Merge "Merge remote-tracking branch 'origin/5.13' into dev" into refs/staging/dev

12 files changed, 59 insertions, 42 deletions

diff --git a/src/network/access/qabstractnetworkcache.cpp b/src/network/access/qabstractnetworkcache.cpp
index 0b94dff61e..4e217294c4 100644
--- a/src/network/access/qabstractnetworkcache.cpp
+++ b/src/network/access/qabstractnetworkcache.cpp
@@ -191,8 +191,8 @@ bool QNetworkCacheMetaData::isValid() const
     Some cache implementations can keep these cache items in memory for performance reasons,
     but for security reasons they should not be written to disk.
 
-    Specifically with http, documents marked with Pragma: no-cache, or have a Cache-control set to
-    no-store or no-cache or any https document that doesn't have "Cache-control: public" set will
+    Specifically with http, documents with Cache-control set to no-store or any
+    https document that doesn't have "Cache-control: public" set will
     set the saveToDisk to false.
 
     \sa setSaveToDisk()
diff --git a/src/network/access/qhttp2protocolhandler.cpp b/src/network/access/qhttp2protocolhandler.cpp
index d5221a4934..35aee6e3e1 100644
--- a/src/network/access/qhttp2protocolhandler.cpp
+++ b/src/network/access/qhttp2protocolhandler.cpp
@@ -198,7 +198,7 @@ QHttp2ProtocolHandler::QHttp2ProtocolHandler(QHttpNetworkConnectionChannel *chan
         }
     }
 
-    if (!channel->ssl) {
+    if (!channel->ssl && m_connection->connectionType() != QHttpNetworkConnection::ConnectionTypeHTTP2Direct) {
         // We upgraded from HTTP/1.1 to HTTP/2. channel->request was already sent
         // as HTTP/1.1 request. The response with status code 101 triggered
         // protocol switch and now we are waiting for the real response, sent
diff --git a/src/network/access/qnetworkaccesscachebackend.cpp b/src/network/access/qnetworkaccesscachebackend.cpp
index 0c9a88596d..22fdc5bb0b 100644
--- a/src/network/access/qnetworkaccesscachebackend.cpp
+++ b/src/network/access/qnetworkaccesscachebackend.cpp
@@ -87,15 +87,16 @@ bool QNetworkAccessCacheBackend::sendCacheContents()
     setAttribute(QNetworkRequest::HttpReasonPhraseAttribute, attributes.value(QNetworkRequest::HttpReasonPhraseAttribute));
 
     // set the raw headers
-    QNetworkCacheMetaData::RawHeaderList rawHeaders = item.rawHeaders();
-    QNetworkCacheMetaData::RawHeaderList::ConstIterator it = rawHeaders.constBegin(),
-                                                       end = rawHeaders.constEnd();
-    for ( ; it != end; ++it) {
-        if (it->first.toLower() == "cache-control" &&
-            it->second.toLower().contains("must-revalidate")) {
-            return false;
+    const QNetworkCacheMetaData::RawHeaderList rawHeaders = item.rawHeaders();
+    for (const auto &header : rawHeaders) {
+        if (header.first.toLower() == "cache-control") {
+            const QByteArray cacheControlValue = header.second.toLower();
+            if (cacheControlValue.contains("must-revalidate")
+                || cacheControlValue.contains("no-cache")) {
+                return false;
+            }
         }
-        setRawHeader(it->first, it->second);
+        setRawHeader(header.first, header.second);
     }
 
     // handle a possible redirect
diff --git a/src/network/access/qnetworkaccessmanager.cpp b/src/network/access/qnetworkaccessmanager.cpp
index 62c915908b..50b9488594 100644
--- a/src/network/access/qnetworkaccessmanager.cpp
+++ b/src/network/access/qnetworkaccessmanager.cpp
@@ -1390,7 +1390,8 @@ QNetworkReply *QNetworkAccessManager::createRequest(QNetworkAccessManager::Opera
     QString scheme = req.url().scheme();
 
 #ifdef Q_OS_WASM
-    if (scheme == QLatin1String("http") || scheme == QLatin1String("https")) {
+    // Support http, https, and relateive urls
+    if (scheme == QLatin1String("http") || scheme == QLatin1String("https") || scheme.isEmpty()) {
         QNetworkReplyWasmImpl *reply = new QNetworkReplyWasmImpl(this);
         QNetworkReplyWasmImplPrivate *priv = reply->d_func();
         priv->manager = this;
diff --git a/src/network/access/qnetworkreplyhttpimpl.cpp b/src/network/access/qnetworkreplyhttpimpl.cpp
index 9ae94afc5a..f801ef0c88 100644
--- a/src/network/access/qnetworkreplyhttpimpl.cpp
+++ b/src/network/access/qnetworkreplyhttpimpl.cpp
@@ -524,6 +524,8 @@ bool QNetworkReplyHttpImplPrivate::loadFromCacheIfAllowed(QHttpNetworkRequest &h
         QHash<QByteArray, QByteArray> cacheControl = parseHttpOptionHeader(it->second);
         if (cacheControl.contains("must-revalidate"))
             return false;
+        if (cacheControl.contains("no-cache"))
+            return false;
     }
 
     QDateTime currentDateTime = QDateTime::currentDateTimeUtc();
@@ -1731,18 +1733,8 @@ QNetworkCacheMetaData QNetworkReplyHttpImplPrivate::fetchCacheMetaData(const QNe
     if (httpRequest.operation() == QHttpNetworkRequest::Get) {
 
         canDiskCache = true;
-        // 14.32
-        // HTTP/1.1 caches SHOULD treat "Pragma: no-cache" as if the client
-        // had sent "Cache-Control: no-cache".
-        it = cacheHeaders.findRawHeader("pragma");
-        if (it != cacheHeaders.rawHeaders.constEnd()
-            && it->second == "no-cache")
-            canDiskCache = false;
-
         // HTTP/1.1. Check the Cache-Control header
-        if (cacheControl.contains("no-cache"))
-            canDiskCache = false;
-        else if (cacheControl.contains("no-store"))
+        if (cacheControl.contains("no-store"))
             canDiskCache = false;
 
     // responses to POST might be cacheable
diff --git a/src/network/access/qnetworkreplywasmimpl.cpp b/src/network/access/qnetworkreplywasmimpl.cpp
index f347cc0479..bb6ef07741 100644
--- a/src/network/access/qnetworkreplywasmimpl.cpp
+++ b/src/network/access/qnetworkreplywasmimpl.cpp
@@ -117,7 +117,7 @@ static void q_loadCallback(val event)
             val blob = xhr["response"];
 
             val reader = val::global("FileReader").new_();
-            reader.set("onload", val::module_property("QNetworkReplyWasmImplPrivate_readBinary"));
+            reader.set("onload", val::module_property("qt_QNetworkReplyWasmImplPrivate_readBinary"));
             reader.set("data-handler", xhr["data-handler"]);
 
             reader.call<void>("readAsArrayBuffer", blob);
@@ -174,12 +174,12 @@ static void q_readBinary(val event)
     QCoreApplication::processEvents();
 }
 
-EMSCRIPTEN_BINDINGS(network_module) {
-    function("QNetworkReplyWasmImplPrivate_requestErrorCallback", q_requestErrorCallback);
-    function("QNetworkReplyWasmImplPrivate_progressCallback", q_progressCallback);
-    function("QNetworkReplyWasmImplPrivate_loadCallback", q_loadCallback);
-    function("QNetworkReplyWasmImplPrivate_responseHeadersCallback", q_responseHeadersCallback);
-    function("QNetworkReplyWasmImplPrivate_readBinary", q_readBinary);
+EMSCRIPTEN_BINDINGS(qtNetworkModule) {
+    function("qt_QNetworkReplyWasmImplPrivate_requestErrorCallback", q_requestErrorCallback);
+    function("qt_QNetworkReplyWasmImplPrivate_progressCallback", q_progressCallback);
+    function("qt_QNetworkReplyWasmImplPrivate_loadCallback", q_loadCallback);
+    function("qt_QNetworkReplyWasmImplPrivate_responseHeadersCallback", q_responseHeadersCallback);
+    function("qt_QNetworkReplyWasmImplPrivate_readBinary", q_readBinary);
 }
 
 QNetworkReplyWasmImplPrivate::QNetworkReplyWasmImplPrivate()
@@ -332,10 +332,10 @@ void QNetworkReplyWasmImplPrivate::doSendRequest()
 
     m_xhr.call<void>("open", verb, request.url().toString().toStdString());
 
-    m_xhr.set("onerror", val::module_property("QNetworkReplyWasmImplPrivate_requestErrorCallback"));
-    m_xhr.set("onload", val::module_property("QNetworkReplyWasmImplPrivate_loadCallback"));
-    m_xhr.set("onprogress", val::module_property("QNetworkReplyWasmImplPrivate_progressCallback"));
-    m_xhr.set("onreadystatechange", val::module_property("QNetworkReplyWasmImplPrivate_responseHeadersCallback"));
+    m_xhr.set("onerror", val::module_property("qt_QNetworkReplyWasmImplPrivate_requestErrorCallback"));
+    m_xhr.set("onload", val::module_property("qt_QNetworkReplyWasmImplPrivate_loadCallback"));
+    m_xhr.set("onprogress", val::module_property("qt_QNetworkReplyWasmImplPrivate_progressCallback"));
+    m_xhr.set("onreadystatechange", val::module_property("qt_QNetworkReplyWasmImplPrivate_responseHeadersCallback"));
 
     m_xhr.set("data-handler", val(quintptr(reinterpret_cast<void *>(this))));
 
diff --git a/src/network/configure.json b/src/network/configure.json
index be9e35c7fe..56805da7b2 100644
--- a/src/network/configure.json
+++ b/src/network/configure.json
@@ -86,11 +86,11 @@
             "sources": [
                 { "type": "openssl" },
                 {
-                    "libs": "-lssleay32 -llibeay32",
+                    "libs": "-lssleay32 -llibeay32 -lUser32 -lWs2_32 -lAdvapi32 -lGdi32",
                     "condition": "config.win32"
                 },
                 {
-                    "libs": "-llibssl -llibcrypto",
+                    "libs": "-llibssl -llibcrypto -lUser32 -lWs2_32 -lAdvapi32 -lCrypt32",
                     "condition": "config.msvc"
                 },
                 {
diff --git a/src/network/ssl/qsslkey_openssl.cpp b/src/network/ssl/qsslkey_openssl.cpp
index dfb80bd829..888058df22 100644
--- a/src/network/ssl/qsslkey_openssl.cpp
+++ b/src/network/ssl/qsslkey_openssl.cpp
@@ -334,12 +334,13 @@ static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data,
 #endif
         break;
     case QSslKeyPrivate::Aes128Cbc:
+        type = q_EVP_aes_128_cbc();
+        break;
     case QSslKeyPrivate::Aes192Cbc:
+        type = q_EVP_aes_192_cbc();
+        break;
     case QSslKeyPrivate::Aes256Cbc:
-        // Just to avoid compiler warnings/errors. OpenSSL uses a different
-        // codepath when reading encrypted keys, and they all correctly
-        // deduce the cipher and know how to derive a key.
-        Q_UNREACHABLE();
+        type = q_EVP_aes_256_cbc();
         break;
     }
 
diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp
index 1b2d9a49aa..2662418a05 100644
--- a/src/network/ssl/qsslkey_qt.cpp
+++ b/src/network/ssl/qsslkey_qt.cpp
@@ -413,14 +413,12 @@ void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhra
             cipher = DesEde3Cbc;
         } else if (dekInfo.first() == "RC2-CBC") {
             cipher = Rc2Cbc;
-#if defined(QT_SECURETRANSPORT) || QT_CONFIG(schannel)
         } else if (dekInfo.first() == "AES-128-CBC") {
             cipher = Aes128Cbc;
         } else if (dekInfo.first() == "AES-192-CBC") {
             cipher = Aes192Cbc;
         } else if (dekInfo.first() == "AES-256-CBC") {
             cipher = Aes256Cbc;
-#endif // QT_SECURETRANSPORT || schannel
         } else {
             clear(deepClear);
             return;
diff --git a/src/network/ssl/qsslkey_winrt.cpp b/src/network/ssl/qsslkey_winrt.cpp
index f2ed813965..69eaaa387f 100644
--- a/src/network/ssl/qsslkey_winrt.cpp
+++ b/src/network/ssl/qsslkey_winrt.cpp
@@ -83,6 +83,15 @@ struct SslKeyGlobal
         hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"RC2_CBC").Get(),
                                                &keyProviders[QSslKeyPrivate::Rc2Cbc]);
         Q_ASSERT_SUCCEEDED(hr);
+        hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"AES_CBC").Get(),
+                                               &keyProviders[QSslKeyPrivate::Aes128Cbc]);
+        Q_ASSERT_SUCCEEDED(hr);
+        hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"AES_CBC").Get(),
+                                               &keyProviders[QSslKeyPrivate::Aes192Cbc]);
+        Q_ASSERT_SUCCEEDED(hr);
+        hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"AES_CBC").Get(),
+                                               &keyProviders[QSslKeyPrivate::Aes256Cbc]);
+        Q_ASSERT_SUCCEEDED(hr);
 
         hr = GetActivationFactory(HString::MakeReference(RuntimeClass_Windows_Security_Cryptography_CryptographicBuffer).Get(),
                                   &bufferFactory);
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index f136c92a65..e04d45c10c 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -359,6 +359,11 @@ DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return null
 #ifndef OPENSSL_NO_RC2
 DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
 #endif
+#ifndef OPENSSL_NO_AES
+DEFINEFUNC(const EVP_CIPHER *, EVP_aes_128_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
+DEFINEFUNC(const EVP_CIPHER *, EVP_aes_192_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
+DEFINEFUNC(const EVP_CIPHER *, EVP_aes_256_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
+#endif
 DEFINEFUNC(const EVP_MD *, EVP_sha1, DUMMYARG, DUMMYARG, return nullptr, return)
 DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return)
 DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return)
@@ -1179,6 +1184,11 @@ bool q_resolveOpenSslSymbols()
 #ifndef OPENSSL_NO_RC2
     RESOLVEFUNC(EVP_rc2_cbc)
 #endif
+#ifndef OPENSSL_NO_AES
+    RESOLVEFUNC(EVP_aes_128_cbc)
+    RESOLVEFUNC(EVP_aes_192_cbc)
+    RESOLVEFUNC(EVP_aes_256_cbc)
+#endif
     RESOLVEFUNC(EVP_sha1)
     RESOLVEFUNC(EVP_PKEY_assign)
     RESOLVEFUNC(EVP_PKEY_set1_RSA)
diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h
index 59b6e53940..fcf96dbd47 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -281,6 +281,11 @@ const EVP_CIPHER *q_EVP_des_ede3_cbc();
 #ifndef OPENSSL_NO_RC2
 const EVP_CIPHER *q_EVP_rc2_cbc();
 #endif
+#ifndef OPENSSL_NO_AES
+const EVP_CIPHER *q_EVP_aes_128_cbc();
+const EVP_CIPHER *q_EVP_aes_192_cbc();
+const EVP_CIPHER *q_EVP_aes_256_cbc();
+#endif
 Q_AUTOTEST_EXPORT const EVP_MD *q_EVP_sha1();
 int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c);
 Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b);