]> git.pld-linux.org Git - packages/qca.git/blame - openssl.patch
projects / packages / qca.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- rel 4; Qt5 needs c++11
[packages/qca.git] / openssl.patch
CommitLineData
d625c23e
AM		 1commit 57878ff44f9bb41155dea425949d344b87652aeb
2Author: Ivan Romanov <drizt@land.ru>
3Date: Wed Aug 10 12:16:46 2016 +0500
4
5 Add support for AES GCM and AES CCM modes
6
7 Only qca-openssl now can use GCM and CCM. CCM is not tested and
8 planed for future.
9
10diff --git a/include/QtCrypto/qca_basic.h b/include/QtCrypto/qca_basic.h
11index c36a2bd..3806c29 100644
12--- a/include/QtCrypto/qca_basic.h
13+++ b/include/QtCrypto/qca_basic.h
14@@ -2,6 +2,7 @@
15 * qca_basic.h - Qt Cryptographic Architecture
16 * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
17 * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net>
18+ * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
19 *
20 * This library is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU Lesser General Public
22@@ -583,6 +584,7 @@ private:
23
24 \ingroup UserAPI
25 */
26+
27 class QCA_EXPORT Cipher : public Algorithm, public Filter
28 {
29 public:
30@@ -599,7 +601,9 @@ public:
31 CFB, ///< operate in %Cipher FeedBack mode
32 ECB, ///< operate in Electronic Code Book mode
33 OFB, ///< operate in Output FeedBack Mode
34- CTR ///< operate in CounTer Mode
35+ CTR, ///< operate in CounTer Mode
36+ GCM, ///< operate in Galois Counter Mode
37+ CCM ///< operate in Counter with CBC-MAC
38 };
39
40 /**
41@@ -636,6 +640,28 @@ public:
42 const InitializationVector &iv = InitializationVector(),
43 const QString &provider = QString());
44
45+ /**
46+ Standard constructor
47+
48+ \param type the name of the cipher specialisation to use (e.g.
49+ "aes128")
50+ \param mode the operating Mode to use (e.g. QCA::Cipher::CBC)
51+ \param pad the type of Padding to use
52+ \param dir the Direction that this Cipher should use (Encode for
53+ encryption, Decode for decryption)
54+ \param key the SymmetricKey array that is the key
55+ \param iv the InitializationVector to use (not used for ECB mode)
56+ \param tag the AuthTag to use (only for GCM and CCM modes)
57+ \param provider the name of the Provider to use
58+
59+ \note Padding only applies to CBC and ECB modes. CFB and OFB
60+ ciphertext is always the length of the plaintext.
61+ */
62+ Cipher(const QString &type, Mode mode, Padding pad,
63+ Direction dir, const SymmetricKey &key,
64+ const InitializationVector &iv, const AuthTag &tag,
65+ const QString &provider = QString());
66+
67 /**
68 Standard copy constructor
69
70@@ -699,6 +725,11 @@ public:
71 */
72 int blockSize() const;
73
74+ /**
75+ return the authentication tag for the cipher object
76+ */
77+ AuthTag tag() const;
78+
79 /**
80 reset the cipher object, to allow re-use
81 */
82@@ -741,6 +772,22 @@ public:
83 */
84 void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv = InitializationVector());
85
86+ /**
87+ Reset / reconfigure the Cipher
88+
89+ You can use this to re-use an existing Cipher, rather than creating
90+ a new object with a slightly different configuration.
91+
92+ \param dir the Direction that this Cipher should use (Encode for
93+ encryption, Decode for decryption)
94+ \param key the SymmetricKey array that is the key
95+ \param iv the InitializationVector to use (not used for ECB Mode)
96+ \param tag the AuthTag to use (only for GCM and CCM modes)
97+
98+ \note You should not leave iv empty for any Mode except ECB.
99+ */
100+ void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag);
101+
102 /**
103 Construct a Cipher type string
104
105@@ -751,7 +798,6 @@ public:
106 QCA::PCKS7)
107 */
108 static QString withAlgorithms(const QString &cipherType, Mode modeType, Padding paddingType);
109-
110 private:
111 class Private;
112 Private *d;
113diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h
114index beda5b1..f5c4601 100644
115--- a/include/QtCrypto/qca_core.h
116+++ b/include/QtCrypto/qca_core.h
117@@ -2,6 +2,7 @@
118 * qca_core.h - Qt Cryptographic Architecture
119 * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
120 * Copyright (C) 2004,2005 Brad Hards <bradh@frogmouth.net>
121+ * Copyright (C) 2014-2016 Ivan Romanov <drizt@land.ru>
122 *
123 * This library is free software; you can redistribute it and/or
124 * modify it under the terms of the GNU Lesser General Public
125@@ -1294,6 +1295,43 @@ public:
126 InitializationVector(const QByteArray &a);
127 };
128
129+/**
130+ \class AuthTag qca_core.h QtCrypto
131+
132+ Container for authentication tag
133+
134+ \ingroup UserAPI
135+*/
136+class QCA_EXPORT AuthTag : public SecureArray
137+{
138+public:
139+ /**
140+ Construct an empty authentication tag
141+ */
142+ AuthTag();
143+
144+ /**
145+ Construct an empty authentication tag of the specified size
146+
147+ \param size the length of the authentication tag, in bytes
148+ */
149+ AuthTag(int size);
150+
151+ /**
152+ Construct an authentication tag from a provided byte array
153+
154+ \param a the byte array to copy
155+ */
156+ AuthTag(const SecureArray &a);
157+
158+ /**
159+ Construct an authentication tag from a provided byte array
160+
161+ \param a the byte array to copy
162+ */
163+ AuthTag(const QByteArray &a);
164+};
165+
166 /**
167 \class Event qca_core.h QtCrypto
168
169diff --git a/include/QtCrypto/qcaprovider.h b/include/QtCrypto/qcaprovider.h
170index c8ddff4..d4b54f9 100644
171--- a/include/QtCrypto/qcaprovider.h
172+++ b/include/QtCrypto/qcaprovider.h
173@@ -234,8 +234,9 @@ public:
174 \param dir the direction for the cipher (encryption/decryption)
175 \param key the symmetric key to use for the cipher
176 \param iv the initialization vector to use for the cipher (not used in ECB mode)
177+ \param tag the AuthTag to use (only for GCM and CCM modes)
178 */
179- virtual void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv) = 0;
180+ virtual void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag) = 0;
181
182 /**
183 Returns the KeyLength for this cipher
184@@ -247,6 +248,11 @@ public:
185 */
186 virtual int blockSize() const = 0;
187
188+ /**
189+ Returns the authentication tag for this cipher
190+ */
191+ virtual AuthTag tag() const = 0;
192+
193 /**
194 Process a chunk of data. Returns true if successful.
195
196diff --git a/plugins/qca-botan/qca-botan.cpp b/plugins/qca-botan/qca-botan.cpp
197index 1cc984a..f387575 100644
198--- a/plugins/qca-botan/qca-botan.cpp
199+++ b/plugins/qca-botan/qca-botan.cpp
200@@ -263,8 +263,10 @@ public:
201
202 void setup(QCA::Direction dir,
203 const QCA::SymmetricKey &key,
204- const QCA::InitializationVector &iv)
205+ const QCA::InitializationVector &iv,
206+ const QCA::AuthTag &tag)
207 {
208+ Q_UNUSED(tag);
209 try {
210 m_dir = dir;
211 Botan::SymmetricKey keyCopy((Botan::byte*)key.data(), key.size());
212@@ -305,6 +307,12 @@ public:
213 return Botan::block_size_of(m_algoName);
214 }
215
216+ QCA::AuthTag tag() const
217+ {
218+ // For future implementation
219+ return QCA::AuthTag();
220+ }
221+
222 bool update(const QCA::SecureArray &in, QCA::SecureArray *out)
223 {
224 m_crypter->write((Botan::byte*)in.data(), in.size());
225diff --git a/plugins/qca-gcrypt/qca-gcrypt.cpp b/plugins/qca-gcrypt/qca-gcrypt.cpp
226index 72f05a1..780fcdd 100644
227--- a/plugins/qca-gcrypt/qca-gcrypt.cpp
228+++ b/plugins/qca-gcrypt/qca-gcrypt.cpp
229@@ -163,8 +163,10 @@ public:
230
231 void setup(QCA::Direction dir,
232 const QCA::SymmetricKey &key,
233- const QCA::InitializationVector &iv)
234+ const QCA::InitializationVector &iv,
235+ const QCA::AuthTag &tag)
236 {
237+ Q_UNUSED(tag);
238 m_direction = dir;
239 err = gcry_cipher_open( &context, m_cryptoAlgorithm, m_mode, 0 );
240 check_error( "gcry_cipher_open", err );
241@@ -195,6 +197,12 @@ public:
242 return blockSize;
243 }
244
245+ QCA::AuthTag tag() const
246+ {
247+ // For future implementation
248+ return QCA::AuthTag();
249+ }
250+
251 bool update(const QCA::SecureArray &in, QCA::SecureArray *out)
252 {
253 QCA::SecureArray result( in.size() );
254diff --git a/plugins/qca-nss/qca-nss.cpp b/plugins/qca-nss/qca-nss.cpp
255index f4fdef3..db01eb0 100644
256--- a/plugins/qca-nss/qca-nss.cpp
257+++ b/plugins/qca-nss/qca-nss.cpp
258@@ -304,10 +304,12 @@ public:
259 {
260 }
261
262- void setup( QCA::Direction dir,
263- const QCA::SymmetricKey &key,
264- const QCA::InitializationVector &iv )
265+ void setup(QCA::Direction dir,
266+ const QCA::SymmetricKey &key,
267+ const QCA::InitializationVector &iv,
268+ const QCA::AuthTag &tag)
269 {
270+ Q_UNUSED(tag);
271 /* Get a slot to use for the crypto operations */
272 m_slot = PK11_GetBestSlot( m_cipherMechanism, NULL );
273 if (!m_slot)
274@@ -365,6 +367,12 @@ public:
275 return PK11_GetBlockSize( m_cipherMechanism, m_params);
276 }
277
278+ QCA::AuthTag tag() const
279+ {
280+ // For future implementation
281+ return QCA::AuthTag();
282+ }
283+
284 bool update( const QCA::SecureArray &in, QCA::SecureArray *out )
285 {
286 out->resize(in.size()+blockSize());
287diff --git a/plugins/qca-ossl/CMakeLists.txt b/plugins/qca-ossl/CMakeLists.txt
288index cdeaeca..d87bc5a 100644
289--- a/plugins/qca-ossl/CMakeLists.txt
290+++ b/plugins/qca-ossl/CMakeLists.txt
291@@ -25,6 +25,20 @@ if(OPENSSL_FOUND)
292 message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support")
293 endif(HAVE_OPENSSL_AES_CTR)
294
295+ check_function_exists(EVP_aes_128_gcm HAVE_OPENSSL_AES_GCM)
296+ if(HAVE_OPENSSL_AES_GCM)
297+ add_definitions(-DHAVE_OPENSSL_AES_GCM)
298+ else()
299+ message(WARNING "qca-ossl will be compiled without AES GCM mode encryption support")
300+ endif()
301+
302+ check_function_exists(EVP_aes_128_ccm HAVE_OPENSSL_AES_CCM)
303+ if(HAVE_OPENSSL_AES_CCM)
304+ add_definitions(-DHAVE_OPENSSL_AES_CCM)
305+ else()
306+ message(WARNING "qca-ossl will be compiled without AES CCM mode encryption support")
307+ endif()
308+
309 check_function_exists(EVP_sha HAVE_OPENSSL_SHA0)
310 if(HAVE_OPENSSL_SHA0)
311 add_definitions(-DHAVE_OPENSSL_SHA0)
312diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
313index f0b9431..a507604 100644
314--- a/plugins/qca-ossl/qca-ossl.cpp
315+++ b/plugins/qca-ossl/qca-ossl.cpp
316@@ -1,6 +1,7 @@
317 /*
318 * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com>
319 * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
320+ * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
321 *
322 * This library is free software; you can redistribute it and/or
323 * modify it under the terms of the GNU Lesser General Public
324@@ -6761,8 +6762,10 @@ public:
325
326 void setup(Direction dir,
327 const SymmetricKey &key,
328- const InitializationVector &iv)
329+ const InitializationVector &iv,
330+ const AuthTag &tag)
331 {
332+ m_tag = tag;
333 m_direction = dir;
334 if ( ( m_cryptoAlgorithm == EVP_des_ede3() ) && (key.size() == 16) ) {
335 // this is really a two key version of triple DES.
336@@ -6771,12 +6774,20 @@ public:
337 if (Encode == m_direction) {
338 EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
339 EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
340+ if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
341+ int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
342+ EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
343+ }
344 EVP_EncryptInit_ex(&m_context, 0, 0,
345 (const unsigned char*)(key.data()),
346 (const unsigned char*)(iv.data()));
347 } else {
348 EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
349 EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
350+ if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
351+ int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
352+ EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
353+ }
354 EVP_DecryptInit_ex(&m_context, 0, 0,
355 (const unsigned char*)(key.data()),
356 (const unsigned char*)(iv.data()));
357@@ -6795,6 +6806,11 @@ public:
358 return EVP_CIPHER_CTX_block_size(&m_context);
359 }
360
361+ AuthTag tag() const
362+ {
363+ return m_tag;
364+ }
365+
366 bool update(const SecureArray &in, SecureArray *out)
367 {
368 // This works around a problem in OpenSSL, where it asserts if
369@@ -6835,7 +6851,19 @@ public:
370 &resultLength)) {
371 return false;
372 }
373+ if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
374+ int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_GET_TAG : EVP_CTRL_CCM_GET_TAG;
375+ if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) {
376+ return false;
377+ }
378+ }
379 } else {
380+ if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
381+ int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_TAG : EVP_CTRL_CCM_SET_TAG;
382+ if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), m_tag.data())) {
383+ return false;
384+ }
385+ }
386 if (0 == EVP_DecryptFinal_ex(&m_context,
387 (unsigned char*)out->data(),
388 &resultLength)) {
389@@ -6876,6 +6904,7 @@ protected:
390 Direction m_direction;
391 int m_pad;
392 QString m_type;
393+ AuthTag m_tag;
394 };
395
396 static QStringList all_hash_types()
397@@ -6921,6 +6950,12 @@ static QStringList all_cipher_types()
398 list += "aes128-ofb";
399 #ifdef HAVE_OPENSSL_AES_CTR
400 list += "aes128-ctr";
401+#endif
402+#ifdef HAVE_OPENSSL_AES_GCM
403+ list += "aes128-gcm";
404+#endif
405+#ifdef HAVE_OPENSSL_AES_CCM
406+ list += "aes128-ccm";
407 #endif
408 list += "aes192-ecb";
409 list += "aes192-cfb";
410@@ -6929,6 +6964,12 @@ static QStringList all_cipher_types()
411 list += "aes192-ofb";
412 #ifdef HAVE_OPENSSL_AES_CTR
413 list += "aes192-ctr";
414+#endif
415+#ifdef HAVE_OPENSSL_AES_GCM
416+ list += "aes192-gcm";
417+#endif
418+#ifdef HAVE_OPENSSL_AES_CCM
419+ list += "aes192-ccm";
420 #endif
421 list += "aes256-ecb";
422 list += "aes256-cbc";
423@@ -6937,6 +6978,12 @@ static QStringList all_cipher_types()
424 list += "aes256-ofb";
425 #ifdef HAVE_OPENSSL_AES_CTR
426 list += "aes256-ctr";
427+#endif
428+#ifdef HAVE_OPENSSL_AES_GCM
429+ list += "aes256-gcm";
430+#endif
431+#ifdef HAVE_OPENSSL_AES_CCM
432+ list += "aes256-ccm";
433 #endif
434 list += "blowfish-ecb";
435 list += "blowfish-cbc-pkcs7";
436@@ -7216,6 +7263,14 @@ public:
437 #ifdef HAVE_OPENSSL_AES_CTR
438 else if ( type == "aes128-ctr" )
439 return new opensslCipherContext( EVP_aes_128_ctr(), 0, this, type);
440+#endif
441+#ifdef HAVE_OPENSSL_AES_GCM
442+ else if ( type == "aes128-gcm" )
443+ return new opensslCipherContext( EVP_aes_128_gcm(), 0, this, type);
444+#endif
445+#ifdef HAVE_OPENSSL_AES_CCM
446+ else if ( type == "aes128-ccm" )
447+ return new opensslCipherContext( EVP_aes_128_ccm(), 0, this, type);
448 #endif
449 else if ( type == "aes192-ecb" )
450 return new opensslCipherContext( EVP_aes_192_ecb(), 0, this, type);
451@@ -7230,6 +7285,14 @@ public:
452 #ifdef HAVE_OPENSSL_AES_CTR
453 else if ( type == "aes192-ctr" )
454 return new opensslCipherContext( EVP_aes_192_ctr(), 0, this, type);
455+#endif
456+#ifdef HAVE_OPENSSL_AES_GCM
457+ else if ( type == "aes192-gcm" )
458+ return new opensslCipherContext( EVP_aes_192_gcm(), 0, this, type);
459+#endif
460+#ifdef HAVE_OPENSSL_AES_CCM
461+ else if ( type == "aes192-ccm" )
462+ return new opensslCipherContext( EVP_aes_192_ccm(), 0, this, type);
463 #endif
464 else if ( type == "aes256-ecb" )
465 return new opensslCipherContext( EVP_aes_256_ecb(), 0, this, type);
466@@ -7244,6 +7307,14 @@ public:
467 #ifdef HAVE_OPENSSL_AES_CTR
468 else if ( type == "aes256-ctr" )
469 return new opensslCipherContext( EVP_aes_256_ctr(), 0, this, type);
470+#endif
471+#ifdef HAVE_OPENSSL_AES_GCM
472+ else if ( type == "aes256-gcm" )
473+ return new opensslCipherContext( EVP_aes_256_gcm(), 0, this, type);
474+#endif
475+#ifdef HAVE_OPENSSL_AES_CCM
476+ else if ( type == "aes256-ccm" )
477+ return new opensslCipherContext( EVP_aes_256_ccm(), 0, this, type);
478 #endif
479 else if ( type == "blowfish-ecb" )
480 return new opensslCipherContext( EVP_bf_ecb(), 0, this, type);
481diff --git a/src/qca_basic.cpp b/src/qca_basic.cpp
482index 89bf966..c2e10e1 100644
483--- a/src/qca_basic.cpp
484+++ b/src/qca_basic.cpp
485@@ -262,6 +262,7 @@ public:
486 Direction dir;
487 SymmetricKey key;
488 InitializationVector iv;
489+ AuthTag tag;
490
491 bool ok, done;
492 };
493@@ -280,6 +281,19 @@ Cipher::Cipher(const QString &type, Mode mode, Padding pad,
494 setup(dir, key, iv);
495 }
496
497+Cipher::Cipher(const QString &type, Cipher::Mode mode, Cipher::Padding pad, Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag, const QString &provider)
498+ : Algorithm(withAlgorithms(type, mode, pad), provider)
499+{
500+ d = new Private;
501+ d->type = type;
502+ d->mode = mode;
503+ d->pad = pad;
504+ d->tag = tag;
505+ if(!key.isEmpty())
506+ setup(dir, key, iv, tag);
507+}
508+
509+
510 Cipher::Cipher(const Cipher &from)
511 :Algorithm(from), Filter(from)
512 {
513@@ -339,10 +353,15 @@ int Cipher::blockSize() const
514 return static_cast<const CipherContext *>(context())->blockSize();
515 }
516
517+AuthTag Cipher::tag() const
518+{
519+ return static_cast<const CipherContext *>(context())->tag();
520+}
521+
522 void Cipher::clear()
523 {
524 d->done = false;
525- static_cast<CipherContext *>(context())->setup(d->dir, d->key, d->iv);
526+ static_cast<CipherContext *>(context())->setup(d->dir, d->key, d->iv, d->tag);
527 }
528
529 MemoryRegion Cipher::update(const MemoryRegion &a)
530@@ -370,10 +389,16 @@ bool Cipher::ok() const
531 }
532
533 void Cipher::setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv)
534+{
535+ setup(dir, key, iv, AuthTag());
536+}
537+
538+void Cipher::setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag)
539 {
540 d->dir = dir;
541 d->key = key;
542 d->iv = iv;
543+ d->tag = tag;
544 clear();
545 }
546
547@@ -396,6 +421,12 @@ QString Cipher::withAlgorithms(const QString &cipherType, Mode modeType, Padding
548 case CTR:
549 mode = "ctr";
550 break;
551+ case GCM:
552+ mode = "gcm";
553+ break;
554+ case CCM:
555+ mode = "ccm";
556+ break;
557 default:
558 Q_ASSERT(0);
559 }
560diff --git a/src/qca_core.cpp b/src/qca_core.cpp
561index 15ee385..48460ce 100644
562--- a/src/qca_core.cpp
563+++ b/src/qca_core.cpp
564@@ -1,6 +1,7 @@
565 /*
566 * Copyright (C) 2003-2008 Justin Karneges <justin@affinix.com>
567 * Copyright (C) 2004,2005 Brad Hards <bradh@frogmouth.net>
568+ * Copyright (C) 2014-2016 Ivan Romanov <drizt@land.ru>
569 *
570 * This library is free software; you can redistribute it and/or
571 * modify it under the terms of the GNU Lesser General Public
572@@ -1510,6 +1511,28 @@ InitializationVector::InitializationVector(const QByteArray &a)
573 set(SecureArray(a));
574 }
575
576+//----------------------------------------------------------------------------
577+// AuthTag
578+//----------------------------------------------------------------------------
579+AuthTag::AuthTag()
580+{
581+}
582+
583+AuthTag::AuthTag(int size)
584+{
585+ resize(size);
586+}
587+
588+AuthTag::AuthTag(const SecureArray &a)
589+{
590+ set(a);
591+}
592+
593+AuthTag::AuthTag(const QByteArray &a)
594+{
595+ set(SecureArray(a));
596+}
597+
598 //----------------------------------------------------------------------------
599 // Event
600 //----------------------------------------------------------------------------
601diff --git a/unittest/cipherunittest/CMakeLists.txt b/unittest/cipherunittest/CMakeLists.txt
602index 858f56a..a6c775d 100644
603--- a/unittest/cipherunittest/CMakeLists.txt
604+++ b/unittest/cipherunittest/CMakeLists.txt
605@@ -5,7 +5,7 @@ set(cipherunittest_bin_SRCS cipherunittest.cpp)
606
607 qt4_wrap_cpp(EXTRA_SRCS cipherunittest.h)
608
609-add_executable(cipherunittest ${cipherunittest_bin_SRCS} ${EXTRA_SRCS})
610+add_executable(cipherunittest ${cipherunittest_bin_SRCS} ${EXTRA_SRCS} ${cipherunittest_bin_HDRS})
611
612 target_link_qca_test_libraries(cipherunittest)
613
614diff --git a/unittest/cipherunittest/cipherunittest.cpp b/unittest/cipherunittest/cipherunittest.cpp
615index 3492caf..2f321fa 100644
616--- a/unittest/cipherunittest/cipherunittest.cpp
617+++ b/unittest/cipherunittest/cipherunittest.cpp
618@@ -1,5 +1,6 @@
619 /**
620 * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net>
621+ * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
622 *
623 * Redistribution and use in source and binary forms, with or without
624 * modification, are permitted provided that the following conditions
625@@ -496,6 +497,103 @@ void CipherUnitTest::aes128_ctr()
626 }
627 }
628
629+void CipherUnitTest::aes128_gcm_data()
630+{
631+ QTest::addColumn<QString>("plainText");
632+ QTest::addColumn<QString>("payload");
633+ QTest::addColumn<QString>("tag");
634+ QTest::addColumn<QString>("keyText");
635+ QTest::addColumn<QString>("ivText");
636+
637+ QTest::newRow("short") << QString("6f6820526f6d656d6f21")
638+ << QString("a9f2558b9a74e6fc551f")
639+ << QString("f8ebf75f108c6f74e6fe49035d268d43")
640+ << QString("1f491f8ddf4856ae4bff9039d418175a")
641+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
642+
643+ QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930")
644+ << QString("04e321a8870b6b9cd6846239c27a63fb41d0a7b8994f1514c066f0427fa9ed6707ea6e3b4f161fdff0eb5fc087ed3827b569cd72456c697b5a3a62c9e767")
645+ << QString("b0ad4aa545ea25fc3117cbed955ff155")
646+ << QString("56341f2b431d3b0dbad787db003f2215")
647+ << QString("bfcd3a7252f7f199bf788df8cf61032a");
648+
649+
650+ QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21")
651+ << QString("a9f2558b9a74e6fc551f")
652+ << QString("f8ebf75f108c6f74e6fe49035d268d44")
653+ << QString("1f491f8ddf4856ae4bff9039d418175a")
654+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
655+}
656+
657+void CipherUnitTest::aes128_gcm()
658+{
659+ QStringList providersToTest;
660+ providersToTest.append("qca-ossl");
661+ providersToTest.append("qca-gcrypt");
662+ providersToTest.append("qca-botan");
663+ providersToTest.append("qca-nss");
664+
665+ foreach (const QString &provider, providersToTest) {
666+ if (!QCA::isSupported( "aes128-gcm", provider))
667+ QWARN(QString("AES128 GCM not supported for " + provider).toLocal8Bit());
668+ else {
669+ QFETCH(QString, plainText);
670+ QFETCH(QString, payload);
671+ QFETCH(QString, tag);
672+ QFETCH(QString, keyText);
673+ QFETCH(QString, ivText);
674+
675+ QCA::SymmetricKey key(QCA::hexToArray(keyText));
676+ QCA::InitializationVector iv(QCA::hexToArray(ivText));
677+ QCA::AuthTag authTag(16);
678+ QCA::Cipher forwardCipher(QString("aes128"),
679+ QCA::Cipher::GCM,
680+ QCA::Cipher::NoPadding,
681+ QCA::Encode,
682+ key,
683+ iv,
684+ authTag,
685+ provider);
686+ QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray());
687+ QVERIFY(forwardCipher.ok());
688+ update += QCA::arrayToHex(forwardCipher.final().toByteArray());
689+ authTag = forwardCipher.tag();
690+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
691+ QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag);
692+ QCOMPARE(update, payload);
693+ QVERIFY(forwardCipher.ok());
694+
695+ QCA::Cipher reverseCipher(QString( "aes128"),
696+ QCA::Cipher::GCM,
697+ QCA::Cipher::NoPadding,
698+ QCA::Decode,
699+ key,
700+ iv,
701+ QCA::AuthTag(QCA::hexToArray(tag)),
702+ provider);
703+
704+ update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray());
705+ QVERIFY(reverseCipher.ok());
706+ QCOMPARE(update, plainText.left(update.size()));
707+ update += QCA::arrayToHex(reverseCipher.final().toByteArray());
708+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
709+ QCOMPARE(update, plainText);
710+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
711+ QVERIFY(reverseCipher.ok());
712+ }
713+ }
714+}
715+
716+void CipherUnitTest::aes128_ccm_data()
717+{
718+
719+}
720+
721+void CipherUnitTest::aes128_ccm()
722+{
723+ // For future implementation
724+}
725+
726 void CipherUnitTest::aes192_data()
727 {
728 QTest::addColumn<QString>("plainText");
729@@ -950,6 +1048,104 @@ void CipherUnitTest::aes192_ctr()
730 }
731 }
732
733+void CipherUnitTest::aes192_gcm_data()
734+{
735+ QTest::addColumn<QString>("plainText");
736+ QTest::addColumn<QString>("payload");
737+ QTest::addColumn<QString>("tag");
738+ QTest::addColumn<QString>("keyText");
739+ QTest::addColumn<QString>("ivText");
740+
741+ QTest::newRow("short") << QString("6f6820526f6d656d6f21")
742+ << QString("01ca25ff74121917f397")
743+ << QString("b90e97706d8eacbabc0be5e0a671b4e4")
744+ << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82")
745+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
746+
747+ QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930")
748+ << QString("4c1c5874877f0bee6efd450ec341b1c591e1e100da40bd4744e1035ed0ed0fb458f8efdb7c4b0b2101e29c950c56dc2489c2febec2d7062da28b9a033173")
749+ << QString("af3ea1b7f275ea1e4d4e1fdce63f83fe")
750+ << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82")
751+ << QString("bfcd3a7252f7f199bf788df8cf61032a");
752+
753+
754+ QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21")
755+ << QString("773c3d06b94727c04afc")
756+ << QString("c558aca7f19050db49d94d99119277af")
757+ << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82")
758+ << QString("bfcd3a7252f7f199bf788df8cf61032a");
759+}
760+
761+void CipherUnitTest::aes192_gcm()
762+{
763+ QStringList providersToTest;
764+ providersToTest.append("qca-ossl");
765+ providersToTest.append("qca-gcrypt");
766+ providersToTest.append("qca-botan");
767+ providersToTest.append("qca-nss");
768+
769+ foreach (const QString &provider, providersToTest) {
770+ if (!QCA::isSupported( "aes192-gcm", provider))
771+ QWARN(QString("AES128 GCM not supported for " + provider).toLocal8Bit());
772+ else {
773+ QFETCH(QString, plainText);
774+ QFETCH(QString, payload);
775+ QFETCH(QString, tag);
776+ QFETCH(QString, keyText);
777+ QFETCH(QString, ivText);
778+
779+ QCA::SymmetricKey key(QCA::hexToArray(keyText));
780+ QCA::InitializationVector iv(QCA::hexToArray(ivText));
781+ QCA::AuthTag authTag(16);
782+ QCA::Cipher forwardCipher(QString("aes192"),
783+ QCA::Cipher::GCM,
784+ QCA::Cipher::NoPadding,
785+ QCA::Encode,
786+ key,
787+ iv,
788+ authTag,
789+ provider);
790+ QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray());
791+ QVERIFY(forwardCipher.ok());
792+ update += QCA::arrayToHex(forwardCipher.final().toByteArray());
793+ authTag = forwardCipher.tag();
794+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
795+ QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag);
796+ QCOMPARE(update, payload);
797+ QVERIFY(forwardCipher.ok());
798+
799+ QCA::Cipher reverseCipher(QString( "aes192"),
800+ QCA::Cipher::GCM,
801+ QCA::Cipher::NoPadding,
802+ QCA::Decode,
803+ key,
804+ iv,
805+ QCA::AuthTag(QCA::hexToArray(tag)),
806+ provider);
807+
808+ update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray());
809+ QVERIFY(reverseCipher.ok());
810+ QCOMPARE(update, plainText.left(update.size()));
811+ update += QCA::arrayToHex(reverseCipher.final().toByteArray());
812+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
813+ QCOMPARE(update, plainText);
814+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
815+ QVERIFY(reverseCipher.ok());
816+ }
817+ }
818+}
819+
820+
821+void CipherUnitTest::aes192_ccm_data()
822+{
823+
824+}
825+
826+void CipherUnitTest::aes192_ccm()
827+{
828+ // For future implementation
829+}
830+
831 void CipherUnitTest::aes256_data()
832 {
833 QTest::addColumn<QString>("plainText");
834@@ -1442,6 +1638,103 @@ void CipherUnitTest::aes256_ctr()
835 }
836 }
837
838+void CipherUnitTest::aes256_gcm_data()
839+{
840+ QTest::addColumn<QString>("plainText");
841+ QTest::addColumn<QString>("payload");
842+ QTest::addColumn<QString>("tag");
843+ QTest::addColumn<QString>("keyText");
844+ QTest::addColumn<QString>("ivText");
845+
846+ QTest::newRow("short") << QString("6f6820526f6d656d6f21")
847+ << QString("4ce2f4df041252820847")
848+ << QString("1c570805832dfe7babc1b386c26bcd04")
849+ << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04")
850+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
851+
852+ QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930")
853+ << QString("e516c267146d6cfd3af3300e24aba7ac23ab3c5cb4765937a6c0156e454cae357e14f4c0dfb0def9624f4f70de90ad2bc9cd555171c4551c26b6346922ed")
854+ << QString("f59aac31ab9dace3fcc693e114dd6610")
855+ << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04")
856+ << QString("bfcd3a7252f7f199bf788df8cf61032a");
857+
858+
859+ QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21")
860+ << QString("4ce2f4df041252820847")
861+ << QString("1c570805833dfe7babc1b386c26bcd04")
862+ << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04")
863+ << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
864+}
865+
866+void CipherUnitTest::aes256_gcm()
867+{
868+ QStringList providersToTest;
869+ providersToTest.append("qca-ossl");
870+ providersToTest.append("qca-gcrypt");
871+ providersToTest.append("qca-botan");
872+ providersToTest.append("qca-nss");
873+
874+ foreach (const QString &provider, providersToTest) {
875+ if (!QCA::isSupported( "aes256-gcm", provider))
876+ QWARN(QString("AES256 GCM not supported for " + provider).toLocal8Bit());
877+ else {
878+ QFETCH(QString, plainText);
879+ QFETCH(QString, payload);
880+ QFETCH(QString, tag);
881+ QFETCH(QString, keyText);
882+ QFETCH(QString, ivText);
883+
884+ QCA::SymmetricKey key(QCA::hexToArray(keyText));
885+ QCA::InitializationVector iv(QCA::hexToArray(ivText));
886+ QCA::AuthTag authTag(16);
887+ QCA::Cipher forwardCipher(QString("aes256"),
888+ QCA::Cipher::GCM,
889+ QCA::Cipher::NoPadding,
890+ QCA::Encode,
891+ key,
892+ iv,
893+ authTag,
894+ provider);
895+ QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray());
896+ QVERIFY(forwardCipher.ok());
897+ update += QCA::arrayToHex(forwardCipher.final().toByteArray());
898+ authTag = forwardCipher.tag();
899+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
900+ QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag);
901+ QCOMPARE(update, payload);
902+ QVERIFY(forwardCipher.ok());
903+
904+ QCA::Cipher reverseCipher(QString( "aes256"),
905+ QCA::Cipher::GCM,
906+ QCA::Cipher::NoPadding,
907+ QCA::Decode,
908+ key,
909+ iv,
910+ QCA::AuthTag(QCA::hexToArray(tag)),
911+ provider);
912+
913+ update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray());
914+ QVERIFY(reverseCipher.ok());
915+ QCOMPARE(update, plainText.left(update.size()));
916+ update += QCA::arrayToHex(reverseCipher.final().toByteArray());
917+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
918+ QCOMPARE(update, plainText);
919+ QEXPECT_FAIL("wrongtag", "It's OK", Continue);
920+ QVERIFY(reverseCipher.ok());
921+ }
922+ }
923+}
924+
925+void CipherUnitTest::aes256_ccm_data()
926+{
927+
928+}
929+
930+void CipherUnitTest::aes256_ccm()
931+{
932+ // For future implementation
933+}
934+
935 void CipherUnitTest::tripleDES_data()
936 {
937 QTest::addColumn<QString>("plainText");
938diff --git a/unittest/cipherunittest/cipherunittest.h b/unittest/cipherunittest/cipherunittest.h
939index 97f5627..bb3ece4 100644
940--- a/unittest/cipherunittest/cipherunittest.h
941+++ b/unittest/cipherunittest/cipherunittest.h
942@@ -1,3 +1,29 @@
943+/**
944+ * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net>
945+ * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
946+ *
947+ * Redistribution and use in source and binary forms, with or without
948+ * modification, are permitted provided that the following conditions
949+ * are met:
950+ *
951+ * 1. Redistributions of source code must retain the above copyright
952+ * notice, this list of conditions and the following disclaimer.
953+ * 2. Redistributions in binary form must reproduce the above copyright
954+ * notice, this list of conditions and the following disclaimer in the
955+ * documentation and/or other materials provided with the distribution.
956+ *
957+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
958+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
959+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
960+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
961+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
962+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
963+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
964+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
965+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
966+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
967+ */
968+
969 #ifndef CIPHERUNITTEST_H
970 #define CIPHERUNITTEST_H
971
972@@ -23,6 +49,10 @@ private slots:
973 void aes128_ofb();
974 void aes128_ctr_data();
975 void aes128_ctr();
976+ void aes128_gcm_data();
977+ void aes128_gcm();
978+ void aes128_ccm_data();
979+ void aes128_ccm();
980
981 void aes192_data();
982 void aes192();
983@@ -36,6 +66,10 @@ private slots:
984 void aes192_ofb();
985 void aes192_ctr_data();
986 void aes192_ctr();
987+ void aes192_gcm_data();
988+ void aes192_gcm();
989+ void aes192_ccm_data();
990+ void aes192_ccm();
991
992 void aes256_data();
993 void aes256();
994@@ -49,6 +83,10 @@ private slots:
995 void aes256_ofb();
996 void aes256_ctr_data();
997 void aes256_ctr();
998+ void aes256_gcm_data();
999+ void aes256_gcm();
1000+ void aes256_ccm_data();
1001+ void aes256_ccm();
1002
1003 void tripleDES_data();
1004 void tripleDES();
1005
1006commit 28245c731ed9fefac75fa8a918a06dbb22945ee3
1007Author: Ivan Romanov <drizt@land.ru>
1008Date: Sat Aug 20 20:35:55 2016 +0500
1009
1010 Add base64 convenience functions
1011
1012diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h
1013index f5c4601..7e7cf87 100644
1014--- a/include/QtCrypto/qca_core.h
1015+++ b/include/QtCrypto/qca_core.h
1016@@ -619,6 +619,32 @@ if (QCA::hexToArray(QString("62626262626262006262") ) == test )
1017 */
1018 QCA_EXPORT QByteArray hexToArray(const QString &hexString);
1019
1020+/**
1021+ Convert a byte array to printable base64
1022+ representation.
1023+
1024+ This is a convenience function to convert an arbitrary
1025+ QByteArray to a printable representation.
1026+
1027+ \param array the array to be converted
1028+ \return a printable representation
1029+*/
1030+QCA_EXPORT QString arrayToBase64(const QByteArray &array);
1031+
1032+/**
1033+ Convert a QString containing a base64 representation
1034+ of a byte array into a QByteArray
1035+
1036+ This is a convenience function to convert a printable
1037+ representation into a QByteArray - effectively the inverse
1038+ of QCA::arrayToBase64.
1039+
1040+ \param base64String the string containing a printable
1041+ representation to be converted
1042+ \return the equivalent QByteArray
1043+*/
1044+QCA_EXPORT QByteArray base64ToArray(const QString &base64String);
1045+
1046 /**
1047 \class Initializer qca_core.h QtCrypto
1048
1049diff --git a/src/qca_core.cpp b/src/qca_core.cpp
1050index 48460ce..dfb93b7 100644
1051--- a/src/qca_core.cpp
1052+++ b/src/qca_core.cpp
1053@@ -813,6 +813,16 @@ QByteArray hexToArray(const QString &str)
1054 return Hex().stringToArray(str).toByteArray();
1055 }
1056
1057+QString arrayToBase64(const QByteArray &a)
1058+{
1059+ return Base64().arrayToString(a);
1060+}
1061+
1062+QByteArray base64ToArray(const QString &base64String)
1063+{
1064+ return Base64().stringToArray(base64String).toByteArray();
1065+}
1066+
1067 static Provider *getProviderForType(const QString &type, const QString &provider)
1068 {
1069 Provider *p = 0;
1070diff --git a/unittest/base64unittest/base64unittest.cpp b/unittest/base64unittest/base64unittest.cpp
1071index f37dcfa..b354aea 100644
1072--- a/unittest/base64unittest/base64unittest.cpp
1073+++ b/unittest/base64unittest/base64unittest.cpp
1074@@ -120,6 +120,9 @@ void Base64UnitTest::test2()
1075
1076 QCOMPARE( base64Object.encodeString(raw), encoded );
1077 QCOMPARE( base64Object.decodeString(encoded), raw );
1078+
1079+ QCOMPARE( QCA::arrayToBase64(raw.toUtf8()), encoded );
1080+ QCOMPARE( QLatin1String(QCA::base64ToArray(encoded)), raw );
1081 }
1082
1083 QTEST_MAIN(Base64UnitTest)
1084
1085commit d320ef4fdb2b5a70a2485a7027e52b520f0c4b48
1086Author: Ivan Romanov <drizt@land.ru>
1087Date: Mon Oct 10 21:50:18 2016 +0500
1088
1089 Add some missed headers to Qt Creator project
1090
1091diff --git a/plugins/qca-gnupg/CMakeLists.txt b/plugins/qca-gnupg/CMakeLists.txt
1092index 6dbcaed..1ed8e21 100644
1093--- a/plugins/qca-gnupg/CMakeLists.txt
1094+++ b/plugins/qca-gnupg/CMakeLists.txt
1095@@ -21,6 +21,23 @@ set(QCA_GNUPG_NONMOC_SOURCES
1096 gpgproc/gpgproc.cpp
1097 )
1098
1099+set(QCA_GNUPG_HEADERS
1100+ gpgaction.h
1101+ ringwatch.h
1102+ gpgop.h
1103+ gpgop_p.h
1104+ lineconverter.h
1105+ mypgpkeycontext.h
1106+ mykeystoreentry.h
1107+ mykeystorelist.h
1108+ gpgproc/gpgproc_p.h
1109+ gpgproc/sprocess.h
1110+ gpgproc/gpgproc.h
1111+ utils.h
1112+ mymessagecontext.h
1113+ myopenpgpcontext.h
1114+)
1115+
1116 my_automoc(QCA_GNUPG_MOC_SOURCES)
1117
1118 qt4_wrap_cpp(EXTRA_GNUPG_SOURCES gpgop.h)
1119@@ -33,7 +50,7 @@ qt4_wrap_cpp(EXTRA_GNUPG_SOURCES mykeystorelist.h)
1120 qt4_wrap_cpp(EXTRA_GNUPG_SOURCES mymessagecontext.h)
1121 qt4_wrap_cpp(EXTRA_GNUPG_SOURCES gpgaction.h)
1122
1123-add_library(qca-gnupg ${PLUGIN_TYPE} ${QCA_GNUPG_MOC_SOURCES} ${QCA_GNUPG_NONMOC_SOURCES} ${EXTRA_GNUPG_SOURCES})
1124+add_library(qca-gnupg ${PLUGIN_TYPE} ${QCA_GNUPG_MOC_SOURCES} ${QCA_GNUPG_NONMOC_SOURCES} ${EXTRA_GNUPG_SOURCES} ${QCA_GNUPG_HEADERS})
1125
1126 if(APPLE AND ${PLUGIN_TYPE} STREQUAL "MODULE")
1127 set_property(TARGET qca-gnupg PROPERTY SUFFIX ".dylib")
1128
1129commit 7ba0ee591e0f50a7e7b532f9eb7e500e7da784fb
1130Author: Samuel Gaist <samuel.gaist@edeltech.ch>
1131Date: Thu Oct 20 13:34:23 2016 +0200
1132
1133 OS X build and warning fix
1134
1135 Revert "Add missed file"
1136
1137 This reverts commit 4c9f27270e0a7c00c10cbc56ce5c6842b47e5ab2.
1138
1139 FindCoreFoundation.cmake is not needed since CoreFoundation
1140 is a system framework. Its use has been removed by
1141 commit f223ce03d4b94ffbb093fc8be5adf8d968f54434
1142
1143 Acked by: Ivan Čukić
1144
1145 REVIEW: 126285
1146
1147diff --git a/cmake/modules/FindCoreFoundation.cmake b/cmake/modules/FindCoreFoundation.cmake
1148deleted file mode 100644
1149index c08e529..0000000
1150--- a/cmake/modules/FindCoreFoundation.cmake
1151+++ /dev/null
1152@@ -1,13 +0,0 @@
1153-# Copyright (c) 2014, Samuel Gaist, <samuel.gaist@edeltech.ch>
1154-#
1155-# Redistribution and use is allowed according to the terms of the BSD license.
1156-# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
1157-
1158-INCLUDE(CMakeFindFrameworks)
1159-
1160-CMAKE_FIND_FRAMEWORKS(CoreFoundation)
1161-
1162-if (CoreFoundation_FRAMEWORKS)
1163- set(COREFOUNDATION_LIBRARY "-framework CoreFoundation" CACHE FILEPATH "CoreFoundation framework" FORCE)
1164- set(COREFOUNDATION_FOUND 1)
1165-endif (CoreFoundation_FRAMEWORKS)
1166
1167commit b435c1b87b14ac2d2de9f83e586bfd6d8c2a755e
1168Author: Ivan Romanov <drizt@land.ru>
1169Date: Sun Jan 29 14:06:08 2017 +0500
1170
1171 Avoid @rpath on Mac OS
1172
1173diff --git a/CMakeLists.txt b/CMakeLists.txt
1174index 605621b..34bffb9 100644
1175--- a/CMakeLists.txt
1176+++ b/CMakeLists.txt
1177@@ -23,6 +23,10 @@ set(QCA_LIB_PATCH_VERSION "0")
1178 # qtmain.lib.
1179 cmake_policy(SET CMP0020 OLD)
1180
1181+if(POLICY CMP0042)
1182+ cmake_policy(SET CMP0042 OLD)
1183+endif()
1184+
1185 option(BUILD_TESTS "Create test" ON)
1186 option(BUILD_TOOLS "Compile mozcerts and qcatool" ON)
1187 set(BUILD_PLUGINS "auto" CACHE STRING "Plugins for building (also possible values: none, all and auto)")
1188
1189commit f4b2eb0ced5310f3c43398eb1f03e0c065e08a82
1190Author: Ivan Romanov <drizt@land.ru>
1191Date: Sun Jan 29 15:08:12 2017 +0500
1192
1193 Fix previous commit
1194
1195diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
1196index 92204f2..2e81974 100644
1197--- a/src/CMakeLists.txt
1198+++ b/src/CMakeLists.txt
1199@@ -148,9 +148,15 @@ if(WIN32)
1200 endif(WIN32)
1201
1202 if(APPLE)
1203- set(COREFOUNDATION_LIBRARY "-framework CoreFoundation")
1204- set(COREFOUNDATION_LIBRARY_SECURITY "-framework Security")
1205- TARGET_LINK_LIBRARIES(${QCA_LIB_NAME} ${COREFOUNDATION_LIBRARY} ${COREFOUNDATION_LIBRARY_SECURITY})
1206+ set(COREFOUNDATION_LIBRARY "-framework CoreFoundation")
1207+ set(COREFOUNDATION_LIBRARY_SECURITY "-framework Security")
1208+ TARGET_LINK_LIBRARIES(${QCA_LIB_NAME} ${COREFOUNDATION_LIBRARY} ${COREFOUNDATION_LIBRARY_SECURITY})
1209+
1210+ if(OSX_FRAMEWORK AND NOT USE_RELATIVE_PATHS)
1211+ set_target_properties(${QCA_LIB_NAME} PROPERTIES
1212+ INSTALL_NAME_DIR "${QCA_LIBRARY_INSTALL_DIR}"
1213+ )
1214+ endif()
1215 endif(APPLE)
1216
1217 if(NOT ANDROID)
1218
1219commit be55b9c98dca67e42709ac6eadc272390ee49f03
1220Author: Ivan Romanov <drizt@land.ru>
1221Date: Wed Mar 1 13:22:48 2017 +0500
1222
1223 Fix Qt5.7 warning
1224
1225diff --git a/src/support/console.cpp b/src/support/console.cpp
1226index c3c5570..ee94998 100644
1227--- a/src/support/console.cpp
1228+++ b/src/support/console.cpp
1229@@ -857,7 +857,7 @@ public:
1230 return false;
1231 }
1232
1233- if(c == '\b' || c == 0x7f)
1234+ if(c == '\b' || c.unicode() == 0x7f)
1235 {
1236 if(at > 0)
1237 {
1238
1239commit 5f18ebc705ec98e883aa63cb537e36e6a08b7e34
1240Author: Alon Bar-Lev <alon.barlev@gmail.com>
1241Date: Tue Mar 21 12:23:17 2017 +0200
1242
1243 build: fix C++11 throwing distructors
1244
1245 For >=C++11, explicitly mark throwing destructors `noexcept(false)`
1246
1247 Thanks: Peter-Levine <plevine457@gmail.com>
1248
1249diff --git a/Doxyfile.in b/Doxyfile.in
1250index 59d9afe..844c234 100644
1251--- a/Doxyfile.in
1252+++ b/Doxyfile.in
1253@@ -1070,7 +1070,7 @@ PREDEFINED = DOXYGEN_SHOULD_SKIP_THIS \
1254 # The macro definition that is found in the sources will be used.
1255 # Use the PREDEFINED tag if you want to use a different macro definition.
1256
1257-EXPAND_AS_DEFINED = QCA_EXPORT
1258+EXPAND_AS_DEFINED = QCA_EXPORT QCA_NOEXCEPT
1259
1260 # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
1261 # doxygen's preprocessor will remove all function-like macros that are alone
1262diff --git a/src/botantools/botan/alloc_mmap/mmap_mem.cpp b/src/botantools/botan/alloc_mmap/mmap_mem.cpp
1263index 362b688..54f0d23 100644
1264--- a/src/botantools/botan/alloc_mmap/mmap_mem.cpp
1265+++ b/src/botantools/botan/alloc_mmap/mmap_mem.cpp
1266@@ -107,7 +107,7 @@ void* MemoryMapping_Allocator::alloc_block(u32bit n)
1267 umask(old_umask);
1268 }
1269
1270- ~TemporaryFile()
1271+ ~TemporaryFile() QCA_NOEXCEPT(false)
1272 {
1273 delete[] filepath;
1274 if(fd != -1 && close(fd) == -1)
1275diff --git a/src/botantools/botan/botan/allocate.h b/src/botantools/botan/botan/allocate.h
1276index 0ac351e..52bc397 100644
1277--- a/src/botantools/botan/botan/allocate.h
1278+++ b/src/botantools/botan/botan/allocate.h
1279@@ -40,6 +40,12 @@ namespace QCA { // WRAPNS_LINE
1280 #include <string>
1281 namespace QCA { // WRAPNS_LINE
1282
1283+#if __cplusplus >= 201103L
1284+#define QCA_NOEXCEPT(x) noexcept(x)
1285+#else
1286+#define QCA_NOEXCEPT(x)
1287+#endif
1288+
1289 namespace Botan {
1290
1291 /*************************************************
1292@@ -58,7 +64,7 @@ class Allocator
1293 virtual void init() {}
1294 virtual void destroy() {}
1295
1296- virtual ~Allocator() {}
1297+ virtual ~Allocator() QCA_NOEXCEPT(false) {}
1298 };
1299
1300 /*************************************************
1301diff --git a/src/botantools/botan/botan/mem_pool.h b/src/botantools/botan/botan/mem_pool.h
1302index 32834b8..1cb903e 100644
1303--- a/src/botantools/botan/botan/mem_pool.h
1304+++ b/src/botantools/botan/botan/mem_pool.h
1305@@ -63,7 +63,7 @@ class Pooling_Allocator : public Allocator
1306 void destroy();
1307
1308 Pooling_Allocator(u32bit, bool);
1309- ~Pooling_Allocator();
1310+ ~Pooling_Allocator() QCA_NOEXCEPT(false);
1311 private:
1312 void get_more_core(u32bit);
1313 byte* allocate_blocks(u32bit);
1314diff --git a/src/botantools/botan/mem_pool.cpp b/src/botantools/botan/mem_pool.cpp
1315index 00280ec..baa47aa 100644
1316--- a/src/botantools/botan/mem_pool.cpp
1317+++ b/src/botantools/botan/mem_pool.cpp
1318@@ -171,7 +171,7 @@ Pooling_Allocator::Pooling_Allocator(u32bit p_size, bool) :
1319 /*************************************************
1320 * Pooling_Allocator Destructor *
1321 *************************************************/
1322-Pooling_Allocator::~Pooling_Allocator()
1323+Pooling_Allocator::~Pooling_Allocator() QCA_NOEXCEPT(false)
1324 {
1325 delete mutex;
1326 if(blocks.size())
1327
1328commit df794c0181a09c42a883f2f886af20526f2e219e
1329Author: Ivan Romanov <drizt@land.ru>
1330Date: Sat Jul 8 09:53:45 2017 +0500
1331
1332 Remove deprecated keyword
1333
1334diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h
1335index 7e7cf87..8c25a70 100644
1336--- a/include/QtCrypto/qca_core.h
1337+++ b/include/QtCrypto/qca_core.h
1338@@ -492,8 +492,8 @@ QCA_EXPORT Logger *logger();
1339 */
1340 #define QCA_logTextMessage(message, severity) \
1341 do { \
1342- register QCA::Logger::Severity s = severity; \
1343- register QCA::Logger *l = QCA::logger (); \
1344+ QCA::Logger::Severity s = severity; \
1345+ QCA::Logger *l = QCA::logger (); \
1346 if (s <= l->level ()) { \
1347 l->logTextMessage (message, s); \
1348 } \
1349@@ -511,8 +511,8 @@ QCA_EXPORT Logger *logger();
1350 */
1351 #define QCA_logBinaryMessage(blob, severity) \
1352 do { \
1353- register QCA::Logger::Severity s = severity; \
1354- register QCA::Logger *l = QCA::logger (); \
1355+ QCA::Logger::Severity s = severity; \
1356+ QCA::Logger *l = QCA::logger (); \
1357 if (s <= l->level ()) { \
1358 l->logBinaryMessage (blob, s); \
1359 } \
1360
1361commit 8871dcd2e14207de4319c5da584d7712d13ce7ae
1362Author: Ivan Romanov <drizt@land.ru>
1363Date: Mon Sep 18 22:28:00 2017 +0500
1364
1365 Fix CMake warning
1366
1367 CMP 0020 is deprecated. Avoid using of old behaviour.
1368
1369diff --git a/CMakeLists.txt b/CMakeLists.txt
1370index 34bffb9..7ef32ee 100644
1371--- a/CMakeLists.txt
1372+++ b/CMakeLists.txt
1373@@ -18,11 +18,6 @@ set(QCA_LIB_MAJOR_VERSION "2")
1374 set(QCA_LIB_MINOR_VERSION "2")
1375 set(QCA_LIB_PATCH_VERSION "0")
1376
1377-# Do not automatically link Qt executables to qtmain target on Windows.
1378-# QCA exucatables use console mode only. Not need to link against
1379-# qtmain.lib.
1380-cmake_policy(SET CMP0020 OLD)
1381-
1382 if(POLICY CMP0042)
1383 cmake_policy(SET CMP0042 OLD)
1384 endif()
1385@@ -51,6 +46,9 @@ set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules" )
1386
1387 option(QT4_BUILD "Force building with Qt4 even if Qt5 is found")
1388 if (NOT QT4_BUILD)
1389+ # Do not automatically link Qt executables to qtmain target on Windows.
1390+ # QCA exucatables use console mode only. Not need to link against qtmain.lib.
1391+ set(Qt5_NO_LINK_QTMAIN ON)
1392 find_package(Qt5Core QUIET)
1393 mark_as_advanced(Qt5Core_DIR)
1394 endif()
1395@@ -71,6 +69,9 @@ if (Qt5Core_FOUND)
1396 else()
1397 set(QT_MIN_VERSION "4.7.0")
1398 set(QT_USE_IMPORTED_TARGETS ON)
1399+ # Do not automatically link Qt executables to qtmain target on Windows.
1400+ # QCA exucatables use console mode only. Not need to link against qtmain.lib.
1401+ set(QT4_NO_LINK_QTMAIN ON)
1402 if(BUILD_TESTS)
1403 find_package(Qt4 REQUIRED QtCore QtNetwork QtTest)
1404 else(BUILD_TESTS)
1405
1406commit 159e144abf98964ad8653efdeeebefe1a284a044
1407Author: Ivan Romanov <drizt@land.ru>
1408Date: Sat Sep 30 15:45:59 2017 +0500
1409
1410 Disable missed openssl cipher suites
1411
1412 Fedora 26 has no them.
1413
1414commit d58e20ee652038dc4ec4fe4765dc3639ed735526
1415Author: Fabian Vogt <fabian@ritter-vogt.de>
1416Date: Sat Dec 16 22:29:40 2017 +0100
1417
1418 Add support for OpenSSL 1.1.0
1419
1420 Test Plan:
1421 Ran the testsuite with OpenSSL 1.1.0g and 1.0.2j, all passed.
1422 Using this code with kdeconnect and okteta successfully on my system now.
1423
1424 Reviewers: iromanov
1425
1426 Subscribers: anthonyfieroni, alonbl, heikobecker, cfeck, asturmlechner, bero, rdieter
1427
1428 Differential Revision: https://phabricator.kde.org/D9416
1429
1430diff --git a/plugins/qca-ossl/ossl110-compat.h b/plugins/qca-ossl/ossl110-compat.h
1431new file mode 100644
1432index 0000000..ec15475
1433--- /dev/null
1434+++ b/plugins/qca-ossl/ossl110-compat.h
1435@@ -0,0 +1,283 @@
1436+/*
1437+ * Copyright (C) 2017 Gabriel Souza Franco <gabrielfrancosouza@gmail.com>
1438+ *
1439+ * This library is free software; you can redistribute it and/or
1440+ * modify it under the terms of the GNU Lesser General Public
1441+ * License as published by the Free Software Foundation; either
1442+ * version 2.1 of the License, or (at your option) any later version.
1443+ *
1444+ * This library is distributed in the hope that it will be useful,
1445+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
1446+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
1447+ * Lesser General Public License for more details.
1448+ *
1449+ * You should have received a copy of the GNU Lesser General Public
1450+ * License along with this library; if not, write to the Free Software
1451+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
1452+ *
1453+ */
1454+
1455+#ifndef OSSL110COMPAT_H
1456+#define OSSL110COMPAT_H
1457+
1458+#include <openssl/evp.h>
1459+#include <openssl/hmac.h>
1460+#include <openssl/rsa.h>
1461+#include <openssl/dsa.h>
1462+
1463+#if OPENSSL_VERSION_NUMBER < 0x10100000L
1464+#define RSA_F_RSA_METH_DUP 161
1465+
1466+static void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
1467+{
1468+ if (pr)
1469+ *pr = sig->r;
1470+ if (ps)
1471+ *ps = sig->s;
1472+}
1473+
1474+static int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
1475+{
1476+ if (!sig) return 0;
1477+ sig->r = r;
1478+ sig->s = s;
1479+ return 1;
1480+}
1481+
1482+static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
1483+{
1484+ if (p)
1485+ *p = dsa->p;
1486+ if (q)
1487+ *q = dsa->q;
1488+ if (g)
1489+ *g = dsa->g;
1490+}
1491+
1492+static int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g)
1493+{
1494+ if (!dsa) return 0;
1495+ dsa->p = p;
1496+ dsa->q = q;
1497+ dsa->g = g;
1498+ return 1;
1499+}
1500+
1501+static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
1502+{
1503+ if (n)
1504+ *n = rsa->n;
1505+ if (e)
1506+ *e = rsa->e;
1507+ if (d)
1508+ *d = rsa->d;
1509+}
1510+
1511+static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
1512+{
1513+ if (!rsa) return 0;
1514+ rsa->n = n;
1515+ rsa->e = e;
1516+ rsa->d = d;
1517+ return 1;
1518+}
1519+
1520+static void RSA_get0_factors(const RSA *rsa, const BIGNUM **p, const BIGNUM **q)
1521+{
1522+ if (p)
1523+ *p = rsa->p;
1524+ if (q)
1525+ *q = rsa->q;
1526+}
1527+
1528+static int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q)
1529+{
1530+ if (!rsa) return 0;
1531+ rsa->p = p;
1532+ rsa->q = q;
1533+ return 1;
1534+}
1535+
1536+static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
1537+{
1538+ if (p)
1539+ *p = dh->p;
1540+ if (q)
1541+ *q = dh->q;
1542+ if (g)
1543+ *g = dh->g;
1544+}
1545+
1546+static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
1547+{
1548+ if (!dh) return 0;
1549+ dh->p = p;
1550+ dh->q = q;
1551+ dh->g = g;
1552+ return 1;
1553+}
1554+
1555+static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
1556+{
1557+ if (pub_key)
1558+ *pub_key = dh->pub_key;
1559+ if (priv_key)
1560+ *priv_key = dh->priv_key;
1561+}
1562+
1563+static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
1564+{
1565+ if (!dh) return 0;
1566+ dh->pub_key = pub_key;
1567+ dh->priv_key = priv_key;
1568+ return 1;
1569+}
1570+
1571+static void DSA_get0_key(const DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key)
1572+{
1573+ if (pub_key)
1574+ *pub_key = dsa->pub_key;
1575+ if (priv_key)
1576+ *priv_key = dsa->priv_key;
1577+}
1578+
1579+static int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key)
1580+{
1581+ if (!dsa) return 0;
1582+ dsa->pub_key = pub_key;
1583+ dsa->priv_key = priv_key;
1584+ return 1;
1585+}
1586+
1587+static void X509_SIG_getm(const X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest)
1588+{
1589+ if (palg)
1590+ *palg = sig->algor;
1591+ if (pdigest)
1592+ *pdigest = sig->digest;
1593+}
1594+
1595+static void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
1596+{
1597+ if (psig)
1598+ *psig = req->signature;
1599+ if (palg)
1600+ *palg = req->sig_alg;
1601+}
1602+
1603+static void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
1604+{
1605+ if (psig)
1606+ *psig = crl->signature;
1607+ if (palg)
1608+ *palg = crl->sig_alg;
1609+}
1610+
1611+static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
1612+{
1613+ if (!meth)
1614+ return NULL;
1615+
1616+ RSA_METHOD *_meth = (RSA_METHOD *) OPENSSL_malloc(sizeof(*_meth));
1617+
1618+ if (!_meth)
1619+ {
1620+ RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
1621+ return NULL;
1622+ }
1623+
1624+ memcpy(_meth, meth, sizeof(*_meth));
1625+ _meth->name = strdup(meth->name);
1626+ if (!_meth->name) {
1627+ OPENSSL_free(_meth);
1628+ RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
1629+ return NULL;
1630+ }
1631+
1632+ return _meth;
1633+}
1634+
1635+static int RSA_meth_set_priv_enc(RSA_METHOD *rsa, int (*priv_enc) (int flen, const unsigned char *from,
1636+ unsigned char *to, RSA *rsa, int padding))
1637+{
1638+ if (!rsa) return 0;
1639+ rsa->rsa_priv_enc = priv_enc;
1640+ return 1;
1641+}
1642+
1643+static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int (*priv_dec) (int flen, const unsigned char *from,
1644+ unsigned char *to, RSA *rsa, int padding))
1645+{
1646+ if (!rsa) return 0;
1647+ rsa->rsa_priv_dec = priv_dec;
1648+ return 1;
1649+}
1650+
1651+static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m,
1652+ unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
1653+{
1654+ if (!meth) return 0;
1655+ meth->rsa_sign = sign;
1656+ return 1;
1657+}
1658+
1659+static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m,
1660+ unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa))
1661+{
1662+ if (!meth) return 0;
1663+ meth->rsa_verify = verify;
1664+ return 1;
1665+}
1666+
1667+static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
1668+{
1669+ if (!meth) return 0;
1670+ meth->finish = finish;
1671+ return 1;
1672+}
1673+
1674+static HMAC_CTX *HMAC_CTX_new()
1675+{
1676+ HMAC_CTX *ctx = (HMAC_CTX *) OPENSSL_malloc(sizeof(HMAC_CTX));
1677+ if (ctx)
1678+ HMAC_CTX_init(ctx);
1679+ return ctx;
1680+}
1681+
1682+static void HMAC_CTX_free(HMAC_CTX *ctx)
1683+{
1684+ if (!ctx)
1685+ return;
1686+ HMAC_CTX_cleanup(ctx);
1687+ EVP_MD_CTX_cleanup(&ctx->i_ctx);
1688+ EVP_MD_CTX_cleanup(&ctx->o_ctx);
1689+ EVP_MD_CTX_cleanup(&ctx->md_ctx);
1690+ OPENSSL_free(ctx);
1691+}
1692+
1693+#define ASN1_STRING_get0_data(...) (const unsigned char*)ASN1_STRING_data(__VA_ARGS__)
1694+
1695+#define EVP_MD_CTX_new(...) EVP_MD_CTX_create(__VA_ARGS__)
1696+#define EVP_MD_CTX_free(...) EVP_MD_CTX_destroy(__VA_ARGS__)
1697+
1698+#define EVP_PKEY_up_ref(pkey) CRYPTO_add(&(pkey)->references, 1, CRYPTO_LOCK_EVP_PKEY)
1699+#define X509_up_ref(cert) CRYPTO_add(&(cert)->references, 1, CRYPTO_LOCK_X509)
1700+#define X509_CRL_up_ref(crl) CRYPTO_add(&(crl)->references, 1, CRYPTO_LOCK_X509_CRL)
1701+
1702+#define EVP_PKEY_id(pky) (pky)->type
1703+#define EVP_PKEY_get0_DSA(pky) (pky)->pkey.dsa
1704+#define EVP_PKEY_get0_RSA(pky) (pky)->pkey.rsa
1705+#define EVP_PKEY_get0_DH(pky) (pky)->pkey.dh
1706+
1707+#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
1708+#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
1709+
1710+#define X509_REQ_get_signature_nid(req) OBJ_obj2nid((req)->sig_alg->algorithm)
1711+#define X509_CRL_get_signature_nid(crl) OBJ_obj2nid((crl)->sig_alg->algorithm)
1712+
1713+#define X509_REVOKED_get0_serialNumber(rev) (rev)->serialNumber
1714+#define X509_REVOKED_get0_revocationDate(rev) (rev)->revocationDate
1715+
1716+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
1717+
1718+#endif // OSSL110COMPAT_H
1719diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
1720index a507604..39dbc2b 100644
1721--- a/plugins/qca-ossl/qca-ossl.cpp
1722+++ b/plugins/qca-ossl/qca-ossl.cpp
1723@@ -2,6 +2,7 @@
1724 * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com>
1725 * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
1726 * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
1727+ * Copyright (C) 2017 Fabian Vogt <fabian@ritter-vogt.de>
1728 *
1729 * This library is free software; you can redistribute it and/or
1730 * modify it under the terms of the GNU Lesser General Public
1731@@ -39,6 +40,8 @@
1732 #include <openssl/pkcs12.h>
1733 #include <openssl/ssl.h>
1734
1735+#include "ossl110-compat.h"
1736+
1737 #ifndef OSSL_097
1738 // comment this out if you'd rather use openssl 0.9.6
1739 #define OSSL_097
1740@@ -53,6 +56,16 @@
1741 ((_STACK*) (1 ? p : (type*)0))
1742 #endif
1743
1744+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
1745+ #define OSSL_110
1746+#endif
1747+
1748+// OpenSSL 1.1.0 compatibility macros
1749+#ifdef OSSL_110
1750+#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
1751+#define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT
1752+#endif
1753+
1754 using namespace QCA;
1755
1756 namespace opensslQCAPlugin {
1757@@ -94,7 +107,7 @@ static QByteArray bio2ba(BIO *b)
1758 return buf;
1759 }
1760
1761-static BigInteger bn2bi(BIGNUM *n)
1762+static BigInteger bn2bi(const BIGNUM *n)
1763 {
1764 SecureArray buf(BN_num_bytes(n) + 1);
1765 buf[0] = 0; // positive
1766@@ -110,7 +123,7 @@ static BIGNUM *bi2bn(const BigInteger &n)
1767
1768 // take lowest bytes of BIGNUM to fit
1769 // pad with high byte zeroes to fit
1770-static SecureArray bn2fixedbuf(BIGNUM *n, int size)
1771+static SecureArray bn2fixedbuf(const BIGNUM *n, int size)
1772 {
1773 SecureArray buf(BN_num_bytes(n));
1774 BN_bn2bin(n, (unsigned char *)buf.data());
1775@@ -128,8 +141,11 @@ static SecureArray dsasig_der_to_raw(const SecureArray &in)
1776 const unsigned char *inp = (const unsigned char *)in.data();
1777 d2i_DSA_SIG(&sig, &inp, in.size());
1778
1779- SecureArray part_r = bn2fixedbuf(sig->r, 20);
1780- SecureArray part_s = bn2fixedbuf(sig->s, 20);
1781+ const BIGNUM *bnr, *bns;
1782+ DSA_SIG_get0(sig, &bnr, &bns);
1783+
1784+ SecureArray part_r = bn2fixedbuf(bnr, 20);
1785+ SecureArray part_s = bn2fixedbuf(bns, 20);
1786 SecureArray result;
1787 result.append(part_r);
1788 result.append(part_s);
1789@@ -144,12 +160,16 @@ static SecureArray dsasig_raw_to_der(const SecureArray &in)
1790 return SecureArray();
1791
1792 DSA_SIG *sig = DSA_SIG_new();
1793- SecureArray part_r(20);
1794- SecureArray part_s(20);
1795+ SecureArray part_r(20); BIGNUM *bnr;
1796+ SecureArray part_s(20); BIGNUM *bns;
1797 memcpy(part_r.data(), in.data(), 20);
1798 memcpy(part_s.data(), in.data() + 20, 20);
1799- sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
1800- sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
1801+ bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
1802+ bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
1803+
1804+ if(DSA_SIG_set0(sig, bnr, bns) == 0)
1805+ return SecureArray();
1806+ // Not documented what happens in the failure case, free bnr and bns?
1807
1808 int len = i2d_DSA_SIG(sig, NULL);
1809 SecureArray result(len);
1810@@ -1005,29 +1025,39 @@ public:
1811 opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type)
1812 {
1813 m_algorithm = algorithm;
1814- EVP_DigestInit( &m_context, m_algorithm );
1815+ m_context = EVP_MD_CTX_new();
1816+ EVP_DigestInit( m_context, m_algorithm );
1817+ }
1818+
1819+ opensslHashContext(const opensslHashContext &other)
1820+ : HashContext(other)
1821+ {
1822+ m_algorithm = other.m_algorithm;
1823+ m_context = EVP_MD_CTX_new();
1824+ EVP_MD_CTX_copy_ex(m_context, other.m_context);
1825 }
1826
1827 ~opensslHashContext()
1828 {
1829- EVP_MD_CTX_cleanup(&m_context);
1830+ EVP_MD_CTX_free(m_context);
1831 }
1832
1833 void clear()
1834 {
1835- EVP_MD_CTX_cleanup(&m_context);
1836- EVP_DigestInit( &m_context, m_algorithm );
1837+ EVP_MD_CTX_free(m_context);
1838+ m_context = EVP_MD_CTX_new();
1839+ EVP_DigestInit( m_context, m_algorithm );
1840 }
1841
1842 void update(const MemoryRegion &a)
1843 {
1844- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
1845+ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
1846 }
1847
1848 MemoryRegion final()
1849 {
1850 SecureArray a( EVP_MD_size( m_algorithm ) );
1851- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1852+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1853 return a;
1854 }
1855
1856@@ -1038,7 +1068,7 @@ public:
1857
1858 protected:
1859 const EVP_MD *m_algorithm;
1860- EVP_MD_CTX m_context;
1861+ EVP_MD_CTX *m_context;
1862 };
1863
1864
1865@@ -1048,7 +1078,21 @@ public:
1866 opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type)
1867 {
1868 m_algorithm = algorithm;
1869- EVP_DigestInit( &m_context, m_algorithm );
1870+ m_context = EVP_MD_CTX_new();
1871+ EVP_DigestInit( m_context, m_algorithm );
1872+ }
1873+
1874+ opensslPbkdf1Context(const opensslPbkdf1Context &other)
1875+ : KDFContext(other)
1876+ {
1877+ m_algorithm = other.m_algorithm;
1878+ m_context = EVP_MD_CTX_new();
1879+ EVP_MD_CTX_copy(m_context, other.m_context);
1880+ }
1881+
1882+ ~opensslPbkdf1Context()
1883+ {
1884+ EVP_MD_CTX_free(m_context);
1885 }
1886
1887 Provider::Context *clone() const
1888@@ -1082,16 +1126,16 @@ public:
1889 DK = Tc<0..dkLen-1>
1890 */
1891 // calculate T_1
1892- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
1893- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
1894+ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
1895+ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
1896 SecureArray a( EVP_MD_size( m_algorithm ) );
1897- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1898+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1899
1900 // calculate T_2 up to T_c
1901 for ( unsigned int i = 2; i <= iterationCount; ++i ) {
1902- EVP_DigestInit( &m_context, m_algorithm );
1903- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
1904- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1905+ EVP_DigestInit( m_context, m_algorithm );
1906+ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
1907+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1908 }
1909
1910 // shrink a to become DK, of the required length
1911@@ -1137,19 +1181,19 @@ public:
1912 DK = Tc<0..dkLen-1>
1913 */
1914 // calculate T_1
1915- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
1916- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
1917+ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
1918+ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
1919 SecureArray a( EVP_MD_size( m_algorithm ) );
1920- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1921+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1922
1923 // calculate T_2 up to T_c
1924 *iterationCount = 2 - 1; // <- Have to remove 1, unless it computes one
1925 timer.start(); // ^ time more than the base function
1926 // ^ with the same iterationCount
1927 while (timer.elapsed() < msecInterval) {
1928- EVP_DigestInit( &m_context, m_algorithm );
1929- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
1930- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1931+ EVP_DigestInit( m_context, m_algorithm );
1932+ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
1933+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1934 ++(*iterationCount);
1935 }
1936
1937@@ -1164,7 +1208,7 @@ public:
1938
1939 protected:
1940 const EVP_MD *m_algorithm;
1941- EVP_MD_CTX m_context;
1942+ EVP_MD_CTX *m_context;
1943 };
1944
1945 class opensslPbkdf2Context : public KDFContext
1946@@ -1232,12 +1276,28 @@ public:
1947 opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type)
1948 {
1949 m_algorithm = algorithm;
1950- HMAC_CTX_init( &m_context );
1951+ m_context = HMAC_CTX_new();
1952+#ifndef OSSL_110
1953+ HMAC_CTX_init( m_context );
1954+#endif
1955+ }
1956+
1957+ opensslHMACContext(const opensslHMACContext &other)
1958+ : MACContext(other)
1959+ {
1960+ m_algorithm = other.m_algorithm;
1961+ m_context = HMAC_CTX_new();
1962+ HMAC_CTX_copy(m_context, other.m_context);
1963+ }
1964+
1965+ ~opensslHMACContext()
1966+ {
1967+ HMAC_CTX_free(m_context);
1968 }
1969
1970 void setup(const SymmetricKey &key)
1971 {
1972- HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 );
1973+ HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 );
1974 }
1975
1976 KeyLength keyLength() const
1977@@ -1247,14 +1307,18 @@ public:
1978
1979 void update(const MemoryRegion &a)
1980 {
1981- HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() );
1982+ HMAC_Update( m_context, (unsigned char *)a.data(), a.size() );
1983 }
1984
1985 void final(MemoryRegion *out)
1986 {
1987 SecureArray sa( EVP_MD_size( m_algorithm ), 0 );
1988- HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 );
1989- HMAC_CTX_cleanup(&m_context);
1990+ HMAC_Final(m_context, (unsigned char *)sa.data(), 0 );
1991+#ifdef OSSL_110
1992+ HMAC_CTX_reset(m_context);
1993+#else
1994+ HMAC_CTX_cleanup(m_context);
1995+#endif
1996 *out = sa;
1997 }
1998
1999@@ -1264,7 +1328,7 @@ public:
2000 }
2001
2002 protected:
2003- HMAC_CTX m_context;
2004+ HMAC_CTX *m_context;
2005 const EVP_MD *m_algorithm;
2006 };
2007
2008@@ -1278,7 +1342,7 @@ class EVPKey
2009 public:
2010 enum State { Idle, SignActive, SignError, VerifyActive, VerifyError };
2011 EVP_PKEY *pkey;
2012- EVP_MD_CTX mdctx;
2013+ EVP_MD_CTX *mdctx;
2014 State state;
2015 bool raw_type;
2016 SecureArray raw;
2017@@ -1288,19 +1352,23 @@ public:
2018 pkey = 0;
2019 raw_type = false;
2020 state = Idle;
2021+ mdctx = EVP_MD_CTX_new();
2022 }
2023
2024 EVPKey(const EVPKey &from)
2025 {
2026 pkey = from.pkey;
2027- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
2028+ EVP_PKEY_up_ref(pkey);
2029 raw_type = false;
2030 state = Idle;
2031+ mdctx = EVP_MD_CTX_new();
2032+ EVP_MD_CTX_copy(mdctx, from.mdctx);
2033 }
2034
2035 ~EVPKey()
2036 {
2037 reset();
2038+ EVP_MD_CTX_free(mdctx);
2039 }
2040
2041 void reset()
2042@@ -1323,8 +1391,8 @@ public:
2043 else
2044 {
2045 raw_type = false;
2046- EVP_MD_CTX_init(&mdctx);
2047- if(!EVP_SignInit_ex(&mdctx, type, NULL))
2048+ EVP_MD_CTX_init(mdctx);
2049+ if(!EVP_SignInit_ex(mdctx, type, NULL))
2050 state = SignError;
2051 }
2052 }
2053@@ -1340,8 +1408,8 @@ public:
2054 else
2055 {
2056 raw_type = false;
2057- EVP_MD_CTX_init(&mdctx);
2058- if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
2059+ EVP_MD_CTX_init(mdctx);
2060+ if(!EVP_VerifyInit_ex(mdctx, type, NULL))
2061 state = VerifyError;
2062 }
2063 }
2064@@ -1353,7 +1421,7 @@ public:
2065 if (raw_type)
2066 raw += in;
2067 else
2068- if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size()))
2069+ if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size()))
2070 state = SignError;
2071 }
2072 else if(state == VerifyActive)
2073@@ -1361,7 +1429,7 @@ public:
2074 if (raw_type)
2075 raw += in;
2076 else
2077- if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size()))
2078+ if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size()))
2079 state = VerifyError;
2080 }
2081 }
2082@@ -1374,17 +1442,20 @@ public:
2083 unsigned int len = out.size();
2084 if (raw_type)
2085 {
2086- if (pkey->type == EVP_PKEY_RSA)
2087+ int type = EVP_PKEY_id(pkey);
2088+
2089+ if (type == EVP_PKEY_RSA)
2090 {
2091+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
2092 if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(),
2093- (unsigned char *)out.data(), pkey->pkey.rsa,
2094+ (unsigned char *)out.data(), rsa,
2095 RSA_PKCS1_PADDING) == -1) {
2096
2097 state = SignError;
2098 return SecureArray ();
2099 }
2100 }
2101- else if (pkey->type == EVP_PKEY_DSA)
2102+ else if (type == EVP_PKEY_DSA)
2103 {
2104 state = SignError;
2105 return SecureArray ();
2106@@ -1396,7 +1467,7 @@ public:
2107 }
2108 }
2109 else {
2110- if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey))
2111+ if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey))
2112 {
2113 state = SignError;
2114 return SecureArray();
2115@@ -1419,16 +1490,19 @@ public:
2116 SecureArray out(EVP_PKEY_size(pkey));
2117 int len = 0;
2118
2119- if (pkey->type == EVP_PKEY_RSA) {
2120+ int type = EVP_PKEY_id(pkey);
2121+
2122+ if (type == EVP_PKEY_RSA) {
2123+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
2124 if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(),
2125- (unsigned char *)out.data (), pkey->pkey.rsa,
2126+ (unsigned char *)out.data (), rsa,
2127 RSA_PKCS1_PADDING)) == -1) {
2128
2129 state = VerifyError;
2130 return false;
2131 }
2132 }
2133- else if (pkey->type == EVP_PKEY_DSA)
2134+ else if (type == EVP_PKEY_DSA)
2135 {
2136 state = VerifyError;
2137 return false;
2138@@ -1448,7 +1522,7 @@ public:
2139 }
2140 else
2141 {
2142- if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
2143+ if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
2144 {
2145 state = VerifyError;
2146 return false;
2147@@ -1562,9 +1636,11 @@ static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams
2148 return false;
2149 if(ret_counter != counter)
2150 return false;
2151- params->p = bn2bi(dsa->p);
2152- params->q = bn2bi(dsa->q);
2153- params->g = bn2bi(dsa->g);
2154+ const BIGNUM *bnp, *bnq, *bng;
2155+ DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
2156+ params->p = bn2bi(bnp);
2157+ params->q = bn2bi(bnq);
2158+ params->g = bn2bi(bng);
2159 DSA_free(dsa);
2160 return true;
2161 }
2162@@ -1827,10 +1903,11 @@ public:
2163 return;
2164
2165 // extract the public key into DER format
2166- int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL);
2167+ RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey);
2168+ int len = i2d_RSAPublicKey(rsa_pkey, NULL);
2169 SecureArray result(len);
2170 unsigned char *p = (unsigned char *)result.data();
2171- i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p);
2172+ i2d_RSAPublicKey(rsa_pkey, &p);
2173 p = (unsigned char *)result.data();
2174
2175 // put the DER public key back into openssl
2176@@ -1853,7 +1930,7 @@ public:
2177
2178 virtual int maximumEncryptSize(EncryptionAlgorithm alg) const
2179 {
2180- RSA *rsa = evp.pkey->pkey.rsa;
2181+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2182 int size = 0;
2183 switch(alg)
2184 {
2185@@ -1868,7 +1945,7 @@ public:
2186
2187 virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg)
2188 {
2189- RSA *rsa = evp.pkey->pkey.rsa;
2190+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2191 SecureArray buf = in;
2192 int max = maximumEncryptSize(alg);
2193
2194@@ -1901,7 +1978,7 @@ public:
2195
2196 virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg)
2197 {
2198- RSA *rsa = evp.pkey->pkey.rsa;
2199+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2200 SecureArray result(RSA_size(rsa));
2201 int pad;
2202
2203@@ -2022,14 +2099,10 @@ public:
2204 evp.reset();
2205
2206 RSA *rsa = RSA_new();
2207- rsa->n = bi2bn(n);
2208- rsa->e = bi2bn(e);
2209- rsa->p = bi2bn(p);
2210- rsa->q = bi2bn(q);
2211- rsa->d = bi2bn(d);
2212-
2213- if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d)
2214+ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0
2215+ || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0)
2216 {
2217+ // Free BIGNUMS?
2218 RSA_free(rsa);
2219 return;
2220 }
2221@@ -2037,7 +2110,7 @@ public:
2222 // When private key has no Public Exponent (e) or Private Exponent (d)
2223 // need to disable blinding. Otherwise decryption will be broken.
2224 // http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html
2225- if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d))
2226+ if(e == BigInteger(0) || d == BigInteger(0))
2227 RSA_blinding_off(rsa);
2228
2229 evp.pkey = EVP_PKEY_new();
2230@@ -2050,10 +2123,7 @@ public:
2231 evp.reset();
2232
2233 RSA *rsa = RSA_new();
2234- rsa->n = bi2bn(n);
2235- rsa->e = bi2bn(e);
2236-
2237- if(!rsa->n || !rsa->e)
2238+ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0)
2239 {
2240 RSA_free(rsa);
2241 return;
2242@@ -2066,27 +2136,42 @@ public:
2243
2244 virtual BigInteger n() const
2245 {
2246- return bn2bi(evp.pkey->pkey.rsa->n);
2247+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2248+ const BIGNUM *bnn;
2249+ RSA_get0_key(rsa, &bnn, NULL, NULL);
2250+ return bn2bi(bnn);
2251 }
2252
2253 virtual BigInteger e() const
2254 {
2255- return bn2bi(evp.pkey->pkey.rsa->e);
2256+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2257+ const BIGNUM *bne;
2258+ RSA_get0_key(rsa, NULL, &bne, NULL);
2259+ return bn2bi(bne);
2260 }
2261
2262 virtual BigInteger p() const
2263 {
2264- return bn2bi(evp.pkey->pkey.rsa->p);
2265+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2266+ const BIGNUM *bnp;
2267+ RSA_get0_factors(rsa, &bnp, NULL);
2268+ return bn2bi(bnp);
2269 }
2270
2271 virtual BigInteger q() const
2272 {
2273- return bn2bi(evp.pkey->pkey.rsa->q);
2274+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2275+ const BIGNUM *bnq;
2276+ RSA_get0_factors(rsa, NULL, &bnq);
2277+ return bn2bi(bnq);
2278 }
2279
2280 virtual BigInteger d() const
2281 {
2282- return bn2bi(evp.pkey->pkey.rsa->d);
2283+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2284+ const BIGNUM *bnd;
2285+ RSA_get0_key(rsa, NULL, NULL, &bnd);
2286+ return bn2bi(bnd);
2287 }
2288
2289 private slots:
2290@@ -2135,10 +2220,12 @@ public:
2291 virtual void run()
2292 {
2293 DSA *dsa = DSA_new();
2294- dsa->p = bi2bn(domain.p());
2295- dsa->q = bi2bn(domain.q());
2296- dsa->g = bi2bn(domain.g());
2297- if(!DSA_generate_key(dsa))
2298+ BIGNUM *pne = bi2bn(domain.p()),
2299+ *qne = bi2bn(domain.q()),
2300+ *gne = bi2bn(domain.g());
2301+
2302+ if(!DSA_set0_pqg(dsa, pne, qne, gne)
2303+ || !DSA_generate_key(dsa))
2304 {
2305 DSA_free(dsa);
2306 return;
2307@@ -2213,10 +2300,11 @@ public:
2308 return;
2309
2310 // extract the public key into DER format
2311- int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL);
2312+ DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey);
2313+ int len = i2d_DSAPublicKey(dsa_pkey, NULL);
2314 SecureArray result(len);
2315 unsigned char *p = (unsigned char *)result.data();
2316- i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p);
2317+ i2d_DSAPublicKey(dsa_pkey, &p);
2318 p = (unsigned char *)result.data();
2319
2320 // put the DER public key back into openssl
2321@@ -2245,7 +2333,7 @@ public:
2322 else
2323 transformsig = false;
2324
2325- evp.startSign(EVP_dss1());
2326+ evp.startSign(EVP_sha1());
2327 }
2328
2329 virtual void startVerify(SignatureAlgorithm, SignatureFormat format)
2330@@ -2256,7 +2344,7 @@ public:
2331 else
2332 transformsig = false;
2333
2334- evp.startVerify(EVP_dss1());
2335+ evp.startVerify(EVP_sha1());
2336 }
2337
2338 virtual void update(const MemoryRegion &in)
2339@@ -2306,13 +2394,14 @@ public:
2340 evp.reset();
2341
2342 DSA *dsa = DSA_new();
2343- dsa->p = bi2bn(domain.p());
2344- dsa->q = bi2bn(domain.q());
2345- dsa->g = bi2bn(domain.g());
2346- dsa->pub_key = bi2bn(y);
2347- dsa->priv_key = bi2bn(x);
2348+ BIGNUM *bnp = bi2bn(domain.p());
2349+ BIGNUM *bnq = bi2bn(domain.q());
2350+ BIGNUM *bng = bi2bn(domain.g());
2351+ BIGNUM *bnpub_key = bi2bn(y);
2352+ BIGNUM *bnpriv_key = bi2bn(x);
2353
2354- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key)
2355+ if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
2356+ || !DSA_set0_key(dsa, bnpub_key, bnpriv_key))
2357 {
2358 DSA_free(dsa);
2359 return;
2360@@ -2328,12 +2417,13 @@ public:
2361 evp.reset();
2362
2363 DSA *dsa = DSA_new();
2364- dsa->p = bi2bn(domain.p());
2365- dsa->q = bi2bn(domain.q());
2366- dsa->g = bi2bn(domain.g());
2367- dsa->pub_key = bi2bn(y);
2368+ BIGNUM *bnp = bi2bn(domain.p());
2369+ BIGNUM *bnq = bi2bn(domain.q());
2370+ BIGNUM *bng = bi2bn(domain.g());
2371+ BIGNUM *bnpub_key = bi2bn(y);
2372
2373- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key)
2374+ if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
2375+ || !DSA_set0_key(dsa, bnpub_key, NULL))
2376 {
2377 DSA_free(dsa);
2378 return;
2379@@ -2346,17 +2436,26 @@ public:
2380
2381 virtual DLGroup domain() const
2382 {
2383- return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g));
2384+ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
2385+ const BIGNUM *bnp, *bnq, *bng;
2386+ DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
2387+ return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng));
2388 }
2389
2390 virtual BigInteger y() const
2391 {
2392- return bn2bi(evp.pkey->pkey.dsa->pub_key);
2393+ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
2394+ const BIGNUM *bnpub_key;
2395+ DSA_get0_key(dsa, &bnpub_key, NULL);
2396+ return bn2bi(bnpub_key);
2397 }
2398
2399 virtual BigInteger x() const
2400 {
2401- return bn2bi(evp.pkey->pkey.dsa->priv_key);
2402+ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
2403+ const BIGNUM *bnpriv_key;
2404+ DSA_get0_key(dsa, NULL, &bnpriv_key);
2405+ return bn2bi(bnpriv_key);
2406 }
2407
2408 private slots:
2409@@ -2405,9 +2504,10 @@ public:
2410 virtual void run()
2411 {
2412 DH *dh = DH_new();
2413- dh->p = bi2bn(domain.p());
2414- dh->g = bi2bn(domain.g());
2415- if(!DH_generate_key(dh))
2416+ BIGNUM *bnp = bi2bn(domain.p());
2417+ BIGNUM *bng = bi2bn(domain.g());
2418+ if(!DH_set0_pqg(dh, bnp, NULL, bng)
2419+ || !DH_generate_key(dh))
2420 {
2421 DH_free(dh);
2422 return;
2423@@ -2479,11 +2579,14 @@ public:
2424 if(!sec)
2425 return;
2426
2427- DH *orig = evp.pkey->pkey.dh;
2428+ DH *orig = EVP_PKEY_get0_DH(evp.pkey);
2429 DH *dh = DH_new();
2430- dh->p = BN_dup(orig->p);
2431- dh->g = BN_dup(orig->g);
2432- dh->pub_key = BN_dup(orig->pub_key);
2433+ const BIGNUM *bnp, *bng, *bnpub_key;
2434+ DH_get0_pqg(orig, &bnp, NULL, &bng);
2435+ DH_get0_key(orig, &bnpub_key, NULL);
2436+
2437+ DH_set0_key(dh, BN_dup(bnpub_key), NULL);
2438+ DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng));
2439
2440 evp.reset();
2441
2442@@ -2499,10 +2602,13 @@ public:
2443
2444 virtual SymmetricKey deriveKey(const PKeyBase &theirs)
2445 {
2446- DH *dh = evp.pkey->pkey.dh;
2447- DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh;
2448+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
2449+ DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey);
2450+ const BIGNUM *bnpub_key;
2451+ DH_get0_key(them, &bnpub_key, NULL);
2452+
2453 SecureArray result(DH_size(dh));
2454- int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh);
2455+ int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh);
2456 if(ret <= 0)
2457 return SymmetricKey();
2458 result.resize(ret);
2459@@ -2532,12 +2638,13 @@ public:
2460 evp.reset();
2461
2462 DH *dh = DH_new();
2463- dh->p = bi2bn(domain.p());
2464- dh->g = bi2bn(domain.g());
2465- dh->pub_key = bi2bn(y);
2466- dh->priv_key = bi2bn(x);
2467+ BIGNUM *bnp = bi2bn(domain.p());
2468+ BIGNUM *bng = bi2bn(domain.g());
2469+ BIGNUM *bnpub_key = bi2bn(y);
2470+ BIGNUM *bnpriv_key = bi2bn(x);
2471
2472- if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key)
2473+ if(!DH_set0_key(dh, bnpub_key, bnpriv_key)
2474+ || !DH_set0_pqg(dh, bnp, NULL, bng))
2475 {
2476 DH_free(dh);
2477 return;
2478@@ -2553,11 +2660,12 @@ public:
2479 evp.reset();
2480
2481 DH *dh = DH_new();
2482- dh->p = bi2bn(domain.p());
2483- dh->g = bi2bn(domain.g());
2484- dh->pub_key = bi2bn(y);
2485+ BIGNUM *bnp = bi2bn(domain.p());
2486+ BIGNUM *bng = bi2bn(domain.g());
2487+ BIGNUM *bnpub_key = bi2bn(y);
2488
2489- if(!dh->p || !dh->g || !dh->pub_key)
2490+ if(!DH_set0_key(dh, bnpub_key, NULL)
2491+ || !DH_set0_pqg(dh, bnp, NULL, bng))
2492 {
2493 DH_free(dh);
2494 return;
2495@@ -2570,17 +2678,26 @@ public:
2496
2497 virtual DLGroup domain() const
2498 {
2499- return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g));
2500+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
2501+ const BIGNUM *bnp, *bng;
2502+ DH_get0_pqg(dh, &bnp, NULL, &bng);
2503+ return DLGroup(bn2bi(bnp), bn2bi(bng));
2504 }
2505
2506 virtual BigInteger y() const
2507 {
2508- return bn2bi(evp.pkey->pkey.dh->pub_key);
2509+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
2510+ const BIGNUM *bnpub_key;
2511+ DH_get0_key(dh, &bnpub_key, NULL);
2512+ return bn2bi(bnpub_key);
2513 }
2514
2515 virtual BigInteger x() const
2516 {
2517- return bn2bi(evp.pkey->pkey.dh->priv_key);
2518+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
2519+ const BIGNUM *bnpriv_key;
2520+ DH_get0_key(dh, NULL, &bnpriv_key);
2521+ return bn2bi(bnpriv_key);
2522 }
2523
2524 private slots:
2525@@ -2619,10 +2736,14 @@ public:
2526 {
2527 key = _key;
2528 RSA_set_method(rsa, rsa_method());
2529+#ifndef OSSL_110
2530 rsa->flags |= RSA_FLAG_SIGN_VER;
2531+#endif
2532 RSA_set_app_data(rsa, this);
2533- rsa->n = bi2bn(_key.n());
2534- rsa->e = bi2bn(_key.e());
2535+ BIGNUM *bnn = bi2bn(_key.n());
2536+ BIGNUM *bne = bi2bn(_key.e());
2537+
2538+ RSA_set0_key(rsa, bnn, bne, NULL);
2539 }
2540
2541 RSA_METHOD *rsa_method()
2542@@ -2631,12 +2752,16 @@ public:
2543
2544 if(!ops)
2545 {
2546- ops = new RSA_METHOD(*RSA_get_default_method());
2547- ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt;
2548- ops->rsa_priv_dec = rsa_priv_dec;
2549- ops->rsa_sign = rsa_sign;
2550- ops->rsa_verify = 0;//pkcs11_rsa_verify;
2551- ops->finish = rsa_finish;
2552+ ops = RSA_meth_dup(RSA_get_default_method());
2553+ RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt
2554+ RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt
2555+#ifdef OSSL_110
2556+ RSA_meth_set_sign(ops, NULL);
2557+#else
2558+ RSA_meth_set_sign(ops, rsa_sign);
2559+#endif
2560+ RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
2561+ RSA_meth_set_finish(ops, rsa_finish);
2562 }
2563 return ops;
2564 }
2565@@ -2676,6 +2801,7 @@ public:
2566 return -1;
2567 }
2568
2569+#ifndef OSSL_110
2570 static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
2571 {
2572 QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa);
2573@@ -2692,7 +2818,6 @@ public:
2574 }
2575 else
2576 {
2577-
2578 // make X509 packet
2579 X509_SIG sig;
2580 ASN1_TYPE parameter;
2581@@ -2766,6 +2891,7 @@ public:
2582
2583 return 1;
2584 }
2585+#endif
2586
2587 static int rsa_finish(RSA *rsa)
2588 {
2589@@ -2867,21 +2993,22 @@ public:
2590 PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const
2591 {
2592 PKeyBase *nk = 0;
2593- if(pkey->type == EVP_PKEY_RSA)
2594+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2595+ if(pkey_type == EVP_PKEY_RSA)
2596 {
2597 RSAKey *c = new RSAKey(provider());
2598 c->evp.pkey = pkey;
2599 c->sec = sec;
2600 nk = c;
2601 }
2602- else if(pkey->type == EVP_PKEY_DSA)
2603+ else if(pkey_type == EVP_PKEY_DSA)
2604 {
2605 DSAKey *c = new DSAKey(provider());
2606 c->evp.pkey = pkey;
2607 c->sec = sec;
2608 nk = c;
2609 }
2610- else if(pkey->type == EVP_PKEY_DH)
2611+ else if(pkey_type == EVP_PKEY_DH)
2612 {
2613 DHKey *c = new DHKey(provider());
2614 c->evp.pkey = pkey;
2615@@ -2899,8 +3026,10 @@ public:
2616 {
2617 EVP_PKEY *pkey = get_pkey();
2618
2619+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2620+
2621 // OpenSSL does not have DH import/export support
2622- if(pkey->type == EVP_PKEY_DH)
2623+ if(pkey_type == EVP_PKEY_DH)
2624 return QByteArray();
2625
2626 BIO *bo = BIO_new(BIO_s_mem());
2627@@ -2913,8 +3042,10 @@ public:
2628 {
2629 EVP_PKEY *pkey = get_pkey();
2630
2631+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2632+
2633 // OpenSSL does not have DH import/export support
2634- if(pkey->type == EVP_PKEY_DH)
2635+ if(pkey_type == EVP_PKEY_DH)
2636 return QString();
2637
2638 BIO *bo = BIO_new(BIO_s_mem());
2639@@ -2979,9 +3110,10 @@ public:
2640 return SecureArray();
2641
2642 EVP_PKEY *pkey = get_pkey();
2643+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2644
2645 // OpenSSL does not have DH import/export support
2646- if(pkey->type == EVP_PKEY_DH)
2647+ if(pkey_type == EVP_PKEY_DH)
2648 return SecureArray();
2649
2650 BIO *bo = BIO_new(BIO_s_mem());
2651@@ -3008,9 +3140,10 @@ public:
2652 return QString();
2653
2654 EVP_PKEY *pkey = get_pkey();
2655+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2656
2657 // OpenSSL does not have DH import/export support
2658- if(pkey->type == EVP_PKEY_DH)
2659+ if(pkey_type == EVP_PKEY_DH)
2660 return QString();
2661
2662 BIO *bo = BIO_new(BIO_s_mem());
2663@@ -3111,11 +3244,18 @@ public:
2664 crl = from.crl;
2665
2666 if(cert)
2667- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
2668+ X509_up_ref(cert);
2669 if(req)
2670+ {
2671+#ifdef OSSL_110
2672+ // Not exposed, so copy
2673+ req = X509_REQ_dup(req);
2674+#else
2675 CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ);
2676+#endif
2677+ }
2678 if(crl)
2679- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
2680+ X509_CRL_up_ref(crl);
2681 }
2682
2683 return *this;
2684@@ -3221,7 +3361,7 @@ public:
2685 //
2686 // This code is mostly taken from OpenSSL v0.9.5a
2687 // by Eric Young
2688-QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt)
2689+QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt)
2690 {
2691 QDateTime qdt;
2692 char *v;
2693@@ -3319,7 +3459,7 @@ public:
2694
2695 void fromX509(X509 *x)
2696 {
2697- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2698+ X509_up_ref(x);
2699 item.cert = x;
2700 make_props();
2701 }
2702@@ -3350,7 +3490,7 @@ public:
2703 if(priv.key()->type() == PKey::RSA)
2704 md = EVP_sha1();
2705 else if(priv.key()->type() == PKey::DSA)
2706- md = EVP_dss1();
2707+ md = EVP_sha1();
2708 else
2709 return false;
2710
2711@@ -3481,7 +3621,7 @@ public:
2712
2713 const MyCertContext *our_cc = this;
2714 X509 *x = our_cc->item.cert;
2715- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2716+ X509_up_ref(x);
2717 sk_X509_push(untrusted_list, x);
2718
2719 const MyCertContext *other_cc = static_cast<const MyCertContext *>(other);
2720@@ -3596,14 +3736,21 @@ public:
2721 p.policies = get_cert_policies(ex);
2722 }
2723
2724- if (x->signature)
2725+#ifdef OSSL_110
2726+ const
2727+#endif
2728+ ASN1_BIT_STRING *signature;
2729+
2730+ X509_get0_signature(&signature, NULL, x);
2731+ if(signature)
2732 {
2733- p.sig = QByteArray(x->signature->length, 0);
2734- for (int i=0; i< x->signature->length; i++)
2735- p.sig[i] = x->signature->data[i];
2736+ p.sig = QByteArray(signature->length, 0);
2737+ for (int i=0; i< signature->length; i++)
2738+ p.sig[i] = signature->data[i];
2739 }
2740
2741- switch( OBJ_obj2nid(x->cert_info->signature->algorithm) )
2742+
2743+ switch( X509_get_signature_nid(x) )
2744 {
2745 case NID_sha1WithRSAEncryption:
2746 p.sigalgo = QCA::EMSA3_SHA1;
2747@@ -3635,7 +3782,7 @@ public:
2748 p.sigalgo = QCA::EMSA3_SHA512;
2749 break;
2750 default:
2751- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm);
2752+ qDebug() << "Unknown signature value: " << X509_get_signature_nid(x);
2753 p.sigalgo = QCA::SignatureUnknown;
2754 }
2755
2756@@ -3752,7 +3899,7 @@ public:
2757 if(privateKey -> key()->type() == PKey::RSA)
2758 md = EVP_sha1();
2759 else if(privateKey -> key()->type() == PKey::DSA)
2760- md = EVP_dss1();
2761+ md = EVP_sha1();
2762 else
2763 return 0;
2764
2765@@ -3935,7 +4082,7 @@ public:
2766 if(priv.key()->type() == PKey::RSA)
2767 md = EVP_sha1();
2768 else if(priv.key()->type() == PKey::DSA)
2769- md = EVP_dss1();
2770+ md = EVP_sha1();
2771 else
2772 return false;
2773
2774@@ -4096,14 +4243,17 @@ public:
2775
2776 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
2777
2778- if (x->signature)
2779+ const ASN1_BIT_STRING *signature;
2780+
2781+ X509_REQ_get0_signature(x, &signature, NULL);
2782+ if(signature)
2783 {
2784- p.sig = QByteArray(x->signature->length, 0);
2785- for (int i=0; i< x->signature->length; i++)
2786- p.sig[i] = x->signature->data[i];
2787+ p.sig = QByteArray(signature->length, 0);
2788+ for (int i=0; i< signature->length; i++)
2789+ p.sig[i] = signature->data[i];
2790 }
2791
2792- switch( OBJ_obj2nid(x->sig_alg->algorithm) )
2793+ switch( X509_REQ_get_signature_nid(x) )
2794 {
2795 case NID_sha1WithRSAEncryption:
2796 p.sigalgo = QCA::EMSA3_SHA1;
2797@@ -4123,7 +4273,7 @@ public:
2798 p.sigalgo = QCA::EMSA1_SHA1;
2799 break;
2800 default:
2801- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
2802+ qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x);
2803 p.sigalgo = QCA::SignatureUnknown;
2804 }
2805
2806@@ -4187,7 +4337,7 @@ public:
2807
2808 void fromX509(X509_CRL *x)
2809 {
2810- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
2811+ X509_CRL_up_ref(x);
2812 item.crl = x;
2813 make_props();
2814 }
2815@@ -4232,15 +4382,15 @@ public:
2816
2817 issuer = get_cert_name(X509_CRL_get_issuer(x));
2818
2819- p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_lastUpdate(x), NULL);
2820- p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_nextUpdate(x), NULL);
2821+ p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_lastUpdate(x), NULL);
2822+ p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_nextUpdate(x), NULL);
2823
2824 STACK_OF(X509_REVOKED)* revokeStack = X509_CRL_get_REVOKED(x);
2825
2826 for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) {
2827 X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i);
2828- BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL));
2829- QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL);
2830+ BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL));
2831+ QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL);
2832 QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified;
2833 int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1);
2834 if (pos != -1) {
2835@@ -4289,13 +4439,18 @@ public:
2836 p.revoked.append(thisEntry);
2837 }
2838
2839- if (x->signature)
2840+ const ASN1_BIT_STRING *signature;
2841+
2842+ X509_CRL_get0_signature(x, &signature, NULL);
2843+ if(signature)
2844 {
2845- p.sig = QByteArray(x->signature->length, 0);
2846- for (int i=0; i< x->signature->length; i++)
2847- p.sig[i] = x->signature->data[i];
2848+ p.sig = QByteArray(signature->length, 0);
2849+ for (int i=0; i< signature->length; i++)
2850+ p.sig[i] = signature->data[i];
2851 }
2852- switch( OBJ_obj2nid(x->sig_alg->algorithm) )
2853+
2854+
2855+ switch( X509_CRL_get_signature_nid(x) )
2856 {
2857 case NID_sha1WithRSAEncryption:
2858 p.sigalgo = QCA::EMSA3_SHA1;
2859@@ -4327,7 +4482,7 @@ public:
2860 p.sigalgo = QCA::EMSA3_SHA512;
2861 break;
2862 default:
2863- qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
2864+ qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x);
2865 p.sigalgo = QCA::SignatureUnknown;
2866 }
2867
2868@@ -4488,21 +4643,21 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
2869 {
2870 const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
2871 X509 *x = cc->item.cert;
2872- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2873+ X509_up_ref(x);
2874 sk_X509_push(trusted_list, x);
2875 }
2876 for(n = 0; n < untrusted.count(); ++n)
2877 {
2878 const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]);
2879 X509 *x = cc->item.cert;
2880- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2881+ X509_up_ref(x);
2882 sk_X509_push(untrusted_list, x);
2883 }
2884 for(n = 0; n < crls.count(); ++n)
2885 {
2886 const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
2887 X509_CRL *x = cc->item.crl;
2888- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
2889+ X509_CRL_up_ref(x);
2890 crl_list.append(x);
2891 }
2892
2893@@ -4527,7 +4682,7 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
2894 int ret = X509_verify_cert(ctx);
2895 int err = -1;
2896 if(!ret)
2897- err = ctx->error;
2898+ err = X509_STORE_CTX_get_error(ctx);
2899
2900 // cleanup
2901 X509_STORE_CTX_free(ctx);
2902@@ -4561,21 +4716,21 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
2903 {
2904 const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
2905 X509 *x = cc->item.cert;
2906- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2907+ X509_up_ref(x);
2908 sk_X509_push(trusted_list, x);
2909 }
2910 for(n = 1; n < chain.count(); ++n)
2911 {
2912 const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]);
2913 X509 *x = cc->item.cert;
2914- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2915+ X509_up_ref(x);
2916 sk_X509_push(untrusted_list, x);
2917 }
2918 for(n = 0; n < crls.count(); ++n)
2919 {
2920 const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
2921 X509_CRL *x = cc->item.crl;
2922- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
2923+ X509_CRL_up_ref(x);
2924 crl_list.append(x);
2925 }
2926
2927@@ -4600,7 +4755,7 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
2928 int ret = X509_verify_cert(ctx);
2929 int err = -1;
2930 if(!ret)
2931- err = ctx->error;
2932+ err = X509_STORE_CTX_get_error(ctx);
2933
2934 // grab the chain, which may not be fully populated
2935 STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx);
2936@@ -4664,7 +4819,7 @@ public:
2937 for(int n = 1; n < chain.count(); ++n)
2938 {
2939 X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert;
2940- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2941+ X509_up_ref(x);
2942 sk_X509_push(ca, x);
2943 }
2944 }
2945@@ -5399,7 +5554,7 @@ public:
2946 OpenSSL_add_ssl_algorithms();
2947 SSL_CTX *ctx = 0;
2948 switch (version) {
2949-#ifndef OPENSSL_NO_SSL2
2950+#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110)
2951 case TLS::SSL_v2:
2952 ctx = SSL_CTX_new(SSLv2_client_method());
2953 break;
2954@@ -5430,8 +5585,8 @@ public:
2955 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
2956 QStringList cipherList;
2957 for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
2958- SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
2959- cipherList += cipherIDtoString(version, thisCipher->id);
2960+ const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
2961+ cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher));
2962 }
2963
2964 SSL_free(ssl);
2965@@ -5808,13 +5963,15 @@ public:
2966 {
2967 SessionInfo sessInfo;
2968
2969- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
2970+ SSL_SESSION *session = SSL_get0_session(ssl);
2971+ sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session));
2972+ int ssl_version = SSL_version(ssl);
2973
2974- if (ssl->version == TLS1_VERSION)
2975+ if (ssl_version == TLS1_VERSION)
2976 sessInfo.version = TLS::TLS_v1;
2977- else if (ssl->version == SSL3_VERSION)
2978+ else if (ssl_version == SSL3_VERSION)
2979 sessInfo.version = TLS::SSL_v3;
2980- else if (ssl->version == SSL2_VERSION)
2981+ else if (ssl_version == SSL2_VERSION)
2982 sessInfo.version = TLS::SSL_v2;
2983 else {
2984 qDebug("unexpected version response");
2985@@ -5822,7 +5979,7 @@ public:
2986 }
2987
2988 sessInfo.cipherSuite = cipherIDtoString( sessInfo.version,
2989- SSL_get_current_cipher(ssl)->id);
2990+ SSL_CIPHER_get_id(SSL_get_current_cipher(ssl)));
2991
2992 sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
2993
2994@@ -6394,7 +6551,7 @@ public:
2995 for(int n = 0; n < nonroots.count(); ++n)
2996 {
2997 X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert;
2998- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2999+ X509_up_ref(x);
3000 sk_X509_push(other_certs, x);
3001 }
3002
3003@@ -6436,7 +6593,7 @@ public:
3004
3005 other_certs = sk_X509_new_null();
3006 X509 *x = static_cast<MyCertContext *>(target.context())->item.cert;
3007- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
3008+ X509_up_ref(x);
3009 sk_X509_push(other_certs, x);
3010
3011 bi = BIO_new(BIO_s_mem());
3012@@ -6499,7 +6656,7 @@ public:
3013 for(int n = 0; n < untrusted_list.count(); ++n)
3014 {
3015 X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert;
3016- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
3017+ X509_up_ref(x);
3018 sk_X509_push(other_certs, x);
3019 }
3020
3021@@ -6750,14 +6907,28 @@ public:
3022 opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type)
3023 {
3024 m_cryptoAlgorithm = algorithm;
3025- EVP_CIPHER_CTX_init(&m_context);
3026+ m_context = EVP_CIPHER_CTX_new();
3027+ EVP_CIPHER_CTX_init(m_context);
3028 m_pad = pad;
3029 m_type = type;
3030 }
3031
3032+ opensslCipherContext(const opensslCipherContext &other)
3033+ : CipherContext(other)
3034+ {
3035+ m_cryptoAlgorithm = other.m_cryptoAlgorithm;
3036+ m_context = EVP_CIPHER_CTX_new();
3037+ EVP_CIPHER_CTX_copy(m_context, other.m_context);
3038+ m_direction = other.m_direction;
3039+ m_pad = other.m_pad;
3040+ m_type = other.m_type;
3041+ m_tag = other.m_tag;
3042+ }
3043+
3044 ~opensslCipherContext()
3045 {
3046- EVP_CIPHER_CTX_cleanup(&m_context);
3047+ EVP_CIPHER_CTX_cleanup(m_context);
3048+ EVP_CIPHER_CTX_free(m_context);
3049 }
3050
3051 void setup(Direction dir,
3052@@ -6772,28 +6943,28 @@ public:
3053 m_cryptoAlgorithm = EVP_des_ede();
3054 }
3055 if (Encode == m_direction) {
3056- EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
3057- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
3058+ EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
3059+ EVP_CIPHER_CTX_set_key_length(m_context, key.size());
3060 if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
3061 int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
3062- EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
3063+ EVP_CIPHER_CTX_ctrl(m_context, parameter, iv.size(), NULL);
3064 }
3065- EVP_EncryptInit_ex(&m_context, 0, 0,
3066+ EVP_EncryptInit_ex(m_context, 0, 0,
3067 (const unsigned char*)(key.data()),
3068 (const unsigned char*)(iv.data()));
3069 } else {
3070- EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
3071- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
3072+ EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
3073+ EVP_CIPHER_CTX_set_key_length(m_context, key.size());
3074 if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
3075 int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
3076- EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
3077+ EVP_CIPHER_CTX_ctrl(m_context, parameter, iv.size(), NULL);
3078 }
3079- EVP_DecryptInit_ex(&m_context, 0, 0,
3080+ EVP_DecryptInit_ex(m_context, 0, 0,
3081 (const unsigned char*)(key.data()),
3082 (const unsigned char*)(iv.data()));
3083 }
3084
3085- EVP_CIPHER_CTX_set_padding(&m_context, m_pad);
3086+ EVP_CIPHER_CTX_set_padding(m_context, m_pad);
3087 }
3088
3089 Provider::Context *clone() const
3090@@ -6803,7 +6974,7 @@ public:
3091
3092 int blockSize() const
3093 {
3094- return EVP_CIPHER_CTX_block_size(&m_context);
3095+ return EVP_CIPHER_CTX_block_size(m_context);
3096 }
3097
3098 AuthTag tag() const
3099@@ -6821,7 +6992,7 @@ public:
3100 out->resize(in.size()+blockSize());
3101 int resultLength;
3102 if (Encode == m_direction) {
3103- if (0 == EVP_EncryptUpdate(&m_context,
3104+ if (0 == EVP_EncryptUpdate(m_context,
3105 (unsigned char*)out->data(),
3106 &resultLength,
3107 (unsigned char*)in.data(),
3108@@ -6829,7 +7000,7 @@ public:
3109 return false;
3110 }
3111 } else {
3112- if (0 == EVP_DecryptUpdate(&m_context,
3113+ if (0 == EVP_DecryptUpdate(m_context,
3114 (unsigned char*)out->data(),
3115 &resultLength,
3116 (unsigned char*)in.data(),
3117@@ -6846,25 +7017,25 @@ public:
3118 out->resize(blockSize());
3119 int resultLength;
3120 if (Encode == m_direction) {
3121- if (0 == EVP_EncryptFinal_ex(&m_context,
3122+ if (0 == EVP_EncryptFinal_ex(m_context,
3123 (unsigned char*)out->data(),
3124 &resultLength)) {
3125 return false;
3126 }
3127 if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
3128 int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_GET_TAG : EVP_CTRL_CCM_GET_TAG;
3129- if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) {
3130+ if (0 == EVP_CIPHER_CTX_ctrl(m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) {
3131 return false;
3132 }
3133 }
3134 } else {
3135 if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
3136 int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_TAG : EVP_CTRL_CCM_SET_TAG;
3137- if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), m_tag.data())) {
3138+ if (0 == EVP_CIPHER_CTX_ctrl(m_context, parameter, m_tag.size(), m_tag.data())) {
3139 return false;
3140 }
3141 }
3142- if (0 == EVP_DecryptFinal_ex(&m_context,
3143+ if (0 == EVP_DecryptFinal_ex(m_context,
3144 (unsigned char*)out->data(),
3145 &resultLength)) {
3146 return false;
3147@@ -6899,7 +7070,7 @@ public:
3148
3149
3150 protected:
3151- EVP_CIPHER_CTX m_context;
3152+ EVP_CIPHER_CTX *m_context;
3153 const EVP_CIPHER *m_cryptoAlgorithm;
3154 Direction m_direction;
3155 int m_pad;
3156
Qt Cryptographic Architecture (QCA) Library
This page took 0.489954 seconds and 4 git commands to generate.