From 2be7746e0922fa404da567fd0bc0cbc00c6215cb Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Wed, 30 Jan 2019 14:11:07 +0100 Subject: Fix a typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit in a comment. Change-Id: I10252b2e732636993daba6b72ed86116691f2030 Reviewed-by: Mårten Nordheim Reviewed-by: Jesus Fernandez --- src/network/ssl/qsslsocket_openssl.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp index c48cd42360..6a8269b521 100644 --- a/src/network/ssl/qsslsocket_openssl.cpp +++ b/src/network/ssl/qsslsocket_openssl.cpp @@ -476,7 +476,8 @@ bool QSslSocketBackendPrivate::initSslContext() { Q_Q(QSslSocket); - // If no external context was set (e.g. bei QHttpNetworkConnection) we will create a default context + // If no external context was set (e.g. by QHttpNetworkConnection) we will + // create a default context if (!sslContextPointer) { // create a deep copy of our configuration QSslConfigurationPrivate *configurationCopy = new QSslConfigurationPrivate(configuration); -- cgit v1.2.3 From 62f6fb30177043085d5ff3685ff24015b098ae14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C4=99drzej=20Nowacki?= Date: Thu, 28 Feb 2019 14:28:00 +0100 Subject: Fix compilation without DTLS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I6062c4454c547b943d7ef26b22eeccf566888767 Reviewed-by: Mårten Nordheim --- src/network/ssl/qsslcontext_openssl11.cpp | 2 -- 1 file changed, 2 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslcontext_openssl11.cpp b/src/network/ssl/qsslcontext_openssl11.cpp index 21a5c779f7..db023b7331 100644 --- a/src/network/ssl/qsslcontext_openssl11.cpp +++ b/src/network/ssl/qsslcontext_openssl11.cpp @@ -193,7 +193,6 @@ init_context: minVersion = TLS1_2_VERSION; maxVersion = 0; break; -#if QT_CONFIG(dtls) case QSsl::DtlsV1_0: minVersion = DTLS1_VERSION; maxVersion = DTLS1_VERSION; @@ -210,7 +209,6 @@ init_context: minVersion = DTLS1_2_VERSION; maxVersion = DTLS_MAX_VERSION; break; -#endif // dtls case QSsl::TlsV1_3OrLater: #ifdef TLS1_3_VERSION minVersion = TLS1_3_VERSION; -- cgit v1.2.3 From c6153660e458ee3790a446a327d29e622defee49 Mon Sep 17 00:00:00 2001 From: Lars Schmertmann Date: Sun, 11 Nov 2018 19:42:43 +0100 Subject: Extend the test for QSslKey MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Check if QSslKey::handle() returns data representing the same key information as that passed to the constructor. Task-number: QTBUG-64495 Change-Id: I1a91264e6f6d92d259b51fca9de00fcbfd5cc845 Reviewed-by: Mårten Nordheim Reviewed-by: Timur Pocheptsov --- src/network/ssl/qsslsocket_openssl11_symbols_p.h | 1 + src/network/ssl/qsslsocket_openssl_symbols.cpp | 4 ++++ src/network/ssl/qsslsocket_openssl_symbols_p.h | 7 ++++--- 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h index a44d00a830..9d0a14360d 100644 --- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h @@ -82,6 +82,7 @@ Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); int q_DSA_bits(DSA *a); int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a); int q_EVP_PKEY_base_id(EVP_PKEY *a); int q_RSA_bits(RSA *a); Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a); diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index aa1dc681e0..f136c92a65 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -150,6 +150,7 @@ DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return nullptr, return) DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return) DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) +DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return) DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) @@ -366,6 +367,7 @@ DEFINEFUNC2(int, EVP_PKEY_set1_DH, EVP_PKEY *a, a, DH *b, b, return -1, return) #ifndef OPENSSL_NO_EC DEFINEFUNC2(int, EVP_PKEY_set1_EC_KEY, EVP_PKEY *a, a, EC_KEY *b, b, return -1, return) #endif +DEFINEFUNC2(int, EVP_PKEY_cmp, const EVP_PKEY *a, a, const EVP_PKEY *b, b, return -1, return) DEFINEFUNC(void, EVP_PKEY_free, EVP_PKEY *a, a, return, DUMMYARG) DEFINEFUNC(DSA *, EVP_PKEY_get1_DSA, EVP_PKEY *a, a, return nullptr, return) DEFINEFUNC(RSA *, EVP_PKEY_get1_RSA, EVP_PKEY *a, a, return nullptr, return) @@ -955,6 +957,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(OPENSSL_init_crypto) RESOLVEFUNC(ASN1_STRING_get0_data) RESOLVEFUNC(EVP_CIPHER_CTX_reset) + RESOLVEFUNC(EVP_PKEY_up_ref) RESOLVEFUNC(EVP_PKEY_base_id) RESOLVEFUNC(RSA_bits) RESOLVEFUNC(OPENSSL_sk_new_null) @@ -1184,6 +1187,7 @@ bool q_resolveOpenSslSymbols() #ifndef OPENSSL_NO_EC RESOLVEFUNC(EVP_PKEY_set1_EC_KEY) #endif + RESOLVEFUNC(EVP_PKEY_cmp) RESOLVEFUNC(EVP_PKEY_free) RESOLVEFUNC(EVP_PKEY_get1_DSA) RESOLVEFUNC(EVP_PKEY_get1_RSA) diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index e09820b2f2..59b6e53940 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -284,11 +284,12 @@ const EVP_CIPHER *q_EVP_rc2_cbc(); Q_AUTOTEST_EXPORT const EVP_MD *q_EVP_sha1(); int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); -int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); -int q_EVP_PKEY_set1_DH(EVP_PKEY *a, DH *b); +Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_DSA(EVP_PKEY *a, DSA *b); +Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_DH(EVP_PKEY *a, DH *b); #ifndef OPENSSL_NO_EC -int q_EVP_PKEY_set1_EC_KEY(EVP_PKEY *a, EC_KEY *b); +Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_EC_KEY(EVP_PKEY *a, EC_KEY *b); #endif +Q_AUTOTEST_EXPORT int q_EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); Q_AUTOTEST_EXPORT void q_EVP_PKEY_free(EVP_PKEY *a); RSA *q_EVP_PKEY_get1_RSA(EVP_PKEY *a); DSA *q_EVP_PKEY_get1_DSA(EVP_PKEY *a); -- cgit v1.2.3 From c212128a676aa906fdef79c3e5ccecf0d942e68c Mon Sep 17 00:00:00 2001 From: Konstantin Shegunov Date: Tue, 19 Feb 2019 23:53:58 +0200 Subject: Add input check for QSslSocket::setPrivateKey MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [ChangeLog][QtNetwork][QSslSocket] Added runtime validation of the SSL private key when it is loaded through a file path. Task-number: QTBUG-72016 Change-Id: Ie92c3a2fbf3ba896c4c838e03d677426be56a5db Reviewed-by: Mårten Nordheim Reviewed-by: Samuel Gaist Reviewed-by: Edward Welbourne --- src/network/ssl/qsslsocket.cpp | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslsocket.cpp b/src/network/ssl/qsslsocket.cpp index cf8a472606..fa012866e6 100644 --- a/src/network/ssl/qsslsocket.cpp +++ b/src/network/ssl/qsslsocket.cpp @@ -1209,12 +1209,21 @@ void QSslSocket::setPrivateKey(const QSslKey &key) void QSslSocket::setPrivateKey(const QString &fileName, QSsl::KeyAlgorithm algorithm, QSsl::EncodingFormat format, const QByteArray &passPhrase) { - Q_D(QSslSocket); QFile file(fileName); - if (file.open(QIODevice::ReadOnly)) { - d->configuration.privateKey = QSslKey(file.readAll(), algorithm, - format, QSsl::PrivateKey, passPhrase); + if (!file.open(QIODevice::ReadOnly)) { + qCWarning(lcSsl, "QSslSocket::setPrivateKey: Couldn't open file for reading"); + return; + } + + QSslKey key(file.readAll(), algorithm, format, QSsl::PrivateKey, passPhrase); + if (key.isNull()) { + qCWarning(lcSsl, "QSslSocket::setPrivateKey: " + "The specified file does not contain a valid key"); + return; } + + Q_D(QSslSocket); + d->configuration.privateKey = key; } /*! -- cgit v1.2.3 From 1af234f24e1bdf5812f5b7addb5c83094b00a1bf Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Wed, 6 Mar 2019 10:16:43 +0100 Subject: QSslKey - clean up the code a bit (SecureTransport) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To get rid of different warnings (visible in qt-creator at least). Change-Id: Ic7b57cbd56494704eda3f0616fcd901a8fab63db Reviewed-by: Edward Welbourne Reviewed-by: Mårten Nordheim --- src/network/ssl/qsslkey_mac.cpp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslkey_mac.cpp b/src/network/ssl/qsslkey_mac.cpp index d460cbfdab..b0f726a2e6 100644 --- a/src/network/ssl/qsslkey_mac.cpp +++ b/src/network/ssl/qsslkey_mac.cpp @@ -42,7 +42,9 @@ #include -QT_USE_NAMESPACE +#include + +QT_BEGIN_NAMESPACE static QByteArray wrapCCCrypt(CCOperation ccOp, QSslKeyPrivate::Cipher cipher, @@ -69,12 +71,12 @@ static QByteArray wrapCCCrypt(CCOperation ccOp, QByteArray plain(data.size() + blockSize, 0); CCCryptorStatus status = CCCrypt( ccOp, ccAlgorithm, kCCOptionPKCS7Padding, - key.constData(), key.size(), + key.constData(), std::size_t(key.size()), iv.constData(), - data.constData(), data.size(), - plain.data(), plain.size(), &plainLength); + data.constData(), std::size_t(data.size()), + plain.data(), std::size_t(plain.size()), &plainLength); if (status == kCCSuccess) - return plain.left(plainLength); + return plain.left(int(plainLength)); return QByteArray(); } @@ -87,3 +89,5 @@ QByteArray QSslKeyPrivate::encrypt(Cipher cipher, const QByteArray &data, const { return wrapCCCrypt(kCCEncrypt, cipher, data, key, iv); } + +QT_END_NAMESPACE -- cgit v1.2.3 From 01a54342521de9994ef54f4a01916b8782c685f6 Mon Sep 17 00:00:00 2001 From: Timur Pocheptsov Date: Mon, 4 Mar 2019 16:11:20 +0100 Subject: QSslKey - add a support for AES encrypted keys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit for SecureTransport backend. OpenSSL, while reading RSA/DSA, is internally calling EVP_BytesToKey that essentially does the same thing this patch does in 'deriveAesKey' and thus able to correctly decrypt whatever it first encrypted (while generating/ encrypting keys). Fixes: QTBUG-54422 Change-Id: Ia9f7599c5b19bf364c179f2abd2aab7ea5359a65 Reviewed-by: Mårten Nordheim --- src/network/ssl/qsslkey_mac.cpp | 8 +++++- src/network/ssl/qsslkey_openssl.cpp | 8 ++++++ src/network/ssl/qsslkey_p.h | 5 +++- src/network/ssl/qsslkey_qt.cpp | 48 ++++++++++++++++++++++++++++++++++++ src/network/ssl/qsslkey_schannel.cpp | 1 + 5 files changed, 68 insertions(+), 2 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslkey_mac.cpp b/src/network/ssl/qsslkey_mac.cpp index b0f726a2e6..814fe1c4bc 100644 --- a/src/network/ssl/qsslkey_mac.cpp +++ b/src/network/ssl/qsslkey_mac.cpp @@ -66,7 +66,13 @@ static QByteArray wrapCCCrypt(CCOperation ccOp, blockSize = kCCBlockSizeRC2; ccAlgorithm = kCCAlgorithmRC2; break; - }; + case QSslKeyPrivate::Aes128Cbc: + case QSslKeyPrivate::Aes192Cbc: + case QSslKeyPrivate::Aes256Cbc: + blockSize = kCCBlockSizeAES128; + ccAlgorithm = kCCAlgorithmAES; + break; + } size_t plainLength = 0; QByteArray plain(data.size() + blockSize, 0); CCCryptorStatus status = CCCrypt( diff --git a/src/network/ssl/qsslkey_openssl.cpp b/src/network/ssl/qsslkey_openssl.cpp index 99c1a39c73..dfb80bd829 100644 --- a/src/network/ssl/qsslkey_openssl.cpp +++ b/src/network/ssl/qsslkey_openssl.cpp @@ -333,6 +333,14 @@ static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, type = q_EVP_rc2_cbc(); #endif break; + case QSslKeyPrivate::Aes128Cbc: + case QSslKeyPrivate::Aes192Cbc: + case QSslKeyPrivate::Aes256Cbc: + // Just to avoid compiler warnings/errors. OpenSSL uses a different + // codepath when reading encrypted keys, and they all correctly + // deduce the cipher and know how to derive a key. + Q_UNREACHABLE(); + break; } if (type == nullptr) diff --git a/src/network/ssl/qsslkey_p.h b/src/network/ssl/qsslkey_p.h index 06403b5479..1f2b59904a 100644 --- a/src/network/ssl/qsslkey_p.h +++ b/src/network/ssl/qsslkey_p.h @@ -105,7 +105,10 @@ public: enum Cipher { DesCbc, DesEde3Cbc, - Rc2Cbc + Rc2Cbc, + Aes128Cbc, + Aes192Cbc, + Aes256Cbc }; Q_AUTOTEST_EXPORT static QByteArray decrypt(Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv); diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp index 5ebd8ac3bd..61251b641b 100644 --- a/src/network/ssl/qsslkey_qt.cpp +++ b/src/network/ssl/qsslkey_qt.cpp @@ -124,6 +124,37 @@ static int numberOfBits(const QByteArray &modulus) return bits; } +static QByteArray deriveAesKey(QSslKeyPrivate::Cipher cipher, const QByteArray &passPhrase, const QByteArray &iv) +{ + // This is somewhat simplified and shortened version of what OpenSSL does. + // See, for example, EVP_BytesToKey for the "algorithm" itself and elsewhere + // in their code for what they pass as arguments to EVP_BytesToKey when + // deriving encryption keys (when reading/writing pems files with encrypted + // keys). + + Q_ASSERT(iv.size() >= 8); + + QCryptographicHash hash(QCryptographicHash::Md5); + + QByteArray data(passPhrase); + data.append(iv.data(), 8); // AKA PKCS5_SALT_LEN in OpenSSL. + + hash.addData(data); + + if (cipher == QSslKeyPrivate::Aes128Cbc) + return hash.result(); + + QByteArray key(hash.result()); + hash.reset(); + hash.addData(key); + hash.addData(data); + + if (cipher == QSslKeyPrivate::Aes192Cbc) + return key.append(hash.result().constData(), 8); + + return key.append(hash.result()); +} + static QByteArray deriveKey(QSslKeyPrivate::Cipher cipher, const QByteArray &passPhrase, const QByteArray &iv) { QByteArray key; @@ -145,6 +176,10 @@ static QByteArray deriveKey(QSslKeyPrivate::Cipher cipher, const QByteArray &pas case QSslKeyPrivate::Rc2Cbc: key = hash.result(); break; + case QSslKeyPrivate::Aes128Cbc: + case QSslKeyPrivate::Aes192Cbc: + case QSslKeyPrivate::Aes256Cbc: + return deriveAesKey(cipher, passPhrase, iv); } return key; } @@ -378,6 +413,15 @@ void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhra cipher = DesEde3Cbc; } else if (dekInfo.first() == "RC2-CBC") { cipher = Rc2Cbc; +// TODO: Add SChannel version too! +#ifdef QT_SECURETRANSPORT + } else if (dekInfo.first() == "AES-128-CBC") { + cipher = Aes128Cbc; + } else if (dekInfo.first() == "AES-192-CBC") { + cipher = Aes192Cbc; + } else if (dekInfo.first() == "AES-256-CBC") { + cipher = Aes256Cbc; +#endif // QT_SECURETRANSPORT } else { clear(deepClear); return; @@ -554,6 +598,10 @@ static EncryptionData readPbes2(const QVector &element, const QByt return {}; break; } // @todo(?): case (RC5 , AES) + case QSslKeyPrivate::Cipher::Aes128Cbc: + case QSslKeyPrivate::Cipher::Aes192Cbc: + case QSslKeyPrivate::Cipher::Aes256Cbc: + Q_UNREACHABLE(); } if (Q_LIKELY(keyDerivationAlgorithm == PKCS5_PBKDF2_ENCRYPTION_OID)) { diff --git a/src/network/ssl/qsslkey_schannel.cpp b/src/network/ssl/qsslkey_schannel.cpp index 5694068860..9dfbc87e9a 100644 --- a/src/network/ssl/qsslkey_schannel.cpp +++ b/src/network/ssl/qsslkey_schannel.cpp @@ -57,6 +57,7 @@ const wchar_t *getName(QSslKeyPrivate::Cipher cipher) return BCRYPT_3DES_ALGORITHM; case QSslKeyPrivate::Cipher::Rc2Cbc: return BCRYPT_RC2_ALGORITHM; + default:; } Q_UNREACHABLE(); } -- cgit v1.2.3 From 41e7b71c410b77a81d09d3cc2e169ffd7975b4d2 Mon Sep 17 00:00:00 2001 From: Kevin Funk Date: Tue, 12 Mar 2019 11:46:26 +0100 Subject: More nullptr usage in headers Diff generated by running clang-tidy's modernize-use-nullptr checker on the CMake-based Qt version. Skipping src/3rdparty, examples/, tests/ Change-Id: Ib182074e2e2fd52f63093f73b3e2e4c0cb7af188 Reviewed-by: Friedemann Kleint Reviewed-by: Simon Hausmann --- src/network/ssl/qasn1element_p.h | 4 ++-- src/network/ssl/qsslcertificate_p.h | 2 +- src/network/ssl/qsslcontext_openssl_p.h | 2 +- src/network/ssl/qsslkey_p.h | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qasn1element_p.h b/src/network/ssl/qasn1element_p.h index 22948e3ca5..020b5aa1af 100644 --- a/src/network/ssl/qasn1element_p.h +++ b/src/network/ssl/qasn1element_p.h @@ -156,10 +156,10 @@ public: static QAsn1Element fromVector(const QVector &items); static QAsn1Element fromObjectId(const QByteArray &id); - bool toBool(bool *ok = 0) const; + bool toBool(bool *ok = nullptr) const; QDateTime toDateTime() const; QMultiMap toInfo() const; - qint64 toInteger(bool *ok = 0) const; + qint64 toInteger(bool *ok = nullptr) const; QVector toVector() const; QByteArray toObjectId() const; QByteArray toObjectName() const; diff --git a/src/network/ssl/qsslcertificate_p.h b/src/network/ssl/qsslcertificate_p.h index 4b331d4c4e..234cd45ceb 100644 --- a/src/network/ssl/qsslcertificate_p.h +++ b/src/network/ssl/qsslcertificate_p.h @@ -87,7 +87,7 @@ class QSslCertificatePrivate { public: QSslCertificatePrivate() - : null(true), x509(0) + : null(true), x509(nullptr) { #ifndef QT_NO_SSL QSslSocketPrivate::ensureInitialized(); diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h index 48beebf134..1fa27279c7 100644 --- a/src/network/ssl/qsslcontext_openssl_p.h +++ b/src/network/ssl/qsslcontext_openssl_p.h @@ -89,7 +89,7 @@ public: #if OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_NEXTPROTONEG) // must be public because we want to use it from an OpenSSL callback struct NPNContext { - NPNContext() : data(0), + NPNContext() : data(nullptr), len(0), status(QSslConfiguration::NextProtocolNegotiationNone) { } diff --git a/src/network/ssl/qsslkey_p.h b/src/network/ssl/qsslkey_p.h index 1f2b59904a..dd1a31b0e5 100644 --- a/src/network/ssl/qsslkey_p.h +++ b/src/network/ssl/qsslkey_p.h @@ -68,7 +68,7 @@ class QSslKeyPrivate public: inline QSslKeyPrivate() : algorithm(QSsl::Opaque) - , opaque(0) + , opaque(nullptr) { clear(false); } -- cgit v1.2.3 From 7111ba173673a950eec70a9e881a4181d714cf0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= Date: Tue, 5 Mar 2019 17:05:13 +0100 Subject: Schannel: support for AES-encrypted keys Task-number: QTBUG-54422 Change-Id: I7387cdf9ca927c91cccf3dab7d2deb577ce71802 Reviewed-by: Timur Pocheptsov Reviewed-by: Edward Welbourne --- src/network/ssl/qsslkey_qt.cpp | 5 ++--- src/network/ssl/qsslkey_schannel.cpp | 5 ++++- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp index 61251b641b..1b2d9a49aa 100644 --- a/src/network/ssl/qsslkey_qt.cpp +++ b/src/network/ssl/qsslkey_qt.cpp @@ -413,15 +413,14 @@ void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhra cipher = DesEde3Cbc; } else if (dekInfo.first() == "RC2-CBC") { cipher = Rc2Cbc; -// TODO: Add SChannel version too! -#ifdef QT_SECURETRANSPORT +#if defined(QT_SECURETRANSPORT) || QT_CONFIG(schannel) } else if (dekInfo.first() == "AES-128-CBC") { cipher = Aes128Cbc; } else if (dekInfo.first() == "AES-192-CBC") { cipher = Aes192Cbc; } else if (dekInfo.first() == "AES-256-CBC") { cipher = Aes256Cbc; -#endif // QT_SECURETRANSPORT +#endif // QT_SECURETRANSPORT || schannel } else { clear(deepClear); return; diff --git a/src/network/ssl/qsslkey_schannel.cpp b/src/network/ssl/qsslkey_schannel.cpp index 9dfbc87e9a..1e21d123f4 100644 --- a/src/network/ssl/qsslkey_schannel.cpp +++ b/src/network/ssl/qsslkey_schannel.cpp @@ -57,7 +57,10 @@ const wchar_t *getName(QSslKeyPrivate::Cipher cipher) return BCRYPT_3DES_ALGORITHM; case QSslKeyPrivate::Cipher::Rc2Cbc: return BCRYPT_RC2_ALGORITHM; - default:; + case QSslKeyPrivate::Cipher::Aes128Cbc: + case QSslKeyPrivate::Cipher::Aes192Cbc: + case QSslKeyPrivate::Cipher::Aes256Cbc: + return BCRYPT_AES_ALGORITHM; } Q_UNREACHABLE(); } -- cgit v1.2.3 From 03ada0217c201903b8282f77e292f1964e00b880 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= Date: Mon, 18 Mar 2019 11:39:50 +0100 Subject: WinRT: Add support for AES-encrypted keys Task-number: QTBUG-54422 Change-Id: Icbf2b153edacb348e475d6adb9aecb63519874de Reviewed-by: Timur Pocheptsov Reviewed-by: Edward Welbourne --- src/network/ssl/qsslkey_qt.cpp | 2 -- src/network/ssl/qsslkey_winrt.cpp | 9 +++++++++ 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp index 1b2d9a49aa..2662418a05 100644 --- a/src/network/ssl/qsslkey_qt.cpp +++ b/src/network/ssl/qsslkey_qt.cpp @@ -413,14 +413,12 @@ void QSslKeyPrivate::decodePem(const QByteArray &pem, const QByteArray &passPhra cipher = DesEde3Cbc; } else if (dekInfo.first() == "RC2-CBC") { cipher = Rc2Cbc; -#if defined(QT_SECURETRANSPORT) || QT_CONFIG(schannel) } else if (dekInfo.first() == "AES-128-CBC") { cipher = Aes128Cbc; } else if (dekInfo.first() == "AES-192-CBC") { cipher = Aes192Cbc; } else if (dekInfo.first() == "AES-256-CBC") { cipher = Aes256Cbc; -#endif // QT_SECURETRANSPORT || schannel } else { clear(deepClear); return; diff --git a/src/network/ssl/qsslkey_winrt.cpp b/src/network/ssl/qsslkey_winrt.cpp index f2ed813965..69eaaa387f 100644 --- a/src/network/ssl/qsslkey_winrt.cpp +++ b/src/network/ssl/qsslkey_winrt.cpp @@ -83,6 +83,15 @@ struct SslKeyGlobal hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"RC2_CBC").Get(), &keyProviders[QSslKeyPrivate::Rc2Cbc]); Q_ASSERT_SUCCEEDED(hr); + hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"AES_CBC").Get(), + &keyProviders[QSslKeyPrivate::Aes128Cbc]); + Q_ASSERT_SUCCEEDED(hr); + hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"AES_CBC").Get(), + &keyProviders[QSslKeyPrivate::Aes192Cbc]); + Q_ASSERT_SUCCEEDED(hr); + hr = keyProviderFactory->OpenAlgorithm(HString::MakeReference(L"AES_CBC").Get(), + &keyProviders[QSslKeyPrivate::Aes256Cbc]); + Q_ASSERT_SUCCEEDED(hr); hr = GetActivationFactory(HString::MakeReference(RuntimeClass_Windows_Security_Cryptography_CryptographicBuffer).Get(), &bufferFactory); -- cgit v1.2.3 From a06dfed4cc94fefca3f0db7eca679f083a984c9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= Date: Tue, 12 Mar 2019 12:28:47 +0100 Subject: tst_qsslkey: test AES encryption in the 'encrypt' test And export the required symbols in OpenSSL so we can run the test there as well even if it's not needed for any functionality. Change-Id: I4246d2b0bbdd42079d255f97f3c66ce8bb37390b Reviewed-by: Timur Pocheptsov --- src/network/ssl/qsslkey_openssl.cpp | 9 +++++---- src/network/ssl/qsslsocket_openssl_symbols.cpp | 10 ++++++++++ src/network/ssl/qsslsocket_openssl_symbols_p.h | 5 +++++ 3 files changed, 20 insertions(+), 4 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslkey_openssl.cpp b/src/network/ssl/qsslkey_openssl.cpp index dfb80bd829..888058df22 100644 --- a/src/network/ssl/qsslkey_openssl.cpp +++ b/src/network/ssl/qsslkey_openssl.cpp @@ -334,12 +334,13 @@ static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, #endif break; case QSslKeyPrivate::Aes128Cbc: + type = q_EVP_aes_128_cbc(); + break; case QSslKeyPrivate::Aes192Cbc: + type = q_EVP_aes_192_cbc(); + break; case QSslKeyPrivate::Aes256Cbc: - // Just to avoid compiler warnings/errors. OpenSSL uses a different - // codepath when reading encrypted keys, and they all correctly - // deduce the cipher and know how to derive a key. - Q_UNREACHABLE(); + type = q_EVP_aes_256_cbc(); break; } diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index f136c92a65..e04d45c10c 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -359,6 +359,11 @@ DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return null #ifndef OPENSSL_NO_RC2 DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return nullptr, return) #endif +#ifndef OPENSSL_NO_AES +DEFINEFUNC(const EVP_CIPHER *, EVP_aes_128_cbc, DUMMYARG, DUMMYARG, return nullptr, return) +DEFINEFUNC(const EVP_CIPHER *, EVP_aes_192_cbc, DUMMYARG, DUMMYARG, return nullptr, return) +DEFINEFUNC(const EVP_CIPHER *, EVP_aes_256_cbc, DUMMYARG, DUMMYARG, return nullptr, return) +#endif DEFINEFUNC(const EVP_MD *, EVP_sha1, DUMMYARG, DUMMYARG, return nullptr, return) DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return) DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return) @@ -1178,6 +1183,11 @@ bool q_resolveOpenSslSymbols() #endif #ifndef OPENSSL_NO_RC2 RESOLVEFUNC(EVP_rc2_cbc) +#endif +#ifndef OPENSSL_NO_AES + RESOLVEFUNC(EVP_aes_128_cbc) + RESOLVEFUNC(EVP_aes_192_cbc) + RESOLVEFUNC(EVP_aes_256_cbc) #endif RESOLVEFUNC(EVP_sha1) RESOLVEFUNC(EVP_PKEY_assign) diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index 59b6e53940..fcf96dbd47 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -281,6 +281,11 @@ const EVP_CIPHER *q_EVP_des_ede3_cbc(); #ifndef OPENSSL_NO_RC2 const EVP_CIPHER *q_EVP_rc2_cbc(); #endif +#ifndef OPENSSL_NO_AES +const EVP_CIPHER *q_EVP_aes_128_cbc(); +const EVP_CIPHER *q_EVP_aes_192_cbc(); +const EVP_CIPHER *q_EVP_aes_256_cbc(); +#endif Q_AUTOTEST_EXPORT const EVP_MD *q_EVP_sha1(); int q_EVP_PKEY_assign(EVP_PKEY *a, int b, char *c); Q_AUTOTEST_EXPORT int q_EVP_PKEY_set1_RSA(EVP_PKEY *a, RSA *b); -- cgit v1.2.3 From 8d7c97d428cdf89c3419a4e13b62a9849feefce9 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Thu, 4 Apr 2019 16:46:41 +0200 Subject: Remove remaining Q_DECL_NOEXCEPT/Q_DECL_NOTHROW usage Change-Id: I91ac9e714a465cab226b211812aa46e8fe5ff2ab Reviewed-by: Thiago Macieira --- src/network/ssl/qocspresponse.cpp | 4 ++-- src/network/ssl/qocspresponse.h | 6 +++--- src/network/ssl/qsslcertificate.h | 8 ++++---- src/network/ssl/qsslcertificate_openssl.cpp | 2 +- src/network/ssl/qsslcertificate_qt.cpp | 2 +- src/network/ssl/qsslcertificateextension.h | 4 ++-- src/network/ssl/qsslcipher.h | 4 ++-- src/network/ssl/qsslconfiguration.h | 4 ++-- src/network/ssl/qssldiffiehellmanparameters.cpp | 12 ++++++------ src/network/ssl/qssldiffiehellmanparameters.h | 24 ++++++++++++------------ src/network/ssl/qsslellipticcurve.h | 18 +++++++++--------- src/network/ssl/qsslellipticcurve_dummy.cpp | 2 +- src/network/ssl/qsslellipticcurve_openssl.cpp | 2 +- src/network/ssl/qsslerror.cpp | 2 +- src/network/ssl/qsslerror.h | 6 +++--- src/network/ssl/qsslkey.h | 4 ++-- src/network/ssl/qsslpresharedkeyauthenticator.h | 4 ++-- 17 files changed, 54 insertions(+), 54 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qocspresponse.cpp b/src/network/ssl/qocspresponse.cpp index d564e817ca..79f0cfd1d4 100644 --- a/src/network/ssl/qocspresponse.cpp +++ b/src/network/ssl/qocspresponse.cpp @@ -133,7 +133,7 @@ QOcspResponse::QOcspResponse(const QOcspResponse &) = default; Move-constructs a QOcspResponse instance. */ -QOcspResponse::QOcspResponse(QOcspResponse &&) Q_DECL_NOTHROW = default; +QOcspResponse::QOcspResponse(QOcspResponse &&) noexcept = default; /*! \since 5.13 @@ -154,7 +154,7 @@ QOcspResponse &QOcspResponse::operator=(const QOcspResponse &) = default; Move-assigns to this QOcspResponse instance. */ -QOcspResponse &QOcspResponse::operator=(QOcspResponse &&) Q_DECL_NOTHROW = default; +QOcspResponse &QOcspResponse::operator=(QOcspResponse &&) noexcept = default; /*! \fn void QOcspResponse::swap(QOcspResponse &other) diff --git a/src/network/ssl/qocspresponse.h b/src/network/ssl/qocspresponse.h index 552a088ba5..0e134d236b 100644 --- a/src/network/ssl/qocspresponse.h +++ b/src/network/ssl/qocspresponse.h @@ -82,11 +82,11 @@ public: QOcspResponse(); QOcspResponse(const QOcspResponse &other); - QOcspResponse(QOcspResponse && other) Q_DECL_NOEXCEPT; + QOcspResponse(QOcspResponse && other) noexcept; ~QOcspResponse(); QOcspResponse &operator = (const QOcspResponse &other); - QOcspResponse &operator = (QOcspResponse &&other) Q_DECL_NOTHROW; + QOcspResponse &operator = (QOcspResponse &&other) noexcept; QOcspCertificateStatus certificateStatus() const; QOcspRevocationReason revocationReason() const; @@ -94,7 +94,7 @@ public: class QSslCertificate responder() const; QSslCertificate subject() const; - void swap(QOcspResponse &other) Q_DECL_NOTHROW { d.swap(other.d); } + void swap(QOcspResponse &other) noexcept { d.swap(other.d); } private: diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index 266fcdacb4..a6acfa2cc3 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -66,7 +66,7 @@ class QStringList; class QSslCertificate; // qHash is a friend, but we can't use default arguments for friends (§8.3.6.4) -Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed = 0) Q_DECL_NOTHROW; +Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed = 0) noexcept; class QSslCertificatePrivate; class Q_NETWORK_EXPORT QSslCertificate @@ -89,11 +89,11 @@ public: QSslCertificate(const QSslCertificate &other); ~QSslCertificate(); #ifdef Q_COMPILER_RVALUE_REFS - QSslCertificate &operator=(QSslCertificate &&other) Q_DECL_NOTHROW { swap(other); return *this; } + QSslCertificate &operator=(QSslCertificate &&other) noexcept { swap(other); return *this; } #endif QSslCertificate &operator=(const QSslCertificate &other); - void swap(QSslCertificate &other) Q_DECL_NOTHROW + void swap(QSslCertificate &other) noexcept { qSwap(d, other.d); } bool operator==(const QSslCertificate &other) const; @@ -169,7 +169,7 @@ private: friend class QSslCertificatePrivate; friend class QSslSocketBackendPrivate; - friend Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW; + friend Q_NETWORK_EXPORT uint qHash(const QSslCertificate &key, uint seed) noexcept; }; Q_DECLARE_SHARED(QSslCertificate) diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp index 899c8a0d2d..806c6426e4 100644 --- a/src/network/ssl/qsslcertificate_openssl.cpp +++ b/src/network/ssl/qsslcertificate_openssl.cpp @@ -65,7 +65,7 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const return false; } -uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW +uint qHash(const QSslCertificate &key, uint seed) noexcept { if (X509 * const x509 = key.d->x509) { const EVP_MD *sha1 = q_EVP_sha1(); diff --git a/src/network/ssl/qsslcertificate_qt.cpp b/src/network/ssl/qsslcertificate_qt.cpp index cce59b5ef3..8b5035ad96 100644 --- a/src/network/ssl/qsslcertificate_qt.cpp +++ b/src/network/ssl/qsslcertificate_qt.cpp @@ -64,7 +64,7 @@ bool QSslCertificate::operator==(const QSslCertificate &other) const return d->derData == other.d->derData; } -uint qHash(const QSslCertificate &key, uint seed) Q_DECL_NOTHROW +uint qHash(const QSslCertificate &key, uint seed) noexcept { // DER is the native encoding here, so toDer() is just "return d->derData": return qHash(key.toDer(), seed); diff --git a/src/network/ssl/qsslcertificateextension.h b/src/network/ssl/qsslcertificateextension.h index c2910e1707..f862015312 100644 --- a/src/network/ssl/qsslcertificateextension.h +++ b/src/network/ssl/qsslcertificateextension.h @@ -56,12 +56,12 @@ public: QSslCertificateExtension(); QSslCertificateExtension(const QSslCertificateExtension &other); #ifdef Q_COMPILER_RVALUE_REFS - QSslCertificateExtension &operator=(QSslCertificateExtension &&other) Q_DECL_NOTHROW { swap(other); return *this; } + QSslCertificateExtension &operator=(QSslCertificateExtension &&other) noexcept { swap(other); return *this; } #endif QSslCertificateExtension &operator=(const QSslCertificateExtension &other); ~QSslCertificateExtension(); - void swap(QSslCertificateExtension &other) Q_DECL_NOTHROW { qSwap(d, other.d); } + void swap(QSslCertificateExtension &other) noexcept { qSwap(d, other.d); } QString oid() const; QString name() const; diff --git a/src/network/ssl/qsslcipher.h b/src/network/ssl/qsslcipher.h index c6328e0169..430fe9aa7c 100644 --- a/src/network/ssl/qsslcipher.h +++ b/src/network/ssl/qsslcipher.h @@ -60,12 +60,12 @@ public: QSslCipher(const QString &name, QSsl::SslProtocol protocol); QSslCipher(const QSslCipher &other); #ifdef Q_COMPILER_RVALUE_REFS - QSslCipher &operator=(QSslCipher &&other) Q_DECL_NOTHROW { swap(other); return *this; } + QSslCipher &operator=(QSslCipher &&other) noexcept { swap(other); return *this; } #endif QSslCipher &operator=(const QSslCipher &other); ~QSslCipher(); - void swap(QSslCipher &other) Q_DECL_NOTHROW + void swap(QSslCipher &other) noexcept { qSwap(d, other.d); } bool operator==(const QSslCipher &other) const; diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h index 8f53e25a53..16704ba17b 100644 --- a/src/network/ssl/qsslconfiguration.h +++ b/src/network/ssl/qsslconfiguration.h @@ -86,11 +86,11 @@ public: QSslConfiguration(const QSslConfiguration &other); ~QSslConfiguration(); #ifdef Q_COMPILER_RVALUE_REFS - QSslConfiguration &operator=(QSslConfiguration &&other) Q_DECL_NOTHROW { swap(other); return *this; } + QSslConfiguration &operator=(QSslConfiguration &&other) noexcept { swap(other); return *this; } #endif QSslConfiguration &operator=(const QSslConfiguration &other); - void swap(QSslConfiguration &other) Q_DECL_NOTHROW + void swap(QSslConfiguration &other) noexcept { qSwap(d, other.d); } bool operator==(const QSslConfiguration &other) const; diff --git a/src/network/ssl/qssldiffiehellmanparameters.cpp b/src/network/ssl/qssldiffiehellmanparameters.cpp index 65041d4456..7807afaa30 100644 --- a/src/network/ssl/qssldiffiehellmanparameters.cpp +++ b/src/network/ssl/qssldiffiehellmanparameters.cpp @@ -213,7 +213,7 @@ QSslDiffieHellmanParameters &QSslDiffieHellmanParameters::operator=(const QSslDi Setting an empty QSslDiffieHellmanParameters instance on a QSslSocket-based server will disable Diffie-Hellman key exchange. */ -bool QSslDiffieHellmanParameters::isEmpty() const Q_DECL_NOTHROW +bool QSslDiffieHellmanParameters::isEmpty() const noexcept { return d->derData.isNull() && d->error == QSslDiffieHellmanParameters::NoError; } @@ -229,7 +229,7 @@ bool QSslDiffieHellmanParameters::isEmpty() const Q_DECL_NOTHROW \sa error() */ -bool QSslDiffieHellmanParameters::isValid() const Q_DECL_NOTHROW +bool QSslDiffieHellmanParameters::isValid() const noexcept { return d->error == QSslDiffieHellmanParameters::NoError; } @@ -253,7 +253,7 @@ bool QSslDiffieHellmanParameters::isValid() const Q_DECL_NOTHROW Returns the error that caused the QSslDiffieHellmanParameters object to be invalid. */ -QSslDiffieHellmanParameters::Error QSslDiffieHellmanParameters::error() const Q_DECL_NOTHROW +QSslDiffieHellmanParameters::Error QSslDiffieHellmanParameters::error() const noexcept { return d->error; } @@ -262,7 +262,7 @@ QSslDiffieHellmanParameters::Error QSslDiffieHellmanParameters::error() const Q_ Returns a human-readable description of the error that caused the QSslDiffieHellmanParameters object to be invalid. */ -QString QSslDiffieHellmanParameters::errorString() const Q_DECL_NOTHROW +QString QSslDiffieHellmanParameters::errorString() const noexcept { switch (d->error) { case QSslDiffieHellmanParameters::NoError: @@ -283,7 +283,7 @@ QString QSslDiffieHellmanParameters::errorString() const Q_DECL_NOTHROW Returns \c true if \a lhs is equal to \a rhs; otherwise returns \c false. */ -bool operator==(const QSslDiffieHellmanParameters &lhs, const QSslDiffieHellmanParameters &rhs) Q_DECL_NOTHROW +bool operator==(const QSslDiffieHellmanParameters &lhs, const QSslDiffieHellmanParameters &rhs) noexcept { return lhs.d->derData == rhs.d->derData; } @@ -316,7 +316,7 @@ QDebug operator<<(QDebug debug, const QSslDiffieHellmanParameters &dhparam) Returns an hash value for \a dhparam, using \a seed to seed the calculation. */ -uint qHash(const QSslDiffieHellmanParameters &dhparam, uint seed) Q_DECL_NOTHROW +uint qHash(const QSslDiffieHellmanParameters &dhparam, uint seed) noexcept { return qHash(dhparam.d->derData, seed); } diff --git a/src/network/ssl/qssldiffiehellmanparameters.h b/src/network/ssl/qssldiffiehellmanparameters.h index 497d2bebfb..f62a3b8f44 100644 --- a/src/network/ssl/qssldiffiehellmanparameters.h +++ b/src/network/ssl/qssldiffiehellmanparameters.h @@ -56,16 +56,16 @@ class QSslDiffieHellmanParametersPrivate; class QSslDiffieHellmanParameters; // qHash is a friend, but we can't use default arguments for friends (§8.3.6.4) -Q_NETWORK_EXPORT uint qHash(const QSslDiffieHellmanParameters &dhparam, uint seed = 0) Q_DECL_NOTHROW; +Q_NETWORK_EXPORT uint qHash(const QSslDiffieHellmanParameters &dhparam, uint seed = 0) noexcept; #ifndef QT_NO_DEBUG_STREAM class QDebug; Q_NETWORK_EXPORT QDebug operator<<(QDebug debug, const QSslDiffieHellmanParameters &dhparams); #endif -Q_NETWORK_EXPORT bool operator==(const QSslDiffieHellmanParameters &lhs, const QSslDiffieHellmanParameters &rhs) Q_DECL_NOTHROW; +Q_NETWORK_EXPORT bool operator==(const QSslDiffieHellmanParameters &lhs, const QSslDiffieHellmanParameters &rhs) noexcept; -inline bool operator!=(const QSslDiffieHellmanParameters &lhs, const QSslDiffieHellmanParameters &rhs) Q_DECL_NOTHROW +inline bool operator!=(const QSslDiffieHellmanParameters &lhs, const QSslDiffieHellmanParameters &rhs) noexcept { return !operator==(lhs, rhs); } @@ -83,30 +83,30 @@ public: Q_NETWORK_EXPORT QSslDiffieHellmanParameters(); Q_NETWORK_EXPORT QSslDiffieHellmanParameters(const QSslDiffieHellmanParameters &other); - QSslDiffieHellmanParameters(QSslDiffieHellmanParameters &&other) Q_DECL_NOTHROW : d(other.d) { other.d = nullptr; } + QSslDiffieHellmanParameters(QSslDiffieHellmanParameters &&other) noexcept : d(other.d) { other.d = nullptr; } Q_NETWORK_EXPORT ~QSslDiffieHellmanParameters(); Q_NETWORK_EXPORT QSslDiffieHellmanParameters &operator=(const QSslDiffieHellmanParameters &other); - QSslDiffieHellmanParameters &operator=(QSslDiffieHellmanParameters &&other) Q_DECL_NOTHROW { swap(other); return *this; } + QSslDiffieHellmanParameters &operator=(QSslDiffieHellmanParameters &&other) noexcept { swap(other); return *this; } - void swap(QSslDiffieHellmanParameters &other) Q_DECL_NOTHROW { qSwap(d, other.d); } + void swap(QSslDiffieHellmanParameters &other) noexcept { qSwap(d, other.d); } Q_NETWORK_EXPORT static QSslDiffieHellmanParameters fromEncoded(const QByteArray &encoded, QSsl::EncodingFormat format = QSsl::Pem); Q_NETWORK_EXPORT static QSslDiffieHellmanParameters fromEncoded(QIODevice *device, QSsl::EncodingFormat format = QSsl::Pem); - Q_NETWORK_EXPORT bool isEmpty() const Q_DECL_NOTHROW; - Q_NETWORK_EXPORT bool isValid() const Q_DECL_NOTHROW; - Q_NETWORK_EXPORT Error error() const Q_DECL_NOTHROW; - Q_NETWORK_EXPORT QString errorString() const Q_DECL_NOTHROW; + Q_NETWORK_EXPORT bool isEmpty() const noexcept; + Q_NETWORK_EXPORT bool isValid() const noexcept; + Q_NETWORK_EXPORT Error error() const noexcept; + Q_NETWORK_EXPORT QString errorString() const noexcept; private: QSslDiffieHellmanParametersPrivate *d; friend class QSslContext; - friend Q_NETWORK_EXPORT bool operator==(const QSslDiffieHellmanParameters &lhs, const QSslDiffieHellmanParameters &rhs) Q_DECL_NOTHROW; + friend Q_NETWORK_EXPORT bool operator==(const QSslDiffieHellmanParameters &lhs, const QSslDiffieHellmanParameters &rhs) noexcept; #ifndef QT_NO_DEBUG_STREAM friend Q_NETWORK_EXPORT QDebug operator<<(QDebug debug, const QSslDiffieHellmanParameters &dhparam); #endif - friend Q_NETWORK_EXPORT uint qHash(const QSslDiffieHellmanParameters &dhparam, uint seed) Q_DECL_NOTHROW; + friend Q_NETWORK_EXPORT uint qHash(const QSslDiffieHellmanParameters &dhparam, uint seed) noexcept; }; Q_DECLARE_SHARED(QSslDiffieHellmanParameters) diff --git a/src/network/ssl/qsslellipticcurve.h b/src/network/ssl/qsslellipticcurve.h index 57dda19bad..28de3a03b4 100644 --- a/src/network/ssl/qsslellipticcurve.h +++ b/src/network/ssl/qsslellipticcurve.h @@ -52,11 +52,11 @@ QT_BEGIN_NAMESPACE class QSslEllipticCurve; // qHash is a friend, but we can't use default arguments for friends (§8.3.6.4) -Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed = 0) Q_DECL_NOTHROW; +Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed = 0) noexcept; class QSslEllipticCurve { public: - Q_DECL_CONSTEXPR QSslEllipticCurve() Q_DECL_NOTHROW + Q_DECL_CONSTEXPR QSslEllipticCurve() noexcept : id(0) { } @@ -67,18 +67,18 @@ public: Q_REQUIRED_RESULT Q_NETWORK_EXPORT QString shortName() const; Q_REQUIRED_RESULT Q_NETWORK_EXPORT QString longName() const; - Q_DECL_CONSTEXPR bool isValid() const Q_DECL_NOTHROW + Q_DECL_CONSTEXPR bool isValid() const noexcept { return id != 0; } - Q_NETWORK_EXPORT bool isTlsNamedCurve() const Q_DECL_NOTHROW; + Q_NETWORK_EXPORT bool isTlsNamedCurve() const noexcept; private: int id; - friend Q_DECL_CONSTEXPR bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) Q_DECL_NOTHROW; - friend Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed) Q_DECL_NOTHROW; + friend Q_DECL_CONSTEXPR bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) noexcept; + friend Q_DECL_CONSTEXPR uint qHash(QSslEllipticCurve curve, uint seed) noexcept; friend class QSslContext; friend class QSslSocketPrivate; @@ -87,13 +87,13 @@ private: Q_DECLARE_TYPEINFO(QSslEllipticCurve, Q_PRIMITIVE_TYPE); -Q_DECL_CONSTEXPR inline uint qHash(QSslEllipticCurve curve, uint seed) Q_DECL_NOTHROW +Q_DECL_CONSTEXPR inline uint qHash(QSslEllipticCurve curve, uint seed) noexcept { return qHash(curve.id, seed); } -Q_DECL_CONSTEXPR inline bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) Q_DECL_NOTHROW +Q_DECL_CONSTEXPR inline bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) noexcept { return lhs.id == rhs.id; } -Q_DECL_CONSTEXPR inline bool operator!=(QSslEllipticCurve lhs, QSslEllipticCurve rhs) Q_DECL_NOTHROW +Q_DECL_CONSTEXPR inline bool operator!=(QSslEllipticCurve lhs, QSslEllipticCurve rhs) noexcept { return !operator==(lhs, rhs); } #ifndef QT_NO_DEBUG_STREAM diff --git a/src/network/ssl/qsslellipticcurve_dummy.cpp b/src/network/ssl/qsslellipticcurve_dummy.cpp index 93e081b9e0..1313e06875 100644 --- a/src/network/ssl/qsslellipticcurve_dummy.cpp +++ b/src/network/ssl/qsslellipticcurve_dummy.cpp @@ -63,7 +63,7 @@ QSslEllipticCurve QSslEllipticCurve::fromLongName(const QString &name) return QSslEllipticCurve(); } -bool QSslEllipticCurve::isTlsNamedCurve() const Q_DECL_NOTHROW +bool QSslEllipticCurve::isTlsNamedCurve() const noexcept { return false; } diff --git a/src/network/ssl/qsslellipticcurve_openssl.cpp b/src/network/ssl/qsslellipticcurve_openssl.cpp index 8cd14837f0..b5e38ada53 100644 --- a/src/network/ssl/qsslellipticcurve_openssl.cpp +++ b/src/network/ssl/qsslellipticcurve_openssl.cpp @@ -170,7 +170,7 @@ static const int tlsNamedCurveNIDs[] = { static const size_t tlsNamedCurveNIDCount = sizeof(tlsNamedCurveNIDs) / sizeof(tlsNamedCurveNIDs[0]); -bool QSslEllipticCurve::isTlsNamedCurve() const Q_DECL_NOTHROW +bool QSslEllipticCurve::isTlsNamedCurve() const noexcept { const int * const tlsNamedCurveNIDsEnd = tlsNamedCurveNIDs + tlsNamedCurveNIDCount; return std::find(tlsNamedCurveNIDs, tlsNamedCurveNIDsEnd, id) != tlsNamedCurveNIDsEnd; diff --git a/src/network/ssl/qsslerror.cpp b/src/network/ssl/qsslerror.cpp index 02dd16a58d..ff54c2ad20 100644 --- a/src/network/ssl/qsslerror.cpp +++ b/src/network/ssl/qsslerror.cpp @@ -361,7 +361,7 @@ QSslCertificate QSslError::certificate() const \since 5.4 \relates QHash */ -uint qHash(const QSslError &key, uint seed) Q_DECL_NOTHROW +uint qHash(const QSslError &key, uint seed) noexcept { // 2x boost::hash_combine inlined: seed ^= qHash(key.error()) + 0x9e3779b9 + (seed << 6) + (seed >> 2); diff --git a/src/network/ssl/qsslerror.h b/src/network/ssl/qsslerror.h index 513b8afd7f..a9c46c8571 100644 --- a/src/network/ssl/qsslerror.h +++ b/src/network/ssl/qsslerror.h @@ -103,12 +103,12 @@ public: QSslError(const QSslError &other); - void swap(QSslError &other) Q_DECL_NOTHROW + void swap(QSslError &other) noexcept { qSwap(d, other.d); } ~QSslError(); #ifdef Q_COMPILER_RVALUE_REFS - QSslError &operator=(QSslError &&other) Q_DECL_NOTHROW { swap(other); return *this; } + QSslError &operator=(QSslError &&other) noexcept { swap(other); return *this; } #endif QSslError &operator=(const QSslError &other); bool operator==(const QSslError &other) const; @@ -124,7 +124,7 @@ private: }; Q_DECLARE_SHARED(QSslError) -Q_NETWORK_EXPORT uint qHash(const QSslError &key, uint seed = 0) Q_DECL_NOTHROW; +Q_NETWORK_EXPORT uint qHash(const QSslError &key, uint seed = 0) noexcept; #ifndef QT_NO_DEBUG_STREAM class QDebug; diff --git a/src/network/ssl/qsslkey.h b/src/network/ssl/qsslkey.h index 6de02b1e44..a865f20a51 100644 --- a/src/network/ssl/qsslkey.h +++ b/src/network/ssl/qsslkey.h @@ -72,12 +72,12 @@ public: explicit QSslKey(Qt::HANDLE handle, QSsl::KeyType type = QSsl::PrivateKey); QSslKey(const QSslKey &other); #ifdef Q_COMPILER_RVALUE_REFS - QSslKey &operator=(QSslKey &&other) Q_DECL_NOTHROW { swap(other); return *this; } + QSslKey &operator=(QSslKey &&other) noexcept { swap(other); return *this; } #endif QSslKey &operator=(const QSslKey &other); ~QSslKey(); - void swap(QSslKey &other) Q_DECL_NOTHROW { qSwap(d, other.d); } + void swap(QSslKey &other) noexcept { qSwap(d, other.d); } bool isNull() const; void clear(); diff --git a/src/network/ssl/qsslpresharedkeyauthenticator.h b/src/network/ssl/qsslpresharedkeyauthenticator.h index 423f7731b4..29d647b121 100644 --- a/src/network/ssl/qsslpresharedkeyauthenticator.h +++ b/src/network/ssl/qsslpresharedkeyauthenticator.h @@ -60,10 +60,10 @@ public: Q_NETWORK_EXPORT QSslPreSharedKeyAuthenticator &operator=(const QSslPreSharedKeyAuthenticator &authenticator); #ifdef Q_COMPILER_RVALUE_REFS - QSslPreSharedKeyAuthenticator &operator=(QSslPreSharedKeyAuthenticator &&other) Q_DECL_NOTHROW { swap(other); return *this; } + QSslPreSharedKeyAuthenticator &operator=(QSslPreSharedKeyAuthenticator &&other) noexcept { swap(other); return *this; } #endif - void swap(QSslPreSharedKeyAuthenticator &other) Q_DECL_NOTHROW { qSwap(d, other.d); } + void swap(QSslPreSharedKeyAuthenticator &other) noexcept { qSwap(d, other.d); } Q_NETWORK_EXPORT QByteArray identityHint() const; -- cgit v1.2.3 From 642ef0c7311e18b9b4414af6ec3a2d8210bb6880 Mon Sep 17 00:00:00 2001 From: Konstantin Shegunov Date: Wed, 3 Apr 2019 13:00:01 +0300 Subject: Clear SSL key data as soon as possible when move-assigning Move-assign uses qSwap to exchange the private pointer and thus can extend the lifetime of sensitive data. The move assignment operator is changed so it releases the private data as soon as possible. [ChangeLog][QtNetwork][QSslKey] Key data is cleared as soon as possible when move-assigning. Change-Id: Iebd029bf657acfe000417ce648e3b3829948c0e5 Reviewed-by: Samuel Gaist --- src/network/ssl/qsslkey.h | 5 ++--- src/network/ssl/qsslkey_p.cpp | 18 ++++++++++++++++++ src/network/ssl/qsslkey_qt.cpp | 5 ++++- 3 files changed, 24 insertions(+), 4 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslkey.h b/src/network/ssl/qsslkey.h index a865f20a51..74be406539 100644 --- a/src/network/ssl/qsslkey.h +++ b/src/network/ssl/qsslkey.h @@ -71,9 +71,8 @@ public: const QByteArray &passPhrase = QByteArray()); explicit QSslKey(Qt::HANDLE handle, QSsl::KeyType type = QSsl::PrivateKey); QSslKey(const QSslKey &other); -#ifdef Q_COMPILER_RVALUE_REFS - QSslKey &operator=(QSslKey &&other) noexcept { swap(other); return *this; } -#endif + QSslKey(QSslKey &&other) noexcept; + QSslKey &operator=(QSslKey &&other) noexcept; QSslKey &operator=(const QSslKey &other); ~QSslKey(); diff --git a/src/network/ssl/qsslkey_p.cpp b/src/network/ssl/qsslkey_p.cpp index b29b38beab..7d14aacebf 100644 --- a/src/network/ssl/qsslkey_p.cpp +++ b/src/network/ssl/qsslkey_p.cpp @@ -385,6 +385,24 @@ QSslKey::QSslKey(const QSslKey &other) : d(other.d) { } +QSslKey::QSslKey(QSslKey &&other) noexcept + : d(nullptr) +{ + qSwap(d, other.d); +} + +QSslKey &QSslKey::operator=(QSslKey &&other) noexcept +{ + if (this == &other) + return *this; + + // If no one else is referencing the key data we want to make sure + // before we swap the d-ptr that it is not left in memory. + d.reset(); + qSwap(d, other.d); + return *this; +} + /*! Destroys the QSslKey object. */ diff --git a/src/network/ssl/qsslkey_qt.cpp b/src/network/ssl/qsslkey_qt.cpp index 2662418a05..43969c3d28 100644 --- a/src/network/ssl/qsslkey_qt.cpp +++ b/src/network/ssl/qsslkey_qt.cpp @@ -48,6 +48,8 @@ #include +#include + QT_USE_NAMESPACE static const quint8 bits_table[256] = { @@ -186,8 +188,9 @@ static QByteArray deriveKey(QSslKeyPrivate::Cipher cipher, const QByteArray &pas void QSslKeyPrivate::clear(bool deep) { - Q_UNUSED(deep); isNull = true; + if (deep) + std::memset(derData.data(), 0, derData.size()); derData.clear(); keyLength = -1; } -- cgit v1.2.3 From b32b61f17eb6f816d854d6177e70df9c9e8fb895 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Tue, 30 Apr 2019 17:16:17 +0200 Subject: Remove handling of missing Q_COMPILER_RVALUE_REFS Remove remaining handling of missing support for rvalue refs. Change-Id: I78bab8bccfeeb9c76f464f345874364a37e4840a Reviewed-by: Edward Welbourne Reviewed-by: Thiago Macieira --- src/network/ssl/qsslcertificate.h | 2 -- src/network/ssl/qsslcertificateextension.h | 2 -- src/network/ssl/qsslcipher.h | 2 -- src/network/ssl/qsslconfiguration.h | 2 -- src/network/ssl/qsslerror.h | 2 -- src/network/ssl/qsslpresharedkeyauthenticator.h | 2 -- 6 files changed, 12 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslcertificate.h b/src/network/ssl/qsslcertificate.h index a6acfa2cc3..69901b526c 100644 --- a/src/network/ssl/qsslcertificate.h +++ b/src/network/ssl/qsslcertificate.h @@ -88,9 +88,7 @@ public: explicit QSslCertificate(const QByteArray &data = QByteArray(), QSsl::EncodingFormat format = QSsl::Pem); QSslCertificate(const QSslCertificate &other); ~QSslCertificate(); -#ifdef Q_COMPILER_RVALUE_REFS QSslCertificate &operator=(QSslCertificate &&other) noexcept { swap(other); return *this; } -#endif QSslCertificate &operator=(const QSslCertificate &other); void swap(QSslCertificate &other) noexcept diff --git a/src/network/ssl/qsslcertificateextension.h b/src/network/ssl/qsslcertificateextension.h index f862015312..7cc8a888be 100644 --- a/src/network/ssl/qsslcertificateextension.h +++ b/src/network/ssl/qsslcertificateextension.h @@ -55,9 +55,7 @@ class Q_NETWORK_EXPORT QSslCertificateExtension public: QSslCertificateExtension(); QSslCertificateExtension(const QSslCertificateExtension &other); -#ifdef Q_COMPILER_RVALUE_REFS QSslCertificateExtension &operator=(QSslCertificateExtension &&other) noexcept { swap(other); return *this; } -#endif QSslCertificateExtension &operator=(const QSslCertificateExtension &other); ~QSslCertificateExtension(); diff --git a/src/network/ssl/qsslcipher.h b/src/network/ssl/qsslcipher.h index 430fe9aa7c..6994f590ae 100644 --- a/src/network/ssl/qsslcipher.h +++ b/src/network/ssl/qsslcipher.h @@ -59,9 +59,7 @@ public: explicit QSslCipher(const QString &name); QSslCipher(const QString &name, QSsl::SslProtocol protocol); QSslCipher(const QSslCipher &other); -#ifdef Q_COMPILER_RVALUE_REFS QSslCipher &operator=(QSslCipher &&other) noexcept { swap(other); return *this; } -#endif QSslCipher &operator=(const QSslCipher &other); ~QSslCipher(); diff --git a/src/network/ssl/qsslconfiguration.h b/src/network/ssl/qsslconfiguration.h index 16704ba17b..c25c2686de 100644 --- a/src/network/ssl/qsslconfiguration.h +++ b/src/network/ssl/qsslconfiguration.h @@ -85,9 +85,7 @@ public: QSslConfiguration(); QSslConfiguration(const QSslConfiguration &other); ~QSslConfiguration(); -#ifdef Q_COMPILER_RVALUE_REFS QSslConfiguration &operator=(QSslConfiguration &&other) noexcept { swap(other); return *this; } -#endif QSslConfiguration &operator=(const QSslConfiguration &other); void swap(QSslConfiguration &other) noexcept diff --git a/src/network/ssl/qsslerror.h b/src/network/ssl/qsslerror.h index a9c46c8571..c4a0d52193 100644 --- a/src/network/ssl/qsslerror.h +++ b/src/network/ssl/qsslerror.h @@ -107,9 +107,7 @@ public: { qSwap(d, other.d); } ~QSslError(); -#ifdef Q_COMPILER_RVALUE_REFS QSslError &operator=(QSslError &&other) noexcept { swap(other); return *this; } -#endif QSslError &operator=(const QSslError &other); bool operator==(const QSslError &other) const; inline bool operator!=(const QSslError &other) const diff --git a/src/network/ssl/qsslpresharedkeyauthenticator.h b/src/network/ssl/qsslpresharedkeyauthenticator.h index 29d647b121..5d714dc34e 100644 --- a/src/network/ssl/qsslpresharedkeyauthenticator.h +++ b/src/network/ssl/qsslpresharedkeyauthenticator.h @@ -59,9 +59,7 @@ public: Q_NETWORK_EXPORT QSslPreSharedKeyAuthenticator(const QSslPreSharedKeyAuthenticator &authenticator); Q_NETWORK_EXPORT QSslPreSharedKeyAuthenticator &operator=(const QSslPreSharedKeyAuthenticator &authenticator); -#ifdef Q_COMPILER_RVALUE_REFS QSslPreSharedKeyAuthenticator &operator=(QSslPreSharedKeyAuthenticator &&other) noexcept { swap(other); return *this; } -#endif void swap(QSslPreSharedKeyAuthenticator &other) noexcept { qSwap(d, other.d); } -- cgit v1.2.3 From 92f984273262531f909ede17a324f546fe502b5c Mon Sep 17 00:00:00 2001 From: Lars Knoll Date: Mon, 6 May 2019 14:00:53 +0200 Subject: Deprecate conversion functions between QList and QSet Users should use range constructors instead to do the conversion. Keep conversion methods between QList and QVector as these will turn into a no-op in Qt 6, whereas forcing people to use range constructors would lead to deep copies of the data. Change-Id: Id9fc9e4d007044e019826da523e8418857c91283 Reviewed-by: Simon Hausmann --- src/network/ssl/qsslsocket_openssl_symbols.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index e04d45c10c..6f935a02e4 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -693,7 +693,7 @@ static QStringList libraryPathList() // discover paths of already loaded libraries QSet loadedPaths; dl_iterate_phdr(dlIterateCallback, &loadedPaths); - paths.append(loadedPaths.toList()); + paths.append(loadedPaths.values()); #endif return paths; -- cgit v1.2.3 From 5652d33f973a03b93c9b5ce9e49db8cf0430b675 Mon Sep 17 00:00:00 2001 From: Lars Knoll Date: Tue, 30 Apr 2019 11:54:31 +0200 Subject: Bump version to Qt 6 Needed to disable QT_NO_UNSHARABLE_CONTAINERS, as this triggers asserts. QMetaType also has some Qt 6 specific code disabled to get things to compile. Fix various details in autotests to accommodate for the changes with Qt 6. Add a workaround for black lists on macos, where QSysInfo::productType() now returns 'macos' and not 'osx' anymore. Change-Id: Ie26afb12a2aac36521472715934a7e34639ea4d0 Reviewed-by: Simon Hausmann --- src/network/ssl/qsslsocket_winrt.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/network/ssl') diff --git a/src/network/ssl/qsslsocket_winrt.cpp b/src/network/ssl/qsslsocket_winrt.cpp index d54ac2ad73..0bbe6fe57d 100644 --- a/src/network/ssl/qsslsocket_winrt.cpp +++ b/src/network/ssl/qsslsocket_winrt.cpp @@ -274,7 +274,7 @@ void QSslSocketBackendPrivate::startClientEncryption() } // Sync custom certificates - const QSet caCertificates = configuration.caCertificates.toSet(); + const QSet caCertificates(configuration.caCertificates.constBegin(), configuration.caCertificates.constEnd()); const QSet newCertificates = caCertificates - previousCaCertificates; const QSet oldCertificates = previousCaCertificates - caCertificates; g->syncCaCertificates(newCertificates, oldCertificates); @@ -397,7 +397,7 @@ void QSslSocketBackendPrivate::continueHandshake() hr = control2->get_IgnorableServerCertificateErrors(&ignoreList); Q_ASSERT_SUCCEEDED(hr); - QSet ignoreErrors = ignoreErrorsList.toSet(); + QSet ignoreErrors(ignoreErrorsList.constBegin(), ignoreErrorsList.constEnd()); for (int i = ChainValidationResult_Untrusted; i < ChainValidationResult_OtherErrors + 1; ++i) { // Populate the native ignore list - break to add, continue to skip switch (i) { @@ -600,7 +600,7 @@ HRESULT QSslSocketBackendPrivate::onSslUpgrade(IAsyncAction *action, AsyncStatus } } - sslErrors = errors.toList(); + sslErrors = QList(errors.constBegin(), errors.constEnd()); // Peer validation if (!configuration.peerCertificate.isNull()) { -- cgit v1.2.3