Line
Link Here
|
0 |
-- qtbase-opensource-src-5.9.4/config.tests/unix/openssl11/openssl.cpp |
0 |
++ qtbase-opensource-src-5.9.4/config.tests/unix/openssl11/openssl.cpp |
Line 0
Link Here
|
0 |
-- qtbase-opensource-src-5.9.4/config.tests/unix/openssl11/openssl.pro |
1 |
/**************************************************************************** |
|
|
2 |
** |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Contact: https://www.qt.io/licensing/ |
5 |
** |
6 |
** This file is part of the config.tests of the Qt Toolkit. |
7 |
** |
8 |
** $QT_BEGIN_LICENSE:LGPL$ |
9 |
** Commercial License Usage |
10 |
** Licensees holding valid commercial Qt licenses may use this file in |
11 |
** accordance with the commercial license agreement provided with the |
12 |
** Software or, alternatively, in accordance with the terms contained in |
13 |
** a written agreement between you and The Qt Company. For licensing terms |
14 |
** and conditions see https://www.qt.io/terms-conditions. For further |
15 |
** information use the contact form at https://www.qt.io/contact-us. |
16 |
** |
17 |
** GNU Lesser General Public License Usage |
18 |
** Alternatively, this file may be used under the terms of the GNU Lesser |
19 |
** General Public License version 3 as published by the Free Software |
20 |
** Foundation and appearing in the file LICENSE.LGPL3 included in the |
21 |
** packaging of this file. Please review the following information to |
22 |
** ensure the GNU Lesser General Public License version 3 requirements |
23 |
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
24 |
** |
25 |
** GNU General Public License Usage |
26 |
** Alternatively, this file may be used under the terms of the GNU |
27 |
** General Public License version 2.0 or (at your option) the GNU General |
28 |
** Public license version 3 or any later version approved by the KDE Free |
29 |
** Qt Foundation. The licenses are as published by the Free Software |
30 |
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
31 |
** included in the packaging of this file. Please review the following |
32 |
** information to ensure the GNU General Public License requirements will |
33 |
** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
34 |
** https://www.gnu.org/licenses/gpl-3.0.html. |
35 |
** |
36 |
** $QT_END_LICENSE$ |
37 |
** |
38 |
****************************************************************************/ |
39 |
|
40 |
#include <openssl/opensslv.h> |
41 |
|
42 |
#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER-0 < 0x10100000L |
43 |
# error "OpenSSL >= 1.1 is required" |
44 |
#endif |
45 |
|
46 |
int main() |
47 |
{ |
48 |
} |
|
|
49 |
++ qtbase-opensource-src-5.9.4/config.tests/unix/openssl11/openssl.pro |
Line 0
Link Here
|
0 |
-- qtbase-opensource-src-5.9.4/src/network/configure.json |
1 |
SOURCES = openssl.cpp |
|
|
2 |
CONFIG -= x11 qt |
|
|
3 |
++ qtbase-opensource-src-5.9.4/src/network/configure.json |
Lines 146-151
Link Here
|
146 |
] |
146 |
] |
147 |
}, |
147 |
}, |
148 |
"use": "network" |
148 |
"use": "network" |
|
|
149 |
}, |
150 |
"openssl11": { |
151 |
"label": "OpenSSL v. 1.1 support", |
152 |
"type": "compile", |
153 |
"test": "unix/openssl11", |
154 |
"use": "network" |
149 |
} |
155 |
} |
150 |
}, |
156 |
}, |
151 |
|
157 |
|
Lines 213-218
Link Here
|
213 |
"condition": "config.winrt || features.securetransport || features.openssl", |
219 |
"condition": "config.winrt || features.securetransport || features.openssl", |
214 |
"output": [ "publicFeature", "feature" ] |
220 |
"output": [ "publicFeature", "feature" ] |
215 |
}, |
221 |
}, |
|
|
222 |
"opensslv11": { |
223 |
"label": "OpenSSL v. 1.1", |
224 |
"condition": "tests.openssl11", |
225 |
"output": ["publicFeature", "feature"] |
226 |
}, |
216 |
"sctp": { |
227 |
"sctp": { |
217 |
"label": "SCTP", |
228 |
"label": "SCTP", |
218 |
"autoDetect": false, |
229 |
"autoDetect": false, |
219 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslcertificate_openssl.cpp |
230 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslcertificate_openssl.cpp |
Lines 1-6
Link Here
|
1 |
/**************************************************************************** |
1 |
/**************************************************************************** |
2 |
** |
2 |
** |
3 |
** Copyright (C) 2016 The Qt Company Ltd. |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
|
|
4 |
** Copyright (C) 2016 Richard J. Moore <rich@kde.org> |
4 |
** Contact: https://www.qt.io/licensing/ |
5 |
** Contact: https://www.qt.io/licensing/ |
5 |
** |
6 |
** |
6 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
7 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
Lines 64-75
bool QSslCertificate::operator==(const Q
Link Here
|
64 |
uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW |
65 |
uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW |
65 |
{ |
66 |
{ |
66 |
if (X509 * const x509 = key.d->x509) { |
67 |
if (X509 * const x509 = key.d->x509) { |
67 |
(void)q_X509_cmp(x509, x509); // populate x509->sha1_hash |
68 |
const EVP_MD *sha1 = q_EVP_sha1(); |
68 |
// (if someone knows a better way...) |
69 |
unsigned int len = 0; |
69 |
return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed); |
70 |
unsigned char md[EVP_MAX_MD_SIZE]; |
70 |
} else { |
71 |
q_X509_digest(x509, sha1, md, &len); |
71 |
return seed; |
72 |
return qHashBits(md, len, seed); |
72 |
} |
73 |
} |
|
|
74 |
|
75 |
return seed; |
73 |
} |
76 |
} |
74 |
|
77 |
|
75 |
bool QSslCertificate::isNull() const |
78 |
bool QSslCertificate::isNull() const |
Lines 89-96
QByteArray QSslCertificate::version() co
Link Here
|
89 |
{ |
92 |
{ |
90 |
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); |
93 |
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); |
91 |
if (d->versionString.isEmpty() && d->x509) |
94 |
if (d->versionString.isEmpty() && d->x509) |
92 |
d->versionString = |
95 |
d->versionString = QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); |
93 |
QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); |
|
|
94 |
|
96 |
|
95 |
return d->versionString; |
97 |
return d->versionString; |
96 |
} |
98 |
} |
Lines 99-105
QByteArray QSslCertificate::serialNumber
Link Here
|
99 |
{ |
101 |
{ |
100 |
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); |
102 |
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); |
101 |
if (d->serialNumberString.isEmpty() && d->x509) { |
103 |
if (d->serialNumberString.isEmpty() && d->x509) { |
102 |
ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; |
104 |
ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509); |
103 |
QByteArray hexString; |
105 |
QByteArray hexString; |
104 |
hexString.reserve(serialNumber->length * 3); |
106 |
hexString.reserve(serialNumber->length * 3); |
105 |
for (int a = 0; a < serialNumber->length; ++a) { |
107 |
for (int a = 0; a < serialNumber->length; ++a) { |
Lines 199-212
QMultiMap<QSsl::AlternativeNameEntryType
Link Here
|
199 |
continue; |
201 |
continue; |
200 |
} |
202 |
} |
201 |
|
203 |
|
202 |
const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5)); |
204 |
const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(genName->d.ia5)); |
203 |
const QString altName = QString::fromLatin1(altNameStr, len); |
205 |
const QString altName = QString::fromLatin1(altNameStr, len); |
204 |
if (genName->type == GEN_DNS) |
206 |
if (genName->type == GEN_DNS) |
205 |
result.insert(QSsl::DnsEntry, altName); |
207 |
result.insert(QSsl::DnsEntry, altName); |
206 |
else if (genName->type == GEN_EMAIL) |
208 |
else if (genName->type == GEN_EMAIL) |
207 |
result.insert(QSsl::EmailEntry, altName); |
209 |
result.insert(QSsl::EmailEntry, altName); |
208 |
} |
210 |
} |
209 |
q_sk_pop_free((STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_sk_free)); |
211 |
|
|
|
212 |
q_OPENSSL_sk_pop_free((OPENSSL_STACK*)altNames, reinterpret_cast<void(*)(void*)>(q_OPENSSL_sk_free)); |
210 |
} |
213 |
} |
211 |
|
214 |
|
212 |
return result; |
215 |
return result; |
Lines 235-259
QSslKey QSslCertificate::publicKey() con
Link Here
|
235 |
QSslKey key; |
238 |
QSslKey key; |
236 |
|
239 |
|
237 |
key.d->type = QSsl::PublicKey; |
240 |
key.d->type = QSsl::PublicKey; |
238 |
X509_PUBKEY *xkey = d->x509->cert_info->key; |
241 |
|
239 |
EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); |
242 |
EVP_PKEY *pkey = q_X509_get_pubkey(d->x509); |
240 |
Q_ASSERT(pkey); |
243 |
Q_ASSERT(pkey); |
|
|
244 |
const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); |
241 |
|
245 |
|
242 |
if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { |
246 |
if (keyType == EVP_PKEY_RSA) { |
243 |
key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); |
247 |
key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); |
244 |
key.d->algorithm = QSsl::Rsa; |
248 |
key.d->algorithm = QSsl::Rsa; |
245 |
key.d->isNull = false; |
249 |
key.d->isNull = false; |
246 |
} else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { |
250 |
} else if (keyType == EVP_PKEY_DSA) { |
247 |
key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); |
251 |
key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); |
248 |
key.d->algorithm = QSsl::Dsa; |
252 |
key.d->algorithm = QSsl::Dsa; |
249 |
key.d->isNull = false; |
253 |
key.d->isNull = false; |
250 |
#ifndef OPENSSL_NO_EC |
254 |
#ifndef OPENSSL_NO_EC |
251 |
} else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) { |
255 |
} else if (keyType == EVP_PKEY_EC) { |
252 |
key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey); |
256 |
key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey); |
253 |
key.d->algorithm = QSsl::Ec; |
257 |
key.d->algorithm = QSsl::Ec; |
254 |
key.d->isNull = false; |
258 |
key.d->isNull = false; |
255 |
#endif |
259 |
#endif |
256 |
} else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { |
260 |
} else if (keyType == EVP_PKEY_DH) { |
257 |
// DH unsupported |
261 |
// DH unsupported |
258 |
} else { |
262 |
} else { |
259 |
// error? |
263 |
// error? |
Lines 275-281
static QVariant x509UnknownExtensionToVa
Link Here
|
275 |
X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext)); |
279 |
X509V3_EXT_METHOD *meth = const_cast<X509V3_EXT_METHOD *>(q_X509V3_EXT_get(ext)); |
276 |
if (!meth) { |
280 |
if (!meth) { |
277 |
ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext); |
281 |
ASN1_OCTET_STRING *value = q_X509_EXTENSION_get_data(ext); |
278 |
QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_data(value)), |
282 |
QByteArray result( reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(value)), |
279 |
q_ASN1_STRING_length(value)); |
283 |
q_ASN1_STRING_length(value)); |
280 |
return result; |
284 |
return result; |
281 |
} |
285 |
} |
Lines 371-377
static QVariant x509ExtensionToValue(X50
Link Here
|
371 |
continue; |
375 |
continue; |
372 |
} |
376 |
} |
373 |
|
377 |
|
374 |
const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(name->d.uniformResourceIdentifier)); |
378 |
const char *uriStr = reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(name->d.uniformResourceIdentifier)); |
375 |
const QString uri = QString::fromUtf8(uriStr, len); |
379 |
const QString uri = QString::fromUtf8(uriStr, len); |
376 |
|
380 |
|
377 |
result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri; |
381 |
result[QString::fromUtf8(QSslCertificatePrivate::asn1ObjectName(ad->method))] = uri; |
Lines 380-390
static QVariant x509ExtensionToValue(X50
Link Here
|
380 |
} |
384 |
} |
381 |
} |
385 |
} |
382 |
|
386 |
|
383 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
387 |
q_OPENSSL_sk_pop_free((OPENSSL_STACK*)info, reinterpret_cast<void(*)(void *)>(q_OPENSSL_sk_free)); |
384 |
q_sk_pop_free((_STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free)); |
|
|
385 |
#else |
386 |
q_sk_pop_free((STACK*)info, reinterpret_cast<void(*)(void*)>(q_sk_free)); |
387 |
#endif |
388 |
return result; |
388 |
return result; |
389 |
} |
389 |
} |
390 |
break; |
390 |
break; |
Lines 607-613
static QMap<QByteArray, QString> _q_mapF
Link Here
|
607 |
unsigned char *data = 0; |
607 |
unsigned char *data = 0; |
608 |
int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); |
608 |
int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); |
609 |
info.insertMulti(name, QString::fromUtf8((char*)data, size)); |
609 |
info.insertMulti(name, QString::fromUtf8((char*)data, size)); |
|
|
610 |
#if QT_CONFIG(opensslv11) |
611 |
q_CRYPTO_free(data, 0, 0); |
612 |
#else |
610 |
q_CRYPTO_free(data); |
613 |
q_CRYPTO_free(data); |
|
|
614 |
#endif |
611 |
} |
615 |
} |
612 |
|
616 |
|
613 |
return info; |
617 |
return info; |
Lines 619-626
QSslCertificate QSslCertificatePrivate::
Link Here
|
619 |
if (!x509 || !QSslSocket::supportsSsl()) |
623 |
if (!x509 || !QSslSocket::supportsSsl()) |
620 |
return certificate; |
624 |
return certificate; |
621 |
|
625 |
|
622 |
ASN1_TIME *nbef = q_X509_get_notBefore(x509); |
626 |
ASN1_TIME *nbef = q_X509_getm_notBefore(x509); |
623 |
ASN1_TIME *naft = q_X509_get_notAfter(x509); |
627 |
ASN1_TIME *naft = q_X509_getm_notAfter(x509); |
|
|
628 |
|
624 |
certificate.d->notValidBefore = q_getTimeFromASN1(nbef); |
629 |
certificate.d->notValidBefore = q_getTimeFromASN1(nbef); |
625 |
certificate.d->notValidAfter = q_getTimeFromASN1(naft); |
630 |
certificate.d->notValidAfter = q_getTimeFromASN1(naft); |
626 |
certificate.d->null = false; |
631 |
certificate.d->null = false; |
627 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslcontext_openssl11.cpp |
632 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslcontext_openssl11.cpp |
Line 0
Link Here
|
0 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslcontext_openssl.cpp |
1 |
/**************************************************************************** |
|
|
2 |
** |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
5 |
** Copyright (C) 2014 Governikus GmbH & Co. KG. |
6 |
** Copyright (C) 2016 Richard J. Moore <rich@kde.org> |
7 |
** Contact: https://www.qt.io/licensing/ |
8 |
** |
9 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
10 |
** |
11 |
** $QT_BEGIN_LICENSE:LGPL$ |
12 |
** Commercial License Usage |
13 |
** Licensees holding valid commercial Qt licenses may use this file in |
14 |
** accordance with the commercial license agreement provided with the |
15 |
** Software or, alternatively, in accordance with the terms contained in |
16 |
** a written agreement between you and The Qt Company. For licensing terms |
17 |
** and conditions see https://www.qt.io/terms-conditions. For further |
18 |
** information use the contact form at https://www.qt.io/contact-us. |
19 |
** |
20 |
** GNU Lesser General Public License Usage |
21 |
** Alternatively, this file may be used under the terms of the GNU Lesser |
22 |
** General Public License version 3 as published by the Free Software |
23 |
** Foundation and appearing in the file LICENSE.LGPL3 included in the |
24 |
** packaging of this file. Please review the following information to |
25 |
** ensure the GNU Lesser General Public License version 3 requirements |
26 |
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
27 |
** |
28 |
** GNU General Public License Usage |
29 |
** Alternatively, this file may be used under the terms of the GNU |
30 |
** General Public License version 2.0 or (at your option) the GNU General |
31 |
** Public license version 3 or any later version approved by the KDE Free |
32 |
** Qt Foundation. The licenses are as published by the Free Software |
33 |
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
34 |
** included in the packaging of this file. Please review the following |
35 |
** information to ensure the GNU General Public License requirements will |
36 |
** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
37 |
** https://www.gnu.org/licenses/gpl-3.0.html. |
38 |
** |
39 |
** $QT_END_LICENSE$ |
40 |
** |
41 |
****************************************************************************/ |
42 |
|
43 |
|
44 |
#include <QtNetwork/qsslsocket.h> |
45 |
#include <QtNetwork/qssldiffiehellmanparameters.h> |
46 |
|
47 |
#include "private/qssl_p.h" |
48 |
#include "private/qsslcontext_openssl_p.h" |
49 |
#include "private/qsslsocket_p.h" |
50 |
#include "private/qsslsocket_openssl_p.h" |
51 |
#include "private/qsslsocket_openssl_symbols_p.h" |
52 |
#include "private/qssldiffiehellmanparameters_p.h" |
53 |
|
54 |
#include <vector> |
55 |
|
56 |
QT_BEGIN_NAMESPACE |
57 |
|
58 |
// defined in qsslsocket_openssl.cpp: |
59 |
extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); |
60 |
extern QString getErrorsFromOpenSsl(); |
61 |
|
62 |
static inline QString msgErrorSettingEllipticCurves(const QString &why) |
63 |
{ |
64 |
return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); |
65 |
} |
66 |
|
67 |
// static |
68 |
void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) |
69 |
{ |
70 |
sslContext->sslConfiguration = configuration; |
71 |
sslContext->errorCode = QSslError::NoError; |
72 |
|
73 |
bool client = (mode == QSslSocket::SslClientMode); |
74 |
|
75 |
bool reinitialized = false; |
76 |
bool unsupportedProtocol = false; |
77 |
init_context: |
78 |
if (sslContext->sslConfiguration.protocol() == QSsl::SslV2) { |
79 |
// SSL 2 is no longer supported, but chosen deliberately -> error |
80 |
sslContext->ctx = nullptr; |
81 |
unsupportedProtocol = true; |
82 |
} else { |
83 |
// The ssl options will actually control the supported methods |
84 |
sslContext->ctx = q_SSL_CTX_new(client ? q_TLS_client_method() : q_TLS_server_method()); |
85 |
} |
86 |
|
87 |
if (!sslContext->ctx) { |
88 |
// After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them |
89 |
// by re-initializing the library. |
90 |
if (!reinitialized) { |
91 |
reinitialized = true; |
92 |
if (q_OPENSSL_init_ssl(0, nullptr) == 1) |
93 |
goto init_context; |
94 |
} |
95 |
|
96 |
sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( |
97 |
unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() |
98 |
); |
99 |
sslContext->errorCode = QSslError::UnspecifiedError; |
100 |
return; |
101 |
} |
102 |
|
103 |
// Enable bug workarounds. |
104 |
long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); |
105 |
q_SSL_CTX_set_options(sslContext->ctx, options); |
106 |
|
107 |
// Tell OpenSSL to release memory early |
108 |
// http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html |
109 |
q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); |
110 |
|
111 |
// Initialize ciphers |
112 |
QByteArray cipherString; |
113 |
bool first = true; |
114 |
QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); |
115 |
if (ciphers.isEmpty()) |
116 |
ciphers = QSslSocketPrivate::defaultCiphers(); |
117 |
for (const QSslCipher &cipher : qAsConst(ciphers)) { |
118 |
if (first) |
119 |
first = false; |
120 |
else |
121 |
cipherString.append(':'); |
122 |
cipherString.append(cipher.name().toLatin1()); |
123 |
} |
124 |
|
125 |
if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { |
126 |
sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
127 |
sslContext->errorCode = QSslError::UnspecifiedError; |
128 |
return; |
129 |
} |
130 |
|
131 |
const QDateTime now = QDateTime::currentDateTimeUtc(); |
132 |
|
133 |
// Add all our CAs to this store. |
134 |
const auto caCertificates = sslContext->sslConfiguration.caCertificates(); |
135 |
for (const QSslCertificate &caCertificate : caCertificates) { |
136 |
// From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: |
137 |
// |
138 |
// If several CA certificates matching the name, key identifier, and |
139 |
// serial number condition are available, only the first one will be |
140 |
// examined. This may lead to unexpected results if the same CA |
141 |
// certificate is available with different expiration dates. If a |
142 |
// ``certificate expired'' verification error occurs, no other |
143 |
// certificate will be searched. Make sure to not have expired |
144 |
// certificates mixed with valid ones. |
145 |
// |
146 |
// See also: QSslSocketBackendPrivate::verify() |
147 |
if (caCertificate.expiryDate() >= now) { |
148 |
q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); |
149 |
} |
150 |
} |
151 |
|
152 |
if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { |
153 |
// tell OpenSSL the directories where to look up the root certs on demand |
154 |
const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); |
155 |
for (const QByteArray &unixDir : unixDirs) |
156 |
q_SSL_CTX_load_verify_locations(sslContext->ctx, nullptr, unixDir.constData()); |
157 |
} |
158 |
|
159 |
if (!sslContext->sslConfiguration.localCertificate().isNull()) { |
160 |
// Require a private key as well. |
161 |
if (sslContext->sslConfiguration.privateKey().isNull()) { |
162 |
sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
163 |
sslContext->errorCode = QSslError::UnspecifiedError; |
164 |
return; |
165 |
} |
166 |
|
167 |
// Load certificate |
168 |
if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { |
169 |
sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
170 |
sslContext->errorCode = QSslError::UnspecifiedError; |
171 |
return; |
172 |
} |
173 |
|
174 |
if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { |
175 |
sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); |
176 |
} else { |
177 |
// Load private key |
178 |
sslContext->pkey = q_EVP_PKEY_new(); |
179 |
// before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. |
180 |
// this lead to a memory leak. Now we use the *_set1_* functions which do not |
181 |
// take ownership of the RSA/DSA key instance because the QSslKey already has ownership. |
182 |
if (configuration.d->privateKey.algorithm() == QSsl::Rsa) |
183 |
q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); |
184 |
else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) |
185 |
q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); |
186 |
#ifndef OPENSSL_NO_EC |
187 |
else if (configuration.d->privateKey.algorithm() == QSsl::Ec) |
188 |
q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); |
189 |
#endif |
190 |
} |
191 |
|
192 |
if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { |
193 |
sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
194 |
sslContext->errorCode = QSslError::UnspecifiedError; |
195 |
return; |
196 |
} |
197 |
if (configuration.d->privateKey.algorithm() == QSsl::Opaque) |
198 |
sslContext->pkey = nullptr; // Don't free the private key, it belongs to QSslKey |
199 |
|
200 |
// Check if the certificate matches the private key. |
201 |
if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { |
202 |
sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
203 |
sslContext->errorCode = QSslError::UnspecifiedError; |
204 |
return; |
205 |
} |
206 |
|
207 |
// If we have any intermediate certificates then we need to add them to our chain |
208 |
bool first = true; |
209 |
for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { |
210 |
if (first) { |
211 |
first = false; |
212 |
continue; |
213 |
} |
214 |
q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, |
215 |
q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); |
216 |
} |
217 |
} |
218 |
|
219 |
// Initialize peer verification. |
220 |
if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { |
221 |
q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, nullptr); |
222 |
} else { |
223 |
q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); |
224 |
} |
225 |
|
226 |
// Set verification depth. |
227 |
if (sslContext->sslConfiguration.peerVerifyDepth() != 0) |
228 |
q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); |
229 |
|
230 |
// set persisted session if the user set it |
231 |
if (!configuration.sessionTicket().isEmpty()) |
232 |
sslContext->setSessionASN1(configuration.sessionTicket()); |
233 |
|
234 |
// Set temp DH params |
235 |
QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); |
236 |
|
237 |
if (!dhparams.isValid()) { |
238 |
sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); |
239 |
sslContext->errorCode = QSslError::UnspecifiedError; |
240 |
return; |
241 |
} |
242 |
|
243 |
if (!dhparams.isEmpty()) { |
244 |
const QByteArray ¶ms = dhparams.d->derData; |
245 |
const char *ptr = params.constData(); |
246 |
DH *dh = q_d2i_DHparams(NULL, reinterpret_cast<const unsigned char **>(&ptr), params.length()); |
247 |
if (dh == NULL) |
248 |
qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); |
249 |
q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); |
250 |
q_DH_free(dh); |
251 |
} |
252 |
|
253 |
#ifndef OPENSSL_NO_PSK |
254 |
if (!client) |
255 |
q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); |
256 |
#endif // !OPENSSL_NO_PSK |
257 |
|
258 |
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); |
259 |
if (!qcurves.isEmpty()) { |
260 |
#ifdef OPENSSL_NO_EC |
261 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version with disabled elliptic curves")); |
262 |
sslContext->errorCode = QSslError::UnspecifiedError; |
263 |
#else |
264 |
// Set the curves to be used. |
265 |
std::vector<int> curves; |
266 |
curves.reserve(qcurves.size()); |
267 |
for (const auto &sslCurve : qcurves) |
268 |
curves.push_back(sslCurve.id); |
269 |
if (!q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_CURVES, long(curves.size()), &curves[0])) { |
270 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
271 |
sslContext->errorCode = QSslError::UnspecifiedError; |
272 |
} |
273 |
#endif |
274 |
} |
275 |
} |
276 |
|
277 |
QT_END_NAMESPACE |
|
|
278 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslcontext_openssl.cpp |
Lines 1-6
Link Here
|
1 |
/**************************************************************************** |
1 |
/**************************************************************************** |
2 |
** |
2 |
** |
3 |
** Copyright (C) 2016 The Qt Company Ltd. |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
5 |
** Copyright (C) 2014 Governikus GmbH & Co. KG. |
5 |
** Copyright (C) 2014 Governikus GmbH & Co. KG. |
6 |
** Contact: https://www.qt.io/licensing/ |
6 |
** Contact: https://www.qt.io/licensing/ |
Lines 41-62
Link Here
|
41 |
|
41 |
|
42 |
|
42 |
|
43 |
#include <QtNetwork/qsslsocket.h> |
43 |
#include <QtNetwork/qsslsocket.h> |
44 |
#include <QtNetwork/qssldiffiehellmanparameters.h> |
|
|
45 |
#include <QtCore/qmutex.h> |
46 |
|
44 |
|
47 |
#include "private/qssl_p.h" |
45 |
#include "private/qssl_p.h" |
48 |
#include "private/qsslcontext_openssl_p.h" |
46 |
#include "private/qsslcontext_openssl_p.h" |
49 |
#include "private/qsslsocket_p.h" |
|
|
50 |
#include "private/qsslsocket_openssl_p.h" |
47 |
#include "private/qsslsocket_openssl_p.h" |
51 |
#include "private/qsslsocket_openssl_symbols_p.h" |
48 |
#include "private/qsslsocket_openssl_symbols_p.h" |
52 |
#include "private/qssldiffiehellmanparameters_p.h" |
|
|
53 |
|
49 |
|
54 |
QT_BEGIN_NAMESPACE |
50 |
QT_BEGIN_NAMESPACE |
55 |
|
51 |
|
56 |
// defined in qsslsocket_openssl.cpp: |
|
|
57 |
extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); |
58 |
extern QString getErrorsFromOpenSsl(); |
59 |
|
60 |
QSslContext::QSslContext() |
52 |
QSslContext::QSslContext() |
61 |
: ctx(0), |
53 |
: ctx(0), |
62 |
pkey(0), |
54 |
pkey(0), |
Lines 78-378
QSslContext::~QSslContext()
Link Here
|
78 |
q_SSL_SESSION_free(session); |
70 |
q_SSL_SESSION_free(session); |
79 |
} |
71 |
} |
80 |
|
72 |
|
81 |
static inline QString msgErrorSettingEllipticCurves(const QString &why) |
|
|
82 |
{ |
83 |
return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); |
84 |
} |
85 |
|
86 |
// static |
87 |
void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) |
88 |
{ |
89 |
sslContext->sslConfiguration = configuration; |
90 |
sslContext->errorCode = QSslError::NoError; |
91 |
|
92 |
bool client = (mode == QSslSocket::SslClientMode); |
93 |
|
94 |
bool reinitialized = false; |
95 |
bool unsupportedProtocol = false; |
96 |
init_context: |
97 |
switch (sslContext->sslConfiguration.protocol()) { |
98 |
case QSsl::SslV2: |
99 |
#ifndef OPENSSL_NO_SSL2 |
100 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); |
101 |
#else |
102 |
// SSL 2 not supported by the system, but chosen deliberately -> error |
103 |
sslContext->ctx = 0; |
104 |
unsupportedProtocol = true; |
105 |
#endif |
106 |
break; |
107 |
case QSsl::SslV3: |
108 |
#ifndef OPENSSL_NO_SSL3_METHOD |
109 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); |
110 |
#else |
111 |
// SSL 3 not supported by the system, but chosen deliberately -> error |
112 |
sslContext->ctx = 0; |
113 |
unsupportedProtocol = true; |
114 |
#endif |
115 |
break; |
116 |
case QSsl::SecureProtocols: |
117 |
// SSLv2 and SSLv3 will be disabled by SSL options |
118 |
// But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. |
119 |
case QSsl::TlsV1SslV3: |
120 |
// SSLv2 will will be disabled by SSL options |
121 |
case QSsl::AnyProtocol: |
122 |
default: |
123 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); |
124 |
break; |
125 |
case QSsl::TlsV1_0: |
126 |
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); |
127 |
break; |
128 |
case QSsl::TlsV1_1: |
129 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
130 |
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); |
131 |
#else |
132 |
// TLS 1.1 not supported by the system, but chosen deliberately -> error |
133 |
sslContext->ctx = 0; |
134 |
unsupportedProtocol = true; |
135 |
#endif |
136 |
break; |
137 |
case QSsl::TlsV1_2: |
138 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
139 |
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); |
140 |
#else |
141 |
// TLS 1.2 not supported by the system, but chosen deliberately -> error |
142 |
sslContext->ctx = 0; |
143 |
unsupportedProtocol = true; |
144 |
#endif |
145 |
break; |
146 |
case QSsl::TlsV1_0OrLater: |
147 |
// Specific protocols will be specified via SSL options. |
148 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); |
149 |
break; |
150 |
case QSsl::TlsV1_1OrLater: |
151 |
case QSsl::TlsV1_2OrLater: |
152 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
153 |
// Specific protocols will be specified via SSL options. |
154 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); |
155 |
#else |
156 |
// TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error |
157 |
sslContext->ctx = 0; |
158 |
unsupportedProtocol = true; |
159 |
#endif |
160 |
break; |
161 |
} |
162 |
|
163 |
if (!sslContext->ctx) { |
164 |
// After stopping Flash 10 the SSL library looses its ciphers. Try re-adding them |
165 |
// by re-initializing the library. |
166 |
if (!reinitialized) { |
167 |
reinitialized = true; |
168 |
if (q_SSL_library_init() == 1) |
169 |
goto init_context; |
170 |
} |
171 |
|
172 |
sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( |
173 |
unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() |
174 |
); |
175 |
sslContext->errorCode = QSslError::UnspecifiedError; |
176 |
return; |
177 |
} |
178 |
|
179 |
// Enable bug workarounds. |
180 |
long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); |
181 |
q_SSL_CTX_set_options(sslContext->ctx, options); |
182 |
|
183 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
184 |
// Tell OpenSSL to release memory early |
185 |
// http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html |
186 |
if (q_SSLeay() >= 0x10000000L) |
187 |
q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); |
188 |
#endif |
189 |
|
190 |
// Initialize ciphers |
191 |
QByteArray cipherString; |
192 |
bool first = true; |
193 |
QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); |
194 |
if (ciphers.isEmpty()) |
195 |
ciphers = QSslSocketPrivate::defaultCiphers(); |
196 |
for (const QSslCipher &cipher : qAsConst(ciphers)) { |
197 |
if (first) |
198 |
first = false; |
199 |
else |
200 |
cipherString.append(':'); |
201 |
cipherString.append(cipher.name().toLatin1()); |
202 |
} |
203 |
|
204 |
if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { |
205 |
sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
206 |
sslContext->errorCode = QSslError::UnspecifiedError; |
207 |
return; |
208 |
} |
209 |
|
210 |
const QDateTime now = QDateTime::currentDateTimeUtc(); |
211 |
|
212 |
// Add all our CAs to this store. |
213 |
const auto caCertificates = sslContext->sslConfiguration.caCertificates(); |
214 |
for (const QSslCertificate &caCertificate : caCertificates) { |
215 |
// From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: |
216 |
// |
217 |
// If several CA certificates matching the name, key identifier, and |
218 |
// serial number condition are available, only the first one will be |
219 |
// examined. This may lead to unexpected results if the same CA |
220 |
// certificate is available with different expiration dates. If a |
221 |
// ``certificate expired'' verification error occurs, no other |
222 |
// certificate will be searched. Make sure to not have expired |
223 |
// certificates mixed with valid ones. |
224 |
// |
225 |
// See also: QSslSocketBackendPrivate::verify() |
226 |
if (caCertificate.expiryDate() >= now) { |
227 |
q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); |
228 |
} |
229 |
} |
230 |
|
231 |
if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { |
232 |
// tell OpenSSL the directories where to look up the root certs on demand |
233 |
const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); |
234 |
for (const QByteArray &unixDir : unixDirs) |
235 |
q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); |
236 |
} |
237 |
|
238 |
if (!sslContext->sslConfiguration.localCertificate().isNull()) { |
239 |
// Require a private key as well. |
240 |
if (sslContext->sslConfiguration.privateKey().isNull()) { |
241 |
sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
242 |
sslContext->errorCode = QSslError::UnspecifiedError; |
243 |
return; |
244 |
} |
245 |
|
246 |
// Load certificate |
247 |
if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { |
248 |
sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
249 |
sslContext->errorCode = QSslError::UnspecifiedError; |
250 |
return; |
251 |
} |
252 |
|
253 |
if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { |
254 |
sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); |
255 |
} else { |
256 |
// Load private key |
257 |
sslContext->pkey = q_EVP_PKEY_new(); |
258 |
// before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. |
259 |
// this lead to a memory leak. Now we use the *_set1_* functions which do not |
260 |
// take ownership of the RSA/DSA key instance because the QSslKey already has ownership. |
261 |
if (configuration.d->privateKey.algorithm() == QSsl::Rsa) |
262 |
q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); |
263 |
else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) |
264 |
q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); |
265 |
#ifndef OPENSSL_NO_EC |
266 |
else if (configuration.d->privateKey.algorithm() == QSsl::Ec) |
267 |
q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); |
268 |
#endif |
269 |
} |
270 |
|
271 |
if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { |
272 |
sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
273 |
sslContext->errorCode = QSslError::UnspecifiedError; |
274 |
return; |
275 |
} |
276 |
if (configuration.d->privateKey.algorithm() == QSsl::Opaque) |
277 |
sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey |
278 |
|
279 |
// Check if the certificate matches the private key. |
280 |
if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { |
281 |
sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
282 |
sslContext->errorCode = QSslError::UnspecifiedError; |
283 |
return; |
284 |
} |
285 |
|
286 |
// If we have any intermediate certificates then we need to add them to our chain |
287 |
bool first = true; |
288 |
for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { |
289 |
if (first) { |
290 |
first = false; |
291 |
continue; |
292 |
} |
293 |
q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, |
294 |
q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); |
295 |
} |
296 |
} |
297 |
|
298 |
// Initialize peer verification. |
299 |
if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { |
300 |
q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); |
301 |
} else { |
302 |
q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); |
303 |
} |
304 |
|
305 |
// Set verification depth. |
306 |
if (sslContext->sslConfiguration.peerVerifyDepth() != 0) |
307 |
q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); |
308 |
|
309 |
// set persisted session if the user set it |
310 |
if (!configuration.sessionTicket().isEmpty()) |
311 |
sslContext->setSessionASN1(configuration.sessionTicket()); |
312 |
|
313 |
// Set temp DH params |
314 |
QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); |
315 |
|
316 |
if (!dhparams.isValid()) { |
317 |
sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); |
318 |
sslContext->errorCode = QSslError::UnspecifiedError; |
319 |
return; |
320 |
} |
321 |
|
322 |
if (!dhparams.isEmpty()) { |
323 |
const QByteArray ¶ms = dhparams.d->derData; |
324 |
const char *ptr = params.constData(); |
325 |
DH *dh = q_d2i_DHparams(NULL, reinterpret_cast<const unsigned char **>(&ptr), params.length()); |
326 |
if (dh == NULL) |
327 |
qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); |
328 |
q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); |
329 |
q_DH_free(dh); |
330 |
} |
331 |
|
332 |
#ifndef OPENSSL_NO_EC |
333 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
334 |
if (q_SSLeay() >= 0x10002000L) { |
335 |
q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); |
336 |
} else |
337 |
#endif |
338 |
{ |
339 |
// Set temp ECDH params |
340 |
EC_KEY *ecdh = 0; |
341 |
ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
342 |
q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); |
343 |
q_EC_KEY_free(ecdh); |
344 |
} |
345 |
#endif // OPENSSL_NO_EC |
346 |
|
347 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
348 |
if (!client) |
349 |
q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); |
350 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
351 |
|
352 |
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); |
353 |
if (!qcurves.isEmpty()) { |
354 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) |
355 |
// Set the curves to be used |
356 |
if (q_SSLeay() >= 0x10002000L) { |
357 |
// SSL_CTX_ctrl wants a non-const pointer as last argument, |
358 |
// but let's avoid a copy into a temporary array |
359 |
if (!q_SSL_CTX_ctrl(sslContext->ctx, |
360 |
SSL_CTRL_SET_CURVES, |
361 |
qcurves.size(), |
362 |
const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { |
363 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
364 |
sslContext->errorCode = QSslError::UnspecifiedError; |
365 |
} |
366 |
} else |
367 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) |
368 |
{ |
369 |
// specific curves requested, but not possible to set -> error |
370 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); |
371 |
sslContext->errorCode = QSslError::UnspecifiedError; |
372 |
} |
373 |
} |
374 |
} |
375 |
|
376 |
QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) |
73 |
QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) |
377 |
{ |
74 |
{ |
378 |
QSslContext *sslContext = new QSslContext(); |
75 |
QSslContext *sslContext = new QSslContext(); |
Lines 463-469
SSL* QSslContext::createSsl()
Link Here
|
463 |
m_npnContext.len = m_supportedNPNVersions.count(); |
160 |
m_npnContext.len = m_supportedNPNVersions.count(); |
464 |
m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone; |
161 |
m_npnContext.status = QSslConfiguration::NextProtocolNegotiationNone; |
465 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
162 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
466 |
if (q_SSLeay() >= 0x10002000L) { |
163 |
if (QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) { |
467 |
// Callback's type has a parameter 'const unsigned char ** out' |
164 |
// Callback's type has a parameter 'const unsigned char ** out' |
468 |
// since it was introduced in 1.0.2. Internally, OpenSSL's own code |
165 |
// since it was introduced in 1.0.2. Internally, OpenSSL's own code |
469 |
// (tests/examples) cast it to unsigned char * (since it's 'out'). |
166 |
// (tests/examples) cast it to unsigned char * (since it's 'out'). |
Lines 508-514
bool QSslContext::cacheSession(SSL* ssl)
Link Here
|
508 |
unsigned char *data = reinterpret_cast<unsigned char *>(m_sessionASN1.data()); |
205 |
unsigned char *data = reinterpret_cast<unsigned char *>(m_sessionASN1.data()); |
509 |
if (!q_i2d_SSL_SESSION(session, &data)) |
206 |
if (!q_i2d_SSL_SESSION(session, &data)) |
510 |
qCWarning(lcSsl, "could not store persistent version of SSL session"); |
207 |
qCWarning(lcSsl, "could not store persistent version of SSL session"); |
511 |
m_sessionTicketLifeTimeHint = session->tlsext_tick_lifetime_hint; |
208 |
m_sessionTicketLifeTimeHint = q_SSL_SESSION_get_ticket_lifetime_hint(session); |
512 |
} |
209 |
} |
513 |
} |
210 |
} |
514 |
|
211 |
|
515 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslcontext_opensslpre11.cpp |
212 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslcontext_opensslpre11.cpp |
Line 0
Link Here
|
0 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp |
1 |
/**************************************************************************** |
|
|
2 |
** |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
5 |
** Copyright (C) 2014 Governikus GmbH & Co. KG. |
6 |
** Contact: https://www.qt.io/licensing/ |
7 |
** |
8 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
9 |
** |
10 |
** $QT_BEGIN_LICENSE:LGPL$ |
11 |
** Commercial License Usage |
12 |
** Licensees holding valid commercial Qt licenses may use this file in |
13 |
** accordance with the commercial license agreement provided with the |
14 |
** Software or, alternatively, in accordance with the terms contained in |
15 |
** a written agreement between you and The Qt Company. For licensing terms |
16 |
** and conditions see https://www.qt.io/terms-conditions. For further |
17 |
** information use the contact form at https://www.qt.io/contact-us. |
18 |
** |
19 |
** GNU Lesser General Public License Usage |
20 |
** Alternatively, this file may be used under the terms of the GNU Lesser |
21 |
** General Public License version 3 as published by the Free Software |
22 |
** Foundation and appearing in the file LICENSE.LGPL3 included in the |
23 |
** packaging of this file. Please review the following information to |
24 |
** ensure the GNU Lesser General Public License version 3 requirements |
25 |
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
26 |
** |
27 |
** GNU General Public License Usage |
28 |
** Alternatively, this file may be used under the terms of the GNU |
29 |
** General Public License version 2.0 or (at your option) the GNU General |
30 |
** Public license version 3 or any later version approved by the KDE Free |
31 |
** Qt Foundation. The licenses are as published by the Free Software |
32 |
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
33 |
** included in the packaging of this file. Please review the following |
34 |
** information to ensure the GNU General Public License requirements will |
35 |
** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
36 |
** https://www.gnu.org/licenses/gpl-3.0.html. |
37 |
** |
38 |
** $QT_END_LICENSE$ |
39 |
** |
40 |
****************************************************************************/ |
41 |
|
42 |
|
43 |
#include <QtNetwork/qsslsocket.h> |
44 |
#include <QtNetwork/qssldiffiehellmanparameters.h> |
45 |
|
46 |
#include "private/qssl_p.h" |
47 |
#include "private/qsslcontext_openssl_p.h" |
48 |
#include "private/qsslsocket_p.h" |
49 |
#include "private/qsslsocket_openssl_p.h" |
50 |
#include "private/qsslsocket_openssl_symbols_p.h" |
51 |
#include "private/qssldiffiehellmanparameters_p.h" |
52 |
|
53 |
QT_BEGIN_NAMESPACE |
54 |
|
55 |
// defined in qsslsocket_openssl.cpp: |
56 |
extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); |
57 |
extern QString getErrorsFromOpenSsl(); |
58 |
|
59 |
static inline QString msgErrorSettingEllipticCurves(const QString &why) |
60 |
{ |
61 |
return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why); |
62 |
} |
63 |
|
64 |
// static |
65 |
void QSslContext::initSslContext(QSslContext *sslContext, QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading) |
66 |
{ |
67 |
sslContext->sslConfiguration = configuration; |
68 |
sslContext->errorCode = QSslError::NoError; |
69 |
|
70 |
bool client = (mode == QSslSocket::SslClientMode); |
71 |
|
72 |
bool reinitialized = false; |
73 |
bool unsupportedProtocol = false; |
74 |
init_context: |
75 |
switch (sslContext->sslConfiguration.protocol()) { |
76 |
case QSsl::SslV2: |
77 |
#ifndef OPENSSL_NO_SSL2 |
78 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); |
79 |
#else |
80 |
// SSL 2 not supported by the system, but chosen deliberately -> error |
81 |
sslContext->ctx = 0; |
82 |
unsupportedProtocol = true; |
83 |
#endif |
84 |
break; |
85 |
case QSsl::SslV3: |
86 |
#ifndef OPENSSL_NO_SSL3_METHOD |
87 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv3_client_method() : q_SSLv3_server_method()); |
88 |
#else |
89 |
// SSL 3 not supported by the system, but chosen deliberately -> error |
90 |
sslContext->ctx = 0; |
91 |
unsupportedProtocol = true; |
92 |
#endif |
93 |
break; |
94 |
case QSsl::SecureProtocols: |
95 |
// SSLv2 and SSLv3 will be disabled by SSL options |
96 |
// But we need q_SSLv23_server_method() otherwise AnyProtocol will be unable to connect on Win32. |
97 |
case QSsl::TlsV1SslV3: |
98 |
// SSLv2 will will be disabled by SSL options |
99 |
case QSsl::AnyProtocol: |
100 |
default: |
101 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); |
102 |
break; |
103 |
case QSsl::TlsV1_0: |
104 |
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_client_method() : q_TLSv1_server_method()); |
105 |
break; |
106 |
case QSsl::TlsV1_1: |
107 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
108 |
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_1_client_method() : q_TLSv1_1_server_method()); |
109 |
#else |
110 |
// TLS 1.1 not supported by the system, but chosen deliberately -> error |
111 |
sslContext->ctx = 0; |
112 |
unsupportedProtocol = true; |
113 |
#endif |
114 |
break; |
115 |
case QSsl::TlsV1_2: |
116 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
117 |
sslContext->ctx = q_SSL_CTX_new(client ? q_TLSv1_2_client_method() : q_TLSv1_2_server_method()); |
118 |
#else |
119 |
// TLS 1.2 not supported by the system, but chosen deliberately -> error |
120 |
sslContext->ctx = 0; |
121 |
unsupportedProtocol = true; |
122 |
#endif |
123 |
break; |
124 |
case QSsl::TlsV1_0OrLater: |
125 |
// Specific protocols will be specified via SSL options. |
126 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); |
127 |
break; |
128 |
case QSsl::TlsV1_1OrLater: |
129 |
case QSsl::TlsV1_2OrLater: |
130 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
131 |
// Specific protocols will be specified via SSL options. |
132 |
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv23_client_method() : q_SSLv23_server_method()); |
133 |
#else |
134 |
// TLS 1.1/1.2 not supported by the system, but chosen deliberately -> error |
135 |
sslContext->ctx = 0; |
136 |
unsupportedProtocol = true; |
137 |
#endif |
138 |
break; |
139 |
} |
140 |
|
141 |
if (!sslContext->ctx) { |
142 |
// After stopping Flash 10 the SSL library loses its ciphers. Try re-adding them |
143 |
// by re-initializing the library. |
144 |
if (!reinitialized) { |
145 |
reinitialized = true; |
146 |
if (q_SSL_library_init() == 1) |
147 |
goto init_context; |
148 |
} |
149 |
|
150 |
sslContext->errorStr = QSslSocket::tr("Error creating SSL context (%1)").arg( |
151 |
unsupportedProtocol ? QSslSocket::tr("unsupported protocol") : QSslSocketBackendPrivate::getErrorsFromOpenSsl() |
152 |
); |
153 |
sslContext->errorCode = QSslError::UnspecifiedError; |
154 |
return; |
155 |
} |
156 |
|
157 |
// Enable bug workarounds. |
158 |
long options = QSslSocketBackendPrivate::setupOpenSslOptions(configuration.protocol(), configuration.d->sslOptions); |
159 |
q_SSL_CTX_set_options(sslContext->ctx, options); |
160 |
|
161 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
162 |
// Tell OpenSSL to release memory early |
163 |
// http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html |
164 |
if (q_SSLeay() >= 0x10000000L) |
165 |
q_SSL_CTX_set_mode(sslContext->ctx, SSL_MODE_RELEASE_BUFFERS); |
166 |
#endif |
167 |
|
168 |
// Initialize ciphers |
169 |
QByteArray cipherString; |
170 |
bool first = true; |
171 |
QList<QSslCipher> ciphers = sslContext->sslConfiguration.ciphers(); |
172 |
if (ciphers.isEmpty()) |
173 |
ciphers = QSslSocketPrivate::defaultCiphers(); |
174 |
for (const QSslCipher &cipher : qAsConst(ciphers)) { |
175 |
if (first) |
176 |
first = false; |
177 |
else |
178 |
cipherString.append(':'); |
179 |
cipherString.append(cipher.name().toLatin1()); |
180 |
} |
181 |
|
182 |
if (!q_SSL_CTX_set_cipher_list(sslContext->ctx, cipherString.data())) { |
183 |
sslContext->errorStr = QSslSocket::tr("Invalid or empty cipher list (%1)").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
184 |
sslContext->errorCode = QSslError::UnspecifiedError; |
185 |
return; |
186 |
} |
187 |
|
188 |
const QDateTime now = QDateTime::currentDateTimeUtc(); |
189 |
|
190 |
// Add all our CAs to this store. |
191 |
const auto caCertificates = sslContext->sslConfiguration.caCertificates(); |
192 |
for (const QSslCertificate &caCertificate : caCertificates) { |
193 |
// From https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html: |
194 |
// |
195 |
// If several CA certificates matching the name, key identifier, and |
196 |
// serial number condition are available, only the first one will be |
197 |
// examined. This may lead to unexpected results if the same CA |
198 |
// certificate is available with different expiration dates. If a |
199 |
// ``certificate expired'' verification error occurs, no other |
200 |
// certificate will be searched. Make sure to not have expired |
201 |
// certificates mixed with valid ones. |
202 |
// |
203 |
// See also: QSslSocketBackendPrivate::verify() |
204 |
if (caCertificate.expiryDate() >= now) { |
205 |
q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(sslContext->ctx), (X509 *)caCertificate.handle()); |
206 |
} |
207 |
} |
208 |
|
209 |
if (QSslSocketPrivate::s_loadRootCertsOnDemand && allowRootCertOnDemandLoading) { |
210 |
// tell OpenSSL the directories where to look up the root certs on demand |
211 |
const QList<QByteArray> unixDirs = QSslSocketPrivate::unixRootCertDirectories(); |
212 |
for (const QByteArray &unixDir : unixDirs) |
213 |
q_SSL_CTX_load_verify_locations(sslContext->ctx, 0, unixDir.constData()); |
214 |
} |
215 |
|
216 |
if (!sslContext->sslConfiguration.localCertificate().isNull()) { |
217 |
// Require a private key as well. |
218 |
if (sslContext->sslConfiguration.privateKey().isNull()) { |
219 |
sslContext->errorStr = QSslSocket::tr("Cannot provide a certificate with no key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
220 |
sslContext->errorCode = QSslError::UnspecifiedError; |
221 |
return; |
222 |
} |
223 |
|
224 |
// Load certificate |
225 |
if (!q_SSL_CTX_use_certificate(sslContext->ctx, (X509 *)sslContext->sslConfiguration.localCertificate().handle())) { |
226 |
sslContext->errorStr = QSslSocket::tr("Error loading local certificate, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
227 |
sslContext->errorCode = QSslError::UnspecifiedError; |
228 |
return; |
229 |
} |
230 |
|
231 |
if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { |
232 |
sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); |
233 |
} else { |
234 |
// Load private key |
235 |
sslContext->pkey = q_EVP_PKEY_new(); |
236 |
// before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. |
237 |
// this lead to a memory leak. Now we use the *_set1_* functions which do not |
238 |
// take ownership of the RSA/DSA key instance because the QSslKey already has ownership. |
239 |
if (configuration.d->privateKey.algorithm() == QSsl::Rsa) |
240 |
q_EVP_PKEY_set1_RSA(sslContext->pkey, reinterpret_cast<RSA *>(configuration.d->privateKey.handle())); |
241 |
else if (configuration.d->privateKey.algorithm() == QSsl::Dsa) |
242 |
q_EVP_PKEY_set1_DSA(sslContext->pkey, reinterpret_cast<DSA *>(configuration.d->privateKey.handle())); |
243 |
#ifndef OPENSSL_NO_EC |
244 |
else if (configuration.d->privateKey.algorithm() == QSsl::Ec) |
245 |
q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); |
246 |
#endif |
247 |
} |
248 |
|
249 |
if (!q_SSL_CTX_use_PrivateKey(sslContext->ctx, sslContext->pkey)) { |
250 |
sslContext->errorStr = QSslSocket::tr("Error loading private key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
251 |
sslContext->errorCode = QSslError::UnspecifiedError; |
252 |
return; |
253 |
} |
254 |
if (configuration.d->privateKey.algorithm() == QSsl::Opaque) |
255 |
sslContext->pkey = 0; // Don't free the private key, it belongs to QSslKey |
256 |
|
257 |
// Check if the certificate matches the private key. |
258 |
if (!q_SSL_CTX_check_private_key(sslContext->ctx)) { |
259 |
sslContext->errorStr = QSslSocket::tr("Private key does not certify public key, %1").arg(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
260 |
sslContext->errorCode = QSslError::UnspecifiedError; |
261 |
return; |
262 |
} |
263 |
|
264 |
// If we have any intermediate certificates then we need to add them to our chain |
265 |
bool first = true; |
266 |
for (const QSslCertificate &cert : qAsConst(configuration.d->localCertificateChain)) { |
267 |
if (first) { |
268 |
first = false; |
269 |
continue; |
270 |
} |
271 |
q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, |
272 |
q_X509_dup(reinterpret_cast<X509 *>(cert.handle()))); |
273 |
} |
274 |
} |
275 |
|
276 |
// Initialize peer verification. |
277 |
if (sslContext->sslConfiguration.peerVerifyMode() == QSslSocket::VerifyNone) { |
278 |
q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_NONE, 0); |
279 |
} else { |
280 |
q_SSL_CTX_set_verify(sslContext->ctx, SSL_VERIFY_PEER, q_X509Callback); |
281 |
} |
282 |
|
283 |
// Set verification depth. |
284 |
if (sslContext->sslConfiguration.peerVerifyDepth() != 0) |
285 |
q_SSL_CTX_set_verify_depth(sslContext->ctx, sslContext->sslConfiguration.peerVerifyDepth()); |
286 |
|
287 |
// set persisted session if the user set it |
288 |
if (!configuration.sessionTicket().isEmpty()) |
289 |
sslContext->setSessionASN1(configuration.sessionTicket()); |
290 |
|
291 |
// Set temp DH params |
292 |
QSslDiffieHellmanParameters dhparams = configuration.diffieHellmanParameters(); |
293 |
|
294 |
if (!dhparams.isValid()) { |
295 |
sslContext->errorStr = QSslSocket::tr("Diffie-Hellman parameters are not valid"); |
296 |
sslContext->errorCode = QSslError::UnspecifiedError; |
297 |
return; |
298 |
} |
299 |
|
300 |
if (!dhparams.isEmpty()) { |
301 |
const QByteArray ¶ms = dhparams.d->derData; |
302 |
const char *ptr = params.constData(); |
303 |
DH *dh = q_d2i_DHparams(NULL, reinterpret_cast<const unsigned char **>(&ptr), params.length()); |
304 |
if (dh == NULL) |
305 |
qFatal("q_d2i_DHparams failed to convert QSslDiffieHellmanParameters to DER form"); |
306 |
q_SSL_CTX_set_tmp_dh(sslContext->ctx, dh); |
307 |
q_DH_free(dh); |
308 |
} |
309 |
|
310 |
#ifndef OPENSSL_NO_EC |
311 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
312 |
if (q_SSLeay() >= 0x10002000L) { |
313 |
q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); |
314 |
} else |
315 |
#endif |
316 |
{ |
317 |
// Set temp ECDH params |
318 |
EC_KEY *ecdh = 0; |
319 |
ecdh = q_EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
320 |
q_SSL_CTX_set_tmp_ecdh(sslContext->ctx, ecdh); |
321 |
q_EC_KEY_free(ecdh); |
322 |
} |
323 |
#endif // OPENSSL_NO_EC |
324 |
|
325 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
326 |
if (!client) |
327 |
q_SSL_CTX_use_psk_identity_hint(sslContext->ctx, sslContext->sslConfiguration.preSharedKeyIdentityHint().constData()); |
328 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
329 |
|
330 |
const QVector<QSslEllipticCurve> qcurves = sslContext->sslConfiguration.ellipticCurves(); |
331 |
if (!qcurves.isEmpty()) { |
332 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) |
333 |
// Set the curves to be used |
334 |
if (q_SSLeay() >= 0x10002000L) { |
335 |
// SSL_CTX_ctrl wants a non-const pointer as last argument, |
336 |
// but let's avoid a copy into a temporary array |
337 |
if (!q_SSL_CTX_ctrl(sslContext->ctx, |
338 |
SSL_CTRL_SET_CURVES, |
339 |
qcurves.size(), |
340 |
const_cast<int *>(reinterpret_cast<const int *>(qcurves.data())))) { |
341 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocketBackendPrivate::getErrorsFromOpenSsl()); |
342 |
sslContext->errorCode = QSslError::UnspecifiedError; |
343 |
} |
344 |
} else |
345 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(OPENSSL_NO_EC) |
346 |
{ |
347 |
// specific curves requested, but not possible to set -> error |
348 |
sslContext->errorStr = msgErrorSettingEllipticCurves(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2")); |
349 |
sslContext->errorCode = QSslError::UnspecifiedError; |
350 |
} |
351 |
} |
352 |
} |
353 |
|
354 |
QT_END_NAMESPACE |
|
|
355 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp |
Lines 1-6
Link Here
|
1 |
/**************************************************************************** |
1 |
/**************************************************************************** |
2 |
** |
2 |
** |
3 |
** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk> |
3 |
** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk> |
|
|
4 |
** Copyright (C) 2016 Richard J. Moore <rich@kde.org> |
4 |
** Contact: https://www.qt.io/licensing/ |
5 |
** Contact: https://www.qt.io/licensing/ |
5 |
** |
6 |
** |
6 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
7 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
Lines 50-57
Link Here
|
50 |
#include <QtCore/qdebug.h> |
51 |
#include <QtCore/qdebug.h> |
51 |
#endif |
52 |
#endif |
52 |
|
53 |
|
53 |
// For q_BN_is_word. |
|
|
54 |
#include <openssl/bn.h> |
54 |
#include <openssl/bn.h> |
|
|
55 |
#include <openssl/dh.h> |
55 |
|
56 |
|
56 |
QT_BEGIN_NAMESPACE |
57 |
QT_BEGIN_NAMESPACE |
57 |
|
58 |
|
Lines 62-74
static bool isSafeDH(DH *dh)
Link Here
|
62 |
|
63 |
|
63 |
QSslSocketPrivate::ensureInitialized(); |
64 |
QSslSocketPrivate::ensureInitialized(); |
64 |
|
65 |
|
65 |
// Mark p < 1024 bits as unsafe. |
|
|
66 |
if (q_BN_num_bits(dh->p) < 1024) { |
67 |
return false; |
68 |
} |
69 |
|
70 |
if (q_DH_check(dh, &status) != 1) |
71 |
return false; |
72 |
|
66 |
|
73 |
// From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters: |
67 |
// From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters: |
74 |
// |
68 |
// |
Lines 81-91
static bool isSafeDH(DH *dh)
Link Here
|
81 |
// Without the test, the IETF parameters would |
75 |
// Without the test, the IETF parameters would |
82 |
// fail validation. For details, see Diffie-Hellman |
76 |
// fail validation. For details, see Diffie-Hellman |
83 |
// Parameter Check (when g = 2, must p mod 24 == 11?). |
77 |
// Parameter Check (when g = 2, must p mod 24 == 11?). |
|
|
78 |
#if QT_CONFIG(opensslv11) |
79 |
// Mark p < 1024 bits as unsafe. |
80 |
if (q_DH_bits(dh) < 1024) |
81 |
return false; |
82 |
|
83 |
if (q_DH_check(dh, &status) != 1) |
84 |
return false; |
85 |
|
86 |
const BIGNUM *p = nullptr; |
87 |
const BIGNUM *q = nullptr; |
88 |
const BIGNUM *g = nullptr; |
89 |
q_DH_get0_pqg(dh, &p, &q, &g); |
90 |
|
91 |
if (q_BN_is_word(const_cast<BIGNUM *>(g), DH_GENERATOR_2)) { |
92 |
long residue = q_BN_mod_word(p, 24); |
93 |
if (residue == 11 || residue == 23) |
94 |
status &= ~DH_NOT_SUITABLE_GENERATOR; |
95 |
} |
96 |
|
97 |
#else |
98 |
// Mark p < 1024 bits as unsafe. |
99 |
if (q_BN_num_bits(dh->p) < 1024) |
100 |
return false; |
101 |
|
102 |
if (q_DH_check(dh, &status) != 1) |
103 |
return false; |
104 |
|
84 |
if (q_BN_is_word(dh->g, DH_GENERATOR_2)) { |
105 |
if (q_BN_is_word(dh->g, DH_GENERATOR_2)) { |
85 |
long residue = q_BN_mod_word(dh->p, 24); |
106 |
long residue = q_BN_mod_word(dh->p, 24); |
86 |
if (residue == 11 || residue == 23) |
107 |
if (residue == 11 || residue == 23) |
87 |
status &= ~DH_NOT_SUITABLE_GENERATOR; |
108 |
status &= ~DH_NOT_SUITABLE_GENERATOR; |
88 |
} |
109 |
} |
|
|
110 |
#endif |
89 |
|
111 |
|
90 |
bad |= DH_CHECK_P_NOT_PRIME; |
112 |
bad |= DH_CHECK_P_NOT_PRIME; |
91 |
bad |= DH_CHECK_P_NOT_SAFE_PRIME; |
113 |
bad |= DH_CHECK_P_NOT_SAFE_PRIME; |
92 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslellipticcurve.h |
114 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslellipticcurve.h |
Lines 80-85
private:
Link Here
|
80 |
friend Q_DECL_CONSTEXPR bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) Q_DECL_NOTHROW; |
80 |
friend Q_DECL_CONSTEXPR bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) Q_DECL_NOTHROW; |
81 |
friend Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed) Q_DECL_NOTHROW; |
81 |
friend Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed) Q_DECL_NOTHROW; |
82 |
|
82 |
|
|
|
83 |
friend class QSslContext; |
83 |
friend class QSslSocketPrivate; |
84 |
friend class QSslSocketPrivate; |
84 |
friend class QSslSocketBackendPrivate; |
85 |
friend class QSslSocketBackendPrivate; |
85 |
}; |
86 |
}; |
86 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslellipticcurve_openssl.cpp |
87 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslellipticcurve_openssl.cpp |
Lines 1-6
Link Here
|
1 |
/**************************************************************************** |
1 |
/**************************************************************************** |
2 |
** |
2 |
** |
3 |
** Copyright (C) 2014 Governikus GmbH & Co. KG. |
3 |
** Copyright (C) 2014 Governikus GmbH & Co. KG. |
|
|
4 |
** Copyright (C) 2016 Richard J. Moore <rich@kde.org> |
4 |
** Contact: https://www.qt.io/licensing/ |
5 |
** Contact: https://www.qt.io/licensing/ |
5 |
** |
6 |
** |
6 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
7 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
Lines 78-94
QSslEllipticCurve QSslEllipticCurve::fro
Link Here
|
78 |
QSslEllipticCurve result; |
79 |
QSslEllipticCurve result; |
79 |
|
80 |
|
80 |
#ifndef OPENSSL_NO_EC |
81 |
#ifndef OPENSSL_NO_EC |
81 |
const QByteArray curveNameLatin1 = name.toLatin1(); |
|
|
82 |
|
82 |
|
|
|
83 |
const QByteArray curveNameLatin1 = name.toLatin1(); |
83 |
int nid = q_OBJ_sn2nid(curveNameLatin1.data()); |
84 |
int nid = q_OBJ_sn2nid(curveNameLatin1.data()); |
84 |
|
85 |
|
85 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
86 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
86 |
if (nid == 0 && q_SSLeay() >= 0x10002000L) |
87 |
if (nid == 0 && QSslSocket::sslLibraryVersionNumber() >= 0x10002000L) |
87 |
nid = q_EC_curve_nist2nid(curveNameLatin1.data()); |
88 |
nid = q_EC_curve_nist2nid(curveNameLatin1.data()); |
88 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L |
89 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L |
89 |
|
90 |
|
90 |
result.id = nid; |
91 |
result.id = nid; |
91 |
#endif |
92 |
|
|
|
93 |
#endif // !OPENSSL_NO_EC |
92 |
|
94 |
|
93 |
return result; |
95 |
return result; |
94 |
} |
96 |
} |
95 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslkey_openssl.cpp |
97 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslkey_openssl.cpp |
Lines 1-6
Link Here
|
1 |
/**************************************************************************** |
1 |
/**************************************************************************** |
2 |
** |
2 |
** |
3 |
** Copyright (C) 2016 The Qt Company Ltd. |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
|
|
4 |
** Copyright (C) 2016 Richard J. Moore <rich@kde.org> |
4 |
** Contact: https://www.qt.io/licensing/ |
5 |
** Contact: https://www.qt.io/licensing/ |
5 |
** |
6 |
** |
6 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
7 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
Lines 87-119
bool QSslKeyPrivate::fromEVP_PKEY(EVP_PK
Link Here
|
87 |
if (pkey == nullptr) |
88 |
if (pkey == nullptr) |
88 |
return false; |
89 |
return false; |
89 |
|
90 |
|
90 |
if (pkey->type == EVP_PKEY_RSA) { |
91 |
#if QT_CONFIG(opensslv11) |
|
|
92 |
const int keyType = q_EVP_PKEY_type(q_EVP_PKEY_base_id(pkey)); |
93 |
#else |
94 |
const int keyType = pkey->type; |
95 |
#endif |
96 |
if (keyType == EVP_PKEY_RSA) { |
91 |
isNull = false; |
97 |
isNull = false; |
92 |
algorithm = QSsl::Rsa; |
98 |
algorithm = QSsl::Rsa; |
93 |
type = QSsl::PrivateKey; |
99 |
type = QSsl::PrivateKey; |
94 |
|
100 |
|
95 |
rsa = q_RSA_new(); |
101 |
rsa = q_EVP_PKEY_get1_RSA(pkey); |
96 |
memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA)); |
|
|
97 |
|
98 |
return true; |
102 |
return true; |
99 |
} |
103 |
} else if (keyType == EVP_PKEY_DSA) { |
100 |
else if (pkey->type == EVP_PKEY_DSA) { |
|
|
101 |
isNull = false; |
104 |
isNull = false; |
102 |
algorithm = QSsl::Dsa; |
105 |
algorithm = QSsl::Dsa; |
103 |
type = QSsl::PrivateKey; |
106 |
type = QSsl::PrivateKey; |
104 |
|
107 |
|
105 |
dsa = q_DSA_new(); |
108 |
dsa = q_EVP_PKEY_get1_DSA(pkey); |
106 |
memcpy(dsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA)); |
|
|
107 |
|
108 |
return true; |
109 |
return true; |
109 |
} |
110 |
} |
110 |
#ifndef OPENSSL_NO_EC |
111 |
#ifndef OPENSSL_NO_EC |
111 |
else if (pkey->type == EVP_PKEY_EC) { |
112 |
else if (keyType == EVP_PKEY_EC) { |
112 |
isNull = false; |
113 |
isNull = false; |
113 |
algorithm = QSsl::Ec; |
114 |
algorithm = QSsl::Ec; |
114 |
type = QSsl::PrivateKey; |
115 |
type = QSsl::PrivateKey; |
115 |
ec = q_EC_KEY_dup(q_EVP_PKEY_get1_EC_KEY(pkey)); |
116 |
ec = q_EVP_PKEY_get1_EC_KEY(pkey); |
116 |
|
|
|
117 |
return true; |
117 |
return true; |
118 |
} |
118 |
} |
119 |
#endif |
119 |
#endif |
Lines 181-188
int QSslKeyPrivate::length() const
Link Here
|
181 |
return -1; |
181 |
return -1; |
182 |
|
182 |
|
183 |
switch (algorithm) { |
183 |
switch (algorithm) { |
184 |
case QSsl::Rsa: return q_BN_num_bits(rsa->n); |
184 |
case QSsl::Rsa: return q_RSA_bits(rsa); |
185 |
case QSsl::Dsa: return q_BN_num_bits(dsa->p); |
185 |
case QSsl::Dsa: return q_DSA_bits(dsa); |
186 |
#ifndef OPENSSL_NO_EC |
186 |
#ifndef OPENSSL_NO_EC |
187 |
case QSsl::Ec: return q_EC_GROUP_get_degree(q_EC_KEY_get0_group(ec)); |
187 |
case QSsl::Ec: return q_EC_GROUP_get_degree(q_EC_KEY_get0_group(ec)); |
188 |
#endif |
188 |
#endif |
Lines 276-282
Qt::HANDLE QSslKeyPrivate::handle() cons
Link Here
|
276 |
|
276 |
|
277 |
static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, int enc) |
277 |
static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, int enc) |
278 |
{ |
278 |
{ |
279 |
EVP_CIPHER_CTX ctx; |
279 |
#if QT_CONFIG(opensslv11) |
|
|
280 |
EVP_CIPHER_CTX *ctx = q_EVP_CIPHER_CTX_new(); |
281 |
#else |
282 |
EVP_CIPHER_CTX evpCipherContext; |
283 |
EVP_CIPHER_CTX *ctx = &evpCipherContext; |
284 |
#endif |
285 |
|
280 |
const EVP_CIPHER* type = 0; |
286 |
const EVP_CIPHER* type = 0; |
281 |
int i = 0, len = 0; |
287 |
int i = 0, len = 0; |
282 |
|
288 |
|
Lines 294-314
static QByteArray doCrypt(QSslKeyPrivate
Link Here
|
294 |
|
300 |
|
295 |
QByteArray output; |
301 |
QByteArray output; |
296 |
output.resize(data.size() + EVP_MAX_BLOCK_LENGTH); |
302 |
output.resize(data.size() + EVP_MAX_BLOCK_LENGTH); |
297 |
q_EVP_CIPHER_CTX_init(&ctx); |
303 |
|
298 |
q_EVP_CipherInit(&ctx, type, NULL, NULL, enc); |
304 |
#if QT_CONFIG(opensslv11) |
299 |
q_EVP_CIPHER_CTX_set_key_length(&ctx, key.size()); |
305 |
q_EVP_CIPHER_CTX_reset(ctx); |
|
|
306 |
#else |
307 |
q_EVP_CIPHER_CTX_init(ctx); |
308 |
#endif |
309 |
|
310 |
q_EVP_CipherInit(ctx, type, NULL, NULL, enc); |
311 |
q_EVP_CIPHER_CTX_set_key_length(ctx, key.size()); |
300 |
if (cipher == QSslKeyPrivate::Rc2Cbc) |
312 |
if (cipher == QSslKeyPrivate::Rc2Cbc) |
301 |
q_EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); |
313 |
q_EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); |
302 |
q_EVP_CipherInit(&ctx, NULL, |
314 |
|
|
|
315 |
#if QT_CONFIG(opensslv11) |
316 |
// EVP_CipherInit in 1.1 resets the context thus making the calls above useless. |
317 |
// We call EVP_CipherInit_ex instead. |
318 |
q_EVP_CipherInit_ex(ctx, nullptr, nullptr, |
319 |
reinterpret_cast<const unsigned char *>(key.constData()), |
320 |
reinterpret_cast<const unsigned char *>(iv.constData()), |
321 |
enc); |
322 |
#else |
323 |
q_EVP_CipherInit(ctx, NULL, |
303 |
reinterpret_cast<const unsigned char *>(key.constData()), |
324 |
reinterpret_cast<const unsigned char *>(key.constData()), |
304 |
reinterpret_cast<const unsigned char *>(iv.constData()), enc); |
325 |
reinterpret_cast<const unsigned char *>(iv.constData()), enc); |
305 |
q_EVP_CipherUpdate(&ctx, |
326 |
#endif // opensslv11 |
|
|
327 |
|
328 |
q_EVP_CipherUpdate(ctx, |
306 |
reinterpret_cast<unsigned char *>(output.data()), &len, |
329 |
reinterpret_cast<unsigned char *>(output.data()), &len, |
307 |
reinterpret_cast<const unsigned char *>(data.constData()), data.size()); |
330 |
reinterpret_cast<const unsigned char *>(data.constData()), data.size()); |
308 |
q_EVP_CipherFinal(&ctx, |
331 |
q_EVP_CipherFinal(ctx, |
309 |
reinterpret_cast<unsigned char *>(output.data()) + len, &i); |
332 |
reinterpret_cast<unsigned char *>(output.data()) + len, &i); |
310 |
len += i; |
333 |
len += i; |
311 |
q_EVP_CIPHER_CTX_cleanup(&ctx); |
334 |
|
|
|
335 |
#if QT_CONFIG(opensslv11) |
336 |
q_EVP_CIPHER_CTX_reset(ctx); |
337 |
q_EVP_CIPHER_CTX_free(ctx); |
338 |
#else |
339 |
q_EVP_CIPHER_CTX_cleanup(ctx); |
340 |
#endif |
312 |
|
341 |
|
313 |
return output.left(len); |
342 |
return output.left(len); |
314 |
} |
343 |
} |
315 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl11.cpp |
344 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl11.cpp |
Line 0
Link Here
|
0 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl11_symbols_p.h |
1 |
/**************************************************************************** |
|
|
2 |
** |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 Governikus GmbH & Co. KG |
5 |
** Copyright (C) 2016 Richard J. Moore <rich@kde.org> |
6 |
** Contact: https://www.qt.io/licensing/ |
7 |
** |
8 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
9 |
** |
10 |
** $QT_BEGIN_LICENSE:LGPL$ |
11 |
** Commercial License Usage |
12 |
** Licensees holding valid commercial Qt licenses may use this file in |
13 |
** accordance with the commercial license agreement provided with the |
14 |
** Software or, alternatively, in accordance with the terms contained in |
15 |
** a written agreement between you and The Qt Company. For licensing terms |
16 |
** and conditions see https://www.qt.io/terms-conditions. For further |
17 |
** information use the contact form at https://www.qt.io/contact-us. |
18 |
** |
19 |
** GNU Lesser General Public License Usage |
20 |
** Alternatively, this file may be used under the terms of the GNU Lesser |
21 |
** General Public License version 3 as published by the Free Software |
22 |
** Foundation and appearing in the file LICENSE.LGPL3 included in the |
23 |
** packaging of this file. Please review the following information to |
24 |
** ensure the GNU Lesser General Public License version 3 requirements |
25 |
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
26 |
** |
27 |
** GNU General Public License Usage |
28 |
** Alternatively, this file may be used under the terms of the GNU |
29 |
** General Public License version 2.0 or (at your option) the GNU General |
30 |
** Public license version 3 or any later version approved by the KDE Free |
31 |
** Qt Foundation. The licenses are as published by the Free Software |
32 |
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
33 |
** included in the packaging of this file. Please review the following |
34 |
** information to ensure the GNU General Public License requirements will |
35 |
** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
36 |
** https://www.gnu.org/licenses/gpl-3.0.html. |
37 |
** |
38 |
** $QT_END_LICENSE$ |
39 |
** |
40 |
****************************************************************************/ |
41 |
|
42 |
/**************************************************************************** |
43 |
** |
44 |
** In addition, as a special exception, the copyright holders listed above give |
45 |
** permission to link the code of its release of Qt with the OpenSSL project's |
46 |
** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the |
47 |
** same license as the original version), and distribute the linked executables. |
48 |
** |
49 |
** You must comply with the GNU General Public License version 2 in all |
50 |
** respects for all of the code used other than the "OpenSSL" code. If you |
51 |
** modify this file, you may extend this exception to your version of the file, |
52 |
** but you are not obligated to do so. If you do not wish to do so, delete |
53 |
** this exception statement from your version of this file. |
54 |
** |
55 |
****************************************************************************/ |
56 |
|
57 |
//#define QT_DECRYPT_SSL_TRAFFIC |
58 |
|
59 |
#include "qssl_p.h" |
60 |
#include "qsslsocket_openssl_p.h" |
61 |
#include "qsslsocket_openssl_symbols_p.h" |
62 |
#include "qsslsocket.h" |
63 |
#include "qsslkey.h" |
64 |
|
65 |
#include <QtCore/qdebug.h> |
66 |
#include <QtCore/qdir.h> |
67 |
#include <QtCore/qdiriterator.h> |
68 |
#include <QtCore/qfile.h> |
69 |
#include <QtCore/qmutex.h> |
70 |
#include <QtCore/qlibrary.h> |
71 |
|
72 |
QT_BEGIN_NAMESPACE |
73 |
|
74 |
Q_GLOBAL_STATIC_WITH_ARGS(QMutex, qt_opensslInitMutex, (QMutex::Recursive)) |
75 |
|
76 |
/*! |
77 |
\internal |
78 |
*/ |
79 |
void QSslSocketPrivate::deinitialize() |
80 |
{ |
81 |
// This function exists only for compatibility with the pre-11 code, |
82 |
// where deinitialize() actually does some cleanup. To be discarded |
83 |
// once we retire < 1.1. |
84 |
} |
85 |
|
86 |
bool QSslSocketPrivate::ensureLibraryLoaded() |
87 |
{ |
88 |
if (!q_resolveOpenSslSymbols()) |
89 |
return false; |
90 |
|
91 |
const QMutexLocker locker(qt_opensslInitMutex); |
92 |
|
93 |
if (!s_libraryLoaded) { |
94 |
s_libraryLoaded = true; |
95 |
|
96 |
// Initialize OpenSSL. |
97 |
if (q_OPENSSL_init_ssl(0, nullptr) != 1) |
98 |
return false; |
99 |
q_SSL_load_error_strings(); |
100 |
q_OpenSSL_add_all_algorithms(); |
101 |
|
102 |
QSslSocketBackendPrivate::s_indexForSSLExtraData |
103 |
= q_CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, 0L, nullptr, nullptr, |
104 |
nullptr, nullptr); |
105 |
|
106 |
// Initialize OpenSSL's random seed. |
107 |
if (!q_RAND_status()) { |
108 |
qWarning("Random number generator not seeded, disabling SSL support"); |
109 |
return false; |
110 |
} |
111 |
} |
112 |
return true; |
113 |
} |
114 |
|
115 |
void QSslSocketPrivate::ensureCiphersAndCertsLoaded() |
116 |
{ |
117 |
const QMutexLocker locker(qt_opensslInitMutex); |
118 |
|
119 |
if (s_loadedCiphersAndCerts) |
120 |
return; |
121 |
s_loadedCiphersAndCerts = true; |
122 |
|
123 |
resetDefaultCiphers(); |
124 |
resetDefaultEllipticCurves(); |
125 |
|
126 |
#if QT_CONFIG(library) |
127 |
//load symbols needed to receive certificates from system store |
128 |
#if defined(Q_OS_WIN) |
129 |
HINSTANCE hLib = LoadLibraryW(L"Crypt32"); |
130 |
if (hLib) { |
131 |
ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); |
132 |
ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); |
133 |
ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); |
134 |
if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) |
135 |
qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen |
136 |
} else { |
137 |
qCWarning(lcSsl, "could not load crypt32 library"); // should never happen |
138 |
} |
139 |
#elif defined(Q_OS_QNX) |
140 |
s_loadRootCertsOnDemand = true; |
141 |
#elif defined(Q_OS_UNIX) && !defined(Q_OS_DARWIN) |
142 |
// check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) |
143 |
QList<QByteArray> dirs = unixRootCertDirectories(); |
144 |
QStringList symLinkFilter; |
145 |
symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); |
146 |
for (int a = 0; a < dirs.count(); ++a) { |
147 |
QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); |
148 |
if (iterator.hasNext()) { |
149 |
s_loadRootCertsOnDemand = true; |
150 |
break; |
151 |
} |
152 |
} |
153 |
#endif |
154 |
#endif // QT_CONFIG(library) |
155 |
// if on-demand loading was not enabled, load the certs now |
156 |
if (!s_loadRootCertsOnDemand) |
157 |
setDefaultCaCertificates(systemCaCertificates()); |
158 |
#ifdef Q_OS_WIN |
159 |
//Enabled for fetching additional root certs from windows update on windows 6+ |
160 |
//This flag is set false by setDefaultCaCertificates() indicating the app uses |
161 |
//its own cert bundle rather than the system one. |
162 |
//Same logic that disables the unix on demand cert loading. |
163 |
//Unlike unix, we do preload the certificates from the cert store. |
164 |
if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) |
165 |
s_loadRootCertsOnDemand = true; |
166 |
#endif |
167 |
} |
168 |
|
169 |
long QSslSocketPrivate::sslLibraryVersionNumber() |
170 |
{ |
171 |
if (!supportsSsl()) |
172 |
return 0; |
173 |
|
174 |
return q_OpenSSL_version_num(); |
175 |
} |
176 |
|
177 |
QString QSslSocketPrivate::sslLibraryVersionString() |
178 |
{ |
179 |
if (!supportsSsl()) |
180 |
return QString(); |
181 |
|
182 |
const char *versionString = q_OpenSSL_version(OPENSSL_VERSION); |
183 |
if (!versionString) |
184 |
return QString(); |
185 |
|
186 |
return QString::fromLatin1(versionString); |
187 |
} |
188 |
|
189 |
void QSslSocketBackendPrivate::continueHandshake() |
190 |
{ |
191 |
Q_Q(QSslSocket); |
192 |
// if we have a max read buffer size, reset the plain socket's to match |
193 |
if (readBufferMaxSize) |
194 |
plainSocket->setReadBufferSize(readBufferMaxSize); |
195 |
|
196 |
if (q_SSL_session_reused(ssl)) |
197 |
configuration.peerSessionShared = true; |
198 |
|
199 |
#ifdef QT_DECRYPT_SSL_TRAFFIC |
200 |
if (q_SSL_get_session(ssl)) { |
201 |
size_t master_key_len = q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), 0, 0); |
202 |
size_t client_random_len = q_SSL_get_client_random(ssl, 0, 0); |
203 |
QByteArray masterKey(int(master_key_len), 0); // Will not overflow |
204 |
QByteArray clientRandom(int(client_random_len), 0); // Will not overflow |
205 |
|
206 |
q_SSL_SESSION_get_master_key(q_SSL_get_session(ssl), |
207 |
reinterpret_cast<unsigned char*>(masterKey.data()), |
208 |
masterKey.size()); |
209 |
q_SSL_get_client_random(ssl, reinterpret_cast<unsigned char *>(clientRandom.data()), |
210 |
clientRandom.size()); |
211 |
|
212 |
QByteArray debugLineClientRandom("CLIENT_RANDOM "); |
213 |
debugLineClientRandom.append(clientRandom.toHex().toUpper()); |
214 |
debugLineClientRandom.append(" "); |
215 |
debugLineClientRandom.append(masterKey.toHex().toUpper()); |
216 |
debugLineClientRandom.append("\n"); |
217 |
|
218 |
QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); |
219 |
QFile file(sslKeyFile); |
220 |
if (!file.open(QIODevice::Append)) |
221 |
qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; |
222 |
if (!file.write(debugLineClientRandom)) |
223 |
qCWarning(lcSsl) << "could not write to file" << sslKeyFile; |
224 |
file.close(); |
225 |
} else { |
226 |
qCWarning(lcSsl, "could not decrypt SSL traffic"); |
227 |
} |
228 |
#endif |
229 |
|
230 |
// Cache this SSL session inside the QSslContext |
231 |
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { |
232 |
if (!sslContextPointer->cacheSession(ssl)) { |
233 |
sslContextPointer.clear(); // we could not cache the session |
234 |
} else { |
235 |
// Cache the session for permanent usage as well |
236 |
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { |
237 |
if (!sslContextPointer->sessionASN1().isEmpty()) |
238 |
configuration.sslSession = sslContextPointer->sessionASN1(); |
239 |
configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); |
240 |
} |
241 |
} |
242 |
} |
243 |
|
244 |
#if !defined(OPENSSL_NO_NEXTPROTONEG) |
245 |
|
246 |
configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; |
247 |
if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { |
248 |
// we could not agree -> be conservative and use HTTP/1.1 |
249 |
configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); |
250 |
} else { |
251 |
const unsigned char *proto = 0; |
252 |
unsigned int proto_len = 0; |
253 |
|
254 |
q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); |
255 |
if (proto_len && mode == QSslSocket::SslClientMode) { |
256 |
// Client does not have a callback that sets it ... |
257 |
configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; |
258 |
} |
259 |
|
260 |
if (!proto_len) { // Test if NPN was more lucky ... |
261 |
q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); |
262 |
} |
263 |
|
264 |
if (proto_len) |
265 |
configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); |
266 |
else |
267 |
configuration.nextNegotiatedProtocol.clear(); |
268 |
} |
269 |
#endif // !defined(OPENSSL_NO_NEXTPROTONEG) |
270 |
|
271 |
if (mode == QSslSocket::SslClientMode) { |
272 |
EVP_PKEY *key; |
273 |
if (q_SSL_get_server_tmp_key(ssl, &key)) |
274 |
configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); |
275 |
} |
276 |
|
277 |
connectionEncrypted = true; |
278 |
emit q->encrypted(); |
279 |
if (autoStartHandshake && pendingClose) { |
280 |
pendingClose = false; |
281 |
q->disconnectFromHost(); |
282 |
} |
283 |
} |
284 |
|
285 |
QT_END_NAMESPACE |
|
|
286 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl11_symbols_p.h |
Line 0
Link Here
|
0 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl.cpp |
1 |
/**************************************************************************** |
|
|
2 |
** |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
5 |
** Copyright (C) 2016 Richard J. Moore <rich@kde.org> |
6 |
** Contact: https://www.qt.io/licensing/ |
7 |
** |
8 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
9 |
** |
10 |
** $QT_BEGIN_LICENSE:LGPL$ |
11 |
** Commercial License Usage |
12 |
** Licensees holding valid commercial Qt licenses may use this file in |
13 |
** accordance with the commercial license agreement provided with the |
14 |
** Software or, alternatively, in accordance with the terms contained in |
15 |
** a written agreement between you and The Qt Company. For licensing terms |
16 |
** and conditions see https://www.qt.io/terms-conditions. For further |
17 |
** information use the contact form at https://www.qt.io/contact-us. |
18 |
** |
19 |
** GNU Lesser General Public License Usage |
20 |
** Alternatively, this file may be used under the terms of the GNU Lesser |
21 |
** General Public License version 3 as published by the Free Software |
22 |
** Foundation and appearing in the file LICENSE.LGPL3 included in the |
23 |
** packaging of this file. Please review the following information to |
24 |
** ensure the GNU Lesser General Public License version 3 requirements |
25 |
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
26 |
** |
27 |
** GNU General Public License Usage |
28 |
** Alternatively, this file may be used under the terms of the GNU |
29 |
** General Public License version 2.0 or (at your option) the GNU General |
30 |
** Public license version 3 or any later version approved by the KDE Free |
31 |
** Qt Foundation. The licenses are as published by the Free Software |
32 |
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
33 |
** included in the packaging of this file. Please review the following |
34 |
** information to ensure the GNU General Public License requirements will |
35 |
** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
36 |
** https://www.gnu.org/licenses/gpl-3.0.html. |
37 |
** |
38 |
** $QT_END_LICENSE$ |
39 |
** |
40 |
****************************************************************************/ |
41 |
|
42 |
/**************************************************************************** |
43 |
** |
44 |
** In addition, as a special exception, the copyright holders listed above give |
45 |
** permission to link the code of its release of Qt with the OpenSSL project's |
46 |
** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the |
47 |
** same license as the original version), and distribute the linked executables. |
48 |
** |
49 |
** You must comply with the GNU General Public License version 2 in all |
50 |
** respects for all of the code used other than the "OpenSSL" code. If you |
51 |
** modify this file, you may extend this exception to your version of the file, |
52 |
** but you are not obligated to do so. If you do not wish to do so, delete |
53 |
** this exception statement from your version of this file. |
54 |
** |
55 |
****************************************************************************/ |
56 |
|
57 |
#ifndef QSSLSOCKET_OPENSSL11_SYMBOLS_P_H |
58 |
#define QSSLSOCKET_OPENSSL11_SYMBOLS_P_H |
59 |
|
60 |
// |
61 |
// W A R N I N G |
62 |
// ------------- |
63 |
// |
64 |
// This file is not part of the Qt API. It exists purely as an |
65 |
// implementation detail. This header file may change from version to |
66 |
// version without notice, or even be removed. |
67 |
// |
68 |
// We mean it. |
69 |
// |
70 |
|
71 |
// Note: this file does not have QT_BEGIN_NAMESPACE/QT_END_NAMESPACE, it's done |
72 |
// in qsslsocket_openssl_symbols_p.h. |
73 |
|
74 |
#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H |
75 |
#error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" |
76 |
#endif |
77 |
|
78 |
const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x); |
79 |
|
80 |
Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a); |
81 |
Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); |
82 |
|
83 |
int q_DSA_bits(DSA *a); |
84 |
int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); |
85 |
int q_EVP_PKEY_base_id(EVP_PKEY *a); |
86 |
int q_RSA_bits(RSA *a); |
87 |
int q_OPENSSL_sk_num(OPENSSL_STACK *a); |
88 |
void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); |
89 |
OPENSSL_STACK *q_OPENSSL_sk_new_null(); |
90 |
void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); |
91 |
void q_OPENSSL_sk_free(OPENSSL_STACK *a); |
92 |
void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); |
93 |
int q_SSL_session_reused(SSL *a); |
94 |
unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); |
95 |
int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); |
96 |
size_t q_SSL_get_client_random(SSL *a, unsigned char *out, size_t outlen); |
97 |
size_t q_SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); |
98 |
int q_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
99 |
const SSL_METHOD *q_TLS_method(); |
100 |
const SSL_METHOD *q_TLS_client_method(); |
101 |
const SSL_METHOD *q_TLS_server_method(); |
102 |
ASN1_TIME *q_X509_getm_notBefore(X509 *a); |
103 |
ASN1_TIME *q_X509_getm_notAfter(X509 *a); |
104 |
|
105 |
long q_X509_get_version(X509 *a); |
106 |
EVP_PKEY *q_X509_get_pubkey(X509 *a); |
107 |
void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); |
108 |
STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); |
109 |
void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); |
110 |
int q_DH_bits(DH *dh); |
111 |
|
112 |
# define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ |
113 |
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) |
114 |
|
115 |
#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st) |
116 |
#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i) |
117 |
|
118 |
#define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ |
119 |
| OPENSSL_INIT_ADD_ALL_DIGESTS \ |
120 |
| OPENSSL_INIT_LOAD_CONFIG, NULL) |
121 |
#define q_OPENSSL_add_all_algorithms_noconf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ |
122 |
| OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) |
123 |
|
124 |
int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); |
125 |
void q_CRYPTO_free(void *str, const char *file, int line); |
126 |
|
127 |
long q_OpenSSL_version_num(); |
128 |
const char *q_OpenSSL_version(int type); |
129 |
|
130 |
unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); |
131 |
|
132 |
#endif |
|
|
133 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl.cpp |
Lines 1-6
Link Here
|
1 |
/**************************************************************************** |
1 |
/**************************************************************************** |
2 |
** |
2 |
** |
3 |
** Copyright (C) 2016 The Qt Company Ltd. |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 Governikus GmbH & Co. KG |
4 |
** Copyright (C) 2014 Governikus GmbH & Co. KG |
5 |
** Contact: https://www.qt.io/licensing/ |
5 |
** Contact: https://www.qt.io/licensing/ |
6 |
** |
6 |
** |
Lines 97-166
bool QSslSocketPrivate::s_loadRootCertsO
Link Here
|
97 |
int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1; |
97 |
int QSslSocketBackendPrivate::s_indexForSSLExtraData = -1; |
98 |
#endif |
98 |
#endif |
99 |
|
99 |
|
100 |
/* \internal |
|
|
101 |
|
102 |
From OpenSSL's thread(3) manual page: |
103 |
|
104 |
OpenSSL can safely be used in multi-threaded applications provided that at |
105 |
least two callback functions are set. |
106 |
|
107 |
locking_function(int mode, int n, const char *file, int line) is needed to |
108 |
perform locking on shared data structures. (Note that OpenSSL uses a |
109 |
number of global data structures that will be implicitly shared |
110 |
whenever multiple threads use OpenSSL.) Multi-threaded |
111 |
applications will crash at random if it is not set. ... |
112 |
... |
113 |
id_function(void) is a function that returns a thread ID. It is not |
114 |
needed on Windows nor on platforms where getpid() returns a different |
115 |
ID for each thread (most notably Linux) |
116 |
*/ |
117 |
class QOpenSslLocks |
118 |
{ |
119 |
public: |
120 |
inline QOpenSslLocks() |
121 |
: initLocker(QMutex::Recursive), |
122 |
locksLocker(QMutex::Recursive) |
123 |
{ |
124 |
QMutexLocker locker(&locksLocker); |
125 |
int numLocks = q_CRYPTO_num_locks(); |
126 |
locks = new QMutex *[numLocks]; |
127 |
memset(locks, 0, numLocks * sizeof(QMutex *)); |
128 |
} |
129 |
inline ~QOpenSslLocks() |
130 |
{ |
131 |
QMutexLocker locker(&locksLocker); |
132 |
for (int i = 0; i < q_CRYPTO_num_locks(); ++i) |
133 |
delete locks[i]; |
134 |
delete [] locks; |
135 |
|
136 |
QSslSocketPrivate::deinitialize(); |
137 |
} |
138 |
inline QMutex *lock(int num) |
139 |
{ |
140 |
QMutexLocker locker(&locksLocker); |
141 |
QMutex *tmp = locks[num]; |
142 |
if (!tmp) |
143 |
tmp = locks[num] = new QMutex(QMutex::Recursive); |
144 |
return tmp; |
145 |
} |
146 |
|
147 |
QMutex *globalLock() |
148 |
{ |
149 |
return &locksLocker; |
150 |
} |
151 |
|
152 |
QMutex *initLock() |
153 |
{ |
154 |
return &initLocker; |
155 |
} |
156 |
|
157 |
private: |
158 |
QMutex initLocker; |
159 |
QMutex locksLocker; |
160 |
QMutex **locks; |
161 |
}; |
162 |
Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) |
163 |
|
164 |
QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() |
100 |
QString QSslSocketBackendPrivate::getErrorsFromOpenSsl() |
165 |
{ |
101 |
{ |
166 |
QString errorString; |
102 |
QString errorString; |
Lines 175-194
QString QSslSocketBackendPrivate::getErr
Link Here
|
175 |
} |
111 |
} |
176 |
|
112 |
|
177 |
extern "C" { |
113 |
extern "C" { |
178 |
static void locking_function(int mode, int lockNumber, const char *, int) |
|
|
179 |
{ |
180 |
QMutex *mutex = openssl_locks()->lock(lockNumber); |
181 |
|
182 |
// Lock or unlock it |
183 |
if (mode & CRYPTO_LOCK) |
184 |
mutex->lock(); |
185 |
else |
186 |
mutex->unlock(); |
187 |
} |
188 |
static unsigned long id_function() |
189 |
{ |
190 |
return (quintptr)QThread::currentThreadId(); |
191 |
} |
192 |
|
114 |
|
193 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
115 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
194 |
static unsigned int q_ssl_psk_client_callback(SSL *ssl, |
116 |
static unsigned int q_ssl_psk_client_callback(SSL *ssl, |
Lines 227-233
QSslSocketBackendPrivate::~QSslSocketBac
Link Here
|
227 |
destroySslContext(); |
149 |
destroySslContext(); |
228 |
} |
150 |
} |
229 |
|
151 |
|
230 |
QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher) |
152 |
QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher) |
231 |
{ |
153 |
{ |
232 |
QSslCipher ciph; |
154 |
QSslCipher ciph; |
233 |
|
155 |
|
Lines 283-288
struct QSslErrorList
Link Here
|
283 |
QMutex mutex; |
205 |
QMutex mutex; |
284 |
QVector<QSslErrorEntry> errors; |
206 |
QVector<QSslErrorEntry> errors; |
285 |
}; |
207 |
}; |
|
|
208 |
|
286 |
Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList) |
209 |
Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList) |
287 |
|
210 |
|
288 |
int q_X509Callback(int ok, X509_STORE_CTX *ctx) |
211 |
int q_X509Callback(int ok, X509_STORE_CTX *ctx) |
Lines 312-318
int q_X509Callback(int ok, X509_STORE_CT
Link Here
|
312 |
} |
235 |
} |
313 |
#endif |
236 |
#endif |
314 |
} |
237 |
} |
315 |
// Always return OK to allow verification to continue. We're handle the |
238 |
// Always return OK to allow verification to continue. We handle the |
316 |
// errors gracefully after collecting all errors, after verification has |
239 |
// errors gracefully after collecting all errors, after verification has |
317 |
// completed. |
240 |
// completed. |
318 |
return 1; |
241 |
return 1; |
Lines 397-403
bool QSslSocketBackendPrivate::initSslCo
Link Here
|
397 |
if (configuration.protocol != QSsl::SslV2 && |
320 |
if (configuration.protocol != QSsl::SslV2 && |
398 |
configuration.protocol != QSsl::SslV3 && |
321 |
configuration.protocol != QSsl::SslV3 && |
399 |
configuration.protocol != QSsl::UnknownProtocol && |
322 |
configuration.protocol != QSsl::UnknownProtocol && |
400 |
mode == QSslSocket::SslClientMode && q_SSLeay() >= 0x00090806fL) { |
323 |
mode == QSslSocket::SslClientMode && QSslSocket::sslLibraryVersionNumber() >= 0x00090806fL) { |
401 |
// Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. |
324 |
// Set server hostname on TLS extension. RFC4366 section 3.1 requires it in ACE format. |
402 |
QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; |
325 |
QString tlsHostName = verificationPeerName.isEmpty() ? q->peerName() : verificationPeerName; |
403 |
if (tlsHostName.isEmpty()) |
326 |
if (tlsHostName.isEmpty()) |
Lines 438-450
bool QSslSocketBackendPrivate::initSslCo
Link Here
|
438 |
|
361 |
|
439 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
362 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
440 |
// Save a pointer to this object into the SSL structure. |
363 |
// Save a pointer to this object into the SSL structure. |
441 |
if (q_SSLeay() >= 0x10001000L) |
364 |
if (QSslSocket::sslLibraryVersionNumber() >= 0x10001000L) |
442 |
q_SSL_set_ex_data(ssl, s_indexForSSLExtraData, this); |
365 |
q_SSL_set_ex_data(ssl, s_indexForSSLExtraData, this); |
443 |
#endif |
366 |
#endif |
444 |
|
367 |
|
445 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
368 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
446 |
// Set the client callback for PSK |
369 |
// Set the client callback for PSK |
447 |
if (q_SSLeay() >= 0x10001000L) { |
370 |
if (QSslSocket::sslLibraryVersionNumber() >= 0x10001000L) { |
448 |
if (mode == QSslSocket::SslClientMode) |
371 |
if (mode == QSslSocket::SslClientMode) |
449 |
q_SSL_set_psk_client_callback(ssl, &q_ssl_psk_client_callback); |
372 |
q_SSL_set_psk_client_callback(ssl, &q_ssl_psk_client_callback); |
450 |
else if (mode == QSslSocket::SslServerMode) |
373 |
else if (mode == QSslSocket::SslServerMode) |
Lines 466-481
void QSslSocketBackendPrivate::destroySs
Link Here
|
466 |
|
389 |
|
467 |
/*! |
390 |
/*! |
468 |
\internal |
391 |
\internal |
469 |
*/ |
|
|
470 |
void QSslSocketPrivate::deinitialize() |
471 |
{ |
472 |
q_CRYPTO_set_id_callback(0); |
473 |
q_CRYPTO_set_locking_callback(0); |
474 |
q_ERR_free_strings(); |
475 |
} |
476 |
|
477 |
/*! |
478 |
\internal |
479 |
|
392 |
|
480 |
Does the minimum amount of initialization to determine whether SSL |
393 |
Does the minimum amount of initialization to determine whether SSL |
481 |
is supported or not. |
394 |
is supported or not. |
Lines 486-577
bool QSslSocketPrivate::supportsSsl()
Link Here
|
486 |
return ensureLibraryLoaded(); |
399 |
return ensureLibraryLoaded(); |
487 |
} |
400 |
} |
488 |
|
401 |
|
489 |
bool QSslSocketPrivate::ensureLibraryLoaded() |
|
|
490 |
{ |
491 |
if (!q_resolveOpenSslSymbols()) |
492 |
return false; |
493 |
|
494 |
// Check if the library itself needs to be initialized. |
495 |
QMutexLocker locker(openssl_locks()->initLock()); |
496 |
|
497 |
if (!s_libraryLoaded) { |
498 |
s_libraryLoaded = true; |
499 |
|
500 |
// Initialize OpenSSL. |
501 |
q_CRYPTO_set_id_callback(id_function); |
502 |
q_CRYPTO_set_locking_callback(locking_function); |
503 |
if (q_SSL_library_init() != 1) |
504 |
return false; |
505 |
q_SSL_load_error_strings(); |
506 |
q_OpenSSL_add_all_algorithms(); |
507 |
|
508 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
509 |
if (q_SSLeay() >= 0x10001000L) |
510 |
QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); |
511 |
#endif |
512 |
|
513 |
// Initialize OpenSSL's random seed. |
514 |
if (!q_RAND_status()) { |
515 |
qWarning("Random number generator not seeded, disabling SSL support"); |
516 |
return false; |
517 |
} |
518 |
} |
519 |
return true; |
520 |
} |
521 |
|
522 |
void QSslSocketPrivate::ensureCiphersAndCertsLoaded() |
523 |
{ |
524 |
QMutexLocker locker(openssl_locks()->initLock()); |
525 |
if (s_loadedCiphersAndCerts) |
526 |
return; |
527 |
s_loadedCiphersAndCerts = true; |
528 |
|
529 |
resetDefaultCiphers(); |
530 |
resetDefaultEllipticCurves(); |
531 |
|
532 |
#if QT_CONFIG(library) |
533 |
//load symbols needed to receive certificates from system store |
534 |
#if defined(Q_OS_WIN) |
535 |
HINSTANCE hLib = LoadLibraryW(L"Crypt32"); |
536 |
if (hLib) { |
537 |
ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); |
538 |
ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); |
539 |
ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); |
540 |
if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) |
541 |
qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen |
542 |
} else { |
543 |
qCWarning(lcSsl, "could not load crypt32 library"); // should never happen |
544 |
} |
545 |
#elif defined(Q_OS_QNX) |
546 |
s_loadRootCertsOnDemand = true; |
547 |
#elif defined(Q_OS_UNIX) && !defined(Q_OS_MAC) |
548 |
// check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) |
549 |
QList<QByteArray> dirs = unixRootCertDirectories(); |
550 |
QStringList symLinkFilter; |
551 |
symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); |
552 |
for (int a = 0; a < dirs.count(); ++a) { |
553 |
QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); |
554 |
if (iterator.hasNext()) { |
555 |
s_loadRootCertsOnDemand = true; |
556 |
break; |
557 |
} |
558 |
} |
559 |
#endif |
560 |
#endif // QT_CONFIG(library) |
561 |
// if on-demand loading was not enabled, load the certs now |
562 |
if (!s_loadRootCertsOnDemand) |
563 |
setDefaultCaCertificates(systemCaCertificates()); |
564 |
#ifdef Q_OS_WIN |
565 |
//Enabled for fetching additional root certs from windows update on windows 6+ |
566 |
//This flag is set false by setDefaultCaCertificates() indicating the app uses |
567 |
//its own cert bundle rather than the system one. |
568 |
//Same logic that disables the unix on demand cert loading. |
569 |
//Unlike unix, we do preload the certificates from the cert store. |
570 |
if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) |
571 |
s_loadRootCertsOnDemand = true; |
572 |
#endif |
573 |
} |
574 |
|
575 |
/*! |
402 |
/*! |
576 |
\internal |
403 |
\internal |
577 |
|
404 |
|
Lines 587-612
void QSslSocketPrivate::ensureInitialize
Link Here
|
587 |
ensureCiphersAndCertsLoaded(); |
414 |
ensureCiphersAndCertsLoaded(); |
588 |
} |
415 |
} |
589 |
|
416 |
|
590 |
long QSslSocketPrivate::sslLibraryVersionNumber() |
|
|
591 |
{ |
592 |
if (!supportsSsl()) |
593 |
return 0; |
594 |
|
595 |
return q_SSLeay(); |
596 |
} |
597 |
|
598 |
QString QSslSocketPrivate::sslLibraryVersionString() |
599 |
{ |
600 |
if (!supportsSsl()) |
601 |
return QString(); |
602 |
|
603 |
const char *versionString = q_SSLeay_version(SSLEAY_VERSION); |
604 |
if (!versionString) |
605 |
return QString(); |
606 |
|
607 |
return QString::fromLatin1(versionString); |
608 |
} |
609 |
|
610 |
long QSslSocketPrivate::sslLibraryBuildVersionNumber() |
417 |
long QSslSocketPrivate::sslLibraryBuildVersionNumber() |
611 |
{ |
418 |
{ |
612 |
return OPENSSL_VERSION_NUMBER; |
419 |
return OPENSSL_VERSION_NUMBER; |
Lines 628-634
QString QSslSocketPrivate::sslLibraryBui
Link Here
|
628 |
*/ |
435 |
*/ |
629 |
void QSslSocketPrivate::resetDefaultCiphers() |
436 |
void QSslSocketPrivate::resetDefaultCiphers() |
630 |
{ |
437 |
{ |
|
|
438 |
#if QT_CONFIG(opensslv11) |
439 |
SSL_CTX *myCtx = q_SSL_CTX_new(q_TLS_client_method()); |
440 |
#else |
631 |
SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); |
441 |
SSL_CTX *myCtx = q_SSL_CTX_new(q_SSLv23_client_method()); |
|
|
442 |
#endif |
632 |
SSL *mySsl = q_SSL_new(myCtx); |
443 |
SSL *mySsl = q_SSL_new(myCtx); |
633 |
|
444 |
|
634 |
QList<QSslCipher> ciphers; |
445 |
QList<QSslCipher> ciphers; |
Lines 664-670
void QSslSocketPrivate::resetDefaultElli
Link Here
|
664 |
QVector<QSslEllipticCurve> curves; |
475 |
QVector<QSslEllipticCurve> curves; |
665 |
|
476 |
|
666 |
#ifndef OPENSSL_NO_EC |
477 |
#ifndef OPENSSL_NO_EC |
667 |
const size_t curveCount = q_EC_get_builtin_curves(NULL, 0); |
478 |
const size_t curveCount = q_EC_get_builtin_curves(nullptr, 0); |
668 |
|
479 |
|
669 |
QVarLengthArray<EC_builtin_curve> builtinCurves(static_cast<int>(curveCount)); |
480 |
QVarLengthArray<EC_builtin_curve> builtinCurves(static_cast<int>(curveCount)); |
670 |
|
481 |
|
Lines 698-710
QList<QSslCertificate> QSslSocketPrivate
Link Here
|
698 |
if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) { |
509 |
if (ptrCertOpenSystemStoreW && ptrCertFindCertificateInStore && ptrCertCloseStore) { |
699 |
HCERTSTORE hSystemStore; |
510 |
HCERTSTORE hSystemStore; |
700 |
hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT"); |
511 |
hSystemStore = ptrCertOpenSystemStoreW(0, L"ROOT"); |
701 |
if(hSystemStore) { |
512 |
if (hSystemStore) { |
702 |
PCCERT_CONTEXT pc = NULL; |
513 |
PCCERT_CONTEXT pc = nullptr; |
703 |
while(1) { |
514 |
while (1) { |
704 |
pc = ptrCertFindCertificateInStore( hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, NULL, pc); |
515 |
pc = ptrCertFindCertificateInStore(hSystemStore, X509_ASN_ENCODING, 0, CERT_FIND_ANY, nullptr, pc); |
705 |
if(!pc) |
516 |
if (!pc) |
706 |
break; |
517 |
break; |
707 |
QByteArray der((const char *)(pc->pbCertEncoded), static_cast<int>(pc->cbCertEncoded)); |
518 |
QByteArray der(reinterpret_cast<const char *>(pc->pbCertEncoded), |
|
|
519 |
static_cast<int>(pc->cbCertEncoded)); |
708 |
QSslCertificate cert(der, QSsl::Der); |
520 |
QSslCertificate cert(der, QSsl::Der); |
709 |
systemCerts.append(cert); |
521 |
systemCerts.append(cert); |
710 |
} |
522 |
} |
Lines 1502-1515
QSslCipher QSslSocketBackendPrivate::ses
Link Here
|
1502 |
{ |
1314 |
{ |
1503 |
if (!ssl) |
1315 |
if (!ssl) |
1504 |
return QSslCipher(); |
1316 |
return QSslCipher(); |
1505 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
1317 |
|
1506 |
// FIXME This is fairly evil, but needed to keep source level compatibility |
1318 |
const SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); |
1507 |
// with the OpenSSL 0.9.x implementation at maximum -- some other functions |
|
|
1508 |
// don't take a const SSL_CIPHER* when they should |
1509 |
SSL_CIPHER *sessionCipher = const_cast<SSL_CIPHER *>(q_SSL_get_current_cipher(ssl)); |
1510 |
#else |
1511 |
SSL_CIPHER *sessionCipher = q_SSL_get_current_cipher(ssl); |
1512 |
#endif |
1513 |
return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); |
1319 |
return sessionCipher ? QSslCipher_from_SSL_CIPHER(sessionCipher) : QSslCipher(); |
1514 |
} |
1320 |
} |
1515 |
|
1321 |
|
Lines 1535-1646
QSsl::SslProtocol QSslSocketBackendPriva
Link Here
|
1535 |
return QSsl::UnknownProtocol; |
1341 |
return QSsl::UnknownProtocol; |
1536 |
} |
1342 |
} |
1537 |
|
1343 |
|
1538 |
void QSslSocketBackendPrivate::continueHandshake() |
|
|
1539 |
{ |
1540 |
Q_Q(QSslSocket); |
1541 |
// if we have a max read buffer size, reset the plain socket's to match |
1542 |
if (readBufferMaxSize) |
1543 |
plainSocket->setReadBufferSize(readBufferMaxSize); |
1544 |
|
1545 |
if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) |
1546 |
configuration.peerSessionShared = true; |
1547 |
|
1548 |
#ifdef QT_DECRYPT_SSL_TRAFFIC |
1549 |
if (ssl->session && ssl->s3) { |
1550 |
const char *mk = reinterpret_cast<const char *>(ssl->session->master_key); |
1551 |
QByteArray masterKey(mk, ssl->session->master_key_length); |
1552 |
const char *random = reinterpret_cast<const char *>(ssl->s3->client_random); |
1553 |
QByteArray clientRandom(random, SSL3_RANDOM_SIZE); |
1554 |
|
1555 |
// different format, needed for e.g. older Wireshark versions: |
1556 |
// const char *sid = reinterpret_cast<const char *>(ssl->session->session_id); |
1557 |
// QByteArray sessionID(sid, ssl->session->session_id_length); |
1558 |
// QByteArray debugLineRSA("RSA Session-ID:"); |
1559 |
// debugLineRSA.append(sessionID.toHex().toUpper()); |
1560 |
// debugLineRSA.append(" Master-Key:"); |
1561 |
// debugLineRSA.append(masterKey.toHex().toUpper()); |
1562 |
// debugLineRSA.append("\n"); |
1563 |
|
1564 |
QByteArray debugLineClientRandom("CLIENT_RANDOM "); |
1565 |
debugLineClientRandom.append(clientRandom.toHex().toUpper()); |
1566 |
debugLineClientRandom.append(" "); |
1567 |
debugLineClientRandom.append(masterKey.toHex().toUpper()); |
1568 |
debugLineClientRandom.append("\n"); |
1569 |
|
1570 |
QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); |
1571 |
QFile file(sslKeyFile); |
1572 |
if (!file.open(QIODevice::Append)) |
1573 |
qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; |
1574 |
if (!file.write(debugLineClientRandom)) |
1575 |
qCWarning(lcSsl) << "could not write to file" << sslKeyFile; |
1576 |
file.close(); |
1577 |
} else { |
1578 |
qCWarning(lcSsl, "could not decrypt SSL traffic"); |
1579 |
} |
1580 |
#endif |
1581 |
|
1582 |
// Cache this SSL session inside the QSslContext |
1583 |
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { |
1584 |
if (!sslContextPointer->cacheSession(ssl)) { |
1585 |
sslContextPointer.clear(); // we could not cache the session |
1586 |
} else { |
1587 |
// Cache the session for permanent usage as well |
1588 |
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { |
1589 |
if (!sslContextPointer->sessionASN1().isEmpty()) |
1590 |
configuration.sslSession = sslContextPointer->sessionASN1(); |
1591 |
configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); |
1592 |
} |
1593 |
} |
1594 |
} |
1595 |
|
1596 |
#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) |
1597 |
|
1598 |
configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; |
1599 |
if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { |
1600 |
// we could not agree -> be conservative and use HTTP/1.1 |
1601 |
configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); |
1602 |
} else { |
1603 |
const unsigned char *proto = 0; |
1604 |
unsigned int proto_len = 0; |
1605 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
1606 |
if (q_SSLeay() >= 0x10002000L) { |
1607 |
q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); |
1608 |
if (proto_len && mode == QSslSocket::SslClientMode) { |
1609 |
// Client does not have a callback that sets it ... |
1610 |
configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; |
1611 |
} |
1612 |
} |
1613 |
|
1614 |
if (!proto_len) { // Test if NPN was more lucky ... |
1615 |
#else |
1616 |
{ |
1617 |
#endif |
1618 |
q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); |
1619 |
} |
1620 |
|
1621 |
if (proto_len) |
1622 |
configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); |
1623 |
else |
1624 |
configuration.nextNegotiatedProtocol.clear(); |
1625 |
} |
1626 |
#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... |
1627 |
|
1628 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
1629 |
if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { |
1630 |
EVP_PKEY *key; |
1631 |
if (q_SSL_get_server_tmp_key(ssl, &key)) |
1632 |
configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); |
1633 |
} |
1634 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... |
1635 |
|
1636 |
connectionEncrypted = true; |
1637 |
emit q->encrypted(); |
1638 |
if (autoStartHandshake && pendingClose) { |
1639 |
pendingClose = false; |
1640 |
q->disconnectFromHost(); |
1641 |
} |
1642 |
} |
1643 |
|
1644 |
QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) |
1344 |
QList<QSslCertificate> QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509) |
1645 |
{ |
1345 |
{ |
1646 |
ensureInitialized(); |
1346 |
ensureInitialized(); |
Lines 1694-1705
QList<QSslError> QSslSocketBackendPrivat
Link Here
|
1694 |
QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex); |
1394 |
QMutexLocker sslErrorListMutexLocker(&_q_sslErrorList()->mutex); |
1695 |
|
1395 |
|
1696 |
// Register a custom callback to get all verification errors. |
1396 |
// Register a custom callback to get all verification errors. |
1697 |
X509_STORE_set_verify_cb_func(certStore, q_X509Callback); |
1397 |
q_X509_STORE_set_verify_cb(certStore, q_X509Callback); |
1698 |
|
1398 |
|
1699 |
// Build the chain of intermediate certificates |
1399 |
// Build the chain of intermediate certificates |
1700 |
STACK_OF(X509) *intermediates = 0; |
1400 |
STACK_OF(X509) *intermediates = 0; |
1701 |
if (certificateChain.length() > 1) { |
1401 |
if (certificateChain.length() > 1) { |
1702 |
intermediates = (STACK_OF(X509) *) q_sk_new_null(); |
1402 |
intermediates = (STACK_OF(X509) *) q_OPENSSL_sk_new_null(); |
1703 |
|
1403 |
|
1704 |
if (!intermediates) { |
1404 |
if (!intermediates) { |
1705 |
q_X509_STORE_free(certStore); |
1405 |
q_X509_STORE_free(certStore); |
Lines 1713-1723
QList<QSslError> QSslSocketBackendPrivat
Link Here
|
1713 |
first = false; |
1413 |
first = false; |
1714 |
continue; |
1414 |
continue; |
1715 |
} |
1415 |
} |
1716 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
1416 |
|
1717 |
q_sk_push( (_STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle())); |
1417 |
q_OPENSSL_sk_push((OPENSSL_STACK *)intermediates, reinterpret_cast<X509 *>(cert.handle())); |
1718 |
#else |
|
|
1719 |
q_sk_push( (STACK *)intermediates, reinterpret_cast<char *>(cert.handle())); |
1720 |
#endif |
1721 |
} |
1418 |
} |
1722 |
} |
1419 |
} |
1723 |
|
1420 |
|
Lines 1741-1751
QList<QSslError> QSslSocketBackendPrivat
Link Here
|
1741 |
(void) q_X509_verify_cert(storeContext); |
1438 |
(void) q_X509_verify_cert(storeContext); |
1742 |
|
1439 |
|
1743 |
q_X509_STORE_CTX_free(storeContext); |
1440 |
q_X509_STORE_CTX_free(storeContext); |
1744 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
1441 |
q_OPENSSL_sk_free((OPENSSL_STACK *)intermediates); |
1745 |
q_sk_free( (_STACK *) intermediates); |
|
|
1746 |
#else |
1747 |
q_sk_free( (STACK *) intermediates); |
1748 |
#endif |
1749 |
|
1442 |
|
1750 |
// Now process the errors |
1443 |
// Now process the errors |
1751 |
const auto errorList = std::move(_q_sslErrorList()->errors); |
1444 |
const auto errorList = std::move(_q_sslErrorList()->errors); |
Lines 1819-1825
bool QSslSocketBackendPrivate::importPkc
Link Here
|
1819 |
// Convert to Qt types |
1512 |
// Convert to Qt types |
1820 |
if (!key->d->fromEVP_PKEY(pkey)) { |
1513 |
if (!key->d->fromEVP_PKEY(pkey)) { |
1821 |
qCWarning(lcSsl, "Unable to convert private key"); |
1514 |
qCWarning(lcSsl, "Unable to convert private key"); |
1822 |
q_sk_pop_free(reinterpret_cast<STACK *>(ca), reinterpret_cast<void(*)(void*)>(q_sk_free)); |
1515 |
q_OPENSSL_sk_pop_free(reinterpret_cast<OPENSSL_STACK *>(ca), |
|
|
1516 |
reinterpret_cast<void (*)(void *)>(q_OPENSSL_sk_free)); |
1823 |
q_X509_free(x509); |
1517 |
q_X509_free(x509); |
1824 |
q_EVP_PKEY_free(pkey); |
1518 |
q_EVP_PKEY_free(pkey); |
1825 |
q_PKCS12_free(p12); |
1519 |
q_PKCS12_free(p12); |
Lines 1834-1840
bool QSslSocketBackendPrivate::importPkc
Link Here
|
1834 |
*caCertificates = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ca); |
1528 |
*caCertificates = QSslSocketBackendPrivate::STACKOFX509_to_QSslCertificates(ca); |
1835 |
|
1529 |
|
1836 |
// Clean up |
1530 |
// Clean up |
1837 |
q_sk_pop_free(reinterpret_cast<STACK *>(ca), reinterpret_cast<void(*)(void*)>(q_sk_free)); |
1531 |
// TODO: verify ASAP, in the past we had sk_pop_free with q_OPENSSL_sk_free |
|
|
1532 |
// which seems to be blatantly wrong and even crashes with 1.1. |
1533 |
q_OPENSSL_sk_pop_free(reinterpret_cast<OPENSSL_STACK *>(ca), |
1534 |
reinterpret_cast<void (*)(void *)>(q_X509_free)); |
1535 |
|
1838 |
q_X509_free(x509); |
1536 |
q_X509_free(x509); |
1839 |
q_EVP_PKEY_free(pkey); |
1537 |
q_EVP_PKEY_free(pkey); |
1840 |
q_PKCS12_free(p12); |
1538 |
q_PKCS12_free(p12); |
1841 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl_p.h |
1539 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl_p.h |
Lines 1-6
Link Here
|
1 |
/**************************************************************************** |
1 |
/**************************************************************************** |
2 |
** |
2 |
** |
3 |
** Copyright (C) 2016 The Qt Company Ltd. |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Contact: https://www.qt.io/licensing/ |
4 |
** Contact: https://www.qt.io/licensing/ |
5 |
** |
5 |
** |
6 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
6 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
Lines 98-105
Link Here
|
98 |
#include <openssl/crypto.h> |
98 |
#include <openssl/crypto.h> |
99 |
#include <openssl/tls1.h> |
99 |
#include <openssl/tls1.h> |
100 |
|
100 |
|
101 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
101 |
#if QT_CONFIG(opensslv11) |
102 |
typedef _STACK STACK; |
102 |
#include <openssl/dh.h> |
103 |
#endif |
103 |
#endif |
104 |
|
104 |
|
105 |
QT_BEGIN_NAMESPACE |
105 |
QT_BEGIN_NAMESPACE |
Lines 151-157
public:
Link Here
|
151 |
#endif |
151 |
#endif |
152 |
|
152 |
|
153 |
Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); |
153 |
Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); |
154 |
static QSslCipher QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher); |
154 |
static QSslCipher QSslCipher_from_SSL_CIPHER(const SSL_CIPHER *cipher); |
155 |
static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509); |
155 |
static QList<QSslCertificate> STACKOFX509_to_QSslCertificates(STACK_OF(X509) *x509); |
156 |
static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName); |
156 |
static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName); |
157 |
static QString getErrorsFromOpenSsl(); |
157 |
static QString getErrorsFromOpenSsl(); |
158 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_opensslpre11.cpp |
158 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_opensslpre11.cpp |
Line 0
Link Here
|
0 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h |
1 |
/**************************************************************************** |
|
|
2 |
** |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 Governikus GmbH & Co. KG |
5 |
** Contact: https://www.qt.io/licensing/ |
6 |
** |
7 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
8 |
** |
9 |
** $QT_BEGIN_LICENSE:LGPL$ |
10 |
** Commercial License Usage |
11 |
** Licensees holding valid commercial Qt licenses may use this file in |
12 |
** accordance with the commercial license agreement provided with the |
13 |
** Software or, alternatively, in accordance with the terms contained in |
14 |
** a written agreement between you and The Qt Company. For licensing terms |
15 |
** and conditions see https://www.qt.io/terms-conditions. For further |
16 |
** information use the contact form at https://www.qt.io/contact-us. |
17 |
** |
18 |
** GNU Lesser General Public License Usage |
19 |
** Alternatively, this file may be used under the terms of the GNU Lesser |
20 |
** General Public License version 3 as published by the Free Software |
21 |
** Foundation and appearing in the file LICENSE.LGPL3 included in the |
22 |
** packaging of this file. Please review the following information to |
23 |
** ensure the GNU Lesser General Public License version 3 requirements |
24 |
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
25 |
** |
26 |
** GNU General Public License Usage |
27 |
** Alternatively, this file may be used under the terms of the GNU |
28 |
** General Public License version 2.0 or (at your option) the GNU General |
29 |
** Public license version 3 or any later version approved by the KDE Free |
30 |
** Qt Foundation. The licenses are as published by the Free Software |
31 |
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
32 |
** included in the packaging of this file. Please review the following |
33 |
** information to ensure the GNU General Public License requirements will |
34 |
** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
35 |
** https://www.gnu.org/licenses/gpl-3.0.html. |
36 |
** |
37 |
** $QT_END_LICENSE$ |
38 |
** |
39 |
****************************************************************************/ |
40 |
|
41 |
/**************************************************************************** |
42 |
** |
43 |
** In addition, as a special exception, the copyright holders listed above give |
44 |
** permission to link the code of its release of Qt with the OpenSSL project's |
45 |
** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the |
46 |
** same license as the original version), and distribute the linked executables. |
47 |
** |
48 |
** You must comply with the GNU General Public License version 2 in all |
49 |
** respects for all of the code used other than the "OpenSSL" code. If you |
50 |
** modify this file, you may extend this exception to your version of the file, |
51 |
** but you are not obligated to do so. If you do not wish to do so, delete |
52 |
** this exception statement from your version of this file. |
53 |
** |
54 |
****************************************************************************/ |
55 |
|
56 |
//#define QT_DECRYPT_SSL_TRAFFIC |
57 |
|
58 |
#include "qssl_p.h" |
59 |
#include "qsslsocket_openssl_p.h" |
60 |
#include "qsslsocket_openssl_symbols_p.h" |
61 |
#include "qsslsocket.h" |
62 |
#include "qsslkey.h" |
63 |
|
64 |
#include <QtCore/qdebug.h> |
65 |
#include <QtCore/qdir.h> |
66 |
#include <QtCore/qdiriterator.h> |
67 |
#include <QtCore/qthread.h> |
68 |
#include <QtCore/qfile.h> |
69 |
#include <QtCore/qmutex.h> |
70 |
#include <QtCore/qlibrary.h> |
71 |
|
72 |
QT_BEGIN_NAMESPACE |
73 |
|
74 |
/* \internal |
75 |
|
76 |
From OpenSSL's thread(3) manual page: |
77 |
|
78 |
OpenSSL can safely be used in multi-threaded applications provided that at |
79 |
least two callback functions are set. |
80 |
|
81 |
locking_function(int mode, int n, const char *file, int line) is needed to |
82 |
perform locking on shared data structures. (Note that OpenSSL uses a |
83 |
number of global data structures that will be implicitly shared |
84 |
whenever multiple threads use OpenSSL.) Multi-threaded |
85 |
applications will crash at random if it is not set. ... |
86 |
... |
87 |
id_function(void) is a function that returns a thread ID. It is not |
88 |
needed on Windows nor on platforms where getpid() returns a different |
89 |
ID for each thread (most notably Linux) |
90 |
*/ |
91 |
|
92 |
class QOpenSslLocks |
93 |
{ |
94 |
public: |
95 |
QOpenSslLocks() |
96 |
: initLocker(QMutex::Recursive), |
97 |
locksLocker(QMutex::Recursive) |
98 |
{ |
99 |
QMutexLocker locker(&locksLocker); |
100 |
int numLocks = q_CRYPTO_num_locks(); |
101 |
locks = new QMutex *[numLocks]; |
102 |
memset(locks, 0, numLocks * sizeof(QMutex *)); |
103 |
} |
104 |
~QOpenSslLocks() |
105 |
{ |
106 |
QMutexLocker locker(&locksLocker); |
107 |
for (int i = 0; i < q_CRYPTO_num_locks(); ++i) |
108 |
delete locks[i]; |
109 |
delete [] locks; |
110 |
|
111 |
QSslSocketPrivate::deinitialize(); |
112 |
} |
113 |
QMutex *lock(int num) |
114 |
{ |
115 |
QMutexLocker locker(&locksLocker); |
116 |
QMutex *tmp = locks[num]; |
117 |
if (!tmp) |
118 |
tmp = locks[num] = new QMutex(QMutex::Recursive); |
119 |
return tmp; |
120 |
} |
121 |
|
122 |
QMutex *globalLock() |
123 |
{ |
124 |
return &locksLocker; |
125 |
} |
126 |
|
127 |
QMutex *initLock() |
128 |
{ |
129 |
return &initLocker; |
130 |
} |
131 |
|
132 |
private: |
133 |
QMutex initLocker; |
134 |
QMutex locksLocker; |
135 |
QMutex **locks; |
136 |
}; |
137 |
|
138 |
Q_GLOBAL_STATIC(QOpenSslLocks, openssl_locks) |
139 |
|
140 |
extern "C" { |
141 |
static void locking_function(int mode, int lockNumber, const char *, int) |
142 |
{ |
143 |
QMutex *mutex = openssl_locks()->lock(lockNumber); |
144 |
|
145 |
// Lock or unlock it |
146 |
if (mode & CRYPTO_LOCK) |
147 |
mutex->lock(); |
148 |
else |
149 |
mutex->unlock(); |
150 |
} |
151 |
static unsigned long id_function() |
152 |
{ |
153 |
return (quintptr)QThread::currentThreadId(); |
154 |
} |
155 |
|
156 |
} // extern "C" |
157 |
|
158 |
static void q_OpenSSL_add_all_algorithms_safe() |
159 |
{ |
160 |
#ifdef Q_OS_WIN |
161 |
// Prior to version 1.0.1m an attempt to call OpenSSL_add_all_algorithms on |
162 |
// Windows could result in 'exit' call from OPENSSL_config (QTBUG-43843). |
163 |
// We can predict this and avoid OPENSSL_add_all_algorithms call. |
164 |
// From OpenSSL docs: |
165 |
// "An application does not need to add algorithms to use them explicitly, |
166 |
// for example by EVP_sha1(). It just needs to add them if it (or any of |
167 |
// the functions it calls) needs to lookup algorithms. |
168 |
// The cipher and digest lookup functions are used in many parts of the |
169 |
// library. If the table is not initialized several functions will |
170 |
// misbehave and complain they cannot find algorithms. This includes the |
171 |
// PEM, PKCS#12, SSL and S/MIME libraries. This is a common query in |
172 |
// the OpenSSL mailing lists." |
173 |
// |
174 |
// Anyway, as a result, we chose not to call this function if it would exit. |
175 |
|
176 |
if (q_SSLeay() < 0x100010DFL) |
177 |
{ |
178 |
// Now, before we try to call it, check if an attempt to open config file |
179 |
// will result in exit: |
180 |
if (char *confFileName = q_CONF_get1_default_config_file()) { |
181 |
BIO *confFile = q_BIO_new_file(confFileName, "r"); |
182 |
const auto lastError = q_ERR_peek_last_error(); |
183 |
q_CRYPTO_free(confFileName); |
184 |
if (confFile) { |
185 |
q_BIO_free(confFile); |
186 |
} else { |
187 |
q_ERR_clear_error(); |
188 |
if (ERR_GET_REASON(lastError) == ERR_R_SYS_LIB) { |
189 |
qCWarning(lcSsl, "failed to open openssl.conf file"); |
190 |
return; |
191 |
} |
192 |
} |
193 |
} |
194 |
} |
195 |
#endif // Q_OS_WIN |
196 |
|
197 |
q_OpenSSL_add_all_algorithms(); |
198 |
} |
199 |
|
200 |
|
201 |
/*! |
202 |
\internal |
203 |
*/ |
204 |
void QSslSocketPrivate::deinitialize() |
205 |
{ |
206 |
q_CRYPTO_set_id_callback(0); |
207 |
q_CRYPTO_set_locking_callback(0); |
208 |
q_ERR_free_strings(); |
209 |
} |
210 |
|
211 |
|
212 |
bool QSslSocketPrivate::ensureLibraryLoaded() |
213 |
{ |
214 |
if (!q_resolveOpenSslSymbols()) |
215 |
return false; |
216 |
|
217 |
// Check if the library itself needs to be initialized. |
218 |
QMutexLocker locker(openssl_locks()->initLock()); |
219 |
|
220 |
if (!s_libraryLoaded) { |
221 |
s_libraryLoaded = true; |
222 |
|
223 |
// Initialize OpenSSL. |
224 |
q_CRYPTO_set_id_callback(id_function); |
225 |
q_CRYPTO_set_locking_callback(locking_function); |
226 |
if (q_SSL_library_init() != 1) |
227 |
return false; |
228 |
q_SSL_load_error_strings(); |
229 |
q_OpenSSL_add_all_algorithms_safe(); |
230 |
|
231 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
232 |
if (q_SSLeay() >= 0x10001000L) |
233 |
QSslSocketBackendPrivate::s_indexForSSLExtraData = q_SSL_get_ex_new_index(0L, NULL, NULL, NULL, NULL); |
234 |
#endif |
235 |
|
236 |
// Initialize OpenSSL's random seed. |
237 |
if (!q_RAND_status()) { |
238 |
qWarning("Random number generator not seeded, disabling SSL support"); |
239 |
return false; |
240 |
} |
241 |
} |
242 |
return true; |
243 |
} |
244 |
|
245 |
void QSslSocketPrivate::ensureCiphersAndCertsLoaded() |
246 |
{ |
247 |
QMutexLocker locker(openssl_locks()->initLock()); |
248 |
if (s_loadedCiphersAndCerts) |
249 |
return; |
250 |
s_loadedCiphersAndCerts = true; |
251 |
|
252 |
resetDefaultCiphers(); |
253 |
resetDefaultEllipticCurves(); |
254 |
|
255 |
#if QT_CONFIG(library) |
256 |
//load symbols needed to receive certificates from system store |
257 |
#if defined(Q_OS_WIN) |
258 |
HINSTANCE hLib = LoadLibraryW(L"Crypt32"); |
259 |
if (hLib) { |
260 |
ptrCertOpenSystemStoreW = (PtrCertOpenSystemStoreW)GetProcAddress(hLib, "CertOpenSystemStoreW"); |
261 |
ptrCertFindCertificateInStore = (PtrCertFindCertificateInStore)GetProcAddress(hLib, "CertFindCertificateInStore"); |
262 |
ptrCertCloseStore = (PtrCertCloseStore)GetProcAddress(hLib, "CertCloseStore"); |
263 |
if (!ptrCertOpenSystemStoreW || !ptrCertFindCertificateInStore || !ptrCertCloseStore) |
264 |
qCWarning(lcSsl, "could not resolve symbols in crypt32 library"); // should never happen |
265 |
} else { |
266 |
qCWarning(lcSsl, "could not load crypt32 library"); // should never happen |
267 |
} |
268 |
#elif defined(Q_OS_QNX) |
269 |
s_loadRootCertsOnDemand = true; |
270 |
#elif defined(Q_OS_UNIX) && !defined(Q_OS_MACOS) |
271 |
// check whether we can enable on-demand root-cert loading (i.e. check whether the sym links are there) |
272 |
QList<QByteArray> dirs = unixRootCertDirectories(); |
273 |
QStringList symLinkFilter; |
274 |
symLinkFilter << QLatin1String("[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[0-9]"); |
275 |
for (int a = 0; a < dirs.count(); ++a) { |
276 |
QDirIterator iterator(QLatin1String(dirs.at(a)), symLinkFilter, QDir::Files); |
277 |
if (iterator.hasNext()) { |
278 |
s_loadRootCertsOnDemand = true; |
279 |
break; |
280 |
} |
281 |
} |
282 |
#endif |
283 |
#endif // QT_CONFIG(library) |
284 |
// if on-demand loading was not enabled, load the certs now |
285 |
if (!s_loadRootCertsOnDemand) |
286 |
setDefaultCaCertificates(systemCaCertificates()); |
287 |
#ifdef Q_OS_WIN |
288 |
//Enabled for fetching additional root certs from windows update on windows 6+ |
289 |
//This flag is set false by setDefaultCaCertificates() indicating the app uses |
290 |
//its own cert bundle rather than the system one. |
291 |
//Same logic that disables the unix on demand cert loading. |
292 |
//Unlike unix, we do preload the certificates from the cert store. |
293 |
if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) |
294 |
s_loadRootCertsOnDemand = true; |
295 |
#endif |
296 |
} |
297 |
|
298 |
long QSslSocketPrivate::sslLibraryVersionNumber() |
299 |
{ |
300 |
if (!supportsSsl()) |
301 |
return 0; |
302 |
|
303 |
return q_SSLeay(); |
304 |
} |
305 |
|
306 |
QString QSslSocketPrivate::sslLibraryVersionString() |
307 |
{ |
308 |
if (!supportsSsl()) |
309 |
return QString(); |
310 |
|
311 |
const char *versionString = q_SSLeay_version(SSLEAY_VERSION); |
312 |
if (!versionString) |
313 |
return QString(); |
314 |
|
315 |
return QString::fromLatin1(versionString); |
316 |
} |
317 |
|
318 |
void QSslSocketBackendPrivate::continueHandshake() |
319 |
{ |
320 |
Q_Q(QSslSocket); |
321 |
// if we have a max read buffer size, reset the plain socket's to match |
322 |
if (readBufferMaxSize) |
323 |
plainSocket->setReadBufferSize(readBufferMaxSize); |
324 |
|
325 |
if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) |
326 |
configuration.peerSessionShared = true; |
327 |
|
328 |
#ifdef QT_DECRYPT_SSL_TRAFFIC |
329 |
if (ssl->session && ssl->s3) { |
330 |
const char *mk = reinterpret_cast<const char *>(ssl->session->master_key); |
331 |
QByteArray masterKey(mk, ssl->session->master_key_length); |
332 |
const char *random = reinterpret_cast<const char *>(ssl->s3->client_random); |
333 |
QByteArray clientRandom(random, SSL3_RANDOM_SIZE); |
334 |
|
335 |
// different format, needed for e.g. older Wireshark versions: |
336 |
// const char *sid = reinterpret_cast<const char *>(ssl->session->session_id); |
337 |
// QByteArray sessionID(sid, ssl->session->session_id_length); |
338 |
// QByteArray debugLineRSA("RSA Session-ID:"); |
339 |
// debugLineRSA.append(sessionID.toHex().toUpper()); |
340 |
// debugLineRSA.append(" Master-Key:"); |
341 |
// debugLineRSA.append(masterKey.toHex().toUpper()); |
342 |
// debugLineRSA.append("\n"); |
343 |
|
344 |
QByteArray debugLineClientRandom("CLIENT_RANDOM "); |
345 |
debugLineClientRandom.append(clientRandom.toHex().toUpper()); |
346 |
debugLineClientRandom.append(" "); |
347 |
debugLineClientRandom.append(masterKey.toHex().toUpper()); |
348 |
debugLineClientRandom.append("\n"); |
349 |
|
350 |
QString sslKeyFile = QDir::tempPath() + QLatin1String("/qt-ssl-keys"); |
351 |
QFile file(sslKeyFile); |
352 |
if (!file.open(QIODevice::Append)) |
353 |
qCWarning(lcSsl) << "could not open file" << sslKeyFile << "for appending"; |
354 |
if (!file.write(debugLineClientRandom)) |
355 |
qCWarning(lcSsl) << "could not write to file" << sslKeyFile; |
356 |
file.close(); |
357 |
} else { |
358 |
qCWarning(lcSsl, "could not decrypt SSL traffic"); |
359 |
} |
360 |
#endif |
361 |
|
362 |
// Cache this SSL session inside the QSslContext |
363 |
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionSharing)) { |
364 |
if (!sslContextPointer->cacheSession(ssl)) { |
365 |
sslContextPointer.clear(); // we could not cache the session |
366 |
} else { |
367 |
// Cache the session for permanent usage as well |
368 |
if (!(configuration.sslOptions & QSsl::SslOptionDisableSessionPersistence)) { |
369 |
if (!sslContextPointer->sessionASN1().isEmpty()) |
370 |
configuration.sslSession = sslContextPointer->sessionASN1(); |
371 |
configuration.sslSessionTicketLifeTimeHint = sslContextPointer->sessionTicketLifeTimeHint(); |
372 |
} |
373 |
} |
374 |
} |
375 |
|
376 |
#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) |
377 |
|
378 |
configuration.nextProtocolNegotiationStatus = sslContextPointer->npnContext().status; |
379 |
if (sslContextPointer->npnContext().status == QSslConfiguration::NextProtocolNegotiationUnsupported) { |
380 |
// we could not agree -> be conservative and use HTTP/1.1 |
381 |
configuration.nextNegotiatedProtocol = QByteArrayLiteral("http/1.1"); |
382 |
} else { |
383 |
const unsigned char *proto = 0; |
384 |
unsigned int proto_len = 0; |
385 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
386 |
if (q_SSLeay() >= 0x10002000L) { |
387 |
q_SSL_get0_alpn_selected(ssl, &proto, &proto_len); |
388 |
if (proto_len && mode == QSslSocket::SslClientMode) { |
389 |
// Client does not have a callback that sets it ... |
390 |
configuration.nextProtocolNegotiationStatus = QSslConfiguration::NextProtocolNegotiationNegotiated; |
391 |
} |
392 |
} |
393 |
|
394 |
if (!proto_len) { // Test if NPN was more lucky ... |
395 |
#else |
396 |
{ |
397 |
#endif |
398 |
q_SSL_get0_next_proto_negotiated(ssl, &proto, &proto_len); |
399 |
} |
400 |
|
401 |
if (proto_len) |
402 |
configuration.nextNegotiatedProtocol = QByteArray(reinterpret_cast<const char *>(proto), proto_len); |
403 |
else |
404 |
configuration.nextNegotiatedProtocol.clear(); |
405 |
} |
406 |
#endif // OPENSSL_VERSION_NUMBER >= 0x1000100fL ... |
407 |
|
408 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
409 |
if (q_SSLeay() >= 0x10002000L && mode == QSslSocket::SslClientMode) { |
410 |
EVP_PKEY *key; |
411 |
if (q_SSL_get_server_tmp_key(ssl, &key)) |
412 |
configuration.ephemeralServerKey = QSslKey(key, QSsl::PublicKey); |
413 |
} |
414 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L ... |
415 |
|
416 |
connectionEncrypted = true; |
417 |
emit q->encrypted(); |
418 |
if (autoStartHandshake && pendingClose) { |
419 |
pendingClose = false; |
420 |
q->disconnectFromHost(); |
421 |
} |
422 |
} |
423 |
|
424 |
QT_END_NAMESPACE |
|
|
425 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_opensslpre11_symbols_p.h |
Line 0
Link Here
|
0 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl_symbols.cpp |
1 |
/**************************************************************************** |
|
|
2 |
** |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
5 |
** Contact: https://www.qt.io/licensing/ |
6 |
** |
7 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
8 |
** |
9 |
** $QT_BEGIN_LICENSE:LGPL$ |
10 |
** Commercial License Usage |
11 |
** Licensees holding valid commercial Qt licenses may use this file in |
12 |
** accordance with the commercial license agreement provided with the |
13 |
** Software or, alternatively, in accordance with the terms contained in |
14 |
** a written agreement between you and The Qt Company. For licensing terms |
15 |
** and conditions see https://www.qt.io/terms-conditions. For further |
16 |
** information use the contact form at https://www.qt.io/contact-us. |
17 |
** |
18 |
** GNU Lesser General Public License Usage |
19 |
** Alternatively, this file may be used under the terms of the GNU Lesser |
20 |
** General Public License version 3 as published by the Free Software |
21 |
** Foundation and appearing in the file LICENSE.LGPL3 included in the |
22 |
** packaging of this file. Please review the following information to |
23 |
** ensure the GNU Lesser General Public License version 3 requirements |
24 |
** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
25 |
** |
26 |
** GNU General Public License Usage |
27 |
** Alternatively, this file may be used under the terms of the GNU |
28 |
** General Public License version 2.0 or (at your option) the GNU General |
29 |
** Public license version 3 or any later version approved by the KDE Free |
30 |
** Qt Foundation. The licenses are as published by the Free Software |
31 |
** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
32 |
** included in the packaging of this file. Please review the following |
33 |
** information to ensure the GNU General Public License requirements will |
34 |
** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
35 |
** https://www.gnu.org/licenses/gpl-3.0.html. |
36 |
** |
37 |
** $QT_END_LICENSE$ |
38 |
** |
39 |
****************************************************************************/ |
40 |
|
41 |
/**************************************************************************** |
42 |
** |
43 |
** In addition, as a special exception, the copyright holders listed above give |
44 |
** permission to link the code of its release of Qt with the OpenSSL project's |
45 |
** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the |
46 |
** same license as the original version), and distribute the linked executables. |
47 |
** |
48 |
** You must comply with the GNU General Public License version 2 in all |
49 |
** respects for all of the code used other than the "OpenSSL" code. If you |
50 |
** modify this file, you may extend this exception to your version of the file, |
51 |
** but you are not obligated to do so. If you do not wish to do so, delete |
52 |
** this exception statement from your version of this file. |
53 |
** |
54 |
****************************************************************************/ |
55 |
|
56 |
|
57 |
#ifndef QSSLSOCKET_OPENSSLPRE11_SYMBOLS_P_H |
58 |
#define QSSLSOCKET_OPENSSLPRE11_SYMBOLS_P_H |
59 |
|
60 |
// |
61 |
// W A R N I N G |
62 |
// ------------- |
63 |
// |
64 |
// This file is not part of the Qt API. It exists purely as an |
65 |
// implementation detail. This header file may change from version to |
66 |
// version without notice, or even be removed. |
67 |
// |
68 |
// We mean it. |
69 |
// |
70 |
|
71 |
// Note: this file does not have QT_BEGIN_NAMESPACE/QT_END_NAMESPACE, it's done |
72 |
// in qsslsocket_openssl_symbols_p.h. |
73 |
|
74 |
#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H |
75 |
#error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" |
76 |
#endif |
77 |
|
78 |
unsigned char * q_ASN1_STRING_data(ASN1_STRING *a); |
79 |
BIO *q_BIO_new_file(const char *filename, const char *mode); |
80 |
void q_ERR_clear_error(); |
81 |
Q_AUTOTEST_EXPORT BIO *q_BIO_new(BIO_METHOD *a); |
82 |
Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem(); |
83 |
int q_CRYPTO_num_locks(); |
84 |
void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); |
85 |
void q_CRYPTO_set_id_callback(unsigned long (*a)()); |
86 |
void q_CRYPTO_free(void *a); |
87 |
unsigned long q_ERR_peek_last_error(); |
88 |
void q_ERR_free_strings(); |
89 |
void q_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); |
90 |
void q_EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); |
91 |
|
92 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
93 |
typedef _STACK STACK; |
94 |
#endif |
95 |
|
96 |
// The typedef we use to make our pre 1.1 code look more like 1.1 (less ifdefs). |
97 |
typedef STACK OPENSSL_STACK; |
98 |
|
99 |
// We resolve q_sk_ functions, but use q_OPENSSL_sk_ macros in code to reduce |
100 |
// the amount of #ifdefs. |
101 |
int q_sk_num(STACK *a); |
102 |
#define q_OPENSSL_sk_num(a) q_sk_num(a) |
103 |
void q_sk_pop_free(STACK *a, void (*b)(void *)); |
104 |
#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b) |
105 |
STACK *q_sk_new_null(); |
106 |
#define q_OPENSSL_sk_new_null() q_sk_new_null() |
107 |
|
108 |
void q_sk_free(STACK *a); |
109 |
|
110 |
// Just a name alias (not a function call expression) since in code we take an |
111 |
// address of this: |
112 |
#define q_OPENSSL_sk_free q_sk_free |
113 |
|
114 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
115 |
void *q_sk_value(STACK *a, int b); |
116 |
void q_sk_push(STACK *st, void *data); |
117 |
#else |
118 |
char *q_sk_value(STACK *a, int b); |
119 |
void q_sk_push(STACK *st, char *data); |
120 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L |
121 |
|
122 |
#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b) |
123 |
#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data) |
124 |
|
125 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
126 |
SSL_CTX *q_SSL_CTX_new(const SSL_METHOD *a); |
127 |
#else |
128 |
SSL_CTX *q_SSL_CTX_new(SSL_METHOD *a); |
129 |
#endif |
130 |
|
131 |
int q_SSL_library_init(); |
132 |
void q_SSL_load_error_strings(); |
133 |
|
134 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
135 |
int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
136 |
#endif |
137 |
|
138 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
139 |
#ifndef OPENSSL_NO_SSL2 |
140 |
const SSL_METHOD *q_SSLv2_client_method(); |
141 |
#endif |
142 |
#ifndef OPENSSL_NO_SSL3_METHOD |
143 |
const SSL_METHOD *q_SSLv3_client_method(); |
144 |
#endif |
145 |
const SSL_METHOD *q_SSLv23_client_method(); |
146 |
const SSL_METHOD *q_TLSv1_client_method(); |
147 |
const SSL_METHOD *q_TLSv1_1_client_method(); |
148 |
const SSL_METHOD *q_TLSv1_2_client_method(); |
149 |
#ifndef OPENSSL_NO_SSL2 |
150 |
const SSL_METHOD *q_SSLv2_server_method(); |
151 |
#endif |
152 |
#ifndef OPENSSL_NO_SSL3_METHOD |
153 |
const SSL_METHOD *q_SSLv3_server_method(); |
154 |
#endif |
155 |
const SSL_METHOD *q_SSLv23_server_method(); |
156 |
const SSL_METHOD *q_TLSv1_server_method(); |
157 |
const SSL_METHOD *q_TLSv1_1_server_method(); |
158 |
const SSL_METHOD *q_TLSv1_2_server_method(); |
159 |
#else |
160 |
#ifndef OPENSSL_NO_SSL2 |
161 |
SSL_METHOD *q_SSLv2_client_method(); |
162 |
#endif |
163 |
#ifndef OPENSSL_NO_SSL3_METHOD |
164 |
SSL_METHOD *q_SSLv3_client_method(); |
165 |
#endif |
166 |
SSL_METHOD *q_SSLv23_client_method(); |
167 |
SSL_METHOD *q_TLSv1_client_method(); |
168 |
SSL_METHOD *q_TLSv1_1_client_method(); |
169 |
SSL_METHOD *q_TLSv1_2_client_method(); |
170 |
#ifndef OPENSSL_NO_SSL2 |
171 |
SSL_METHOD *q_SSLv2_server_method(); |
172 |
#endif |
173 |
#ifndef OPENSSL_NO_SSL3_METHOD |
174 |
SSL_METHOD *q_SSLv3_server_method(); |
175 |
#endif |
176 |
SSL_METHOD *q_SSLv23_server_method(); |
177 |
SSL_METHOD *q_TLSv1_server_method(); |
178 |
SSL_METHOD *q_TLSv1_1_server_method(); |
179 |
SSL_METHOD *q_TLSv1_2_server_method(); |
180 |
#endif |
181 |
|
182 |
STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); |
183 |
|
184 |
#ifdef SSLEAY_MACROS |
185 |
int q_i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); |
186 |
int q_i2d_RSAPrivateKey(const RSA *a, unsigned char **pp); |
187 |
RSA *q_d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); |
188 |
DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); |
189 |
#define q_PEM_read_bio_RSAPrivateKey(bp, x, cb, u) \ |
190 |
(RSA *)q_PEM_ASN1_read_bio( \ |
191 |
(void *(*)(void**, const unsigned char**, long int))q_d2i_RSAPrivateKey, PEM_STRING_RSA, bp, (void **)x, cb, u) |
192 |
#define q_PEM_read_bio_DSAPrivateKey(bp, x, cb, u) \ |
193 |
(DSA *)q_PEM_ASN1_read_bio( \ |
194 |
(void *(*)(void**, const unsigned char**, long int))q_d2i_DSAPrivateKey, PEM_STRING_DSA, bp, (void **)x, cb, u) |
195 |
#define q_PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ |
196 |
PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_RSAPrivateKey,PEM_STRING_RSA,\ |
197 |
bp,(char *)x,enc,kstr,klen,cb,u) |
198 |
#define q_PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ |
199 |
PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ |
200 |
bp,(char *)x,enc,kstr,klen,cb,u) |
201 |
#define q_PEM_read_bio_DHparams(bp, dh, cb, u) \ |
202 |
(DH *)q_PEM_ASN1_read_bio( \ |
203 |
(void *(*)(void**, const unsigned char**, long int))q_d2i_DHparams, PEM_STRING_DHPARAMS, bp, (void **)x, cb, u) |
204 |
#endif // SSLEAY_MACROS |
205 |
|
206 |
#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) |
207 |
#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) |
208 |
#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) |
209 |
#define q_X509_getm_notAfter(x) X509_get_notAfter(x) |
210 |
#define q_X509_getm_notBefore(x) X509_get_notBefore(x) |
211 |
|
212 |
// "Forward compatibility" with OpenSSL 1.1 (to save on #if-ery elsewhere): |
213 |
#define q_X509_get_version(x509) q_ASN1_INTEGER_get((x509)->cert_info->version) |
214 |
#define q_ASN1_STRING_get0_data(x) q_ASN1_STRING_data(x) |
215 |
#define q_EVP_PKEY_base_id(pkey) ((pkey)->type) |
216 |
#define q_X509_get_pubkey(x509) q_X509_PUBKEY_get((x509)->cert_info->key) |
217 |
#define q_SSL_SESSION_get_ticket_lifetime_hint(s) ((s)->tlsext_tick_lifetime_hint) |
218 |
#define q_RSA_bits(rsa) q_BN_num_bits((rsa)->n) |
219 |
#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p) |
220 |
#define q_X509_STORE_set_verify_cb(s,c) X509_STORE_set_verify_cb_func((s),(c)) |
221 |
|
222 |
char *q_CONF_get1_default_config_file(); |
223 |
void q_OPENSSL_add_all_algorithms_noconf(); |
224 |
void q_OPENSSL_add_all_algorithms_conf(); |
225 |
|
226 |
long q_SSLeay(); |
227 |
const char *q_SSLeay_version(int type); |
228 |
|
229 |
|
230 |
#endif // QSSLSOCKET_OPENSSL_PRE11_SYMBOLS_P_H |
|
|
231 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl_symbols.cpp |
Lines 1-7
Link Here
|
1 |
/**************************************************************************** |
1 |
/**************************************************************************** |
2 |
** |
2 |
** |
3 |
** Copyright (C) 2016 The Qt Company Ltd. |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
|
|
5 |
** Copyright (C) 2016 Richard J. Moore <rich@kde.org> |
5 |
** Contact: https://www.qt.io/licensing/ |
6 |
** Contact: https://www.qt.io/licensing/ |
6 |
** |
7 |
** |
7 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
8 |
** This file is part of the QtNetwork module of the Qt Toolkit. |
Lines 136-184
void qsslSocketCannotResolveSymbolWarnin
Link Here
|
136 |
|
137 |
|
137 |
#endif // QT_LINKED_OPENSSL |
138 |
#endif // QT_LINKED_OPENSSL |
138 |
|
139 |
|
|
|
140 |
#if QT_CONFIG(opensslv11) |
141 |
|
142 |
// Below are the functions first introduced in version 1.1: |
143 |
|
144 |
DEFINEFUNC(const unsigned char *, ASN1_STRING_get0_data, const ASN1_STRING *a, a, return 0, return) |
145 |
DEFINEFUNC2(int, OPENSSL_init_ssl, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return) |
146 |
DEFINEFUNC2(int, OPENSSL_init_crypto, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return) |
147 |
DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return) |
148 |
DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) |
149 |
DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) |
150 |
DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) |
151 |
DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) |
152 |
DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) |
153 |
DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) |
154 |
DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) |
155 |
DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) |
156 |
DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return 0, return) |
157 |
DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) |
158 |
DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) |
159 |
DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return 0, return) |
160 |
DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) |
161 |
DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) |
162 |
DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return) |
163 |
DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return) |
164 |
DEFINEFUNC6(int, CRYPTO_get_ex_new_index, int class_index, class_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) |
165 |
|
166 |
DEFINEFUNC(const SSL_METHOD *, TLS_method, DUMMYARG, DUMMYARG, return 0, return) |
167 |
DEFINEFUNC(const SSL_METHOD *, TLS_client_method, DUMMYARG, DUMMYARG, return 0, return) |
168 |
DEFINEFUNC(const SSL_METHOD *, TLS_server_method, DUMMYARG, DUMMYARG, return 0, return) |
169 |
DEFINEFUNC(ASN1_TIME *, X509_getm_notBefore, X509 *a, a, return 0, return) |
170 |
DEFINEFUNC(ASN1_TIME *, X509_getm_notAfter, X509 *a, a, return 0, return) |
171 |
DEFINEFUNC(long, X509_get_version, X509 *a, a, return -1, return) |
172 |
DEFINEFUNC(EVP_PKEY *, X509_get_pubkey, X509 *a, a, return 0, return) |
173 |
DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_verify_cb verify_cb, verify_cb, return, DUMMYARG) |
174 |
DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return 0, return) |
175 |
DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG) |
176 |
DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return) |
177 |
DEFINEFUNC(const char *, OpenSSL_version, int a, a, return 0, return) |
178 |
DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return) |
179 |
DEFINEFUNC4(void, DH_get0_pqg, const DH *dh, dh, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, DUMMYARG) |
180 |
DEFINEFUNC(int, DH_bits, DH *dh, dh, return 0, return) |
181 |
|
182 |
#else // QT_CONFIG(opensslv11) |
183 |
|
184 |
// Functions below are either deprecated or removed in OpenSSL >= 1.1: |
185 |
|
186 |
DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return) |
187 |
|
139 |
#ifdef SSLEAY_MACROS |
188 |
#ifdef SSLEAY_MACROS |
140 |
DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return 0, return) |
189 |
DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return 0, return) |
141 |
#endif |
190 |
#endif |
|
|
191 |
DEFINEFUNC2(BIO *, BIO_new_file, const char *filename, filename, const char *mode, mode, return 0, return) |
192 |
DEFINEFUNC(void, ERR_clear_error, DUMMYARG, DUMMYARG, return, DUMMYARG) |
193 |
DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) |
194 |
DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) |
195 |
DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) |
196 |
DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) |
197 |
DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) |
198 |
DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) |
199 |
DEFINEFUNC(unsigned long, ERR_peek_last_error, DUMMYARG, DUMMYARG, return 0, return) |
200 |
DEFINEFUNC(void, ERR_free_strings, void, DUMMYARG, return, DUMMYARG) |
201 |
DEFINEFUNC(void, EVP_CIPHER_CTX_cleanup, EVP_CIPHER_CTX *a, a, return, DUMMYARG) |
202 |
DEFINEFUNC(void, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX *a, a, return, DUMMYARG) |
203 |
|
204 |
#ifdef SSLEAY_MACROS |
205 |
DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) |
206 |
DEFINEFUNC6(void *, PEM_ASN1_write_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) |
207 |
#endif // SSLEAY_MACROS |
208 |
|
209 |
DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) |
210 |
DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) |
211 |
|
212 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
213 |
DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) |
214 |
DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) |
215 |
DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) |
216 |
DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return 0, return) |
217 |
#else |
218 |
DEFINEFUNC(STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) |
219 |
DEFINEFUNC2(void, sk_push, STACK *a, a, char *b, b, return, DUMMYARG) |
220 |
DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG) |
221 |
DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return) |
222 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L |
223 |
|
224 |
DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return) |
225 |
DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG) |
226 |
|
227 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
228 |
DEFINEFUNC5(int, SSL_get_ex_new_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) |
229 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L |
230 |
|
231 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
232 |
#ifndef OPENSSL_NO_SSL2 |
233 |
DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) |
234 |
#endif |
235 |
#ifndef OPENSSL_NO_SSL3_METHOD |
236 |
DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) |
237 |
#endif |
238 |
DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) |
239 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) |
240 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
241 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) |
242 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) |
243 |
#endif |
244 |
#ifndef OPENSSL_NO_SSL2 |
245 |
DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) |
246 |
#endif |
247 |
#ifndef OPENSSL_NO_SSL3_METHOD |
248 |
DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) |
249 |
#endif |
250 |
DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) |
251 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) |
252 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
253 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return) |
254 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) |
255 |
#endif |
256 |
#else |
257 |
#ifndef OPENSSL_NO_SSL2 |
258 |
DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) |
259 |
#endif |
260 |
#ifndef OPENSSL_NO_SSL3_METHOD |
261 |
DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) |
262 |
#endif |
263 |
DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) |
264 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) |
265 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
266 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return) |
267 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) |
268 |
#endif |
269 |
//#else |
270 |
#ifndef OPENSSL_NO_SSL2 |
271 |
DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) |
272 |
#endif |
273 |
#ifndef OPENSSL_NO_SSL3_METHOD |
274 |
DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) |
275 |
#endif |
276 |
DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) |
277 |
DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) |
278 |
#ifndef OPENSSL_NO_SSL2 |
279 |
DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) |
280 |
#endif |
281 |
#ifndef OPENSSL_NO_SSL3_METHOD |
282 |
DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) |
283 |
#endif |
284 |
DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) |
285 |
DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) |
286 |
#endif |
287 |
|
288 |
DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) |
289 |
|
290 |
#ifdef SSLEAY_MACROS |
291 |
DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) |
292 |
DEFINEFUNC2(int, i2d_RSAPrivateKey, const RSA *a, a, unsigned char **b, b, return -1, return) |
293 |
#ifndef OPENSSL_NO_EC |
294 |
DEFINEFUNC2(int, i2d_ECPrivateKey, const EC_KEY *a, a, unsigned char **b, b, return -1, return) |
295 |
#endif |
296 |
DEFINEFUNC3(RSA *, d2i_RSAPrivateKey, RSA **a, a, unsigned char **b, b, long c, c, return 0, return) |
297 |
DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, c, return 0, return) |
298 |
#ifndef OPENSSL_NO_EC |
299 |
DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, EC_KEY **a, a, unsigned char **b, b, long c, c, return 0, return) |
300 |
#endif |
301 |
#endif |
302 |
DEFINEFUNC(char *, CONF_get1_default_config_file, DUMMYARG, DUMMYARG, return 0, return) |
303 |
DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) |
304 |
DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) |
305 |
DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) |
306 |
DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return) |
307 |
|
308 |
#endif // QT_CONFIG(opensslv11) |
309 |
|
142 |
DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return) |
310 |
DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return) |
143 |
DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return) |
|
|
144 |
DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return) |
311 |
DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return) |
145 |
DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return); |
312 |
DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return) |
146 |
DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return) |
313 |
DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return) |
147 |
DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return) |
314 |
DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return) |
148 |
DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) |
|
|
149 |
DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return) |
315 |
DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return) |
150 |
DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return) |
316 |
DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return) |
151 |
DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) |
|
|
152 |
DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) |
317 |
DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) |
153 |
DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) |
318 |
DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) |
154 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
|
155 |
DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) |
156 |
#endif |
157 |
DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return static_cast<BN_ULONG>(-1), return) |
319 |
DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return static_cast<BN_ULONG>(-1), return) |
158 |
#ifndef OPENSSL_NO_EC |
320 |
#ifndef OPENSSL_NO_EC |
159 |
DEFINEFUNC(const EC_GROUP*, EC_KEY_get0_group, const EC_KEY* k, k, return 0, return) |
321 |
DEFINEFUNC(const EC_GROUP*, EC_KEY_get0_group, const EC_KEY* k, k, return 0, return) |
160 |
DEFINEFUNC(int, EC_GROUP_get_degree, const EC_GROUP* g, g, return 0, return) |
322 |
DEFINEFUNC(int, EC_GROUP_get_degree, const EC_GROUP* g, g, return 0, return) |
161 |
#endif |
323 |
#endif |
162 |
DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) |
|
|
163 |
DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) |
164 |
DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) |
165 |
DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) |
166 |
DEFINEFUNC(DSA *, DSA_new, DUMMYARG, DUMMYARG, return 0, return) |
324 |
DEFINEFUNC(DSA *, DSA_new, DUMMYARG, DUMMYARG, return 0, return) |
167 |
DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG) |
325 |
DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG) |
168 |
DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, const unsigned char **b, b, long c, c, return 0, return) |
326 |
DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, const unsigned char **b, b, long c, c, return 0, return) |
169 |
DEFINEFUNC2(char *, ERR_error_string, unsigned long a, a, char *b, b, return 0, return) |
327 |
DEFINEFUNC2(char *, ERR_error_string, unsigned long a, a, char *b, b, return 0, return) |
170 |
DEFINEFUNC(unsigned long, ERR_get_error, DUMMYARG, DUMMYARG, return 0, return) |
328 |
DEFINEFUNC(unsigned long, ERR_get_error, DUMMYARG, DUMMYARG, return 0, return) |
171 |
DEFINEFUNC(void, ERR_free_strings, void, DUMMYARG, return, DUMMYARG) |
329 |
DEFINEFUNC(EVP_CIPHER_CTX *, EVP_CIPHER_CTX_new, void, DUMMYARG, return 0, return) |
172 |
DEFINEFUNC(void, EVP_CIPHER_CTX_cleanup, EVP_CIPHER_CTX *a, a, return, DUMMYARG) |
330 |
DEFINEFUNC(void, EVP_CIPHER_CTX_free, EVP_CIPHER_CTX *a, a, return, DUMMYARG) |
173 |
DEFINEFUNC(void, EVP_CIPHER_CTX_init, EVP_CIPHER_CTX *a, a, return, DUMMYARG) |
331 |
DEFINEFUNC4(int, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX *ctx, ctx, int type, type, int arg, arg, void *ptr, ptr, return 0, return) |
174 |
DEFINEFUNC4(int, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX *ctx, ctx, int type, type, int arg, arg, void *ptr, ptr, return 0, return); |
|
|
175 |
DEFINEFUNC2(int, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX *ctx, ctx, int keylen, keylen, return 0, return) |
332 |
DEFINEFUNC2(int, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX *ctx, ctx, int keylen, keylen, return 0, return) |
176 |
DEFINEFUNC5(int, EVP_CipherInit, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *type, type, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return); |
333 |
DEFINEFUNC5(int, EVP_CipherInit, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *type, type, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return); |
|
|
334 |
DEFINEFUNC6(int, EVP_CipherInit_ex, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *cipher, cipher, ENGINE *impl, impl, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return) |
177 |
DEFINEFUNC5(int, EVP_CipherUpdate, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, const unsigned char *in, in, int inl, inl, return 0, return); |
335 |
DEFINEFUNC5(int, EVP_CipherUpdate, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, const unsigned char *in, in, int inl, inl, return 0, return); |
178 |
DEFINEFUNC3(int, EVP_CipherFinal, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, return 0, return); |
336 |
DEFINEFUNC3(int, EVP_CipherFinal, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, return 0, return); |
179 |
DEFINEFUNC(const EVP_CIPHER *, EVP_des_cbc, DUMMYARG, DUMMYARG, return 0, return) |
337 |
DEFINEFUNC(const EVP_CIPHER *, EVP_des_cbc, DUMMYARG, DUMMYARG, return 0, return) |
180 |
DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return 0, return) |
338 |
DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return 0, return) |
181 |
DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return 0, return) |
339 |
DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return 0, return) |
|
|
340 |
DEFINEFUNC(const EVP_MD *, EVP_sha1, DUMMYARG, DUMMYARG, return 0, return) |
182 |
DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return) |
341 |
DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return) |
183 |
DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return) |
342 |
DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return) |
184 |
DEFINEFUNC2(int, EVP_PKEY_set1_DSA, EVP_PKEY *a, a, DSA *b, b, return -1, return) |
343 |
DEFINEFUNC2(int, EVP_PKEY_set1_DSA, EVP_PKEY *a, a, DSA *b, b, return -1, return) |
Lines 202-211
DEFINEFUNC3(int, i2t_ASN1_OBJECT, char *
Link Here
|
202 |
DEFINEFUNC4(int, OBJ_obj2txt, char *a, a, int b, b, ASN1_OBJECT *c, c, int d, d, return -1, return) |
361 |
DEFINEFUNC4(int, OBJ_obj2txt, char *a, a, int b, b, ASN1_OBJECT *c, c, int d, d, return -1, return) |
203 |
|
362 |
|
204 |
DEFINEFUNC(int, OBJ_obj2nid, const ASN1_OBJECT *a, a, return NID_undef, return) |
363 |
DEFINEFUNC(int, OBJ_obj2nid, const ASN1_OBJECT *a, a, return NID_undef, return) |
205 |
#ifdef SSLEAY_MACROS |
364 |
|
206 |
DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) |
365 |
#ifndef SSLEAY_MACROS |
207 |
DEFINEFUNC6(void *, PEM_ASN1_write_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return) |
|
|
208 |
#else |
209 |
DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PrivateKey, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
366 |
DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PrivateKey, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
210 |
DEFINEFUNC4(DSA *, PEM_read_bio_DSAPrivateKey, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
367 |
DEFINEFUNC4(DSA *, PEM_read_bio_DSAPrivateKey, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
211 |
DEFINEFUNC4(RSA *, PEM_read_bio_RSAPrivateKey, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
368 |
DEFINEFUNC4(RSA *, PEM_read_bio_RSAPrivateKey, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
Lines 218-224
DEFINEFUNC7(int, PEM_write_bio_RSAPrivat
Link Here
|
218 |
#ifndef OPENSSL_NO_EC |
375 |
#ifndef OPENSSL_NO_EC |
219 |
DEFINEFUNC7(int, PEM_write_bio_ECPrivateKey, BIO *a, a, EC_KEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return) |
376 |
DEFINEFUNC7(int, PEM_write_bio_ECPrivateKey, BIO *a, a, EC_KEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return) |
220 |
#endif |
377 |
#endif |
221 |
#endif |
378 |
#endif // !SSLEAY_MACROS |
222 |
DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PUBKEY, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
379 |
DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PUBKEY, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
223 |
DEFINEFUNC4(DSA *, PEM_read_bio_DSA_PUBKEY, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
380 |
DEFINEFUNC4(DSA *, PEM_read_bio_DSA_PUBKEY, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
224 |
DEFINEFUNC4(RSA *, PEM_read_bio_RSA_PUBKEY, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
381 |
DEFINEFUNC4(RSA *, PEM_read_bio_RSA_PUBKEY, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return) |
Lines 234-256
DEFINEFUNC2(void, RAND_seed, const void
Link Here
|
234 |
DEFINEFUNC(int, RAND_status, void, DUMMYARG, return -1, return) |
391 |
DEFINEFUNC(int, RAND_status, void, DUMMYARG, return -1, return) |
235 |
DEFINEFUNC(RSA *, RSA_new, DUMMYARG, DUMMYARG, return 0, return) |
392 |
DEFINEFUNC(RSA *, RSA_new, DUMMYARG, DUMMYARG, return 0, return) |
236 |
DEFINEFUNC(void, RSA_free, RSA *a, a, return, DUMMYARG) |
393 |
DEFINEFUNC(void, RSA_free, RSA *a, a, return, DUMMYARG) |
237 |
DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) |
|
|
238 |
DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) |
239 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
240 |
DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) |
241 |
DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) |
242 |
DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) |
243 |
DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return 0, return) |
244 |
#else |
245 |
DEFINEFUNC(STACK *, sk_new_null, DUMMYARG, DUMMYARG, return 0, return) |
246 |
DEFINEFUNC2(void, sk_push, STACK *a, a, char *b, b, return, DUMMYARG) |
247 |
DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG) |
248 |
DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return) |
249 |
#endif |
250 |
DEFINEFUNC(int, SSL_accept, SSL *a, a, return -1, return) |
394 |
DEFINEFUNC(int, SSL_accept, SSL *a, a, return -1, return) |
251 |
DEFINEFUNC(int, SSL_clear, SSL *a, a, return -1, return) |
395 |
DEFINEFUNC(int, SSL_clear, SSL *a, a, return -1, return) |
252 |
DEFINEFUNC3(char *, SSL_CIPHER_description, SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return) |
396 |
DEFINEFUNC3(char *, SSL_CIPHER_description, const SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return) |
253 |
DEFINEFUNC2(int, SSL_CIPHER_get_bits, SSL_CIPHER *a, a, int *b, b, return 0, return) |
397 |
DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *a, a, int *b, b, return 0, return) |
254 |
DEFINEFUNC(int, SSL_connect, SSL *a, a, return -1, return) |
398 |
DEFINEFUNC(int, SSL_connect, SSL *a, a, return -1, return) |
255 |
DEFINEFUNC(int, SSL_CTX_check_private_key, const SSL_CTX *a, a, return -1, return) |
399 |
DEFINEFUNC(int, SSL_CTX_check_private_key, const SSL_CTX *a, a, return -1, return) |
256 |
DEFINEFUNC4(long, SSL_CTX_ctrl, SSL_CTX *a, a, int b, b, long c, c, void *d, d, return -1, return) |
400 |
DEFINEFUNC4(long, SSL_CTX_ctrl, SSL_CTX *a, a, int b, b, long c, c, void *d, d, return -1, return) |
Lines 287-294
DEFINEFUNC(long, SSL_get_verify_result,
Link Here
|
287 |
#else |
431 |
#else |
288 |
DEFINEFUNC(long, SSL_get_verify_result, SSL *a, a, return -1, return) |
432 |
DEFINEFUNC(long, SSL_get_verify_result, SSL *a, a, return -1, return) |
289 |
#endif |
433 |
#endif |
290 |
DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return) |
|
|
291 |
DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG) |
292 |
DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return 0, return) |
434 |
DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return 0, return) |
293 |
DEFINEFUNC4(long, SSL_ctrl, SSL *a, a, int cmd, cmd, long larg, larg, void *parg, parg, return -1, return) |
435 |
DEFINEFUNC4(long, SSL_ctrl, SSL *a, a, int cmd, cmd, long larg, larg, void *parg, parg, return -1, return) |
294 |
DEFINEFUNC3(int, SSL_read, SSL *a, a, void *b, b, int c, c, return -1, return) |
436 |
DEFINEFUNC3(int, SSL_read, SSL *a, a, void *b, b, int c, c, return -1, return) |
Lines 301-307
DEFINEFUNC(void, SSL_SESSION_free, SSL_S
Link Here
|
301 |
DEFINEFUNC(SSL_SESSION*, SSL_get1_session, SSL *ssl, ssl, return 0, return) |
443 |
DEFINEFUNC(SSL_SESSION*, SSL_get1_session, SSL *ssl, ssl, return 0, return) |
302 |
DEFINEFUNC(SSL_SESSION*, SSL_get_session, const SSL *ssl, ssl, return 0, return) |
444 |
DEFINEFUNC(SSL_SESSION*, SSL_get_session, const SSL *ssl, ssl, return 0, return) |
303 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
445 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
304 |
DEFINEFUNC5(int, SSL_get_ex_new_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) |
|
|
305 |
DEFINEFUNC3(int, SSL_set_ex_data, SSL *ssl, ssl, int idx, idx, void *arg, arg, return 0, return) |
446 |
DEFINEFUNC3(int, SSL_set_ex_data, SSL *ssl, ssl, int idx, idx, void *arg, arg, return 0, return) |
306 |
DEFINEFUNC2(void *, SSL_get_ex_data, const SSL *ssl, ssl, int idx, idx, return NULL, return) |
447 |
DEFINEFUNC2(void *, SSL_get_ex_data, const SSL *ssl, ssl, int idx, idx, return NULL, return) |
307 |
#endif |
448 |
#endif |
Lines 310-360
DEFINEFUNC2(void, SSL_set_psk_client_cal
Link Here
|
310 |
DEFINEFUNC2(void, SSL_set_psk_server_callback, SSL* ssl, ssl, q_psk_server_callback_t callback, callback, return, DUMMYARG) |
451 |
DEFINEFUNC2(void, SSL_set_psk_server_callback, SSL* ssl, ssl, q_psk_server_callback_t callback, callback, return, DUMMYARG) |
311 |
DEFINEFUNC2(int, SSL_CTX_use_psk_identity_hint, SSL_CTX* ctx, ctx, const char *hint, hint, return 0, return) |
452 |
DEFINEFUNC2(int, SSL_CTX_use_psk_identity_hint, SSL_CTX* ctx, ctx, const char *hint, hint, return 0, return) |
312 |
#endif |
453 |
#endif |
313 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
|
|
314 |
#ifndef OPENSSL_NO_SSL2 |
315 |
DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) |
316 |
#endif |
317 |
#ifndef OPENSSL_NO_SSL3_METHOD |
318 |
DEFINEFUNC(const SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) |
319 |
#endif |
320 |
DEFINEFUNC(const SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) |
321 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) |
322 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
323 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) |
324 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) |
325 |
#endif |
326 |
#ifndef OPENSSL_NO_SSL2 |
327 |
DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) |
328 |
#endif |
329 |
#ifndef OPENSSL_NO_SSL3_METHOD |
330 |
DEFINEFUNC(const SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) |
331 |
#endif |
332 |
DEFINEFUNC(const SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) |
333 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) |
334 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
335 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_1_server_method, DUMMYARG, DUMMYARG, return 0, return) |
336 |
DEFINEFUNC(const SSL_METHOD *, TLSv1_2_server_method, DUMMYARG, DUMMYARG, return 0, return) |
337 |
#endif |
338 |
#else |
339 |
#ifndef OPENSSL_NO_SSL2 |
340 |
DEFINEFUNC(SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) |
341 |
#endif |
342 |
#ifndef OPENSSL_NO_SSL3_METHOD |
343 |
DEFINEFUNC(SSL_METHOD *, SSLv3_client_method, DUMMYARG, DUMMYARG, return 0, return) |
344 |
#endif |
345 |
DEFINEFUNC(SSL_METHOD *, SSLv23_client_method, DUMMYARG, DUMMYARG, return 0, return) |
346 |
DEFINEFUNC(SSL_METHOD *, TLSv1_client_method, DUMMYARG, DUMMYARG, return 0, return) |
347 |
#ifndef OPENSSL_NO_SSL2 |
348 |
DEFINEFUNC(SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) |
349 |
#endif |
350 |
#ifndef OPENSSL_NO_SSL3_METHOD |
351 |
DEFINEFUNC(SSL_METHOD *, SSLv3_server_method, DUMMYARG, DUMMYARG, return 0, return) |
352 |
#endif |
353 |
DEFINEFUNC(SSL_METHOD *, SSLv23_server_method, DUMMYARG, DUMMYARG, return 0, return) |
354 |
DEFINEFUNC(SSL_METHOD *, TLSv1_server_method, DUMMYARG, DUMMYARG, return 0, return) |
355 |
#endif |
356 |
DEFINEFUNC3(int, SSL_write, SSL *a, a, const void *b, b, int c, c, return -1, return) |
454 |
DEFINEFUNC3(int, SSL_write, SSL *a, a, const void *b, b, int c, c, return -1, return) |
357 |
DEFINEFUNC2(int, X509_cmp, X509 *a, a, X509 *b, b, return -1, return) |
455 |
DEFINEFUNC2(int, X509_cmp, X509 *a, a, X509 *b, b, return -1, return) |
|
|
456 |
DEFINEFUNC4(int, X509_digest, const X509 *x509, x509, const EVP_MD *type, type, unsigned char *md, md, unsigned int *len, len, return -1, return) |
358 |
#ifndef SSLEAY_MACROS |
457 |
#ifndef SSLEAY_MACROS |
359 |
DEFINEFUNC(X509 *, X509_dup, X509 *a, a, return 0, return) |
458 |
DEFINEFUNC(X509 *, X509_dup, X509 *a, a, return 0, return) |
360 |
#endif |
459 |
#endif |
Lines 378-383
DEFINEFUNC2(int, ASN1_STRING_print, BIO
Link Here
|
378 |
DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return) |
477 |
DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return) |
379 |
DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return) |
478 |
DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return 0, return) |
380 |
DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return) |
479 |
DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return 0, return) |
|
|
480 |
DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *a, a, return 0, return) |
381 |
DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return) |
481 |
DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return) |
382 |
DEFINEFUNC(int, X509_NAME_entry_count, X509_NAME *a, a, return 0, return) |
482 |
DEFINEFUNC(int, X509_NAME_entry_count, X509_NAME *a, a, return 0, return) |
383 |
DEFINEFUNC2(X509_NAME_ENTRY *, X509_NAME_get_entry, X509_NAME *a, a, int b, b, return 0, return) |
483 |
DEFINEFUNC2(X509_NAME_ENTRY *, X509_NAME_get_entry, X509_NAME *a, a, int b, b, return 0, return) |
Lines 393-417
DEFINEFUNC2(int, X509_STORE_CTX_set_purp
Link Here
|
393 |
DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return) |
493 |
DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return) |
394 |
DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return) |
494 |
DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return) |
395 |
DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return) |
495 |
DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return 0, return) |
396 |
DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get_chain, X509_STORE_CTX *a, a, return 0, return) |
|
|
397 |
DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return) |
496 |
DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return 0, return) |
398 |
#ifdef SSLEAY_MACROS |
|
|
399 |
DEFINEFUNC2(int, i2d_DSAPrivateKey, const DSA *a, a, unsigned char **b, b, return -1, return) |
400 |
DEFINEFUNC2(int, i2d_RSAPrivateKey, const RSA *a, a, unsigned char **b, b, return -1, return) |
401 |
#ifndef OPENSSL_NO_EC |
402 |
DEFINEFUNC2(int, i2d_ECPrivateKey, const EC_KEY *a, a, unsigned char **b, b, return -1, return) |
403 |
#endif |
404 |
DEFINEFUNC3(RSA *, d2i_RSAPrivateKey, RSA **a, a, unsigned char **b, b, long c, c, return 0, return) |
405 |
DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsigned char **b, b, long c, c, return 0, return) |
406 |
#ifndef OPENSSL_NO_EC |
407 |
DEFINEFUNC3(EC_KEY *, d2i_ECPrivateKey, EC_KEY **a, a, unsigned char **b, b, long c, c, return 0, return) |
408 |
#endif |
409 |
#endif |
410 |
DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG) |
411 |
DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) |
412 |
DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) |
497 |
DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) |
413 |
DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) |
|
|
414 |
DEFINEFUNC(const char *, SSLeay_version, int a, a, return 0, return) |
415 |
DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return) |
498 |
DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return) |
416 |
DEFINEFUNC3(SSL_SESSION *, d2i_SSL_SESSION, SSL_SESSION **a, a, const unsigned char **pp, pp, long length, length, return 0, return) |
499 |
DEFINEFUNC3(SSL_SESSION *, d2i_SSL_SESSION, SSL_SESSION **a, a, const unsigned char **pp, pp, long length, length, return 0, return) |
417 |
#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) |
500 |
#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) |
Lines 694-701
static QPair<QLibrary*, QLibrary*> loadO
Link Here
|
694 |
#ifndef Q_OS_DARWIN |
777 |
#ifndef Q_OS_DARWIN |
695 |
// second attempt: find the development files libssl.so and libcrypto.so |
778 |
// second attempt: find the development files libssl.so and libcrypto.so |
696 |
// |
779 |
// |
697 |
// disabled on OS X/iOS: |
780 |
// disabled on macOS/iOS: |
698 |
// OS X's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third |
781 |
// macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third |
699 |
// attempt, _after_ <bundle>/Contents/Frameworks has been searched. |
782 |
// attempt, _after_ <bundle>/Contents/Frameworks has been searched. |
700 |
// iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. |
783 |
// iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. |
701 |
libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); |
784 |
libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); |
Lines 754-761
bool q_resolveOpenSslSymbols()
Link Here
|
754 |
static bool symbolsResolved = false; |
837 |
static bool symbolsResolved = false; |
755 |
static bool triedToResolveSymbols = false; |
838 |
static bool triedToResolveSymbols = false; |
756 |
#ifndef QT_NO_THREAD |
839 |
#ifndef QT_NO_THREAD |
|
|
840 |
#if QT_CONFIG(opensslv11) |
841 |
QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_OPENSSL_init_ssl)); |
842 |
#else |
757 |
QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_SSL_library_init)); |
843 |
QMutexLocker locker(QMutexPool::globalInstanceGet((void *)&q_SSL_library_init)); |
758 |
#endif |
844 |
#endif |
|
|
845 |
#endif |
759 |
if (symbolsResolved) |
846 |
if (symbolsResolved) |
760 |
return true; |
847 |
return true; |
761 |
if (triedToResolveSymbols) |
848 |
if (triedToResolveSymbols) |
Lines 770-781
bool q_resolveOpenSslSymbols()
Link Here
|
770 |
if (!libs.first || !libs.second) |
857 |
if (!libs.first || !libs.second) |
771 |
// failed to load them |
858 |
// failed to load them |
772 |
return false; |
859 |
return false; |
|
|
860 |
#if QT_CONFIG(opensslv11) |
861 |
|
862 |
RESOLVEFUNC(OPENSSL_init_ssl) |
863 |
RESOLVEFUNC(OPENSSL_init_crypto) |
864 |
RESOLVEFUNC(ASN1_STRING_get0_data) |
865 |
RESOLVEFUNC(EVP_CIPHER_CTX_reset) |
866 |
RESOLVEFUNC(EVP_PKEY_base_id) |
867 |
RESOLVEFUNC(RSA_bits) |
868 |
RESOLVEFUNC(OPENSSL_sk_new_null) |
869 |
RESOLVEFUNC(OPENSSL_sk_push) |
870 |
RESOLVEFUNC(OPENSSL_sk_free) |
871 |
RESOLVEFUNC(OPENSSL_sk_num) |
872 |
RESOLVEFUNC(OPENSSL_sk_pop_free) |
873 |
RESOLVEFUNC(OPENSSL_sk_value) |
874 |
RESOLVEFUNC(DH_get0_pqg) |
875 |
RESOLVEFUNC(SSL_CTX_set_options) |
876 |
RESOLVEFUNC(SSL_get_client_random) |
877 |
RESOLVEFUNC(SSL_SESSION_get_master_key) |
878 |
RESOLVEFUNC(SSL_session_reused) |
879 |
RESOLVEFUNC(SSL_get_session) |
880 |
RESOLVEFUNC(CRYPTO_get_ex_new_index) |
881 |
RESOLVEFUNC(TLS_method) |
882 |
RESOLVEFUNC(TLS_client_method) |
883 |
RESOLVEFUNC(TLS_server_method) |
884 |
RESOLVEFUNC(X509_STORE_CTX_get0_chain) |
885 |
RESOLVEFUNC(X509_getm_notBefore) |
886 |
RESOLVEFUNC(X509_getm_notAfter) |
887 |
RESOLVEFUNC(X509_get_version) |
888 |
RESOLVEFUNC(X509_get_pubkey) |
889 |
RESOLVEFUNC(X509_STORE_set_verify_cb) |
890 |
RESOLVEFUNC(CRYPTO_free) |
891 |
RESOLVEFUNC(OpenSSL_version_num) |
892 |
RESOLVEFUNC(OpenSSL_version) |
893 |
if (!_q_OpenSSL_version) { |
894 |
// Apparently, we were built with OpenSSL 1.1 enabled but are now using |
895 |
// a wrong library. |
896 |
delete libs.first; |
897 |
delete libs.second; |
898 |
qCWarning(lcSsl, "Incompatible version of OpenSSL"); |
899 |
return false; |
900 |
} |
901 |
|
902 |
RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint) |
903 |
RESOLVEFUNC(DH_bits) |
904 |
RESOLVEFUNC(DSA_bits) |
905 |
|
906 |
#else // !opensslv11 |
907 |
|
908 |
RESOLVEFUNC(ASN1_STRING_data) |
773 |
|
909 |
|
774 |
#ifdef SSLEAY_MACROS |
910 |
#ifdef SSLEAY_MACROS |
775 |
RESOLVEFUNC(ASN1_dup) |
911 |
RESOLVEFUNC(ASN1_dup) |
|
|
912 |
#endif // SSLEAY_MACROS |
913 |
RESOLVEFUNC(BIO_new_file) |
914 |
RESOLVEFUNC(ERR_clear_error) |
915 |
RESOLVEFUNC(CRYPTO_free) |
916 |
RESOLVEFUNC(CRYPTO_num_locks) |
917 |
RESOLVEFUNC(CRYPTO_set_id_callback) |
918 |
RESOLVEFUNC(CRYPTO_set_locking_callback) |
919 |
RESOLVEFUNC(ERR_peek_last_error) |
920 |
RESOLVEFUNC(ERR_free_strings) |
921 |
RESOLVEFUNC(EVP_CIPHER_CTX_cleanup) |
922 |
RESOLVEFUNC(EVP_CIPHER_CTX_init) |
923 |
|
924 |
#ifdef SSLEAY_MACROS // ### verify |
925 |
RESOLVEFUNC(PEM_ASN1_read_bio) |
926 |
#endif // SSLEAY_MACROS |
927 |
|
928 |
RESOLVEFUNC(sk_new_null) |
929 |
RESOLVEFUNC(sk_push) |
930 |
RESOLVEFUNC(sk_free) |
931 |
RESOLVEFUNC(sk_num) |
932 |
RESOLVEFUNC(sk_pop_free) |
933 |
RESOLVEFUNC(sk_value) |
934 |
RESOLVEFUNC(SSL_library_init) |
935 |
RESOLVEFUNC(SSL_load_error_strings) |
936 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
937 |
RESOLVEFUNC(SSL_get_ex_new_index) |
938 |
#endif |
939 |
#ifndef OPENSSL_NO_SSL2 |
940 |
RESOLVEFUNC(SSLv2_client_method) |
941 |
#endif |
942 |
#ifndef OPENSSL_NO_SSL3_METHOD |
943 |
RESOLVEFUNC(SSLv3_client_method) |
944 |
#endif |
945 |
RESOLVEFUNC(SSLv23_client_method) |
946 |
RESOLVEFUNC(TLSv1_client_method) |
947 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
948 |
RESOLVEFUNC(TLSv1_1_client_method) |
949 |
RESOLVEFUNC(TLSv1_2_client_method) |
950 |
#endif |
951 |
#ifndef OPENSSL_NO_SSL2 |
952 |
RESOLVEFUNC(SSLv2_server_method) |
776 |
#endif |
953 |
#endif |
|
|
954 |
#ifndef OPENSSL_NO_SSL3_METHOD |
955 |
RESOLVEFUNC(SSLv3_server_method) |
956 |
#endif |
957 |
RESOLVEFUNC(SSLv23_server_method) |
958 |
RESOLVEFUNC(TLSv1_server_method) |
959 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
960 |
RESOLVEFUNC(TLSv1_1_server_method) |
961 |
RESOLVEFUNC(TLSv1_2_server_method) |
962 |
#endif |
963 |
RESOLVEFUNC(X509_STORE_CTX_get_chain) |
964 |
#ifdef SSLEAY_MACROS |
965 |
RESOLVEFUNC(i2d_DSAPrivateKey) |
966 |
RESOLVEFUNC(i2d_RSAPrivateKey) |
967 |
RESOLVEFUNC(d2i_DSAPrivateKey) |
968 |
RESOLVEFUNC(d2i_RSAPrivateKey) |
969 |
#endif |
970 |
RESOLVEFUNC(CONF_get1_default_config_file) |
971 |
RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) |
972 |
RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) |
973 |
RESOLVEFUNC(SSLeay) |
974 |
|
975 |
if (!_q_SSLeay || q_SSLeay() >= 0x10100000L) { |
976 |
// OpenSSL 1.1 has deprecated and removed SSLeay. We consider a failure to |
977 |
// resolve this symbol as a failure to resolve symbols. |
978 |
// The right operand of '||' above is ... a bit of paranoia. |
979 |
delete libs.first; |
980 |
delete libs.second; |
981 |
qCWarning(lcSsl, "Incompatible version of OpenSSL"); |
982 |
return false; |
983 |
} |
984 |
|
985 |
|
986 |
RESOLVEFUNC(SSLeay_version) |
987 |
|
988 |
#ifndef OPENSSL_NO_EC |
989 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
990 |
if (q_SSLeay() >= 0x10002000L) |
991 |
RESOLVEFUNC(EC_curve_nist2nid) |
992 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L |
993 |
#endif // OPENSSL_NO_EC |
994 |
|
995 |
|
996 |
#endif // !opensslv11 |
997 |
|
777 |
RESOLVEFUNC(ASN1_INTEGER_get) |
998 |
RESOLVEFUNC(ASN1_INTEGER_get) |
778 |
RESOLVEFUNC(ASN1_STRING_data) |
|
|
779 |
RESOLVEFUNC(ASN1_STRING_length) |
999 |
RESOLVEFUNC(ASN1_STRING_length) |
780 |
RESOLVEFUNC(ASN1_STRING_to_UTF8) |
1000 |
RESOLVEFUNC(ASN1_STRING_to_UTF8) |
781 |
RESOLVEFUNC(BIO_ctrl) |
1001 |
RESOLVEFUNC(BIO_ctrl) |
Lines 794-818
bool q_resolveOpenSslSymbols()
Link Here
|
794 |
RESOLVEFUNC(BN_is_word) |
1014 |
RESOLVEFUNC(BN_is_word) |
795 |
#endif |
1015 |
#endif |
796 |
RESOLVEFUNC(BN_mod_word) |
1016 |
RESOLVEFUNC(BN_mod_word) |
797 |
RESOLVEFUNC(CRYPTO_free) |
|
|
798 |
RESOLVEFUNC(CRYPTO_num_locks) |
799 |
RESOLVEFUNC(CRYPTO_set_id_callback) |
800 |
RESOLVEFUNC(CRYPTO_set_locking_callback) |
801 |
RESOLVEFUNC(DSA_new) |
1017 |
RESOLVEFUNC(DSA_new) |
802 |
RESOLVEFUNC(DSA_free) |
1018 |
RESOLVEFUNC(DSA_free) |
803 |
RESOLVEFUNC(ERR_error_string) |
1019 |
RESOLVEFUNC(ERR_error_string) |
804 |
RESOLVEFUNC(ERR_get_error) |
1020 |
RESOLVEFUNC(ERR_get_error) |
805 |
RESOLVEFUNC(ERR_free_strings) |
1021 |
RESOLVEFUNC(EVP_CIPHER_CTX_new) |
806 |
RESOLVEFUNC(EVP_CIPHER_CTX_cleanup) |
1022 |
RESOLVEFUNC(EVP_CIPHER_CTX_free) |
807 |
RESOLVEFUNC(EVP_CIPHER_CTX_init) |
|
|
808 |
RESOLVEFUNC(EVP_CIPHER_CTX_ctrl) |
1023 |
RESOLVEFUNC(EVP_CIPHER_CTX_ctrl) |
809 |
RESOLVEFUNC(EVP_CIPHER_CTX_set_key_length) |
1024 |
RESOLVEFUNC(EVP_CIPHER_CTX_set_key_length) |
810 |
RESOLVEFUNC(EVP_CipherInit) |
1025 |
RESOLVEFUNC(EVP_CipherInit) |
|
|
1026 |
RESOLVEFUNC(EVP_CipherInit_ex) |
811 |
RESOLVEFUNC(EVP_CipherUpdate) |
1027 |
RESOLVEFUNC(EVP_CipherUpdate) |
812 |
RESOLVEFUNC(EVP_CipherFinal) |
1028 |
RESOLVEFUNC(EVP_CipherFinal) |
813 |
RESOLVEFUNC(EVP_des_cbc) |
1029 |
RESOLVEFUNC(EVP_des_cbc) |
814 |
RESOLVEFUNC(EVP_des_ede3_cbc) |
1030 |
RESOLVEFUNC(EVP_des_ede3_cbc) |
815 |
RESOLVEFUNC(EVP_rc2_cbc) |
1031 |
RESOLVEFUNC(EVP_rc2_cbc) |
|
|
1032 |
RESOLVEFUNC(EVP_sha1) |
816 |
RESOLVEFUNC(EVP_PKEY_assign) |
1033 |
RESOLVEFUNC(EVP_PKEY_assign) |
817 |
RESOLVEFUNC(EVP_PKEY_set1_RSA) |
1034 |
RESOLVEFUNC(EVP_PKEY_set1_RSA) |
818 |
RESOLVEFUNC(EVP_PKEY_set1_DSA) |
1035 |
RESOLVEFUNC(EVP_PKEY_set1_DSA) |
Lines 834-842
bool q_resolveOpenSslSymbols()
Link Here
|
834 |
RESOLVEFUNC(i2t_ASN1_OBJECT) |
1051 |
RESOLVEFUNC(i2t_ASN1_OBJECT) |
835 |
RESOLVEFUNC(OBJ_obj2txt) |
1052 |
RESOLVEFUNC(OBJ_obj2txt) |
836 |
RESOLVEFUNC(OBJ_obj2nid) |
1053 |
RESOLVEFUNC(OBJ_obj2nid) |
837 |
#ifdef SSLEAY_MACROS // ### verify |
1054 |
|
838 |
RESOLVEFUNC(PEM_ASN1_read_bio) |
1055 |
#ifndef SSLEAY_MACROS |
839 |
#else |
|
|
840 |
RESOLVEFUNC(PEM_read_bio_PrivateKey) |
1056 |
RESOLVEFUNC(PEM_read_bio_PrivateKey) |
841 |
RESOLVEFUNC(PEM_read_bio_DSAPrivateKey) |
1057 |
RESOLVEFUNC(PEM_read_bio_DSAPrivateKey) |
842 |
RESOLVEFUNC(PEM_read_bio_RSAPrivateKey) |
1058 |
RESOLVEFUNC(PEM_read_bio_RSAPrivateKey) |
Lines 849-855
bool q_resolveOpenSslSymbols()
Link Here
|
849 |
#ifndef OPENSSL_NO_EC |
1065 |
#ifndef OPENSSL_NO_EC |
850 |
RESOLVEFUNC(PEM_write_bio_ECPrivateKey) |
1066 |
RESOLVEFUNC(PEM_write_bio_ECPrivateKey) |
851 |
#endif |
1067 |
#endif |
852 |
#endif |
1068 |
#endif // !SSLEAY_MACROS |
|
|
1069 |
|
853 |
RESOLVEFUNC(PEM_read_bio_PUBKEY) |
1070 |
RESOLVEFUNC(PEM_read_bio_PUBKEY) |
854 |
RESOLVEFUNC(PEM_read_bio_DSA_PUBKEY) |
1071 |
RESOLVEFUNC(PEM_read_bio_DSA_PUBKEY) |
855 |
RESOLVEFUNC(PEM_read_bio_RSA_PUBKEY) |
1072 |
RESOLVEFUNC(PEM_read_bio_RSA_PUBKEY) |
Lines 865-876
bool q_resolveOpenSslSymbols()
Link Here
|
865 |
RESOLVEFUNC(RAND_status) |
1082 |
RESOLVEFUNC(RAND_status) |
866 |
RESOLVEFUNC(RSA_new) |
1083 |
RESOLVEFUNC(RSA_new) |
867 |
RESOLVEFUNC(RSA_free) |
1084 |
RESOLVEFUNC(RSA_free) |
868 |
RESOLVEFUNC(sk_new_null) |
|
|
869 |
RESOLVEFUNC(sk_push) |
870 |
RESOLVEFUNC(sk_free) |
871 |
RESOLVEFUNC(sk_num) |
872 |
RESOLVEFUNC(sk_pop_free) |
873 |
RESOLVEFUNC(sk_value) |
874 |
RESOLVEFUNC(SSL_CIPHER_description) |
1085 |
RESOLVEFUNC(SSL_CIPHER_description) |
875 |
RESOLVEFUNC(SSL_CIPHER_get_bits) |
1086 |
RESOLVEFUNC(SSL_CIPHER_get_bits) |
876 |
RESOLVEFUNC(SSL_CTX_check_private_key) |
1087 |
RESOLVEFUNC(SSL_CTX_check_private_key) |
Lines 898-905
bool q_resolveOpenSslSymbols()
Link Here
|
898 |
RESOLVEFUNC(SSL_get_peer_cert_chain) |
1109 |
RESOLVEFUNC(SSL_get_peer_cert_chain) |
899 |
RESOLVEFUNC(SSL_get_peer_certificate) |
1110 |
RESOLVEFUNC(SSL_get_peer_certificate) |
900 |
RESOLVEFUNC(SSL_get_verify_result) |
1111 |
RESOLVEFUNC(SSL_get_verify_result) |
901 |
RESOLVEFUNC(SSL_library_init) |
|
|
902 |
RESOLVEFUNC(SSL_load_error_strings) |
903 |
RESOLVEFUNC(SSL_new) |
1112 |
RESOLVEFUNC(SSL_new) |
904 |
RESOLVEFUNC(SSL_ctrl) |
1113 |
RESOLVEFUNC(SSL_ctrl) |
905 |
RESOLVEFUNC(SSL_read) |
1114 |
RESOLVEFUNC(SSL_read) |
Lines 912-918
bool q_resolveOpenSslSymbols()
Link Here
|
912 |
RESOLVEFUNC(SSL_get1_session) |
1121 |
RESOLVEFUNC(SSL_get1_session) |
913 |
RESOLVEFUNC(SSL_get_session) |
1122 |
RESOLVEFUNC(SSL_get_session) |
914 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
1123 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
915 |
RESOLVEFUNC(SSL_get_ex_new_index) |
|
|
916 |
RESOLVEFUNC(SSL_set_ex_data) |
1124 |
RESOLVEFUNC(SSL_set_ex_data) |
917 |
RESOLVEFUNC(SSL_get_ex_data) |
1125 |
RESOLVEFUNC(SSL_get_ex_data) |
918 |
#endif |
1126 |
#endif |
Lines 922-951
bool q_resolveOpenSslSymbols()
Link Here
|
922 |
RESOLVEFUNC(SSL_CTX_use_psk_identity_hint) |
1130 |
RESOLVEFUNC(SSL_CTX_use_psk_identity_hint) |
923 |
#endif |
1131 |
#endif |
924 |
RESOLVEFUNC(SSL_write) |
1132 |
RESOLVEFUNC(SSL_write) |
925 |
#ifndef OPENSSL_NO_SSL2 |
|
|
926 |
RESOLVEFUNC(SSLv2_client_method) |
927 |
#endif |
928 |
#ifndef OPENSSL_NO_SSL3_METHOD |
929 |
RESOLVEFUNC(SSLv3_client_method) |
930 |
#endif |
931 |
RESOLVEFUNC(SSLv23_client_method) |
932 |
RESOLVEFUNC(TLSv1_client_method) |
933 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
934 |
RESOLVEFUNC(TLSv1_1_client_method) |
935 |
RESOLVEFUNC(TLSv1_2_client_method) |
936 |
#endif |
937 |
#ifndef OPENSSL_NO_SSL2 |
938 |
RESOLVEFUNC(SSLv2_server_method) |
939 |
#endif |
940 |
#ifndef OPENSSL_NO_SSL3_METHOD |
941 |
RESOLVEFUNC(SSLv3_server_method) |
942 |
#endif |
943 |
RESOLVEFUNC(SSLv23_server_method) |
944 |
RESOLVEFUNC(TLSv1_server_method) |
945 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
946 |
RESOLVEFUNC(TLSv1_1_server_method) |
947 |
RESOLVEFUNC(TLSv1_2_server_method) |
948 |
#endif |
949 |
RESOLVEFUNC(X509_NAME_entry_count) |
1133 |
RESOLVEFUNC(X509_NAME_entry_count) |
950 |
RESOLVEFUNC(X509_NAME_get_entry) |
1134 |
RESOLVEFUNC(X509_NAME_get_entry) |
951 |
RESOLVEFUNC(X509_NAME_ENTRY_get_data) |
1135 |
RESOLVEFUNC(X509_NAME_ENTRY_get_data) |
Lines 961-972
bool q_resolveOpenSslSymbols()
Link Here
|
961 |
RESOLVEFUNC(X509_STORE_CTX_get_error) |
1145 |
RESOLVEFUNC(X509_STORE_CTX_get_error) |
962 |
RESOLVEFUNC(X509_STORE_CTX_get_error_depth) |
1146 |
RESOLVEFUNC(X509_STORE_CTX_get_error_depth) |
963 |
RESOLVEFUNC(X509_STORE_CTX_get_current_cert) |
1147 |
RESOLVEFUNC(X509_STORE_CTX_get_current_cert) |
964 |
RESOLVEFUNC(X509_STORE_CTX_get_chain) |
|
|
965 |
RESOLVEFUNC(X509_cmp) |
1148 |
RESOLVEFUNC(X509_cmp) |
966 |
#ifndef SSLEAY_MACROS |
1149 |
#ifndef SSLEAY_MACROS |
967 |
RESOLVEFUNC(X509_dup) |
1150 |
RESOLVEFUNC(X509_dup) |
968 |
#endif |
1151 |
#endif |
969 |
RESOLVEFUNC(X509_print) |
1152 |
RESOLVEFUNC(X509_print) |
|
|
1153 |
RESOLVEFUNC(X509_digest) |
970 |
RESOLVEFUNC(X509_EXTENSION_get_object) |
1154 |
RESOLVEFUNC(X509_EXTENSION_get_object) |
971 |
RESOLVEFUNC(X509_free) |
1155 |
RESOLVEFUNC(X509_free) |
972 |
RESOLVEFUNC(X509_get_ext) |
1156 |
RESOLVEFUNC(X509_get_ext) |
Lines 982-1001
bool q_resolveOpenSslSymbols()
Link Here
|
982 |
RESOLVEFUNC(X509_check_issued) |
1166 |
RESOLVEFUNC(X509_check_issued) |
983 |
RESOLVEFUNC(X509_get_issuer_name) |
1167 |
RESOLVEFUNC(X509_get_issuer_name) |
984 |
RESOLVEFUNC(X509_get_subject_name) |
1168 |
RESOLVEFUNC(X509_get_subject_name) |
|
|
1169 |
RESOLVEFUNC(X509_get_serialNumber) |
985 |
RESOLVEFUNC(X509_verify_cert) |
1170 |
RESOLVEFUNC(X509_verify_cert) |
986 |
RESOLVEFUNC(d2i_X509) |
1171 |
RESOLVEFUNC(d2i_X509) |
987 |
RESOLVEFUNC(i2d_X509) |
1172 |
RESOLVEFUNC(i2d_X509) |
988 |
#ifdef SSLEAY_MACROS |
|
|
989 |
RESOLVEFUNC(i2d_DSAPrivateKey) |
990 |
RESOLVEFUNC(i2d_RSAPrivateKey) |
991 |
RESOLVEFUNC(d2i_DSAPrivateKey) |
992 |
RESOLVEFUNC(d2i_RSAPrivateKey) |
993 |
#endif |
994 |
RESOLVEFUNC(OPENSSL_add_all_algorithms_noconf) |
995 |
RESOLVEFUNC(OPENSSL_add_all_algorithms_conf) |
996 |
RESOLVEFUNC(SSL_CTX_load_verify_locations) |
1173 |
RESOLVEFUNC(SSL_CTX_load_verify_locations) |
997 |
RESOLVEFUNC(SSLeay) |
|
|
998 |
RESOLVEFUNC(SSLeay_version) |
999 |
RESOLVEFUNC(i2d_SSL_SESSION) |
1174 |
RESOLVEFUNC(i2d_SSL_SESSION) |
1000 |
RESOLVEFUNC(d2i_SSL_SESSION) |
1175 |
RESOLVEFUNC(d2i_SSL_SESSION) |
1001 |
#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) |
1176 |
#if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) |
Lines 1019-1045
bool q_resolveOpenSslSymbols()
Link Here
|
1019 |
RESOLVEFUNC(EC_KEY_new_by_curve_name) |
1194 |
RESOLVEFUNC(EC_KEY_new_by_curve_name) |
1020 |
RESOLVEFUNC(EC_KEY_free) |
1195 |
RESOLVEFUNC(EC_KEY_free) |
1021 |
RESOLVEFUNC(EC_get_builtin_curves) |
1196 |
RESOLVEFUNC(EC_get_builtin_curves) |
1022 |
#if OPENSSL_VERSION_NUMBER >= 0x10002000L |
|
|
1023 |
if (q_SSLeay() >= 0x10002000L) |
1024 |
RESOLVEFUNC(EC_curve_nist2nid) |
1025 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L |
1026 |
#endif // OPENSSL_NO_EC |
1197 |
#endif // OPENSSL_NO_EC |
1027 |
RESOLVEFUNC(PKCS12_parse) |
1198 |
RESOLVEFUNC(PKCS12_parse) |
1028 |
RESOLVEFUNC(d2i_PKCS12_bio) |
1199 |
RESOLVEFUNC(d2i_PKCS12_bio) |
1029 |
RESOLVEFUNC(PKCS12_free) |
1200 |
RESOLVEFUNC(PKCS12_free) |
1030 |
|
1201 |
|
|
|
1202 |
symbolsResolved = true; |
1031 |
delete libs.first; |
1203 |
delete libs.first; |
1032 |
delete libs.second; |
1204 |
delete libs.second; |
1033 |
if (!_q_SSLeay || q_SSLeay() >= 0x10100000L) { |
|
|
1034 |
// OpenSSL 1.1 deprecated and removed SSLeay. We consider a failure to |
1035 |
// resolve this symbol as a failure to resolve symbols. |
1036 |
// The right operand of '||' above ... a bit of paranoia. |
1037 |
qCWarning(lcSsl, "Incompatible version of OpenSSL"); |
1038 |
return false; |
1039 |
} |
1040 |
|
1041 |
symbolsResolved = true; |
1042 |
|
1043 |
return true; |
1205 |
return true; |
1044 |
} |
1206 |
} |
1045 |
#endif // QT_CONFIG(library) |
1207 |
#endif // QT_CONFIG(library) |
1046 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl_symbols_p.h |
1208 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/qsslsocket_openssl_symbols_p.h |
Lines 1-6
Link Here
|
1 |
/**************************************************************************** |
1 |
/**************************************************************************** |
2 |
** |
2 |
** |
3 |
** Copyright (C) 2016 The Qt Company Ltd. |
3 |
** Copyright (C) 2017 The Qt Company Ltd. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
4 |
** Copyright (C) 2014 BlackBerry Limited. All rights reserved. |
5 |
** Contact: https://www.qt.io/licensing/ |
5 |
** Contact: https://www.qt.io/licensing/ |
6 |
** |
6 |
** |
Lines 56-61
Link Here
|
56 |
#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H |
56 |
#ifndef QSSLSOCKET_OPENSSL_SYMBOLS_P_H |
57 |
#define QSSLSOCKET_OPENSSL_SYMBOLS_P_H |
57 |
#define QSSLSOCKET_OPENSSL_SYMBOLS_P_H |
58 |
|
58 |
|
|
|
59 |
|
59 |
// |
60 |
// |
60 |
// W A R N I N G |
61 |
// W A R N I N G |
61 |
// ------------- |
62 |
// ------------- |
Lines 215-231
QT_BEGIN_NAMESPACE
Link Here
|
215 |
|
216 |
|
216 |
#endif // !defined QT_LINKED_OPENSSL |
217 |
#endif // !defined QT_LINKED_OPENSSL |
217 |
|
218 |
|
|
|
219 |
#if QT_CONFIG(opensslv11) |
220 |
#include "qsslsocket_openssl11_symbols_p.h" |
221 |
#else |
222 |
#include "qsslsocket_opensslpre11_symbols_p.h" |
223 |
#endif // QT_CONFIG |
224 |
|
218 |
bool q_resolveOpenSslSymbols(); |
225 |
bool q_resolveOpenSslSymbols(); |
219 |
long q_ASN1_INTEGER_get(ASN1_INTEGER *a); |
226 |
long q_ASN1_INTEGER_get(ASN1_INTEGER *a); |
220 |
unsigned char * q_ASN1_STRING_data(ASN1_STRING *a); |
|
|
221 |
int q_ASN1_STRING_length(ASN1_STRING *a); |
227 |
int q_ASN1_STRING_length(ASN1_STRING *a); |
222 |
int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b); |
228 |
int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b); |
223 |
long q_BIO_ctrl(BIO *a, int b, long c, void *d); |
229 |
long q_BIO_ctrl(BIO *a, int b, long c, void *d); |
224 |
Q_AUTOTEST_EXPORT int q_BIO_free(BIO *a); |
230 |
Q_AUTOTEST_EXPORT int q_BIO_free(BIO *a); |
225 |
Q_AUTOTEST_EXPORT BIO *q_BIO_new(BIO_METHOD *a); |
|
|
226 |
BIO *q_BIO_new_mem_buf(void *a, int b); |
231 |
BIO *q_BIO_new_mem_buf(void *a, int b); |
227 |
int q_BIO_read(BIO *a, void *b, int c); |
232 |
int q_BIO_read(BIO *a, void *b, int c); |
228 |
Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem(); |
|
|
229 |
Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c); |
233 |
Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c); |
230 |
int q_BN_num_bits(const BIGNUM *a); |
234 |
int q_BN_num_bits(const BIGNUM *a); |
231 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
235 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
Lines 247-272
BN_ULONG q_BN_mod_word(const BIGNUM *a,
Link Here
|
247 |
const EC_GROUP* q_EC_KEY_get0_group(const EC_KEY* k); |
251 |
const EC_GROUP* q_EC_KEY_get0_group(const EC_KEY* k); |
248 |
int q_EC_GROUP_get_degree(const EC_GROUP* g); |
252 |
int q_EC_GROUP_get_degree(const EC_GROUP* g); |
249 |
#endif |
253 |
#endif |
250 |
int q_CRYPTO_num_locks(); |
|
|
251 |
void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); |
252 |
void q_CRYPTO_set_id_callback(unsigned long (*a)()); |
253 |
void q_CRYPTO_free(void *a); |
254 |
DSA *q_DSA_new(); |
254 |
DSA *q_DSA_new(); |
255 |
void q_DSA_free(DSA *a); |
255 |
void q_DSA_free(DSA *a); |
256 |
X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c); |
256 |
X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c); |
257 |
char *q_ERR_error_string(unsigned long a, char *b); |
257 |
char *q_ERR_error_string(unsigned long a, char *b); |
258 |
unsigned long q_ERR_get_error(); |
258 |
unsigned long q_ERR_get_error(); |
259 |
void q_ERR_free_strings(); |
259 |
EVP_CIPHER_CTX *q_EVP_CIPHER_CTX_new(); |
260 |
void q_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); |
260 |
void q_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); |
261 |
void q_EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); |
|
|
262 |
int q_EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); |
261 |
int q_EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); |
263 |
int q_EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); |
262 |
int q_EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); |
264 |
int q_EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv, int enc); |
263 |
int q_EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, const unsigned char *key, const unsigned char *iv, int enc); |
|
|
264 |
int q_EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); |
265 |
int q_EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); |
265 |
int q_EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); |
266 |
int q_EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); |
266 |
int q_EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); |
267 |
const EVP_CIPHER *q_EVP_des_cbc(); |
267 |
const EVP_CIPHER *q_EVP_des_cbc(); |
268 |
const EVP_CIPHER *q_EVP_des_ede3_cbc(); |
268 |
const EVP_CIPHER *q_EVP_des_ede3_cbc(); |
269 |
const EVP_CIPHER *q_EVP_rc2_cbc(); |
269 |
const EVP_CIPHER *q_EVP_rc2_cbc(); |
|
|
270 |
const EVP_MD *q_EVP_sha1(); |
270 |
int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); |
271 |
int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); |
271 |
Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); |
272 |
Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); |
272 |
int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); |
273 |
int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); |
Lines 310-316
int q_PEM_write_bio_RSAPrivateKey(BIO *a
Link Here
|
310 |
int q_PEM_write_bio_ECPrivateKey(BIO *a, EC_KEY *b, const EVP_CIPHER *c, unsigned char *d, |
311 |
int q_PEM_write_bio_ECPrivateKey(BIO *a, EC_KEY *b, const EVP_CIPHER *c, unsigned char *d, |
311 |
int e, pem_password_cb *f, void *g); |
312 |
int e, pem_password_cb *f, void *g); |
312 |
#endif |
313 |
#endif |
313 |
#endif |
314 |
#endif // SSLEAY_MACROS |
314 |
Q_AUTOTEST_EXPORT EVP_PKEY *q_PEM_read_bio_PUBKEY(BIO *a, EVP_PKEY **b, pem_password_cb *c, void *d); |
315 |
Q_AUTOTEST_EXPORT EVP_PKEY *q_PEM_read_bio_PUBKEY(BIO *a, EVP_PKEY **b, pem_password_cb *c, void *d); |
315 |
DSA *q_PEM_read_bio_DSA_PUBKEY(BIO *a, DSA **b, pem_password_cb *c, void *d); |
316 |
DSA *q_PEM_read_bio_DSA_PUBKEY(BIO *a, DSA **b, pem_password_cb *c, void *d); |
316 |
RSA *q_PEM_read_bio_RSA_PUBKEY(BIO *a, RSA **b, pem_password_cb *c, void *d); |
317 |
RSA *q_PEM_read_bio_RSA_PUBKEY(BIO *a, RSA **b, pem_password_cb *c, void *d); |
Lines 326-348
void q_RAND_seed(const void *a, int b);
Link Here
|
326 |
int q_RAND_status(); |
327 |
int q_RAND_status(); |
327 |
RSA *q_RSA_new(); |
328 |
RSA *q_RSA_new(); |
328 |
void q_RSA_free(RSA *a); |
329 |
void q_RSA_free(RSA *a); |
329 |
int q_sk_num(STACK *a); |
|
|
330 |
void q_sk_pop_free(STACK *a, void (*b)(void *)); |
331 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
332 |
_STACK *q_sk_new_null(); |
333 |
void q_sk_push(_STACK *st, void *data); |
334 |
void q_sk_free(_STACK *a); |
335 |
void * q_sk_value(STACK *a, int b); |
336 |
#else |
337 |
STACK *q_sk_new_null(); |
338 |
void q_sk_push(STACK *st, char *data); |
339 |
void q_sk_free(STACK *a); |
340 |
char * q_sk_value(STACK *a, int b); |
341 |
#endif |
342 |
int q_SSL_accept(SSL *a); |
330 |
int q_SSL_accept(SSL *a); |
343 |
int q_SSL_clear(SSL *a); |
331 |
int q_SSL_clear(SSL *a); |
344 |
char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c); |
332 |
char *q_SSL_CIPHER_description(const SSL_CIPHER *a, char *b, int c); |
345 |
int q_SSL_CIPHER_get_bits(SSL_CIPHER *a, int *b); |
333 |
int q_SSL_CIPHER_get_bits(const SSL_CIPHER *a, int *b); |
346 |
int q_SSL_connect(SSL *a); |
334 |
int q_SSL_connect(SSL *a); |
347 |
int q_SSL_CTX_check_private_key(const SSL_CTX *a); |
335 |
int q_SSL_CTX_check_private_key(const SSL_CTX *a); |
348 |
long q_SSL_CTX_ctrl(SSL_CTX *a, int b, long c, void *d); |
336 |
long q_SSL_CTX_ctrl(SSL_CTX *a, int b, long c, void *d); |
Lines 374-381
int q_SSL_get_error(SSL *a, int b);
Link Here
|
374 |
STACK_OF(X509) *q_SSL_get_peer_cert_chain(SSL *a); |
362 |
STACK_OF(X509) *q_SSL_get_peer_cert_chain(SSL *a); |
375 |
X509 *q_SSL_get_peer_certificate(SSL *a); |
363 |
X509 *q_SSL_get_peer_certificate(SSL *a); |
376 |
long q_SSL_get_verify_result(const SSL *a); |
364 |
long q_SSL_get_verify_result(const SSL *a); |
377 |
int q_SSL_library_init(); |
|
|
378 |
void q_SSL_load_error_strings(); |
379 |
SSL *q_SSL_new(SSL_CTX *a); |
365 |
SSL *q_SSL_new(SSL_CTX *a); |
380 |
long q_SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); |
366 |
long q_SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); |
381 |
int q_SSL_read(SSL *a, void *b, int c); |
367 |
int q_SSL_read(SSL *a, void *b, int c); |
Lines 388-394
void q_SSL_SESSION_free(SSL_SESSION *ses
Link Here
|
388 |
SSL_SESSION *q_SSL_get1_session(SSL *ssl); |
374 |
SSL_SESSION *q_SSL_get1_session(SSL *ssl); |
389 |
SSL_SESSION *q_SSL_get_session(const SSL *ssl); |
375 |
SSL_SESSION *q_SSL_get_session(const SSL *ssl); |
390 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
376 |
#if OPENSSL_VERSION_NUMBER >= 0x10001000L |
391 |
int q_SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
|
|
392 |
int q_SSL_set_ex_data(SSL *ssl, int idx, void *arg); |
377 |
int q_SSL_set_ex_data(SSL *ssl, int idx, void *arg); |
393 |
void *q_SSL_get_ex_data(const SSL *ssl, int idx); |
378 |
void *q_SSL_get_ex_data(const SSL *ssl, int idx); |
394 |
#endif |
379 |
#endif |
Lines 399-447
typedef unsigned int (*q_psk_server_call
Link Here
|
399 |
void q_SSL_set_psk_server_callback(SSL *ssl, q_psk_server_callback_t callback); |
384 |
void q_SSL_set_psk_server_callback(SSL *ssl, q_psk_server_callback_t callback); |
400 |
int q_SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); |
385 |
int q_SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); |
401 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
386 |
#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) |
402 |
#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
|
|
403 |
#ifndef OPENSSL_NO_SSL2 |
404 |
const SSL_METHOD *q_SSLv2_client_method(); |
405 |
#endif |
406 |
#ifndef OPENSSL_NO_SSL3_METHOD |
407 |
const SSL_METHOD *q_SSLv3_client_method(); |
408 |
#endif |
409 |
const SSL_METHOD *q_SSLv23_client_method(); |
410 |
const SSL_METHOD *q_TLSv1_client_method(); |
411 |
const SSL_METHOD *q_TLSv1_1_client_method(); |
412 |
const SSL_METHOD *q_TLSv1_2_client_method(); |
413 |
#ifndef OPENSSL_NO_SSL2 |
414 |
const SSL_METHOD *q_SSLv2_server_method(); |
415 |
#endif |
416 |
#ifndef OPENSSL_NO_SSL3_METHOD |
417 |
const SSL_METHOD *q_SSLv3_server_method(); |
418 |
#endif |
419 |
const SSL_METHOD *q_SSLv23_server_method(); |
420 |
const SSL_METHOD *q_TLSv1_server_method(); |
421 |
const SSL_METHOD *q_TLSv1_1_server_method(); |
422 |
const SSL_METHOD *q_TLSv1_2_server_method(); |
423 |
#else |
424 |
#ifndef OPENSSL_NO_SSL2 |
425 |
SSL_METHOD *q_SSLv2_client_method(); |
426 |
#endif |
427 |
#ifndef OPENSSL_NO_SSL3_METHOD |
428 |
SSL_METHOD *q_SSLv3_client_method(); |
429 |
#endif |
430 |
SSL_METHOD *q_SSLv23_client_method(); |
431 |
SSL_METHOD *q_TLSv1_client_method(); |
432 |
SSL_METHOD *q_TLSv1_1_client_method(); |
433 |
SSL_METHOD *q_TLSv1_2_client_method(); |
434 |
#ifndef OPENSSL_NO_SSL2 |
435 |
SSL_METHOD *q_SSLv2_server_method(); |
436 |
#endif |
437 |
#ifndef OPENSSL_NO_SSL3_METHOD |
438 |
SSL_METHOD *q_SSLv3_server_method(); |
439 |
#endif |
440 |
SSL_METHOD *q_SSLv23_server_method(); |
441 |
SSL_METHOD *q_TLSv1_server_method(); |
442 |
SSL_METHOD *q_TLSv1_1_server_method(); |
443 |
SSL_METHOD *q_TLSv1_2_server_method(); |
444 |
#endif |
445 |
int q_SSL_write(SSL *a, const void *b, int c); |
387 |
int q_SSL_write(SSL *a, const void *b, int c); |
446 |
int q_X509_cmp(X509 *a, X509 *b); |
388 |
int q_X509_cmp(X509 *a, X509 *b); |
447 |
#ifdef SSLEAY_MACROS |
389 |
#ifdef SSLEAY_MACROS |
Lines 452-457
void *q_ASN1_dup(i2d_of_void *i2d, d2i_o
Link Here
|
452 |
X509 *q_X509_dup(X509 *a); |
394 |
X509 *q_X509_dup(X509 *a); |
453 |
#endif |
395 |
#endif |
454 |
void q_X509_print(BIO *a, X509*b); |
396 |
void q_X509_print(BIO *a, X509*b); |
|
|
397 |
int q_X509_digest(const X509 *x509, const EVP_MD *type, unsigned char *md, unsigned int *len); |
455 |
ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a); |
398 |
ASN1_OBJECT *q_X509_EXTENSION_get_object(X509_EXTENSION *a); |
456 |
void q_X509_free(X509 *a); |
399 |
void q_X509_free(X509 *a); |
457 |
X509_EXTENSION *q_X509_get_ext(X509 *a, int b); |
400 |
X509_EXTENSION *q_X509_get_ext(X509 *a, int b); |
Lines 471-476
int q_ASN1_STRING_print(BIO *a, ASN1_STR
Link Here
|
471 |
int q_X509_check_issued(X509 *a, X509 *b); |
414 |
int q_X509_check_issued(X509 *a, X509 *b); |
472 |
X509_NAME *q_X509_get_issuer_name(X509 *a); |
415 |
X509_NAME *q_X509_get_issuer_name(X509 *a); |
473 |
X509_NAME *q_X509_get_subject_name(X509 *a); |
416 |
X509_NAME *q_X509_get_subject_name(X509 *a); |
|
|
417 |
ASN1_INTEGER *q_X509_get_serialNumber(X509 *a); |
474 |
int q_X509_verify_cert(X509_STORE_CTX *ctx); |
418 |
int q_X509_verify_cert(X509_STORE_CTX *ctx); |
475 |
int q_X509_NAME_entry_count(X509_NAME *a); |
419 |
int q_X509_NAME_entry_count(X509_NAME *a); |
476 |
X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); |
420 |
X509_NAME_ENTRY *q_X509_NAME_get_entry(X509_NAME *a,int b); |
Lines 488-494
int q_X509_STORE_CTX_set_purpose(X509_ST
Link Here
|
488 |
int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); |
432 |
int q_X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); |
489 |
int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); |
433 |
int q_X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); |
490 |
X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); |
434 |
X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); |
491 |
STACK_OF(X509) *q_X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); |
|
|
492 |
|
435 |
|
493 |
// Diffie-Hellman support |
436 |
// Diffie-Hellman support |
494 |
DH *q_DH_new(); |
437 |
DH *q_DH_new(); |
Lines 522-555
int q_PKCS12_parse(PKCS12 *p12, const ch
Link Here
|
522 |
PKCS12 *q_d2i_PKCS12_bio(BIO *bio, PKCS12 **pkcs12); |
465 |
PKCS12 *q_d2i_PKCS12_bio(BIO *bio, PKCS12 **pkcs12); |
523 |
void q_PKCS12_free(PKCS12 *pkcs12); |
466 |
void q_PKCS12_free(PKCS12 *pkcs12); |
524 |
|
467 |
|
525 |
|
|
|
526 |
#define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) |
468 |
#define q_BIO_get_mem_data(b, pp) (int)q_BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) |
527 |
#define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) |
469 |
#define q_BIO_pending(b) (int)q_BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) |
528 |
#ifdef SSLEAY_MACROS |
|
|
529 |
int q_i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); |
530 |
int q_i2d_RSAPrivateKey(const RSA *a, unsigned char **pp); |
531 |
RSA *q_d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); |
532 |
DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); |
533 |
#define q_PEM_read_bio_RSAPrivateKey(bp, x, cb, u) \ |
534 |
(RSA *)q_PEM_ASN1_read_bio( \ |
535 |
(void *(*)(void**, const unsigned char**, long int))q_d2i_RSAPrivateKey, PEM_STRING_RSA, bp, (void **)x, cb, u) |
536 |
#define q_PEM_read_bio_DSAPrivateKey(bp, x, cb, u) \ |
537 |
(DSA *)q_PEM_ASN1_read_bio( \ |
538 |
(void *(*)(void**, const unsigned char**, long int))q_d2i_DSAPrivateKey, PEM_STRING_DSA, bp, (void **)x, cb, u) |
539 |
#define q_PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ |
540 |
PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_RSAPrivateKey,PEM_STRING_RSA,\ |
541 |
bp,(char *)x,enc,kstr,klen,cb,u) |
542 |
#define q_PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ |
543 |
PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ |
544 |
bp,(char *)x,enc,kstr,klen,cb,u) |
545 |
#define q_PEM_read_bio_DHparams(bp, dh, cb, u) \ |
546 |
(DH *)q_PEM_ASN1_read_bio( \ |
547 |
(void *(*)(void**, const unsigned char**, long int))q_d2i_DHparams, PEM_STRING_DHPARAMS, bp, (void **)x, cb, u) |
548 |
#endif |
549 |
#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) |
550 |
#define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) |
470 |
#define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) |
551 |
#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) |
|
|
552 |
#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) |
553 |
#define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st)) |
471 |
#define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st)) |
554 |
#define q_sk_GENERAL_NAME_value(st, i) q_SKM_sk_value(GENERAL_NAME, (st), (i)) |
472 |
#define q_sk_GENERAL_NAME_value(st, i) q_SKM_sk_value(GENERAL_NAME, (st), (i)) |
555 |
#define q_sk_X509_num(st) q_SKM_sk_num(X509, (st)) |
473 |
#define q_sk_X509_num(st) q_SKM_sk_num(X509, (st)) |
Lines 558-575
DSA *q_d2i_DSAPrivateKey(DSA **a, unsign
Link Here
|
558 |
#define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) |
476 |
#define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) |
559 |
#define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ |
477 |
#define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ |
560 |
q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) |
478 |
q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) |
561 |
#define q_X509_get_notAfter(x) X509_get_notAfter(x) |
|
|
562 |
#define q_X509_get_notBefore(x) X509_get_notBefore(x) |
563 |
#define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ |
479 |
#define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ |
564 |
(char *)(rsa)) |
480 |
(char *)(rsa)) |
565 |
#define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ |
481 |
#define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ |
566 |
(char *)(dsa)) |
482 |
(char *)(dsa)) |
567 |
#define q_OpenSSL_add_all_algorithms() q_OPENSSL_add_all_algorithms_conf() |
483 |
#define q_OpenSSL_add_all_algorithms() q_OPENSSL_add_all_algorithms_conf() |
568 |
void q_OPENSSL_add_all_algorithms_noconf(); |
|
|
569 |
void q_OPENSSL_add_all_algorithms_conf(); |
570 |
int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); |
484 |
int q_SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); |
571 |
long q_SSLeay(); |
|
|
572 |
const char *q_SSLeay_version(int type); |
573 |
int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); |
485 |
int q_i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); |
574 |
SSL_SESSION *q_d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); |
486 |
SSL_SESSION *q_d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length); |
575 |
|
487 |
|
576 |
-- qtbase-opensource-src-5.9.4/src/network/ssl/ssl.pri |
488 |
++ qtbase-opensource-src-5.9.4/src/network/ssl/ssl.pri |
Lines 60-72
qtConfig(ssl) {
Link Here
|
60 |
HEADERS += ssl/qsslcontext_openssl_p.h \ |
60 |
HEADERS += ssl/qsslcontext_openssl_p.h \ |
61 |
ssl/qsslsocket_openssl_p.h \ |
61 |
ssl/qsslsocket_openssl_p.h \ |
62 |
ssl/qsslsocket_openssl_symbols_p.h |
62 |
ssl/qsslsocket_openssl_symbols_p.h |
63 |
SOURCES += ssl/qsslcertificate_openssl.cpp \ |
63 |
SOURCES += ssl/qsslsocket_openssl_symbols.cpp \ |
64 |
ssl/qsslcontext_openssl.cpp \ |
|
|
65 |
ssl/qssldiffiehellmanparameters_openssl.cpp \ |
64 |
ssl/qssldiffiehellmanparameters_openssl.cpp \ |
|
|
65 |
ssl/qsslcertificate_openssl.cpp \ |
66 |
ssl/qsslellipticcurve_openssl.cpp \ |
66 |
ssl/qsslellipticcurve_openssl.cpp \ |
67 |
ssl/qsslkey_openssl.cpp \ |
67 |
ssl/qsslkey_openssl.cpp \ |
68 |
ssl/qsslsocket_openssl.cpp \ |
68 |
ssl/qsslsocket_openssl.cpp \ |
69 |
ssl/qsslsocket_openssl_symbols.cpp |
69 |
ssl/qsslcontext_openssl.cpp |
|
|
70 |
|
71 |
qtConfig(opensslv11) { |
72 |
HEADERS += ssl/qsslsocket_openssl11_symbols_p.h |
73 |
SOURCES += ssl/qsslsocket_openssl11.cpp \ |
74 |
ssl/qsslcontext_openssl11.cpp |
75 |
|
76 |
QMAKE_CXXFLAGS += -DOPENSSL_API_COMPAT=0x10100000L |
77 |
} else { |
78 |
HEADERS += ssl/qsslsocket_opensslpre11_symbols_p.h |
79 |
SOURCES += ssl/qsslsocket_opensslpre11.cpp \ |
80 |
ssl/qsslcontext_opensslpre11.cpp |
81 |
} |
70 |
|
82 |
|
71 |
darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp |
83 |
darwin:SOURCES += ssl/qsslsocket_mac_shared.cpp |
72 |
|
84 |
|