summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslkey_p.h
Commit message (Collapse)AuthorAgeFilesLines
* Use SPDX license identifiersLucie Gérard2022-05-161-38/+2
| | | | | | | | | | | | | Replace the current license disclaimer in files by a SPDX-License-Identifier. Files that have to be modified by hand are modified. License files are organized under LICENSES directory. Task-number: QTBUG-67283 Change-Id: Id880c92784c40f3bbde861c0d93f58151c18b9f1 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Lars Knoll <lars.knoll@qt.io> Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
* Move plugin code from QtNetwork to qtbase/pluginsTimur Pocheptsov2021-04-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All TLS (and non-TLS) backends that QSsl classes rely on are now in plugins/tls (as openssl, securetransport, schannel and certonly plugins). For now, I have to disable some tests that were using OpenSSL calls - this to be refactored/re-thought. These include: qsslsocket auto-test (test-case where we work with private keys), qsslkey auto-test (similar to qsslsocket - test-case working with keys using OpenSSL calls). qasn1element moved to plugins too, so its auto-test have to be re-thought. Since now we can have more than one working TLS-backend on a given platform, the presence of OpenSSL also means I force this backend as active before running tests, to make sure features implemented only in OpenSSL-backend are tested. OCSP auto test is disabled for now, since it heavily relies on OpenSSL symbols (to be refactored). [ChangeLog][QtNetwork][QSslSocket] QSslSocket by default prefers 'openssl' backend if it is available. [ChangeLog][QtNetwork][QSslSocket] TLS-backends are not mutually exclusive anymore, depending on a platform, more than one TLS backend can be built. E.g., configuring Qt with -openssl does not prevent SecureTransport or Schannel plugin from being built. Fixes: QTBUG-91928 Change-Id: I4c05e32f10179066bee3a518bdfdd6c4b15320c3 Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* Fix a BIC introduced by extending the namespace QSsl in _p.h filesTimur Pocheptsov2021-03-051-3/+3
| | | | | | | | | | Renamed the private part of the namespace to QTlsPrivate. Fixes: QTBUG-91531 Change-Id: Id2d9c458d8d958b35e437eee42889177dad0a7a7 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit e4efa00c72c7011f4e5c27722c2a522b30274610) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
* Port QSslKey to the new plugin-based implementationTimur Pocheptsov2021-02-191-56/+3
| | | | | | | | | | | | | The idea is to have QSslKey(Private) backend-neutral and hide all library-specific code inside plugins. Fixes: QTBUG-90953 Task-number: QTBUG-65922 Change-Id: I2eeee3b2b72c78c2e24f2fb914abce3caa913be8 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 0352cf8e1bf57615b9faf3f6f383896444e762ac) Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* QSsl::TlsKey - provide the interface and implementationsTimur Pocheptsov2021-02-011-9/+9
| | | | | | | | which will become parts of TLS plugins in the future. Task-number: QTBUG-65922 Change-Id: I4ee3c59c435fc34a9f4dacd3ff0e3cfb44251e23 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* More nullptr usage in headersKevin Funk2019-03-141-1/+1
| | | | | | | | | | | Diff generated by running clang-tidy's modernize-use-nullptr checker on the CMake-based Qt version. Skipping src/3rdparty, examples/, tests/ Change-Id: Ib182074e2e2fd52f63093f73b3e2e4c0cb7af188 Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io> Reviewed-by: Simon Hausmann <simon.hausmann@qt.io>
* QSslKey - add a support for AES encrypted keysTimur Pocheptsov2019-03-081-1/+4
| | | | | | | | | | | | | for SecureTransport backend. OpenSSL, while reading RSA/DSA, is internally calling EVP_BytesToKey that essentially does the same thing this patch does in 'deriveAesKey' and thus able to correctly decrypt whatever it first encrypted (while generating/ encrypting keys). Fixes: QTBUG-54422 Change-Id: Ia9f7599c5b19bf364c179f2abd2aab7ea5359a65 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* Use Q_DISABLE_COPY_MOVE for private classesFriedemann Kleint2018-12-121-1/+1
| | | | | Change-Id: I3cfcfba892ff4a0ab4e31f308620b445162bb17b Reviewed-by: Giuseppe D'Angelo <giuseppe.dangelo@kdab.com>
* Add support for Diffie-Hellman keys to QSslKeyLars Schmertmann2018-11-231-0/+1
| | | | | | | | | | | | This is necessary to provide details for the key too, when the server is using DHE-RSA-AESxxx-SHAxxx. Amends 7f77dc84fb434f33ffe96f6633792706b80fb0a3. Change-Id: I8ab15b6987c17c857f54bc368df3c6c1818f428c Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* QSslKey: Implement PKCS#8 support for the generic backendMårten Nordheim2018-04-231-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds the ability to decode keys which are encoded with PKCS#8 using the generic back-end (used in winrt and secure transport). It works on both WinRT and macOS; however QSslKey seems unused in the WinRT backend and it seems only RSA keys can be used for certificates on macOS. Meaning that DSA and Ec, which in theory* should represent their unencrypted versions, can't currently be tested properly. * Can also be confirmed by loading the key using the ST or WinRT backend, calling toPem(), writing the output to a file and then loading the unencrypted key using openssl. [ChangeLog][QtNetwork][QSslKey] Added support for PKCS#8-encoded keys in the generic SSL back-end (used for SecureTransport on macOS and for WinRT). Note that it does not support keys encrypted with a PKCS#12 algorithm. Task-number: QTBUG-59068 Change-Id: Ib27338edc7dbcb5c5e4b02addfdb4b62ac93a4c3 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* Fix loading pkcs#8 encrypted DER-encoded keys in opensslMårten Nordheim2018-04-111-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When we load DER-encoded keys in the openssl-backend we always turn it into PEM-encoded keys (essentially we prepend and append a header and footer and use 'toBase64' on the DER data). The problem comes from the header and footer which is simply chosen based on which key algorithm was chosen by the user. Which would be wrong when the key is a PKCS#8 key. This caused OpenSSL to fail when trying to read it. Surprisingly it still loads correctly for unencrypted keys with the wrong header, but not for encrypted keys. This patch adds a small function which checks if a key is an encrypted PKCS#8 key and then uses this function to figure out if a PKCS#8 header and footer should be used (note that I only do this for encrypted PKCS#8 keys since, as previously mentioned, unencrypted keys are read correctly by openssl). The passphrase is now also passed to the QSslKeyPrivate::decodeDer function so DER-encoded files can actually be decrypted. [ChangeLog][QtNetwork][QSslKey] The openssl backend can now load encrypted PKCS#8 DER-encoded keys. Task-number: QTBUG-17718 Change-Id: I52eedf19bde297c9aa7fb050e835b3fc0db724e2 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* Add qtnetworkglobal.h and qtnetworkglobal_p.hLars Knoll2016-07-031-2/+2
| | | | | | | | | | | | | The new modular configuration system requires one global header per module, that is included by all other files in this module. That header will later on #include the configuration file for Qt Network. For now it defines the Q_NETWORK_EXPORT macro for this library. Change-Id: I9c45d425baf881c431ed71fd457c7feb2c123855 Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@theqtcompany.com>
* Updated license headersJani Heikkinen2016-01-151-14/+20
| | | | | | | | | | | From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/ Updated license headers to use new LGPL header instead of LGPL21 one (in those files which will be under LGPL v3) Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9 Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
* ssl: add openssl-based QSslKeyPrivate::encrypt / decryptJeremy Lainé2015-07-201-9/+10
| | | | | | | | | | This adds an OpenSSL-based implementation of the QSslKeyPrivate encrypt and decrypt method. This puts both the OpenSSL-based and non-OpenSSL backends (WinRT for now) on par. Change-Id: I18a75ee5f1c223601e51ebf0933f4430e7c5c29b Reviewed-by: Andrew Knight <andrew.knight@intopalo.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Please valgrind by not accessing uninitialized memoryAllan Sandfeld Jensen2015-03-141-2/+3
| | | | | | | | Fix access or uninitialized memory. It is safe in this case, but causes valgrind's memcheck to complain unnecessarily. Change-Id: I01ad09d282b07f7099ad6bed85f4327b3c7c677f Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Use a union for different openssl typesAndré Klitzing2015-02-111-11/+6
| | | | | | | | | Since the algorithm can only be one the underlying structure can share the same memory. Change-Id: Ifeaa1a2d5c4ad3566cbbf847445b805876275260 Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Update copyright headersJani Heikkinen2015-02-111-7/+7
| | | | | | | | | | | | | | | | | | Qt copyrights are now in The Qt Company, so we could update the source code headers accordingly. In the same go we should also fix the links to point to qt.io. Outdated header.LGPL removed (use header.LGPL21 instead) Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing combination. New header.LGPL-COMM taken in the use file which were using old header.LGPL3 (src/plugins/platforms/android/extract.cpp) Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license combination Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
* Add elliptic curve support to QSslAndré Klitzing2015-01-181-0/+6
| | | | | | | | | | | | | | | Add possibility to get length and other information of EC based certificates. Also it is possible to parse those public/private keys from PEM and DER encoded files. Based on patch by Remco Bloemen [ChangeLog][QtNetwork][SSL/TLS support] It is now possible to parse elliptic curve certificates. Change-Id: I4b11f726296aecda89c3cbd195d7c817ae6fc47b Task-number: QTBUG-18972 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* Update license headers and add new license filesMatti Paaso2014-09-241-18/+10
| | | | | | | | | - Renamed LICENSE.LGPL to LICENSE.LGPLv21 - Added LICENSE.LGPLv3 - Removed LICENSE.GPL Change-Id: Iec3406e3eb3f133be549092015cefe33d259a3f2 Reviewed-by: Iikka Eklund <iikka.eklund@digia.com>
* ssl: common key parser support for encrypted keysJeremy Lainé2014-09-021-2/+11
| | | | | | | | | | | | | | This adds the infrastructure for reading and writing encrypted private keys when using non-OpenSSL backends. Each platform must provide its cryptographic encrypt / decrypt functions. As WinRT already uses the common parser, this commit includes an implementation for that platform. Done-with: Andrew Knight <andrew.knight@digia.com> Task-number: QTBUG-40688 Change-Id: I0d153425ce63601ff03b784a111e13962061025f Reviewed-by: Richard J. Moore <rich@kde.org>
* ssl: disable (broken) i/o on DER encoded keysJeremy Lainé2014-08-301-2/+1
| | | | | | | | | | | | | | | | | | | | | QSslKey currently has methods which supposedly allow decoding and encoding private keys as DER protected by a passphrase. This is broken by design as explained in QTBUG-41038, as storing the encrypted DER data alone makes no sense: such a file lacks the necessary information about the encryption algorithm and initialization vector. This change: - explicitly stops using the passphrase when decoding DER in the constructor. The behavior is unchanged, it is not possible to read the encrypted DER alone. - refuses to honor the passphrase to DER encode a private key. The toDer method now outputs an empty QByteArray instead of garbage. Task-number: QTBUG-41038 Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9 Reviewed-by: Richard J. Moore <rich@kde.org>
* ssl: Add common key parser for backendsJeremy Lainé2014-08-291-7/+13
| | | | | | | | | | | | | | | | This internal implementation of QSslKey can be used when OpenSSL is not available. Encrypted keys are not supported, as the cryptography must be supplied by a separate library. With this commit, WinRT is migrated to the new implementation, but qsslkey_winrt.cpp is left in place so that the missing crypto implementation can be added later. This also means most of the expected failures for that platform can be removed from the autotest. Change-Id: I24a3ad1053bb72311613b28b3ae845aa1645a321 Reviewed-by: Andrew Knight <andrew.knight@digia.com> Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* SSL backend: Add a decodeDer() method to the private APIAndrew Knight2014-08-111-0/+2
| | | | | | | | This allows QSslKey to avoid converting to pem format if the backend supports native der decoding. Change-Id: I0822a21401ad0ca81c6eeb6c7d53c421e1e2e93a Reviewed-by: Richard J. Moore <rich@kde.org>
* SSL: split ssl files into general and "_openssl" implementationOliver Wolff2014-08-091-4/+14
| | | | | | | | | | | | | | | In order to prepare the addition of WinRT and iOS (SecureTransport) implementations of SSL the structure of some SSL files has to be redone. Parts of certificate that probably can be reused by other ports stayed in qsslcertificate.cpp while other parts were moved to qsslcertificate_openssl.cpp. qsslcontext, qsslkey and qsslsocket were suffixed by _openssl to show that these are pure openssl implementations. Change-Id: I7b022dec49759f882274999c0991bf95788f2a3a Reviewed-by: Andrew Knight <andrew.knight@digia.com> Reviewed-by: Oliver Wolff <oliver.wolff@digia.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Add support for loading PKCS#12 bundles.Richard J. Moore2014-05-111-0/+1
| | | | | | | | | | | | | | | Add support for loading certificates and keys from PKCS#12 bundles (also known as pfx files). Task-number: QTBUG-1565 [ChangeLog][QtNetwork][QSslSocket] Support for loading PKCS#12 bundles was added. These are often used to transport keys and certificates conveniently, particularly when making use of client certificates. Change-Id: Idaeb2cb4dac4b19881a5c99c7c0a7eea00c2b207 Reviewed-by: Daniel Molkentin <daniel@molkentin.de>
* Update copyright year in Digia's license headersSergio Ahumada2013-01-181-1/+1
| | | | | Change-Id: Ic804938fc352291d011800d21e549c10acac66fb Reviewed-by: Lars Knoll <lars.knoll@digia.com>
* Change copyrights from Nokia to DigiaIikka Eklund2012-09-221-24/+24
| | | | | | | | Change copyrights and license headers from Nokia to Digia Change-Id: If1cc974286d29fd01ec6c19dd4719a67f4c3f00e Reviewed-by: Lars Knoll <lars.knoll@digia.com> Reviewed-by: Sergio Ahumada <sergio.ahumada@digia.com>
* Fix build under MinGW after 1e3269c0863bfac26be9e9239b6427ea77c6175bKonstantin Ritt2012-09-221-0/+2
| | | | | | Change-Id: I3c8c28ba1016af6351afa5118893133d373cb4e6 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Richard J. Moore <rich@kde.org>
* Remove "All rights reserved" line from license headers.Jason McDonald2012-01-301-1/+1
| | | | | | | | | | As in the past, to avoid rewriting various autotests that contain line-number information, an extra blank line has been inserted at the end of the license text to ensure that this commit does not change the total number of lines in the license header. Change-Id: I311e001373776812699d6efc045b5f742890c689 Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
* Update contact information in license headers.Jason McDonald2012-01-231-1/+1
| | | | | | | Replace Nokia contact email address with Qt Project website. Change-Id: I431bbbf76d7c27d8b502f87947675c116994c415 Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
* Update copyright year in license headers.Jason McDonald2012-01-051-1/+1
| | | | | Change-Id: I02f2c620296fcd91d4967d58767ea33fc4e1e7dc Reviewed-by: Rohan McGovern <rohan.mcgovern@nokia.com>
* qssl: add support for QSsl::Opaque keyCorentin Chary2011-08-311-0/+2
| | | | | | | | | | | This allow to use directly EVP_PKEY * with QSslKey (for example comming from a PKCS#11 dongle). Change-Id: Icb1ba5081506a831ec3d8cfffe13ce70939608ea Merge-request: 48 Reviewed-by: Peter Hartmann <peter.hartmann@nokia.com> Reviewed-on: http://codereview.qt.nokia.com/4010 Reviewed-by: Qt Sanity Bot <qt_sanity_bot@ovi.com>
* Update licenseheader text in source files for qtbase Qt moduleJyri Tahtela2011-05-241-17/+17
| | | | | | | Updated version of LGPL and FDL licenseheaders. Apply release phase licenseheaders for all source files. Reviewed-by: Trust Me
* Initial import from the monolithic Qt.Qt by Nokia2011-04-271-0/+100
This is the beginning of revision history for this module. If you want to look at revision history older than this, please refer to the Qt Git wiki for how to use Git history grafting. At the time of writing, this wiki is located here: http://qt.gitorious.org/qt/pages/GitIntroductionWithQt If you have already performed the grafting and you don't see any history beyond this commit, try running "git log" with the "--follow" argument. Branched from the monolithic repo, Qt master branch, at commit 896db169ea224deb96c59ce8af800d019de63f12
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 22:36:19 +0000