {Do not localize} + end; + @sk_new_null := LoadFunctionCLib(fn_sk_new_null, false); + if @sk_new_null = nil then begin + @sk_new_null := LoadFunctionCLib('OPENSSL_sk_new_null'); {Do not localize} + end; + @sk_free := LoadFunctionCLib(fn_sk_free, false); + if @sk_free = nil then begin + @sk_free := LoadFunctionCLib('OPENSSL_sk_free'); {Do not localize} + end; + @sk_push := LoadFunctionCLib(fn_sk_push, false); + if @sk_push = nil then begin + @sk_push := LoadFunctionCLib('OPENSSL_sk_push'); {Do not localize} + end; + @sk_dup := LoadFunctionCLib(fn_sk_dup, false); + if @sk_dup = nil then begin + @sk_dup := LoadFunctionCLib('OPENSSL_sk_dup'); {Do not localize} + end; + @sk_find := LoadFunctionCLib(fn_sk_find, false); + if @sk_find = nil then begin + @sk_find := LoadFunctionCLib('OPENSSL_sk_find'); {Do not localize} + end; + @sk_value := LoadFunctionCLib(fn_sk_value, false); + if @sk_value = nil then begin + @sk_value := LoadFunctionCLib('OPENSSL_sk_value'); {Do not localize} + end; {$IFDEF OPENSSL_FIPS} @_FIPS_mode_set := LoadFunctionCLib(fn_FIPS_mode_set,False); @_FIPS_mode := LoadFunctionCLib(fn_FIPS_mode,False); @@ -23779,9 +22618,10 @@ procedure InitializeFuncPointers; @SSL_CTX_use_PrivateKey := nil; @SSL_CTX_use_certificate := nil; @SSL_CTX_use_certificate_file := nil; - SSL_CTX_use_certificate_chain_file := nil; + @SSL_CTX_use_certificate_chain_file := nil; @SSL_load_error_strings := nil; @SSL_state_string_long := nil; + @OPENSSL_init_ssl := nil; @SSL_load_error_strings := nil; @SSL_alert_type_string_long := nil; @@ -23789,6 +22629,8 @@ procedure InitializeFuncPointers; @SSL_CTX_set_verify := nil; @SSL_CTX_set_verify_depth := nil; @SSL_CTX_get_verify_depth := nil; + @SSL_CTX_get_cert_store := nil; + @SSL_get_ex_data_X509_STORE_CTX_idx := nil; @SSL_CTX_set_default_passwd_cb := nil; @SSL_CTX_set_default_passwd_cb_userdata := nil; @SSL_CTX_check_private_key := nil; @@ -23805,24 +22647,6 @@ procedure InitializeFuncPointers; @SSL_CTX_ctrl := nil; @SSL_CTX_callback_ctrl := nil; @SSL_get_error := nil; - @SSLv2_method := nil; - @SSLv2_server_method := nil; - @SSLv2_client_method := nil; - @SSLv3_method := nil; - @SSLv3_server_method := nil; - @SSLv3_client_method := nil; - @SSLv23_method := nil; - @SSLv23_server_method := nil; - @SSLv23_client_method := nil; - @TLSv1_method := nil; - @TLSv1_server_method := nil; - @TLSv1_client_method := nil; - @TLSv1_1_method := nil; - @TLSv1_1_server_method := nil; - @TLSv1_1_client_method := nil; - @TLSv1_2_method := nil; - @TLSv1_2_server_method := nil; - @TLSv1_2_client_method := nil; @DTLSv1_method := nil; @DTLSv1_server_method := nil; @DTLSv1_client_method := nil; @@ -23840,12 +22664,14 @@ procedure InitializeFuncPointers; @SSLeay := nil; @X509_NAME_oneline := nil; @X509_NAME_hash := nil; + @X509_NAME_hash_ex := nil; @X509_set_issuer_name := nil; @X509_get_issuer_name := nil; @X509_set_subject_name := nil; @X509_get_subject_name := nil; @X509_digest := nil; @X509_LOOKUP_ctrl := nil; + @X509_LOOKUP_get_store := nil; @X509_STORE_add_cert := nil; @X509_STORE_add_crl := nil; @X509_STORE_CTX_get_ex_data := nil; @@ -23863,6 +22689,8 @@ procedure InitializeFuncPointers; @X509V3_set_ctx := nil; @X509_EXTENSION_free := nil; @X509_add_ext := nil; + @X509_get_version := nil; + @X509_get_signature_type := nil; {$IFNDEF OPENSSL_NO_BIO} //X509_print @X509_print := nil; @@ -23889,25 +22717,33 @@ procedure InitializeFuncPointers; // More SSL functions @SSL_set_ex_data := nil; @SSL_get_ex_data := nil; + @SSL_CTX_set_ex_data := nil; + @SSL_CTX_get_ex_data := nil; + @SSL_CTX_set_info_callback := nil; @SSL_load_client_CA_file := nil; @SSL_CTX_set_client_CA_list := nil; @SSL_CTX_set_default_verify_paths := nil; @SSL_CTX_set_session_id_context := nil; @SSL_CIPHER_description := nil; @SSL_get_current_cipher := nil; + @SSL_client_version := nil; + @SSL_version := nil; @SSL_CIPHER_get_name := nil; @SSL_CIPHER_get_version := nil; @SSL_CIPHER_get_bits := nil; + @TLS_method := nil; + @TLS_client_method := nil; + @TLS_server_method := nil; + // Thread safe @_CRYPTO_num_locks := nil; @CRYPTO_set_locking_callback := nil; - {$IFNDEF WIN32_OR_WIN64} @CRYPTO_THREADID_set_callback := nil; @CRYPTO_THREADID_set_numeric := nil; @CRYPTO_THREADID_set_pointer := nil; @CRYPTO_set_id_callback := nil; - {$ENDIF} - @ERR_put_error := nil; + + @_ERR_put_error := nil; @ERR_get_error := nil; @ERR_peek_error := nil; @ERR_peek_last_error := nil; @@ -23994,6 +22830,10 @@ procedure InitializeFuncPointers; @i2d_PUBKEY := nil; @d2i_PUBKEY := nil; //X509 + @_X509_CRL_get_lastUpdate := nil; + @_X509_CRL_get_nextUpdate := nil; + @_X509_CRL_get_issuer := nil; + @_X509_CRL_get_REVOKED := nil; @X509_get_default_cert_file := nil; @X509_get_default_cert_file_env := nil; @X509_new := nil; @@ -24004,12 +22844,17 @@ procedure InitializeFuncPointers; @X509_NAME_add_entry_by_txt := nil; @X509_INFO_free := nil; @X509_set_version := nil; + @X509_get0_signature := nil; @X509_get_serialNumber := nil; @X509_gmtime_adj := nil; @X509_set_notBefore := nil; @X509_set_notAfter := nil; @X509_set_pubkey := nil; @X509_REQ_set_pubkey := nil; + @X509_verify := nil; + @X509_verify_cert_error_string := nil; + @_X509_REQ_get_subject_name := nil; + @_X509_REQ_get_version := nil; //PEM {$IFNDEF SSLEAY_MACROS} @_PEM_read_bio_X509 := nil; @@ -24229,6 +23074,8 @@ procedure InitializeFuncPointers; @EVP_MD_CTX_cleanup := nil; @EVP_MD_CTX_create := nil; @EVP_MD_CTX_destroy := nil; + @EVP_MD_CTX_new := nil; + @EVP_MD_CTX_free := nil; @EVP_MD_CTX_copy := nil; @EVP_MD_CTX_copy_ex := nil; //@EVP_MD_CTX_set_flags := nil; @@ -24451,16 +23298,14 @@ procedure InitializeFuncPointers; @EVP_CIPHER_CTX_get_app_data := nil; @EVP_CIPHER_CTX_set_app_data := nil; @EVP_CIPHER_CTX_flags := nil; + @EVP_CIPHER_CTX_get0_cipher := nil; //HMAC {$IFNDEF OPENSSL_NO_HMAC} - @HMAC_CTX_init := nil; - @_HMAC_Init_ex := nil; - @_HMAC_Update := nil; - @_HMAC_Final := nil; - @_1_0_HMAC_Init_ex := nil; - @_1_0_HMAC_Update := nil; - @_1_0_HMAC_Final := nil; + @HMAC_CTX_reset := nil; + @HMAC_Init_ex := nil; + @HMAC_Update := nil; + @HMAC_Final := nil; @HMAC_CTX_cleanup := nil; {$ENDIF} //OBJ @@ -24493,6 +23338,7 @@ procedure InitializeFuncPointers; @OpenSSL_add_all_algorithms := nil; @OpenSSL_add_all_ciphers := nil; @OpenSSL_add_all_digests := nil; + @OPENSSL_init_crypto := nil; @EVP_cleanup := nil; @sk_new := nil; @sk_num := nil; @@ -24736,58 +23582,15 @@ function X509_STORE_CTX_get_app_data(ctx: PX509_STORE_CTX):Pointer; Result := X509_STORE_CTX_get_ex_data(ctx, 0); end; -function X509_get_version(x : PX509): TIdC_LONG; -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Result := ASN1_INTEGER_get(x^.cert_info^.version); -end; - -function X509_get_signature_type(x : PX509) : TIdC_INT; -{$IFDEF USE_INLINE} inline; {$ENDIF} -{ -http://groups.google.com/group/mailing.openssl.dev/browse_thread/thread/c1ab56fc4fb7af6a/98a2e94fe893aecf?lnk=st&q=X509_get_signature_type+&rnum=1&hl=en#98a2e94fe893aecf - -Austin Krauss via RT wrote: - -> D:\openssl-0.9.7b\out32dll\Release>openssl version -a -> OpenSSL 0.9.7b 10 Apr 2003 -> built on: date not available -> platform: information not available -> options: bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(idx) -> compiler: information not available -> OPENSSLDIR: "/usr/local/ssl" - -> Windows 2000 SP3 x86 -> Visual C++ 6.0 SP5 - -> I'm running into a problem parsing the certificate that I've recieved from the peer. I'm trying to call X509_get_signature_type(...) to get the key algorithm used. After I went through this function with the debugger, I'm finding that "NID_sha1WithRSAEncryption" (which is correct by the way) is getting passed to EVP_PKEY_type(...). It seems as if there is not a EVP constant that maps to this particular NID and thus EVP_PKEY_type is returning NID_undef to my function. - -As a addition to: -http://marc.theaimsgroup.com/?l=openssl-users&m=105074607225189&w=2 -I would suggest that X509_get_signature_type(x) should -be changed to 'OBJ_obj2nid((x)->sig_alg->algorithm' (i.e. remove -the call to EVP_PKEY_type()) because currently this macro -returns the type of the key used for the signature generation -and *not* the type of the signature (i.e. key alg + hash alg). -The other solution would be to change EVP_PKEY_type() to -include the other RSA OIDs as well (from the usage of this macro -in OpenSSL the second alternative is simpler to implement, but -in this case the name of the macro should better be changed to -X509_get_signature_key_type() :-). - -Regards, -Nils -} -begin - Assert(x<>nil); - Result := EVP_PKEY_type(OBJ_obj2nid(x.sig_alg.algorithm)); -end; - function X509_REQ_get_subject_name(x:PX509_REQ):PX509_NAME; {$IFDEF USE_INLINE} inline; {$ENDIF} begin Assert(x<>nil); - Result := x^.req_info^.subject; + if Assigned(_X509_REQ_get_subject_name) then begin + Result := X509_REQ_get_subject_name(x); + end else begin + Result := x^.req_info^.subject; + end; end; //function X509_get_notBefore(x509: PX509):PASN1_UTCTIME; @@ -24795,7 +23598,7 @@ function X509_get_notBefore(x509: PX509):PASN1_TIME; {$IFDEF USE_INLINE} inline; {$ENDIF} begin Assert(x509<>nil); - Result := x509.cert_info.validity.notBefore; + Result := X509_getm_notBefore(x509); end; //function X509_get_notAfter(x509: PX509):PASN1_UTCTIME; @@ -24803,50 +23606,67 @@ function X509_get_notAfter(x509: PX509):PASN1_TIME; {$IFDEF USE_INLINE} inline; {$ENDIF} begin Assert(x509<>nil); - Result := x509.cert_info.validity.notAfter; + Result := X509_getm_notAfter(x509); end; function X509_REQ_get_version(x : PX509_REQ): TIdC_LONG; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := ASN1_INTEGER_get(x^.req_info^.version); + if Assigned(_X509_REQ_get_version) then begin + Result := _X509_REQ_get_version(x); + end else begin + Result := ASN1_INTEGER_get(x^.req_info^.version); + end; end; function X509_CRL_get_version(x : PX509_CRL) : TIdC_LONG; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := ASN1_INTEGER_get(x^.crl^.version); + if Assigned(_X509_CRL_get_version) then begin + Result := _X509_CRL_get_version(x); + end else begin + Result := ASN1_INTEGER_get(x^.crl^.version); + end; end; function X509_CRL_get_lastUpdate(x : PX509_CRL) : PASN1_TIME; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := x^.crl^.lastUpdate; + if Assigned(_X509_CRL_get_lastUpdate) then begin + Result := _X509_CRL_get_lastUpdate(x); + end else begin + Result := x^.crl^.lastUpdate; + end; end; function X509_CRL_get_nextUpdate(x : PX509_CRL) : PASN1_TIME; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := x^.crl^.nextUpdate; + if Assigned(_X509_CRL_get_nextUpdate) then begin + Result := _X509_CRL_get_nextUpdate(x); + end else begin + Result := x^.crl^.nextUpdate; + end; end; function X509_CRL_get_issuer(x : PX509_CRL) : PX509_NAME; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := x^.crl^.issuer + if Assigned(_X509_CRL_get_issuer) then begin + Result := _X509_CRL_get_issuer(x); + end else begin + Result := x^.crl^.issuer; + end; end; function X509_CRL_get_REVOKED(x : PX509_CRL) : PSTACK_OF_X509_REVOKED; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := x^.crl^.revoked; -end; - -procedure SSL_CTX_set_info_callback(ctx: PSSL_CTX; cb: PSSL_CTX_info_callback); -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Assert(ctx<>nil); - ctx.info_callback := cb; + if Assigned(_X509_CRL_get_REVOKED) then begin + Result := _X509_CRL_get_REVOKED(x); + end else begin + Result := x^.crl^.revoked; + end; end; //* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, @@ -24858,6 +23678,18 @@ function SSL_CTX_set_options(ctx: PSSL_CTX; op: TIdC_LONG):TIdC_LONG; Result := SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, op, nil); end; +function SSL_CTX_set_min_proto_version(ctx: PSSL_CTX; op: TIdC_LONG):TIdC_LONG; +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Result := SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, op, nil); +end; + +function SSL_CTX_set_max_proto_version(ctx: PSSL_CTX; op: TIdC_LONG):TIdC_LONG; +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Result := SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, op, nil); +end; + function SSL_CTX_clear_options(ctx : PSSL_CTX; op : TIdC_LONG):TIdC_LONG; {$IFDEF USE_INLINE} inline; {$ENDIF} begin @@ -24870,6 +23702,18 @@ function SSL_CTX_get_options(ctx: PSSL_CTX) : TIdC_LONG; Result := SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS,0,nil); end; +function SSL_set_min_proto_version(s : PSSL; version : TIdC_LONG) : TIdC_INT; +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Result := SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, nil); +end; + +function SSL_set_max_proto_version(s : PSSL; version : TIdC_LONG) : TIdC_INT; +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Result := SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, nil); +end; + function SSL_set_options(ssl: PSSL; op : TIdC_LONG): TIdC_LONG; {$IFDEF USE_INLINE} inline; {$ENDIF} begin @@ -24918,6 +23762,17 @@ function SSL_get_secure_renegotiation_support(ssl : PSSL) : TIdC_LONG; Result := SSL_ctrl(ssl, SSL_CTRL_GET_RI_SUPPORT, 0, nil); end; // +function SSL_CTX_set_app_data(ctx : PSSL_CTX; arg : Pointer) : TIdC_INT; +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Result := SSL_CTX_set_ex_data( ctx, 0, arg); +end; + +function SSL_CTX_get_app_data(ctx : PSSL_CTX) : Pointer; +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Result := SSL_CTX_get_ex_data( ctx, 0); +end; function SSL_CTX_sess_number(ctx : PSSL_CTX) : TIdC_LONG; {$IFDEF USE_INLINE} inline; {$ENDIF} @@ -25185,11 +24040,7 @@ function SSL_set_tlsext_host_name(s : PSSL; name : string) : TIdC_LONG; function SSL_set_tlsext_debug_callback(ssl : PSSL; cb : SSL_callback_ctrl_fp) : TIdC_LONG; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - if Assigned(SSL_callback_ctrl) then begin - Result := SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,cb); - end else begin - Result := ssl.method.ssl_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_DEBUG_CB, SSL_METHOD_PROC(cb)); - end; + Result := SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,cb); end; function SSL_set_tlsext_debug_arg(ssl : PSSL; arg : Pointer) : TIdC_LONG; @@ -25366,8 +24217,8 @@ function SSL_set_tlsext_heartbeat_no_requests(ssl : PSSL; arg : TIdC_LONG) : TId function TLS1_get_version(s : PSSL) : TIdC_INT; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - if (s.version shr 8) = TLS1_VERSION_MAJOR then - Result := s.version + if (SSL_version(s) shr 8) = TLS1_VERSION_MAJOR then + Result := SSL_version(s) else Result := 0; end; @@ -25375,19 +24226,12 @@ function TLS1_get_version(s : PSSL) : TIdC_INT; function TLS1_get_client_version(s : PSSL) : TIdC_INT; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - if s.client_version shr 8 = TLS1_VERSION_MAJOR then - Result := s.client_version + if SSL_client_version(s) shr 8 = TLS1_VERSION_MAJOR then + Result := SSL_client_version(s) else Result := 0; end; -function SSL_CTX_get_version(ctx: PSSL_CTX):TIdC_INT; -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Assert(ctx<>nil); - Result := ctx^.method^.version; -end; - //* BIO_s_connect() and BIO_s_socks4a_connect() */ function BIO_set_conn_hostname(b : PBIO; name : PIdAnsiChar) : TIdC_LONG; @@ -26330,13 +25174,25 @@ function EVP_CIPHER_mode(e : PEVP_CIPHER) : TIdC_ULONG; function EVP_CIPHER_CTX_type(c : PEVP_CIPHER_CTX) : TIdC_INT; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)); + if Assigned(EVP_CIPHER_CTX_cipher) then begin + Result := EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)); + end else begin + Result := EVP_CIPHER_type(EVP_CIPHER_CTX_get0_cipher(c)); + end; end; function EVP_CIPHER_CTX_mode(e : PEVP_CIPHER_CTX) : TIdC_ULONG; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := (EVP_CIPHER_CTX_flags(e) and EVP_CIPH_MODE) + if Assigned(EVP_CIPHER_CTX_flags) then begin + Result := (EVP_CIPHER_CTX_flags(e) and EVP_CIPH_MODE); + end else begin + if Assigned(EVP_CIPHER_CTX_cipher) then begin + Result := EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(e)); + end else begin + Result := EVP_CIPHER_flags(EVP_CIPHER_CTX_get0_cipher(e)); + end; + end; end; function EVP_ENCODE_LENGTH(l : Integer) : Integer; @@ -26568,20 +25424,28 @@ procedure SSLeay_add_all_algorithms; procedure SSLeay_add_all_ciphers; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - OpenSSL_add_all_ciphers; + if assigned(OpenSSL_add_all_ciphers) then begin + OpenSSL_add_all_ciphers; + end else begin + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, nil); + end; end; procedure SSLeay_add_all_digests; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - OpenSSL_add_all_digests; + if Assigned(OpenSSL_add_all_digests) then begin + OpenSSL_add_all_digests; + end else begin + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, nil); + end; end; -procedure X509V3_set_ctx_nodb(ctx: X509V3_CTX); -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - ctx.db := nil; -end; +//procedure X509V3_set_ctx_nodb(ctx: X509V3_CTX); +//{$IFDEF USE_INLINE} inline; {$ENDIF} +//begin +// ctx.db := nil; +//end; function ERR_PACK(l, f, r : TIdC_INT) : TIdC_ULONG; {$IFDEF USE_INLINE} inline; {$ENDIF} @@ -26965,6 +25829,7 @@ initialization GetHMACSHA512HashInst:= OpenSSLGetHMACSHA512Inst; UpdateHMACInst := OpenSSLUpdateHMACInst; FinalHMACInst := OpenSSLFinalHMACInst; + LoadHashLibrary := LoadOpenSSL; {$IFNDEF STATICLOAD_OPENSSL} finalization FreeAndNil(FFailedLoadList); diff --git a/dclIndyTLSOpenSSL100.dpk b/dclIndyTLSOpenSSL100.dpk index a7f3c3c..de5c418 100644 --- a/dclIndyTLSOpenSSL100.dpk +++ b/dclIndyTLSOpenSSL100.dpk @@ -22,10 +22,10 @@ package dclIndyTLSOpenSSL100; requires designide, + IndyTLSOpenSSL100, dclIndyCore100; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL110.dpk b/dclIndyTLSOpenSSL110.dpk index 8707968..6272abd 100644 --- a/dclIndyTLSOpenSSL110.dpk +++ b/dclIndyTLSOpenSSL110.dpk @@ -22,10 +22,10 @@ package dclIndyTLSOpenSSL110; requires designide, + IndyTLSOpenSSL110, dclIndyCore110; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL120.dpk b/dclIndyTLSOpenSSL120.dpk index 33f0791..d2edc96 100644 --- a/dclIndyTLSOpenSSL120.dpk +++ b/dclIndyTLSOpenSSL120.dpk @@ -22,10 +22,10 @@ package dclIndyTLSOpenSSL120; requires designide, + IndyTLSOpenSSL120, dclIndyCore120; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL130.dpk b/dclIndyTLSOpenSSL130.dpk index 15497e4..c81b2b0 100644 --- a/dclIndyTLSOpenSSL130.dpk +++ b/dclIndyTLSOpenSSL130.dpk @@ -22,10 +22,10 @@ package dclIndyTLSOpenSSL130; requires designide, + IndyTLSOpenSSL130, dclIndyCore130; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL140.dpk b/dclIndyTLSOpenSSL140.dpk index ff246b6..7ec70d4 100644 --- a/dclIndyTLSOpenSSL140.dpk +++ b/dclIndyTLSOpenSSL140.dpk @@ -23,10 +23,10 @@ package dclIndyTLSOpenSSL140; requires designide, + IndyTLSOpenSSL140, dclIndyCore140; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL150.dpk b/dclIndyTLSOpenSSL150.dpk index dd02388..c38a48e 100644 --- a/dclIndyTLSOpenSSL150.dpk +++ b/dclIndyTLSOpenSSL150.dpk @@ -23,10 +23,10 @@ package dclIndyTLSOpenSSL150; requires designide, + IndyTLSOpenSSL150, dclIndyCore150; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL160.dpk b/dclIndyTLSOpenSSL160.dpk index 30e95a9..b938ed8 100644 --- a/dclIndyTLSOpenSSL160.dpk +++ b/dclIndyTLSOpenSSL160.dpk @@ -31,10 +31,10 @@ package dclIndyTLSOpenSSL60; requires designide, + IndyTLSOpenSSL160, dclIndyCore160; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL170.dpk b/dclIndyTLSOpenSSL170.dpk index d8cdd35..0b5d286 100644 --- a/dclIndyTLSOpenSSL170.dpk +++ b/dclIndyTLSOpenSSL170.dpk @@ -31,10 +31,10 @@ package dclIndyTLSOpenSSL170; requires designide, + IndyTLSOpenSSL170, dclIndyCore170; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL180.dpk b/dclIndyTLSOpenSSL180.dpk index 738ddcf..7497123 100644 --- a/dclIndyTLSOpenSSL180.dpk +++ b/dclIndyTLSOpenSSL180.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL180; requires designide, + IndyTLSOpenSSL180, dclIndyCore180; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL190.dpk b/dclIndyTLSOpenSSL190.dpk index 09c78cc..2675113 100644 --- a/dclIndyTLSOpenSSL190.dpk +++ b/dclIndyTLSOpenSSL190.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL190; requires designide, + IndyTLSOpenSSL190, dclIndyCore190; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL200.dpk b/dclIndyTLSOpenSSL200.dpk index 0c02dbb..ee76034 100644 --- a/dclIndyTLSOpenSSL200.dpk +++ b/dclIndyTLSOpenSSL200.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL200; requires designide, + IndyTLSOpenSSL200, dclIndyCore200; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL210.dpk b/dclIndyTLSOpenSSL210.dpk index d956432..8b8b1b4 100644 --- a/dclIndyTLSOpenSSL210.dpk +++ b/dclIndyTLSOpenSSL210.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL210; requires designide, + IndyTLSOpenSSL210, dclIndyCore210; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL220.dpk b/dclIndyTLSOpenSSL220.dpk index 647acb9..c08d75e 100644 --- a/dclIndyTLSOpenSSL220.dpk +++ b/dclIndyTLSOpenSSL220.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL220; requires designide, + IndyTLSOpenSSL220, dclIndyCore220; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL230.dpk b/dclIndyTLSOpenSSL230.dpk index 1eac9f9..b85b8d3 100644 --- a/dclIndyTLSOpenSSL230.dpk +++ b/dclIndyTLSOpenSSL230.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL230; requires designide, + IndyTLSOpenSSL230, dclIndyCore230; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL240.dpk b/dclIndyTLSOpenSSL240.dpk index 86f6576..135888e 100644 --- a/dclIndyTLSOpenSSL240.dpk +++ b/dclIndyTLSOpenSSL240.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL240; requires designide, + IndyTLSOpenSSL240, dclIndyCore240; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL250.dpk b/dclIndyTLSOpenSSL250.dpk index badf68b..8227838 100644 --- a/dclIndyTLSOpenSSL250.dpk +++ b/dclIndyTLSOpenSSL250.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL250; requires designide, + IndyTLSOpenSSL250, dclIndyCore250; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL260.dpk b/dclIndyTLSOpenSSL260.dpk index 9584396..13caef7 100644 --- a/dclIndyTLSOpenSSL260.dpk +++ b/dclIndyTLSOpenSSL260.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL260; requires designide, + IndyTLSOpenSSL260, dclIndyCore260; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL270.dpk b/dclIndyTLSOpenSSL270.dpk index 3f04276..5c08220 100644 --- a/dclIndyTLSOpenSSL270.dpk +++ b/dclIndyTLSOpenSSL270.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL270; requires designide, + IndyTLSOpenSSL270, dclIndyCore270; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL280.dpk b/dclIndyTLSOpenSSL280.dpk index c3b66d5..ff0380e 100644 --- a/dclIndyTLSOpenSSL280.dpk +++ b/dclIndyTLSOpenSSL280.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL280; requires designide, + IndyTLSOpenSSL280, dclIndyCore280; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL290.dpk b/dclIndyTLSOpenSSL290.dpk index 182a099..3c6fc10 100644 --- a/dclIndyTLSOpenSSL290.dpk +++ b/dclIndyTLSOpenSSL290.dpk @@ -32,10 +32,10 @@ package dclIndyTLSOpenSSL290; requires designide, + IndyTLSOpenSSL290, dclIndyCore290; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL40.dpk b/dclIndyTLSOpenSSL40.dpk index 98c8b25..6f0ebfa 100644 --- a/dclIndyTLSOpenSSL40.dpk +++ b/dclIndyTLSOpenSSL40.dpk @@ -22,10 +22,10 @@ package dclIndyTLSOpenSSL40; requires Vcl40, + IndyTLSOpenSSL40, dclIndyCore40; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL50.dpk b/dclIndyTLSOpenSSL50.dpk index a0d4d26..4dbdb24 100644 --- a/dclIndyTLSOpenSSL50.dpk +++ b/dclIndyTLSOpenSSL50.dpk @@ -22,10 +22,10 @@ package dclIndyTLSOpenSSL50; requires Vcl50, + IndyTLSOpenSSL50, dclIndyCore50; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL60.dpk b/dclIndyTLSOpenSSL60.dpk index 7c2e2fe..b4ee61e 100644 --- a/dclIndyTLSOpenSSL60.dpk +++ b/dclIndyTLSOpenSSL60.dpk @@ -23,10 +23,10 @@ package dclIndyTLSOpenSSL60; requires vcl, designide, + IndyTLSOpenSSL60, dclIndyCore60; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL70.dpk b/dclIndyTLSOpenSSL70.dpk index 9084d4f..ec1a623 100644 --- a/dclIndyTLSOpenSSL70.dpk +++ b/dclIndyTLSOpenSSL70.dpk @@ -23,10 +23,10 @@ package dclIndyTLSOpenSSL70; requires vcl, designide, + IndyTLSOpenSSL70, dclIndyCore70; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL80.dpk b/dclIndyTLSOpenSSL80.dpk index cc8b835..a43a276 100644 --- a/dclIndyTLSOpenSSL80.dpk +++ b/dclIndyTLSOpenSSL80.dpk @@ -22,10 +22,10 @@ package dclIndyTLSOpenSSL80; requires designide, + IndyTLSOpenSSL80, dclIndyCore80; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end. diff --git a/dclIndyTLSOpenSSL90.dpk b/dclIndyTLSOpenSSL90.dpk index 38cb19e..5f73b5c 100644 --- a/dclIndyTLSOpenSSL90.dpk +++ b/dclIndyTLSOpenSSL90.dpk @@ -23,10 +23,10 @@ package dclIndyTLSOpenSSL90; requires designide, + IndyTLSOpenSSL90, dclIndyCore90; contains - IdDsnRegisterOpenSSL in 'IdDsnRegisterOpenSSL.pas', IdRegisterOpenSSL in 'IdRegisterOpenSSL.pas'; end.