diff options
Diffstat (limited to 'tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp')
-rw-r--r-- | tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp | 125 |
1 files changed, 70 insertions, 55 deletions
diff --git a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp index cea49350f1..79bae3c270 100644 --- a/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp +++ b/tests/auto/network/ssl/qsslkey/tst_qsslkey.cpp @@ -1,30 +1,5 @@ -/**************************************************************************** -** -** Copyright (C) 2016 The Qt Company Ltd. -** Contact: https://www.qt.io/licensing/ -** -** This file is part of the test suite of the Qt Toolkit. -** -** $QT_BEGIN_LICENSE:GPL-EXCEPT$ -** Commercial License Usage -** Licensees holding valid commercial Qt licenses may use this file in -** accordance with the commercial license agreement provided with the -** Software or, alternatively, in accordance with the terms contained in -** a written agreement between you and The Qt Company. For licensing terms -** and conditions see https://www.qt.io/terms-conditions. For further -** information use the contact form at https://www.qt.io/contact-us. -** -** GNU General Public License Usage -** Alternatively, this file may be used under the terms of the GNU -** General Public License version 3 as published by the Free Software -** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT -** included in the packaging of this file. Please review the following -** information to ensure the GNU General Public License requirements will -** be met: https://www.gnu.org/licenses/gpl-3.0.html. -** -** $QT_END_LICENSE$ -** -****************************************************************************/ +// Copyright (C) 2016 The Qt Company Ltd. +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QTest> #include <qsslkey.h> @@ -40,6 +15,8 @@ #include <QtCore/qdebug.h> #include <QtCore/qlist.h> +using namespace Qt::StringLiterals; + #ifdef QT_BUILD_INTERNAL #if QT_CONFIG(ssl) #include "private/qsslkey_p.h" @@ -115,6 +92,7 @@ private: QString testDataDir; bool fileContainsUnsupportedEllipticCurve(const QString &fileName) const; + bool algorithmsSupported(const QString &fileName) const; QVector<QString> unsupportedCurves; bool isOpenSsl = false; @@ -178,6 +156,37 @@ bool tst_QSslKey::fileContainsUnsupportedEllipticCurve(const QString &fileName) return false; } +bool tst_QSslKey::algorithmsSupported(const QString &fileName) const +{ +#if QT_CONFIG(ssl) + if (isSchannel && fileName.contains("RC2-64")) // Schannel treats RC2 as 128 bit + return false; + + if (isSchannel || isSecureTransport) { + // No AES support in the generic back-end, PKCS#12 algorithms not supported either. + return !(fileName.contains(QRegularExpression("-aes\\d\\d\\d-")) || fileName.contains("pkcs8-pkcs12")); + } + + if (!isOpenSsl || QSslSocket::sslLibraryVersionNumber() >> 28 < 3) + return true; + + // OpenSSL v3 first introduced the notion of 'providers'. Many algorithms + // were moved into the 'legacy' provider. While they are still supported in theory, + // the 'legacy' provider is NOT loaded by default and we are not loading it either. + // Thus, some of the keys we are using in tst_QSslKey would fail the test. We + // have to filter them out. + const auto name = fileName.toLower(); + if (name.contains("-des.")) + return false; + + return !name.contains("-rc2-") && !name.contains("-rc4-"); +#else + Q_UNUSED(fileName); + return false; +#endif // QT_CONFIG(ssl) +} + + void tst_QSslKey::initTestCase() { testDataDir = QFileInfo(QFINDTESTDATA("rsa-without-passphrase.pem")).absolutePath(); @@ -212,7 +221,7 @@ static QByteArray readFile(const QString &absFilePath) { QFile file(absFilePath); if (!file.open(QIODevice::ReadOnly)) { - QWARN("failed to open file"); + qWarning("failed to open file"); return QByteArray(); } return file.readAll(); @@ -242,21 +251,12 @@ void tst_QSslKey::createPlainTestRows(bool pemOnly) QTest::addColumn<QSsl::KeyType>("type"); QTest::addColumn<int>("length"); QTest::addColumn<QSsl::EncodingFormat>("format"); - foreach (KeyInfo keyInfo, keyInfoList) { + for (const KeyInfo &keyInfo : std::as_const(keyInfoList)) { if (pemOnly && keyInfo.format != QSsl::EncodingFormat::Pem) continue; - if (isSchannel) { - if (keyInfo.fileInfo.fileName().contains("RC2-64")) - continue; // Schannel treats RC2 as 128 bit - } - - if (isSchannel || isSecureTransport) { - if (keyInfo.fileInfo.fileName().contains(QRegularExpression("-aes\\d\\d\\d-"))) - continue; // No AES support in the generic back-end - if (keyInfo.fileInfo.fileName().contains("pkcs8-pkcs12")) - continue; // The generic back-end doesn't support PKCS#12 algorithms - } + if (!algorithmsSupported(keyInfo.fileInfo.fileName())) + continue; QTest::newRow(keyInfo.fileInfo.fileName().toLatin1()) << keyInfo.fileInfo.absoluteFilePath() << keyInfo.algorithm << keyInfo.type @@ -317,7 +317,7 @@ void tst_QSslKey::constructorHandle() passphrase = "1234"; BIO* bio = q_BIO_new(q_BIO_s_mem()); - q_BIO_write(bio, pem.constData(), pem.length()); + q_BIO_write(bio, pem.constData(), pem.size()); EVP_PKEY *origin = func(bio, nullptr, nullptr, static_cast<void *>(passphrase.data())); Q_ASSERT(origin); q_EVP_PKEY_up_ref(origin); @@ -469,13 +469,18 @@ void tst_QSslKey::toEncryptedPemOrDer_data() QTest::addColumn<QSsl::EncodingFormat>("format"); QTest::addColumn<QString>("password"); - QStringList passwords; - passwords << " " << "foobar" << "foo bar" - << "aAzZ`1234567890-=~!@#$%^&*()_+[]{}\\|;:'\",.<>/?"; // ### add more (?) - foreach (KeyInfo keyInfo, keyInfoList) { + const QString passwords[] = { + u" "_s, + u"foobar"_s, + u"foo bar"_s, + u"aAzZ`1234567890-=~!@#$%^&*()_+[]{}\\|;:'\",.<>/?"_s, + // ### add more (?) + }; + + for (const KeyInfo &keyInfo : std::as_const(keyInfoList)) { if (keyInfo.fileInfo.fileName().contains("pkcs8")) continue; // pkcs8 keys are encrypted in a different way than the other keys - foreach (QString password, passwords) { + for (const QString &password : passwords) { const QByteArray testName = keyInfo.fileInfo.fileName().toLatin1() + '-' + (keyInfo.algorithm == QSsl::Rsa ? "RSA" : (keyInfo.algorithm == QSsl::Dsa ? "DSA" : "EC")) @@ -550,9 +555,15 @@ void tst_QSslKey::passphraseChecks_data() const QByteArray pass("123"); const QByteArray aesPass("1234"); - QTest::newRow("DES") << QString(testDataDir + "rsa-with-passphrase-des.pem") << pass; + if (!isOpenSsl || QSslSocket::sslLibraryVersionNumber() >> 28 < 3) { + // DES and RC2 are not provided by default in OpenSSL v3. + // This part is for either non-OpenSSL build, or OpenSSL v < 3.x. + QTest::newRow("DES") << QString(testDataDir + "rsa-with-passphrase-des.pem") << pass; + QTest::newRow("RC2") << QString(testDataDir + "rsa-with-passphrase-rc2.pem") << pass; + } + QTest::newRow("3DES") << QString(testDataDir + "rsa-with-passphrase-3des.pem") << pass; - QTest::newRow("RC2") << QString(testDataDir + "rsa-with-passphrase-rc2.pem") << pass; + #if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES) QTest::newRow("AES128") << QString(testDataDir + "rsa-with-passphrase-aes128.pem") << aesPass; QTest::newRow("AES192") << QString(testDataDir + "rsa-with-passphrase-aes192.pem") << aesPass; @@ -569,7 +580,7 @@ void tst_QSslKey::passphraseChecks() QVERIFY(keyFile.exists()); { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); @@ -577,7 +588,7 @@ void tst_QSslKey::passphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); @@ -585,7 +596,7 @@ void tst_QSslKey::passphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "WRONG!"); @@ -593,7 +604,7 @@ void tst_QSslKey::passphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, passphrase); @@ -611,7 +622,7 @@ void tst_QSslKey::noPassphraseChecks() QFile keyFile(fileName); { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey); @@ -619,7 +630,7 @@ void tst_QSslKey::noPassphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, ""); @@ -627,7 +638,7 @@ void tst_QSslKey::noPassphraseChecks() } { if (!keyFile.isOpen()) - keyFile.open(QIODevice::ReadOnly); + QVERIFY(keyFile.open(QIODevice::ReadOnly)); else keyFile.reset(); QSslKey key(&keyFile,QSsl::Rsa,QSsl::Pem, QSsl::PrivateKey, "xxx"); @@ -649,6 +660,9 @@ void tst_QSslKey::encrypt_data() QTest::addColumn<QByteArray>("iv"); QByteArray iv("abcdefgh"); +#if OPENSSL_VERSION_MAJOR < 3 + // Either non-OpenSSL build, or OpenSSL v < 3 + // (with DES and other legacy algorithms available by default) QTest::newRow("DES-CBC, length 0") << Cipher::DesCbc << QByteArray("01234567") << QByteArray() @@ -738,6 +752,7 @@ void tst_QSslKey::encrypt_data() << QByteArray(8, 'a') << QByteArray::fromHex("5AEC1A5B295660B02613454232F7DECE") << iv; +#endif // OPENSSL_VERSION_MAJOR #if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES) // AES needs a longer IV |