1Description: Compile with openssl-1.1.0 2 * Most changes are related to openssl structures are now opaque. 3 * The network/ssl threading setup has been disabled because the 4 old openssl threading model has been removed and is apparently 5 no longer needed. 6 * A number of new functions had to be imported (see changes to 7 src/network/ssl/qsslsocket_openssl_symbols.cpp) 8Author: Gert Wollny <gw.fossdev@gmail.com> 9Last-Update: 2016-06-28 10Bug-Debian: http://bugs.debian.org/828522 11 12--- a/src/network/ssl/qsslcertificate.cpp 13+++ b/src/network/ssl/qsslcertificate.cpp 14@@ -259,10 +259,10 @@ 15 QByteArray QSslCertificate::version() const 16 { 17 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); 18- if (d->versionString.isEmpty() && d->x509) 19+ if (d->versionString.isEmpty() && d->x509) { 20 d->versionString = 21- QByteArray::number(qlonglong(q_ASN1_INTEGER_get(d->x509->cert_info->version)) + 1); 22- 23+ QByteArray::number(qlonglong(q_X509_get_version(d->x509)) + 1); 24+ } 25 return d->versionString; 26 } 27 28@@ -276,7 +276,7 @@ 29 { 30 QMutexLocker lock(QMutexPool::globalInstanceGet(d.data())); 31 if (d->serialNumberString.isEmpty() && d->x509) { 32- ASN1_INTEGER *serialNumber = d->x509->cert_info->serialNumber; 33+ ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509); 34 // if we cannot convert to a long, just output the hexadecimal number 35 if (serialNumber->length > 4) { 36 QByteArray hexString; 37@@ -489,24 +489,33 @@ 38 QSslKey key; 39 40 key.d->type = QSsl::PublicKey; 41+#if OPENSSL_VERSION_NUMBER < 0x10100000L 42 X509_PUBKEY *xkey = d->x509->cert_info->key; 43+#else 44+ X509_PUBKEY *xkey = q_X509_get_X509_PUBKEY(d->x509); 45+#endif 46 EVP_PKEY *pkey = q_X509_PUBKEY_get(xkey); 47 Q_ASSERT(pkey); 48 49- if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA) { 50+ int key_id; 51+#if OPENSSL_VERSION_NUMBER < 0x10100000L 52+ key_id = q_EVP_PKEY_type(pkey->type); 53+#else 54+ key_id = q_EVP_PKEY_base_id(pkey); 55+#endif 56+ if (key_id == EVP_PKEY_RSA) { 57 key.d->rsa = q_EVP_PKEY_get1_RSA(pkey); 58 key.d->algorithm = QSsl::Rsa; 59 key.d->isNull = false; 60- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA) { 61+ } else if (key_id == EVP_PKEY_DSA) { 62 key.d->dsa = q_EVP_PKEY_get1_DSA(pkey); 63 key.d->algorithm = QSsl::Dsa; 64 key.d->isNull = false; 65- } else if (q_EVP_PKEY_type(pkey->type) == EVP_PKEY_DH) { 66+ } else if (key_id == EVP_PKEY_DH) { 67 // DH unsupported 68 } else { 69 // error? 70 } 71- 72 q_EVP_PKEY_free(pkey); 73 return key; 74 } 75--- a/src/network/ssl/qsslkey.cpp 76+++ b/src/network/ssl/qsslkey.cpp 77@@ -321,8 +321,19 @@ 78 { 79 if (d->isNull) 80 return -1; 81+#if OPENSSL_VERSION_NUMBER < 0x10100000L 82 return (d->algorithm == QSsl::Rsa) 83 ? q_BN_num_bits(d->rsa->n) : q_BN_num_bits(d->dsa->p); 84+#else 85+ if (d->algorithm == QSsl::Rsa) { 86+ return q_RSA_bits(d->rsa); 87+ }else{ 88+ BIGNUM *p = NULL; 89+ q_DSA_get0_pqg(d->dsa, &p, NULL, NULL); 90+ return q_BN_num_bits(p); 91+ } 92+#endif 93+ 94 } 95 96 /*! 97--- a/src/network/ssl/qsslsocket_openssl.cpp 98+++ b/src/network/ssl/qsslsocket_openssl.cpp 99@@ -93,6 +93,7 @@ 100 bool QSslSocketPrivate::s_loadedCiphersAndCerts = false; 101 bool QSslSocketPrivate::s_loadRootCertsOnDemand = false; 102 103+#if OPENSSL_VERSION_NUMBER < 0x10100000L 104 /* \internal 105 106 From OpenSSL's thread(3) manual page: 107@@ -174,6 +175,8 @@ 108 } 109 } // extern "C" 110 111+#endif //OPENSSL_VERSION_NUMBER >= 0x10100000L 112+ 113 QSslSocketBackendPrivate::QSslSocketBackendPrivate() 114 : ssl(0), 115 ctx(0), 116@@ -222,9 +225,12 @@ 117 ciph.d->encryptionMethod = descriptionList.at(4).mid(4); 118 ciph.d->exportable = (descriptionList.size() > 6 && descriptionList.at(6) == QLatin1String("export")); 119 120+#if OPENSSL_VERSION_NUMBER < 0x10100000L 121 ciph.d->bits = cipher->strength_bits; 122 ciph.d->supportedBits = cipher->alg_bits; 123- 124+#else 125+ ciph.d->bits = q_SSL_CIPHER_get_bits(cipher, &ciph.d->supportedBits); 126+#endif 127 } 128 return ciph; 129 } 130@@ -367,7 +373,7 @@ 131 // 132 // See also: QSslContext::fromConfiguration() 133 if (caCertificate.expiryDate() >= QDateTime::currentDateTime()) { 134- q_X509_STORE_add_cert(ctx->cert_store, (X509 *)caCertificate.handle()); 135+ q_X509_STORE_add_cert(q_SSL_CTX_get_cert_store(ctx), (X509 *)caCertificate.handle()); 136 } 137 } 138 139@@ -504,8 +510,10 @@ 140 */ 141 void QSslSocketPrivate::deinitialize() 142 { 143+#if OPENSSL_VERSION_NUMBER < 0x10100000L 144 q_CRYPTO_set_id_callback(0); 145 q_CRYPTO_set_locking_callback(0); 146+#endif 147 } 148 149 /*! 150@@ -526,13 +534,17 @@ 151 return false; 152 153 // Check if the library itself needs to be initialized. 154+#if OPENSSL_VERSION_NUMBER < 0x10100000L 155 QMutexLocker locker(openssl_locks()->initLock()); 156+#endif 157 if (!s_libraryLoaded) { 158 s_libraryLoaded = true; 159 160 // Initialize OpenSSL. 161+#if OPENSSL_VERSION_NUMBER < 0x10100000L 162 q_CRYPTO_set_id_callback(id_function); 163 q_CRYPTO_set_locking_callback(locking_function); 164+#endif 165 if (q_SSL_library_init() != 1) 166 return false; 167 q_SSL_load_error_strings(); 168@@ -571,7 +583,9 @@ 169 170 void QSslSocketPrivate::ensureCiphersAndCertsLoaded() 171 { 172- QMutexLocker locker(openssl_locks()->initLock()); 173+#if OPENSSL_VERSION_NUMBER < 0x10100000L 174+ QMutexLocker locker(openssl_locks()->initLock()); 175+#endif 176 if (s_loadedCiphersAndCerts) 177 return; 178 s_loadedCiphersAndCerts = true; 179@@ -663,13 +677,18 @@ 180 STACK_OF(SSL_CIPHER) *supportedCiphers = q_SSL_get_ciphers(mySsl); 181 for (int i = 0; i < q_sk_SSL_CIPHER_num(supportedCiphers); ++i) { 182 if (SSL_CIPHER *cipher = q_sk_SSL_CIPHER_value(supportedCiphers, i)) { 183- if (cipher->valid) { 184+ 185+#if OPENSSL_VERSION_NUMBER < 0x10100000L 186+ if (cipher->valid) { 187+#endif 188 QSslCipher ciph = QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(cipher); 189 if (!ciph.isNull()) { 190 if (!ciph.name().toLower().startsWith(QLatin1String("adh"))) 191 ciphers << ciph; 192 } 193+#if OPENSSL_VERSION_NUMBER < 0x10100000L 194 } 195+#endif 196 } 197 } 198 199--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h 200+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h 201@@ -399,7 +399,25 @@ 202 PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\ 203 bp,(char *)x,enc,kstr,klen,cb,u) 204 #endif 205+ 206+X509_STORE * q_SSL_CTX_get_cert_store(const SSL_CTX *ctx); 207+ASN1_INTEGER * q_X509_get_serialNumber(X509 *x); 208+ 209+#if OPENSSL_VERSION_NUMBER < 0x10100000L 210 #define q_SSL_CTX_set_options(ctx,op) q_SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) 211+#define q_X509_get_version(x) X509_get_version(x) 212+#else 213+int q_EVP_PKEY_id(const EVP_PKEY *pkey); 214+int q_EVP_PKEY_base_id(const EVP_PKEY *pkey); 215+int q_SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); 216+long q_SSL_CTX_set_options(SSL_CTX *ctx, long options); 217+long q_X509_get_version(X509 *x); 218+X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x); 219+int q_RSA_bits(const RSA *rsa); 220+int q_DSA_security_bits(const DSA *dsa); 221+void q_DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g); 222+#endif 223+ 224 #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) 225 #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) 226 #define q_sk_GENERAL_NAME_num(st) q_SKM_sk_num(GENERAL_NAME, (st)) 227@@ -410,8 +428,15 @@ 228 #define q_sk_SSL_CIPHER_value(st, i) q_SKM_sk_value(SSL_CIPHER, (st), (i)) 229 #define q_SSL_CTX_add_extra_chain_cert(ctx,x509) \ 230 q_SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) 231+ 232+#if OPENSSL_VERSION_NUMBER < 0x10100000L 233 #define q_X509_get_notAfter(x) X509_get_notAfter(x) 234 #define q_X509_get_notBefore(x) X509_get_notBefore(x) 235+#else 236+ASN1_TIME *q_X509_get_notAfter(X509 *x); 237+ASN1_TIME *q_X509_get_notBefore(X509 *x); 238+#endif 239+ 240 #define q_EVP_PKEY_assign_RSA(pkey,rsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ 241 (char *)(rsa)) 242 #define q_EVP_PKEY_assign_DSA(pkey,dsa) q_EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ 243--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp 244+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp 245@@ -290,6 +290,22 @@ 246 DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG) 247 DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return) 248 DEFINEFUNC(long, SSLeay, void, DUMMYARG, return 0, return) 249+DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *ctx, ctx, return 0, return) 250+ 251+DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *x, x, return 0, return) 252+#if OPENSSL_VERSION_NUMBER >= 0x10100000L 253+DEFINEFUNC(int, EVP_PKEY_id, const EVP_PKEY *pkey, pkey, return 0, return) 254+DEFINEFUNC(int, EVP_PKEY_base_id, const EVP_PKEY *pkey, pkey, return 0, return) 255+DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *cipher, cipher, int *alg_bits, alg_bits, return 0, return) 256+DEFINEFUNC2(long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, long options, options, return 0, return) 257+DEFINEFUNC(long, X509_get_version, X509 *x, x, return 0, return) 258+DEFINEFUNC(X509_PUBKEY *, X509_get_X509_PUBKEY, X509 *x, x, return 0, return) 259+DEFINEFUNC(int, RSA_bits, const RSA *rsa, rsa, return 0, return) 260+DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return) 261+DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return) 262+DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return) 263+DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q, BIGNUM **g, g, return, return) 264+#endif 265 266 #ifdef Q_OS_SYMBIAN 267 #define RESOLVEFUNC(func, ordinal, lib) \ 268@@ -801,6 +817,7 @@ 269 RESOLVEFUNC(SSL_CTX_use_PrivateKey) 270 RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey) 271 RESOLVEFUNC(SSL_CTX_use_PrivateKey_file) 272+ RESOLVEFUNC(SSL_CTX_get_cert_store) 273 RESOLVEFUNC(SSL_accept) 274 RESOLVEFUNC(SSL_clear) 275 RESOLVEFUNC(SSL_connect) 276@@ -823,6 +840,23 @@ 277 RESOLVEFUNC(SSL_set_connect_state) 278 RESOLVEFUNC(SSL_shutdown) 279 RESOLVEFUNC(SSL_write) 280+ 281+ RESOLVEFUNC(X509_get_serialNumber) 282+#if OPENSSL_VERSION_NUMBER >= 0x10100000L 283+ RESOLVEFUNC(SSL_CTX_ctrl) 284+ RESOLVEFUNC(EVP_PKEY_id) 285+ RESOLVEFUNC(EVP_PKEY_base_id) 286+ RESOLVEFUNC(SSL_CIPHER_get_bits) 287+ RESOLVEFUNC(SSL_CTX_set_options) 288+ RESOLVEFUNC(X509_get_version) 289+ RESOLVEFUNC(X509_get_X509_PUBKEY) 290+ RESOLVEFUNC(RSA_bits) 291+ RESOLVEFUNC(DSA_security_bits) 292+ RESOLVEFUNC(DSA_get0_pqg) 293+ RESOLVEFUNC(X509_get_notAfter) 294+ RESOLVEFUNC(X509_get_notBefore) 295+#endif 296+ 297 #ifndef OPENSSL_NO_SSL2 298 RESOLVEFUNC(SSLv2_client_method) 299 #endif 300--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp.0131~ 2017-03-15 02:22:37.053244125 +0100 301+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslkey.cpp 2017-03-15 02:22:37.055244057 +0100 302@@ -328,7 +328,7 @@ int QSslKey::length() const 303 if (d->algorithm == QSsl::Rsa) { 304 return q_RSA_bits(d->rsa); 305 }else{ 306- BIGNUM *p = NULL; 307+ const BIGNUM *p = NULL; 308 q_DSA_get0_pqg(d->dsa, &p, NULL, NULL); 309 return q_BN_num_bits(p); 310 } 311--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp.0131~ 2017-03-15 02:22:37.054244091 +0100 312+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols.cpp 2017-03-15 02:29:41.155236836 +0100 313@@ -111,16 +111,16 @@ DEFINEFUNC(int, ASN1_STRING_length, ASN1 314 DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return); 315 DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return) 316 DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return) 317-DEFINEFUNC(BIO *, BIO_new, BIO_METHOD *a, a, return 0, return) 318+DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return 0, return) 319 DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return 0, return) 320 DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return) 321-DEFINEFUNC(BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) 322+DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return 0, return) 323 DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return) 324 DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return) 325 DEFINEFUNC(int, CRYPTO_num_locks, DUMMYARG, DUMMYARG, return 0, return) 326 DEFINEFUNC(void, CRYPTO_set_locking_callback, void (*a)(int, int, const char *, int), a, return, DUMMYARG) 327 DEFINEFUNC(void, CRYPTO_set_id_callback, unsigned long (*a)(), a, return, DUMMYARG) 328-DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) 329+DEFINEFUNC(void, OPENSSL_free, void *a, a, return, DUMMYARG) 330 DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG) 331 #if OPENSSL_VERSION_NUMBER < 0x00908000L 332 DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, unsigned char **b, b, long c, c, return 0, return) 333@@ -300,7 +300,7 @@ DEFINEFUNC(int, RSA_bits, const RSA *rs 334 DEFINEFUNC(int, DSA_security_bits, const DSA *dsa, dsa, return 0, return) 335 DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return) 336 DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return) 337-DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, BIGNUM **p, p, BIGNUM **q, q, BIGNUM **g, g, return, return) 338+DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, return) 339 #endif 340 341 #ifdef Q_OS_SYMBIAN 342--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h.0131~ 2017-03-15 02:22:37.054244091 +0100 343+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslsocket_openssl_symbols_p.h 2017-03-15 02:29:50.192986268 +0100 344@@ -59,6 +59,9 @@ 345 QT_BEGIN_NAMESPACE 346 347 #define DUMMYARG 348+#ifndef OPENSSL_NO_SSL2 349+#define OPENSSL_NO_SSL2 1 350+#endif 351 352 #if !defined QT_LINKED_OPENSSL 353 // **************** Shared declarations ****************** 354@@ -207,16 +210,16 @@ int q_ASN1_STRING_length(ASN1_STRING *a) 355 int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b); 356 long q_BIO_ctrl(BIO *a, int b, long c, void *d); 357 int q_BIO_free(BIO *a); 358-BIO *q_BIO_new(BIO_METHOD *a); 359+BIO *q_BIO_new(const BIO_METHOD *a); 360 BIO *q_BIO_new_mem_buf(void *a, int b); 361 int q_BIO_read(BIO *a, void *b, int c); 362-BIO_METHOD *q_BIO_s_mem(); 363+const BIO_METHOD *q_BIO_s_mem(); 364 int q_BIO_write(BIO *a, const void *b, int c); 365 int q_BN_num_bits(const BIGNUM *a); 366 int q_CRYPTO_num_locks(); 367 void q_CRYPTO_set_locking_callback(void (*a)(int, int, const char *, int)); 368 void q_CRYPTO_set_id_callback(unsigned long (*a)()); 369-void q_CRYPTO_free(void *a); 370+void q_OPENSSL_free(void *a); 371 void q_DSA_free(DSA *a); 372 #if OPENSSL_VERSION_NUMBER >= 0x00908000L 373 // 0.9.8 broke SC and BC by changing this function's signature. 374@@ -326,7 +329,6 @@ void q_SSL_set_accept_state(SSL *a); 375 void q_SSL_set_connect_state(SSL *a); 376 int q_SSL_shutdown(SSL *a); 377 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 378-const SSL_METHOD *q_SSLv2_client_method(); 379 const SSL_METHOD *q_SSLv3_client_method(); 380 const SSL_METHOD *q_SSLv23_client_method(); 381 const SSL_METHOD *q_TLSv1_client_method(); 382@@ -335,7 +337,6 @@ const SSL_METHOD *q_SSLv3_server_method( 383 const SSL_METHOD *q_SSLv23_server_method(); 384 const SSL_METHOD *q_TLSv1_server_method(); 385 #else 386-SSL_METHOD *q_SSLv2_client_method(); 387 SSL_METHOD *q_SSLv3_client_method(); 388 SSL_METHOD *q_SSLv23_client_method(); 389 SSL_METHOD *q_TLSv1_client_method(); 390@@ -415,7 +416,7 @@ long q_X509_get_version(X509 *x); 391 X509_PUBKEY * q_X509_get_X509_PUBKEY(X509 *x); 392 int q_RSA_bits(const RSA *rsa); 393 int q_DSA_security_bits(const DSA *dsa); 394-void q_DSA_get0_pqg(const DSA *d, BIGNUM **p, BIGNUM **q, BIGNUM **g); 395+void q_DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); 396 #endif 397 398 #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) 399--- qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp.omv~ 2017-03-15 02:27:18.143322736 +0100 400+++ qt-everywhere-opensource-src-4.8.7/src/network/ssl/qsslcertificate.cpp 2017-03-15 02:29:56.215819741 +0100 401@@ -696,7 +696,7 @@ 402 unsigned char *data = 0; 403 int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); 404 info[QString::fromUtf8(obj)] = QString::fromUtf8((char*)data, size); 405- q_CRYPTO_free(data); 406+ q_OPENSSL_free(data); 407 } 408 return info; 409 } 410