+++ /dev/null
-commit 57878ff44f9bb41155dea425949d344b87652aeb
-Author: Ivan Romanov <drizt@land.ru>
-Date: Wed Aug 10 12:16:46 2016 +0500
-
- Add support for AES GCM and AES CCM modes
-
- Only qca-openssl now can use GCM and CCM. CCM is not tested and
- planed for future.
-
-diff --git a/include/QtCrypto/qca_basic.h b/include/QtCrypto/qca_basic.h
-index c36a2bd..3806c29 100644
---- a/include/QtCrypto/qca_basic.h
-+++ b/include/QtCrypto/qca_basic.h
-@@ -2,6 +2,7 @@
- * qca_basic.h - Qt Cryptographic Architecture
- * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
- * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net>
-+ * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
-@@ -583,6 +584,7 @@ private:
-
- \ingroup UserAPI
- */
-+
- class QCA_EXPORT Cipher : public Algorithm, public Filter
- {
- public:
-@@ -599,7 +601,9 @@ public:
- CFB, ///< operate in %Cipher FeedBack mode
- ECB, ///< operate in Electronic Code Book mode
- OFB, ///< operate in Output FeedBack Mode
-- CTR ///< operate in CounTer Mode
-+ CTR, ///< operate in CounTer Mode
-+ GCM, ///< operate in Galois Counter Mode
-+ CCM ///< operate in Counter with CBC-MAC
- };
-
- /**
-@@ -636,6 +640,28 @@ public:
- const InitializationVector &iv = InitializationVector(),
- const QString &provider = QString());
-
-+ /**
-+ Standard constructor
-+
-+ \param type the name of the cipher specialisation to use (e.g.
-+ "aes128")
-+ \param mode the operating Mode to use (e.g. QCA::Cipher::CBC)
-+ \param pad the type of Padding to use
-+ \param dir the Direction that this Cipher should use (Encode for
-+ encryption, Decode for decryption)
-+ \param key the SymmetricKey array that is the key
-+ \param iv the InitializationVector to use (not used for ECB mode)
-+ \param tag the AuthTag to use (only for GCM and CCM modes)
-+ \param provider the name of the Provider to use
-+
-+ \note Padding only applies to CBC and ECB modes. CFB and OFB
-+ ciphertext is always the length of the plaintext.
-+ */
-+ Cipher(const QString &type, Mode mode, Padding pad,
-+ Direction dir, const SymmetricKey &key,
-+ const InitializationVector &iv, const AuthTag &tag,
-+ const QString &provider = QString());
-+
- /**
- Standard copy constructor
-
-@@ -699,6 +725,11 @@ public:
- */
- int blockSize() const;
-
-+ /**
-+ return the authentication tag for the cipher object
-+ */
-+ AuthTag tag() const;
-+
- /**
- reset the cipher object, to allow re-use
- */
-@@ -741,6 +772,22 @@ public:
- */
- void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv = InitializationVector());
-
-+ /**
-+ Reset / reconfigure the Cipher
-+
-+ You can use this to re-use an existing Cipher, rather than creating
-+ a new object with a slightly different configuration.
-+
-+ \param dir the Direction that this Cipher should use (Encode for
-+ encryption, Decode for decryption)
-+ \param key the SymmetricKey array that is the key
-+ \param iv the InitializationVector to use (not used for ECB Mode)
-+ \param tag the AuthTag to use (only for GCM and CCM modes)
-+
-+ \note You should not leave iv empty for any Mode except ECB.
-+ */
-+ void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag);
-+
- /**
- Construct a Cipher type string
-
-@@ -751,7 +798,6 @@ public:
- QCA::PCKS7)
- */
- static QString withAlgorithms(const QString &cipherType, Mode modeType, Padding paddingType);
--
- private:
- class Private;
- Private *d;
-diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h
-index beda5b1..f5c4601 100644
---- a/include/QtCrypto/qca_core.h
-+++ b/include/QtCrypto/qca_core.h
-@@ -2,6 +2,7 @@
- * qca_core.h - Qt Cryptographic Architecture
- * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
- * Copyright (C) 2004,2005 Brad Hards <bradh@frogmouth.net>
-+ * Copyright (C) 2014-2016 Ivan Romanov <drizt@land.ru>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
-@@ -1294,6 +1295,43 @@ public:
- InitializationVector(const QByteArray &a);
- };
-
-+/**
-+ \class AuthTag qca_core.h QtCrypto
-+
-+ Container for authentication tag
-+
-+ \ingroup UserAPI
-+*/
-+class QCA_EXPORT AuthTag : public SecureArray
-+{
-+public:
-+ /**
-+ Construct an empty authentication tag
-+ */
-+ AuthTag();
-+
-+ /**
-+ Construct an empty authentication tag of the specified size
-+
-+ \param size the length of the authentication tag, in bytes
-+ */
-+ AuthTag(int size);
-+
-+ /**
-+ Construct an authentication tag from a provided byte array
-+
-+ \param a the byte array to copy
-+ */
-+ AuthTag(const SecureArray &a);
-+
-+ /**
-+ Construct an authentication tag from a provided byte array
-+
-+ \param a the byte array to copy
-+ */
-+ AuthTag(const QByteArray &a);
-+};
-+
- /**
- \class Event qca_core.h QtCrypto
-
-diff --git a/include/QtCrypto/qcaprovider.h b/include/QtCrypto/qcaprovider.h
-index c8ddff4..d4b54f9 100644
---- a/include/QtCrypto/qcaprovider.h
-+++ b/include/QtCrypto/qcaprovider.h
-@@ -234,8 +234,9 @@ public:
- \param dir the direction for the cipher (encryption/decryption)
- \param key the symmetric key to use for the cipher
- \param iv the initialization vector to use for the cipher (not used in ECB mode)
-+ \param tag the AuthTag to use (only for GCM and CCM modes)
- */
-- virtual void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv) = 0;
-+ virtual void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag) = 0;
-
- /**
- Returns the KeyLength for this cipher
-@@ -247,6 +248,11 @@ public:
- */
- virtual int blockSize() const = 0;
-
-+ /**
-+ Returns the authentication tag for this cipher
-+ */
-+ virtual AuthTag tag() const = 0;
-+
- /**
- Process a chunk of data. Returns true if successful.
-
-diff --git a/plugins/qca-botan/qca-botan.cpp b/plugins/qca-botan/qca-botan.cpp
-index 1cc984a..f387575 100644
---- a/plugins/qca-botan/qca-botan.cpp
-+++ b/plugins/qca-botan/qca-botan.cpp
-@@ -263,8 +263,10 @@ public:
-
- void setup(QCA::Direction dir,
- const QCA::SymmetricKey &key,
-- const QCA::InitializationVector &iv)
-+ const QCA::InitializationVector &iv,
-+ const QCA::AuthTag &tag)
- {
-+ Q_UNUSED(tag);
- try {
- m_dir = dir;
- Botan::SymmetricKey keyCopy((Botan::byte*)key.data(), key.size());
-@@ -305,6 +307,12 @@ public:
- return Botan::block_size_of(m_algoName);
- }
-
-+ QCA::AuthTag tag() const
-+ {
-+ // For future implementation
-+ return QCA::AuthTag();
-+ }
-+
- bool update(const QCA::SecureArray &in, QCA::SecureArray *out)
- {
- m_crypter->write((Botan::byte*)in.data(), in.size());
-diff --git a/plugins/qca-gcrypt/qca-gcrypt.cpp b/plugins/qca-gcrypt/qca-gcrypt.cpp
-index 72f05a1..780fcdd 100644
---- a/plugins/qca-gcrypt/qca-gcrypt.cpp
-+++ b/plugins/qca-gcrypt/qca-gcrypt.cpp
-@@ -163,8 +163,10 @@ public:
-
- void setup(QCA::Direction dir,
- const QCA::SymmetricKey &key,
-- const QCA::InitializationVector &iv)
-+ const QCA::InitializationVector &iv,
-+ const QCA::AuthTag &tag)
- {
-+ Q_UNUSED(tag);
- m_direction = dir;
- err = gcry_cipher_open( &context, m_cryptoAlgorithm, m_mode, 0 );
- check_error( "gcry_cipher_open", err );
-@@ -195,6 +197,12 @@ public:
- return blockSize;
- }
-
-+ QCA::AuthTag tag() const
-+ {
-+ // For future implementation
-+ return QCA::AuthTag();
-+ }
-+
- bool update(const QCA::SecureArray &in, QCA::SecureArray *out)
- {
- QCA::SecureArray result( in.size() );
-diff --git a/plugins/qca-nss/qca-nss.cpp b/plugins/qca-nss/qca-nss.cpp
-index f4fdef3..db01eb0 100644
---- a/plugins/qca-nss/qca-nss.cpp
-+++ b/plugins/qca-nss/qca-nss.cpp
-@@ -304,10 +304,12 @@ public:
- {
- }
-
-- void setup( QCA::Direction dir,
-- const QCA::SymmetricKey &key,
-- const QCA::InitializationVector &iv )
-+ void setup(QCA::Direction dir,
-+ const QCA::SymmetricKey &key,
-+ const QCA::InitializationVector &iv,
-+ const QCA::AuthTag &tag)
- {
-+ Q_UNUSED(tag);
- /* Get a slot to use for the crypto operations */
- m_slot = PK11_GetBestSlot( m_cipherMechanism, NULL );
- if (!m_slot)
-@@ -365,6 +367,12 @@ public:
- return PK11_GetBlockSize( m_cipherMechanism, m_params);
- }
-
-+ QCA::AuthTag tag() const
-+ {
-+ // For future implementation
-+ return QCA::AuthTag();
-+ }
-+
- bool update( const QCA::SecureArray &in, QCA::SecureArray *out )
- {
- out->resize(in.size()+blockSize());
-diff --git a/plugins/qca-ossl/CMakeLists.txt b/plugins/qca-ossl/CMakeLists.txt
-index cdeaeca..d87bc5a 100644
---- a/plugins/qca-ossl/CMakeLists.txt
-+++ b/plugins/qca-ossl/CMakeLists.txt
-@@ -25,6 +25,20 @@ if(OPENSSL_FOUND)
- message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support")
- endif(HAVE_OPENSSL_AES_CTR)
-
-+ check_function_exists(EVP_aes_128_gcm HAVE_OPENSSL_AES_GCM)
-+ if(HAVE_OPENSSL_AES_GCM)
-+ add_definitions(-DHAVE_OPENSSL_AES_GCM)
-+ else()
-+ message(WARNING "qca-ossl will be compiled without AES GCM mode encryption support")
-+ endif()
-+
-+ check_function_exists(EVP_aes_128_ccm HAVE_OPENSSL_AES_CCM)
-+ if(HAVE_OPENSSL_AES_CCM)
-+ add_definitions(-DHAVE_OPENSSL_AES_CCM)
-+ else()
-+ message(WARNING "qca-ossl will be compiled without AES CCM mode encryption support")
-+ endif()
-+
- check_function_exists(EVP_sha HAVE_OPENSSL_SHA0)
- if(HAVE_OPENSSL_SHA0)
- add_definitions(-DHAVE_OPENSSL_SHA0)
-diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
-index f0b9431..a507604 100644
---- a/plugins/qca-ossl/qca-ossl.cpp
-+++ b/plugins/qca-ossl/qca-ossl.cpp
-@@ -1,6 +1,7 @@
- /*
- * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com>
- * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
-+ * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
-@@ -6761,8 +6762,10 @@ public:
-
- void setup(Direction dir,
- const SymmetricKey &key,
-- const InitializationVector &iv)
-+ const InitializationVector &iv,
-+ const AuthTag &tag)
- {
-+ m_tag = tag;
- m_direction = dir;
- if ( ( m_cryptoAlgorithm == EVP_des_ede3() ) && (key.size() == 16) ) {
- // this is really a two key version of triple DES.
-@@ -6771,12 +6774,20 @@ public:
- if (Encode == m_direction) {
- EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
-+ if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
-+ int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
-+ EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
-+ }
- EVP_EncryptInit_ex(&m_context, 0, 0,
- (const unsigned char*)(key.data()),
- (const unsigned char*)(iv.data()));
- } else {
- EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
-+ if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
-+ int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
-+ EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
-+ }
- EVP_DecryptInit_ex(&m_context, 0, 0,
- (const unsigned char*)(key.data()),
- (const unsigned char*)(iv.data()));
-@@ -6795,6 +6806,11 @@ public:
- return EVP_CIPHER_CTX_block_size(&m_context);
- }
-
-+ AuthTag tag() const
-+ {
-+ return m_tag;
-+ }
-+
- bool update(const SecureArray &in, SecureArray *out)
- {
- // This works around a problem in OpenSSL, where it asserts if
-@@ -6835,7 +6851,19 @@ public:
- &resultLength)) {
- return false;
- }
-+ if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
-+ int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_GET_TAG : EVP_CTRL_CCM_GET_TAG;
-+ if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) {
-+ return false;
-+ }
-+ }
- } else {
-+ if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
-+ int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_TAG : EVP_CTRL_CCM_SET_TAG;
-+ if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), m_tag.data())) {
-+ return false;
-+ }
-+ }
- if (0 == EVP_DecryptFinal_ex(&m_context,
- (unsigned char*)out->data(),
- &resultLength)) {
-@@ -6876,6 +6904,7 @@ protected:
- Direction m_direction;
- int m_pad;
- QString m_type;
-+ AuthTag m_tag;
- };
-
- static QStringList all_hash_types()
-@@ -6921,6 +6950,12 @@ static QStringList all_cipher_types()
- list += "aes128-ofb";
- #ifdef HAVE_OPENSSL_AES_CTR
- list += "aes128-ctr";
-+#endif
-+#ifdef HAVE_OPENSSL_AES_GCM
-+ list += "aes128-gcm";
-+#endif
-+#ifdef HAVE_OPENSSL_AES_CCM
-+ list += "aes128-ccm";
- #endif
- list += "aes192-ecb";
- list += "aes192-cfb";
-@@ -6929,6 +6964,12 @@ static QStringList all_cipher_types()
- list += "aes192-ofb";
- #ifdef HAVE_OPENSSL_AES_CTR
- list += "aes192-ctr";
-+#endif
-+#ifdef HAVE_OPENSSL_AES_GCM
-+ list += "aes192-gcm";
-+#endif
-+#ifdef HAVE_OPENSSL_AES_CCM
-+ list += "aes192-ccm";
- #endif
- list += "aes256-ecb";
- list += "aes256-cbc";
-@@ -6937,6 +6978,12 @@ static QStringList all_cipher_types()
- list += "aes256-ofb";
- #ifdef HAVE_OPENSSL_AES_CTR
- list += "aes256-ctr";
-+#endif
-+#ifdef HAVE_OPENSSL_AES_GCM
-+ list += "aes256-gcm";
-+#endif
-+#ifdef HAVE_OPENSSL_AES_CCM
-+ list += "aes256-ccm";
- #endif
- list += "blowfish-ecb";
- list += "blowfish-cbc-pkcs7";
-@@ -7216,6 +7263,14 @@ public:
- #ifdef HAVE_OPENSSL_AES_CTR
- else if ( type == "aes128-ctr" )
- return new opensslCipherContext( EVP_aes_128_ctr(), 0, this, type);
-+#endif
-+#ifdef HAVE_OPENSSL_AES_GCM
-+ else if ( type == "aes128-gcm" )
-+ return new opensslCipherContext( EVP_aes_128_gcm(), 0, this, type);
-+#endif
-+#ifdef HAVE_OPENSSL_AES_CCM
-+ else if ( type == "aes128-ccm" )
-+ return new opensslCipherContext( EVP_aes_128_ccm(), 0, this, type);
- #endif
- else if ( type == "aes192-ecb" )
- return new opensslCipherContext( EVP_aes_192_ecb(), 0, this, type);
-@@ -7230,6 +7285,14 @@ public:
- #ifdef HAVE_OPENSSL_AES_CTR
- else if ( type == "aes192-ctr" )
- return new opensslCipherContext( EVP_aes_192_ctr(), 0, this, type);
-+#endif
-+#ifdef HAVE_OPENSSL_AES_GCM
-+ else if ( type == "aes192-gcm" )
-+ return new opensslCipherContext( EVP_aes_192_gcm(), 0, this, type);
-+#endif
-+#ifdef HAVE_OPENSSL_AES_CCM
-+ else if ( type == "aes192-ccm" )
-+ return new opensslCipherContext( EVP_aes_192_ccm(), 0, this, type);
- #endif
- else if ( type == "aes256-ecb" )
- return new opensslCipherContext( EVP_aes_256_ecb(), 0, this, type);
-@@ -7244,6 +7307,14 @@ public:
- #ifdef HAVE_OPENSSL_AES_CTR
- else if ( type == "aes256-ctr" )
- return new opensslCipherContext( EVP_aes_256_ctr(), 0, this, type);
-+#endif
-+#ifdef HAVE_OPENSSL_AES_GCM
-+ else if ( type == "aes256-gcm" )
-+ return new opensslCipherContext( EVP_aes_256_gcm(), 0, this, type);
-+#endif
-+#ifdef HAVE_OPENSSL_AES_CCM
-+ else if ( type == "aes256-ccm" )
-+ return new opensslCipherContext( EVP_aes_256_ccm(), 0, this, type);
- #endif
- else if ( type == "blowfish-ecb" )
- return new opensslCipherContext( EVP_bf_ecb(), 0, this, type);
-diff --git a/src/qca_basic.cpp b/src/qca_basic.cpp
-index 89bf966..c2e10e1 100644
---- a/src/qca_basic.cpp
-+++ b/src/qca_basic.cpp
-@@ -262,6 +262,7 @@ public:
- Direction dir;
- SymmetricKey key;
- InitializationVector iv;
-+ AuthTag tag;
-
- bool ok, done;
- };
-@@ -280,6 +281,19 @@ Cipher::Cipher(const QString &type, Mode mode, Padding pad,
- setup(dir, key, iv);
- }
-
-+Cipher::Cipher(const QString &type, Cipher::Mode mode, Cipher::Padding pad, Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag, const QString &provider)
-+ : Algorithm(withAlgorithms(type, mode, pad), provider)
-+{
-+ d = new Private;
-+ d->type = type;
-+ d->mode = mode;
-+ d->pad = pad;
-+ d->tag = tag;
-+ if(!key.isEmpty())
-+ setup(dir, key, iv, tag);
-+}
-+
-+
- Cipher::Cipher(const Cipher &from)
- :Algorithm(from), Filter(from)
- {
-@@ -339,10 +353,15 @@ int Cipher::blockSize() const
- return static_cast<const CipherContext *>(context())->blockSize();
- }
-
-+AuthTag Cipher::tag() const
-+{
-+ return static_cast<const CipherContext *>(context())->tag();
-+}
-+
- void Cipher::clear()
- {
- d->done = false;
-- static_cast<CipherContext *>(context())->setup(d->dir, d->key, d->iv);
-+ static_cast<CipherContext *>(context())->setup(d->dir, d->key, d->iv, d->tag);
- }
-
- MemoryRegion Cipher::update(const MemoryRegion &a)
-@@ -370,10 +389,16 @@ bool Cipher::ok() const
- }
-
- void Cipher::setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv)
-+{
-+ setup(dir, key, iv, AuthTag());
-+}
-+
-+void Cipher::setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag)
- {
- d->dir = dir;
- d->key = key;
- d->iv = iv;
-+ d->tag = tag;
- clear();
- }
-
-@@ -396,6 +421,12 @@ QString Cipher::withAlgorithms(const QString &cipherType, Mode modeType, Padding
- case CTR:
- mode = "ctr";
- break;
-+ case GCM:
-+ mode = "gcm";
-+ break;
-+ case CCM:
-+ mode = "ccm";
-+ break;
- default:
- Q_ASSERT(0);
- }
-diff --git a/src/qca_core.cpp b/src/qca_core.cpp
-index 15ee385..48460ce 100644
---- a/src/qca_core.cpp
-+++ b/src/qca_core.cpp
-@@ -1,6 +1,7 @@
- /*
- * Copyright (C) 2003-2008 Justin Karneges <justin@affinix.com>
- * Copyright (C) 2004,2005 Brad Hards <bradh@frogmouth.net>
-+ * Copyright (C) 2014-2016 Ivan Romanov <drizt@land.ru>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
-@@ -1510,6 +1511,28 @@ InitializationVector::InitializationVector(const QByteArray &a)
- set(SecureArray(a));
- }
-
-+//----------------------------------------------------------------------------
-+// AuthTag
-+//----------------------------------------------------------------------------
-+AuthTag::AuthTag()
-+{
-+}
-+
-+AuthTag::AuthTag(int size)
-+{
-+ resize(size);
-+}
-+
-+AuthTag::AuthTag(const SecureArray &a)
-+{
-+ set(a);
-+}
-+
-+AuthTag::AuthTag(const QByteArray &a)
-+{
-+ set(SecureArray(a));
-+}
-+
- //----------------------------------------------------------------------------
- // Event
- //----------------------------------------------------------------------------
-diff --git a/unittest/cipherunittest/CMakeLists.txt b/unittest/cipherunittest/CMakeLists.txt
-index 858f56a..a6c775d 100644
---- a/unittest/cipherunittest/CMakeLists.txt
-+++ b/unittest/cipherunittest/CMakeLists.txt
-@@ -5,7 +5,7 @@ set(cipherunittest_bin_SRCS cipherunittest.cpp)
-
- qt4_wrap_cpp(EXTRA_SRCS cipherunittest.h)
-
--add_executable(cipherunittest ${cipherunittest_bin_SRCS} ${EXTRA_SRCS})
-+add_executable(cipherunittest ${cipherunittest_bin_SRCS} ${EXTRA_SRCS} ${cipherunittest_bin_HDRS})
-
- target_link_qca_test_libraries(cipherunittest)
-
-diff --git a/unittest/cipherunittest/cipherunittest.cpp b/unittest/cipherunittest/cipherunittest.cpp
-index 3492caf..2f321fa 100644
---- a/unittest/cipherunittest/cipherunittest.cpp
-+++ b/unittest/cipherunittest/cipherunittest.cpp
-@@ -1,5 +1,6 @@
- /**
- * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net>
-+ * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
-@@ -496,6 +497,103 @@ void CipherUnitTest::aes128_ctr()
- }
- }
-
-+void CipherUnitTest::aes128_gcm_data()
-+{
-+ QTest::addColumn<QString>("plainText");
-+ QTest::addColumn<QString>("payload");
-+ QTest::addColumn<QString>("tag");
-+ QTest::addColumn<QString>("keyText");
-+ QTest::addColumn<QString>("ivText");
-+
-+ QTest::newRow("short") << QString("6f6820526f6d656d6f21")
-+ << QString("a9f2558b9a74e6fc551f")
-+ << QString("f8ebf75f108c6f74e6fe49035d268d43")
-+ << QString("1f491f8ddf4856ae4bff9039d418175a")
-+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
-+
-+ QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930")
-+ << QString("04e321a8870b6b9cd6846239c27a63fb41d0a7b8994f1514c066f0427fa9ed6707ea6e3b4f161fdff0eb5fc087ed3827b569cd72456c697b5a3a62c9e767")
-+ << QString("b0ad4aa545ea25fc3117cbed955ff155")
-+ << QString("56341f2b431d3b0dbad787db003f2215")
-+ << QString("bfcd3a7252f7f199bf788df8cf61032a");
-+
-+
-+ QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21")
-+ << QString("a9f2558b9a74e6fc551f")
-+ << QString("f8ebf75f108c6f74e6fe49035d268d44")
-+ << QString("1f491f8ddf4856ae4bff9039d418175a")
-+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
-+}
-+
-+void CipherUnitTest::aes128_gcm()
-+{
-+ QStringList providersToTest;
-+ providersToTest.append("qca-ossl");
-+ providersToTest.append("qca-gcrypt");
-+ providersToTest.append("qca-botan");
-+ providersToTest.append("qca-nss");
-+
-+ foreach (const QString &provider, providersToTest) {
-+ if (!QCA::isSupported( "aes128-gcm", provider))
-+ QWARN(QString("AES128 GCM not supported for " + provider).toLocal8Bit());
-+ else {
-+ QFETCH(QString, plainText);
-+ QFETCH(QString, payload);
-+ QFETCH(QString, tag);
-+ QFETCH(QString, keyText);
-+ QFETCH(QString, ivText);
-+
-+ QCA::SymmetricKey key(QCA::hexToArray(keyText));
-+ QCA::InitializationVector iv(QCA::hexToArray(ivText));
-+ QCA::AuthTag authTag(16);
-+ QCA::Cipher forwardCipher(QString("aes128"),
-+ QCA::Cipher::GCM,
-+ QCA::Cipher::NoPadding,
-+ QCA::Encode,
-+ key,
-+ iv,
-+ authTag,
-+ provider);
-+ QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray());
-+ QVERIFY(forwardCipher.ok());
-+ update += QCA::arrayToHex(forwardCipher.final().toByteArray());
-+ authTag = forwardCipher.tag();
-+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
-+ QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag);
-+ QCOMPARE(update, payload);
-+ QVERIFY(forwardCipher.ok());
-+
-+ QCA::Cipher reverseCipher(QString( "aes128"),
-+ QCA::Cipher::GCM,
-+ QCA::Cipher::NoPadding,
-+ QCA::Decode,
-+ key,
-+ iv,
-+ QCA::AuthTag(QCA::hexToArray(tag)),
-+ provider);
-+
-+ update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray());
-+ QVERIFY(reverseCipher.ok());
-+ QCOMPARE(update, plainText.left(update.size()));
-+ update += QCA::arrayToHex(reverseCipher.final().toByteArray());
-+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
-+ QCOMPARE(update, plainText);
-+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
-+ QVERIFY(reverseCipher.ok());
-+ }
-+ }
-+}
-+
-+void CipherUnitTest::aes128_ccm_data()
-+{
-+
-+}
-+
-+void CipherUnitTest::aes128_ccm()
-+{
-+ // For future implementation
-+}
-+
- void CipherUnitTest::aes192_data()
- {
- QTest::addColumn<QString>("plainText");
-@@ -950,6 +1048,104 @@ void CipherUnitTest::aes192_ctr()
- }
- }
-
-+void CipherUnitTest::aes192_gcm_data()
-+{
-+ QTest::addColumn<QString>("plainText");
-+ QTest::addColumn<QString>("payload");
-+ QTest::addColumn<QString>("tag");
-+ QTest::addColumn<QString>("keyText");
-+ QTest::addColumn<QString>("ivText");
-+
-+ QTest::newRow("short") << QString("6f6820526f6d656d6f21")
-+ << QString("01ca25ff74121917f397")
-+ << QString("b90e97706d8eacbabc0be5e0a671b4e4")
-+ << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82")
-+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
-+
-+ QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930")
-+ << QString("4c1c5874877f0bee6efd450ec341b1c591e1e100da40bd4744e1035ed0ed0fb458f8efdb7c4b0b2101e29c950c56dc2489c2febec2d7062da28b9a033173")
-+ << QString("af3ea1b7f275ea1e4d4e1fdce63f83fe")
-+ << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82")
-+ << QString("bfcd3a7252f7f199bf788df8cf61032a");
-+
-+
-+ QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21")
-+ << QString("773c3d06b94727c04afc")
-+ << QString("c558aca7f19050db49d94d99119277af")
-+ << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82")
-+ << QString("bfcd3a7252f7f199bf788df8cf61032a");
-+}
-+
-+void CipherUnitTest::aes192_gcm()
-+{
-+ QStringList providersToTest;
-+ providersToTest.append("qca-ossl");
-+ providersToTest.append("qca-gcrypt");
-+ providersToTest.append("qca-botan");
-+ providersToTest.append("qca-nss");
-+
-+ foreach (const QString &provider, providersToTest) {
-+ if (!QCA::isSupported( "aes192-gcm", provider))
-+ QWARN(QString("AES128 GCM not supported for " + provider).toLocal8Bit());
-+ else {
-+ QFETCH(QString, plainText);
-+ QFETCH(QString, payload);
-+ QFETCH(QString, tag);
-+ QFETCH(QString, keyText);
-+ QFETCH(QString, ivText);
-+
-+ QCA::SymmetricKey key(QCA::hexToArray(keyText));
-+ QCA::InitializationVector iv(QCA::hexToArray(ivText));
-+ QCA::AuthTag authTag(16);
-+ QCA::Cipher forwardCipher(QString("aes192"),
-+ QCA::Cipher::GCM,
-+ QCA::Cipher::NoPadding,
-+ QCA::Encode,
-+ key,
-+ iv,
-+ authTag,
-+ provider);
-+ QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray());
-+ QVERIFY(forwardCipher.ok());
-+ update += QCA::arrayToHex(forwardCipher.final().toByteArray());
-+ authTag = forwardCipher.tag();
-+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
-+ QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag);
-+ QCOMPARE(update, payload);
-+ QVERIFY(forwardCipher.ok());
-+
-+ QCA::Cipher reverseCipher(QString( "aes192"),
-+ QCA::Cipher::GCM,
-+ QCA::Cipher::NoPadding,
-+ QCA::Decode,
-+ key,
-+ iv,
-+ QCA::AuthTag(QCA::hexToArray(tag)),
-+ provider);
-+
-+ update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray());
-+ QVERIFY(reverseCipher.ok());
-+ QCOMPARE(update, plainText.left(update.size()));
-+ update += QCA::arrayToHex(reverseCipher.final().toByteArray());
-+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
-+ QCOMPARE(update, plainText);
-+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
-+ QVERIFY(reverseCipher.ok());
-+ }
-+ }
-+}
-+
-+
-+void CipherUnitTest::aes192_ccm_data()
-+{
-+
-+}
-+
-+void CipherUnitTest::aes192_ccm()
-+{
-+ // For future implementation
-+}
-+
- void CipherUnitTest::aes256_data()
- {
- QTest::addColumn<QString>("plainText");
-@@ -1442,6 +1638,103 @@ void CipherUnitTest::aes256_ctr()
- }
- }
-
-+void CipherUnitTest::aes256_gcm_data()
-+{
-+ QTest::addColumn<QString>("plainText");
-+ QTest::addColumn<QString>("payload");
-+ QTest::addColumn<QString>("tag");
-+ QTest::addColumn<QString>("keyText");
-+ QTest::addColumn<QString>("ivText");
-+
-+ QTest::newRow("short") << QString("6f6820526f6d656d6f21")
-+ << QString("4ce2f4df041252820847")
-+ << QString("1c570805832dfe7babc1b386c26bcd04")
-+ << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04")
-+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
-+
-+ QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930")
-+ << QString("e516c267146d6cfd3af3300e24aba7ac23ab3c5cb4765937a6c0156e454cae357e14f4c0dfb0def9624f4f70de90ad2bc9cd555171c4551c26b6346922ed")
-+ << QString("f59aac31ab9dace3fcc693e114dd6610")
-+ << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04")
-+ << QString("bfcd3a7252f7f199bf788df8cf61032a");
-+
-+
-+ QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21")
-+ << QString("4ce2f4df041252820847")
-+ << QString("1c570805833dfe7babc1b386c26bcd04")
-+ << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04")
-+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
-+}
-+
-+void CipherUnitTest::aes256_gcm()
-+{
-+ QStringList providersToTest;
-+ providersToTest.append("qca-ossl");
-+ providersToTest.append("qca-gcrypt");
-+ providersToTest.append("qca-botan");
-+ providersToTest.append("qca-nss");
-+
-+ foreach (const QString &provider, providersToTest) {
-+ if (!QCA::isSupported( "aes256-gcm", provider))
-+ QWARN(QString("AES256 GCM not supported for " + provider).toLocal8Bit());
-+ else {
-+ QFETCH(QString, plainText);
-+ QFETCH(QString, payload);
-+ QFETCH(QString, tag);
-+ QFETCH(QString, keyText);
-+ QFETCH(QString, ivText);
-+
-+ QCA::SymmetricKey key(QCA::hexToArray(keyText));
-+ QCA::InitializationVector iv(QCA::hexToArray(ivText));
-+ QCA::AuthTag authTag(16);
-+ QCA::Cipher forwardCipher(QString("aes256"),
-+ QCA::Cipher::GCM,
-+ QCA::Cipher::NoPadding,
-+ QCA::Encode,
-+ key,
-+ iv,
-+ authTag,
-+ provider);
-+ QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray());
-+ QVERIFY(forwardCipher.ok());
-+ update += QCA::arrayToHex(forwardCipher.final().toByteArray());
-+ authTag = forwardCipher.tag();
-+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
-+ QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag);
-+ QCOMPARE(update, payload);
-+ QVERIFY(forwardCipher.ok());
-+
-+ QCA::Cipher reverseCipher(QString( "aes256"),
-+ QCA::Cipher::GCM,
-+ QCA::Cipher::NoPadding,
-+ QCA::Decode,
-+ key,
-+ iv,
-+ QCA::AuthTag(QCA::hexToArray(tag)),
-+ provider);
-+
-+ update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray());
-+ QVERIFY(reverseCipher.ok());
-+ QCOMPARE(update, plainText.left(update.size()));
-+ update += QCA::arrayToHex(reverseCipher.final().toByteArray());
-+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
-+ QCOMPARE(update, plainText);
-+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
-+ QVERIFY(reverseCipher.ok());
-+ }
-+ }
-+}
-+
-+void CipherUnitTest::aes256_ccm_data()
-+{
-+
-+}
-+
-+void CipherUnitTest::aes256_ccm()
-+{
-+ // For future implementation
-+}
-+
- void CipherUnitTest::tripleDES_data()
- {
- QTest::addColumn<QString>("plainText");
-diff --git a/unittest/cipherunittest/cipherunittest.h b/unittest/cipherunittest/cipherunittest.h
-index 97f5627..bb3ece4 100644
---- a/unittest/cipherunittest/cipherunittest.h
-+++ b/unittest/cipherunittest/cipherunittest.h
-@@ -1,3 +1,29 @@
-+/**
-+ * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net>
-+ * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ *
-+ * 1. Redistributions of source code must retain the above copyright
-+ * notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ * notice, this list of conditions and the following disclaimer in the
-+ * documentation and/or other materials provided with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ */
-+
- #ifndef CIPHERUNITTEST_H
- #define CIPHERUNITTEST_H
-
-@@ -23,6 +49,10 @@ private slots:
- void aes128_ofb();
- void aes128_ctr_data();
- void aes128_ctr();
-+ void aes128_gcm_data();
-+ void aes128_gcm();
-+ void aes128_ccm_data();
-+ void aes128_ccm();
-
- void aes192_data();
- void aes192();
-@@ -36,6 +66,10 @@ private slots:
- void aes192_ofb();
- void aes192_ctr_data();
- void aes192_ctr();
-+ void aes192_gcm_data();
-+ void aes192_gcm();
-+ void aes192_ccm_data();
-+ void aes192_ccm();
-
- void aes256_data();
- void aes256();
-@@ -49,6 +83,10 @@ private slots:
- void aes256_ofb();
- void aes256_ctr_data();
- void aes256_ctr();
-+ void aes256_gcm_data();
-+ void aes256_gcm();
-+ void aes256_ccm_data();
-+ void aes256_ccm();
-
- void tripleDES_data();
- void tripleDES();
-
-commit 28245c731ed9fefac75fa8a918a06dbb22945ee3
-Author: Ivan Romanov <drizt@land.ru>
-Date: Sat Aug 20 20:35:55 2016 +0500
-
- Add base64 convenience functions
-
-diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h
-index f5c4601..7e7cf87 100644
---- a/include/QtCrypto/qca_core.h
-+++ b/include/QtCrypto/qca_core.h
-@@ -619,6 +619,32 @@ if (QCA::hexToArray(QString("62626262626262006262") ) == test )
- */
- QCA_EXPORT QByteArray hexToArray(const QString &hexString);
-
-+/**
-+ Convert a byte array to printable base64
-+ representation.
-+
-+ This is a convenience function to convert an arbitrary
-+ QByteArray to a printable representation.
-+
-+ \param array the array to be converted
-+ \return a printable representation
-+*/
-+QCA_EXPORT QString arrayToBase64(const QByteArray &array);
-+
-+/**
-+ Convert a QString containing a base64 representation
-+ of a byte array into a QByteArray
-+
-+ This is a convenience function to convert a printable
-+ representation into a QByteArray - effectively the inverse
-+ of QCA::arrayToBase64.
-+
-+ \param base64String the string containing a printable
-+ representation to be converted
-+ \return the equivalent QByteArray
-+*/
-+QCA_EXPORT QByteArray base64ToArray(const QString &base64String);
-+
- /**
- \class Initializer qca_core.h QtCrypto
-
-diff --git a/src/qca_core.cpp b/src/qca_core.cpp
-index 48460ce..dfb93b7 100644
---- a/src/qca_core.cpp
-+++ b/src/qca_core.cpp
-@@ -813,6 +813,16 @@ QByteArray hexToArray(const QString &str)
- return Hex().stringToArray(str).toByteArray();
- }
-
-+QString arrayToBase64(const QByteArray &a)
-+{
-+ return Base64().arrayToString(a);
-+}
-+
-+QByteArray base64ToArray(const QString &base64String)
-+{
-+ return Base64().stringToArray(base64String).toByteArray();
-+}
-+
- static Provider *getProviderForType(const QString &type, const QString &provider)
- {
- Provider *p = 0;
-diff --git a/unittest/base64unittest/base64unittest.cpp b/unittest/base64unittest/base64unittest.cpp
-index f37dcfa..b354aea 100644
---- a/unittest/base64unittest/base64unittest.cpp
-+++ b/unittest/base64unittest/base64unittest.cpp
-@@ -120,6 +120,9 @@ void Base64UnitTest::test2()
-
- QCOMPARE( base64Object.encodeString(raw), encoded );
- QCOMPARE( base64Object.decodeString(encoded), raw );
-+
-+ QCOMPARE( QCA::arrayToBase64(raw.toUtf8()), encoded );
-+ QCOMPARE( QLatin1String(QCA::base64ToArray(encoded)), raw );
- }
-
- QTEST_MAIN(Base64UnitTest)
-
-commit d320ef4fdb2b5a70a2485a7027e52b520f0c4b48
-Author: Ivan Romanov <drizt@land.ru>
-Date: Mon Oct 10 21:50:18 2016 +0500
-
- Add some missed headers to Qt Creator project
-
-diff --git a/plugins/qca-gnupg/CMakeLists.txt b/plugins/qca-gnupg/CMakeLists.txt
-index 6dbcaed..1ed8e21 100644
---- a/plugins/qca-gnupg/CMakeLists.txt
-+++ b/plugins/qca-gnupg/CMakeLists.txt
-@@ -21,6 +21,23 @@ set(QCA_GNUPG_NONMOC_SOURCES
- gpgproc/gpgproc.cpp
- )
-
-+set(QCA_GNUPG_HEADERS
-+ gpgaction.h
-+ ringwatch.h
-+ gpgop.h
-+ gpgop_p.h
-+ lineconverter.h
-+ mypgpkeycontext.h
-+ mykeystoreentry.h
-+ mykeystorelist.h
-+ gpgproc/gpgproc_p.h
-+ gpgproc/sprocess.h
-+ gpgproc/gpgproc.h
-+ utils.h
-+ mymessagecontext.h
-+ myopenpgpcontext.h
-+)
-+
- my_automoc(QCA_GNUPG_MOC_SOURCES)
-
- qt4_wrap_cpp(EXTRA_GNUPG_SOURCES gpgop.h)
-@@ -33,7 +50,7 @@ qt4_wrap_cpp(EXTRA_GNUPG_SOURCES mykeystorelist.h)
- qt4_wrap_cpp(EXTRA_GNUPG_SOURCES mymessagecontext.h)
- qt4_wrap_cpp(EXTRA_GNUPG_SOURCES gpgaction.h)
-
--add_library(qca-gnupg ${PLUGIN_TYPE} ${QCA_GNUPG_MOC_SOURCES} ${QCA_GNUPG_NONMOC_SOURCES} ${EXTRA_GNUPG_SOURCES})
-+add_library(qca-gnupg ${PLUGIN_TYPE} ${QCA_GNUPG_MOC_SOURCES} ${QCA_GNUPG_NONMOC_SOURCES} ${EXTRA_GNUPG_SOURCES} ${QCA_GNUPG_HEADERS})
-
- if(APPLE AND ${PLUGIN_TYPE} STREQUAL "MODULE")
- set_property(TARGET qca-gnupg PROPERTY SUFFIX ".dylib")
-
-commit 7ba0ee591e0f50a7e7b532f9eb7e500e7da784fb
-Author: Samuel Gaist <samuel.gaist@edeltech.ch>
-Date: Thu Oct 20 13:34:23 2016 +0200
-
- OS X build and warning fix
-
- Revert "Add missed file"
-
- This reverts commit 4c9f27270e0a7c00c10cbc56ce5c6842b47e5ab2.
-
- FindCoreFoundation.cmake is not needed since CoreFoundation
- is a system framework. Its use has been removed by
- commit f223ce03d4b94ffbb093fc8be5adf8d968f54434
-
- Acked by: Ivan Čukić
-
- REVIEW: 126285
-
-diff --git a/cmake/modules/FindCoreFoundation.cmake b/cmake/modules/FindCoreFoundation.cmake
-deleted file mode 100644
-index c08e529..0000000
---- a/cmake/modules/FindCoreFoundation.cmake
-+++ /dev/null
-@@ -1,13 +0,0 @@
--# Copyright (c) 2014, Samuel Gaist, <samuel.gaist@edeltech.ch>
--#
--# Redistribution and use is allowed according to the terms of the BSD license.
--# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
--
--INCLUDE(CMakeFindFrameworks)
--
--CMAKE_FIND_FRAMEWORKS(CoreFoundation)
--
--if (CoreFoundation_FRAMEWORKS)
-- set(COREFOUNDATION_LIBRARY "-framework CoreFoundation" CACHE FILEPATH "CoreFoundation framework" FORCE)
-- set(COREFOUNDATION_FOUND 1)
--endif (CoreFoundation_FRAMEWORKS)
-
-commit b435c1b87b14ac2d2de9f83e586bfd6d8c2a755e
-Author: Ivan Romanov <drizt@land.ru>
-Date: Sun Jan 29 14:06:08 2017 +0500
-
- Avoid @rpath on Mac OS
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 605621b..34bffb9 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -23,6 +23,10 @@ set(QCA_LIB_PATCH_VERSION "0")
- # qtmain.lib.
- cmake_policy(SET CMP0020 OLD)
-
-+if(POLICY CMP0042)
-+ cmake_policy(SET CMP0042 OLD)
-+endif()
-+
- option(BUILD_TESTS "Create test" ON)
- option(BUILD_TOOLS "Compile mozcerts and qcatool" ON)
- set(BUILD_PLUGINS "auto" CACHE STRING "Plugins for building (also possible values: none, all and auto)")
-
-commit f4b2eb0ced5310f3c43398eb1f03e0c065e08a82
-Author: Ivan Romanov <drizt@land.ru>
-Date: Sun Jan 29 15:08:12 2017 +0500
-
- Fix previous commit
-
-diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
-index 92204f2..2e81974 100644
---- a/src/CMakeLists.txt
-+++ b/src/CMakeLists.txt
-@@ -148,9 +148,15 @@ if(WIN32)
- endif(WIN32)
-
- if(APPLE)
-- set(COREFOUNDATION_LIBRARY "-framework CoreFoundation")
-- set(COREFOUNDATION_LIBRARY_SECURITY "-framework Security")
-- TARGET_LINK_LIBRARIES(${QCA_LIB_NAME} ${COREFOUNDATION_LIBRARY} ${COREFOUNDATION_LIBRARY_SECURITY})
-+ set(COREFOUNDATION_LIBRARY "-framework CoreFoundation")
-+ set(COREFOUNDATION_LIBRARY_SECURITY "-framework Security")
-+ TARGET_LINK_LIBRARIES(${QCA_LIB_NAME} ${COREFOUNDATION_LIBRARY} ${COREFOUNDATION_LIBRARY_SECURITY})
-+
-+ if(OSX_FRAMEWORK AND NOT USE_RELATIVE_PATHS)
-+ set_target_properties(${QCA_LIB_NAME} PROPERTIES
-+ INSTALL_NAME_DIR "${QCA_LIBRARY_INSTALL_DIR}"
-+ )
-+ endif()
- endif(APPLE)
-
- if(NOT ANDROID)
-
-commit be55b9c98dca67e42709ac6eadc272390ee49f03
-Author: Ivan Romanov <drizt@land.ru>
-Date: Wed Mar 1 13:22:48 2017 +0500
-
- Fix Qt5.7 warning
-
-diff --git a/src/support/console.cpp b/src/support/console.cpp
-index c3c5570..ee94998 100644
---- a/src/support/console.cpp
-+++ b/src/support/console.cpp
-@@ -857,7 +857,7 @@ public:
- return false;
- }
-
-- if(c == '\b' || c == 0x7f)
-+ if(c == '\b' || c.unicode() == 0x7f)
- {
- if(at > 0)
- {
-
-commit 5f18ebc705ec98e883aa63cb537e36e6a08b7e34
-Author: Alon Bar-Lev <alon.barlev@gmail.com>
-Date: Tue Mar 21 12:23:17 2017 +0200
-
- build: fix C++11 throwing distructors
-
- For >=C++11, explicitly mark throwing destructors `noexcept(false)`
-
- Thanks: Peter-Levine <plevine457@gmail.com>
-
-diff --git a/Doxyfile.in b/Doxyfile.in
-index 59d9afe..844c234 100644
---- a/Doxyfile.in
-+++ b/Doxyfile.in
-@@ -1070,7 +1070,7 @@ PREDEFINED = DOXYGEN_SHOULD_SKIP_THIS \
- # The macro definition that is found in the sources will be used.
- # Use the PREDEFINED tag if you want to use a different macro definition.
-
--EXPAND_AS_DEFINED = QCA_EXPORT
-+EXPAND_AS_DEFINED = QCA_EXPORT QCA_NOEXCEPT
-
- # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
- # doxygen's preprocessor will remove all function-like macros that are alone
-diff --git a/src/botantools/botan/alloc_mmap/mmap_mem.cpp b/src/botantools/botan/alloc_mmap/mmap_mem.cpp
-index 362b688..54f0d23 100644
---- a/src/botantools/botan/alloc_mmap/mmap_mem.cpp
-+++ b/src/botantools/botan/alloc_mmap/mmap_mem.cpp
-@@ -107,7 +107,7 @@ void* MemoryMapping_Allocator::alloc_block(u32bit n)
- umask(old_umask);
- }
-
-- ~TemporaryFile()
-+ ~TemporaryFile() QCA_NOEXCEPT(false)
- {
- delete[] filepath;
- if(fd != -1 && close(fd) == -1)
-diff --git a/src/botantools/botan/botan/allocate.h b/src/botantools/botan/botan/allocate.h
-index 0ac351e..52bc397 100644
---- a/src/botantools/botan/botan/allocate.h
-+++ b/src/botantools/botan/botan/allocate.h
-@@ -40,6 +40,12 @@ namespace QCA { // WRAPNS_LINE
- #include <string>
- namespace QCA { // WRAPNS_LINE
-
-+#if __cplusplus >= 201103L
-+#define QCA_NOEXCEPT(x) noexcept(x)
-+#else
-+#define QCA_NOEXCEPT(x)
-+#endif
-+
- namespace Botan {
-
- /*************************************************
-@@ -58,7 +64,7 @@ class Allocator
- virtual void init() {}
- virtual void destroy() {}
-
-- virtual ~Allocator() {}
-+ virtual ~Allocator() QCA_NOEXCEPT(false) {}
- };
-
- /*************************************************
-diff --git a/src/botantools/botan/botan/mem_pool.h b/src/botantools/botan/botan/mem_pool.h
-index 32834b8..1cb903e 100644
---- a/src/botantools/botan/botan/mem_pool.h
-+++ b/src/botantools/botan/botan/mem_pool.h
-@@ -63,7 +63,7 @@ class Pooling_Allocator : public Allocator
- void destroy();
-
- Pooling_Allocator(u32bit, bool);
-- ~Pooling_Allocator();
-+ ~Pooling_Allocator() QCA_NOEXCEPT(false);
- private:
- void get_more_core(u32bit);
- byte* allocate_blocks(u32bit);
-diff --git a/src/botantools/botan/mem_pool.cpp b/src/botantools/botan/mem_pool.cpp
-index 00280ec..baa47aa 100644
---- a/src/botantools/botan/mem_pool.cpp
-+++ b/src/botantools/botan/mem_pool.cpp
-@@ -171,7 +171,7 @@ Pooling_Allocator::Pooling_Allocator(u32bit p_size, bool) :
- /*************************************************
- * Pooling_Allocator Destructor *
- *************************************************/
--Pooling_Allocator::~Pooling_Allocator()
-+Pooling_Allocator::~Pooling_Allocator() QCA_NOEXCEPT(false)
- {
- delete mutex;
- if(blocks.size())
-
-commit df794c0181a09c42a883f2f886af20526f2e219e
-Author: Ivan Romanov <drizt@land.ru>
-Date: Sat Jul 8 09:53:45 2017 +0500
-
- Remove deprecated keyword
-
-diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h
-index 7e7cf87..8c25a70 100644
---- a/include/QtCrypto/qca_core.h
-+++ b/include/QtCrypto/qca_core.h
-@@ -492,8 +492,8 @@ QCA_EXPORT Logger *logger();
- */
- #define QCA_logTextMessage(message, severity) \
- do { \
-- register QCA::Logger::Severity s = severity; \
-- register QCA::Logger *l = QCA::logger (); \
-+ QCA::Logger::Severity s = severity; \
-+ QCA::Logger *l = QCA::logger (); \
- if (s <= l->level ()) { \
- l->logTextMessage (message, s); \
- } \
-@@ -511,8 +511,8 @@ QCA_EXPORT Logger *logger();
- */
- #define QCA_logBinaryMessage(blob, severity) \
- do { \
-- register QCA::Logger::Severity s = severity; \
-- register QCA::Logger *l = QCA::logger (); \
-+ QCA::Logger::Severity s = severity; \
-+ QCA::Logger *l = QCA::logger (); \
- if (s <= l->level ()) { \
- l->logBinaryMessage (blob, s); \
- } \
-
-commit 8871dcd2e14207de4319c5da584d7712d13ce7ae
-Author: Ivan Romanov <drizt@land.ru>
-Date: Mon Sep 18 22:28:00 2017 +0500
-
- Fix CMake warning
-
- CMP 0020 is deprecated. Avoid using of old behaviour.
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 34bffb9..7ef32ee 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -18,11 +18,6 @@ set(QCA_LIB_MAJOR_VERSION "2")
- set(QCA_LIB_MINOR_VERSION "2")
- set(QCA_LIB_PATCH_VERSION "0")
-
--# Do not automatically link Qt executables to qtmain target on Windows.
--# QCA exucatables use console mode only. Not need to link against
--# qtmain.lib.
--cmake_policy(SET CMP0020 OLD)
--
- if(POLICY CMP0042)
- cmake_policy(SET CMP0042 OLD)
- endif()
-@@ -51,6 +46,9 @@ set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules" )
-
- option(QT4_BUILD "Force building with Qt4 even if Qt5 is found")
- if (NOT QT4_BUILD)
-+ # Do not automatically link Qt executables to qtmain target on Windows.
-+ # QCA exucatables use console mode only. Not need to link against qtmain.lib.
-+ set(Qt5_NO_LINK_QTMAIN ON)
- find_package(Qt5Core QUIET)
- mark_as_advanced(Qt5Core_DIR)
- endif()
-@@ -71,6 +69,9 @@ if (Qt5Core_FOUND)
- else()
- set(QT_MIN_VERSION "4.7.0")
- set(QT_USE_IMPORTED_TARGETS ON)
-+ # Do not automatically link Qt executables to qtmain target on Windows.
-+ # QCA exucatables use console mode only. Not need to link against qtmain.lib.
-+ set(QT4_NO_LINK_QTMAIN ON)
- if(BUILD_TESTS)
- find_package(Qt4 REQUIRED QtCore QtNetwork QtTest)
- else(BUILD_TESTS)
-
-commit 159e144abf98964ad8653efdeeebefe1a284a044
-Author: Ivan Romanov <drizt@land.ru>
-Date: Sat Sep 30 15:45:59 2017 +0500
-
- Disable missed openssl cipher suites
-
- Fedora 26 has no them.
-
-commit d58e20ee652038dc4ec4fe4765dc3639ed735526
-Author: Fabian Vogt <fabian@ritter-vogt.de>
-Date: Sat Dec 16 22:29:40 2017 +0100
-
- Add support for OpenSSL 1.1.0
-
- Test Plan:
- Ran the testsuite with OpenSSL 1.1.0g and 1.0.2j, all passed.
- Using this code with kdeconnect and okteta successfully on my system now.
-
- Reviewers: iromanov
-
- Subscribers: anthonyfieroni, alonbl, heikobecker, cfeck, asturmlechner, bero, rdieter
-
- Differential Revision: https://phabricator.kde.org/D9416
-
-diff --git a/plugins/qca-ossl/ossl110-compat.h b/plugins/qca-ossl/ossl110-compat.h
-new file mode 100644
-index 0000000..ec15475
---- /dev/null
-+++ b/plugins/qca-ossl/ossl110-compat.h
-@@ -0,0 +1,283 @@
-+/*
-+ * Copyright (C) 2017 Gabriel Souza Franco <gabrielfrancosouza@gmail.com>
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2.1 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library; if not, write to the Free Software
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
-+ *
-+ */
-+
-+#ifndef OSSL110COMPAT_H
-+#define OSSL110COMPAT_H
-+
-+#include <openssl/evp.h>
-+#include <openssl/hmac.h>
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define RSA_F_RSA_METH_DUP 161
-+
-+static void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-+{
-+ if (pr)
-+ *pr = sig->r;
-+ if (ps)
-+ *ps = sig->s;
-+}
-+
-+static int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-+{
-+ if (!sig) return 0;
-+ sig->r = r;
-+ sig->s = s;
-+ return 1;
-+}
-+
-+static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-+{
-+ if (p)
-+ *p = dsa->p;
-+ if (q)
-+ *q = dsa->q;
-+ if (g)
-+ *g = dsa->g;
-+}
-+
-+static int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-+{
-+ if (!dsa) return 0;
-+ dsa->p = p;
-+ dsa->q = q;
-+ dsa->g = g;
-+ return 1;
-+}
-+
-+static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-+{
-+ if (n)
-+ *n = rsa->n;
-+ if (e)
-+ *e = rsa->e;
-+ if (d)
-+ *d = rsa->d;
-+}
-+
-+static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
-+{
-+ if (!rsa) return 0;
-+ rsa->n = n;
-+ rsa->e = e;
-+ rsa->d = d;
-+ return 1;
-+}
-+
-+static void RSA_get0_factors(const RSA *rsa, const BIGNUM **p, const BIGNUM **q)
-+{
-+ if (p)
-+ *p = rsa->p;
-+ if (q)
-+ *q = rsa->q;
-+}
-+
-+static int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q)
-+{
-+ if (!rsa) return 0;
-+ rsa->p = p;
-+ rsa->q = q;
-+ return 1;
-+}
-+
-+static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-+{
-+ if (p)
-+ *p = dh->p;
-+ if (q)
-+ *q = dh->q;
-+ if (g)
-+ *g = dh->g;
-+}
-+
-+static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-+{
-+ if (!dh) return 0;
-+ dh->p = p;
-+ dh->q = q;
-+ dh->g = g;
-+ return 1;
-+}
-+
-+static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
-+{
-+ if (pub_key)
-+ *pub_key = dh->pub_key;
-+ if (priv_key)
-+ *priv_key = dh->priv_key;
-+}
-+
-+static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
-+{
-+ if (!dh) return 0;
-+ dh->pub_key = pub_key;
-+ dh->priv_key = priv_key;
-+ return 1;
-+}
-+
-+static void DSA_get0_key(const DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key)
-+{
-+ if (pub_key)
-+ *pub_key = dsa->pub_key;
-+ if (priv_key)
-+ *priv_key = dsa->priv_key;
-+}
-+
-+static int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key)
-+{
-+ if (!dsa) return 0;
-+ dsa->pub_key = pub_key;
-+ dsa->priv_key = priv_key;
-+ return 1;
-+}
-+
-+static void X509_SIG_getm(const X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest)
-+{
-+ if (palg)
-+ *palg = sig->algor;
-+ if (pdigest)
-+ *pdigest = sig->digest;
-+}
-+
-+static void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
-+{
-+ if (psig)
-+ *psig = req->signature;
-+ if (palg)
-+ *palg = req->sig_alg;
-+}
-+
-+static void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
-+{
-+ if (psig)
-+ *psig = crl->signature;
-+ if (palg)
-+ *palg = crl->sig_alg;
-+}
-+
-+static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
-+{
-+ if (!meth)
-+ return NULL;
-+
-+ RSA_METHOD *_meth = (RSA_METHOD *) OPENSSL_malloc(sizeof(*_meth));
-+
-+ if (!_meth)
-+ {
-+ RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
-+ memcpy(_meth, meth, sizeof(*_meth));
-+ _meth->name = strdup(meth->name);
-+ if (!_meth->name) {
-+ OPENSSL_free(_meth);
-+ RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
-+ return NULL;
-+ }
-+
-+ return _meth;
-+}
-+
-+static int RSA_meth_set_priv_enc(RSA_METHOD *rsa, int (*priv_enc) (int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding))
-+{
-+ if (!rsa) return 0;
-+ rsa->rsa_priv_enc = priv_enc;
-+ return 1;
-+}
-+
-+static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int (*priv_dec) (int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa, int padding))
-+{
-+ if (!rsa) return 0;
-+ rsa->rsa_priv_dec = priv_dec;
-+ return 1;
-+}
-+
-+static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m,
-+ unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
-+{
-+ if (!meth) return 0;
-+ meth->rsa_sign = sign;
-+ return 1;
-+}
-+
-+static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m,
-+ unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa))
-+{
-+ if (!meth) return 0;
-+ meth->rsa_verify = verify;
-+ return 1;
-+}
-+
-+static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
-+{
-+ if (!meth) return 0;
-+ meth->finish = finish;
-+ return 1;
-+}
-+
-+static HMAC_CTX *HMAC_CTX_new()
-+{
-+ HMAC_CTX *ctx = (HMAC_CTX *) OPENSSL_malloc(sizeof(HMAC_CTX));
-+ if (ctx)
-+ HMAC_CTX_init(ctx);
-+ return ctx;
-+}
-+
-+static void HMAC_CTX_free(HMAC_CTX *ctx)
-+{
-+ if (!ctx)
-+ return;
-+ HMAC_CTX_cleanup(ctx);
-+ EVP_MD_CTX_cleanup(&ctx->i_ctx);
-+ EVP_MD_CTX_cleanup(&ctx->o_ctx);
-+ EVP_MD_CTX_cleanup(&ctx->md_ctx);
-+ OPENSSL_free(ctx);
-+}
-+
-+#define ASN1_STRING_get0_data(...) (const unsigned char*)ASN1_STRING_data(__VA_ARGS__)
-+
-+#define EVP_MD_CTX_new(...) EVP_MD_CTX_create(__VA_ARGS__)
-+#define EVP_MD_CTX_free(...) EVP_MD_CTX_destroy(__VA_ARGS__)
-+
-+#define EVP_PKEY_up_ref(pkey) CRYPTO_add(&(pkey)->references, 1, CRYPTO_LOCK_EVP_PKEY)
-+#define X509_up_ref(cert) CRYPTO_add(&(cert)->references, 1, CRYPTO_LOCK_X509)
-+#define X509_CRL_up_ref(crl) CRYPTO_add(&(crl)->references, 1, CRYPTO_LOCK_X509_CRL)
-+
-+#define EVP_PKEY_id(pky) (pky)->type
-+#define EVP_PKEY_get0_DSA(pky) (pky)->pkey.dsa
-+#define EVP_PKEY_get0_RSA(pky) (pky)->pkey.rsa
-+#define EVP_PKEY_get0_DH(pky) (pky)->pkey.dh
-+
-+#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
-+#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
-+
-+#define X509_REQ_get_signature_nid(req) OBJ_obj2nid((req)->sig_alg->algorithm)
-+#define X509_CRL_get_signature_nid(crl) OBJ_obj2nid((crl)->sig_alg->algorithm)
-+
-+#define X509_REVOKED_get0_serialNumber(rev) (rev)->serialNumber
-+#define X509_REVOKED_get0_revocationDate(rev) (rev)->revocationDate
-+
-+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#endif // OSSL110COMPAT_H
-diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
-index a507604..39dbc2b 100644
---- a/plugins/qca-ossl/qca-ossl.cpp
-+++ b/plugins/qca-ossl/qca-ossl.cpp
-@@ -2,6 +2,7 @@
- * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com>
- * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
- * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
-+ * Copyright (C) 2017 Fabian Vogt <fabian@ritter-vogt.de>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
-@@ -39,6 +40,8 @@
- #include <openssl/pkcs12.h>
- #include <openssl/ssl.h>
-
-+#include "ossl110-compat.h"
-+
- #ifndef OSSL_097
- // comment this out if you'd rather use openssl 0.9.6
- #define OSSL_097
-@@ -53,6 +56,16 @@
- ((_STACK*) (1 ? p : (type*)0))
- #endif
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ #define OSSL_110
-+#endif
-+
-+// OpenSSL 1.1.0 compatibility macros
-+#ifdef OSSL_110
-+#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
-+#define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT
-+#endif
-+
- using namespace QCA;
-
- namespace opensslQCAPlugin {
-@@ -94,7 +107,7 @@ static QByteArray bio2ba(BIO *b)
- return buf;
- }
-
--static BigInteger bn2bi(BIGNUM *n)
-+static BigInteger bn2bi(const BIGNUM *n)
- {
- SecureArray buf(BN_num_bytes(n) + 1);
- buf[0] = 0; // positive
-@@ -110,7 +123,7 @@ static BIGNUM *bi2bn(const BigInteger &n)
-
- // take lowest bytes of BIGNUM to fit
- // pad with high byte zeroes to fit
--static SecureArray bn2fixedbuf(BIGNUM *n, int size)
-+static SecureArray bn2fixedbuf(const BIGNUM *n, int size)
- {
- SecureArray buf(BN_num_bytes(n));
- BN_bn2bin(n, (unsigned char *)buf.data());
-@@ -128,8 +141,11 @@ static SecureArray dsasig_der_to_raw(const SecureArray &in)
- const unsigned char *inp = (const unsigned char *)in.data();
- d2i_DSA_SIG(&sig, &inp, in.size());
-
-- SecureArray part_r = bn2fixedbuf(sig->r, 20);
-- SecureArray part_s = bn2fixedbuf(sig->s, 20);
-+ const BIGNUM *bnr, *bns;
-+ DSA_SIG_get0(sig, &bnr, &bns);
-+
-+ SecureArray part_r = bn2fixedbuf(bnr, 20);
-+ SecureArray part_s = bn2fixedbuf(bns, 20);
- SecureArray result;
- result.append(part_r);
- result.append(part_s);
-@@ -144,12 +160,16 @@ static SecureArray dsasig_raw_to_der(const SecureArray &in)
- return SecureArray();
-
- DSA_SIG *sig = DSA_SIG_new();
-- SecureArray part_r(20);
-- SecureArray part_s(20);
-+ SecureArray part_r(20); BIGNUM *bnr;
-+ SecureArray part_s(20); BIGNUM *bns;
- memcpy(part_r.data(), in.data(), 20);
- memcpy(part_s.data(), in.data() + 20, 20);
-- sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
-- sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
-+ bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
-+ bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
-+
-+ if(DSA_SIG_set0(sig, bnr, bns) == 0)
-+ return SecureArray();
-+ // Not documented what happens in the failure case, free bnr and bns?
-
- int len = i2d_DSA_SIG(sig, NULL);
- SecureArray result(len);
-@@ -1005,29 +1025,39 @@ public:
- opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type)
- {
- m_algorithm = algorithm;
-- EVP_DigestInit( &m_context, m_algorithm );
-+ m_context = EVP_MD_CTX_new();
-+ EVP_DigestInit( m_context, m_algorithm );
-+ }
-+
-+ opensslHashContext(const opensslHashContext &other)
-+ : HashContext(other)
-+ {
-+ m_algorithm = other.m_algorithm;
-+ m_context = EVP_MD_CTX_new();
-+ EVP_MD_CTX_copy_ex(m_context, other.m_context);
- }
-
- ~opensslHashContext()
- {
-- EVP_MD_CTX_cleanup(&m_context);
-+ EVP_MD_CTX_free(m_context);
- }
-
- void clear()
- {
-- EVP_MD_CTX_cleanup(&m_context);
-- EVP_DigestInit( &m_context, m_algorithm );
-+ EVP_MD_CTX_free(m_context);
-+ m_context = EVP_MD_CTX_new();
-+ EVP_DigestInit( m_context, m_algorithm );
- }
-
- void update(const MemoryRegion &a)
- {
-- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
- }
-
- MemoryRegion final()
- {
- SecureArray a( EVP_MD_size( m_algorithm ) );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- return a;
- }
-
-@@ -1038,7 +1068,7 @@ public:
-
- protected:
- const EVP_MD *m_algorithm;
-- EVP_MD_CTX m_context;
-+ EVP_MD_CTX *m_context;
- };
-
-
-@@ -1048,7 +1078,21 @@ public:
- opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type)
- {
- m_algorithm = algorithm;
-- EVP_DigestInit( &m_context, m_algorithm );
-+ m_context = EVP_MD_CTX_new();
-+ EVP_DigestInit( m_context, m_algorithm );
-+ }
-+
-+ opensslPbkdf1Context(const opensslPbkdf1Context &other)
-+ : KDFContext(other)
-+ {
-+ m_algorithm = other.m_algorithm;
-+ m_context = EVP_MD_CTX_new();
-+ EVP_MD_CTX_copy(m_context, other.m_context);
-+ }
-+
-+ ~opensslPbkdf1Context()
-+ {
-+ EVP_MD_CTX_free(m_context);
- }
-
- Provider::Context *clone() const
-@@ -1082,16 +1126,16 @@ public:
- DK = Tc<0..dkLen-1>
- */
- // calculate T_1
-- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
-- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
- SecureArray a( EVP_MD_size( m_algorithm ) );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
-
- // calculate T_2 up to T_c
- for ( unsigned int i = 2; i <= iterationCount; ++i ) {
-- EVP_DigestInit( &m_context, m_algorithm );
-- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestInit( m_context, m_algorithm );
-+ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- }
-
- // shrink a to become DK, of the required length
-@@ -1137,19 +1181,19 @@ public:
- DK = Tc<0..dkLen-1>
- */
- // calculate T_1
-- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
-- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
- SecureArray a( EVP_MD_size( m_algorithm ) );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
-
- // calculate T_2 up to T_c
- *iterationCount = 2 - 1; // <- Have to remove 1, unless it computes one
- timer.start(); // ^ time more than the base function
- // ^ with the same iterationCount
- while (timer.elapsed() < msecInterval) {
-- EVP_DigestInit( &m_context, m_algorithm );
-- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestInit( m_context, m_algorithm );
-+ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- ++(*iterationCount);
- }
-
-@@ -1164,7 +1208,7 @@ public:
-
- protected:
- const EVP_MD *m_algorithm;
-- EVP_MD_CTX m_context;
-+ EVP_MD_CTX *m_context;
- };
-
- class opensslPbkdf2Context : public KDFContext
-@@ -1232,12 +1276,28 @@ public:
- opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type)
- {
- m_algorithm = algorithm;
-- HMAC_CTX_init( &m_context );
-+ m_context = HMAC_CTX_new();
-+#ifndef OSSL_110
-+ HMAC_CTX_init( m_context );
-+#endif
-+ }
-+
-+ opensslHMACContext(const opensslHMACContext &other)
-+ : MACContext(other)
-+ {
-+ m_algorithm = other.m_algorithm;
-+ m_context = HMAC_CTX_new();
-+ HMAC_CTX_copy(m_context, other.m_context);
-+ }
-+
-+ ~opensslHMACContext()
-+ {
-+ HMAC_CTX_free(m_context);
- }
-
- void setup(const SymmetricKey &key)
- {
-- HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 );
-+ HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 );
- }
-
- KeyLength keyLength() const
-@@ -1247,14 +1307,18 @@ public:
-
- void update(const MemoryRegion &a)
- {
-- HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() );
-+ HMAC_Update( m_context, (unsigned char *)a.data(), a.size() );
- }
-
- void final(MemoryRegion *out)
- {
- SecureArray sa( EVP_MD_size( m_algorithm ), 0 );
-- HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 );
-- HMAC_CTX_cleanup(&m_context);
-+ HMAC_Final(m_context, (unsigned char *)sa.data(), 0 );
-+#ifdef OSSL_110
-+ HMAC_CTX_reset(m_context);
-+#else
-+ HMAC_CTX_cleanup(m_context);
-+#endif
- *out = sa;
- }
-
-@@ -1264,7 +1328,7 @@ public:
- }
-
- protected:
-- HMAC_CTX m_context;
-+ HMAC_CTX *m_context;
- const EVP_MD *m_algorithm;
- };
-
-@@ -1278,7 +1342,7 @@ class EVPKey
- public:
- enum State { Idle, SignActive, SignError, VerifyActive, VerifyError };
- EVP_PKEY *pkey;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- State state;
- bool raw_type;
- SecureArray raw;
-@@ -1288,19 +1352,23 @@ public:
- pkey = 0;
- raw_type = false;
- state = Idle;
-+ mdctx = EVP_MD_CTX_new();
- }
-
- EVPKey(const EVPKey &from)
- {
- pkey = from.pkey;
-- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-+ EVP_PKEY_up_ref(pkey);
- raw_type = false;
- state = Idle;
-+ mdctx = EVP_MD_CTX_new();
-+ EVP_MD_CTX_copy(mdctx, from.mdctx);
- }
-
- ~EVPKey()
- {
- reset();
-+ EVP_MD_CTX_free(mdctx);
- }
-
- void reset()
-@@ -1323,8 +1391,8 @@ public:
- else
- {
- raw_type = false;
-- EVP_MD_CTX_init(&mdctx);
-- if(!EVP_SignInit_ex(&mdctx, type, NULL))
-+ EVP_MD_CTX_init(mdctx);
-+ if(!EVP_SignInit_ex(mdctx, type, NULL))
- state = SignError;
- }
- }
-@@ -1340,8 +1408,8 @@ public:
- else
- {
- raw_type = false;
-- EVP_MD_CTX_init(&mdctx);
-- if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
-+ EVP_MD_CTX_init(mdctx);
-+ if(!EVP_VerifyInit_ex(mdctx, type, NULL))
- state = VerifyError;
- }
- }
-@@ -1353,7 +1421,7 @@ public:
- if (raw_type)
- raw += in;
- else
-- if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size()))
-+ if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size()))
- state = SignError;
- }
- else if(state == VerifyActive)
-@@ -1361,7 +1429,7 @@ public:
- if (raw_type)
- raw += in;
- else
-- if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size()))
-+ if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size()))
- state = VerifyError;
- }
- }
-@@ -1374,17 +1442,20 @@ public:
- unsigned int len = out.size();
- if (raw_type)
- {
-- if (pkey->type == EVP_PKEY_RSA)
-+ int type = EVP_PKEY_id(pkey);
-+
-+ if (type == EVP_PKEY_RSA)
- {
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
- if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(),
-- (unsigned char *)out.data(), pkey->pkey.rsa,
-+ (unsigned char *)out.data(), rsa,
- RSA_PKCS1_PADDING) == -1) {
-
- state = SignError;
- return SecureArray ();
- }
- }
-- else if (pkey->type == EVP_PKEY_DSA)
-+ else if (type == EVP_PKEY_DSA)
- {
- state = SignError;
- return SecureArray ();
-@@ -1396,7 +1467,7 @@ public:
- }
- }
- else {
-- if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey))
-+ if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey))
- {
- state = SignError;
- return SecureArray();
-@@ -1419,16 +1490,19 @@ public:
- SecureArray out(EVP_PKEY_size(pkey));
- int len = 0;
-
-- if (pkey->type == EVP_PKEY_RSA) {
-+ int type = EVP_PKEY_id(pkey);
-+
-+ if (type == EVP_PKEY_RSA) {
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
- if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(),
-- (unsigned char *)out.data (), pkey->pkey.rsa,
-+ (unsigned char *)out.data (), rsa,
- RSA_PKCS1_PADDING)) == -1) {
-
- state = VerifyError;
- return false;
- }
- }
-- else if (pkey->type == EVP_PKEY_DSA)
-+ else if (type == EVP_PKEY_DSA)
- {
- state = VerifyError;
- return false;
-@@ -1448,7 +1522,7 @@ public:
- }
- else
- {
-- if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
-+ if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
- {
- state = VerifyError;
- return false;
-@@ -1562,9 +1636,11 @@ static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams
- return false;
- if(ret_counter != counter)
- return false;
-- params->p = bn2bi(dsa->p);
-- params->q = bn2bi(dsa->q);
-- params->g = bn2bi(dsa->g);
-+ const BIGNUM *bnp, *bnq, *bng;
-+ DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
-+ params->p = bn2bi(bnp);
-+ params->q = bn2bi(bnq);
-+ params->g = bn2bi(bng);
- DSA_free(dsa);
- return true;
- }
-@@ -1827,10 +1903,11 @@ public:
- return;
-
- // extract the public key into DER format
-- int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL);
-+ RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey);
-+ int len = i2d_RSAPublicKey(rsa_pkey, NULL);
- SecureArray result(len);
- unsigned char *p = (unsigned char *)result.data();
-- i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p);
-+ i2d_RSAPublicKey(rsa_pkey, &p);
- p = (unsigned char *)result.data();
-
- // put the DER public key back into openssl
-@@ -1853,7 +1930,7 @@ public:
-
- virtual int maximumEncryptSize(EncryptionAlgorithm alg) const
- {
-- RSA *rsa = evp.pkey->pkey.rsa;
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
- int size = 0;
- switch(alg)
- {
-@@ -1868,7 +1945,7 @@ public:
-
- virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg)
- {
-- RSA *rsa = evp.pkey->pkey.rsa;
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
- SecureArray buf = in;
- int max = maximumEncryptSize(alg);
-
-@@ -1901,7 +1978,7 @@ public:
-
- virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg)
- {
-- RSA *rsa = evp.pkey->pkey.rsa;
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
- SecureArray result(RSA_size(rsa));
- int pad;
-
-@@ -2022,14 +2099,10 @@ public:
- evp.reset();
-
- RSA *rsa = RSA_new();
-- rsa->n = bi2bn(n);
-- rsa->e = bi2bn(e);
-- rsa->p = bi2bn(p);
-- rsa->q = bi2bn(q);
-- rsa->d = bi2bn(d);
--
-- if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d)
-+ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0
-+ || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0)
- {
-+ // Free BIGNUMS?
- RSA_free(rsa);
- return;
- }
-@@ -2037,7 +2110,7 @@ public:
- // When private key has no Public Exponent (e) or Private Exponent (d)
- // need to disable blinding. Otherwise decryption will be broken.
- // http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html
-- if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d))
-+ if(e == BigInteger(0) || d == BigInteger(0))
- RSA_blinding_off(rsa);
-
- evp.pkey = EVP_PKEY_new();
-@@ -2050,10 +2123,7 @@ public:
- evp.reset();
-
- RSA *rsa = RSA_new();
-- rsa->n = bi2bn(n);
-- rsa->e = bi2bn(e);
--
-- if(!rsa->n || !rsa->e)
-+ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0)
- {
- RSA_free(rsa);
- return;
-@@ -2066,27 +2136,42 @@ public:
-
- virtual BigInteger n() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->n);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bnn;
-+ RSA_get0_key(rsa, &bnn, NULL, NULL);
-+ return bn2bi(bnn);
- }
-
- virtual BigInteger e() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bne;
-+ RSA_get0_key(rsa, NULL, &bne, NULL);
-+ return bn2bi(bne);
- }
-
- virtual BigInteger p() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->p);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bnp;
-+ RSA_get0_factors(rsa, &bnp, NULL);
-+ return bn2bi(bnp);
- }
-
- virtual BigInteger q() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->q);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bnq;
-+ RSA_get0_factors(rsa, NULL, &bnq);
-+ return bn2bi(bnq);
- }
-
- virtual BigInteger d() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->d);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bnd;
-+ RSA_get0_key(rsa, NULL, NULL, &bnd);
-+ return bn2bi(bnd);
- }
-
- private slots:
-@@ -2135,10 +2220,12 @@ public:
- virtual void run()
- {
- DSA *dsa = DSA_new();
-- dsa->p = bi2bn(domain.p());
-- dsa->q = bi2bn(domain.q());
-- dsa->g = bi2bn(domain.g());
-- if(!DSA_generate_key(dsa))
-+ BIGNUM *pne = bi2bn(domain.p()),
-+ *qne = bi2bn(domain.q()),
-+ *gne = bi2bn(domain.g());
-+
-+ if(!DSA_set0_pqg(dsa, pne, qne, gne)
-+ || !DSA_generate_key(dsa))
- {
- DSA_free(dsa);
- return;
-@@ -2213,10 +2300,11 @@ public:
- return;
-
- // extract the public key into DER format
-- int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL);
-+ DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey);
-+ int len = i2d_DSAPublicKey(dsa_pkey, NULL);
- SecureArray result(len);
- unsigned char *p = (unsigned char *)result.data();
-- i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p);
-+ i2d_DSAPublicKey(dsa_pkey, &p);
- p = (unsigned char *)result.data();
-
- // put the DER public key back into openssl
-@@ -2245,7 +2333,7 @@ public:
- else
- transformsig = false;
-
-- evp.startSign(EVP_dss1());
-+ evp.startSign(EVP_sha1());
- }
-
- virtual void startVerify(SignatureAlgorithm, SignatureFormat format)
-@@ -2256,7 +2344,7 @@ public:
- else
- transformsig = false;
-
-- evp.startVerify(EVP_dss1());
-+ evp.startVerify(EVP_sha1());
- }
-
- virtual void update(const MemoryRegion &in)
-@@ -2306,13 +2394,14 @@ public:
- evp.reset();
-
- DSA *dsa = DSA_new();
-- dsa->p = bi2bn(domain.p());
-- dsa->q = bi2bn(domain.q());
-- dsa->g = bi2bn(domain.g());
-- dsa->pub_key = bi2bn(y);
-- dsa->priv_key = bi2bn(x);
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bnq = bi2bn(domain.q());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ BIGNUM *bnpub_key = bi2bn(y);
-+ BIGNUM *bnpriv_key = bi2bn(x);
-
-- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key)
-+ if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
-+ || !DSA_set0_key(dsa, bnpub_key, bnpriv_key))
- {
- DSA_free(dsa);
- return;
-@@ -2328,12 +2417,13 @@ public:
- evp.reset();
-
- DSA *dsa = DSA_new();
-- dsa->p = bi2bn(domain.p());
-- dsa->q = bi2bn(domain.q());
-- dsa->g = bi2bn(domain.g());
-- dsa->pub_key = bi2bn(y);
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bnq = bi2bn(domain.q());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ BIGNUM *bnpub_key = bi2bn(y);
-
-- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key)
-+ if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
-+ || !DSA_set0_key(dsa, bnpub_key, NULL))
- {
- DSA_free(dsa);
- return;
-@@ -2346,17 +2436,26 @@ public:
-
- virtual DLGroup domain() const
- {
-- return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g));
-+ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
-+ const BIGNUM *bnp, *bnq, *bng;
-+ DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
-+ return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng));
- }
-
- virtual BigInteger y() const
- {
-- return bn2bi(evp.pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
-+ const BIGNUM *bnpub_key;
-+ DSA_get0_key(dsa, &bnpub_key, NULL);
-+ return bn2bi(bnpub_key);
- }
-
- virtual BigInteger x() const
- {
-- return bn2bi(evp.pkey->pkey.dsa->priv_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
-+ const BIGNUM *bnpriv_key;
-+ DSA_get0_key(dsa, NULL, &bnpriv_key);
-+ return bn2bi(bnpriv_key);
- }
-
- private slots:
-@@ -2405,9 +2504,10 @@ public:
- virtual void run()
- {
- DH *dh = DH_new();
-- dh->p = bi2bn(domain.p());
-- dh->g = bi2bn(domain.g());
-- if(!DH_generate_key(dh))
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ if(!DH_set0_pqg(dh, bnp, NULL, bng)
-+ || !DH_generate_key(dh))
- {
- DH_free(dh);
- return;
-@@ -2479,11 +2579,14 @@ public:
- if(!sec)
- return;
-
-- DH *orig = evp.pkey->pkey.dh;
-+ DH *orig = EVP_PKEY_get0_DH(evp.pkey);
- DH *dh = DH_new();
-- dh->p = BN_dup(orig->p);
-- dh->g = BN_dup(orig->g);
-- dh->pub_key = BN_dup(orig->pub_key);
-+ const BIGNUM *bnp, *bng, *bnpub_key;
-+ DH_get0_pqg(orig, &bnp, NULL, &bng);
-+ DH_get0_key(orig, &bnpub_key, NULL);
-+
-+ DH_set0_key(dh, BN_dup(bnpub_key), NULL);
-+ DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng));
-
- evp.reset();
-
-@@ -2499,10 +2602,13 @@ public:
-
- virtual SymmetricKey deriveKey(const PKeyBase &theirs)
- {
-- DH *dh = evp.pkey->pkey.dh;
-- DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh;
-+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+ DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey);
-+ const BIGNUM *bnpub_key;
-+ DH_get0_key(them, &bnpub_key, NULL);
-+
- SecureArray result(DH_size(dh));
-- int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh);
-+ int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh);
- if(ret <= 0)
- return SymmetricKey();
- result.resize(ret);
-@@ -2532,12 +2638,13 @@ public:
- evp.reset();
-
- DH *dh = DH_new();
-- dh->p = bi2bn(domain.p());
-- dh->g = bi2bn(domain.g());
-- dh->pub_key = bi2bn(y);
-- dh->priv_key = bi2bn(x);
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ BIGNUM *bnpub_key = bi2bn(y);
-+ BIGNUM *bnpriv_key = bi2bn(x);
-
-- if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key)
-+ if(!DH_set0_key(dh, bnpub_key, bnpriv_key)
-+ || !DH_set0_pqg(dh, bnp, NULL, bng))
- {
- DH_free(dh);
- return;
-@@ -2553,11 +2660,12 @@ public:
- evp.reset();
-
- DH *dh = DH_new();
-- dh->p = bi2bn(domain.p());
-- dh->g = bi2bn(domain.g());
-- dh->pub_key = bi2bn(y);
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ BIGNUM *bnpub_key = bi2bn(y);
-
-- if(!dh->p || !dh->g || !dh->pub_key)
-+ if(!DH_set0_key(dh, bnpub_key, NULL)
-+ || !DH_set0_pqg(dh, bnp, NULL, bng))
- {
- DH_free(dh);
- return;
-@@ -2570,17 +2678,26 @@ public:
-
- virtual DLGroup domain() const
- {
-- return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g));
-+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+ const BIGNUM *bnp, *bng;
-+ DH_get0_pqg(dh, &bnp, NULL, &bng);
-+ return DLGroup(bn2bi(bnp), bn2bi(bng));
- }
-
- virtual BigInteger y() const
- {
-- return bn2bi(evp.pkey->pkey.dh->pub_key);
-+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+ const BIGNUM *bnpub_key;
-+ DH_get0_key(dh, &bnpub_key, NULL);
-+ return bn2bi(bnpub_key);
- }
-
- virtual BigInteger x() const
- {
-- return bn2bi(evp.pkey->pkey.dh->priv_key);
-+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+ const BIGNUM *bnpriv_key;
-+ DH_get0_key(dh, NULL, &bnpriv_key);
-+ return bn2bi(bnpriv_key);
- }
-
- private slots:
-@@ -2619,10 +2736,14 @@ public:
- {
- key = _key;
- RSA_set_method(rsa, rsa_method());
-+#ifndef OSSL_110
- rsa->flags |= RSA_FLAG_SIGN_VER;
-+#endif
- RSA_set_app_data(rsa, this);
-- rsa->n = bi2bn(_key.n());
-- rsa->e = bi2bn(_key.e());
-+ BIGNUM *bnn = bi2bn(_key.n());
-+ BIGNUM *bne = bi2bn(_key.e());
-+
-+ RSA_set0_key(rsa, bnn, bne, NULL);
- }
-
- RSA_METHOD *rsa_method()
-@@ -2631,12 +2752,16 @@ public:
-
- if(!ops)
- {
-- ops = new RSA_METHOD(*RSA_get_default_method());
-- ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt;
-- ops->rsa_priv_dec = rsa_priv_dec;
-- ops->rsa_sign = rsa_sign;
-- ops->rsa_verify = 0;//pkcs11_rsa_verify;
-- ops->finish = rsa_finish;
-+ ops = RSA_meth_dup(RSA_get_default_method());
-+ RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt
-+ RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt
-+#ifdef OSSL_110
-+ RSA_meth_set_sign(ops, NULL);
-+#else
-+ RSA_meth_set_sign(ops, rsa_sign);
-+#endif
-+ RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
-+ RSA_meth_set_finish(ops, rsa_finish);
- }
- return ops;
- }
-@@ -2676,6 +2801,7 @@ public:
- return -1;
- }
-
-+#ifndef OSSL_110
- static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
- {
- QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa);
-@@ -2692,7 +2818,6 @@ public:
- }
- else
- {
--
- // make X509 packet
- X509_SIG sig;
- ASN1_TYPE parameter;
-@@ -2766,6 +2891,7 @@ public:
-
- return 1;
- }
-+#endif
-
- static int rsa_finish(RSA *rsa)
- {
-@@ -2867,21 +2993,22 @@ public:
- PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const
- {
- PKeyBase *nk = 0;
-- if(pkey->type == EVP_PKEY_RSA)
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+ if(pkey_type == EVP_PKEY_RSA)
- {
- RSAKey *c = new RSAKey(provider());
- c->evp.pkey = pkey;
- c->sec = sec;
- nk = c;
- }
-- else if(pkey->type == EVP_PKEY_DSA)
-+ else if(pkey_type == EVP_PKEY_DSA)
- {
- DSAKey *c = new DSAKey(provider());
- c->evp.pkey = pkey;
- c->sec = sec;
- nk = c;
- }
-- else if(pkey->type == EVP_PKEY_DH)
-+ else if(pkey_type == EVP_PKEY_DH)
- {
- DHKey *c = new DHKey(provider());
- c->evp.pkey = pkey;
-@@ -2899,8 +3026,10 @@ public:
- {
- EVP_PKEY *pkey = get_pkey();
-
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+
- // OpenSSL does not have DH import/export support
-- if(pkey->type == EVP_PKEY_DH)
-+ if(pkey_type == EVP_PKEY_DH)
- return QByteArray();
-
- BIO *bo = BIO_new(BIO_s_mem());
-@@ -2913,8 +3042,10 @@ public:
- {
- EVP_PKEY *pkey = get_pkey();
-
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+
- // OpenSSL does not have DH import/export support
-- if(pkey->type == EVP_PKEY_DH)
-+ if(pkey_type == EVP_PKEY_DH)
- return QString();
-
- BIO *bo = BIO_new(BIO_s_mem());
-@@ -2979,9 +3110,10 @@ public:
- return SecureArray();
-
- EVP_PKEY *pkey = get_pkey();
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-
- // OpenSSL does not have DH import/export support
-- if(pkey->type == EVP_PKEY_DH)
-+ if(pkey_type == EVP_PKEY_DH)
- return SecureArray();
-
- BIO *bo = BIO_new(BIO_s_mem());
-@@ -3008,9 +3140,10 @@ public:
- return QString();
-
- EVP_PKEY *pkey = get_pkey();
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-
- // OpenSSL does not have DH import/export support
-- if(pkey->type == EVP_PKEY_DH)
-+ if(pkey_type == EVP_PKEY_DH)
- return QString();
-
- BIO *bo = BIO_new(BIO_s_mem());
-@@ -3111,11 +3244,18 @@ public:
- crl = from.crl;
-
- if(cert)
-- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(cert);
- if(req)
-+ {
-+#ifdef OSSL_110
-+ // Not exposed, so copy
-+ req = X509_REQ_dup(req);
-+#else
- CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ);
-+#endif
-+ }
- if(crl)
-- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
-+ X509_CRL_up_ref(crl);
- }
-
- return *this;
-@@ -3221,7 +3361,7 @@ public:
- //
- // This code is mostly taken from OpenSSL v0.9.5a
- // by Eric Young
--QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt)
-+QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt)
- {
- QDateTime qdt;
- char *v;
-@@ -3319,7 +3459,7 @@ public:
-
- void fromX509(X509 *x)
- {
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- item.cert = x;
- make_props();
- }
-@@ -3350,7 +3490,7 @@ public:
- if(priv.key()->type() == PKey::RSA)
- md = EVP_sha1();
- else if(priv.key()->type() == PKey::DSA)
-- md = EVP_dss1();
-+ md = EVP_sha1();
- else
- return false;
-
-@@ -3481,7 +3621,7 @@ public:
-
- const MyCertContext *our_cc = this;
- X509 *x = our_cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(untrusted_list, x);
-
- const MyCertContext *other_cc = static_cast<const MyCertContext *>(other);
-@@ -3596,14 +3736,21 @@ public:
- p.policies = get_cert_policies(ex);
- }
-
-- if (x->signature)
-+#ifdef OSSL_110
-+ const
-+#endif
-+ ASN1_BIT_STRING *signature;
-+
-+ X509_get0_signature(&signature, NULL, x);
-+ if(signature)
- {
-- p.sig = QByteArray(x->signature->length, 0);
-- for (int i=0; i< x->signature->length; i++)
-- p.sig[i] = x->signature->data[i];
-+ p.sig = QByteArray(signature->length, 0);
-+ for (int i=0; i< signature->length; i++)
-+ p.sig[i] = signature->data[i];
- }
-
-- switch( OBJ_obj2nid(x->cert_info->signature->algorithm) )
-+
-+ switch( X509_get_signature_nid(x) )
- {
- case NID_sha1WithRSAEncryption:
- p.sigalgo = QCA::EMSA3_SHA1;
-@@ -3635,7 +3782,7 @@ public:
- p.sigalgo = QCA::EMSA3_SHA512;
- break;
- default:
-- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm);
-+ qDebug() << "Unknown signature value: " << X509_get_signature_nid(x);
- p.sigalgo = QCA::SignatureUnknown;
- }
-
-@@ -3752,7 +3899,7 @@ public:
- if(privateKey -> key()->type() == PKey::RSA)
- md = EVP_sha1();
- else if(privateKey -> key()->type() == PKey::DSA)
-- md = EVP_dss1();
-+ md = EVP_sha1();
- else
- return 0;
-
-@@ -3935,7 +4082,7 @@ public:
- if(priv.key()->type() == PKey::RSA)
- md = EVP_sha1();
- else if(priv.key()->type() == PKey::DSA)
-- md = EVP_dss1();
-+ md = EVP_sha1();
- else
- return false;
-
-@@ -4096,14 +4243,17 @@ public:
-
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
-- if (x->signature)
-+ const ASN1_BIT_STRING *signature;
-+
-+ X509_REQ_get0_signature(x, &signature, NULL);
-+ if(signature)
- {
-- p.sig = QByteArray(x->signature->length, 0);
-- for (int i=0; i< x->signature->length; i++)
-- p.sig[i] = x->signature->data[i];
-+ p.sig = QByteArray(signature->length, 0);
-+ for (int i=0; i< signature->length; i++)
-+ p.sig[i] = signature->data[i];
- }
-
-- switch( OBJ_obj2nid(x->sig_alg->algorithm) )
-+ switch( X509_REQ_get_signature_nid(x) )
- {
- case NID_sha1WithRSAEncryption:
- p.sigalgo = QCA::EMSA3_SHA1;
-@@ -4123,7 +4273,7 @@ public:
- p.sigalgo = QCA::EMSA1_SHA1;
- break;
- default:
-- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
-+ qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x);
- p.sigalgo = QCA::SignatureUnknown;
- }
-
-@@ -4187,7 +4337,7 @@ public:
-
- void fromX509(X509_CRL *x)
- {
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-+ X509_CRL_up_ref(x);
- item.crl = x;
- make_props();
- }
-@@ -4232,15 +4382,15 @@ public:
-
- issuer = get_cert_name(X509_CRL_get_issuer(x));
-
-- p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_lastUpdate(x), NULL);
-- p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_nextUpdate(x), NULL);
-+ p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_lastUpdate(x), NULL);
-+ p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_nextUpdate(x), NULL);
-
- STACK_OF(X509_REVOKED)* revokeStack = X509_CRL_get_REVOKED(x);
-
- for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) {
- X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i);
-- BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL));
-- QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL);
-+ BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL));
-+ QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL);
- QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified;
- int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1);
- if (pos != -1) {
-@@ -4289,13 +4439,18 @@ public:
- p.revoked.append(thisEntry);
- }
-
-- if (x->signature)
-+ const ASN1_BIT_STRING *signature;
-+
-+ X509_CRL_get0_signature(x, &signature, NULL);
-+ if(signature)
- {
-- p.sig = QByteArray(x->signature->length, 0);
-- for (int i=0; i< x->signature->length; i++)
-- p.sig[i] = x->signature->data[i];
-+ p.sig = QByteArray(signature->length, 0);
-+ for (int i=0; i< signature->length; i++)
-+ p.sig[i] = signature->data[i];
- }
-- switch( OBJ_obj2nid(x->sig_alg->algorithm) )
-+
-+
-+ switch( X509_CRL_get_signature_nid(x) )
- {
- case NID_sha1WithRSAEncryption:
- p.sigalgo = QCA::EMSA3_SHA1;
-@@ -4327,7 +4482,7 @@ public:
- p.sigalgo = QCA::EMSA3_SHA512;
- break;
- default:
-- qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
-+ qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x);
- p.sigalgo = QCA::SignatureUnknown;
- }
-
-@@ -4488,21 +4643,21 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
- {
- const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
- X509 *x = cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(trusted_list, x);
- }
- for(n = 0; n < untrusted.count(); ++n)
- {
- const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]);
- X509 *x = cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(untrusted_list, x);
- }
- for(n = 0; n < crls.count(); ++n)
- {
- const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
- X509_CRL *x = cc->item.crl;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-+ X509_CRL_up_ref(x);
- crl_list.append(x);
- }
-
-@@ -4527,7 +4682,7 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
- int ret = X509_verify_cert(ctx);
- int err = -1;
- if(!ret)
-- err = ctx->error;
-+ err = X509_STORE_CTX_get_error(ctx);
-
- // cleanup
- X509_STORE_CTX_free(ctx);
-@@ -4561,21 +4716,21 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
- {
- const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
- X509 *x = cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(trusted_list, x);
- }
- for(n = 1; n < chain.count(); ++n)
- {
- const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]);
- X509 *x = cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(untrusted_list, x);
- }
- for(n = 0; n < crls.count(); ++n)
- {
- const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
- X509_CRL *x = cc->item.crl;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-+ X509_CRL_up_ref(x);
- crl_list.append(x);
- }
-
-@@ -4600,7 +4755,7 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
- int ret = X509_verify_cert(ctx);
- int err = -1;
- if(!ret)
-- err = ctx->error;
-+ err = X509_STORE_CTX_get_error(ctx);
-
- // grab the chain, which may not be fully populated
- STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx);
-@@ -4664,7 +4819,7 @@ public:
- for(int n = 1; n < chain.count(); ++n)
- {
- X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(ca, x);
- }
- }
-@@ -5399,7 +5554,7 @@ public:
- OpenSSL_add_ssl_algorithms();
- SSL_CTX *ctx = 0;
- switch (version) {
--#ifndef OPENSSL_NO_SSL2
-+#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110)
- case TLS::SSL_v2:
- ctx = SSL_CTX_new(SSLv2_client_method());
- break;
-@@ -5430,8 +5585,8 @@ public:
- STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
- QStringList cipherList;
- for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
-- SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
-- cipherList += cipherIDtoString(version, thisCipher->id);
-+ const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
-+ cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher));
- }
-
- SSL_free(ssl);
-@@ -5808,13 +5963,15 @@ public:
- {
- SessionInfo sessInfo;
-
-- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
-+ SSL_SESSION *session = SSL_get0_session(ssl);
-+ sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session));
-+ int ssl_version = SSL_version(ssl);
-
-- if (ssl->version == TLS1_VERSION)
-+ if (ssl_version == TLS1_VERSION)
- sessInfo.version = TLS::TLS_v1;
-- else if (ssl->version == SSL3_VERSION)
-+ else if (ssl_version == SSL3_VERSION)
- sessInfo.version = TLS::SSL_v3;
-- else if (ssl->version == SSL2_VERSION)
-+ else if (ssl_version == SSL2_VERSION)
- sessInfo.version = TLS::SSL_v2;
- else {
- qDebug("unexpected version response");
-@@ -5822,7 +5979,7 @@ public:
- }
-
- sessInfo.cipherSuite = cipherIDtoString( sessInfo.version,
-- SSL_get_current_cipher(ssl)->id);
-+ SSL_CIPHER_get_id(SSL_get_current_cipher(ssl)));
-
- sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
-
-@@ -6394,7 +6551,7 @@ public:
- for(int n = 0; n < nonroots.count(); ++n)
- {
- X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(other_certs, x);
- }
-
-@@ -6436,7 +6593,7 @@ public:
-
- other_certs = sk_X509_new_null();
- X509 *x = static_cast<MyCertContext *>(target.context())->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(other_certs, x);
-
- bi = BIO_new(BIO_s_mem());
-@@ -6499,7 +6656,7 @@ public:
- for(int n = 0; n < untrusted_list.count(); ++n)
- {
- X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(other_certs, x);
- }
-
-@@ -6750,14 +6907,28 @@ public:
- opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type)
- {
- m_cryptoAlgorithm = algorithm;
-- EVP_CIPHER_CTX_init(&m_context);
-+ m_context = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_init(m_context);
- m_pad = pad;
- m_type = type;
- }
-
-+ opensslCipherContext(const opensslCipherContext &other)
-+ : CipherContext(other)
-+ {
-+ m_cryptoAlgorithm = other.m_cryptoAlgorithm;
-+ m_context = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_copy(m_context, other.m_context);
-+ m_direction = other.m_direction;
-+ m_pad = other.m_pad;
-+ m_type = other.m_type;
-+ m_tag = other.m_tag;
-+ }
-+
- ~opensslCipherContext()
- {
-- EVP_CIPHER_CTX_cleanup(&m_context);
-+ EVP_CIPHER_CTX_cleanup(m_context);
-+ EVP_CIPHER_CTX_free(m_context);
- }
-
- void setup(Direction dir,
-@@ -6772,28 +6943,28 @@ public:
- m_cryptoAlgorithm = EVP_des_ede();
- }
- if (Encode == m_direction) {
-- EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
-- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
-+ EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
-+ EVP_CIPHER_CTX_set_key_length(m_context, key.size());
- if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
- int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
-- EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
-+ EVP_CIPHER_CTX_ctrl(m_context, parameter, iv.size(), NULL);
- }
-- EVP_EncryptInit_ex(&m_context, 0, 0,
-+ EVP_EncryptInit_ex(m_context, 0, 0,
- (const unsigned char*)(key.data()),
- (const unsigned char*)(iv.data()));
- } else {
-- EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
-- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
-+ EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
-+ EVP_CIPHER_CTX_set_key_length(m_context, key.size());
- if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
- int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
-- EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
-+ EVP_CIPHER_CTX_ctrl(m_context, parameter, iv.size(), NULL);
- }
-- EVP_DecryptInit_ex(&m_context, 0, 0,
-+ EVP_DecryptInit_ex(m_context, 0, 0,
- (const unsigned char*)(key.data()),
- (const unsigned char*)(iv.data()));
- }
-
-- EVP_CIPHER_CTX_set_padding(&m_context, m_pad);
-+ EVP_CIPHER_CTX_set_padding(m_context, m_pad);
- }
-
- Provider::Context *clone() const
-@@ -6803,7 +6974,7 @@ public:
-
- int blockSize() const
- {
-- return EVP_CIPHER_CTX_block_size(&m_context);
-+ return EVP_CIPHER_CTX_block_size(m_context);
- }
-
- AuthTag tag() const
-@@ -6821,7 +6992,7 @@ public:
- out->resize(in.size()+blockSize());
- int resultLength;
- if (Encode == m_direction) {
-- if (0 == EVP_EncryptUpdate(&m_context,
-+ if (0 == EVP_EncryptUpdate(m_context,
- (unsigned char*)out->data(),
- &resultLength,
- (unsigned char*)in.data(),
-@@ -6829,7 +7000,7 @@ public:
- return false;
- }
- } else {
-- if (0 == EVP_DecryptUpdate(&m_context,
-+ if (0 == EVP_DecryptUpdate(m_context,
- (unsigned char*)out->data(),
- &resultLength,
- (unsigned char*)in.data(),
-@@ -6846,25 +7017,25 @@ public:
- out->resize(blockSize());
- int resultLength;
- if (Encode == m_direction) {
-- if (0 == EVP_EncryptFinal_ex(&m_context,
-+ if (0 == EVP_EncryptFinal_ex(m_context,
- (unsigned char*)out->data(),
- &resultLength)) {
- return false;
- }
- if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
- int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_GET_TAG : EVP_CTRL_CCM_GET_TAG;
-- if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) {
-+ if (0 == EVP_CIPHER_CTX_ctrl(m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) {
- return false;
- }
- }
- } else {
- if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
- int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_TAG : EVP_CTRL_CCM_SET_TAG;
-- if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), m_tag.data())) {
-+ if (0 == EVP_CIPHER_CTX_ctrl(m_context, parameter, m_tag.size(), m_tag.data())) {
- return false;
- }
- }
-- if (0 == EVP_DecryptFinal_ex(&m_context,
-+ if (0 == EVP_DecryptFinal_ex(m_context,
- (unsigned char*)out->data(),
- &resultLength)) {
- return false;
-@@ -6899,7 +7070,7 @@ public:
-
-
- protected:
-- EVP_CIPHER_CTX m_context;
-+ EVP_CIPHER_CTX *m_context;
- const EVP_CIPHER *m_cryptoAlgorithm;
- Direction m_direction;
- int m_pad;
-
projects / packages / qca.git / commitdiff