diff options
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qsslcertificate.h | 2 | ||||
-rw-r--r-- | src/network/ssl/qssldiffiehellmanparameters_openssl.cpp | 4 | ||||
-rw-r--r-- | src/network/ssl/qsslkey_qt.cpp | 7 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket.cpp | 14 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket.h | 38 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 6 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_mac_p.h | 16 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_openssl_p.h | 18 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_opensslpre11.cpp | 3 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_p.h | 9 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_winrt.cpp | 2 | ||||
-rw-r--r-- | src/network/ssl/qsslsocket_winrt_p.h | 16 |
12 files changed, 74 insertions, 61 deletions
diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 8b051a5c88..6cd66fd20f 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -154,7 +154,7 @@ public: static bool importPkcs12(QIODevice *device, QSslKey *key, QSslCertificate *cert, - QList<QSslCertificate> *caCertificates = Q_NULLPTR, + QList<QSslCertificate> *caCertificates = nullptr, const QByteArray &passPhrase=QByteArray()); Qt::HANDLE handle() const; diff --git a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp index 5ebad822f1..00e9be91d8 100644 --- a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp +++ b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp @@ -161,12 +161,12 @@ void QSslDiffieHellmanParametersPrivate::decodePem(const QByteArray &pem) return; } - DH *dh = Q_NULLPTR; + DH *dh = nullptr; q_PEM_read_bio_DHparams(bio, &dh, 0, 0); if (dh) { if (isSafeDH(dh)) { - char *buf = Q_NULLPTR; + char *buf = nullptr; int len = q_i2d_DHparams(dh, reinterpret_cast<unsigned char **>(&buf)); if (len > 0) derData = QByteArray(buf, len); diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp index 3c5dc830d3..6716c0158b 100644 --- a/src/network/ssl/qsslkey_qt.cpp +++ b/src/network/ssl/qsslkey_qt.cpp @@ -43,6 +43,7 @@ #include <QtCore/qdatastream.h> #include <QtCore/qcryptographichash.h> +#include <QtCore/qrandom.h> QT_USE_NAMESPACE @@ -286,10 +287,8 @@ QByteArray QSslKeyPrivate::toPem(const QByteArray &passPhrase) const if (type == QSsl::PrivateKey && !passPhrase.isEmpty()) { // ### use a cryptographically secure random number generator - QByteArray iv; - iv.resize(8); - for (int i = 0; i < iv.size(); ++i) - iv[i] = (qrand() & 0xff); + quint64 random = QRandomGenerator::generate64(); + QByteArray iv = QByteArray::fromRawData(reinterpret_cast<const char *>(&random), sizeof(random)); Cipher cipher = DesEde3Cbc; const QByteArray key = deriveKey(cipher, passPhrase, iv); diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index 5c9ebac283..84c814cca4 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -2647,6 +2647,20 @@ QByteArray QSslSocketPrivate::peek(qint64 maxSize) /*! \internal */ +qint64 QSslSocketPrivate::skip(qint64 maxSize) +{ + if (mode == QSslSocket::UnencryptedMode && !autoStartHandshake) + return plainSocket->skip(maxSize); + + // In encrypted mode, the SSL backend writes decrypted data directly into the + // QIODevice's read buffer. As this buffer is always emptied by the caller, + // we need to wait for more incoming data. + return (state == QAbstractSocket::ConnectedState) ? Q_INT64_C(0) : Q_INT64_C(-1); +} + +/*! + \internal +*/ bool QSslSocketPrivate::flush() { #ifdef QSSLSOCKET_DEBUG diff --git a/src/network/ssl/qsslsocket.h b/src/network/ssl/qsslsocket.h index 39e70bccda..c66ebdde54 100644 --- a/src/network/ssl/qsslsocket.h +++ b/src/network/ssl/qsslsocket.h @@ -79,22 +79,22 @@ public: AutoVerifyPeer }; - explicit QSslSocket(QObject *parent = Q_NULLPTR); + explicit QSslSocket(QObject *parent = nullptr); ~QSslSocket(); - void resume() Q_DECL_OVERRIDE; // to continue after proxy authentication required, SSL errors etc. + void resume() override; // to continue after proxy authentication required, SSL errors etc. // Autostarting the SSL client handshake. void connectToHostEncrypted(const QString &hostName, quint16 port, OpenMode mode = ReadWrite, NetworkLayerProtocol protocol = AnyIPProtocol); void connectToHostEncrypted(const QString &hostName, quint16 port, const QString &sslPeerName, OpenMode mode = ReadWrite, NetworkLayerProtocol protocol = AnyIPProtocol); bool setSocketDescriptor(qintptr socketDescriptor, SocketState state = ConnectedState, - OpenMode openMode = ReadWrite) Q_DECL_OVERRIDE; + OpenMode openMode = ReadWrite) override; using QAbstractSocket::connectToHost; - void connectToHost(const QString &hostName, quint16 port, OpenMode openMode = ReadWrite, NetworkLayerProtocol protocol = AnyIPProtocol) Q_DECL_OVERRIDE; - void disconnectFromHost() Q_DECL_OVERRIDE; + void connectToHost(const QString &hostName, quint16 port, OpenMode openMode = ReadWrite, NetworkLayerProtocol protocol = AnyIPProtocol) override; + void disconnectFromHost() override; - virtual void setSocketOption(QAbstractSocket::SocketOption option, const QVariant &value) Q_DECL_OVERRIDE; - virtual QVariant socketOption(QAbstractSocket::SocketOption option) Q_DECL_OVERRIDE; + virtual void setSocketOption(QAbstractSocket::SocketOption option, const QVariant &value) override; + virtual QVariant socketOption(QAbstractSocket::SocketOption option) override; SslMode mode() const; bool isEncrypted() const; @@ -112,16 +112,16 @@ public: void setPeerVerifyName(const QString &hostName); // From QIODevice - qint64 bytesAvailable() const Q_DECL_OVERRIDE; - qint64 bytesToWrite() const Q_DECL_OVERRIDE; - bool canReadLine() const Q_DECL_OVERRIDE; - void close() Q_DECL_OVERRIDE; - bool atEnd() const Q_DECL_OVERRIDE; + qint64 bytesAvailable() const override; + qint64 bytesToWrite() const override; + bool canReadLine() const override; + void close() override; + bool atEnd() const override; bool flush(); // ### Qt6: remove me (implementation moved to private flush()) void abort(); // From QAbstractSocket: - void setReadBufferSize(qint64 size) Q_DECL_OVERRIDE; + void setReadBufferSize(qint64 size) override; // Similar to QIODevice's: qint64 encryptedBytesAvailable() const; @@ -179,11 +179,11 @@ public: QT_DEPRECATED_X("Use QSslConfiguration::systemCaCertificates()") static QList<QSslCertificate> systemCaCertificates(); #endif // QT_DEPRECATED_SINCE(5, 5) - bool waitForConnected(int msecs = 30000) Q_DECL_OVERRIDE; + bool waitForConnected(int msecs = 30000) override; bool waitForEncrypted(int msecs = 30000); - bool waitForReadyRead(int msecs = 30000) Q_DECL_OVERRIDE; - bool waitForBytesWritten(int msecs = 30000) Q_DECL_OVERRIDE; - bool waitForDisconnected(int msecs = 30000) Q_DECL_OVERRIDE; + bool waitForReadyRead(int msecs = 30000) override; + bool waitForBytesWritten(int msecs = 30000) override; + bool waitForDisconnected(int msecs = 30000) override; QList<QSslError> sslErrors() const; @@ -209,8 +209,8 @@ Q_SIGNALS: void preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator *authenticator); protected: - qint64 readData(char *data, qint64 maxlen) Q_DECL_OVERRIDE; - qint64 writeData(const char *data, qint64 len) Q_DECL_OVERRIDE; + qint64 readData(char *data, qint64 maxlen) override; + qint64 writeData(const char *data, qint64 len) override; private: Q_DECLARE_PRIVATE(QSslSocket) diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 68c8ccff89..a8d09feb31 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -167,7 +167,7 @@ static SSLContextRef qt_createSecureTransportContext(QSslSocket::SslMode mode) const bool isServer = mode == QSslSocket::SslServerMode; const SSLProtocolSide side = isServer ? kSSLServerSide : kSSLClientSide; // We never use kSSLDatagramType, so it's kSSLStreamType unconditionally. - SSLContextRef context = SSLCreateContext(Q_NULLPTR, side, kSSLStreamType); + SSLContextRef context = SSLCreateContext(nullptr, side, kSSLStreamType); if (!context) qCWarning(lcSsl) << "SSLCreateContext failed"; return context; @@ -356,7 +356,7 @@ void QSslSocketPrivate::resetDefaultEllipticCurves() } QSslSocketBackendPrivate::QSslSocketBackendPrivate() - : context(Q_NULLPTR) + : context(nullptr) { } @@ -885,7 +885,7 @@ bool QSslSocketBackendPrivate::initSslContext() void QSslSocketBackendPrivate::destroySslContext() { - context.reset(Q_NULLPTR); + context.reset(nullptr); } static QByteArray _q_makePkcs12(const QList<QSslCertificate> &certs, const QSslKey &key, const QString &passPhrase); diff --git a/src/network/ssl/qsslsocket_mac_p.h b/src/network/ssl/qsslsocket_mac_p.h index 9e1d18981e..34e30ebb16 100644 --- a/src/network/ssl/qsslsocket_mac_p.h +++ b/src/network/ssl/qsslsocket_mac_p.h @@ -86,14 +86,14 @@ public: virtual ~QSslSocketBackendPrivate(); // Final-overriders (QSslSocketPrivate): - void continueHandshake() Q_DECL_OVERRIDE; - void disconnected() Q_DECL_OVERRIDE; - void disconnectFromHost() Q_DECL_OVERRIDE; - QSslCipher sessionCipher() const Q_DECL_OVERRIDE; - QSsl::SslProtocol sessionProtocol() const Q_DECL_OVERRIDE; - void startClientEncryption() Q_DECL_OVERRIDE; - void startServerEncryption() Q_DECL_OVERRIDE; - void transmit() Q_DECL_OVERRIDE; + void continueHandshake() override; + void disconnected() override; + void disconnectFromHost() override; + QSslCipher sessionCipher() const override; + QSsl::SslProtocol sessionProtocol() const override; + void startClientEncryption() override; + void startServerEncryption() override; + void transmit() override; static QList<QSslError> verify(QList<QSslCertificate> certificateChain, const QString &hostName); diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h index 7f9e884045..2a800cdc34 100644 --- a/src/network/ssl/qsslsocket_openssl_p.h +++ b/src/network/ssl/qsslsocket_openssl_p.h @@ -132,22 +132,22 @@ public: #endif // Platform specific functions - void startClientEncryption() Q_DECL_OVERRIDE; - void startServerEncryption() Q_DECL_OVERRIDE; - void transmit() Q_DECL_OVERRIDE; + void startClientEncryption() override; + void startServerEncryption() override; + void transmit() override; bool startHandshake(); - void disconnectFromHost() Q_DECL_OVERRIDE; - void disconnected() Q_DECL_OVERRIDE; - QSslCipher sessionCipher() const Q_DECL_OVERRIDE; - QSsl::SslProtocol sessionProtocol() const Q_DECL_OVERRIDE; - void continueHandshake() Q_DECL_OVERRIDE; + void disconnectFromHost() override; + void disconnected() override; + QSslCipher sessionCipher() const override; + QSsl::SslProtocol sessionProtocol() const override; + void continueHandshake() override; bool checkSslErrors(); void storePeerCertificates(); unsigned int tlsPskClientCallback(const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len); unsigned int tlsPskServerCallback(const char *identity, unsigned char *psk, unsigned int max_psk_len); #ifdef Q_OS_WIN void fetchCaRootForCert(const QSslCertificate &cert); - void _q_caRootLoaded(QSslCertificate,QSslCertificate) Q_DECL_OVERRIDE; + void _q_caRootLoaded(QSslCertificate,QSslCertificate) override; #endif Q_AUTOTEST_EXPORT static long setupOpenSslOptions(QSsl::SslProtocol protocol, QSsl::SslOptions sslOptions); diff --git a/src/network/ssl/qsslsocket_opensslpre11.cpp b/src/network/ssl/qsslsocket_opensslpre11.cpp index e51888c5f2..8ad4d5b521 100644 --- a/src/network/ssl/qsslsocket_opensslpre11.cpp +++ b/src/network/ssl/qsslsocket_opensslpre11.cpp @@ -290,8 +290,7 @@ void QSslSocketPrivate::ensureCiphersAndCertsLoaded() //its own cert bundle rather than the system one. //Same logic that disables the unix on demand cert loading. //Unlike unix, we do preload the certificates from the cert store. - if ((QSysInfo::windowsVersion() & QSysInfo::WV_NT_based) >= QSysInfo::WV_6_0) - s_loadRootCertsOnDemand = true; + s_loadRootCertsOnDemand = true; #endif } diff --git a/src/network/ssl/qsslsocket_p.h b/src/network/ssl/qsslsocket_p.h index 00fda43b7e..ced861805b 100644 --- a/src/network/ssl/qsslsocket_p.h +++ b/src/network/ssl/qsslsocket_p.h @@ -170,7 +170,7 @@ public: static void checkSettingSslContext(QSslSocket*, QSharedPointer<QSslContext>); static QSharedPointer<QSslContext> sslContext(QSslSocket *socket); bool isPaused() const; - bool bind(const QHostAddress &address, quint16, QAbstractSocket::BindMode) Q_DECL_OVERRIDE; + bool bind(const QHostAddress &address, quint16, QAbstractSocket::BindMode) override; void _q_connectedSlot(); void _q_hostFoundSlot(); void _q_disconnectedSlot(); @@ -190,9 +190,10 @@ public: static QList<QByteArray> unixRootCertDirectories(); // used also by QSslContext - virtual qint64 peek(char *data, qint64 maxSize) Q_DECL_OVERRIDE; - virtual QByteArray peek(qint64 maxSize) Q_DECL_OVERRIDE; - bool flush() Q_DECL_OVERRIDE; + virtual qint64 peek(char *data, qint64 maxSize) override; + virtual QByteArray peek(qint64 maxSize) override; + qint64 skip(qint64 maxSize) override; + bool flush() override; // Platform specific functions virtual void startClientEncryption() = 0; diff --git a/src/network/ssl/qsslsocket_winrt.cpp b/src/network/ssl/qsslsocket_winrt.cpp index ca65f8a015..6c5a09962b 100644 --- a/src/network/ssl/qsslsocket_winrt.cpp +++ b/src/network/ssl/qsslsocket_winrt.cpp @@ -518,7 +518,7 @@ HRESULT QSslSocketBackendPrivate::onSslUpgrade(IAsyncAction *action, AsyncStatus QList<QSslCertificate> peerCertificateChain; if (certificate) { ComPtr<IAsyncOperation<CertificateChain *>> op; - hr = certificate->BuildChainAsync(Q_NULLPTR, &op); + hr = certificate->BuildChainAsync(nullptr, &op); Q_ASSERT_SUCCEEDED(hr); ComPtr<ICertificateChain> certificateChain; hr = QWinRTFunctions::await(op, certificateChain.GetAddressOf()); diff --git a/src/network/ssl/qsslsocket_winrt_p.h b/src/network/ssl/qsslsocket_winrt_p.h index 1043aeee11..030db6d4fa 100644 --- a/src/network/ssl/qsslsocket_winrt_p.h +++ b/src/network/ssl/qsslsocket_winrt_p.h @@ -80,14 +80,14 @@ public: ~QSslSocketBackendPrivate(); // Platform specific functions - void startClientEncryption() Q_DECL_OVERRIDE; - void startServerEncryption() Q_DECL_OVERRIDE; - void transmit() Q_DECL_OVERRIDE; - void disconnectFromHost() Q_DECL_OVERRIDE; - void disconnected() Q_DECL_OVERRIDE; - QSslCipher sessionCipher() const Q_DECL_OVERRIDE; - QSsl::SslProtocol sessionProtocol() const Q_DECL_OVERRIDE; - void continueHandshake() Q_DECL_OVERRIDE; + void startClientEncryption() override; + void startServerEncryption() override; + void transmit() override; + void disconnectFromHost() override; + void disconnected() override; + QSslCipher sessionCipher() const override; + QSsl::SslProtocol sessionProtocol() const override; + void continueHandshake() override; static QList<QSslCipher> defaultCiphers(); static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain, const QString &hostName); |