1 files changed, 46 insertions, 13 deletions

diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp
index c245f85f16..d5497d04c9 100644
--- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp
+++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp
@@ -116,6 +116,7 @@ private:
     QString testDataDir;
 
     bool fileContainsUnsupportedEllipticCurve(const QString &fileName) const;
+    bool algorithmsSupported(const QString &fileName) const;
     QVector<QString> unsupportedCurves;
 
     bool isOpenSsl = false;
@@ -169,6 +170,37 @@ bool tst_QSslKey::fileContainsUnsupportedEllipticCurve(const QString &fileName)
     return false;
 }
 
+bool tst_QSslKey::algorithmsSupported(const QString &fileName) const
+{
+#if QT_CONFIG(ssl)
+    if (isSchannel && fileName.contains("RC2-64")) // Schannel treats RC2 as 128 bit
+        return false;
+
+    if (isSchannel || isSecureTransport) {
+        // No AES support in the generic back-end, PKCS#12 algorithms not supported either.
+        return !(fileName.contains(QRegularExpression("-aes\\d\\d\\d-")) || fileName.contains("pkcs8-pkcs12"));
+    }
+
+    if (!isOpenSsl || QSslSocket::sslLibraryVersionNumber() >> 28 < 3)
+        return true;
+
+    // OpenSSL v3 first introduced the notion of 'providers'. Many algorithms
+    // were moved into the 'legacy' provider. While they are still supported in theory,
+    // the 'legacy' provider is NOT loaded by default and we are not loading it either.
+    // Thus, some of the keys we are using in tst_QSslKey would fail the test. We
+    // have to filter them out.
+    const auto name = fileName.toLower();
+    if (name.contains("-des."))
+        return false;
+
+    return !name.contains("-rc2-") && !name.contains("-rc4-");
+#else
+    Q_UNUSED(fileName);
+    return false;
+#endif // QT_CONFIG(ssl)
+}
+
+
 void tst_QSslKey::initTestCase()
 {
     testDataDir = QFileInfo(QFINDTESTDATA("rsa-without-passphrase.pem")).absolutePath();
@@ -237,17 +269,8 @@ void tst_QSslKey::createPlainTestRows(bool pemOnly)
         if (pemOnly && keyInfo.format != QSsl::EncodingFormat::Pem)
             continue;
 
-        if (isSchannel) {
-            if (keyInfo.fileInfo.fileName().contains("RC2-64"))
-                continue; // Schannel treats RC2 as 128 bit
-        }
-
-        if (isSchannel || isSecureTransport) {
-            if (keyInfo.fileInfo.fileName().contains(QRegularExpression("-aes\\d\\d\\d-")))
-                continue; // No AES support in the generic back-end
-            if (keyInfo.fileInfo.fileName().contains("pkcs8-pkcs12"))
-                continue; // The generic back-end doesn't support PKCS#12 algorithms
-        }
+        if (!algorithmsSupported(keyInfo.fileInfo.fileName()))
+            continue;
 
         QTest::newRow(keyInfo.fileInfo.fileName().toLatin1())
             << keyInfo.fileInfo.absoluteFilePath() << keyInfo.algorithm << keyInfo.type
@@ -547,9 +570,15 @@ void tst_QSslKey::passphraseChecks_data()
     const QByteArray pass("123");
     const QByteArray aesPass("1234");
 
-    QTest::newRow("DES") << QString(testDataDir + "rsa-with-passphrase-des.pem") << pass;
+    if (!isOpenSsl || QSslSocket::sslLibraryVersionNumber() >> 28 < 3) {
+        // DES and RC2 are not provided by default in OpenSSL v3.
+        // This part is for either non-OpenSSL build, or OpenSSL v < 3.x.
+        QTest::newRow("DES") << QString(testDataDir + "rsa-with-passphrase-des.pem") << pass;
+        QTest::newRow("RC2") << QString(testDataDir + "rsa-with-passphrase-rc2.pem") << pass;
+    }
+
     QTest::newRow("3DES") << QString(testDataDir + "rsa-with-passphrase-3des.pem") << pass;
-    QTest::newRow("RC2") << QString(testDataDir + "rsa-with-passphrase-rc2.pem") << pass;
+
 #if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES)
     QTest::newRow("AES128") << QString(testDataDir + "rsa-with-passphrase-aes128.pem") << aesPass;
     QTest::newRow("AES192") << QString(testDataDir + "rsa-with-passphrase-aes192.pem") << aesPass;
@@ -646,6 +675,9 @@ void tst_QSslKey::encrypt_data()
     QTest::addColumn<QByteArray>("iv");
 
     QByteArray iv("abcdefgh");
+#if OPENSSL_VERSION_MAJOR < 3
+    // Either non-OpenSSL build, or OpenSSL v < 3
+    // (with DES and other legacy algorithms available by default)
     QTest::newRow("DES-CBC, length 0")
         << Cipher::DesCbc << QByteArray("01234567")
         << QByteArray()
@@ -735,6 +767,7 @@ void tst_QSslKey::encrypt_data()
         << QByteArray(8, 'a')
         << QByteArray::fromHex("5AEC1A5B295660B02613454232F7DECE")
         << iv;
+#endif // OPENSSL_VERSION_MAJOR
 
 #if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES)
     // AES needs a longer IV