Ticket #58218: patch-support-openssl11.diff

File patch-support-openssl11.diff, 16.0 KB (added by RJVB (René Bertin), 6 years ago)

Patch for Qt4, adapted from the ArchLinux patch

  • src/network/ssl/qsslcertificate.cpp

    Description: Compile with openssl-1.1.0
     * Most changes are related to openssl structures are now opaque. 
     * The network/ssl threading setup has been disabled because the
       old openssl threading model has been removed and is apparently
       no longer needed.
     * A number of new functions had to be imported (see changes to
       src/network/ssl/qsslsocket_openssl_symbols.cpp) 
    Author: Gert Wollny  <gw.fossdev@gmail.com>
    Last-Update: 2016-06-28
    Bug-Debian: http://bugs.debian.org/828522
    
    diff --git src/network/ssl/qsslcertificate.cpp src/network/ssl/qsslcertificate.cpp
    index 0f2314e2cf78a9a1646a1eb928d7c2f4ee175219..96f6de4324af51e97d0338bdd4a8fff7d3e81e1d 100644
    void QSslCertificate::clear() 
    259259QByteArray QSslCertificate::version() const
    260260{
    261261    QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
    262     if (d->versionString.isEmpty() && d->x509)
     262    if (d->versionString.isEmpty() && d->x509) {
    263263        d->versionString =
    264             QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1);
    265 
     264            QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1);
     265    }
    266266    return d->versionString;
    267267}
    268268
    QByteArray QSslCertificate::serialNumber() const 
    276276{
    277277    QMutexLocker lock(QMutexPool::globalInstanceGet(d.data()));
    278278    if (d->serialNumberString.isEmpty() && d->x509) {
    279         ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber;
     279        ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
    280280        // if we cannot convert to a long, just output the hexadecimal number
    281281        if (serialNumber->length > 4) {
    282282            QByteArray hexString;
    QSslKey QSslCertificate::publicKey() const 
    489489    QSslKey key;
    490490
    491491    key.d->type = QSsl::PublicKey;
     492#if OPENSSL_VERSION_NUMBER < 0x10100000L
    492493    X509_PUBKEY *xkey = d->x509->cert_info->key;
     494#else
     495    X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509);
     496#endif
    493497    EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey);
    494498    Q_ASSERT(pkey);
    495499
    496     if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) {
     500    int key_id;
     501#if OPENSSL_VERSION_NUMBER < 0x10100000L
     502    key_id = q_EVP_PKEY_type(pkey->type);
     503#else
     504    key_id = q_EVP_PKEY_base_id(pkey);
     505#endif
     506    if (key_id == EVP_PKEY_RSA) {
    497507        key.d->rsa = q_EVP_PKEY_get1_RSA(pkey);
    498508        key.d->algorithm = QSsl::Rsa;
    499509        key.d->isNull = false;
    500     } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) {
     510    } else if (key_id == EVP_PKEY_DSA) {
    501511        key.d->dsa = q_EVP_PKEY_get1_DSA(pkey);
    502512        key.d->algorithm = QSsl::Dsa;
    503513        key.d->isNull = false;
    504     } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) {
     514    } else if (key_id == EVP_PKEY_DH) {
    505515        // DH unsupported
    506516    } else {
    507517        // error?
    508518    }
    509 
    510519    q_EVP_PKEY_free(pkey);
    511520    return key;
    512521}
    static QMap<QString, QString> _q_mapFromX509Name(X509_NAME *name) 
    687696        unsigned char *data = 0;
    688697        int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
    689698        info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size);
    690         q_CRYPTO_free(data);
     699        q_OPENSSL_free(data);
    691700    }
    692701    return info;
    693702}
  • src/network/ssl/qsslkey.cpp

    diff --git src/network/ssl/qsslkey.cpp src/network/ssl/qsslkey.cpp
    index 437a177b97f6794f15c630b5edd75627fc9abe6d..7375320603b5738562b65052cbf10f89885afebb 100644
    int QSslKey::length() const 
    321321{
    322322    if (d->isNull)
    323323        return -1;
     324#if OPENSSL_VERSION_NUMBER < 0x10100000L
    324325    return (d->algorithm == QSsl::Rsa)
    325326           ? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p);
     327#else
     328    if (d->algorithm == QSsl::Rsa) {
     329        return q_RSA_bits(d->rsa);
     330    }else{
     331        const BIGNUM *p = NULL;
     332        q_DSA_get0_pqg(d->dsa, &p, NULL, NULL);
     333        return q_BN_num_bits(p);
     334    }
     335#endif
     336
    326337}
    327338
    328339/*!
  • src/network/ssl/qsslsocket_openssl.cpp

    diff --git src/network/ssl/qsslsocket_openssl.cpp src/network/ssl/qsslsocket_openssl.cpp
    index ce98494521b7e245e5aacf5693cbc5b4872d65f8..c1ec979d8c902b2535114f196caa6e38d0dcc2cf 100644
    bool QSslSocketPrivate::s_libraryLoaded = false; 
    9393bool QSslSocketPrivate::s_loadedCiphersAndCerts = false;
    9494bool QSslSocketPrivate::s_loadRootCertsOnDemand = false;
    9595
     96#if OPENSSL_VERSION_NUMBER < 0x10100000L
    9697/* \internal
    9798
    9899    From OpenSSL's thread(3) manual page:
    static unsigned long id_function() 
    174175}
    175176} // extern "C"
    176177
     178#endif //OPENSSL_VERSION_NUMBER >= 0x10100000L
     179
    177180QSslSocketBackendPrivate::QSslSocketBackendPrivate()
    178181    : ssl(0),
    179182      ctx(0),
    QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *ciph 
    222225            ciph.d->encryptionMethod = descriptionList.at(4).mid(4);
    223226        ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export"));
    224227
     228#if OPENSSL_VERSION_NUMBER < 0x10100000L
    225229        ciph.d->bits = cipher->strength_bits;
    226230        ciph.d->supportedBits = cipher->alg_bits;
    227 
     231#else
     232        ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits);
     233#endif
    228234    }
    229235    return ciph;
    230236}
    init_context: 
    363369        //
    364370        // See also: QSslContext::fromConfiguration()
    365371        if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) {
    366             q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle());
     372          q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle());
    367373        }
    368374    }
    369375
    void QSslSocketBackendPrivate::destroySslContext() 
    500506*/
    501507void QSslSocketPrivate::deinitialize()
    502508{
     509#if OPENSSL_VERSION_NUMBER < 0x10100000L
    503510    q_CRYPTO_set_id_callback(0);
    504511    q_CRYPTO_set_locking_callback(0);
     512#endif
    505513}
    506514
    507515/*!
    bool QSslSocketPrivate::ensureLibraryLoaded() 
    522530        return false;
    523531
    524532    // Check if the library itself needs to be initialized.
     533#if OPENSSL_VERSION_NUMBER < 0x10100000L
    525534    QMutexLocker locker(openssl_locks()->initLock());
     535#endif
    526536    if (!s_libraryLoaded) {
    527537        s_libraryLoaded = true;
    528538
    529539        // Initialize OpenSSL.
     540#if OPENSSL_VERSION_NUMBER < 0x10100000L
    530541        q_CRYPTO_set_id_callback(id_function);
    531542        q_CRYPTO_set_locking_callback(locking_function);
     543#endif
    532544        if (q_SSL_library_init() != 1)
    533545            return false;
    534546        q_SSL_load_error_strings();
    bool QSslSocketPrivate::ensureLibraryLoaded() 
    567579
    568580void QSslSocketPrivate::ensureCiphersAndCertsLoaded()
    569581{
    570     QMutexLocker locker(openssl_locks()->initLock());
     582#if OPENSSL_VERSION_NUMBER < 0x10100000L
     583  QMutexLocker locker(openssl_locks()->initLock());
     584#endif
    571585    if (s_loadedCiphersAndCerts)
    572586        return;
    573587    s_loadedCiphersAndCerts = true;
    void QSslSocketPrivate::resetDefaultCiphers() 
    659673    STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl);
    660674    for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) {
    661675        if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) {
    662             if (cipher->valid) {
     676
     677#if OPENSSL_VERSION_NUMBER < 0x10100000L
     678          if (cipher->valid) {
     679#endif
    663680                QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher);
    664681                if (!ciph.isNull()) {
    665682                    if (!ciph.name().toLower().startsWith(QLatin1String("adh")))
    666683                        ciphers << ciph;
    667684                }
     685#if OPENSSL_VERSION_NUMBER < 0x10100000L
    668686            }
     687#endif
    669688        }
    670689    }
    671690
  • src/network/ssl/qsslsocket_openssl_symbols.cpp

    diff --git src/network/ssl/qsslsocket_openssl_symbols.cpp src/network/ssl/qsslsocket_openssl_symbols.cpp
    index 3ee710605ce48103d78adbebda7ca888cc57ce61..24d25ffe65218db2191abe585ee95b4a8faf1500 100644
    DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return) 
    111111DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return);
    112112DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return)
    113113DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
     114#if OPENSSL_VERSION_NUMBER >= 0x10100000L
     115DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return)
     116#else
    114117DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return)
     118#endif
    115119DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return)
    116120DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return)
     121#if OPENSSL_VERSION_NUMBER >= 0x10100000L
     122DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
     123#else
    117124DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return)
     125#endif
    118126DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return)
    119127DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
    120128DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return)
    121129DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG)
    122130DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG)
    123 DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG)
     131DEFINEFUNC(void, OPENSSL_free, void *a, a, return, DUMMYARG)
    124132DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG)
    125133#if  OPENSSL_VERSION_NUMBER < 0x00908000L
    126134DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, unsigned char **b, b, long c, c, return 0, return)
    DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMM 
    286294DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG)
    287295DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return)
    288296DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return)
     297DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *ctx, ctx, return 0, return)
     298
     299DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *x, x, return 0, return)
     300#if OPENSSL_VERSION_NUMBER >= 0x10100000L
     301DEFINEFUNC(int, EVP_PKEY_id, const EVP_PKEY *pkey, pkey, return 0, return)
     302DEFINEFUNC(int, EVP_PKEY_base_id, const EVP_PKEY *pkey, pkey, return 0, return)
     303DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *cipher, cipher, int *alg_bits, alg_bits, return 0, return)
     304DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return)
     305DEFINEFUNC(long, X509_get_version, X509 *x, x, return 0, return)
     306DEFINEFUNC(X509_PUBKEY *, X509_get_X509_PUBKEY, X509 *x, x, return 0, return)
     307DEFINEFUNC(int, RSA_bits,  const RSA *rsa, rsa, return 0, return)
     308DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return)
     309DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return)
     310DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return)
     311DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, return)
     312#endif
    289313
    290314#ifdef Q_OS_SYMBIAN
    291315#define RESOLVEFUNC(func, ordinal, lib) \
    bool q_resolveOpenSslSymbols() 
    797821    RESOLVEFUNC(SSL_CTX_use_PrivateKey)
    798822    RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
    799823    RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
     824    RESOLVEFUNC(SSL_CTX_get_cert_store)
    800825    RESOLVEFUNC(SSL_accept)
    801826    RESOLVEFUNC(SSL_clear)
    802827    RESOLVEFUNC(SSL_connect)
    bool q_resolveOpenSslSymbols() 
    819844    RESOLVEFUNC(SSL_set_connect_state)
    820845    RESOLVEFUNC(SSL_shutdown)
    821846    RESOLVEFUNC(SSL_write)
     847
     848    RESOLVEFUNC(X509_get_serialNumber)
     849#if OPENSSL_VERSION_NUMBER >= 0x10100000L
     850    RESOLVEFUNC(SSL_CTX_ctrl)
     851    RESOLVEFUNC(EVP_PKEY_id)
     852    RESOLVEFUNC(EVP_PKEY_base_id)
     853    RESOLVEFUNC(SSL_CIPHER_get_bits)
     854    RESOLVEFUNC(SSL_CTX_set_options)
     855    RESOLVEFUNC(X509_get_version)
     856    RESOLVEFUNC(X509_get_X509_PUBKEY)
     857    RESOLVEFUNC(RSA_bits)
     858    RESOLVEFUNC(DSA_security_bits)
     859    RESOLVEFUNC(DSA_get0_pqg)
     860    RESOLVEFUNC(X509_get_notAfter)
     861    RESOLVEFUNC(X509_get_notBefore)
     862#endif
     863
    822864#ifndef OPENSSL_NO_SSL2
    823865    RESOLVEFUNC(SSLv2_client_method)
    824866#endif
  • src/network/ssl/qsslsocket_openssl_symbols_p.h

    diff --git src/network/ssl/qsslsocket_openssl_symbols_p.h src/network/ssl/qsslsocket_openssl_symbols_p.h
    index 2bfe0632edf54d01a8ebc4e4f8e692ca21219599..3054df01e5c03a373b93dd6ae136fc7f8fbe9224 100644
     
    5959QT_BEGIN_NAMESPACE
    6060
    6161#define DUMMYARG
     62#ifndef OPENSSL_NO_SSL2
     63#define OPENSSL_NO_SSL2 1
     64#endif
    6265
    6366#if !defined QT_LINKED_OPENSSL
    6467// **************** Shared declarations ******************
    int q_ASN1_STRING_length(ASN1_STRING *a); 
    207210int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b);
    208211long q_BIO_ctrl(BIO *a, int b, long c, void *d);
    209212int q_BIO_free(BIO *a);
     213#if OPENSSL_VERSION_NUMBER >= 0x10100000L
     214BIO *q_BIO_new(const BIO_METHOD *a);
     215#else
    210216BIO *q_BIO_new(BIO_METHOD *a);
     217#endif
    211218BIO *q_BIO_new_mem_buf(void *a, int b);
    212219int q_BIO_read(BIO *a, void *b, int c);
     220#if OPENSSL_VERSION_NUMBER >= 0x10100000L
     221const BIO_METHOD *q_BIO_s_mem();
     222#else
    213223BIO_METHOD *q_BIO_s_mem();
     224#endif
    214225int q_BIO_write(BIO *a, const void *b, int c);
    215226int q_BN_num_bits(const BIGNUM *a);
    216227int q_CRYPTO_num_locks();
    217228void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int));
    218229void q_CRYPTO_set_id_callback(unsigned long (*a)());
    219 void q_CRYPTO_free(void *a);
     230void q_OPENSSL_free(void *a);
    220231void q_DSA_free(DSA *a);
    221232#if OPENSSL_VERSION_NUMBER >= 0x00908000L
    222233// 0.9.8 broke SC and BC by changing this function's signature.
    void q_SSL_set_accept_state(SSL *a); 
    326337void q_SSL_set_connect_state(SSL *a);
    327338int q_SSL_shutdown(SSL *a);
    328339#if OPENSSL_VERSION_NUMBER >= 0x10000000L
    329 const SSL_METHOD *q_SSLv2_client_method();
    330340const SSL_METHOD *q_SSLv3_client_method();
    331341const SSL_METHOD *q_SSLv23_client_method();
    332342const SSL_METHOD *q_TLSv1_client_method();
    const SSL_METHOD *q_SSLv3_server_method(); 
    335345const SSL_METHOD *q_SSLv23_server_method();
    336346const SSL_METHOD *q_TLSv1_server_method();
    337347#else
    338 SSL_METHOD *q_SSLv2_client_method();
    339348SSL_METHOD *q_SSLv3_client_method();
    340349SSL_METHOD *q_SSLv23_client_method();
    341350SSL_METHOD *q_TLSv1_client_method();
    DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); 
    399408                PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
    400409                        bp,(char *)x,enc,kstr,klen,cb,u)
    401410#endif
     411
     412X509_STORE * q_SSL_CTX_get_cert_store(const SSL_CTX *ctx);
     413ASN1_INTEGER * q_X509_get_serialNumber(X509 *x);
     414
     415#if OPENSSL_VERSION_NUMBER < 0x10100000L
    402416#define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
     417#define q_X509_get_version(x) X509_get_version(x)
     418#else
     419int q_EVP_PKEY_id(const EVP_PKEY *pkey);
     420int q_EVP_PKEY_base_id(const EVP_PKEY *pkey);
     421int q_SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
     422long q_SSL_CTX_set_options(SSL_CTX *ctx, long options);
     423long q_X509_get_version(X509 *x);
     424X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x);
     425int q_RSA_bits(const RSA *rsa);
     426int q_DSA_security_bits(const DSA *dsa);
     427void q_DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
     428#endif
     429
    403430#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
    404431#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
    405432#define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st))
    DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); 
    410437#define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i))
    411438#define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \
    412439        q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
     440
     441#if OPENSSL_VERSION_NUMBER < 0x10100000L
    413442#define q_X509_get_notAfter(x) X509_get_notAfter(x)
    414443#define q_X509_get_notBefore(x) X509_get_notBefore(x)
     444#else
     445ASN1_TIME *q_X509_get_notAfter(X509 *x);
     446ASN1_TIME *q_X509_get_notBefore(X509 *x);
     447#endif
     448
    415449#define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
    416450                                        (char *)(rsa))
    417451#define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\