summaryrefslogtreecommitdiffstats
path: root/src/network/ssl/qsslkey_qt.cpp
Commit message (Collapse)AuthorAgeFilesLines
* QSslKey: Implement PKCS#8 support for the generic backendMårten Nordheim2018-04-231-4/+403
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds the ability to decode keys which are encoded with PKCS#8 using the generic back-end (used in winrt and secure transport). It works on both WinRT and macOS; however QSslKey seems unused in the WinRT backend and it seems only RSA keys can be used for certificates on macOS. Meaning that DSA and Ec, which in theory* should represent their unencrypted versions, can't currently be tested properly. * Can also be confirmed by loading the key using the ST or WinRT backend, calling toPem(), writing the output to a file and then loading the unencrypted key using openssl. [ChangeLog][QtNetwork][QSslKey] Added support for PKCS#8-encoded keys in the generic SSL back-end (used for SecureTransport on macOS and for WinRT). Note that it does not support keys encrypted with a PKCS#12 algorithm. Task-number: QTBUG-59068 Change-Id: Ib27338edc7dbcb5c5e4b02addfdb4b62ac93a4c3 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io> Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* Fix loading pkcs#8 encrypted DER-encoded keys in opensslMårten Nordheim2018-04-111-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When we load DER-encoded keys in the openssl-backend we always turn it into PEM-encoded keys (essentially we prepend and append a header and footer and use 'toBase64' on the DER data). The problem comes from the header and footer which is simply chosen based on which key algorithm was chosen by the user. Which would be wrong when the key is a PKCS#8 key. This caused OpenSSL to fail when trying to read it. Surprisingly it still loads correctly for unencrypted keys with the wrong header, but not for encrypted keys. This patch adds a small function which checks if a key is an encrypted PKCS#8 key and then uses this function to figure out if a PKCS#8 header and footer should be used (note that I only do this for encrypted PKCS#8 keys since, as previously mentioned, unencrypted keys are read correctly by openssl). The passphrase is now also passed to the QSslKeyPrivate::decodeDer function so DER-encoded files can actually be decrypted. [ChangeLog][QtNetwork][QSslKey] The openssl backend can now load encrypted PKCS#8 DER-encoded keys. Task-number: QTBUG-17718 Change-Id: I52eedf19bde297c9aa7fb050e835b3fc0db724e2 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
* Merge remote-tracking branch 'origin/5.10' into devLars Knoll2018-01-021-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: .qmake.conf sc/corelib/io/qfsfileengine_p.h src/corelib/io/qstorageinfo_unix.cpp src/platformsupport/eglconvenience/qeglpbuffer_p.h src/platformsupport/input/libinput/qlibinputkeyboard.cpp src/platformsupport/input/libinput/qlibinputpointer.cpp src/plugins/platforms/cocoa/qcocoamenu.mm src/plugins/platforms/ios/qiosscreen.h src/plugins/platforms/ios/qioswindow.h src/plugins/platforms/ios/quiview.mm src/printsupport/dialogs/qpagesetupdialog_unix_p.h src/printsupport/dialogs/qprintpreviewdialog.cpp src/printsupport/widgets/qcupsjobwidget_p.h src/widgets/widgets/qmenu.cpp tests/auto/corelib/tools/qdatetime/tst_qdatetime.cpp tests/auto/widgets/itemviews/qtreeview/tst_qtreeview.cpp Change-Id: Iecb4883122efe97ef0ed850271e6c51bab568e9c
| * Fix typo in QSslKeyMårten Nordheim2017-12-211-1/+1
| | | | | | | | | | Change-Id: I201f4af1dd43a8e74d26652b50f3ad6074952888 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* | Merge remote-tracking branch 'origin/5.10' into devLiang Qi2017-11-231-1/+1
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/network/access/qhttp2protocolhandler_p.h src/network/kernel/kernel.pri src/network/ssl/qsslkey_qt.cpp src/plugins/platforms/cocoa/qcocoascreen.mm src/plugins/platforms/windows/accessible/iaccessible2.cpp src/plugins/platforms/windows/accessible/iaccessible2.h src/plugins/platforms/windows/accessible/qwindowsaccessibility.cpp src/plugins/platforms/windows/accessible/qwindowsmsaaaccessible.cpp src/plugins/platforms/windows/accessible/qwindowsmsaaaccessible.h src/widgets/widgets/qmenu_p.h tests/auto/network/access/qnetworkreply/tst_qnetworkreply.cpp tests/auto/other/qaccessibility/tst_qaccessibility.cpp tests/auto/testlib/selftests/expected_cmptest.lightxml tests/auto/testlib/selftests/expected_cmptest.teamcity tests/auto/testlib/selftests/expected_cmptest.txt tests/auto/testlib/selftests/expected_cmptest.xml Done-with: Edward Welbourne <edward.welbourne@qt.io> Change-Id: I4217cc7d840cbae3e3dd28574741544469c4c6b9
* | Change qrand() to QRandomGenerator in the SSL backendSamuel Gaist2017-09-301-4/+3
|/ | | | | Change-Id: I631649b2ad8d9c2c766e99a12f7ff3a39c79cc7d Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* QtNetwork: use const (and const APIs) moreAnton Kudryavtsev2016-04-271-4/+4
| | | | | | | | | | | For CoW types, prefer const methods to avoid needless detach()ing. Mark predictNextRequest() as const, because this method does not modify the object. Change-Id: Ic94e2b31445ece46ab1423bf5b5f4e66d9a5b6ca Reviewed-by: Edward Welbourne <edward.welbourne@theqtcompany.com> Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
* Updated license headersJani Heikkinen2016-01-151-13/+19
| | | | | | | | | | | From Qt 5.7 -> LGPL v2.1 isn't an option anymore, see http://blog.qt.io/blog/2016/01/13/new-agreement-with-the-kde-free-qt-foundation/ Updated license headers to use new LGPL header instead of LGPL21 one (in those files which will be under LGPL v3) Change-Id: I046ec3e47b1876cd7b4b0353a576b352e3a946d9 Reviewed-by: Lars Knoll <lars.knoll@theqtcompany.com>
* ssl: add support for EC keys to non-OpenSSL backendsJeremy Lainé2015-07-311-1/+66
| | | | | | | | Adds basic support for QSslKey reading / writing Elliptic Curve keys on backends other than OpenSSL (i.e. WinRT / SecureTransport for now). Change-Id: I67012dbe6b844a3ed5b22b63e0cdbacf0497a74a Reviewed-by: Richard J. Moore <rich@kde.org>
* Update copyright headersJani Heikkinen2015-02-111-21/+13
| | | | | | | | | | | | | | | | | | Qt copyrights are now in The Qt Company, so we could update the source code headers accordingly. In the same go we should also fix the links to point to qt.io. Outdated header.LGPL removed (use header.LGPL21 instead) Old header.LGPL3 renamed to header.LGPL3-COMM to match actual licensing combination. New header.LGPL-COMM taken in the use file which were using old header.LGPL3 (src/plugins/platforms/android/extract.cpp) Added new header.LGPL3 containing Commercial + LGPLv3 + GPLv2 license combination Change-Id: I6f49b819a8a20cc4f88b794a8f6726d975e8ffbe Reviewed-by: Matti Paaso <matti.paaso@theqtcompany.com>
* Add missing qdatastream.h includes.Richard J. Moore2015-01-051-0/+1
| | | | | Change-Id: I726041ec5e92d371bc5afb9b7f8cb854bfd41451 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
* ssl: common certificate parser support for extensionsJeremy Lainé2014-09-051-2/+2
| | | | | | | | | | | | This makes non-OpenSSL backends able to handle to certificate extensions. This also converts the Q_OS_WINRT #ifdef's in the unit test to QT_NO_OPENSSL as the behavior is the same for any non-OpenSSL backend. Change-Id: I6a8306dc5c97a659ec96063d5a59cee2ee9a63a9 Reviewed-by: Richard J. Moore <rich@kde.org>
* ssl: common key parser support for encrypted keysJeremy Lainé2014-09-021-8/+70
| | | | | | | | | | | | | | This adds the infrastructure for reading and writing encrypted private keys when using non-OpenSSL backends. Each platform must provide its cryptographic encrypt / decrypt functions. As WinRT already uses the common parser, this commit includes an implementation for that platform. Done-with: Andrew Knight <andrew.knight@digia.com> Task-number: QTBUG-40688 Change-Id: I0d153425ce63601ff03b784a111e13962061025f Reviewed-by: Richard J. Moore <rich@kde.org>
* ssl: disable (broken) i/o on DER encoded keysJeremy Lainé2014-08-301-8/+7
| | | | | | | | | | | | | | | | | | | | | QSslKey currently has methods which supposedly allow decoding and encoding private keys as DER protected by a passphrase. This is broken by design as explained in QTBUG-41038, as storing the encrypted DER data alone makes no sense: such a file lacks the necessary information about the encryption algorithm and initialization vector. This change: - explicitly stops using the passphrase when decoding DER in the constructor. The behavior is unchanged, it is not possible to read the encrypted DER alone. - refuses to honor the passphrase to DER encode a private key. The toDer method now outputs an empty QByteArray instead of garbage. Task-number: QTBUG-41038 Change-Id: I4281050cf1104f12d154db201a173633bfe22bd9 Reviewed-by: Richard J. Moore <rich@kde.org>
* ssl: Add common key parser for backendsJeremy Lainé2014-08-291-0/+185
This internal implementation of QSslKey can be used when OpenSSL is not available. Encrypted keys are not supported, as the cryptography must be supplied by a separate library. With this commit, WinRT is migrated to the new implementation, but qsslkey_winrt.cpp is left in place so that the missing crypto implementation can be added later. This also means most of the expected failures for that platform can be removed from the autotest. Change-Id: I24a3ad1053bb72311613b28b3ae845aa1645a321 Reviewed-by: Andrew Knight <andrew.knight@digia.com> Reviewed-by: Maurice Kalinowski <maurice.kalinowski@digia.com> Reviewed-by: Richard J. Moore <rich@kde.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 22:38:04 +0000