summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslkey_p.cpp
Commit message (Collapse)AuthorAgeFilesLines
* QSslKey: Implement PKCS#8 support for the generic backendMårten Nordheim2018-04-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds the ability to decode keys which are encoded with PKCS#8 using the generic back-end (used in winrt and secure transport). It works on both WinRT and macOS; however QSslKey seems unused in the WinRT backend and it seems only RSA keys can be used for certificates on macOS. Meaning that DSA and Ec, which in theory* should represent their unencrypted versions, can't currently be tested properly. * Can also be confirmed by loading the key using the ST or WinRT backend, calling toPem(), writing the output to a file and then loading the unencrypted key using openssl. [ChangeLog][QtNetwork][QSslKey] Added support for PKCS#8-encoded keys in the generic SSL back-end (used for SecureTransport on macOS and for WinRT). Note that it does not support keys encrypted with a PKCS#12 algorithm. Task-number: QTBUG-59068 Change-Id: Ib27338edc7dbcb5c5e4b02addfdb4b62ac93a4c3 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* Fix loading pkcs#8 encrypted DER-encoded keys in opensslMårten Nordheim2018-04-111-12/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When we load DER-encoded keys in the openssl-backend we always turn it into PEM-encoded keys (essentially we prepend and append a header and footer and use 'toBase64' on the DER data). The problem comes from the header and footer which is simply chosen based on which key algorithm was chosen by the user. Which would be wrong when the key is a PKCS#8 key. This caused OpenSSL to fail when trying to read it. Surprisingly it still loads correctly for unencrypted keys with the wrong header, but not for encrypted keys. This patch adds a small function which checks if a key is an encrypted PKCS#8 key and then uses this function to figure out if a PKCS#8 header and footer should be used (note that I only do this for encrypted PKCS#8 keys since, as previously mentioned, unencrypted keys are read correctly by openssl). The passphrase is now also passed to the QSslKeyPrivate::decodeDer function so DER-encoded files can actually be decrypted. [ChangeLog][QtNetwork][QSslKey] The openssl backend can now load encrypted PKCS#8 DER-encoded keys. Task-number: QTBUG-17718 Change-Id: I52eedf19bde297c9aa7fb050e835b3fc0db724e2 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* Store QSslKey in specific key format to provide more details for keyLars Schmertmann2016-07-281-4/+12
| | | | | | | | | | | | In a TLS handshake the ephemeral server key is saved in the ssl configuration. Clients who want to get the length or algorithm of the key only get "Opaque" and "-1" as a result because the key is always stored as "Opaque". This change converts the key to specific type so more details are available and the client don't need to convert the handle by hand. Change-Id: I60f90fc2c1805e528640d391b20c676b6eeeb49e Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
* QtNetwork: don't use Boyer-Moore for single-character needlesMarc Mutz2016-02-241-5/+2
| | | | | | | | | | | Using Boyer-Moore for single-character search strings makes no sense since there can be no skipping beyond the normal sequential search anyway. So, port to QByteArray::indexOf(char). Change-Id: I848e2ceea5ceafd0ebae402798b410f682348a75 Reviewed-by: Richard J. Moore <rich@kde.org>
* Updated license headersJani Heikkinen2016-01-151-14/+20
| | | | | | | | | | | From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/ Updated license headers to use new LGPL header instead of LGPL21 one (in those files which will be under LGPL v3) Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9 Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
* Network: Fix operator<<(QDebug, ...) operationsKai Koehne2015-02-121-1/+2
| | | | | | | | | | | | Use the QDebugStateSaver saver(debug); debug.resetFormat().nospace(); idiom to unify the formatting and whitespace handling. Change-Id: Id346d63b3f589b60ca19e4459271d587f1a0c003 Reviewed-by: Richard J. Moore <rich@kde.org>
* Update copyright headersJani Heikkinen2015-02-111-7/+7
| | | | | | | | | | | | | | | | | | Qt copyrights are now in The Qt Company, so we could update the source code headers accordingly. In the same go we should also fix the links to point to qt.io. Outdated header.LGPL removed (use header.LGPL21 instead) Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing combination. New header.LGPL-COMM taken in the use file which were using old header.LGPL3 (src/plugins/platforms/android/extract.cpp) Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license combination Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
* Use prefix instead of postfix for iteratorsMaks Naumov2015-02-081-2/+2
| | | | | | | | | | The postfix increment(decrement) creates a temp copy of *this before the modification and then returns that copy. It's needed only when using the old iterator and then incrementing it. Change-Id: I7f6702de78f5f987cec3556047e76049b4ee063a Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com> Reviewed-by: Marc Mutz <marc.mutz@kdab.com>
* Add elliptic curve support to QSslAndré Klitzing2015-01-181-3/+15
| | | | | | | | | | | | | | | Add possibility to get length and other information of EC based certificates. Also it is possible to parse those public/private keys from PEM and DER encoded files. Based on patch by Remco Bloemen [ChangeLog][QtNetwork][SSL/TLS support] It is now possible to parse elliptic curve certificates. Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b Task-number: QTBUG-18972 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Update license headers and add new license filesMatti Paaso2014-09-241-18/+10
| | | | | | | | | - Renamed LICENSE.LGPL to LICENSE.LGPLv21 - Added LICENSE.LGPLv3 - Removed LICENSE.GPL Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2 Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
* ssl: common key parser support for encrypted keysJeremy Lainé2014-09-021-4/+48
| | | | | | | | | | | | | | This adds the infrastructure for reading and writing encrypted private keys when using non-OpenSSL backends. Each platform must provide its cryptographic encrypt / decrypt functions. As WinRT already uses the common parser, this commit includes an implementation for that platform. Done-with: Andrew Knight <andrew.knight@digia.com> Task-number: QTBUG-40688 Change-Id: I0d153425ce63601ff03b784a111e13962061025f Reviewed-by: Richard J. Moore <rich@kde.org>
* ssl: disable (broken) i/o on DER encoded keysJeremy Lainé2014-08-301-15/+20
| | | | | | | | | | | | | | | | | | | | | QSslKey currently has methods which supposedly allow decoding and encoding private keys as DER protected by a passphrase. This is broken by design as explained in QTBUG-41038, as storing the encrypted DER data alone makes no sense: such a file lacks the necessary information about the encryption algorithm and initialization vector. This change: - explicitly stops using the passphrase when decoding DER in the constructor. The behavior is unchanged, it is not possible to read the encrypted DER alone. - refuses to honor the passphrase to DER encode a private key. The toDer method now outputs an empty QByteArray instead of garbage. Task-number: QTBUG-41038 Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9 Reviewed-by: Richard J. Moore <rich@kde.org>
* ssl: Add common key parser for backendsJeremy Lainé2014-08-291-0/+12
| | | | | | | | | | | | | | | | This internal implementation of QSslKey can be used when OpenSSL is not available. Encrypted keys are not supported, as the cryptography must be supplied by a separate library. With this commit, WinRT is migrated to the new implementation, but qsslkey_winrt.cpp is left in place so that the missing crypto implementation can be added later. This also means most of the expected failures for that platform can be removed from the autotest. Change-Id: I24a3ad1053bb72311613b28b3ae845aa1645a321 Reviewed-by: Andrew Knight <andrew.knight@digia.com> Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* SSL backend: Fix pem header/footer utility methodsAndrew Knight2014-08-111-10/+8
| | | | | | | | | | These methods assumed incoming data would have LF line endings, and therefore broke when parsing files with CRLF line endings. This simply removes the line feed from the header/footer strings, and switches to QByteArrayLiteral while doing so. Change-Id: I0c14634243c4bd7d19a6b5ef718b6ed1cc6bcdb2 Reviewed-by: Richard J. Moore <rich@kde.org>
* SSL backend: Add a decodeDer() method to the private APIAndrew Knight2014-08-111-3/+4
| | | | | | | | This allows QSslKey to avoid converting to pem format if the backend supports native der decoding. Change-Id: I0822a21401ad0ca81c6eeb6c7d53c421e1e2e93a Reviewed-by: Richard J. Moore <rich@kde.org>
* SSL: split ssl files into general and "_openssl" implementationOliver Wolff2014-08-091-0/+396
In order to prepare the addition of WinRT and iOS (SecureTransport) implementations of SSL the structure of some SSL files has to be redone. Parts of certificate that probably can be reused by other ports stayed in qsslcertificate.cpp while other parts were moved to qsslcertificate_openssl.cpp. qsslcontext, qsslkey and qsslsocket were suffixed by _openssl to show that these are pure openssl implementations. Change-Id: I7b022dec49759f882274999c0991bf95788f2a3a Reviewed-by: Andrew Knight <andrew.knight@digia.com> Reviewed-by: Oliver Wolff <oliver.wolff@digia.com> Reviewed-by: Richard J. Moore <rich@kde.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 06:00:33 +0000