tst_QSslKey: prepare for the migration to OpenSSL v3

Many algorithms (ciphers etc.) had become 'legacy' in OpenSSL v3, meaning they are not available by default. Since we don't mess with loading providers and don't load the 'legacy' one, we have to skip tests involving such algorithms. Pick-to: 6.4 6.3 6.2 5.15 Fixes: QTBUG-104232 Change-Id: Ieceabeb080e531aeb24f733cb8c83ad08a25049c Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2022-07-01 09:56:48 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2022-07-05 17:36:03 +0200
commit: 7949dab8abbc65b11650e1f91a797889fe834090 (patch)
tree: 3c5f478175e442dd943e3d7a90cbc062182603c6 /tests/auto/network
parent: d85dff3775b00dde079c50bcf417cae5ed884512 (diff)
1 files changed, 42 insertions, 12 deletions
diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp
index bb8d2afde7..ac42704b30 100644
--- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp
+++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp
@@ -90,6 +90,7 @@ private:
     QString testDataDir;
 
     bool fileContainsUnsupportedEllipticCurve(const QString &fileName) const;
+    bool algorithmsSupported(const QString &fileName) const;
     QVector<QString> unsupportedCurves;
 
     bool isOpenSsl = false;
@@ -153,6 +154,34 @@ bool tst_QSslKey::fileContainsUnsupportedEllipticCurve(const QString &fileName)
     return false;
 }
 
+bool tst_QSslKey::algorithmsSupported(const QString &fileName) const
+{
+    if (isSchannel && fileName.contains("RC2-64")) // Schannel treats RC2 as 128 bit
+        return false;
+
+    if (isSchannel || isSecureTransport) {
+        // No AES support in the generic back-end, PKCS#12 algorithms not supported either.
+        return !(fileName.contains(QRegularExpression("-aes\\d\\d\\d-")) || fileName.contains("pkcs8-pkcs12"));
+    }
+
+#if OPENSSL_VERSION_MAJOR < 3
+    // If it's not built with OpenSSL or it's OpenSSL v < 3.
+    return true;
+#else
+    // OpenSSL v3 first introduced the notion of 'providers'. Many algorithms
+    // were moved into the 'legacy' provider. While they are still supported in theory,
+    // the 'legacy' provider is NOT loaded by default and we are not loading it either.
+    // Thus, some of the keys we are using in tst_QSslKey would fail the test. We
+    // have to filter them out.
+    const auto name = fileName.toLower();
+    if (name.contains("-des."))
+        return false;
+
+    return !name.contains("-rc2-") && !name.contains("-rc4-");
+#endif
+}
+
+
 void tst_QSslKey::initTestCase()
 {
     testDataDir = QFileInfo(QFINDTESTDATA("rsa-without-passphrase.pem")).absolutePath();
@@ -221,17 +250,8 @@ void tst_QSslKey::createPlainTestRows(bool pemOnly)
         if (pemOnly && keyInfo.format != QSsl::EncodingFormat::Pem)
             continue;
 
-        if (isSchannel) {
-            if (keyInfo.fileInfo.fileName().contains("RC2-64"))
-                continue; // Schannel treats RC2 as 128 bit
-        }
-
-        if (isSchannel || isSecureTransport) {
-            if (keyInfo.fileInfo.fileName().contains(QRegularExpression("-aes\\d\\d\\d-")))
-                continue; // No AES support in the generic back-end
-            if (keyInfo.fileInfo.fileName().contains("pkcs8-pkcs12"))
-                continue; // The generic back-end doesn't support PKCS#12 algorithms
-        }
+        if (!algorithmsSupported(keyInfo.fileInfo.fileName()))
+            continue;
 
         QTest::newRow(keyInfo.fileInfo.fileName().toLatin1())
             << keyInfo.fileInfo.absoluteFilePath() << keyInfo.algorithm << keyInfo.type
@@ -525,9 +545,15 @@ void tst_QSslKey::passphraseChecks_data()
     const QByteArray pass("123");
     const QByteArray aesPass("1234");
 
+#if OPENSSL_VERSION_MAJOR < 3
+    // DES and RC2 are not provided by default in OpenSSL v3.
+    // This part is for either non-OpenSSL build, or OpenSSL v < 3.x.
     QTest::newRow("DES") << QString(testDataDir + "rsa-with-passphrase-des.pem") << pass;
-    QTest::newRow("3DES") << QString(testDataDir + "rsa-with-passphrase-3des.pem") << pass;
     QTest::newRow("RC2") << QString(testDataDir + "rsa-with-passphrase-rc2.pem") << pass;
+#endif // OPENSSL_VERSION_MAJOR
+
+    QTest::newRow("3DES") << QString(testDataDir + "rsa-with-passphrase-3des.pem") << pass;
+
 #if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES)
     QTest::newRow("AES128") << QString(testDataDir + "rsa-with-passphrase-aes128.pem") << aesPass;
     QTest::newRow("AES192") << QString(testDataDir + "rsa-with-passphrase-aes192.pem") << aesPass;
@@ -624,6 +650,9 @@ void tst_QSslKey::encrypt_data()
     QTest::addColumn<QByteArray>("iv");
 
     QByteArray iv("abcdefgh");
+#if OPENSSL_VERSION_MAJOR < 3
+    // Either non-OpenSSL build, or OpenSSL v < 3
+    // (with DES and other legacy algorithms available by default)
     QTest::newRow("DES-CBC, length 0")
         << Cipher::DesCbc << QByteArray("01234567")
         << QByteArray()
@@ -713,6 +742,7 @@ void tst_QSslKey::encrypt_data()
         << QByteArray(8, 'a')
         << QByteArray::fromHex("5AEC1A5B295660B02613454232F7DECE")
         << iv;
+#endif // OPENSSL_VERSION_MAJOR
 
 #if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES)
     // AES needs a longer IV
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2022-07-01 09:56:48 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2022-07-05 17:36:03 +0200
commit	7949dab8abbc65b11650e1f91a797889fe834090 (patch)
tree	3c5f478175e442dd943e3d7a90cbc062182603c6 /tests/auto/network
parent	d85dff3775b00dde079c50bcf417cae5ed884512 (diff)