diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp
--- qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500
+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp 2016-11-24 07:51:02.131933265 -0500
@@ -66,7 +66,7 @@ uint qHash(const QSslCertificate &key, u
if (X509 * const x509 = key.d->x509) {
(void)q_X509_cmp(x509, x509); // populate x509->sha1_hash
// (if someone knows a better way...)
- return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed);
+ return X509_issuer_and_serial_hash(x509); // FIXME was qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed)
} else {
return seed;
}
@@ -90,7 +90,7 @@ QByteArray QSslCertificate::version() co
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
if (d->versionString.isEmpty() && d->x509)
d->versionString =
- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
+ QByteArray::number(qlonglong(X509_get_version(d->x509)) + 1);
return d->versionString;
}
@@ -99,7 +99,7 @@ QByteArray QSslCertificate::serialNumber
{
QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
if (d->serialNumberString.isEmpty() && d->x509) {
- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
+ ASN1_INTEGER *serialNumber = X509_get_serialNumber(d->x509);
QByteArray hexString;
hexString.reserve(serialNumber->length * 3);
for (int a = 0; a < serialNumber->length; ++a) {
@@ -235,25 +235,22 @@ QSslKey QSslCertificate::publicKey() con
QSslKey key;
key.d->type = QSsl::PublicKey;
- X509_PUBKEY *xkey = d->x509->cert_info->key;
+ X509_PUBKEY *xkey = X509_get_X509_PUBKEY(d->x509);
EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
Q_ASSERT(pkey);
- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
- key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
+ if ((key.d->rsa = q_EVP_PKEY_get1_RSA(pkey))) {
key.d->algorithm = QSsl::Rsa;
key.d->isNull = false;
- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
- key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
+ } else if ((key.d->dsa = q_EVP_PKEY_get1_DSA(pkey))) {
key.d->algorithm = QSsl::Dsa;
key.d->isNull = false;
#ifndef OPENSSL_NO_EC
- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) {
- key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey);
+ } else if ((key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey))) {
key.d->algorithm = QSsl::Ec;
key.d->isNull = false;
#endif
- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
+ } else if (EVP_PKEY_get1_DH(pkey)) {
// DH unsupported
} else {
// error?
@@ -607,7 +604,11 @@ static QMap<QByteArray, QString> _q_mapF
unsigned char *data = 0;
int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
info.insertMulti(name, QString::fromUtf8((char*)data, size));
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ q_CRYPTO_free(data, OPENSSL_FILE, OPENSSL_LINE);
+#else
q_CRYPTO_free(data);
+#endif
}
return info;
diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp
--- qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500
+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp 2016-11-24 07:51:02.131933265 -0500
@@ -110,7 +110,7 @@ void QSslContext::initSslContext(QSslCon
init_context:
switch (sslContext->sslConfiguration.protocol()) {
case QSsl::SslV2:
-#ifndef OPENSSL_NO_SSL2
+#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L
sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method());
#else
// SSL 2 not supported by the system, but chosen deliberately -> error
@@ -331,7 +331,7 @@ init_context:
q_DH_free(dh);
#ifndef OPENSSL_NO_EC
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && OPENSSL_VERSION_NUMBER < 0x10100000L
if (q_SSLeay() >= 0x10002000L) {
q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL);
} else
@@ -487,7 +487,7 @@ bool QSslContext::cacheSession(SSL* ssl)
unsigned char *data = reinterpret_cast<unsigned char *>(m_sessionASN1.data());
if (!q_i2d_SSL_SESSION(session, &data))
qCWarning(lcSsl, "could not store persistent version of SSL session");
- m_sessionTicketLifeTimeHint = session->tlsext_tick_lifetime_hint;
+ m_sessionTicketLifeTimeHint = SSL_SESSION_get_ticket_lifetime_hint(session);
}
}
diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp
--- qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500
+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp 2016-11-24 07:51:02.141933439 -0500
@@ -84,28 +84,26 @@ void QSslKeyPrivate::clear(bool deep)
bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey)
{
- if (pkey->type == EVP_PKEY_RSA) {
+ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
isNull = false;
algorithm = QSsl::Rsa;
type = QSsl::PrivateKey;
- rsa = q_RSA_new();
- memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA));
+ rsa = q_EVP_PKEY_get1_RSA(pkey);
return true;
}
- else if (pkey->type == EVP_PKEY_DSA) {
+ else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) {
isNull = false;
algorithm = QSsl::Dsa;
type = QSsl::PrivateKey;
- dsa = q_DSA_new();
- memcpy(dsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA));
+ dsa = q_EVP_PKEY_get1_DSA(pkey);
return true;
}
#ifndef OPENSSL_NO_EC
- else if (pkey->type == EVP_PKEY_EC) {
+ else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) {
isNull = false;
algorithm = QSsl::Ec;
type = QSsl::PrivateKey;
@@ -178,8 +176,8 @@ int QSslKeyPrivate::length() const
return -1;
switch (algorithm) {
- case QSsl::Rsa: return q_BN_num_bits(rsa->n);
- case QSsl::Dsa: return q_BN_num_bits(dsa->p);
+ case QSsl::Rsa: return q_RSA_bits(rsa);
+ case QSsl::Dsa: return q_DSA_bits(dsa);
#ifndef OPENSSL_NO_EC
case QSsl::Ec: return q_EC_GROUP_get_degree(q_EC_KEY_get0_group(ec));
#endif
@@ -273,7 +271,7 @@ Qt::HANDLE QSslKeyPrivate::handle() cons
static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, int enc)
{
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER* type = 0;
int i = 0, len = 0;
@@ -291,21 +289,22 @@ static QByteArray doCrypt(QSslKeyPrivate
QByteArray output;
output.resize(data.size() + EVP_MAX_BLOCK_LENGTH);
- q_EVP_CIPHER_CTX_init(&ctx);
- q_EVP_CipherInit(&ctx, type, NULL, NULL, enc);
- q_EVP_CIPHER_CTX_set_key_length(&ctx, key.size());
+ q_EVP_CIPHER_CTX_init(ctx);
+ q_EVP_CipherInit(ctx, type, NULL, NULL, enc);
+ q_EVP_CIPHER_CTX_set_key_length(ctx, key.size());
if (cipher == QSslKeyPrivate::Rc2Cbc)
- q_EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL);
- q_EVP_CipherInit(&ctx, NULL,
+ q_EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL);
+ q_EVP_CipherInit(ctx, NULL,
reinterpret_cast<const unsigned char *>(key.constData()),
reinterpret_cast<const unsigned char *>(iv.constData()), enc);
- q_EVP_CipherUpdate(&ctx,
+ q_EVP_CipherUpdate(ctx,
reinterpret_cast<unsigned char *>(output.data()), &len,
reinterpret_cast<const unsigned char *>(data.constData()), data.size());
- q_EVP_CipherFinal(&ctx,
+ q_EVP_CipherFinal(ctx,
reinterpret_cast<unsigned char *>(output.data()) + len, &i);
len += i;
- q_EVP_CIPHER_CTX_cleanup(&ctx);
+ q_EVP_CIPHER_CTX_cleanup(ctx);
+ EVP_CIPHER_CTX_free(ctx);
return output.left(len);
}
diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp
--- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500
+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp 2016-11-24 07:51:02.141933439 -0500
@@ -1519,7 +1519,7 @@ void QSslSocketBackendPrivate::continueH
if (readBufferMaxSize)
plainSocket->setReadBufferSize(readBufferMaxSize);
- if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL))
+ if (SSL_session_reused(ssl))
configuration.peerSessionShared = true;
#ifdef QT_DECRYPT_SSL_TRAFFIC
diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp
--- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500
+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp 2016-11-25 14:31:49.468240957 -0500
@@ -145,10 +145,15 @@ DEFINEFUNC(int, ASN1_STRING_length, ASN1
DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return);
DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return)
DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
-DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return)
DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+DEFINEFUNC(const BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
+DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
+#else
+DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
+#endif
DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return)
DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
#ifndef OPENSSL_NO_EC
@@ -158,9 +163,15 @@ DEFINEFUNC(int, EC_GROUP_get_degree, con
DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG)
DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+DEFINEFUNC3(void, CRYPTO_free, void *a, a, const char *b, b, int c, c, return, DUMMYARG)
+#else
DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
+#endif
DEFINEFUNC(DSA *, DSA_new, DUMMYARG, DUMMYARG, return 0, return)
DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG)
+DEFINEFUNC(int, RSA_bits, const RSA *a, a, return 0, return)
+DEFINEFUNC(int, DSA_bits, const DSA *a, a, return 0, return)
DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, const unsigned char **b, b, long c, c, return 0, return)
DEFINEFUNC2(char *, ERR_error_string, unsigned long a, a, char *b, b, return 0, return)
DEFINEFUNC(unsigned long, ERR_get_error, DUMMYARG, DUMMYARG, return 0, return)
@@ -182,6 +193,8 @@ DEFINEFUNC2(int, EVP_PKEY_set1_DSA, EVP_
DEFINEFUNC2(int, EVP_PKEY_set1_EC_KEY, EVP_PKEY *a, a, EC_KEY *b, b, return -1, return)
#endif
DEFINEFUNC(void, EVP_PKEY_free, EVP_PKEY *a, a, return, DUMMYARG)
+DEFINEFUNC(DSA *, EVP_PKEY_get0_DSA, EVP_PKEY *a, a, return 0, return)
+DEFINEFUNC(RSA *, EVP_PKEY_get0_RSA, EVP_PKEY *a, a, return 0, return)
DEFINEFUNC(DSA *, EVP_PKEY_get1_DSA, EVP_PKEY *a, a, return 0, return)
DEFINEFUNC(RSA *, EVP_PKEY_get1_RSA, EVP_PKEY *a, a, return 0, return)
#ifndef OPENSSL_NO_EC
@@ -432,6 +445,9 @@ DEFINEFUNC2(size_t, EC_get_builtin_curve
DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return)
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
#endif // OPENSSL_NO_EC
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return)
+#endif // OPENSSL_VERSION_NUMBER >= 0x10100000L
DEFINEFUNC5(int, PKCS12_parse, PKCS12 *p12, p12, const char *pass, pass, EVP_PKEY **pkey, pkey, \
X509 **cert, cert, STACK_OF(X509) **ca, ca, return 1, return);
@@ -774,6 +790,7 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(CRYPTO_set_locking_callback)
RESOLVEFUNC(DSA_new)
RESOLVEFUNC(DSA_free)
+ RESOLVEFUNC(DSA_bits)
RESOLVEFUNC(ERR_error_string)
RESOLVEFUNC(ERR_get_error)
RESOLVEFUNC(ERR_free_strings)
@@ -795,7 +812,9 @@ bool q_resolveOpenSslSymbols()
#endif
RESOLVEFUNC(EVP_PKEY_free)
RESOLVEFUNC(EVP_PKEY_get1_DSA)
+ RESOLVEFUNC(EVP_PKEY_get0_DSA)
RESOLVEFUNC(EVP_PKEY_get1_RSA)
+ RESOLVEFUNC(EVP_PKEY_get0_RSA)
#ifndef OPENSSL_NO_EC
RESOLVEFUNC(EVP_PKEY_get1_EC_KEY)
#endif
@@ -836,6 +855,7 @@ bool q_resolveOpenSslSymbols()
RESOLVEFUNC(RAND_status)
RESOLVEFUNC(RSA_new)
RESOLVEFUNC(RSA_free)
+ RESOLVEFUNC(RSA_bits)
RESOLVEFUNC(sk_new_null)
RESOLVEFUNC(sk_push)
RESOLVEFUNC(sk_free)
diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h
--- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h.openssl11 2016-11-17 14:34:21.000000000 -0500
+++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h 2016-11-24 07:51:02.141933439 -0500
@@ -221,10 +221,15 @@ int q_ASN1_STRING_length(ASN1_STRING *a)
int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b);
long q_BIO_ctrl(BIO *a, int b, long c, void *d);
int q_BIO_free(BIO *a);
-BIO *q_BIO_new(BIO_METHOD *a);
BIO *q_BIO_new_mem_buf(void *a, int b);
int q_BIO_read(BIO *a, void *b, int c);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+BIO *q_BIO_new(const BIO_METHOD *a);
+const BIO_METHOD *q_BIO_s_mem();
+#else
+BIO *q_BIO_new(BIO_METHOD *a);
BIO_METHOD *q_BIO_s_mem();
+#endif
int q_BIO_write(BIO *a, const void *b, int c);
int q_BN_num_bits(const BIGNUM *a);
#ifndef OPENSSL_NO_EC
@@ -234,8 +239,13 @@ int q_EC_GROUP_get_degree(const EC_GROUP
int q_CRYPTO_num_locks();
void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int));
void q_CRYPTO_set_id_callback(unsigned long (*a)());
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+void q_CRYPTO_free(void *a, const char *b, int c);
+#else
void q_CRYPTO_free(void *a);
+#endif
DSA *q_DSA_new();
+int q_DSA_bits(const DSA *d);
void q_DSA_free(DSA *a);
X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c);
char *q_ERR_error_string(unsigned long a, char *b);
@@ -259,7 +269,9 @@ int q_EVP_PKEY_set1_EC_KEY(EVP_PKEY *a,
#endif
void q_EVP_PKEY_free(EVP_PKEY *a);
RSA *q_EVP_PKEY_get1_RSA(EVP_PKEY *a);
+RSA *q_EVP_PKEY_get0_RSA(EVP_PKEY *a);
DSA *q_EVP_PKEY_get1_DSA(EVP_PKEY *a);
+DSA *q_EVP_PKEY_get0_DSA(EVP_PKEY *a);
#ifndef OPENSSL_NO_EC
EC_KEY *q_EVP_PKEY_get1_EC_KEY(EVP_PKEY *a);
#endif
@@ -306,6 +318,7 @@ int q_PEM_write_bio_EC_PUBKEY(BIO *a, EC
void q_RAND_seed(const void *a, int b);
int q_RAND_status();
RSA *q_RSA_new();
+int q_RSA_bits(const RSA *r);
void q_RSA_free(RSA *a);
int q_sk_num(STACK *a);
void q_sk_pop_free(STACK *a, void (*b)(void *));
@@ -378,7 +391,7 @@ typedef unsigned int (*q_psk_client_call
void q_SSL_set_psk_client_callback(SSL *ssl, q_psk_client_callback_t callback);
#endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK)
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-#ifndef OPENSSL_NO_SSL2
+#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L
const SSL_METHOD *q_SSLv2_client_method();
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
@@ -388,7 +401,7 @@ const SSL_METHOD *q_SSLv23_client_method
const SSL_METHOD *q_TLSv1_client_method();
const SSL_METHOD *q_TLSv1_1_client_method();
const SSL_METHOD *q_TLSv1_2_client_method();
-#ifndef OPENSSL_NO_SSL2
+#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L
const SSL_METHOD *q_SSLv2_server_method();
#endif
#ifndef OPENSSL_NO_SSL3_METHOD
@@ -519,7 +532,11 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsign
PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
bp,(char *)x,enc,kstr,klen,cb,u)
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#else
+long q_SSL_CTX_set_options(SSL_CTX *ctx, long options);
+#endif
#define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)