diff options
Diffstat (limited to 'src/network/ssl/qsslsocket_openssl_symbols.cpp')
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_symbols.cpp | 74 |
1 files changed, 61 insertions, 13 deletions
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index ed80fc14bd..0ace951c77 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -148,7 +148,6 @@ DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return) DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return) DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return) -DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) @@ -158,7 +157,7 @@ DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMM DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) -DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) +DEFINEFUNC2(qssloptions, SSL_CTX_set_options, SSL_CTX *ctx, ctx, qssloptions op, op, return 0, return) DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return) DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return) #ifdef TLS1_3_VERSION @@ -178,6 +177,8 @@ DEFINEFUNC(const SSL_METHOD *, TLS_server_method, DUMMYARG, DUMMYARG, return nul DEFINEFUNC(void, X509_up_ref, X509 *a, a, return, DUMMYARG) DEFINEFUNC(ASN1_TIME *, X509_getm_notBefore, X509 *a, a, return nullptr, return) DEFINEFUNC(ASN1_TIME *, X509_getm_notAfter, X509 *a, a, return nullptr, return) +DEFINEFUNC2(void, ASN1_item_free, ASN1_VALUE *val, val, const ASN1_ITEM *it, it, return, return) +DEFINEFUNC(void, X509V3_conf_free, CONF_VALUE *val, val, return, return) DEFINEFUNC(long, X509_get_version, X509 *a, a, return -1, return) DEFINEFUNC(EVP_PKEY *, X509_get_pubkey, X509 *a, a, return nullptr, return) DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_verify_cb verify_cb, verify_cb, return, DUMMYARG) @@ -234,6 +235,7 @@ DEFINEFUNC6(int, OCSP_basic_sign, OCSP_BASICRESP *br, br, X509 *signer, signer, const EVP_MD *dg, dg, STACK_OF(X509) *cs, cs, unsigned long flags, flags, return 0, return) #endif // ocsp +DEFINEFUNC(void, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS *p, p, return, return) DEFINEFUNC2(void, BIO_set_data, BIO *a, a, void *ptr, ptr, return, DUMMYARG) DEFINEFUNC(void *, BIO_get_data, BIO *a, a, return nullptr, return) DEFINEFUNC2(void, BIO_set_init, BIO *a, a, int init, init, return, DUMMYARG) @@ -368,7 +370,15 @@ DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr DEFINEFUNC(int, SSL_version, const SSL *a, a, return 0, return) DEFINEFUNC2(int, SSL_get_error, SSL *a, a, int b, b, return -1, return) DEFINEFUNC(STACK_OF(X509) *, SSL_get_peer_cert_chain, SSL *a, a, return nullptr, return) + +#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3 +DEFINEFUNC(X509 *, SSL_get1_peer_certificate, SSL *a, a, return nullptr, return) +DEFINEFUNC(int, EVP_PKEY_get_base_id, const EVP_PKEY *pkey, pkey, return -1, return) +#else DEFINEFUNC(X509 *, SSL_get_peer_certificate, SSL *a, a, return nullptr, return) +DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) +#endif // OPENSSL_VERSION_MAJOR >= 3 + DEFINEFUNC(long, SSL_get_verify_result, const SSL *a, a, return -1, return) DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return nullptr, return) DEFINEFUNC(SSL_CTX *, SSL_get_SSL_CTX, SSL *a, a, return nullptr, return) @@ -644,6 +654,12 @@ static QStringList findAllLibCrypto() } # endif +#if (OPENSSL_VERSION_NUMBER >> 28) < 3 +#define QT_OPENSSL_VERSION "1_1" +#elif OPENSSL_VERSION_MAJOR == 3 // Starting with 3.0 this define is available +#define QT_OPENSSL_VERSION "3" +#endif // > 3 intentionally left undefined + #ifdef Q_OS_WIN struct LoadedOpenSsl { @@ -671,22 +687,27 @@ static LoadedOpenSsl loadOpenSsl() { LoadedOpenSsl result; - // With OpenSSL 1.1 the names have changed to libssl-1_1(-x64) and libcrypto-1_1(-x64), for builds using - // MSVC and GCC, (-x64 suffix for 64-bit builds). + // With OpenSSL 1.1 the names have changed to libssl-1_1 and libcrypto-1_1 for builds using + // MSVC and GCC. For 3.0 the version suffix changed again, to just '3'. + // For non-x86 builds, an architecture suffix is also appended. -#ifdef Q_PROCESSOR_X86_64 +#if defined(Q_PROCESSOR_X86_64) #define QT_SSL_SUFFIX "-x64" -#else // !Q_PROCESSOFR_X86_64 +#elif defined(Q_PROCESSOR_ARM_64) +#define QT_SSL_SUFFIX "-arm64" +#elif defined(Q_PROCESSOR_ARM_32) +#define QT_SSL_SUFFIX "-arm" +#else #define QT_SSL_SUFFIX -#endif // !Q_PROCESSOR_x86_64 +#endif - tryToLoadOpenSslWin32Library(QLatin1String("libssl-1_1" QT_SSL_SUFFIX), - QLatin1String("libcrypto-1_1" QT_SSL_SUFFIX), result); + tryToLoadOpenSslWin32Library(QLatin1String("libssl-" QT_OPENSSL_VERSION QT_SSL_SUFFIX), + QLatin1String("libcrypto-" QT_OPENSSL_VERSION QT_SSL_SUFFIX), result); #undef QT_SSL_SUFFIX return result; } -#else +#else // !Q_OS_WIN: struct LoadedOpenSsl { std::unique_ptr<QLibrary> ssl, crypto; @@ -765,7 +786,7 @@ static LoadedOpenSsl loadOpenSsl() return suffix; }; - static QString suffix = QString::fromLatin1(openSSLSuffix("_1_1")); + static QString suffix = QString::fromLatin1(openSSLSuffix("_" QT_OPENSSL_VERSION)); libssl->setFileNameAndVersion(QLatin1String("ssl") + suffix, -1); libcrypto->setFileNameAndVersion(QLatin1String("crypto") + suffix, -1); @@ -787,6 +808,11 @@ static LoadedOpenSsl loadOpenSsl() const QStringList cryptoList = findAllLibCrypto(); for (const QString &crypto : cryptoList) { +#ifdef Q_OS_DARWIN + // Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI + if (crypto.endsWith("libcrypto.dylib")) + continue; +#endif libcrypto->setFileNameAndVersion(crypto, -1); if (libcrypto->load()) { QFileInfo fi(crypto); @@ -844,11 +870,11 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(OPENSSL_init_crypto) RESOLVEFUNC(ASN1_STRING_get0_data) RESOLVEFUNC(EVP_CIPHER_CTX_reset) + RESOLVEFUNC(AUTHORITY_INFO_ACCESS_free) RESOLVEFUNC(EVP_PKEY_up_ref) RESOLVEFUNC(EVP_PKEY_CTX_new) RESOLVEFUNC(EVP_PKEY_param_check) RESOLVEFUNC(EVP_PKEY_CTX_free) - RESOLVEFUNC(EVP_PKEY_base_id) RESOLVEFUNC(RSA_bits) RESOLVEFUNC(OPENSSL_sk_new_null) RESOLVEFUNC(OPENSSL_sk_push) @@ -880,6 +906,8 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(X509_STORE_CTX_get0_chain) RESOLVEFUNC(X509_getm_notBefore) RESOLVEFUNC(X509_getm_notAfter) + RESOLVEFUNC(ASN1_item_free) + RESOLVEFUNC(X509V3_conf_free) RESOLVEFUNC(X509_get_version) RESOLVEFUNC(X509_get_pubkey) RESOLVEFUNC(X509_STORE_set_verify_cb) @@ -889,13 +917,25 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(OpenSSL_version_num) RESOLVEFUNC(OpenSSL_version) - if (!_q_OpenSSL_version) { + if (!_q_OpenSSL_version || !_q_OpenSSL_version_num) { // Apparently, we were built with OpenSSL 1.1 enabled but are now using // a wrong library. qCWarning(lcSsl, "Incompatible version of OpenSSL"); return false; } +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + if (q_OpenSSL_version_num() < 0x30000000) { + qCWarning(lcSsl, "Incompatible version of OpenSSL (built with OpenSSL >= 3.x, runtime version is < 3.x)"); + return false; + } +#else + if (q_OpenSSL_version_num() >= 0x30000000) { + qCWarning(lcSsl, "Incompatible version of OpenSSL (built with OpenSSL 1.x, runtime version is >= 3.x)"); + return false; + } +#endif // OPENSSL_VERSION_NUMBER + RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint) RESOLVEFUNC(DH_bits) RESOLVEFUNC(DSA_bits) @@ -1073,7 +1113,15 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_version) RESOLVEFUNC(SSL_get_error) RESOLVEFUNC(SSL_get_peer_cert_chain) + +#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3 + RESOLVEFUNC(SSL_get1_peer_certificate) + RESOLVEFUNC(EVP_PKEY_get_base_id) +#else RESOLVEFUNC(SSL_get_peer_certificate) + RESOLVEFUNC(EVP_PKEY_base_id) +#endif // OPENSSL_VERSION_MAJOR >= 3 + RESOLVEFUNC(SSL_get_verify_result) RESOLVEFUNC(SSL_new) RESOLVEFUNC(SSL_get_SSL_CTX) |