Provide new code paths for OpenSSL v3

With OpenSSL v3 it would be possible to compile-out functions, directly working with entities like RSA, DSA, DH and EC_KEY. For this you have to define OPENSSL_API_COMPAT >= 0x30000000L. This would break QSslKey and QSslContext. To mitigate this potential problem, we switch to the 'generic' API, that works with EVP_PKEY instead. All functionality will be preserved, except inability of QSslKey::handle() to get pointers to RSA, DSA, DH or EC_KEY. Fixes: QTBUG-95122 Pick-to: 6.2 Change-Id: Ic85b48502421c4330cf4877b52850539c855fa74 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2021-07-23 11:50:35 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2021-07-28 16:24:24 +0200
commit: 4c0f81490ba0c4ec75786498332fb355f301b9cf (patch)
tree: 305b8eee5a951e676e42aacc9bcb12ebd3107166 /src/plugins/tls/openssl/qsslcontext_openssl.cpp
parent: 25fff849e8f34af6d41ff36f2891bb4099b89360 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/src/plugins/tls/openssl/qsslcontext_openssl.cpp b/src/plugins/tls/openssl/qsslcontext_openssl.cpp
index 1b32ad37dc..54d749b147 100644
--- a/src/plugins/tls/openssl/qsslcontext_openssl.cpp
+++ b/src/plugins/tls/openssl/qsslcontext_openssl.cpp
@@ -46,6 +46,7 @@
 #include "qsslsocket_openssl_symbols_p.h"
 #include "qsslcontext_openssl_p.h"
 #include "qtlsbackend_openssl_p.h"
+#include "qtlskey_openssl_p.h"
 #include "qopenssl_p.h"
 
 #include <QtNetwork/private/qssl_p.h>
@@ -626,6 +627,13 @@ QT_WARNING_POP
         if (configuration.d->privateKey.algorithm() == QSsl::Opaque) {
             sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle());
         } else {
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+            auto qtKey = QTlsBackend::backend<QTlsPrivate::TlsKeyOpenSSL>(configuration.d->privateKey);
+            Q_ASSERT(qtKey);
+            sslContext->pkey = qtKey->genericKey;
+            Q_ASSERT(sslContext->pkey);
+            q_EVP_PKEY_up_ref(sslContext->pkey);
+#else
             // Load private key
             sslContext->pkey = q_EVP_PKEY_new();
             // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free.
@@ -638,7 +646,8 @@ QT_WARNING_POP
 #ifndef OPENSSL_NO_EC
             else if (configuration.d->privateKey.algorithm() == QSsl::Ec)
                 q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle()));
-#endif
+#endif // OPENSSL_NO_EC
+#endif // OPENSSL_NO_DEPRECATED_3_0
         }
         auto pkey = sslContext->pkey;
         if (configuration.d->privateKey.algorithm() == QSsl::Opaque)
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2021-07-23 11:50:35 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2021-07-28 16:24:24 +0200
commit	4c0f81490ba0c4ec75786498332fb355f301b9cf (patch)
tree	305b8eee5a951e676e42aacc9bcb12ebd3107166 /src/plugins/tls/openssl/qsslcontext_openssl.cpp
parent	25fff849e8f34af6d41ff36f2891bb4099b89360 (diff)