Store QSslKey in specific key format to provide more details for key

In a TLS handshake the ephemeral server key is saved in the ssl configuration. Clients who want to get the length or algorithm of the key only get "Opaque" and "-1" as a result because the key is always stored as "Opaque". This change converts the key to specific type so more details are available and the client don't need to convert the handle by hand. Change-Id: I60f90fc2c1805e528640d391b20c676b6eeeb49e Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
author: Lars Schmertmann <lars.schmertmann@governikus.com> 2016-06-10 12:07:53 +0200
committer: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com> 2016-07-28 14:32:05 +0000
commit: 7f77dc84fb434f33ffe96f6633792706b80fb0a3 (patch)
tree: 0c6cbb6605d0ba65c3bf5a07e0bf313d19358837 /src/network
parent: 997fa05d90e9e1bc02615044fd4f042cb212be65 (diff)
3 files changed, 22 insertions, 8 deletions
diff --git a/src/network/ssl/qsslkey_p.cpp b/src/network/ssl/qsslkey_p.cpp
index 34f664093c..e66ec953a0 100644
--- a/src/network/ssl/qsslkey_p.cpp
+++ b/src/network/ssl/qsslkey_p.cpp
@@ -56,6 +56,9 @@
 
 #include "qsslkey.h"
 #include "qsslkey_p.h"
+#ifndef QT_NO_OPENSSL
+#include "qsslsocket_openssl_symbols_p.h"
+#endif
 #include "qsslsocket.h"
 #include "qsslsocket_p.h"
 
@@ -277,18 +280,23 @@ QSslKey::QSslKey(QIODevice *device, QSsl::KeyAlgorithm algorithm, QSsl::Encoding
     \a type specifies whether the key is public or private.
 
     QSslKey will take ownership for this key and you must not
-    free the key using the native library. The algorithm used
-    when creating a key from a handle will always be QSsl::Opaque.
+    free the key using the native library.
 */
 QSslKey::QSslKey(Qt::HANDLE handle, QSsl::KeyType type)
     : d(new QSslKeyPrivate)
 {
 #ifndef QT_NO_OPENSSL
-    d->opaque = reinterpret_cast<EVP_PKEY *>(handle);
+    EVP_PKEY *evpKey = reinterpret_cast<EVP_PKEY *>(handle);
+    if (!evpKey || !d->fromEVP_PKEY(evpKey)) {
+        d->opaque = evpKey;
+        d->algorithm = QSsl::Opaque;
+    } else {
+        q_EVP_PKEY_free(evpKey);
+    }
 #else
     d->opaque = handle;
-#endif
     d->algorithm = QSsl::Opaque;
+#endif
     d->type = type;
     d->isNull = !d->opaque;
 }
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index f75df0466f..88fed69d3a 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -206,6 +206,7 @@ DEFINEFUNC(int, OBJ_obj2nid, const ASN1_OBJECT *a, a, return NID_undef, return)
 DEFINEFUNC6(void *, PEM_ASN1_read_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return)
 DEFINEFUNC6(void *, PEM_ASN1_write_bio, d2i_of_void *a, a, const char *b, b, BIO *c, c, void **d, d, pem_password_cb *e, e, void *f, f, return 0, return)
 #else
+DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PrivateKey, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return)
 DEFINEFUNC4(DSA *, PEM_read_bio_DSAPrivateKey, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return)
 DEFINEFUNC4(RSA *, PEM_read_bio_RSAPrivateKey, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return)
 #ifndef OPENSSL_NO_EC
@@ -218,6 +219,7 @@ DEFINEFUNC7(int, PEM_write_bio_RSAPrivateKey, BIO *a, a, RSA *b, b, const EVP_CI
 DEFINEFUNC7(int, PEM_write_bio_ECPrivateKey, BIO *a, a, EC_KEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return)
 #endif
 #endif
+DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PUBKEY, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return 0, return)
 DEFINEFUNC4(DSA *, PEM_read_bio_DSA_PUBKEY, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return)
 DEFINEFUNC4(RSA *, PEM_read_bio_RSA_PUBKEY, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return 0, return)
 #ifndef OPENSSL_NO_EC
@@ -836,6 +838,7 @@ bool q_resolveOpenSslSymbols()
 #ifdef SSLEAY_MACROS // ### verify
     RESOLVEFUNC(PEM_ASN1_read_bio)
 #else
+    RESOLVEFUNC(PEM_read_bio_PrivateKey)
     RESOLVEFUNC(PEM_read_bio_DSAPrivateKey)
     RESOLVEFUNC(PEM_read_bio_RSAPrivateKey)
 #ifndef OPENSSL_NO_EC
@@ -848,6 +851,7 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(PEM_write_bio_ECPrivateKey)
 #endif
 #endif
+    RESOLVEFUNC(PEM_read_bio_PUBKEY)
     RESOLVEFUNC(PEM_read_bio_DSA_PUBKEY)
     RESOLVEFUNC(PEM_read_bio_RSA_PUBKEY)
 #ifndef OPENSSL_NO_EC
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
index f912d8609b..508fdc2a4b 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -221,12 +221,12 @@ unsigned char * q_ASN1_STRING_data(ASN1_STRING *a);
 int q_ASN1_STRING_length(ASN1_STRING *a);
 int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b);
 long q_BIO_ctrl(BIO *a, int b, long c, void *d);
-int q_BIO_free(BIO *a);
-BIO *q_BIO_new(BIO_METHOD *a);
+Q_AUTOTEST_EXPORT int q_BIO_free(BIO *a);
+Q_AUTOTEST_EXPORT BIO *q_BIO_new(BIO_METHOD *a);
 BIO *q_BIO_new_mem_buf(void *a, int b);
 int q_BIO_read(BIO *a, void *b, int c);
-BIO_METHOD *q_BIO_s_mem();
-int q_BIO_write(BIO *a, const void *b, int c);
+Q_AUTOTEST_EXPORT BIO_METHOD *q_BIO_s_mem();
+Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c);
 int q_BN_num_bits(const BIGNUM *a);
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 int q_BN_is_word(BIGNUM *a, BN_ULONG w);
@@ -295,6 +295,7 @@ void *q_PEM_ASN1_read_bio(d2i_of_void *a, const char *b, BIO *c, void **d, pem_p
                           void *f);
 // ### ditto for write
 #else
+Q_AUTOTEST_EXPORT EVP_PKEY *q_PEM_read_bio_PrivateKey(BIO *a, EVP_PKEY **b, pem_password_cb *c, void *d);
 DSA *q_PEM_read_bio_DSAPrivateKey(BIO *a, DSA **b, pem_password_cb *c, void *d);
 RSA *q_PEM_read_bio_RSAPrivateKey(BIO *a, RSA **b, pem_password_cb *c, void *d);
 #ifndef OPENSSL_NO_EC
@@ -310,6 +311,7 @@ int q_PEM_write_bio_ECPrivateKey(BIO *a, EC_KEY *b, const EVP_CIPHER *c, unsigne
                                   int e, pem_password_cb *f, void *g);
 #endif
 #endif
+Q_AUTOTEST_EXPORT EVP_PKEY *q_PEM_read_bio_PUBKEY(BIO *a, EVP_PKEY **b, pem_password_cb *c, void *d);
 DSA *q_PEM_read_bio_DSA_PUBKEY(BIO *a, DSA **b, pem_password_cb *c, void *d);
 RSA *q_PEM_read_bio_RSA_PUBKEY(BIO *a, RSA **b, pem_password_cb *c, void *d);
 #ifndef OPENSSL_NO_EC
author	Lars Schmertmann <lars.schmertmann@governikus.com>	2016-06-10 12:07:53 +0200
committer	Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>	2016-07-28 14:32:05 +0000
commit	7f77dc84fb434f33ffe96f6633792706b80fb0a3 (patch)
tree	0c6cbb6605d0ba65c3bf5a07e0bf313d19358837 /src/network
parent	997fa05d90e9e1bc02615044fd4f042cb212be65 (diff)