diff --git a/IdSSLOpenSSL.pas b/IdSSLOpenSSL.pas index c5124a5..89be6d4 100644 --- a/IdSSLOpenSSL.pas +++ b/IdSSLOpenSSL.pas @@ -234,7 +234,7 @@ interface IdYarn; type - TIdSSLVersion = (sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2); + TIdSSLVersion = (sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2, sslvTLSv1_3); TIdSSLVersions = set of TIdSSLVersion; TIdSSLMode = (sslmUnassigned, sslmClient, sslmServer, sslmBoth); TIdSSLVerifyMode = (sslvrfPeer, sslvrfFailIfNoPeerCert, sslvrfClientOnce); @@ -243,8 +243,8 @@ interface TIdSSLAction = (sslRead, sslWrite); const - DEF_SSLVERSION = sslvTLSv1; - DEF_SSLVERSIONS = [sslvTLSv1]; + DEF_SSLVERSION = sslvTLSv1_3; + DEF_SSLVERSIONS = [sslvTLSv1_3]; P12_FILETYPE = 3; MAX_SSL_PASSWORD_LENGTH = 128; @@ -901,10 +901,12 @@ function calls will reset that value and we can't know what a programmer will LockInfoCB.Enter; try IdSSLSocket := TIdSSLSocket(SSL_get_app_data(sslSocket)); - if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin - StatusStr := IndyFormat(RSOSSLStatusString, [String(SSL_state_string_long(sslSocket))]); - LHelper.StatusInfo(sslSocket, where, ret, StatusStr); - LHelper := nil; + if Assigned(IdSSLSocket) then begin + if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin + StatusStr := IndyFormat(RSOSSLStatusString, [String(SSL_state_string_long(sslSocket))]); + LHelper.StatusInfo(sslSocket, where, ret, StatusStr); + LHelper := nil; + end; end; finally LockInfoCB.Leave; @@ -946,7 +948,7 @@ function VerifyCallback(Ok: TIdC_INT; ctx: PX509_STORE_CTX): TIdC_INT; cdecl; try VerifiedOK := True; try - hSSL := X509_STORE_CTX_get_app_data(ctx); + hSSL := X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx); if hSSL = nil then begin Result := Ok; Exit; @@ -955,21 +957,23 @@ function VerifyCallback(Ok: TIdC_INT; ctx: PX509_STORE_CTX): TIdC_INT; cdecl; Certificate := TIdX509.Create(hcert, False); // the certificate is owned by the store try IdSSLSocket := TIdSSLSocket(SSL_get_app_data(hSSL)); - Error := X509_STORE_CTX_get_error(ctx); - Depth := X509_STORE_CTX_get_error_depth(ctx); - if not ((Ok > 0) and (IdSSLSocket.fSSLContext.VerifyDepth >= Depth)) then begin - Ok := 0; - {if Error = X509_V_OK then begin - Error := X509_V_ERR_CERT_CHAIN_TOO_LONG; - end;} - end; - LOk := False; - if Ok = 1 then begin - LOk := True; - end; - if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin - VerifiedOK := LHelper.VerifyPeer(Certificate, LOk, Depth, Error); - LHelper := nil; + if Assigned(IdSSLSocket) then begin + Error := X509_STORE_CTX_get_error(ctx); + Depth := X509_STORE_CTX_get_error_depth(ctx); + if not ((Ok > 0) and (IdSSLSocket.fSSLContext.VerifyDepth >= Depth)) then begin + Ok := 0; + {if Error = X509_V_OK then begin + Error := X509_V_ERR_CERT_CHAIN_TOO_LONG; + end;} + end; + LOk := False; + if Ok = 1 then begin + LOk := True; + end; + if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin + VerifiedOK := LHelper.VerifyPeer(Certificate, LOk, Depth, Error); + LHelper := nil; + end; end; finally FreeAndNil(Certificate); @@ -2360,33 +2364,11 @@ function LoadOpenSSLLibrary: Boolean; // has to be done before anything that uses memory IdSslCryptoMallocInit; {$ENDIF} - // required eg to encrypt a private key when writing - OpenSSL_add_all_ciphers; - OpenSSL_add_all_digests; - InitializeRandom; - // IdSslRandScreen; - SSL_load_error_strings; - // Successful loading if true - Result := SSLeay_add_ssl_algorithms > 0; - if not Result then begin - Exit; - end; // Create locking structures, we need them for callback routines Assert(LockInfoCB = nil); LockInfoCB := TIdCriticalSection.Create; LockPassCB := TIdCriticalSection.Create; LockVerifyCB := TIdCriticalSection.Create; - // Handle internal OpenSSL locking - CallbackLockList := TIdCriticalSectionThreadList.Create; - PrepareOpenSSLLocking; - CRYPTO_set_locking_callback(@SslLockingCallback); -{$IFNDEF WIN32_OR_WIN64} - if Assigned(CRYPTO_THREADID_set_callback) then begin - CRYPTO_THREADID_set_callback(@_threadid_func); - end else begin - CRYPTO_set_id_callback(@_GetThreadID); - end; -{$ENDIF} SSLIsLoaded.Value := True; Result := True; finally @@ -2460,7 +2442,7 @@ procedure TIdSSLOptions.SetMethod(const AValue: TIdSSLVersion); begin fMethod := AValue; if AValue = sslvSSLv23 then begin - fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2]; + fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2,sslvTLSv1_3]; end else begin fSSLVersions := [AValue]; end; @@ -2484,12 +2466,15 @@ procedure TIdSSLOptions.SetSSLVersions(const AValue: TIdSSLVersions); else if fSSLVersions = [sslvTLSv1_2 ] then begin fMethod := sslvTLSv1_2; end + else if fSSLVersions = [sslvTLSv1_3] then begin + fMethod := sslvTLSv1_3; + end else begin fMethod := sslvSSLv23; if sslvSSLv23 in fSSLVersions then begin Exclude(fSSLVersions, sslvSSLv23); if fSSLVersions = [] then begin - fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2]; + fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2,sslvTLSv1_3]; end; end; end; @@ -3299,7 +3284,24 @@ procedure TIdSSLContext.InitContext(CtxMode: TIdSSLCtxMode); SSL_CTX_clear_options(fContext, SSL_OP_NO_TLSv1_2); end; end; + if IsOpenSSL_TLSv1_3_Available then begin + if not(sslvTLSv1_3 in SSLVersions) then begin + SSL_CTX_set_options(fContext, SSL_OP_NO_TLSv1_3); + end + else if (fMethod = sslvSSLv23) then begin + SSL_CTX_clear_options(fContext, SSL_OP_NO_TLSv1_3); + end; + end; + if sslvTLSv1_3 in SSLVersions then + SSL_CTX_set_min_proto_version(fContext, TLS1_2_VERSION) + else if sslvTLSv1_2 in SSLVersions then + SSL_CTX_set_min_proto_version(fContext, TLS1_2_VERSION) + else if sslvTLSv1_1 in SSLVersions then + SSL_CTX_set_min_proto_version(fContext, TLS1_1_VERSION) + else + SSL_CTX_set_min_proto_version(fContext, TLS1_VERSION); + SSL_CTX_set_max_proto_version(fContext, TLS1_3_VERSION); SSL_CTX_set_mode(fContext, SSL_MODE_AUTO_RETRY); // assign a password lookup routine // if PasswordRoutineOn then begin @@ -3462,22 +3464,10 @@ function TIdSSLContext.SetSSLMethod: PSSL_METHOD; end; end; sslvSSLv23: - case fMode of - sslmServer : begin - if Assigned(SSLv23_server_method) then begin - Result := SSLv23_server_method(); - end; - end; - sslmClient : begin - if Assigned(SSLv23_client_method) then begin - Result := SSLv23_client_method(); - end; - end; + if Assigned(TLS_method) then + Result := TLS_method() else - if Assigned(SSLv23_method) then begin - Result := SSLv23_method(); - end; - end; + Result := SelectTLS1Method(fMode); sslvSSLv3: case fMode of sslmServer : begin @@ -3555,6 +3545,11 @@ function TIdSSLContext.SetSSLMethod: PSSL_METHOD; Result := SelectTLS1Method(fMode); end; end; + sslvTLSv1_3: + if Assigned(TLS_method) then + Result := TLS_method() + else + Result := SelectTLS1Method(fMode); end; if Result = nil then begin raise EIdOSSLGetMethodError.Create(RSSSLGetMethodError); diff --git a/IdSSLOpenSSLHeaders.pas b/IdSSLOpenSSLHeaders.pas index aa006c1..17176c8 100644 --- a/IdSSLOpenSSLHeaders.pas +++ b/IdSSLOpenSSLHeaders.pas @@ -1,10 +1,46 @@ { + $Project$ + $Workfile$ + $Revision$ + $DateUTC$ + $Id$ + This file is part of the Indy (Internet Direct) project, and is offered under the dual-licensing agreement described on the Indy website. (http://www.indyproject.org/) Copyright: - (c) 1993-2024, Chad Z. Hower and the Indy Pit Crew. All rights reserved. + (c) 1993-2005, Chad Z. Hower and the Indy Pit Crew. All rights reserved. +} +{ + $Log$ +} +{ + Rev 1.8 28.09.2004 21:38:44 Andreas Hausladen + commented out unused function ErrMsg + + Rev 1.7 2004-05-07 16:52:50 Mattias + Minor cleanup + + Rev 1.6 2004-05-07 16:34:36 Mattias + Implemented OpenSSL locking callbacks + + Rev 1.5 10/16/03 11:16:44 PM RLebeau + Updated to better support C++Builder by adding an $EXTERNSYM define to + 'time_t' so that it won't be included in the auto-generated HPP file. The + native time.h header file is used instead. + + Rev 1.4 10/17/2003 1:08:12 AM DSiders + Added localization comments. + + Rev 1.3 12/9/2002 12:48:42 PM JPMugaas + Fixed stupid compile error for the moment. The Macros in err.h have to be + sorted out later. + + Rev 1.1 12/8/2002 07:25:52 PM JPMugaas + Added published host and port properties. + + Rev 1.0 11/13/2002 08:01:32 AM JPMugaas } unit IdSSLOpenSSLHeaders; @@ -7030,6 +7066,11 @@ interface {$EXTERNALSYM DTLS_CTRL_LISTEN} DTLS_CTRL_LISTEN = 75; + {$EXTERNALSYM SSL_CTRL_SET_MIN_PROTO_VERSION} + SSL_CTRL_SET_MIN_PROTO_VERSION = 123; + {$EXTERNALSYM SSL_CTRL_SET_MAX_PROTO_VERSION} + SSL_CTRL_SET_MAX_PROTO_VERSION = 124; + {$EXTERNALSYM SSL_CTRL_GET_RI_SUPPORT} SSL_CTRL_GET_RI_SUPPORT = 76; {$EXTERNALSYM SSL_CTRL_CLEAR_OPTIONS} @@ -7645,6 +7686,8 @@ interface SSL_OP_NO_TLSv1_2 = $08000000; {$EXTERNALSYM SSL_OP_NO_TLSv1_1} SSL_OP_NO_TLSv1_1 = $10000000; + {$EXTERNALSYM SSL_OP_NO_TLSv1_3} + SSL_OP_NO_TLSv1_3 = $20000000; {$EXTERNALSYM SSL_OP_PKCS1_CHECK_1} SSL_OP_PKCS1_CHECK_1 = $00; //was $08000000; {$EXTERNALSYM SSL_OP_PKCS1_CHECK_2} @@ -8339,6 +8382,12 @@ interface {$EXTERNALSYM TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES} TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES = 0; {$EXTERNALSYM TLS1_2_VERSION} + TLS1_3_VERSION = $0304; + {$EXTERNALSYM TLS1_2_VERSION_MAJOR} + TLS1_3_VERSION_MAJOR = $03; + {$EXTERNALSYM TLS1_2_VERSION_MINOR} + TLS1_3_VERSION_MINOR = $04; + {$EXTERNALSYM TLS1_2_VERSION} TLS1_2_VERSION = $0303; {$EXTERNALSYM TLS1_2_VERSION_MAJOR} TLS1_2_VERSION_MAJOR = $03; @@ -13890,10 +13939,10 @@ X509_REQ = record {$EXTERNALSYM X509_CINF} X509_CINF = record version: PASN1_INTEGER; - serialNumber: PASN1_INTEGER; - signature: PX509_ALGOR; + serialNumber: ASN1_INTEGER; + signature: X509_ALGOR; issuer: PX509_NAME; - validity: PX509_VAL; + validity: X509_VAL; subject: PX509_NAME; key: PX509_PUBKEY; issuerUID: PASN1_BIT_STRING; // [ 1 ] optional in v2 @@ -13911,36 +13960,47 @@ X509_CERT_AUX = record end; {$EXTERNALSYM PX509_CERT_AUX} PX509_CERT_AUX = ^X509_CERT_AUX; + {$NODEFINE X509_SIG_INFO} + X509_SIG_INFO = record + mdnid: TIdC_INT; + pknid: TIdC_INT; + secbits: TIdC_INT; + flags: TIdC_INT; + end; + CRYPTO_REF_COUNT = record + val: TIdC_INT; + end; {$NODEFINE X509} X509 = record - cert_info: PX509_CINF; - sig_alg : PX509_ALGOR; + cert_info: X509_CINF; + sig_alg : X509_ALGOR; signature : PASN1_BIT_STRING; - valid : TIdC_INT; - references : TIdC_INT; - name : PIdAnsiChar; - ex_data : CRYPTO_EX_DATA; - // These contain copies of various extension values - ex_pathlen : TIdC_LONG; - ex_pcpathlen : TIdC_LONG; - ex_flags : TIdC_ULONG; - ex_kusage : TIdC_ULONG; - ex_xkusage : TIdC_ULONG; - ex_nscert : TIdC_ULONG; - skid : PASN1_OCTET_STRING; - akid : PAUTHORITY_KEYID; - policy_cache : PX509_POLICY_CACHE; - crldp : PSTACK_OF_DIST_POINT; - altname : PSTACK_OF_GENERAL_NAME; - nc : PNAME_CONSTRAINTS; + signinf: X509_SIG_INFO; + references: CRYPTO_REF_COUNT; + ex_data: CRYPTO_EX_DATA; + ex_pathlen: TIdC_LONG; + ex_pcpathlen: TIdC_LONG; + ex_flags: TIdC_UINT32; + ex_kusage: TIdC_UINT32; + ex_xkusage: TIdC_UINT32; + ex_nscert: TIdC_UINT32; + skid: PASN1_OCTET_STRING; + akid: PAUTHORITY_KEYID; + policy_cache: PX509_POLICY_CACHE; +// crldp: STACK_OF(DIST_POINT); +// altname: PSTACK_OF(GENERAL_NAME); +// nc^: PNAME_CONSTRAINTS; {$IFNDEF OPENSSL_NO_RFC3779} - rfc3779_addr : PSTACK_OF_IPAddressFamily; - rfc3779_asid : PASIdentifiers; - {$ENDIF} - {$IFNDEF OPENSSL_NO_SHA} - sha1_hash : array [0..SHA_DIGEST_LENGTH-1] of TIdAnsiChar; + rfc3779_addr: PSTACK_OF(IPAddressFamily); + rfc3779_asid: Pstruct ASIdentifiers_st; {$ENDIF} - aux : PX509_CERT_AUX; +// sha1_hash : array [0..SHA_DIGEST_LENGTH-1] of TIdAnsiChar; +// aux: pX509_CERT_AUX; +// lock: PCRYPTO_RWLOCK; +// ex_cached: volatile inT; +// distinguishing_id: PASN1_OCTET_STRING; +// libctx: POSSL_LIB_CTX; +// propq: PChar; end; {$EXTERNALSYM X509_CRL_INFO} X509_CRL_INFO = record @@ -14020,11 +14080,15 @@ X509_STORE = record get_crl : function (ctx : PX509_STORE_CTX; crl : PPX509_CRL; x : PX509) : TIdC_INT; cdecl;// retrieve CRL check_crl : function(ctx : PX509_STORE_CTX; crl : PX509_CRL) : TIdC_INT; cdecl; // Check CRL validity cert_crl : function(ctx : PX509_STORE_CTX; crl : PX509_CRL; x : PX509) : TIdC_INT; cdecl; // Check certificate against CRL + + check_policy : function(ctx : PX509_STORE_CTX): TIdC_INT; cdecl; + lookup_certs : function(ctx : PX509_STORE_CTX; nm : PX509_NAME) : PSTACK_OF_X509 cdecl; lookup_crls : function(ctx : PX509_STORE_CTX; nm : PX509_NAME) : PSTACK_OF_X509_CRL cdecl; cleanup : function(ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; ex_data : CRYPTO_EX_DATA; references : TIdC_INT; + lock: Pointer; end; {$EXTERNALSYM PX509_STORE} PX509_STORE = ^X509_STORE; @@ -14065,6 +14129,8 @@ X509_LOOKUP_METHOD = record get_by_issuer_serial : function(ctx : PX509_LOOKUP; _type : TIdC_INT; name : PX509_NAME; serial : PASN1_INTEGER; ret : PX509_OBJECT) : TIdC_INT; cdecl; get_by_fingerprint : function (ctx : PX509_LOOKUP; _type : TIdC_INT; bytes : PIdAnsiChar; len : TIdC_INT; ret : PX509_OBJECT): TIdC_INT; cdecl; get_by_alias : function(ctx : PX509_LOOKUP; _type : TIdC_INT; str : PIdAnsiChar; ret : PX509_OBJECT) : TIdC_INT; cdecl; + get_by_subject_ex : function(ctx : PX509_LOOKUP; _type : TIdC_INT; name : PX509_NAME; ret : PX509_OBJECT; libctx: Pointer; str : PIdAnsiChar) : TIdC_INT; cdecl; + ctrl_ex : function(ctx : PX509_LOOKUP; cmd: TIdC_INT; argc: PIdAnsiChar; argl: TIdC_LONG; ret: PPIdAnsiChar; libctx: Pointer; propq: PIdAnsiChar) : TIdC_INT; cdecl; end; {$EXTERNALSYM PX509_LOOKUP_METHOD} PX509_LOOKUP_METHOD = ^X509_LOOKUP_METHOD; @@ -15651,6 +15717,37 @@ SSL_CTX_stats = record // supplying session-id's from other // processes - spooky :-) end; + {$EXTERNALSYM SSL_CTX_TLS_Extensions} + SSL_CTX_TLS_Extensions = record + servername_cb : PSSL_CTEX_tlsext_servername_callback; + servername_arg : Pointer; + tick_key_name : array [0..(16-1)] of TIdAnsiChar; + secure : Pointer; + {$IFNDEF OPENSSL_NO_DEPRECATED_3_0} + ticket_key_cb : Ptlsext_ticket_key_cb; + {$ENDIF} + ticket_key_evp_cb: Ptlsext_ticket_key_cb; + status_cb : Ptlsext_status_cb; + status_arg : Pointer; + status_type : TIdC_INT; + max_fragment_len_mode: Byte; + ecpointformats_len: Cardinal; + ecpointformats: PIdAnsiChar; + supportedgroups_len: Cardinal; + supportedgroups: Pointer; + supported_groups_default: Pointer; + supported_groups_default_len: size_t; + alpn_select_cb: function(ASSL: PSSL; var Output: Pointer; var OutputLength: Integer; aInput: Pointer; aInputLength: Integer; aArguments: Pointer): Integer; cdecl; + alpn_select_cb_arg: Pointer; + alpn: PIdAnsiChar; + alpn_len: Cardinal; + {$IFNDEF OPENSSL_NO_NEXTPROTONEG} + npn_advertised_cb: Pointer; + npn_advertised_cb_arg: Pointer; + npn_select_cb: Pointer; + npn_select_cb_arg: Pointer; + {$ENDIF} + end; {$EXTERNALSYM lash_of_SSL_SESSION} lash_of_SSL_SESSION = record dummy : TIdC_INT; @@ -15674,18 +15771,22 @@ STACK_OF_SRTP_PROTECTION_PROFILE = record {$EXTERNALSYM PSTACK_OF_SRTP_PROTECTION_PROFILE} PSTACK_OF_SRTP_PROTECTION_PROFILE = PSTACK; {$ENDIF} + + {$NODEFINE SSL_CTX} SSL_CTX = record + libctx: Pointer; method: PSSL_METHOD; cipher_list: PSTACK_OF_SSL_CIPHER; // same as above but sorted for lookup cipher_list_by_id: PSTACK_OF_SSL_CIPHER; + tls13_ciphersuites: PSTACK_OF_SSL_CIPHER; cert_store: PX509_STORE; sessions: Plash_of_SSL_SESSION; // a set of SSL_SESSIONs // Most session-ids that will be cached, default is // SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. - session_cache_size: TIdC_ULONG; + session_cache_size: size_t; session_cache_head: PSSL_SESSION; session_cache_tail: PSSL_SESSION; // This can have one of 2 values, ored together, @@ -15693,7 +15794,7 @@ SSL_CTX = record // SSL_SESS_CACHE_SERVER, // Default is SSL_SESSION_CACHE_SERVER, which means only // SSL_accept which cache SSL_SESSIONS. - session_cache_mode: TIdC_INT; + session_cache_mode: Cardinal; session_timeout: TIdC_LONG; // If this callback is not null, it will be called each // time a session id is added to the cache. If this function @@ -15705,10 +15806,12 @@ SSL_CTX = record // OpenSSL will SSL_SESSION_free() it. new_session_cb: function (ssl : PSSL; sess: PSSL_SESSION): TIdC_INT; cdecl; remove_session_cb: procedure (ctx : PSSL_CTX; sess : PSSL_SESSION); cdecl; - get_session_cb: function (ssl : PSSL; data : PByte; len: TIdC_INT; copy : PIdC_INT) : PSSL_SESSION; cdecl; + get_session_cb: function (ssl : PSSL; const data : PByte; len: TIdC_INT; copy : PIdC_INT) : PSSL_SESSION; cdecl; stats : SSL_CTX_stats; - references: TIdC_INT; + {$IFDEF TSAN_REQUIRES_LOCKING} + tsan_lock: Pointer; + {$ENDIF} // if defined, these override the X509_verify_cert() calls app_verify_callback: function (_para1 : PX509_STORE_CTX; _para2 : Pointer) : TIdC_INT; cdecl; app_verify_arg: Pointer; @@ -15722,9 +15825,10 @@ SSL_CTX = record client_cert_cb: function (SSL : PSSL; x509 : PPX509; pkey : PPEVP_PKEY) : TIdC_INT; cdecl; // verify cookie callback app_gen_cookie_cb: function (ssl : PSSL; cookie : PByte; cookie_len : TIdC_UINT) : TIdC_INT; cdecl; - app_verify_cookie_cb: Pointer; + app_verify_cookie_cb: function (ssl : PSSL; const cookie : PByte; cookie_len : TIdC_UINT) : TIdC_INT; cdecl; + gen_stateless_cookie_cb: function (ssl : PSSL; cookie : PByte; cookie_len : size_t) : TIdC_INT; cdecl; + verify_stateless_cookie_cb: function (ssl : PSSL; const cookie : PByte; cookie_len : size_t) : TIdC_INT; cdecl; ex_data : CRYPTO_EX_DATA; - rsa_md5 : PEVP_MD; // For SSLv2 - name is 'ssl2-md5' md5: PEVP_MD; // For SSLv3/TLSv1 'ssl3-md5' sha1: PEVP_MD; // For SSLv3/TLSv1 'ssl3->sha1' extra_certs: PSTACK_OF_X509; @@ -15732,116 +15836,47 @@ SSL_CTX = record // Default values used when no per-SSL value is defined follow info_callback: PSSL_CTX_info_callback; // used if SSL's info_callback is NULL // what we put in client cert requests + CA : PSTACK_OF_X509_NAME; client_CA : PSTACK_OF_X509_NAME; // Default values to use in SSL structures follow (these are copied by SSL_new) - options : TIdC_ULONG; - mode : TIdC_ULONG; - max_cert_list : TIdC_LONG; + options : UInt64; + mode : Cardinal; + min_proto_version: TIdC_INT; + max_proto_version: TIdC_INT; + max_cert_list : Cardinal; cert : PCERT; read_ahead : TIdC_INT; // callback that allows applications to peek at protocol messages msg_callback : procedure (write_p, version, content_type : TIdC_INT; const buf : Pointer; len : size_t; ssl : PSSL; arg : Pointer); cdecl; msg_callback_arg : Pointer; verify_mode : TIdC_INT; - sid_ctx_length : TIdC_UINT; + sid_ctx_length : Cardinal; sid_ctx : array[0..SSL_MAX_SID_CTX_LENGTH - 1] of TIdAnsiChar; default_verify_callback : function(ok : TIdC_INT; ctx : PX509_STORE_CTX) : TIdC_INT; cdecl; // called 'verify_callback' in the SSL // Default generate session ID callback. generate_session_id : PGEN_SESSION_CB; param : PX509_VERIFY_PARAM; - {$IFDEF OMIT_THIS} - purpose : TIdC_INT; // Purpose setting - trust : TIdC_INT; // Trust setting - {$ENDIF} - quiet_shutdown : TIdC_INT; - //* Maximum amount of data to send in one fragment. - // * actual record size can be more than this due to - // * padding and MAC overheads. - // */ - max_send_fragment : TIdC_UINT; + {$IFNDEF OPENSSL_NO_CT} + ct_validation_callback: Pointer; + ct_validation_callback_arg: Pointer; + {$ENDIF} + split_send_fragment: Cardinal; + max_send_fragment : Cardinal; + max_pipelines: Cardinal; + default_read_buf_len: Cardinal; {$IFNDEF OPENSSL_ENGINE} ///* Engine to pass requests for client certs to // */ client_cert_engine : PENGINE; {$ENDIF} + client_hello_cb: pointer; + client_hello_cb_arg: pointer; {$IFNDEF OPENSSL_NO_TLSEXT} -//* TLS extensions servername callback */ - tlsext_servername_callback : PSSL_CTEX_tlsext_servername_callback; - tlsext_servername_arg : Pointer; - //* RFC 4507 session ticket keys */ - tlsext_tick_key_name : array [0..(16-1)] of TIdAnsiChar; - tlsext_tick_hmac_key : array [0..(16-1)] of TIdAnsiChar; - tlsext_tick_aes_key : array [0..(16-1)] of TIdAnsiChar; - //* Callback to support customisation of ticket key setting */ - // int (*tlsext_ticket_key_cb)(SSL *ssl, - // unsigned char *name, unsigned char *iv, - // EVP_CIPHER_CTX *ectx, - // HMAC_CTX *hctx, int enc); - tlsext_ticket_key_cb : Ptlsext_ticket_key_cb; - //* certificate status request info */ - //* Callback for status request */ - //int (*tlsext_status_cb)(SSL *ssl, void *arg); - tlsext_status_cb : Ptlsext_status_cb; - tlsext_status_arg : Pointer; + ext: SSL_CTX_TLS_Extensions; {$ENDIF} - //* draft-rescorla-tls-opaque-prf-input-00.txt information */ - tlsext_opaque_prf_input_callback : function(para1 : PSSL; peerinput : Pointer; len : size_t; arg : Pointer ) : TIdC_INT cdecl; - //int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); - tlsext_opaque_prf_input_callback_arg : Pointer; - -{$ifndef OPENSSL_NO_PSK} - psk_identity_hint : PIdAnsiChar; - psk_client_callback : function (ssl : PSSL; hint : PIdAnsiChar; - identity : PIdAnsiChar; max_identity_len : TIdC_UINT; - psk : PIdAnsiChar; max_psk_len : TIdC_UINT ) : TIdC_UINT cdecl; - // unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity, -// unsigned int max_identity_len, unsigned char *psk, -// unsigned int max_psk_len); - psk_server_callback : function (ssl : PSSL; identity, psk : PIdAnsiChar; max_psk_len : TIdC_UINT) : TIdC_UINT cdecl; -// unsigned int (*psk_server_callback)(SSL *ssl, const char *identity, -// unsigned char *psk, unsigned int max_psk_len); -{$endif} - -{$ifndef OPENSSL_NO_BUF_FREELISTS} - freelist_max_len : TIdC_UINT; - wbuf_freelist : Pssl3_buf_freelist_st; - rbuf_freelist : Pssl3_buf_freelist_st; -{$endif} -{$ifndef OPENSSL_NO_SRP} - srp_ctx : SRP_CTX; //* ctx for SRP authentication */ -{$endif} - -{$ifndef OPENSSL_NO_TLSEXT} -//# ifndef OPENSSL_NO_NEXTPROTONEG - //* Next protocol negotiation information */ - //* (for experimental NPN extension). */ - - //* For a server, this contains a callback function by which the set of - // * advertised protocols can be provided. */ - next_protos_advertised_cb : function(s : PSSL; out but : PIdAnsiChar; - out len : TIdC_UINT; arg : Pointer) : TIdC_INT cdecl; -// int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, -// unsigned int *len, void *arg); - next_protos_advertised_cb_arg : Pointer; - //* For a client, this contains a callback function that selects the - // * next protocol from the list provided by the server. */ - next_proto_select_cb : function(s : PSSL; out _out : PIdAnsiChar; - outlen : PIdAnsiChar; - _in : PIdAnsiChar; - inlen : TIdC_UINT; - arg : Pointer) : TIdC_INT cdecl; -// int (*next_proto_select_cb)(SSL *s, unsigned char **out, -// unsigned char *outlen, -// const unsigned char *in, -// unsigned int inlen, -// void *arg); - next_proto_select_cb_arg : Pointer; -//# endif - //* SRTP profiles we are willing to do from RFC 5764 */ - srtp_profiles : PSTACK_OF_SRTP_PROTECTION_PROFILE; -{$endif} end; + {$EXTERNALSYM PSSL2_STATE} PSSL2_STATE = ^SSL2_STATE; {$EXTERNALSYM PSSL3_STATE} @@ -16907,6 +16942,10 @@ DTLS1_STATE = record EVP_MD_CTX_create: function : PEVP_MD_CTX cdecl = nil; {$EXTERNALSYM EVP_MD_CTX_destroy} EVP_MD_CTX_destroy : procedure(ctx : PEVP_MD_CTX) cdecl = nil; + {$EXTERNALSYM EVP_MD_CTX_new} + EVP_MD_CTX_new: function : PEVP_MD_CTX cdecl = nil; + {$EXTERNALSYM EVP_MD_CTX_free} + EVP_MD_CTX_free : function(ctx : PEVP_MD_CTX) : TIdC_Int cdecl = nil; {$EXTERNALSYM EVP_MD_CTX_copy} EVP_MD_CTX_copy : function(_out : PEVP_MD_CTX; _in: PEVP_MD_CTX): TIdC_INT cdecl = nil; {$EXTERNALSYM EVP_MD_CTX_copy_ex} @@ -17087,6 +17126,8 @@ DTLS1_STATE = record X509_PUBKEY_get : function(key: PX509_PUBKEY): PEVP_PKEY cdecl = nil; {$EXTERNALSYM X509_verify} X509_verify : function(x509: PX509; pkey: PEVP_PKEY): TIdC_INT cdecl = nil; + {$EXTERNALSYM X509_verify_cert_error_string} + X509_verify_cert_error_string : function(n: TIdC_LONG): PIdAnsiChar cdecl = nil; {$EXTERNALSYM X509_sign} X509_sign : function(x: PX509; pkey: PEVP_PKEY; const md: PEVP_MD): TIdC_INT cdecl = nil; {$EXTERNALSYM X509_REQ_sign} @@ -17993,8 +18034,12 @@ DTLS1_STATE = record //experimental {$EXTERNALSYM ERR_error_string_n} ERR_error_string_n: procedure(e: TIdC_ULONG; buf: PIdAnsiChar; len : size_t) cdecl = nil; - {$EXTERNALSYM ERR_put_error} - ERR_put_error : procedure (lib, func, reason : TIdC_INT; _file : PIdAnsiChar; line : TIdC_INT) cdecl = nil; + {$EXTERNALSYM ERR_new} + Err_new : procedure cdecl = nil; + {$EXTERNALSYM ERR_set_debug} + ERR_set_debug : procedure (_file : PIdAnsiChar; line: TIdC_INT; func: PIdAnsiChar) cdecl = nil; + {$EXTERNALSYM ERR_set_error} + ERR_set_error : procedure (lib, reason : TIdC_INT; fmt : PIdAnsiChar) cdecl = nil; {$EXTERNALSYM ERR_get_error} ERR_get_error : function: TIdC_ULONG cdecl = nil; {$EXTERNALSYM ERR_peek_error} @@ -18042,7 +18087,6 @@ DTLS1_STATE = record {$EXTERNALSYM _FIPS_mode} _FIPS_mode : function () : TIdC_INT cdecl = nil; {$ENDIF} - {$IFNDEF OPENSSL_NO_HMAC} { NOTE: @@ -18094,6 +18138,26 @@ procedure HMAC_Update(ctx : PHMAC_CTX; data : PIdAnsiChar; len : size_t); procedure HMAC_Final(ctx : PHMAC_CTX; md : PIdAnsiChar; len : PIdC_UINT); {$ENDIF} +var + {$EXTERNALSYM SSL_CTX_set_info_callback} + SSL_CTX_set_info_callback : procedure(Ctx: PSSL_CTX; Callback: PSSL_CTX_info_callback); cdecl = nil; + + {$EXTERNALSYM OpenSSL_version_num} + OpenSSL_version_num : function: LongWord; cdecl = nil; + {$EXTERNALSYM OpenSSL_version} + OpenSSL_version : function(t: Integer): PIdAnsiChar; cdecl = nil; + + {$EXTERNALSYM TLS_method} + TLS_method : function: PSSL_METHOD cdecl = nil; + + {$EXTERNALSYM SSL_get_version} + SSL_get_version : function(S: PSSL): PIdAnsiChar; cdecl = nil; + {$EXTERNALSYM SSL_CTX_get_cert_store} + SSL_CTX_get_cert_store : function(const Ctx: PSSL_CTX): PX509_STORE; cdecl = nil; + + {$EXTERNALSYM SSL_get_ex_data_X509_STORE_CTX_idx} + SSL_get_ex_data_X509_STORE_CTX_idx : function: Integer; cdecl = nil; + {begin stack fancy stuff} { For the sk functions having a type, you have to typecase one procedural pointer @@ -18231,10 +18295,13 @@ function X509_CRL_get_nextUpdate(x : PX509_CRL) : PASN1_TIME; function X509_CRL_get_issuer(x : PX509_CRL) : PX509_NAME; {$EXTERNALSYM X509_CRL_get_REVOKED} function X509_CRL_get_REVOKED(x : PX509_CRL) : PSTACK_OF_X509_REVOKED; - {$EXTERNALSYM SSL_CTX_set_info_callback} -procedure SSL_CTX_set_info_callback(ctx: PSSL_CTX; cb: PSSL_CTX_info_callback); {$EXTERNALSYM SSL_CTX_set_options} function SSL_CTX_set_options(ctx: PSSL_CTX; op: TIdC_LONG):TIdC_LONG; + {$EXTERNALSYM SSL_CTX_set_min_proto_version} +function SSL_CTX_set_min_proto_version(ctx: PSSL_CTX; op: TIdC_LONG): TIdC_LONG; + {$EXTERNALSYM SSL_CTX_set_max_proto_version} +function SSL_CTX_set_max_proto_version(ctx: PSSL_CTX; op: TIdC_LONG): TIdC_LONG; + {$EXTERNALSYM SSL_CTX_clear_options} function SSL_CTX_clear_options(ctx : PSSL_CTX; op : TIdC_LONG):TIdC_LONG; {$EXTERNALSYM SSL_CTX_get_options} @@ -18883,6 +18950,7 @@ function IsOpenSSL_TLSv1_0_Available : Boolean; function IsOpenSSL_TLSv1_1_Available : Boolean; function IsOpenSSL_TLSv1_2_Available : Boolean; function IsOpenSSL_DTLSv1_Available : Boolean; +function IsOpenSSL_TLSv1_3_Available : Boolean; // RLebeau: should these be declared as EXTERNALSYM? procedure RAND_cleanup; @@ -18911,6 +18979,14 @@ implementation {$ENDIF} {$ENDIF}; +procedure ERR_put_error(lib, func, reason : TIdC_INT; _file : PIdAnsiChar; line : TIdC_INT); +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Err_new(); + ERR_set_debug(_file, line, nil); + ERR_set_error(lib, reason, nil); +end; + {$IFNDEF OPENSSL_NO_HMAC} procedure HMAC_Init_ex(ctx : PHMAC_CTX; key : Pointer; len : TIdC_INT; md : PEVP_MD; impl : PENGINE); @@ -19008,6 +19084,12 @@ function IsOpenSSL_TLSv1_2_Available : Boolean; Assigned(TLSv1_2_client_method); end; +function IsOpenSSL_TLSv1_3_Available : Boolean; +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Result := True; +end; + function IsOpenSSL_DTLSv1_Available : Boolean; {$IFDEF USE_INLINE} inline; {$ENDIF} begin @@ -19043,8 +19125,7 @@ function OpenSSLGetDigestCtx( AInst : PEVP_MD) : TIdHashIntCtx; {$IFDEF USE_INLINE} inline; {$ENDIF} var LRet : Integer; begin - Result := AllocMem(SizeOf(EVP_MD_CTX)); - EVP_MD_CTX_init(Result); + Result := EVP_MD_CTX_new; LRet := EVP_DigestInit_ex(Result, AInst, nil); if LRet <> 1 then begin @@ -19237,8 +19318,7 @@ function OpenSSLFinalHashInst(ACtx: TIdHashIntCtx): TIdBytes; EIdDigestFinalEx.RaiseException('EVP_DigestFinal_ex error'); end; SetLength(Result,LLen); - EVP_MD_CTX_cleanup(ACtx); - FreeMem(ACtx,SizeOf(EVP_MD_CTX)); + EVP_MD_CTX_free(ACtx); end; function OpenSSLIsHMACAvail : Boolean; @@ -19553,13 +19633,14 @@ class procedure EIdOpenSSLAPISSLError.RaiseExceptionCode(const AErrCode, ARetCod {$ENDIF} {$IFDEF WINDOWS} const - SSL_DLL_name = 'ssleay32.dll'; {Do not localize} - //The following is a workaround for an alternative name for - //one of the OpenSSL .DLL's. If you compile the .DLL's using - //mingw32, the SSL .dll might be named 'libssl32.dll' instead of - //ssleay32.dll like you would expect. - SSL_DLL_name_alt = 'libssl32.dll'; {Do not localize} - SSLCLIB_DLL_name = 'libeay32.dll'; {Do not localize} + {$IFDEF CPUX64} + SSL_DLL_name = 'libssl-3-x64.dll'; {Do not localize} + SSLCLIB_DLL_name = 'libcrypto-3-x64.dll'; {Do not localize} + {$ELSE} + SSL_DLL_name = 'libssl-3.dll'; {Do not localize} + SSLCLIB_DLL_name = 'libcrypto-3.dll'; {Do not localize} + + {$ENDIF} {$ENDIF} {$ENDIF} @@ -19601,23 +19682,23 @@ function GetCryptLibHandle : TIdLibHandle; const {most of these are commented out because we aren't using them now. I am keeping them in case we use them later.} - fn_sk_num = 'sk_num'; {Do not localize} - fn_sk_value = 'sk_value'; {Do not localize} + fn_sk_num = 'OPENSSL_sk_num'; {Do not localize} + fn_sk_value = 'OPENSSL_sk_value'; {Do not localize} {CH fn_sk_set = 'sk_set'; } {Do not localize} - fn_sk_new = 'sk_new'; {Do not localize} - fn_sk_new_null = 'sk_new_null'; {Do not localize} - fn_sk_free = 'sk_free'; {Do not localize} - fn_sk_pop_free = 'sk_pop_free'; {Do not localize} + fn_sk_new = 'OPENSSL_sk_new'; {Do not localize} + fn_sk_new_null = 'OPENSSL_sk_new_null'; {Do not localize} + fn_sk_free = 'OPENSSL_sk_free'; {Do not localize} + fn_sk_pop_free = 'OPENSSL_sk_pop_free'; {Do not localize} {CH fn_sk_insert = 'sk_insert'; } {Do not localize} {CH fn_sk_delete = 'sk_delete'; } {Do not localize} {CH fn_sk_delete_ptr = 'sk_delete_ptr'; } {Do not localize} - fn_sk_find = 'sk_find'; {Do not localize} - fn_sk_push = 'sk_push'; {Do not localize} + fn_sk_find = 'OPENSSL_sk_find'; {Do not localize} + fn_sk_push = 'OPENSSL_sk_push'; {Do not localize} {CH fn_sk_unshift = 'sk_unshift'; } {Do not localize} {CH fn_sk_shift = 'sk_shift'; } {Do not localize} {CH fn_sk_pop = 'sk_pop'; } {Do not localize} {CH fn_sk_zero = 'sk_zero'; } {Do not localize} - fn_sk_dup = 'sk_dup'; {Do not localize} + fn_sk_dup = 'OPENSSL_sk_dup'; {Do not localize} {CH fn_sk_sort = 'sk_sort'; } {Do not localize} fn_SSLeay_version = 'SSLeay_version'; {Do not localize} fn_SSLeay = 'SSLeay'; {Do not localize} @@ -20776,9 +20857,12 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_OBJ_create_objects = 'OBJ_create_objects'; } {Do not localize} {===} fn_EVP_MD_type = 'EVP_MD_type'; {Do not localize} + fn_EVP_MD_get_type = 'EVP_MD_get_type'; {Do not localize} fn_EVP_MD_pkey_type = 'EVP_MD_pkey_type'; {Do not localize} fn_EVP_MD_size = 'EVP_MD_size'; {Do not localize} + fn_EVP_MD_get_size = 'EVP_MD_get_size'; {Do not localize} fn_EVP_MD_block_size = 'EVP_MD_block_size'; {Do not localize} + fn_EVP_MD_get_block_size = 'EVP_MD_get_block_size'; {Do not localize} fn_EVP_MD_flags = 'EVP_MD_flags'; {Do not localize} fn_EVP_MD_CTX_md = 'EVP_MD_CTX_md'; {Do not localize} fn_EVP_CIPHER_nid = 'EVP_CIPHER_nid'; {Do not localize} @@ -20799,6 +20883,8 @@ function GetCryptLibHandle : TIdLibHandle; fn_EVP_MD_CTX_cleanup = 'EVP_MD_CTX_cleanup'; {Do not localize} fn_EVP_MD_CTX_create = 'EVP_MD_CTX_create'; {Do not localize} fn_EVP_MD_CTX_destroy = 'EVP_MD_CTX_destroy'; {Do not localize} + fn_EVP_MD_CTX_new = 'EVP_MD_CTX_new'; {Do not localize} + fn_EVP_MD_CTX_free = 'EVP_MD_CTX_free'; {Do not localize} fn_EVP_MD_CTX_copy_ex = 'EVP_MD_CTX_copy_ex'; {Do not localize} fn_EVP_MD_CTX_set_flags = 'EVP_MD_CTX_set_flags'; {Do not localize} fn_EVP_MD_CTX_clear_flags = 'EVP_MD_CTX_clear_flags'; {Do not localize} @@ -21576,7 +21662,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_PKCS7_get_signed_attribute = 'PKCS7_get_signed_attribute'; } {Do not localize} {CH fn_PKCS7_set_signed_attributes = 'PKCS7_set_signed_attributes'; } {Do not localize} {CH fn_PKCS7_set_attributes = 'PKCS7_set_attributes'; } {Do not localize} - {CH fn_X509_verify_cert_error_string = 'X509_verify_cert_error_string'; } {Do not localize} + fn_X509_verify_cert_error_string = 'X509_verify_cert_error_string'; {Do not localize} fn_X509_verify = 'X509_verify'; {Do not localize} {CH fn_X509_REQ_verify = 'X509_REQ_verify'; } {Do not localize} {CH fn_X509_CRL_verify = 'X509_CRL_verify'; } {Do not localize} @@ -22099,7 +22185,7 @@ function GetCryptLibHandle : TIdLibHandle; {CH fn_SSL_CTX_add_session = 'SSL_CTX_add_session'; } {Do not localize} {CH fn_SSL_CTX_remove_session = 'SSL_CTX_remove_session'; } {Do not localize} {CH fn_d2i_SSL_SESSION = 'd2i_SSL_SESSION'; } {Do not localize} - fn_SSL_get_peer_certificate = 'SSL_get_peer_certificate'; {Do not localize} + fn_SSL_get_peer_certificate = 'SSL_get1_peer_certificate'; {Do not localize} {CH fn_SSL_get_peer_cert_chain = 'SSL_get_peer_cert_chain'; } {Do not localize} {CH fn_SSL_CTX_get_verify_mode = 'SSL_CTX_get_verify_mode'; } {Do not localize} fn_SSL_CTX_get_verify_depth = 'SSL_CTX_get_verify_depth'; {Do not localize} @@ -22151,6 +22237,17 @@ function GetCryptLibHandle : TIdLibHandle; fn_DTLSv1_method = 'DTLSv1_method'; {Do not localize} fn_DTLSv1_server_method = 'DTLSv1_server_method'; {Do not localize} fn_DTLSv1_client_method = 'DTLSv1_client_method'; {Do not localize} + fn_SSL_CTX_set_info_callback = 'SSL_CTX_set_info_callback'; {Do not localize} + fn_OpenSSL_version_num = 'OpenSSL_version_num'; {Do not localize} + fn_OpenSSL_version = 'OpenSSL_version'; {Do not localize} + + fn_TLS_method = 'TLS_method'; {Do not localize} + + fn_SSL_get_version = 'SSL_get_version'; {Do not localize} + fn_SSL_CTX_get_cert_store = 'SSL_CTX_get_cert_store'; {Do not localize} + + fn_SSL_get_ex_data_X509_STORE_CTX_idx = 'SSL_get_ex_data_X509_STORE_CTX_idx'; {Do not localize} + {CH fn_SSL_get_ciphers = 'SSL_get_ciphers'; } {Do not localize} {CH fn_SSL_do_handshake = 'SSL_do_handshake'; } {Do not localize} {CH fn_SSL_renegotiate = 'SSL_renegotiate'; } {Do not localize} @@ -22266,7 +22363,9 @@ function GetCryptLibHandle : TIdLibHandle; {$ENDIF} {CH fn_ERR_load_RAND_strings = 'ERR_load_RAND_strings'; } {Do not localize} //experimental - fn_ERR_put_error = 'ERR_put_error'; {Do not localize} + fn_ERR_new = 'ERR_new'; {Do not localize} + fn_ERR_set_error= 'ERR_set_error'; {Do not localize} + fn_ERR_set_debug= 'ERR_set_debug'; {Do not localize} fn_ERR_get_error = 'ERR_get_error'; {Do not localize} {CH fn_ERR_get_error_line = 'ERR_get_error_line'; } {Do not localize} {CH fn_ERR_get_error_line_data = 'ERR_get_error_line_data'; } {Do not localize} @@ -22777,12 +22876,7 @@ function LoadSSLLibrary: TIdLibHandle; Exit; end; // TODO: exit here if the error is anything other than the file not being found... - //This is a workaround for mingw32-compiled SSL .DLL which - //might be named 'libssl32.dll'. - Result := SafeLoadLibrary(GIdOpenSSLPath + SSL_DLL_name_alt); - if Result <> IdNilHandle then begin - Exit; - end; + {$ELSE} {$IFDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // TODO: use {$IF DEFINED(UNIX)} instead? // Workaround that is required under Linux (changed RTLD_GLOBAL with RTLD_LAZY Note: also work with LoadLibrary()) @@ -22907,7 +23001,7 @@ function Load: Boolean; // RLebeau 6/8/2021: verify the type of library is supported... - @_SSLeay_version := LoadOldCLib(fn_SSLeay_version, 'OpenSSL_version'); {Do not localize} //Used by Indy + @_SSLeay_version := LoadOldCLib(fn_SSLeay_version, 'OpenSSL_version'); {Do not localize} //Used by Indy @SSLeay := LoadOldCLib(fn_SSLeay, 'OpenSSL_version_num'); {Do not localize} //Used by Indy if Assigned(_SSLeay_version) then begin @@ -22939,15 +23033,15 @@ function Load: Boolean; LMinor := (LVersion and $0FF00000) shr 20; if (LMajor = 0) and (LMinor = 0) then begin // < 0.9.3 LMajor := (LVersion and $F000) shr 12; - LMinor := (LVersion and $0F00) shr 8; + //LMinor := (LVersion and $0F00) shr 8; end; - if (LMajor > 1) or ((LMajor = 1) and (LMinor > 0)) then // OpenSSL 1.1.0 or higher + if (LMajor < 3) then // OpenSSL 1.1.1 or lower begin FFailedLoadList.Add(IndyFormat(RSOSSUnsupportedVersion, [LVersion])); Exit; end; end; - end else + end else begin FFailedLoadList.Add(IndyFormat(RSOSSUnsupportedLibrary, [LVersionStr])); Exit; @@ -22966,7 +23060,7 @@ function Load: Boolean; @SSL_CTX_use_certificate := LoadFunction(fn_SSL_CTX_use_certificate); //Used by Indy @SSL_CTX_use_certificate_file := LoadFunction(fn_SSL_CTX_use_certificate_file); //Used by Indy @SSL_CTX_use_certificate_chain_file := LoadFunction(fn_SSL_CTX_use_certificate_chain_file,False); //Used by Indy - @SSL_load_error_strings := LoadFunction(fn_SSL_load_error_strings); //Used by Indy + @SSL_load_error_strings := LoadFunction(fn_SSL_load_error_strings,False); //Used by Indy @SSL_state_string_long := LoadFunction(fn_SSL_state_string_long); //Used by Indy @SSL_alert_desc_string_long := LoadFunction(fn_SSL_alert_desc_string_long); //Used by Indy @SSL_alert_type_string_long := LoadFunction(fn_SSL_alert_type_string_long); //Used by Indy @@ -23038,7 +23132,7 @@ function Load: Boolean; @SSL_set_shutdown := LoadFunction(fn_SSL_set_shutdown); //Used by Indy @SSL_CTX_load_verify_locations := LoadFunction(fn_SSL_CTX_load_verify_locations); //Used by Indy @SSL_get_session := LoadFunction(fn_SSL_get_session); //Used by Indy - @SSLeay_add_ssl_algorithms := LoadFunction(fn_SSLeay_add_ssl_algorithms); //Used by Indy + @SSLeay_add_ssl_algorithms := LoadFunction(fn_SSLeay_add_ssl_algorithms, False); //Used by Indy @SSL_SESSION_get_id := LoadFunction(fn_SSL_SESSION_get_id); //Used by Indy @SSL_copy_session_id := LoadFunction(fn_SSL_copy_session_id{$IFDEF ANDROID}, False{$ENDIF}); //Used by Indy {$IFDEF ANDROID} @@ -23047,11 +23141,13 @@ function Load: Boolean; end; {$ENDIF} // CRYPTO LIB + @_SSLeay_version := LoadFunctionCLib(fn_SSLeay_version, False); //Used by Indy + @SSLeay := LoadFunctionCLib(fn_SSLeay, False); //Used by Indy @d2i_X509_NAME := LoadFunctionCLib(fn_d2i_X509_NAME); @i2d_X509_NAME := LoadFunctionCLib(fn_i2d_X509_NAME); @X509_NAME_oneline := LoadFunctionCLib(fn_X509_NAME_oneline);//Used by Indy @X509_NAME_cmp := LoadFunctionCLib(fn_X509_NAME_cmp); //Used by Indy - @X509_NAME_hash := LoadFunctionCLib(fn_X509_NAME_hash); //Used by Indy + @X509_NAME_hash := LoadFunctionCLib(fn_X509_NAME_hash + '_ex'); //Used by Indy @X509_set_issuer_name := LoadFunctionCLib(fn_X509_set_issuer_name,False); @X509_get_issuer_name := LoadFunctionCLib(fn_X509_get_issuer_name); //Used by Indy @X509_set_subject_name := LoadFunctionCLib(fn_X509_set_subject_name,False); @@ -23110,15 +23206,23 @@ function Load: Boolean; @SSL_CIPHER_get_name := LoadFunction(fn_SSL_CIPHER_get_name); //Used by Indy @SSL_CIPHER_get_version := LoadFunction(fn_SSL_CIPHER_get_version); //Used by Indy @SSL_CIPHER_get_bits := LoadFunction(fn_SSL_CIPHER_get_bits); //Used by Indy + + @SSL_CTX_set_info_callback := LoadFunction(fn_SSL_CTX_set_info_callback); + @OpenSSL_version_num := LoadFunctionCLib(fn_OpenSSL_version_num, True); + @OpenSSL_version := LoadFunctionCLib(fn_OpenSSL_version, True); + @TLS_method := LoadFunction(fn_TLS_method, True); + @SSL_get_version := LoadFunction(fn_SSL_get_version, True); + @SSL_CTX_get_cert_store := LoadFunction(fn_SSL_CTX_get_cert_store); + @SSL_get_ex_data_X509_STORE_CTX_idx := LoadFunction(fn_SSL_get_ex_data_X509_STORE_CTX_idx, True); // Thread safe - @_CRYPTO_lock := LoadFunctionCLib(fn_CRYPTO_lock{$IFDEF ANDROID}, False{$ENDIF}); //Used by Indy + @_CRYPTO_lock := LoadFunctionCLib(fn_CRYPTO_lock,False); //Used by Indy {$IFDEF ANDROID} if not Assigned(_CRYPTO_lock) then begin @_CRYPTO_lock := @Indy_CRYPTO_lock; end; {$ENDIF} - @_CRYPTO_num_locks := LoadFunctionCLib(fn_CRYPTO_num_locks); //Used by Indy - @CRYPTO_set_locking_callback := LoadFunctionCLib(fn_CRYPTO_set_locking_callback); //Used by Indy + @_CRYPTO_num_locks := LoadFunctionCLib(fn_CRYPTO_num_locks,False); //Used by Indy + @CRYPTO_set_locking_callback := LoadFunctionCLib(fn_CRYPTO_set_locking_callback,False); //Used by Indy {$IFNDEF WIN32_OR_WIN64} { In OpenSSL 1.0.0, you should use these callback functions instead of the @@ -23129,12 +23233,14 @@ function Load: Boolean; @CRYPTO_THREADID_set_numeric := LoadFunctionClib(fn_CRYPTO_THREADID_set_numeric,False); //Used by Indy @CRYPTO_THREADID_set_pointer := LoadFunctionClib(fn_CRYPTO_THREADID_set_pointer,False); if not Assigned(CRYPTO_THREADID_set_callback) then begin //Used by Indy - @CRYPTO_set_id_callback := LoadFunctionCLib(fn_CRYPTO_set_id_callback); //Used by Indy + @CRYPTO_set_id_callback := LoadFunctionCLib(fn_CRYPTO_set_id_callback,False); //Used by Indy end else begin @CRYPTO_set_id_callback := nil; end; {$ENDIF} - @ERR_put_error := LoadFunctionCLib(fn_ERR_put_error,False); + @ERR_new := LoadFunctionCLib(fn_ERR_new,False); + @ERR_set_debug := LoadFunctionCLib(fn_ERR_set_debug,False); + @ERR_set_error := LoadFunctionCLib(fn_ERR_set_error,False); @ERR_get_error := LoadFunctionCLib(fn_ERR_get_error,False); @ERR_peek_error := LoadFunctionCLib(fn_ERR_peek_error,False); @ERR_peek_last_error := LoadFunctionCLib(fn_ERR_peek_last_error); //Used by Indy @@ -23146,7 +23252,7 @@ function Load: Boolean; @ERR_reason_error_string := LoadFunctionCLib( fn_ERR_reason_error_string, False ); @ERR_load_ERR_strings := LoadFunctionCLib( fn_ERR_load_ERR_strings,False); @ERR_load_crypto_strings := LoadFunctionCLib(fn_ERR_load_crypto_strings,False); - @ERR_free_strings := LoadFunctionCLib(fn_ERR_free_strings); //Used by Indy + @ERR_free_strings := LoadFunctionCLib(fn_ERR_free_strings,False); //Used by Indy @ERR_remove_thread_state := LoadFunctionCLib(fn_ERR_remove_thread_state,False); //Used by Indy if not Assigned(ERR_remove_thread_state) then begin @ERR_remove_state := LoadFunctionCLib(fn_ERR_remove_state); //Used by Indy @@ -23251,6 +23357,7 @@ function Load: Boolean; @X509_REQ_set_pubkey := LoadFunctionCLib(fn_X509_REQ_set_pubkey,False); @X509_PUBKEY_get := LoadFunctionCLib(fn_X509_PUBKEY_get,False); @X509_verify := LoadFunctionCLib(fn_X509_verify,False); + @X509_verify_cert_error_string := LoadFunctionCLib(fn_X509_verify_cert_error_string,False); //PEM {$IFNDEF SSLEAY_MACROS} @_PEM_read_bio_X509 := LoadFunctionCLib(fn_PEM_read_bio_X509, False); @@ -23465,10 +23572,12 @@ function Load: Boolean; @EVP_seed_ofb := LoadFunctionCLib(fn_EVP_seed_ofb,False); {$endif} - @EVP_MD_CTX_init := LoadFunctionCLib(fn_EVP_MD_CTX_init); - @EVP_MD_CTX_cleanup := LoadFunctionCLib(fn_EVP_MD_CTX_cleanup); + @EVP_MD_CTX_init := LoadFunctionCLib(fn_EVP_MD_CTX_init, False); + @EVP_MD_CTX_cleanup := LoadFunctionCLib(fn_EVP_MD_CTX_cleanup, False); @EVP_MD_CTX_create := LoadFunctionCLib(fn_EVP_MD_CTX_create, False); @EVP_MD_CTX_destroy := LoadFunctionCLib(fn_EVP_MD_CTX_destroy, False); + @EVP_MD_CTX_new := LoadFunctionCLib(fn_EVP_MD_CTX_new, False); + @EVP_MD_CTX_free := LoadFunctionCLib(fn_EVP_MD_CTX_free, False); @EVP_MD_CTX_copy := LoadFunctionCLib(fn_EVP_MD_CTX_copy, False); @EVP_MD_CTX_copy_ex := LoadFunctionCLib(fn_EVP_MD_CTX_copy_ex, False); //@EVP_MD_CTX_set_flags := LoadFunctionCLib(fn_EVP_MD_CTX_set_flags, False); @@ -23533,22 +23642,23 @@ function Load: Boolean; @BIO_set_cipher :=LoadFunctionCLib(fn_BIO_set_cipher,False); {$endif} + @EVP_PKEY_type := LoadFunctionCLib(fn_EVP_PKEY_type); @EVP_PKEY_new := LoadFunctionCLib(fn_EVP_PKEY_new); @EVP_PKEY_free := LoadFunctionCLib(fn_EVP_PKEY_free); //USED in Indy @EVP_PKEY_assign := LoadFunctionCLib(fn_EVP_PKEY_assign); @EVP_get_cipherbyname := LoadFunctionCLib(fn_EVP_get_cipherbyname); @EVP_get_digestbyname := LoadFunctionCLib(fn_EVP_get_digestbyname); - @EVP_MD_type := LoadFunctionCLib(fn_EVP_MD_type); - @EVP_MD_size := LoadFunctionCLib(fn_EVP_MD_size); - @EVP_MD_block_size := LoadFunctionCLib(fn_EVP_MD_block_size); + @EVP_MD_type := LoadFunctionCLib(fn_EVP_MD_get_type); + @EVP_MD_size := LoadFunctionCLib(fn_EVP_MD_get_size); + @EVP_MD_block_size := LoadFunctionCLib(fn_EVP_MD_get_block_size); @EVP_MD_flags := LoadFunctionCLib(fn_EVP_MD_flags,False); @EVP_MD_CTX_md := LoadFunctionCLib(fn_EVP_MD_CTX_md); @EVP_CIPHER_nid := LoadFunctionCLib(fn_EVP_CIPHER_nid,False); @EVP_CIPHER_block_size := LoadFunctionCLib(fn_EVP_CIPHER_block_size,False); @EVP_CIPHER_key_length := LoadFunctionCLib(fn_EVP_CIPHER_key_length,False); @EVP_CIPHER_iv_length := LoadFunctionCLib(fn_EVP_CIPHER_iv_length,False); - @EVP_CIPHER_flags := LoadFunctionCLib(fn_EVP_CIPHER_flags); - @EVP_CIPHER_type := LoadFunctionCLib(fn_EVP_CIPHER_type); + @EVP_CIPHER_flags := LoadFunctionCLib(fn_EVP_CIPHER_flags,False); + @EVP_CIPHER_type := LoadFunctionCLib(fn_EVP_CIPHER_type,False); @EVP_CIPHER_CTX_cipher := LoadFunctionCLib(fn_EVP_CIPHER_CTX_cipher); @EVP_CIPHER_CTX_nid := LoadFunctionCLib(fn_EVP_CIPHER_CTX_nid,False); @EVP_CIPHER_CTX_block_size := LoadFunctionCLib(fn_EVP_CIPHER_CTX_block_size, False ); @@ -23557,7 +23667,7 @@ function Load: Boolean; @EVP_CIPHER_CTX_copy := LoadFunctionCLib(fn_EVP_CIPHER_CTX_copy,False ); @EVP_CIPHER_CTX_get_app_data := LoadFunctionCLib(fn_EVP_CIPHER_CTX_get_app_data ); @EVP_CIPHER_CTX_set_app_data := LoadFunctionCLib(fn_EVP_CIPHER_CTX_set_app_data ); - @EVP_CIPHER_CTX_flags := LoadFunctionCLib(fn_EVP_CIPHER_CTX_flags); + @EVP_CIPHER_CTX_flags := LoadFunctionCLib(fn_EVP_CIPHER_CTX_flags,False); @EVP_add_cipher := LoadFunctionCLib(fn_EVP_add_cipher,False); @EVP_add_digest := LoadFunctionCLib(fn_EVP_add_digest,False); @@ -23692,7 +23802,7 @@ function Load: Boolean; @EVP_PKEY_meth_set_ctrl := LoadFunctionCLib(fn_EVP_PKEY_meth_set_ctrl,False); //HMAC {$IFNDEF OPENSSL_NO_HMAC} - @HMAC_CTX_init := LoadFunctionCLib(fn_HMAC_CTX_init); + @HMAC_CTX_init := LoadFunctionCLib(fn_HMAC_CTX_init,False); if IsOpenSSL_1x then begin @_HMAC_Init_ex := nil; @_HMAC_Update := nil; @@ -23708,7 +23818,7 @@ function Load: Boolean; @_1_0_HMAC_Update := nil; @_1_0_HMAC_Final := nil; end; - @HMAC_CTX_cleanup := LoadFunctionCLib(fn_HMAC_CTX_cleanup); + @HMAC_CTX_cleanup := LoadFunctionCLib(fn_HMAC_CTX_cleanup,False); {$ENDIF} //OBJ @OBJ_obj2nid := LoadFunctionCLib(fn_OBJ_obj2nid); @@ -23725,9 +23835,9 @@ function Load: Boolean; @CRYPTO_set_mem_functions := LoadFunctionCLib(fn_CRYPTO_set_mem_functions); @CRYPTO_malloc := LoadFunctionCLib(fn_CRYPTO_malloc); @CRYPTO_free := LoadFunctionCLib(fn_CRYPTO_free); - @CRYPTO_mem_leaks := LoadFunctionCLib(fn_CRYPTO_mem_leaks); - @CRYPTO_mem_ctrl := LoadFunctionCLib(fn_CRYPTO_mem_ctrl); - @CRYPTO_set_mem_debug_functions := LoadFunctionCLib(fn_CRYPTO_set_mem_debug_functions); + @CRYPTO_mem_leaks := LoadFunctionCLib(fn_CRYPTO_mem_leaks,False); + @CRYPTO_mem_ctrl := LoadFunctionCLib(fn_CRYPTO_mem_ctrl,False); + @CRYPTO_set_mem_debug_functions := LoadFunctionCLib(fn_CRYPTO_set_mem_debug_functions,False); //@CRYPTO_dbg_malloc := LoadFunctionCLib(fn_CRYPTO_dbg_malloc); //@CRYPTO_dbg_realloc := LoadFunctionCLib(fn_CRYPTO_dbg_realloc); //@CRYPTO_dbg_free := LoadFunctionCLib(fn_CRYPTO_dbg_free); @@ -23737,10 +23847,10 @@ function Load: Boolean; @i2d_PKCS12_bio := LoadFunctionCLib(fn_i2d_PKCS12_bio); @PKCS12_free := LoadFunctionCLib(fn_PKCS12_free); @OpenSSL_add_all_algorithms := LoadOldCLib(fn_OpenSSL_add_all_algorithms, - fn_OPENSSL_add_all_algorithms_noconf); - @OpenSSL_add_all_ciphers := LoadFunctionCLib(fn_OpenSSL_add_all_ciphers); - @OpenSSL_add_all_digests := LoadFunctionCLib(fn_OpenSSL_add_all_digests); - @EVP_cleanup := LoadFunctionCLib(fn_EVP_cleanup); + fn_OPENSSL_add_all_algorithms_noconf,False); + @OpenSSL_add_all_ciphers := LoadFunctionCLib(fn_OpenSSL_add_all_ciphers,False); + @OpenSSL_add_all_digests := LoadFunctionCLib(fn_OpenSSL_add_all_digests,False); + @EVP_cleanup := LoadFunctionCLib(fn_EVP_cleanup,False); @sk_num := LoadFunctionCLib(fn_sk_num); @sk_new := LoadFunctionCLib(fn_sk_new); @@ -23898,6 +24008,15 @@ procedure InitializeFuncPointers; @SSL_CIPHER_get_name := nil; @SSL_CIPHER_get_version := nil; @SSL_CIPHER_get_bits := nil; + @SSL_CTX_set_info_callback := nil; + @OpenSSL_version_num := nil; + @OpenSSL_version := nil; + + @TLS_method := nil; + @SSL_get_version := nil; + @SSL_CTX_get_cert_store := nil; + + @SSL_get_ex_data_X509_STORE_CTX_idx := nil; // Thread safe @_CRYPTO_num_locks := nil; @CRYPTO_set_locking_callback := nil; @@ -23907,7 +24026,9 @@ procedure InitializeFuncPointers; @CRYPTO_THREADID_set_pointer := nil; @CRYPTO_set_id_callback := nil; {$ENDIF} - @ERR_put_error := nil; + @ERR_new := nil; + @ERR_set_debug := nil; + @ERR_set_error := nil; @ERR_get_error := nil; @ERR_peek_error := nil; @ERR_peek_last_error := nil; @@ -24010,6 +24131,8 @@ procedure InitializeFuncPointers; @X509_set_notAfter := nil; @X509_set_pubkey := nil; @X509_REQ_set_pubkey := nil; + @X509_verify := nil; + @X509_verify_cert_error_string := nil; //PEM {$IFNDEF SSLEAY_MACROS} @_PEM_read_bio_X509 := nil; @@ -24229,6 +24352,8 @@ procedure InitializeFuncPointers; @EVP_MD_CTX_cleanup := nil; @EVP_MD_CTX_create := nil; @EVP_MD_CTX_destroy := nil; + @EVP_MD_CTX_new := nil; + @EVP_MD_CTX_free := nil; @EVP_MD_CTX_copy := nil; @EVP_MD_CTX_copy_ex := nil; //@EVP_MD_CTX_set_flags := nil; @@ -24739,7 +24864,7 @@ function X509_STORE_CTX_get_app_data(ctx: PX509_STORE_CTX):Pointer; function X509_get_version(x : PX509): TIdC_LONG; {$IFDEF USE_INLINE} inline; {$ENDIF} begin - Result := ASN1_INTEGER_get(x^.cert_info^.version); + Result := ASN1_INTEGER_get(x^.cert_info.version); end; function X509_get_signature_type(x : PX509) : TIdC_INT; @@ -24842,12 +24967,12 @@ function X509_CRL_get_REVOKED(x : PX509_CRL) : PSTACK_OF_X509_REVOKED; Result := x^.crl^.revoked; end; -procedure SSL_CTX_set_info_callback(ctx: PSSL_CTX; cb: PSSL_CTX_info_callback); -{$IFDEF USE_INLINE} inline; {$ENDIF} -begin - Assert(ctx<>nil); - ctx.info_callback := cb; -end; +//procedure SSL_CTX_set_info_callback(ctx: PSSL_CTX; cb: PSSL_CTX_info_callback); +//{$IFDEF USE_INLINE} inline; {$ENDIF} +//begin +// Assert(ctx<>nil); +// ctx.info_callback := cb; +//end; //* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, // * they cannot be used to clear bits. */ @@ -24858,6 +24983,18 @@ function SSL_CTX_set_options(ctx: PSSL_CTX; op: TIdC_LONG):TIdC_LONG; Result := SSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, op, nil); end; +function SSL_CTX_set_min_proto_version(ctx: PSSL_CTX; op: TIdC_LONG):TIdC_LONG; +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Result := SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, op, nil); +end; + +function SSL_CTX_set_max_proto_version(ctx: PSSL_CTX; op: TIdC_LONG):TIdC_LONG; +{$IFDEF USE_INLINE} inline; {$ENDIF} +begin + Result := SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, op, nil); +end; + function SSL_CTX_clear_options(ctx : PSSL_CTX; op : TIdC_LONG):TIdC_LONG; {$IFDEF USE_INLINE} inline; {$ENDIF} begin diff --git a/IdSSLOpenSSLHeaders_static.pas b/IdSSLOpenSSLHeaders_static.pas index eb26de2..1ce7943 100644 --- a/IdSSLOpenSSLHeaders_static.pas +++ b/IdSSLOpenSSLHeaders_static.pas @@ -40,7 +40,7 @@ function SSL_CTX_use_certificate_func(ctx: PSSL_CTX; x: PX509): TIdC_INT cdecl; function SSL_CTX_use_certificate_file_func(ctx: PSSL_CTX; const _file: PIdAnsiChar; _type: TIdC_INT): TIdC_INT cdecl; external SSL_LIB_NAME name 'SSL_CTX_use_certificate_file'; -procedure SSL_load_error_strings_proc cdecl; external SSL_LIB_NAME name 'SSL_load_error_strings'; +//procedure SSL_load_error_strings_proc cdecl; external SSL_LIB_NAME name 'SSL_load_error_strings'; function SSL_state_string_long_func(s: PSSL): PIdAnsiChar cdecl; external SSL_LIB_NAME name 'SSL_state_string_long'; @@ -48,7 +48,9 @@ function SSL_alert_desc_string_long_func(value : TIdC_INT) : PIdAnsiChar cdecl; function SSL_alert_type_string_long_func(value : TIdC_INT) : PIdAnsiChar cdecl; external SSL_LIB_NAME name 'SSL_alert_type_string_long'; -function SSL_get_peer_certificate_func(s: PSSL): PX509 cdecl; external SSL_LIB_NAME name 'SSL_get_peer_certificate'; +function SSL_get_peer_certificate_func(s: PSSL): PX509 cdecl; external SSL_LIB_NAME name 'SSL_get1_peer_certificate'; + +function SSL_get_ex_data_X509_STORE_CTX_idx_func: Integer cdecl; external SSLCLIB_LIB_name name 'SSL_get_ex_data_X509_STORE_CTX_idx'; procedure SSL_CTX_set_verify_proc(ctx: PSSL_CTX; mode: TIdC_INT; callback: TSSL_CTX_set_verify_callback) cdecl; external SSL_LIB_NAME name 'SSL_CTX_set_verify'; @@ -89,24 +91,24 @@ function SSL_CTX_callback_ctrl_func(ssl : PSSL_CTX; cmd : TIdC_INT; fp : SSL_cal function SSL_get_error_func(s: PSSL; ret_code: TIdC_INT): TIdC_INT cdecl; external SSL_LIB_NAME name 'SSL_get_error'; {$IFNDEF OPENSSL_NO_SSL2} -function SSLv2_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv2_method'; +//function SSLv2_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv2_method'; -function SSLv2_server_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv2_server_method'; +//function SSLv2_server_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv2_server_method'; -function SSLv2_client_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv2_client_method'; +//function SSLv2_client_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv2_client_method'; {$ENDIF} -function SSLv3_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv3_method'; +//function SSLv3_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv3_method'; -function SSLv3_server_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv3_server_method'; +//function SSLv3_server_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv3_server_method'; -function SSLv3_client_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv3_client_method'; +//function SSLv3_client_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv3_client_method'; -function SSLv23_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv23_method'; +//function SSLv23_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv23_method'; -function SSLv23_server_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv23_server_method'; +//function SSLv23_server_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv23_server_method'; -function SSLv23_client_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv23_client_method'; +//function SSLv23_client_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'SSLv23_client_method'; function TLSv1_method_func: PSSL_METHOD cdecl; external SSL_LIB_NAME name 'TLSv1_method'; @@ -144,15 +146,15 @@ function SSL_CTX_load_verify_locations_func(ctx: PSSL_CTX; const CAfile: PIdAnsi function SSL_get_session_func(const ssl: PSSL): PSSL_SESSION cdecl; external SSL_LIB_NAME name 'SSL_get_session'; -function SSLeay_add_ssl_algorithms_func: TIdC_INT cdecl; external SSL_LIB_NAME name 'SSL_library_init'; +//function SSLeay_add_ssl_algorithms_func: TIdC_INT cdecl; external SSL_LIB_NAME name 'SSL_library_init'; function SSL_SESSION_get_id_func(const s: PSSL_SESSION; length: PIdC_UINT): PIdAnsiChar cdecl; external SSL_LIB_NAME name 'SSL_SESSION_get_id'; procedure SSL_copy_session_id_proc(sslTo: PSSL; const sslFrom: PSSL) cdecl; external SSL_LIB_NAME name 'SSL_copy_session_id'; -function SSLeay_version_func(_type : TIdC_INT) : PIdAnsiChar cdecl; external SSLCLIB_LIB_name name 'SSLeay_version'; +//function SSLeay_version_func(_type : TIdC_INT) : PIdAnsiChar cdecl; external SSLCLIB_LIB_name name 'SSLeay_version'; -function SSLeay_func: TIdC_ULONG cdecl; external SSLCLIB_LIB_name name 'SSLeay'; +//function SSLeay_func: TIdC_ULONG cdecl; external SSLCLIB_LIB_name name 'SSLeay'; function d2i_X509_NAME_func(pr : PPX509_NAME; _in : PPByte; length : TIdC_LONG):PX509_NAME cdecl; external SSLCLIB_LIB_name name 'd2i_X509_NAME'; @@ -162,7 +164,7 @@ function X509_NAME_oneline_func(a: PX509_NAME; buf: PIdAnsiChar; size: TIdC_INT) function X509_NAME_cmp_func(const a, b: PX509_NAME): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'X509_NAME_cmp'; -function X509_NAME_hash_func(x: PX509_NAME): TIdC_ULONG cdecl; external SSLCLIB_LIB_name name 'X509_NAME_hash'; +function X509_NAME_hash_func(x: PX509_NAME): TIdC_ULONG cdecl; external SSLCLIB_LIB_name name 'X509_NAME_hash_ex'; function X509_set_issuer_name_func(x: PX509; name: PX509_NAME): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'X509_set_issuer_name'; @@ -278,19 +280,22 @@ function SSL_CIPHER_get_version_func(const c: PSSL_CIPHER): PIdAnsiChar cdecl; e function SSL_CIPHER_get_bits_func(const c: PSSL_CIPHER; var alg_bits: TIdC_INT): TIdC_INT cdecl; external SSL_LIB_NAME name 'SSL_CIPHER_get_bits'; -procedure CRYPTO_lock_proc(mode, _type : TIdC_INT; const _file : PIdAnsiChar; line : TIdC_INT) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_lock'; +//procedure CRYPTO_lock_proc(mode, _type : TIdC_INT; const _file : PIdAnsiChar; line : TIdC_INT) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_lock'; -function CRYPTO_num_locks_func: TIdC_INT cdecl; external SSLCLIB_LIB_name name 'CRYPTO_num_locks'; +//function CRYPTO_num_locks_func: TIdC_INT cdecl; external SSLCLIB_LIB_name name 'CRYPTO_num_locks'; -procedure CRYPTO_set_locking_callback_proc(func: TIdSslLockingCallback) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_set_locking_callback'; +//procedure CRYPTO_set_locking_callback_proc(func: TIdSslLockingCallback) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_set_locking_callback'; -function CRYPTO_THREADID_set_callback_func(threadid_func : TCRYPTO_THREADID_set_callback_threadid_func) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'CRYPTO_THREADID_set_callback'; +//function CRYPTO_THREADID_set_callback_func(threadid_func : TCRYPTO_THREADID_set_callback_threadid_func) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'CRYPTO_THREADID_set_callback'; -procedure CRYPTO_THREADID_set_numeric_proc(id : PCRYPTO_THREADID; val : TIdC_ULONG) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_THREADID_set_numeric'; +//procedure CRYPTO_THREADID_set_numeric_proc(id : PCRYPTO_THREADID; val : TIdC_ULONG) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_THREADID_set_numeric'; -procedure CRYPTO_THREADID_set_pointer_proc(id : PCRYPTO_THREADID; ptr : Pointer) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_THREADID_set_pointer'; +//procedure CRYPTO_THREADID_set_pointer_proc(id : PCRYPTO_THREADID; ptr : Pointer) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_THREADID_set_pointer'; -procedure ERR_put_error_proc(lib, func, reason : TIdC_INT; _file : PIdAnsiChar; line : TIdC_INT) cdecl; external SSLCLIB_LIB_name name 'ERR_put_error'; +procedure ERR_new_proc cdecl; external SSLCLIB_LIB_name name 'ERR_new'; +procedure ERR_set_debug_proc(_file : PIdAnsiChar; line: TIdC_INT; func: PIdAnsiChar) cdecl; external SSLCLIB_LIB_name name 'ERR_set_debug'; +procedure ERR_set_error_proc(lib, reason : TIdC_INT; fmt : PIdAnsiChar) cdecl; external SSLCLIB_LIB_name name 'ERR_set_error'; +//procedure ERR_put_error_proc(lib, func, reason : TIdC_INT; _file : PIdAnsiChar; line : TIdC_INT) cdecl; external SSLCLIB_LIB_name name 'ERR_put_error'; function ERR_get_error_func: TIdC_ULONG cdecl; external SSLCLIB_LIB_name name 'ERR_get_error'; @@ -312,19 +317,19 @@ function ERR_reason_error_string_func(e : TIdC_ULONG): PIdAnsiChar cdecl; extern procedure ERR_load_ERR_strings_proc cdecl; external SSLCLIB_LIB_name name 'ERR_load_ERR_strings'; -procedure ERR_load_crypto_strings_proc cdecl; external SSLCLIB_LIB_name name 'ERR_load_crypto_strings'; +//procedure ERR_load_crypto_strings_proc cdecl; external SSLCLIB_LIB_name name 'ERR_load_crypto_strings'; -procedure ERR_free_strings_proc cdecl; external SSLCLIB_LIB_name name 'ERR_free_strings'; +//procedure ERR_free_strings_proc cdecl; external SSLCLIB_LIB_name name 'ERR_free_strings'; procedure ERR_remove_thread_state_proc(const tId : PCRYPTO_THREADID) cdecl; external SSLCLIB_LIB_name name 'ERR_remove_thread_state'; -procedure CRYPTO_cleanup_all_ex_data_proc cdecl; external SSLCLIB_LIB_name name 'CRYPTO_cleanup_all_ex_data'; +//procedure CRYPTO_cleanup_all_ex_data_proc cdecl; external SSLCLIB_LIB_name name 'CRYPTO_cleanup_all_ex_data'; function SSL_COMP_get_compression_methods_func: PSTACK_OF_SSL_COMP cdecl; external SSL_LIB_NAME name 'SSL_COMP_get_compression_methods'; -procedure SSL_COMP_free_compression_methods_func; cdecl; external SSL_LIB_NAME name 'SSL_COMP_free_compression_methods' +//procedure SSL_COMP_free_compression_methods_func; cdecl; external SSL_LIB_NAME name 'SSL_COMP_free_compression_methods' -procedure sk_pop_free_proc(st: PSTACK; func: Tsk_pop_free_func) cdecl; external SSLCLIB_LIB_name name 'sk_pop_free'; +procedure sk_pop_free_proc(st: PSTACK; func: Tsk_pop_free_func) cdecl; external SSLCLIB_LIB_name name 'OPENSSL_sk_pop_free'; procedure RSA_free_proc(rsa: PRSA) cdecl; external SSLCLIB_LIB_name name 'RSA_free'; @@ -457,9 +462,9 @@ function X509_get_serialNumber_func(x: PX509): PASN1_INTEGER cdecl; external SSL function X509_gmtime_adj_func(s: PASN1_TIME; adj: TIdC_LONG): PASN1_TIME cdecl; external SSLCLIB_LIB_name name 'X509_gmtime_adj'; -function X509_set_notBefore_func(x: PX509; tm: PASN1_TIME): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'X509_set_notBefore'; +//function X509_set_notBefore_func(x: PX509; tm: PASN1_TIME): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'X509_set_notBefore'; -function X509_set_notAfter_func(x: PX509; tm: PASN1_TIME): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'X509_set_notAfter'; +//function X509_set_notAfter_func(x: PX509; tm: PASN1_TIME): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'X509_set_notAfter'; function X509_set_pubkey_func(x: PX509; pkey: PEVP_PKEY): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'X509_set_pubkey'; @@ -469,6 +474,8 @@ function X509_PUBKEY_get_func(key: PX509_PUBKEY): PEVP_PKEY cdecl; external SSLC function X509_verify_func(x509: PX509; pkey: PEVP_PKEY): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'X509_verify'; +function X509_verify_cert_error_string_func(n: TIdC_LONG): PIdAnsiChar cdecl; external SSLCLIB_LIB_name name 'X509_verify_cert_error_string'; + {$IFNDEF SSLEAY_MACROS} function PEM_read_bio_X509_func(bp: PBIO; x: PPX509; cb: ppem_password_cb; u: Pointer): PX509 cdecl; external SSLCLIB_LIB_name name 'PEM_read_bio_X509'; @@ -571,13 +578,15 @@ function EVP_md4_func: PEVP_MD cdecl; external SSLCLIB_LIB_name name 'EVP_md4'; //function EVP_md2_func: PEVP_MD cdecl; external SSLCLIB_LIB_name name 'EVP_md2'; //{$ENDIF} -procedure EVP_MD_CTX_init_proc(ctx : PEVP_MD_CTX) cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_init'; +//procedure EVP_MD_CTX_init_proc(ctx : PEVP_MD_CTX) cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_init'; -function EVP_MD_CTX_cleanup_func(ctx : PEVP_MD_CTX) : TIdC_Int cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_cleanup'; +//function EVP_MD_CTX_cleanup_func(ctx : PEVP_MD_CTX) : TIdC_Int cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_cleanup'; -function EVP_MD_CTX_create_func : PEVP_MD_CTX cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_create'; +//function EVP_MD_CTX_create_func : PEVP_MD_CTX cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_create'; -procedure EVP_MD_CTX_destroy_proc(ctx : PEVP_MD_CTX) cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_destroy'; +//procedure EVP_MD_CTX_destroy_proc(ctx : PEVP_MD_CTX) cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_destroy'; +function EVP_MD_CTX_new_func : PEVP_MD_CTX cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_new'; +function EVP_MD_CTX_free_func(ctx : PEVP_MD_CTX) : TIdC_Int cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_free'; function EVP_MD_CTX_copy_func(_out : PEVP_MD_CTX; _in: PEVP_MD_CTX) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'EVP_MD_CTX_copy'; @@ -600,7 +609,7 @@ function EVP_PKEY_assign_func(pkey: PEVP_PKEY; _type: TIdC_INT; key: Pointer): T function EVP_get_digestbyname_func(const name: PIdAnsiChar): PEVP_MD cdecl; external SSLCLIB_LIB_name name 'EVP_get_digestbyname'; {$IFNDEF OPENSSL_NO_HMAC} -procedure HMAC_CTX_init_proc(ctx : PHMAC_CTX) cdecl; external SSLCLIB_LIB_name name 'HMAC_CTX_init'; +//procedure HMAC_CTX_init_proc(ctx : PHMAC_CTX) cdecl; external SSLCLIB_LIB_name name 'HMAC_CTX_init'; function HMAC_Init_ex_func(ctx : PHMAC_CTX; key : Pointer; len : TIdC_INT; md : PEVP_MD; impl : PENGINE) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'HMAC_Init_ex'; @@ -609,7 +618,7 @@ function HMAC_Update_func(ctx : PHMAC_CTX; data : PIdAnsiChar; len : size_t) : T function HMAC_Final_func(ctx : PHMAC_CTX; md : PIdAnsiChar; len : PIdC_UINT) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'HMAC_Final'; -procedure HMAC_CTX_cleanup_proc(ctx : PHMAC_CTX) cdecl; external SSLCLIB_LIB_name name 'HMAC_CTX_cleanup'; +//procedure HMAC_CTX_cleanup_proc(ctx : PHMAC_CTX) cdecl; external SSLCLIB_LIB_name name 'HMAC_CTX_cleanup'; {$ENDIF} function OBJ_obj2nid_func(const o: PASN1_OBJECT): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'OBJ_obj2nid'; @@ -639,16 +648,16 @@ function CRYPTO_malloc_func(num: TIdC_INT; const _file: PIdAnsiChar; line: TIdC_ procedure CRYPTO_free_proc(ptr : Pointer) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_free'; -procedure CRYPTO_mem_leaks_proc(b:PBIO) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_mem_leaks'; +//procedure CRYPTO_mem_leaks_proc(b:PBIO) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_mem_leaks'; -function CRYPTO_mem_ctrl_func(mode: TIdC_INT): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'CRYPTO_mem_ctrl'; +//function CRYPTO_mem_ctrl_func(mode: TIdC_INT): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'CRYPTO_mem_ctrl'; -procedure CRYPTO_set_mem_debug_functions_proc( - m: Tset_mem_debug_functions_m; - r: Tset_mem_debug_functions_r; - f : Tset_mem_debug_functions_f; - so : Tset_mem_debug_functions_so; - go : Tset_mem_debug_functions_go) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_set_mem_debug_functions'; +//procedure CRYPTO_set_mem_debug_functions_proc( +// m: Tset_mem_debug_functions_m; +// r: Tset_mem_debug_functions_r; +// f : Tset_mem_debug_functions_f; +// so : Tset_mem_debug_functions_so; +// go : Tset_mem_debug_functions_go) cdecl; external SSLCLIB_LIB_name name 'CRYPTO_set_mem_debug_functions'; function PKCS12_create_func(pass, name: PIdAnsiChar; pkey: PEVP_PKEY; cert : PX509; ca: PSTACK_OF_X509; nid_key, nid_cert, iter, mac_iter, keytype : TIdC_INT) : PPKCS12 cdecl; external SSLCLIB_LIB_name name 'PKCS12_create'; @@ -659,27 +668,27 @@ procedure PKCS12_free_proc(p12: PPKCS12) cdecl; external SSLCLIB_LIB_name name ' //procedure OpenSSL_add_all_algorithms_proc cdecl; external SSLCLIB_LIB_name name 'OpenSSL_add_all_algorithms'; -procedure OpenSSL_add_all_ciphers_proc cdecl; external SSLCLIB_LIB_name name 'OpenSSL_add_all_ciphers'; +//procedure OpenSSL_add_all_ciphers_proc cdecl; external SSLCLIB_LIB_name name 'OpenSSL_add_all_ciphers'; -procedure OpenSSL_add_all_digests_proc cdecl; external SSLCLIB_LIB_name name 'OpenSSL_add_all_digests'; +//procedure OpenSSL_add_all_digests_proc cdecl; external SSLCLIB_LIB_name name 'OpenSSL_add_all_digests'; -procedure EVP_cleanup_proc cdecl; external SSLCLIB_LIB_name name 'EVP_cleanup'; +//procedure EVP_cleanup_proc cdecl; external SSLCLIB_LIB_name name 'EVP_cleanup'; -function sk_num_func(const x : PSTACK) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'sk_num'; +function sk_num_func(const x : PSTACK) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'OPENSSL_sk_num'; -function sk_new_func( cmp : Tsk_new_cmp) : PStack cdecl; external SSLCLIB_LIB_name name 'sk_new'; +function sk_new_func( cmp : Tsk_new_cmp) : PStack cdecl; external SSLCLIB_LIB_name name 'OPENSSL_sk_new'; -function sk_new_null_func: PSTACK cdecl; external SSLCLIB_LIB_name name 'sk_new_null'; +function sk_new_null_func: PSTACK cdecl; external SSLCLIB_LIB_name name 'OPENSSL_sk_new_null'; -procedure sk_free_proc(st : PSTACK) cdecl; external SSLCLIB_LIB_name name 'sk_free'; +procedure sk_free_proc(st : PSTACK) cdecl; external SSLCLIB_LIB_name name 'OPENSSL_sk_free'; -function sk_push_func(st: PSTACK; data: PIdAnsiChar): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'sk_push'; +function sk_push_func(st: PSTACK; data: PIdAnsiChar): TIdC_INT cdecl; external SSLCLIB_LIB_name name 'OPENSSL_sk_push'; -function sk_dup_func(st : PSTACK) : PSTACK cdecl; external SSLCLIB_LIB_name name 'sk_dup'; +function sk_dup_func(st : PSTACK) : PSTACK cdecl; external SSLCLIB_LIB_name name 'OPENSSL_sk_dup'; -function sk_find_func(st : PSTACK; Data : PIdAnsiChar) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'sk_find'; +function sk_find_func(st : PSTACK; Data : PIdAnsiChar) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'OPENSSL_sk_find'; -function sk_value_func(x : PSTACK; i : TIdC_INT) : PIdAnsiChar cdecl; external SSLCLIB_LIB_name name 'sk_value'; +function sk_value_func(x : PSTACK; i : TIdC_INT) : PIdAnsiChar cdecl; external SSLCLIB_LIB_name name 'OPENSSL_sk_value'; {$IFDEF OPENSSL_FIPS} //function FIPS_mode_set_func(onoff : TIdC_INT) : TIdC_INT cdecl; external SSLCLIB_LIB_name name 'FIPS_mode_set'; @@ -687,6 +696,14 @@ function sk_value_func(x : PSTACK; i : TIdC_INT) : PIdAnsiChar cdecl; external S //function FIPS_mode_func: TIdC_INT cdecl; external SSLCLIB_LIB_name name 'FIPS_mode'; {$ENDIF} +procedure SSL_CTX_set_info_callback_func(Ctx: PSSL_CTX; Callback: PSSL_CTX_info_callback) cdecl; external SSL_LIB_name name 'SSL_CTX_set_info_callback'; +function OpenSSL_version_num_func: LongWord cdecl; external SSLCLIB_LIB_name name 'OpenSSL_version_num'; +function OpenSSL_version_func(t: Integer): PIdAnsiChar cdecl; external SSLCLIB_LIB_name name 'OpenSSL_version'; + +function TLS_method_func: PSSL_METHOD cdecl; external SSL_LIB_name name 'TLS_method'; +function SSL_get_version_func(S: PSSL): PIdAnsiChar cdecl; external SSL_LIB_name name 'SSL_get_version'; +function SSL_CTX_get_cert_store_func(const Ctx: PSSL_CTX): PX509_STORE cdecl; external SSL_LIB_name name 'SSL_CTX_get_cert_store'; + procedure LoadSymbols; begin SSL_CTX_set_cipher_list := SSL_CTX_set_cipher_list_func; @@ -697,7 +714,7 @@ procedure LoadSymbols; SSL_CTX_use_PrivateKey := SSL_CTX_use_PrivateKey_func; SSL_CTX_use_certificate := SSL_CTX_use_certificate_func; SSL_CTX_use_certificate_file := SSL_CTX_use_certificate_file_func; - SSL_load_error_strings := SSL_load_error_strings_proc; + SSL_load_error_strings := nil; SSL_state_string_long := SSL_state_string_long_func; SSL_alert_desc_string_long := SSL_alert_desc_string_long_func; SSL_alert_type_string_long := SSL_alert_type_string_long_func; @@ -723,20 +740,20 @@ procedure LoadSymbols; SSL_CTX_callback_ctrl := SSL_CTX_callback_ctrl_func; SSL_get_error := SSL_get_error_func; {$IFNDEF OPENSSL_NO_SSL2} - SSLv2_method := SSLv2_method_func; - SSLv2_server_method := SSLv2_server_method_func; - SSLv2_client_method := SSLv2_client_method_func; + SSLv2_method := nil; + SSLv2_server_method := nil; + SSLv2_client_method := nil; {$ELSE} SSLv2_method := nil; SSLv2_server_method := nil; SSLv2_client_method := nil; {$ENDIF} - SSLv3_method := SSLv3_method_func; - SSLv3_server_method := SSLv3_server_method_func; - SSLv3_client_method := SSLv3_client_method_func; - SSLv23_method := SSLv23_method_func; - SSLv23_server_method := SSLv23_server_method_func; - SSLv23_client_method := SSLv23_client_method_func; + SSLv3_method := nil; + SSLv3_server_method := nil; + SSLv3_client_method := nil; + SSLv23_method := nil; + SSLv23_server_method := nil; + SSLv23_client_method := nil; TLSv1_method := TLSv1_method_func; TLSv1_server_method := TLSv1_server_method_func; TLSv1_client_method := TLSv1_client_method_func; @@ -755,12 +772,12 @@ procedure LoadSymbols; SSL_set_shutdown := SSL_set_shutdown_proc; SSL_CTX_load_verify_locations := SSL_CTX_load_verify_locations_func; SSL_get_session := SSL_get_session_func; - SSLeay_add_ssl_algorithms := SSLeay_add_ssl_algorithms_func; +// SSLeay_add_ssl_algorithms := SSLeay_add_ssl_algorithms_func; SSL_SESSION_get_id := SSL_SESSION_get_id_func; SSL_copy_session_id := SSL_copy_session_id_proc; // CRYPTO LIB - _SSLeay_version := SSLeay_version_func; - SSLeay := SSLeay_func; + _SSLeay_version := nil; + SSLeay := nil; d2i_X509_NAME := d2i_X509_NAME_func; i2d_X509_NAME := i2d_X509_NAME_func; X509_NAME_oneline := X509_NAME_oneline_func; @@ -829,23 +846,26 @@ procedure LoadSymbols; SSL_CIPHER_get_version := SSL_CIPHER_get_version_func; SSL_CIPHER_get_bits := SSL_CIPHER_get_bits_func; // Thread safe - _CRYPTO_lock := CRYPTO_lock_proc; - _CRYPTO_num_locks := CRYPTO_num_locks_func; - CRYPTO_set_locking_callback := CRYPTO_set_locking_callback_proc; + _CRYPTO_lock := nil; + _CRYPTO_num_locks := nil; + CRYPTO_set_locking_callback := nil; {$IFNDEF WIN32_OR_WIN64} { In OpenSSL 1.0.0, you should use these callback functions instead of the depreciated set_id_callback. They are not in the older 0.9.8 OpenSSL series so we have to handle both cases. } - CRYPTO_THREADID_set_callback := CRYPTO_THREADID_set_callback_func; - CRYPTO_THREADID_set_numeric := CRYPTO_THREADID_set_numeric_proc; - CRYPTO_THREADID_set_pointer := CRYPTO_THREADID_set_pointer_proc; {Do not localize} + CRYPTO_THREADID_set_callback := nil; + CRYPTO_THREADID_set_numeric := nil; + CRYPTO_THREADID_set_pointer := nil; {Do not localize} // if not assigned(CRYPTO_THREADID_set_callback) then begin // @CRYPTO_set_id_callback := LoadFunctionCLib(fn_CRYPTO_set_id_callback); // end; {$ENDIF} - ERR_put_error := ERR_put_error_proc; + ERR_new := ERR_new_proc; + ERR_set_debug := ERR_set_debug_proc; + ERR_set_error := ERR_set_error_proc; +// ERR_put_error := ERR_put_error_proc; ERR_get_error := ERR_get_error_func; ERR_peek_error := ERR_peek_error_func; ERR_peek_last_error := ERR_peek_last_error_func; @@ -856,15 +876,15 @@ procedure LoadSymbols; ERR_func_error_string := ERR_func_error_string_func; ERR_reason_error_string := ERR_reason_error_string_func; ERR_load_ERR_strings := ERR_load_ERR_strings_proc; - ERR_load_crypto_strings := ERR_load_crypto_strings_proc; - ERR_free_strings := ERR_free_strings_proc; + ERR_load_crypto_strings := nil; + ERR_free_strings := nil; ERR_remove_thread_state := ERR_remove_thread_state_proc; // if not Assigned(ERR_remove_thread_state) then begin // @ERR_remove_state := LoadFunctionCLib(fn_ERR_remove_state); // end; - CRYPTO_cleanup_all_ex_data := CRYPTO_cleanup_all_ex_data_proc; + CRYPTO_cleanup_all_ex_data := nil; SSL_COMP_get_compression_methods := SSL_COMP_get_compression_methods_func; - SSL_COMP_free_compression_methods := SSL_COMP_free_compression_methods_func; + SSL_COMP_free_compression_methods := nil; sk_pop_free := sk_pop_free_proc; //RSA RSA_free := RSA_free_proc; @@ -940,8 +960,8 @@ procedure LoadSymbols; X509_set_version := X509_set_version_func; X509_get_serialNumber := X509_get_serialNumber_func; X509_gmtime_adj := X509_gmtime_adj_func; - X509_set_notBefore := X509_set_notBefore_func; - X509_set_notAfter := X509_set_notAfter_func; + X509_set_notBefore := nil; + X509_set_notAfter := nil; X509_set_pubkey := X509_set_pubkey_func; X509_REQ_set_pubkey := X509_REQ_set_pubkey_func; X509_PUBKEY_get := X509_PUBKEY_get_func; @@ -1003,16 +1023,18 @@ procedure LoadSymbols; // {$IFNDEF OPENSSL_NO_MD2} // EVP_md2 := EVP_md2_func; // {$ENDIF} - EVP_MD_CTX_init := EVP_MD_CTX_init_proc; - EVP_MD_CTX_cleanup := EVP_MD_CTX_cleanup_func; - EVP_MD_CTX_create := EVP_MD_CTX_create_func; - EVP_MD_CTX_destroy := EVP_MD_CTX_destroy_proc; +// EVP_MD_CTX_init := EVP_MD_CTX_init_proc; +// EVP_MD_CTX_cleanup := EVP_MD_CTX_cleanup_func; +// EVP_MD_CTX_create := EVP_MD_CTX_create_func; +// EVP_MD_CTX_destroy := EVP_MD_CTX_destroy_proc; + EVP_MD_CTX_new := EVP_MD_CTX_new_func; + EVP_MD_CTX_free := EVP_MD_CTX_free_func; EVP_MD_CTX_copy := EVP_MD_CTX_copy_func; EVP_MD_CTX_copy_ex := EVP_MD_CTX_copy_ex_func; EVP_DigestInit_ex := EVP_DigestInit_ex_func; EVP_DigestUpdate := EVP_DigestUpdate_func; EVP_DigestFinal_ex := EVP_DigestFinal_ex_func; - EVP_MD_CTX_cleanup := EVP_MD_CTX_cleanup_func; +// EVP_MD_CTX_cleanup := EVP_MD_CTX_cleanup_func; EVP_PKEY_type := EVP_PKEY_type_func; EVP_PKEY_new := EVP_PKEY_new_func; EVP_PKEY_free := EVP_PKEY_free_proc; @@ -1020,7 +1042,7 @@ procedure LoadSymbols; EVP_get_digestbyname := EVP_get_digestbyname_func; //HMAC {$IFNDEF OPENSSL_NO_HMAC} - HMAC_CTX_init := HMAC_CTX_init_proc; + HMAC_CTX_init := nil; // if IsOpenSSL_1x then begin _1_0_HMAC_Init_ex := HMAC_Init_ex_func; _1_0_HMAC_Update := HMAC_Update_func; @@ -1030,7 +1052,7 @@ procedure LoadSymbols; // @_HMAC_Update := LoadFunctionCLib(fn_HMAC_Update); // @_HMAC_Final := LoadFunctionCLib(fn_HMAC_Final); // end; - HMAC_CTX_cleanup := HMAC_CTX_cleanup_proc; + HMAC_CTX_cleanup := nil; {$ENDIF} //OBJ OBJ_obj2nid := OBJ_obj2nid_func; @@ -1046,16 +1068,16 @@ procedure LoadSymbols; CRYPTO_set_mem_functions := CRYPTO_set_mem_functions_func; CRYPTO_malloc := CRYPTO_malloc_func; CRYPTO_free := CRYPTO_free_proc; - CRYPTO_mem_leaks := CRYPTO_mem_leaks_proc; - CRYPTO_mem_ctrl := CRYPTO_mem_ctrl_func; - CRYPTO_set_mem_debug_functions := CRYPTO_set_mem_debug_functions_proc; + CRYPTO_mem_leaks := nil; + CRYPTO_mem_ctrl := nil; + CRYPTO_set_mem_debug_functions := nil; PKCS12_create := PKCS12_create_func; i2d_PKCS12_bio := i2d_PKCS12_bio_func; PKCS12_free := PKCS12_free_proc; // OpenSSL_add_all_algorithms := OpenSSL_add_all_algorithms_proc; - OpenSSL_add_all_ciphers := OpenSSL_add_all_ciphers_proc; - OpenSSL_add_all_digests := OpenSSL_add_all_digests_proc; - EVP_cleanup := EVP_cleanup_proc; + OpenSSL_add_all_ciphers := nil; + OpenSSL_add_all_digests := nil; + EVP_cleanup := nil; sk_num := sk_num_func; sk_new := sk_new_func; @@ -1069,6 +1091,15 @@ procedure LoadSymbols; // _FIPS_mode_set := FIPS_mode_set_func; // _FIPS_mode := FIPS_mode_func; {$ENDIF} + SSL_CTX_set_info_callback := SSL_CTX_set_info_callback_func; + + OpenSSL_version_num := OpenSSL_version_num_func; + OpenSSL_version := OpenSSL_version_func; + TLS_method := TLS_method_func; + SSL_get_version := SSL_get_version_func; + SSL_CTX_get_cert_store := SSL_CTX_get_cert_store_func; + + SSL_get_ex_data_X509_STORE_CTX_idx := SSL_get_ex_data_X509_STORE_CTX_idx_func; end; initialization