diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp --- qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 +++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslcertificate_openssl.cpp 2016-11-24 05:44:32.539671243 -0500 @@ -66,7 +66,7 @@ uint qHash(const QSslCertificate &key, u if (X509 * const x509 = key.d->x509) { (void)q_X509_cmp(x509, x509); // populate x509->sha1_hash // (if someone knows a better way...) - return qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed); + return X509_issuer_and_serial_hash(x509); // FIXME was qHashBits(x509->sha1_hash, SHA_DIGEST_LENGTH, seed) } else { return seed; } @@ -90,7 +90,7 @@ QByteArray QSslCertificate::version() co QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); if (d->versionString.isEmpty() && d->x509) d->versionString = - QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); + QByteArray::number(qlonglong(X509_get_version(d->x509)) + 1); return d->versionString; } @@ -99,7 +99,7 @@ QByteArray QSslCertificate::serialNumber { QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); if (d->serialNumberString.isEmpty() && d->x509) { - ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; + ASN1_INTEGER *serialNumber = X509_get_serialNumber(d->x509); QByteArray hexString; hexString.reserve(serialNumber->length * 3); for (int a = 0; a < serialNumber->length; ++a) { @@ -235,25 +235,22 @@ QSslKey QSslCertificate::publicKey() con QSslKey key; key.d->type = QSsl::PublicKey; - X509_PUBKEY *xkey = d->x509->cert_info->key; + X509_PUBKEY *xkey = X509_get_X509_PUBKEY(d->x509); EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); Q_ASSERT(pkey); - if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { - key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); + if ((key.d->rsa = q_EVP_PKEY_get1_RSA(pkey))) { key.d->algorithm = QSsl::Rsa; key.d->isNull = false; - } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { - key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); + } else if ((key.d->dsa = q_EVP_PKEY_get1_DSA(pkey))) { key.d->algorithm = QSsl::Dsa; key.d->isNull = false; #ifndef OPENSSL_NO_EC - } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_EC) { - key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey); + } else if ((key.d->ec = q_EVP_PKEY_get1_EC_KEY(pkey))) { key.d->algorithm = QSsl::Ec; key.d->isNull = false; #endif - } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { + } else if (EVP_PKEY_get1_DH(pkey)) { // DH unsupported } else { // error? @@ -607,7 +604,11 @@ static QMap _q_mapF unsigned char *data = 0; int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); info.insertMulti(name, QString::fromUtf8((char*)data, size)); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + q_CRYPTO_free(data, OPENSSL_FILE, OPENSSL_LINE); +#else q_CRYPTO_free(data); +#endif } return info; diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp --- qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 +++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslcontext_openssl.cpp 2016-11-24 05:44:32.539671243 -0500 @@ -110,7 +110,7 @@ void QSslContext::initSslContext(QSslCon init_context: switch (sslContext->sslConfiguration.protocol()) { case QSsl::SslV2: -#ifndef OPENSSL_NO_SSL2 +#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L sslContext->ctx = q_SSL_CTX_new(client ? q_SSLv2_client_method() : q_SSLv2_server_method()); #else // SSL 2 not supported by the system, but chosen deliberately -> error @@ -331,7 +331,7 @@ init_context: q_DH_free(dh); #ifndef OPENSSL_NO_EC -#if OPENSSL_VERSION_NUMBER >= 0x10002000L +#if OPENSSL_VERSION_NUMBER >= 0x10002000L && OPENSSL_VERSION_NUMBER < 0x10100000L if (q_SSLeay() >= 0x10002000L) { q_SSL_CTX_ctrl(sslContext->ctx, SSL_CTRL_SET_ECDH_AUTO, 1, NULL); } else @@ -487,7 +487,7 @@ bool QSslContext::cacheSession(SSL* ssl) unsigned char *data = reinterpret_cast(m_sessionASN1.data()); if (!q_i2d_SSL_SESSION(session, &data)) qCWarning(lcSsl, "could not store persistent version of SSL session"); - m_sessionTicketLifeTimeHint = session->tlsext_tick_lifetime_hint; + m_sessionTicketLifeTimeHint = SSL_SESSION_get_ticket_lifetime_hint(session); } } diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp --- qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 +++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslkey_openssl.cpp 2016-11-24 05:44:32.539671243 -0500 @@ -84,28 +84,26 @@ void QSslKeyPrivate::clear(bool deep) bool QSslKeyPrivate::fromEVP_PKEY(EVP_PKEY *pkey) { - if (pkey->type == EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) { isNull = false; algorithm = QSsl::Rsa; type = QSsl::PrivateKey; - rsa = q_RSA_new(); - memcpy(rsa, q_EVP_PKEY_get1_RSA(pkey), sizeof(RSA)); + rsa = q_EVP_PKEY_get1_RSA(pkey); return true; } - else if (pkey->type == EVP_PKEY_DSA) { + else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) { isNull = false; algorithm = QSsl::Dsa; type = QSsl::PrivateKey; - dsa = q_DSA_new(); - memcpy(dsa, q_EVP_PKEY_get1_DSA(pkey), sizeof(DSA)); + dsa = q_EVP_PKEY_get1_DSA(pkey); return true; } #ifndef OPENSSL_NO_EC - else if (pkey->type == EVP_PKEY_EC) { + else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) { isNull = false; algorithm = QSsl::Ec; type = QSsl::PrivateKey; @@ -178,8 +176,8 @@ int QSslKeyPrivate::length() const return -1; switch (algorithm) { - case QSsl::Rsa: return q_BN_num_bits(rsa->n); - case QSsl::Dsa: return q_BN_num_bits(dsa->p); + case QSsl::Rsa: return q_RSA_bits(rsa); + case QSsl::Dsa: return q_DSA_bits(dsa); #ifndef OPENSSL_NO_EC case QSsl::Ec: return q_EC_GROUP_get_degree(q_EC_KEY_get0_group(ec)); #endif @@ -273,7 +271,7 @@ Qt::HANDLE QSslKeyPrivate::handle() cons static QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, int enc) { - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER* type = 0; int i = 0, len = 0; @@ -291,21 +289,22 @@ static QByteArray doCrypt(QSslKeyPrivate QByteArray output; output.resize(data.size() + EVP_MAX_BLOCK_LENGTH); - q_EVP_CIPHER_CTX_init(&ctx); - q_EVP_CipherInit(&ctx, type, NULL, NULL, enc); - q_EVP_CIPHER_CTX_set_key_length(&ctx, key.size()); + q_EVP_CIPHER_CTX_init(ctx); + q_EVP_CipherInit(ctx, type, NULL, NULL, enc); + q_EVP_CIPHER_CTX_set_key_length(ctx, key.size()); if (cipher == QSslKeyPrivate::Rc2Cbc) - q_EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); - q_EVP_CipherInit(&ctx, NULL, + q_EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, 8 * key.size(), NULL); + q_EVP_CipherInit(ctx, NULL, reinterpret_cast(key.constData()), reinterpret_cast(iv.constData()), enc); - q_EVP_CipherUpdate(&ctx, + q_EVP_CipherUpdate(ctx, reinterpret_cast(output.data()), &len, reinterpret_cast(data.constData()), data.size()); - q_EVP_CipherFinal(&ctx, + q_EVP_CipherFinal(ctx, reinterpret_cast(output.data()) + len, &i); len += i; - q_EVP_CIPHER_CTX_cleanup(&ctx); + q_EVP_CIPHER_CTX_cleanup(ctx); + EVP_CIPHER_CTX_free(ctx); return output.left(len); } diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp --- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 +++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl.cpp 2016-11-24 05:44:32.539671243 -0500 @@ -1519,7 +1519,7 @@ void QSslSocketBackendPrivate::continueH if (readBufferMaxSize) plainSocket->setReadBufferSize(readBufferMaxSize); - if (q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL)) + if (SSL_session_reused(ssl)) configuration.peerSessionShared = true; #ifdef QT_DECRYPT_SSL_TRAFFIC diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp --- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp.openssl11 2016-11-17 14:34:21.000000000 -0500 +++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols.cpp 2016-11-24 05:44:32.539671243 -0500 @@ -145,10 +145,15 @@ DEFINEFUNC(int, ASN1_STRING_length, ASN1 DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return); DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return) DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return) -DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return) DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return) +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +DEFINEFUNC(const BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) +DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) +#else +DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) +#endif DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) #ifndef OPENSSL_NO_EC @@ -158,7 +163,11 @@ DEFINEFUNC(int, EC_GROUP_get_degree, con DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +DEFINEFUNC3(void, CRYPTO_free, void *a, a, const char *b, b, int c, c, return, DUMMYARG) +#else DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) +#endif DEFINEFUNC(DSA *, DSA_new, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG) DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, const unsigned char **b, b, long c, c, return 0, return) @@ -302,7 +311,7 @@ DEFINEFUNC2(void *, SSL_get_ex_data, con DEFINEFUNC2(void, SSL_set_psk_client_callback, SSL* ssl, ssl, q_psk_client_callback_t callback, callback, return, DUMMYARG) #endif #if OPENSSL_VERSION_NUMBER >= 0x10000000L -#ifndef OPENSSL_NO_SSL2 +#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L DEFINEFUNC(const SSL_METHOD *, SSLv2_client_method, DUMMYARG, DUMMYARG, return 0, return) #endif #ifndef OPENSSL_NO_SSL3_METHOD @@ -314,7 +323,7 @@ DEFINEFUNC(const SSL_METHOD *, TLSv1_cli DEFINEFUNC(const SSL_METHOD *, TLSv1_1_client_method, DUMMYARG, DUMMYARG, return 0, return) DEFINEFUNC(const SSL_METHOD *, TLSv1_2_client_method, DUMMYARG, DUMMYARG, return 0, return) #endif -#ifndef OPENSSL_NO_SSL2 +#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L DEFINEFUNC(const SSL_METHOD *, SSLv2_server_method, DUMMYARG, DUMMYARG, return 0, return) #endif #ifndef OPENSSL_NO_SSL3_METHOD @@ -432,6 +441,9 @@ DEFINEFUNC2(size_t, EC_get_builtin_curve DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return) #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L #endif // OPENSSL_NO_EC +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return) +#endif // OPENSSL_VERSION_NUMBER >= 0x10100000L DEFINEFUNC5(int, PKCS12_parse, PKCS12 *p12, p12, const char *pass, pass, EVP_PKEY **pkey, pkey, \ X509 **cert, cert, STACK_OF(X509) **ca, ca, return 1, return); @@ -774,6 +786,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(CRYPTO_set_locking_callback) RESOLVEFUNC(DSA_new) RESOLVEFUNC(DSA_free) + RESOLVEFUNC(DSA_bits) RESOLVEFUNC(ERR_error_string) RESOLVEFUNC(ERR_get_error) RESOLVEFUNC(ERR_free_strings) @@ -795,7 +808,9 @@ bool q_resolveOpenSslSymbols() #endif RESOLVEFUNC(EVP_PKEY_free) RESOLVEFUNC(EVP_PKEY_get1_DSA) + RESOLVEFUNC(EVP_PKEY_get0_DSA) RESOLVEFUNC(EVP_PKEY_get1_RSA) + RESOLVEFUNC(EVP_PKEY_get0_RSA) #ifndef OPENSSL_NO_EC RESOLVEFUNC(EVP_PKEY_get1_EC_KEY) #endif @@ -836,6 +851,7 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(RAND_status) RESOLVEFUNC(RSA_new) RESOLVEFUNC(RSA_free) + RESOLVEFUNC(RSA_bits) RESOLVEFUNC(sk_new_null) RESOLVEFUNC(sk_push) RESOLVEFUNC(sk_free) diff -up qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h.openssl11 qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h --- qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h.openssl11 2016-11-17 14:34:21.000000000 -0500 +++ qtbase-opensource-src-5.7.1/src/network/ssl/qsslsocket_openssl_symbols_p.h 2016-11-24 07:46:54.067618403 -0500 @@ -221,10 +221,15 @@ int q_ASN1_STRING_length(ASN1_STRING *a) int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b); long q_BIO_ctrl(BIO *a, int b, long c, void *d); int q_BIO_free(BIO *a); -BIO *q_BIO_new(BIO_METHOD *a); BIO *q_BIO_new_mem_buf(void *a, int b); int q_BIO_read(BIO *a, void *b, int c); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +BIO *q_BIO_new(const BIO_METHOD *a); +const BIO_METHOD *q_BIO_s_mem(); +#else +BIO *q_BIO_new(BIO_METHOD *a); BIO_METHOD *q_BIO_s_mem(); +#endif int q_BIO_write(BIO *a, const void *b, int c); int q_BN_num_bits(const BIGNUM *a); #ifndef OPENSSL_NO_EC @@ -234,8 +239,13 @@ int q_EC_GROUP_get_degree(const EC_GROUP int q_CRYPTO_num_locks(); void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); void q_CRYPTO_set_id_callback(unsigned long (*a)()); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +void q_CRYPTO_free(void *a, const char *b, int c); +#else void q_CRYPTO_free(void *a); +#endif DSA *q_DSA_new(); +int q_DSA_bits(const DSA *d); void q_DSA_free(DSA *a); X509 *q_d2i_X509(X509 **a, const unsigned char **b, long c); char *q_ERR_error_string(unsigned long a, char *b); @@ -259,7 +269,9 @@ int q_EVP_PKEY_set1_EC_KEY(EVP_PKEY *a, #endif void q_EVP_PKEY_free(EVP_PKEY *a); RSA *q_EVP_PKEY_get1_RSA(EVP_PKEY *a); +RSA *q_EVP_PKEY_get0_RSA(EVP_PKEY *a); DSA *q_EVP_PKEY_get1_DSA(EVP_PKEY *a); +DSA *q_EVP_PKEY_get0_DSA(EVP_PKEY *a); #ifndef OPENSSL_NO_EC EC_KEY *q_EVP_PKEY_get1_EC_KEY(EVP_PKEY *a); #endif @@ -306,6 +318,7 @@ int q_PEM_write_bio_EC_PUBKEY(BIO *a, EC void q_RAND_seed(const void *a, int b); int q_RAND_status(); RSA *q_RSA_new(); +int q_RSA_bits(const RSA *r); void q_RSA_free(RSA *a); int q_sk_num(STACK *a); void q_sk_pop_free(STACK *a, void (*b)(void *)); @@ -378,7 +391,7 @@ typedef unsigned int (*q_psk_client_call void q_SSL_set_psk_client_callback(SSL *ssl, q_psk_client_callback_t callback); #endif // OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_PSK) #if OPENSSL_VERSION_NUMBER >= 0x10000000L -#ifndef OPENSSL_NO_SSL2 +#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L const SSL_METHOD *q_SSLv2_client_method(); #endif #ifndef OPENSSL_NO_SSL3_METHOD @@ -388,7 +401,7 @@ const SSL_METHOD *q_SSLv23_client_method const SSL_METHOD *q_TLSv1_client_method(); const SSL_METHOD *q_TLSv1_1_client_method(); const SSL_METHOD *q_TLSv1_2_client_method(); -#ifndef OPENSSL_NO_SSL2 +#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x10100000L const SSL_METHOD *q_SSLv2_server_method(); #endif #ifndef OPENSSL_NO_SSL3_METHOD @@ -519,7 +532,11 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsign PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ bp,(char *)x,enc,kstr,klen,cb,u) #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) +#else +long q_SSL_CTX_set_options(SSL_CTX *ctx, long options); +#endif #define q_SSL_CTX_set_mode(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)