diff options
author | Marc Mutz <marc.mutz@kdab.com> | 2016-01-17 14:16:43 +0100 |
---|---|---|
committer | Marc Mutz <marc.mutz@kdab.com> | 2016-02-17 16:17:58 +0000 |
commit | 7ca90e985cd92c9537fec6d523b93b45c5edfdb5 (patch) | |
tree | d43865fa6fad7319a87c830d75563ee728d2737d /src/network/ssl | |
parent | 8049e9b3b93e855d32021edb6fc4bdcb41ccd512 (diff) |
QSslSocket (OpenSSL): replace QList<QPair> by QVector<Struct>
A QList<QPair<int,int>> is one of the most dangerous ones, because
it fundamentally changes memory layout, and therefore performance
and invariants, when going from 32-bit platforms (array list) to
64-bit (vector-like).
Port to QVector instead, which has a consistent design across all
platforms.
Also port from QPair to a simple struct { code, depth }, because
member names such as 'first' and 'second' have no semantic value
and make code using them very hard to understand.
Change-Id: I86c95d78dbb2e82ec222d6eae8ba11568e3ff0af
Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl.cpp | 46 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_p.h | 10 |
2 files changed, 31 insertions, 25 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index ad54e126ef..ac6b2df595 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -259,12 +259,21 @@ QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *ciph return ciph; } +// static +inline QSslErrorEntry QSslErrorEntry::fromStoreContext(X509_STORE_CTX *ctx) { + QSslErrorEntry result = { + q_X509_STORE_CTX_get_error(ctx), + q_X509_STORE_CTX_get_error_depth(ctx) + }; + return result; +} + // ### This list is shared between all threads, and protected by a // mutex. Investigate using thread local storage instead. struct QSslErrorList { QMutex mutex; - QList<QPair<int, int> > errors; + QVector<QSslErrorEntry> errors; }; Q_GLOBAL_STATIC(QSslErrorList, _q_sslErrorList) @@ -272,7 +281,7 @@ int q_X509Callback(int ok, X509_STORE_CTX *ctx) { if (!ok) { // Store the error and at which depth the error was detected. - _q_sslErrorList()->errors << qMakePair<int, int>(q_X509_STORE_CTX_get_error(ctx), q_X509_STORE_CTX_get_error_depth(ctx)); + _q_sslErrorList()->errors << QSslErrorEntry::fromStoreContext(ctx); #ifdef QSSLSOCKET_DEBUG qCDebug(lcSsl) << "verification error: dumping bad certificate"; qCDebug(lcSsl) << QSslCertificatePrivate::QSslCertificate_from_X509(q_X509_STORE_CTX_get_current_cert(ctx)).toPem(); @@ -1044,13 +1053,12 @@ bool QSslSocketBackendPrivate::startHandshake() _q_sslErrorList()->errors.clear(); int result = (mode == QSslSocket::SslClientMode) ? q_SSL_connect(ssl) : q_SSL_accept(ssl); - const QList<QPair<int, int> > &lastErrors = _q_sslErrorList()->errors; + const auto &lastErrors = _q_sslErrorList()->errors; if (!lastErrors.isEmpty()) storePeerCertificates(); - for (int i = 0; i < lastErrors.size(); ++i) { - const QPair<int, int> ¤tError = lastErrors.at(i); - emit q->peerVerifyError(_q_OpenSSL_to_QSslError(currentError.first, - configuration.peerCertificateChain.value(currentError.second))); + for (const auto ¤tError : lastErrors) { + emit q->peerVerifyError(_q_OpenSSL_to_QSslError(currentError.code, + configuration.peerCertificateChain.value(currentError.depth))); if (q->state() != QAbstractSocket::ConnectedState) break; } @@ -1133,14 +1141,9 @@ bool QSslSocketBackendPrivate::startHandshake() } // Translate errors from the error list into QSslErrors. - const int numErrors = errorList.size(); - errors.reserve(errors.size() + numErrors); - for (int i = 0; i < numErrors; ++i) { - const QPair<int, int> &errorAndDepth = errorList.at(i); - int err = errorAndDepth.first; - int depth = errorAndDepth.second; - errors << _q_OpenSSL_to_QSslError(err, configuration.peerCertificateChain.value(depth)); - } + errors.reserve(errors.size() + errorList.size()); + for (const auto &error : qAsConst(errorList)) + errors << _q_OpenSSL_to_QSslError(error.code, configuration.peerCertificateChain.value(error.depth)); if (!errors.isEmpty()) { sslErrors = errors; @@ -1692,7 +1695,7 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & #endif // Now process the errors - const QList<QPair<int, int> > errorList = _q_sslErrorList()->errors; + const auto errorList = std::move(_q_sslErrorList()->errors); _q_sslErrorList()->errors.clear(); sslErrorListMutexLocker.unlock(); @@ -1711,14 +1714,9 @@ QList<QSslError> QSslSocketBackendPrivate::verify(const QList<QSslCertificate> & } // Translate errors from the error list into QSslErrors. - const int numErrors = errorList.size(); - errors.reserve(errors.size() + numErrors); - for (int i = 0; i < numErrors; ++i) { - const QPair<int, int> &errorAndDepth = errorList.at(i); - int err = errorAndDepth.first; - int depth = errorAndDepth.second; - errors << _q_OpenSSL_to_QSslError(err, certificateChain.value(depth)); - } + errors.reserve(errors.size() + errorList.size()); + for (const auto &error : qAsConst(errorList)) + errors << _q_OpenSSL_to_QSslError(error.code, certificateChain.value(error.depth)); q_X509_STORE_free(certStore); diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h index 890576e378..dc60adda39 100644 --- a/src/network/ssl/qsslsocket_openssl_p.h +++ b/src/network/ssl/qsslsocket_openssl_p.h @@ -103,6 +103,14 @@ typedef _STACK STACK; QT_BEGIN_NAMESPACE +struct QSslErrorEntry { + int code; + int depth; + + static QSslErrorEntry fromStoreContext(X509_STORE_CTX *ctx); +}; +Q_DECLARE_TYPEINFO(QSslErrorEntry, Q_PRIMITIVE_TYPE); + class QSslSocketBackendPrivate : public QSslSocketPrivate { Q_DECLARE_PUBLIC(QSslSocket) @@ -117,7 +125,7 @@ public: BIO *readBio; BIO *writeBio; SSL_SESSION *session; - QList<QPair<int, int> > errorList; + QVector<QSslErrorEntry> errorList; #if OPENSSL_VERSION_NUMBER >= 0x10001000L static int s_indexForSSLExtraData; // index used in SSL_get_ex_data to get the matching QSslSocketBackendPrivate #endif |