diff options
author | Qt Forward Merge Bot <qt_forward_merge_bot@qt-project.org> | 2019-04-04 23:01:17 +0000 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2019-04-04 23:01:17 +0000 |
commit | ed485243b594a730cebee4d76847e0f556d369f4 (patch) | |
tree | 545dd98a3138782df786f742cac02bc63113eaf6 /src/network | |
parent | 8d7c97d428cdf89c3419a4e13b62a9849feefce9 (diff) | |
parent | eb606d85b3f1548445cfd1fee43f882da88fb6e7 (diff) |
Merge "Merge remote-tracking branch 'origin/5.13' into dev" into refs/staging/dev
Diffstat (limited to 'src/network')
-rw-r--r-- | src/network/access/qabstractnetworkcache.cpp | 4 | ||||
-rw-r--r-- | src/network/access/qhttp2protocolhandler.cpp | 2 | ||||
-rw-r--r-- | src/network/access/qnetworkaccesscachebackend.cpp | 17 | ||||
-rw-r--r-- | src/network/access/qnetworkaccessmanager.cpp | 3 | ||||
-rw-r--r-- | src/network/access/qnetworkreplyhttpimpl.cpp | 14 | ||||
-rw-r--r-- | src/network/access/qnetworkreplywasmimpl.cpp | 22 | ||||
-rw-r--r-- | src/network/configure.json | 4 | ||||
-rw-r--r-- | src/network/ssl/qsslkey_openssl.cpp | 9 | ||||
-rw-r--r-- | src/network/ssl/qsslkey_qt.cpp | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslkey_winrt.cpp | 9 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols.cpp | 10 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols_p.h | 5 |
12 files changed, 59 insertions, 42 deletions
diff --git a/src/network/access/qabstractnetworkcache.cpp b/src/network/access/qabstractnetworkcache.cpp index 0b94dff61e..4e217294c4 100644 --- a/src/network/access/qabstractnetworkcache.cpp +++ b/src/network/access/qabstractnetworkcache.cpp @@ -191,8 +191,8 @@ bool QNetworkCacheMetaData::isValid() const Some cache implementations can keep these cache items in memory for performance reasons, but for security reasons they should not be written to disk. - Specifically with http, documents marked with Pragma: no-cache, or have a Cache-control set to - no-store or no-cache or any https document that doesn't have "Cache-control: public" set will + Specifically with http, documents with Cache-control set to no-store or any + https document that doesn't have "Cache-control: public" set will set the saveToDisk to false. \sa setSaveToDisk() diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp index d5221a4934..35aee6e3e1 100644 --- a/src/network/access/qhttp2protocolhandler.cpp +++ b/src/network/access/qhttp2protocolhandler.cpp @@ -198,7 +198,7 @@ QHttp2ProtocolHandler::QHttp2ProtocolHandler(QHttpNetworkConnectionChannel *chan } } - if (!channel->ssl) { + if (!channel->ssl && m_connection->connectionType() != QHttpNetworkConnection::ConnectionTypeHTTP2Direct) { // We upgraded from HTTP/1.1 to HTTP/2. channel->request was already sent // as HTTP/1.1 request. The response with status code 101 triggered // protocol switch and now we are waiting for the real response, sent diff --git a/src/network/access/qnetworkaccesscachebackend.cpp b/src/network/access/qnetworkaccesscachebackend.cpp index 0c9a88596d..22fdc5bb0b 100644 --- a/src/network/access/qnetworkaccesscachebackend.cpp +++ b/src/network/access/qnetworkaccesscachebackend.cpp @@ -87,15 +87,16 @@ bool QNetworkAccessCacheBackend::sendCacheContents() setAttribute(QNetworkRequest::HttpReasonPhraseAttribute, attributes.value(QNetworkRequest::HttpReasonPhraseAttribute)); // set the raw headers - QNetworkCacheMetaData::RawHeaderList rawHeaders = item.rawHeaders(); - QNetworkCacheMetaData::RawHeaderList::ConstIterator it = rawHeaders.constBegin(), - end = rawHeaders.constEnd(); - for ( ; it != end; ++it) { - if (it->first.toLower() == "cache-control" && - it->second.toLower().contains("must-revalidate")) { - return false; + const QNetworkCacheMetaData::RawHeaderList rawHeaders = item.rawHeaders(); + for (const auto &header : rawHeaders) { + if (header.first.toLower() == "cache-control") { + const QByteArray cacheControlValue = header.second.toLower(); + if (cacheControlValue.contains("must-revalidate") + || cacheControlValue.contains("no-cache")) { + return false; + } } - setRawHeader(it->first, it->second); + setRawHeader(header.first, header.second); } // handle a possible redirect diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp index 62c915908b..50b9488594 100644 --- a/src/network/access/qnetworkaccessmanager.cpp +++ b/src/network/access/qnetworkaccessmanager.cpp @@ -1390,7 +1390,8 @@ QNetworkReply *QNetworkAccessManager::createRequest(QNetworkAccessManager::Opera QString scheme = req.url().scheme(); #ifdef Q_OS_WASM - if (scheme == QLatin1String("http") || scheme == QLatin1String("https")) { + // Support http, https, and relateive urls + if (scheme == QLatin1String("http") || scheme == QLatin1String("https") || scheme.isEmpty()) { QNetworkReplyWasmImpl *reply = new QNetworkReplyWasmImpl(this); QNetworkReplyWasmImplPrivate *priv = reply->d_func(); priv->manager = this; diff --git a/src/network/access/qnetworkreplyhttpimpl.cpp b/src/network/access/qnetworkreplyhttpimpl.cpp index 9ae94afc5a..f801ef0c88 100644 --- a/src/network/access/qnetworkreplyhttpimpl.cpp +++ b/src/network/access/qnetworkreplyhttpimpl.cpp @@ -524,6 +524,8 @@ bool QNetworkReplyHttpImplPrivate::loadFromCacheIfAllowed(QHttpNetworkRequest &h QHash<QByteArray, QByteArray> cacheControl = parseHttpOptionHeader(it->second); if (cacheControl.contains("must-revalidate")) return false; + if (cacheControl.contains("no-cache")) + return false; } QDateTime currentDateTime = QDateTime::currentDateTimeUtc(); @@ -1731,18 +1733,8 @@ QNetworkCacheMetaData QNetworkReplyHttpImplPrivate::fetchCacheMetaData(const QNe if (httpRequest.operation() == QHttpNetworkRequest::Get) { canDiskCache = true; - // 14.32 - // HTTP/1.1 caches SHOULD treat "Pragma: no-cache" as if the client - // had sent "Cache-Control: no-cache". - it = cacheHeaders.findRawHeader("pragma"); - if (it != cacheHeaders.rawHeaders.constEnd() - && it->second == "no-cache") - canDiskCache = false; - // HTTP/1.1. Check the Cache-Control header - if (cacheControl.contains("no-cache")) - canDiskCache = false; - else if (cacheControl.contains("no-store")) + if (cacheControl.contains("no-store")) canDiskCache = false; // responses to POST might be cacheable diff --git a/src/network/access/qnetworkreplywasmimpl.cpp b/src/network/access/qnetworkreplywasmimpl.cpp index f347cc0479..bb6ef07741 100644 --- a/src/network/access/qnetworkreplywasmimpl.cpp +++ b/src/network/access/qnetworkreplywasmimpl.cpp @@ -117,7 +117,7 @@ static void q_loadCallback(val event) val blob = xhr["response"]; val reader = val::global("FileReader").new_(); - reader.set("onload", val::module_property("QNetworkReplyWasmImplPrivate_readBinary")); + reader.set("onload", val::module_property("qt_QNetworkReplyWasmImplPrivate_readBinary")); reader.set("data-handler", xhr["data-handler"]); reader.call<void>("readAsArrayBuffer", blob); @@ -174,12 +174,12 @@ static void q_readBinary(val event) QCoreApplication::processEvents(); } -EMSCRIPTEN_BINDINGS(network_module) { - function("QNetworkReplyWasmImplPrivate_requestErrorCallback", q_requestErrorCallback); - function("QNetworkReplyWasmImplPrivate_progressCallback", q_progressCallback); - function("QNetworkReplyWasmImplPrivate_loadCallback", q_loadCallback); - function("QNetworkReplyWasmImplPrivate_responseHeadersCallback", q_responseHeadersCallback); - function("QNetworkReplyWasmImplPrivate_readBinary", q_readBinary); +EMSCRIPTEN_BINDINGS(qtNetworkModule) { + function("qt_QNetworkReplyWasmImplPrivate_requestErrorCallback", q_requestErrorCallback); + function("qt_QNetworkReplyWasmImplPrivate_progressCallback", q_progressCallback); + function("qt_QNetworkReplyWasmImplPrivate_loadCallback", q_loadCallback); + function("qt_QNetworkReplyWasmImplPrivate_responseHeadersCallback", q_responseHeadersCallback); + function("qt_QNetworkReplyWasmImplPrivate_readBinary", q_readBinary); } QNetworkReplyWasmImplPrivate::QNetworkReplyWasmImplPrivate() @@ -332,10 +332,10 @@ void QNetworkReplyWasmImplPrivate::doSendRequest() m_xhr.call<void>("open", verb, request.url().toString().toStdString()); - m_xhr.set("onerror", val::module_property("QNetworkReplyWasmImplPrivate_requestErrorCallback")); - m_xhr.set("onload", val::module_property("QNetworkReplyWasmImplPrivate_loadCallback")); - m_xhr.set("onprogress", val::module_property("QNetworkReplyWasmImplPrivate_progressCallback")); - m_xhr.set("onreadystatechange", val::module_property("QNetworkReplyWasmImplPrivate_responseHeadersCallback")); + m_xhr.set("onerror", val::module_property("qt_QNetworkReplyWasmImplPrivate_requestErrorCallback")); + m_xhr.set("onload", val::module_property("qt_QNetworkReplyWasmImplPrivate_loadCallback")); + m_xhr.set("onprogress", val::module_property("qt_QNetworkReplyWasmImplPrivate_progressCallback")); + m_xhr.set("onreadystatechange", val::module_property("qt_QNetworkReplyWasmImplPrivate_responseHeadersCallback")); m_xhr.set("data-handler", val(quintptr(reinterpret_cast<void *>(this)))); diff --git a/src/network/configure.json b/src/network/configure.json index be9e35c7fe..56805da7b2 100644 --- a/src/network/configure.json +++ b/src/network/configure.json @@ -86,11 +86,11 @@ "sources": [ { "type": "openssl" }, { - "libs": "-lssleay32 -llibeay32", + "libs": "-lssleay32 -llibeay32 -lUser32 -lWs2_32 -lAdvapi32 -lGdi32", "condition": "config.win32" }, { - "libs": "-llibssl -llibcrypto", + "libs": "-llibssl -llibcrypto -lUser32 -lWs2_32 -lAdvapi32 -lCrypt32", "condition": "config.msvc" }, { diff --git a/src/network/ssl/qsslkey_openssl.cpp b/src/network/ssl/qsslkey_openssl.cpp index dfb80bd829..888058df22 100644 --- a/src/network/ssl/qsslkey_openssl.cpp +++ b/src/network/ssl/qsslkey_openssl.cpp @@ -334,12 +334,13 @@ static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, #endif break; case QSslKeyPrivate::Aes128Cbc: + type = q_EVP_aes_128_cbc(); + break; case QSslKeyPrivate::Aes192Cbc: + type = q_EVP_aes_192_cbc(); + break; case QSslKeyPrivate::Aes256Cbc: - // Just to avoid compiler warnings/errors. OpenSSL uses a different - // codepath when reading encrypted keys, and they all correctly - // deduce the cipher and know how to derive a key. - Q_UNREACHABLE(); + type = q_EVP_aes_256_cbc(); break; } diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp index 1b2d9a49aa..2662418a05 100644 --- a/src/network/ssl/qsslkey_qt.cpp +++ b/src/network/ssl/qsslkey_qt.cpp @@ -413,14 +413,12 @@ void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhra cipher = DesEde3Cbc; } else if (dekInfo.first() == "RC2-CBC") { cipher = Rc2Cbc; -#if defined(QT_SECURETRANSPORT) || QT_CONFIG(schannel) } else if (dekInfo.first() == "AES-128-CBC") { cipher = Aes128Cbc; } else if (dekInfo.first() == "AES-192-CBC") { cipher = Aes192Cbc; } else if (dekInfo.first() == "AES-256-CBC") { cipher = Aes256Cbc; -#endif // QT_SECURETRANSPORT || schannel } else { clear(deepClear); return; diff --git a/src/network/ssl/qsslkey_winrt.cpp b/src/network/ssl/qsslkey_winrt.cpp index f2ed813965..69eaaa387f 100644 --- a/src/network/ssl/qsslkey_winrt.cpp +++ b/src/network/ssl/qsslkey_winrt.cpp @@ -83,6 +83,15 @@ struct SslKeyGlobal hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"RC2_CBC").Get(), &keyProviders[QSslKeyPrivate::Rc2Cbc]); Q_ASSERT_SUCCEEDED(hr); + hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"AES_CBC").Get(), + &keyProviders[QSslKeyPrivate::Aes128Cbc]); + Q_ASSERT_SUCCEEDED(hr); + hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"AES_CBC").Get(), + &keyProviders[QSslKeyPrivate::Aes192Cbc]); + Q_ASSERT_SUCCEEDED(hr); + hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"AES_CBC").Get(), + &keyProviders[QSslKeyPrivate::Aes256Cbc]); + Q_ASSERT_SUCCEEDED(hr); hr = GetActivationFactory(HString::MakeReference(RuntimeClass_Windows_Security_Cryptography_CryptographicBuffer).Get(), &bufferFactory); diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index f136c92a65..e04d45c10c 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -359,6 +359,11 @@ DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return null #ifndef OPENSSL_NO_RC2 DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return nullptr, return) #endif +#ifndef OPENSSL_NO_AES +DEFINEFUNC(const EVP_CIPHER *, EVP_aes_128_cbc, DUMMYARG, DUMMYARG, return nullptr, return) +DEFINEFUNC(const EVP_CIPHER *, EVP_aes_192_cbc, DUMMYARG, DUMMYARG, return nullptr, return) +DEFINEFUNC(const EVP_CIPHER *, EVP_aes_256_cbc, DUMMYARG, DUMMYARG, return nullptr, return) +#endif DEFINEFUNC(const EVP_MD *, EVP_sha1, DUMMYARG, DUMMYARG, return nullptr, return) DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return) DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return) @@ -1179,6 +1184,11 @@ bool q_resolveOpenSslSymbols() #ifndef OPENSSL_NO_RC2 RESOLVEFUNC(EVP_rc2_cbc) #endif +#ifndef OPENSSL_NO_AES + RESOLVEFUNC(EVP_aes_128_cbc) + RESOLVEFUNC(EVP_aes_192_cbc) + RESOLVEFUNC(EVP_aes_256_cbc) +#endif RESOLVEFUNC(EVP_sha1) RESOLVEFUNC(EVP_PKEY_assign) RESOLVEFUNC(EVP_PKEY_set1_RSA) diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index 59b6e53940..fcf96dbd47 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -281,6 +281,11 @@ const EVP_CIPHER *q_EVP_des_ede3_cbc(); #ifndef OPENSSL_NO_RC2 const EVP_CIPHER *q_EVP_rc2_cbc(); #endif +#ifndef OPENSSL_NO_AES +const EVP_CIPHER *q_EVP_aes_128_cbc(); +const EVP_CIPHER *q_EVP_aes_192_cbc(); +const EVP_CIPHER *q_EVP_aes_256_cbc(); +#endif Q_AUTOTEST_EXPORT const EVP_MD *q_EVP_sha1(); int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); |