diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2021-07-23 11:50:35 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2021-07-28 16:24:24 +0200 |
commit | 4c0f81490ba0c4ec75786498332fb355f301b9cf (patch) | |
tree | 305b8eee5a951e676e42aacc9bcb12ebd3107166 /src/plugins/tls/openssl/qsslcontext_openssl.cpp | |
parent | 25fff849e8f34af6d41ff36f2891bb4099b89360 (diff) |
Provide new code paths for OpenSSL v3
With OpenSSL v3 it would be possible to compile-out functions,
directly working with entities like RSA, DSA, DH and EC_KEY.
For this you have to define OPENSSL_API_COMPAT >= 0x30000000L.
This would break QSslKey and QSslContext.
To mitigate this potential problem, we switch to the 'generic'
API, that works with EVP_PKEY instead. All functionality
will be preserved, except inability of QSslKey::handle()
to get pointers to RSA, DSA, DH or EC_KEY.
Fixes: QTBUG-95122
Pick-to: 6.2
Change-Id: Ic85b48502421c4330cf4877b52850539c855fa74
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/plugins/tls/openssl/qsslcontext_openssl.cpp')
-rw-r--r-- | src/plugins/tls/openssl/qsslcontext_openssl.cpp | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/plugins/tls/openssl/qsslcontext_openssl.cpp b/src/plugins/tls/openssl/qsslcontext_openssl.cpp index 1b32ad37dc..54d749b147 100644 --- a/src/plugins/tls/openssl/qsslcontext_openssl.cpp +++ b/src/plugins/tls/openssl/qsslcontext_openssl.cpp @@ -46,6 +46,7 @@ #include "qsslsocket_openssl_symbols_p.h" #include "qsslcontext_openssl_p.h" #include "qtlsbackend_openssl_p.h" +#include "qtlskey_openssl_p.h" #include "qopenssl_p.h" #include <QtNetwork/private/qssl_p.h> @@ -626,6 +627,13 @@ QT_WARNING_POP if (configuration.d->privateKey.algorithm() == QSsl::Opaque) { sslContext->pkey = reinterpret_cast<EVP_PKEY *>(configuration.d->privateKey.handle()); } else { +#ifdef OPENSSL_NO_DEPRECATED_3_0 + auto qtKey = QTlsBackend::backend<QTlsPrivate::TlsKeyOpenSSL>(configuration.d->privateKey); + Q_ASSERT(qtKey); + sslContext->pkey = qtKey->genericKey; + Q_ASSERT(sslContext->pkey); + q_EVP_PKEY_up_ref(sslContext->pkey); +#else // Load private key sslContext->pkey = q_EVP_PKEY_new(); // before we were using EVP_PKEY_assign_R* functions and did not use EVP_PKEY_free. @@ -638,7 +646,8 @@ QT_WARNING_POP #ifndef OPENSSL_NO_EC else if (configuration.d->privateKey.algorithm() == QSsl::Ec) q_EVP_PKEY_set1_EC_KEY(sslContext->pkey, reinterpret_cast<EC_KEY *>(configuration.d->privateKey.handle())); -#endif +#endif // OPENSSL_NO_EC +#endif // OPENSSL_NO_DEPRECATED_3_0 } auto pkey = sslContext->pkey; if (configuration.d->privateKey.algorithm() == QSsl::Opaque) |