1 commit 57878ff44f9bb41155dea425949d344b87652aeb
2 Author: Ivan Romanov <drizt@land.ru>
3 Date: Wed Aug 10 12:16:46 2016 +0500
5 Add support for AES GCM and AES CCM modes
7 Only qca-openssl now can use GCM and CCM. CCM is not tested and
10 diff --git a/include/QtCrypto/qca_basic.h b/include/QtCrypto/qca_basic.h
11 index c36a2bd..3806c29 100644
12 --- a/include/QtCrypto/qca_basic.h
13 +++ b/include/QtCrypto/qca_basic.h
15 * qca_basic.h - Qt Cryptographic Architecture
16 * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
17 * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net>
18 + * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
20 * This library is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU Lesser General Public
22 @@ -583,6 +584,7 @@ private:
27 class QCA_EXPORT Cipher : public Algorithm, public Filter
30 @@ -599,7 +601,9 @@ public:
31 CFB, ///< operate in %Cipher FeedBack mode
32 ECB, ///< operate in Electronic Code Book mode
33 OFB, ///< operate in Output FeedBack Mode
34 - CTR ///< operate in CounTer Mode
35 + CTR, ///< operate in CounTer Mode
36 + GCM, ///< operate in Galois Counter Mode
37 + CCM ///< operate in Counter with CBC-MAC
41 @@ -636,6 +640,28 @@ public:
42 const InitializationVector &iv = InitializationVector(),
43 const QString &provider = QString());
46 + Standard constructor
48 + \param type the name of the cipher specialisation to use (e.g.
50 + \param mode the operating Mode to use (e.g. QCA::Cipher::CBC)
51 + \param pad the type of Padding to use
52 + \param dir the Direction that this Cipher should use (Encode for
53 + encryption, Decode for decryption)
54 + \param key the SymmetricKey array that is the key
55 + \param iv the InitializationVector to use (not used for ECB mode)
56 + \param tag the AuthTag to use (only for GCM and CCM modes)
57 + \param provider the name of the Provider to use
59 + \note Padding only applies to CBC and ECB modes. CFB and OFB
60 + ciphertext is always the length of the plaintext.
62 + Cipher(const QString &type, Mode mode, Padding pad,
63 + Direction dir, const SymmetricKey &key,
64 + const InitializationVector &iv, const AuthTag &tag,
65 + const QString &provider = QString());
68 Standard copy constructor
70 @@ -699,6 +725,11 @@ public:
72 int blockSize() const;
75 + return the authentication tag for the cipher object
77 + AuthTag tag() const;
80 reset the cipher object, to allow re-use
82 @@ -741,6 +772,22 @@ public:
84 void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv = InitializationVector());
87 + Reset / reconfigure the Cipher
89 + You can use this to re-use an existing Cipher, rather than creating
90 + a new object with a slightly different configuration.
92 + \param dir the Direction that this Cipher should use (Encode for
93 + encryption, Decode for decryption)
94 + \param key the SymmetricKey array that is the key
95 + \param iv the InitializationVector to use (not used for ECB Mode)
96 + \param tag the AuthTag to use (only for GCM and CCM modes)
98 + \note You should not leave iv empty for any Mode except ECB.
100 + void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag);
103 Construct a Cipher type string
105 @@ -751,7 +798,6 @@ public:
108 static QString withAlgorithms(const QString &cipherType, Mode modeType, Padding paddingType);
113 diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h
114 index beda5b1..f5c4601 100644
115 --- a/include/QtCrypto/qca_core.h
116 +++ b/include/QtCrypto/qca_core.h
118 * qca_core.h - Qt Cryptographic Architecture
119 * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
120 * Copyright (C) 2004,2005 Brad Hards <bradh@frogmouth.net>
121 + * Copyright (C) 2014-2016 Ivan Romanov <drizt@land.ru>
123 * This library is free software; you can redistribute it and/or
124 * modify it under the terms of the GNU Lesser General Public
125 @@ -1294,6 +1295,43 @@ public:
126 InitializationVector(const QByteArray &a);
130 + \class AuthTag qca_core.h QtCrypto
132 + Container for authentication tag
136 +class QCA_EXPORT AuthTag : public SecureArray
140 + Construct an empty authentication tag
145 + Construct an empty authentication tag of the specified size
147 + \param size the length of the authentication tag, in bytes
152 + Construct an authentication tag from a provided byte array
154 + \param a the byte array to copy
156 + AuthTag(const SecureArray &a);
159 + Construct an authentication tag from a provided byte array
161 + \param a the byte array to copy
163 + AuthTag(const QByteArray &a);
167 \class Event qca_core.h QtCrypto
169 diff --git a/include/QtCrypto/qcaprovider.h b/include/QtCrypto/qcaprovider.h
170 index c8ddff4..d4b54f9 100644
171 --- a/include/QtCrypto/qcaprovider.h
172 +++ b/include/QtCrypto/qcaprovider.h
173 @@ -234,8 +234,9 @@ public:
174 \param dir the direction for the cipher (encryption/decryption)
175 \param key the symmetric key to use for the cipher
176 \param iv the initialization vector to use for the cipher (not used in ECB mode)
177 + \param tag the AuthTag to use (only for GCM and CCM modes)
179 - virtual void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv) = 0;
180 + virtual void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag) = 0;
183 Returns the KeyLength for this cipher
184 @@ -247,6 +248,11 @@ public:
186 virtual int blockSize() const = 0;
189 + Returns the authentication tag for this cipher
191 + virtual AuthTag tag() const = 0;
194 Process a chunk of data. Returns true if successful.
196 diff --git a/plugins/qca-botan/qca-botan.cpp b/plugins/qca-botan/qca-botan.cpp
197 index 1cc984a..f387575 100644
198 --- a/plugins/qca-botan/qca-botan.cpp
199 +++ b/plugins/qca-botan/qca-botan.cpp
200 @@ -263,8 +263,10 @@ public:
202 void setup(QCA::Direction dir,
203 const QCA::SymmetricKey &key,
204 - const QCA::InitializationVector &iv)
205 + const QCA::InitializationVector &iv,
206 + const QCA::AuthTag &tag)
211 Botan::SymmetricKey keyCopy((Botan::byte*)key.data(), key.size());
212 @@ -305,6 +307,12 @@ public:
213 return Botan::block_size_of(m_algoName);
216 + QCA::AuthTag tag() const
218 + // For future implementation
219 + return QCA::AuthTag();
222 bool update(const QCA::SecureArray &in, QCA::SecureArray *out)
224 m_crypter->write((Botan::byte*)in.data(), in.size());
225 diff --git a/plugins/qca-gcrypt/qca-gcrypt.cpp b/plugins/qca-gcrypt/qca-gcrypt.cpp
226 index 72f05a1..780fcdd 100644
227 --- a/plugins/qca-gcrypt/qca-gcrypt.cpp
228 +++ b/plugins/qca-gcrypt/qca-gcrypt.cpp
229 @@ -163,8 +163,10 @@ public:
231 void setup(QCA::Direction dir,
232 const QCA::SymmetricKey &key,
233 - const QCA::InitializationVector &iv)
234 + const QCA::InitializationVector &iv,
235 + const QCA::AuthTag &tag)
239 err = gcry_cipher_open( &context, m_cryptoAlgorithm, m_mode, 0 );
240 check_error( "gcry_cipher_open", err );
241 @@ -195,6 +197,12 @@ public:
245 + QCA::AuthTag tag() const
247 + // For future implementation
248 + return QCA::AuthTag();
251 bool update(const QCA::SecureArray &in, QCA::SecureArray *out)
253 QCA::SecureArray result( in.size() );
254 diff --git a/plugins/qca-nss/qca-nss.cpp b/plugins/qca-nss/qca-nss.cpp
255 index f4fdef3..db01eb0 100644
256 --- a/plugins/qca-nss/qca-nss.cpp
257 +++ b/plugins/qca-nss/qca-nss.cpp
258 @@ -304,10 +304,12 @@ public:
262 - void setup( QCA::Direction dir,
263 - const QCA::SymmetricKey &key,
264 - const QCA::InitializationVector &iv )
265 + void setup(QCA::Direction dir,
266 + const QCA::SymmetricKey &key,
267 + const QCA::InitializationVector &iv,
268 + const QCA::AuthTag &tag)
271 /* Get a slot to use for the crypto operations */
272 m_slot = PK11_GetBestSlot( m_cipherMechanism, NULL );
274 @@ -365,6 +367,12 @@ public:
275 return PK11_GetBlockSize( m_cipherMechanism, m_params);
278 + QCA::AuthTag tag() const
280 + // For future implementation
281 + return QCA::AuthTag();
284 bool update( const QCA::SecureArray &in, QCA::SecureArray *out )
286 out->resize(in.size()+blockSize());
287 diff --git a/plugins/qca-ossl/CMakeLists.txt b/plugins/qca-ossl/CMakeLists.txt
288 index cdeaeca..d87bc5a 100644
289 --- a/plugins/qca-ossl/CMakeLists.txt
290 +++ b/plugins/qca-ossl/CMakeLists.txt
291 @@ -25,6 +25,20 @@ if(OPENSSL_FOUND)
292 message(WARNING "qca-ossl will be compiled without AES CTR mode encryption support")
293 endif(HAVE_OPENSSL_AES_CTR)
295 + check_function_exists(EVP_aes_128_gcm HAVE_OPENSSL_AES_GCM)
296 + if(HAVE_OPENSSL_AES_GCM)
297 + add_definitions(-DHAVE_OPENSSL_AES_GCM)
299 + message(WARNING "qca-ossl will be compiled without AES GCM mode encryption support")
302 + check_function_exists(EVP_aes_128_ccm HAVE_OPENSSL_AES_CCM)
303 + if(HAVE_OPENSSL_AES_CCM)
304 + add_definitions(-DHAVE_OPENSSL_AES_CCM)
306 + message(WARNING "qca-ossl will be compiled without AES CCM mode encryption support")
309 check_function_exists(EVP_sha HAVE_OPENSSL_SHA0)
310 if(HAVE_OPENSSL_SHA0)
311 add_definitions(-DHAVE_OPENSSL_SHA0)
312 diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
313 index f0b9431..a507604 100644
314 --- a/plugins/qca-ossl/qca-ossl.cpp
315 +++ b/plugins/qca-ossl/qca-ossl.cpp
318 * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com>
319 * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
320 + * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
322 * This library is free software; you can redistribute it and/or
323 * modify it under the terms of the GNU Lesser General Public
324 @@ -6761,8 +6762,10 @@ public:
326 void setup(Direction dir,
327 const SymmetricKey &key,
328 - const InitializationVector &iv)
329 + const InitializationVector &iv,
330 + const AuthTag &tag)
334 if ( ( m_cryptoAlgorithm == EVP_des_ede3() ) && (key.size() == 16) ) {
335 // this is really a two key version of triple DES.
336 @@ -6771,12 +6774,20 @@ public:
337 if (Encode == m_direction) {
338 EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
339 EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
340 + if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
341 + int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
342 + EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
344 EVP_EncryptInit_ex(&m_context, 0, 0,
345 (const unsigned char*)(key.data()),
346 (const unsigned char*)(iv.data()));
348 EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
349 EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
350 + if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
351 + int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
352 + EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
354 EVP_DecryptInit_ex(&m_context, 0, 0,
355 (const unsigned char*)(key.data()),
356 (const unsigned char*)(iv.data()));
357 @@ -6795,6 +6806,11 @@ public:
358 return EVP_CIPHER_CTX_block_size(&m_context);
361 + AuthTag tag() const
366 bool update(const SecureArray &in, SecureArray *out)
368 // This works around a problem in OpenSSL, where it asserts if
369 @@ -6835,7 +6851,19 @@ public:
373 + if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
374 + int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_GET_TAG : EVP_CTRL_CCM_GET_TAG;
375 + if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) {
380 + if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
381 + int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_TAG : EVP_CTRL_CCM_SET_TAG;
382 + if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), m_tag.data())) {
386 if (0 == EVP_DecryptFinal_ex(&m_context,
387 (unsigned char*)out->data(),
389 @@ -6876,6 +6904,7 @@ protected:
390 Direction m_direction;
396 static QStringList all_hash_types()
397 @@ -6921,6 +6950,12 @@ static QStringList all_cipher_types()
398 list += "aes128-ofb";
399 #ifdef HAVE_OPENSSL_AES_CTR
400 list += "aes128-ctr";
402 +#ifdef HAVE_OPENSSL_AES_GCM
403 + list += "aes128-gcm";
405 +#ifdef HAVE_OPENSSL_AES_CCM
406 + list += "aes128-ccm";
408 list += "aes192-ecb";
409 list += "aes192-cfb";
410 @@ -6929,6 +6964,12 @@ static QStringList all_cipher_types()
411 list += "aes192-ofb";
412 #ifdef HAVE_OPENSSL_AES_CTR
413 list += "aes192-ctr";
415 +#ifdef HAVE_OPENSSL_AES_GCM
416 + list += "aes192-gcm";
418 +#ifdef HAVE_OPENSSL_AES_CCM
419 + list += "aes192-ccm";
421 list += "aes256-ecb";
422 list += "aes256-cbc";
423 @@ -6937,6 +6978,12 @@ static QStringList all_cipher_types()
424 list += "aes256-ofb";
425 #ifdef HAVE_OPENSSL_AES_CTR
426 list += "aes256-ctr";
428 +#ifdef HAVE_OPENSSL_AES_GCM
429 + list += "aes256-gcm";
431 +#ifdef HAVE_OPENSSL_AES_CCM
432 + list += "aes256-ccm";
434 list += "blowfish-ecb";
435 list += "blowfish-cbc-pkcs7";
436 @@ -7216,6 +7263,14 @@ public:
437 #ifdef HAVE_OPENSSL_AES_CTR
438 else if ( type == "aes128-ctr" )
439 return new opensslCipherContext( EVP_aes_128_ctr(), 0, this, type);
441 +#ifdef HAVE_OPENSSL_AES_GCM
442 + else if ( type == "aes128-gcm" )
443 + return new opensslCipherContext( EVP_aes_128_gcm(), 0, this, type);
445 +#ifdef HAVE_OPENSSL_AES_CCM
446 + else if ( type == "aes128-ccm" )
447 + return new opensslCipherContext( EVP_aes_128_ccm(), 0, this, type);
449 else if ( type == "aes192-ecb" )
450 return new opensslCipherContext( EVP_aes_192_ecb(), 0, this, type);
451 @@ -7230,6 +7285,14 @@ public:
452 #ifdef HAVE_OPENSSL_AES_CTR
453 else if ( type == "aes192-ctr" )
454 return new opensslCipherContext( EVP_aes_192_ctr(), 0, this, type);
456 +#ifdef HAVE_OPENSSL_AES_GCM
457 + else if ( type == "aes192-gcm" )
458 + return new opensslCipherContext( EVP_aes_192_gcm(), 0, this, type);
460 +#ifdef HAVE_OPENSSL_AES_CCM
461 + else if ( type == "aes192-ccm" )
462 + return new opensslCipherContext( EVP_aes_192_ccm(), 0, this, type);
464 else if ( type == "aes256-ecb" )
465 return new opensslCipherContext( EVP_aes_256_ecb(), 0, this, type);
466 @@ -7244,6 +7307,14 @@ public:
467 #ifdef HAVE_OPENSSL_AES_CTR
468 else if ( type == "aes256-ctr" )
469 return new opensslCipherContext( EVP_aes_256_ctr(), 0, this, type);
471 +#ifdef HAVE_OPENSSL_AES_GCM
472 + else if ( type == "aes256-gcm" )
473 + return new opensslCipherContext( EVP_aes_256_gcm(), 0, this, type);
475 +#ifdef HAVE_OPENSSL_AES_CCM
476 + else if ( type == "aes256-ccm" )
477 + return new opensslCipherContext( EVP_aes_256_ccm(), 0, this, type);
479 else if ( type == "blowfish-ecb" )
480 return new opensslCipherContext( EVP_bf_ecb(), 0, this, type);
481 diff --git a/src/qca_basic.cpp b/src/qca_basic.cpp
482 index 89bf966..c2e10e1 100644
483 --- a/src/qca_basic.cpp
484 +++ b/src/qca_basic.cpp
485 @@ -262,6 +262,7 @@ public:
488 InitializationVector iv;
493 @@ -280,6 +281,19 @@ Cipher::Cipher(const QString &type, Mode mode, Padding pad,
497 +Cipher::Cipher(const QString &type, Cipher::Mode mode, Cipher::Padding pad, Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag, const QString &provider)
498 + : Algorithm(withAlgorithms(type, mode, pad), provider)
506 + setup(dir, key, iv, tag);
510 Cipher::Cipher(const Cipher &from)
511 :Algorithm(from), Filter(from)
513 @@ -339,10 +353,15 @@ int Cipher::blockSize() const
514 return static_cast<const CipherContext *>(context())->blockSize();
517 +AuthTag Cipher::tag() const
519 + return static_cast<const CipherContext *>(context())->tag();
525 - static_cast<CipherContext *>(context())->setup(d->dir, d->key, d->iv);
526 + static_cast<CipherContext *>(context())->setup(d->dir, d->key, d->iv, d->tag);
529 MemoryRegion Cipher::update(const MemoryRegion &a)
530 @@ -370,10 +389,16 @@ bool Cipher::ok() const
533 void Cipher::setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv)
535 + setup(dir, key, iv, AuthTag());
538 +void Cipher::setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv, const AuthTag &tag)
547 @@ -396,6 +421,12 @@ QString Cipher::withAlgorithms(const QString &cipherType, Mode modeType, Padding
560 diff --git a/src/qca_core.cpp b/src/qca_core.cpp
561 index 15ee385..48460ce 100644
562 --- a/src/qca_core.cpp
563 +++ b/src/qca_core.cpp
566 * Copyright (C) 2003-2008 Justin Karneges <justin@affinix.com>
567 * Copyright (C) 2004,2005 Brad Hards <bradh@frogmouth.net>
568 + * Copyright (C) 2014-2016 Ivan Romanov <drizt@land.ru>
570 * This library is free software; you can redistribute it and/or
571 * modify it under the terms of the GNU Lesser General Public
572 @@ -1510,6 +1511,28 @@ InitializationVector::InitializationVector(const QByteArray &a)
576 +//----------------------------------------------------------------------------
578 +//----------------------------------------------------------------------------
583 +AuthTag::AuthTag(int size)
588 +AuthTag::AuthTag(const SecureArray &a)
593 +AuthTag::AuthTag(const QByteArray &a)
595 + set(SecureArray(a));
598 //----------------------------------------------------------------------------
600 //----------------------------------------------------------------------------
601 diff --git a/unittest/cipherunittest/CMakeLists.txt b/unittest/cipherunittest/CMakeLists.txt
602 index 858f56a..a6c775d 100644
603 --- a/unittest/cipherunittest/CMakeLists.txt
604 +++ b/unittest/cipherunittest/CMakeLists.txt
605 @@ -5,7 +5,7 @@ set(cipherunittest_bin_SRCS cipherunittest.cpp)
607 qt4_wrap_cpp(EXTRA_SRCS cipherunittest.h)
609 -add_executable(cipherunittest ${cipherunittest_bin_SRCS} ${EXTRA_SRCS})
610 +add_executable(cipherunittest ${cipherunittest_bin_SRCS} ${EXTRA_SRCS} ${cipherunittest_bin_HDRS})
612 target_link_qca_test_libraries(cipherunittest)
614 diff --git a/unittest/cipherunittest/cipherunittest.cpp b/unittest/cipherunittest/cipherunittest.cpp
615 index 3492caf..2f321fa 100644
616 --- a/unittest/cipherunittest/cipherunittest.cpp
617 +++ b/unittest/cipherunittest/cipherunittest.cpp
620 * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net>
621 + * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
623 * Redistribution and use in source and binary forms, with or without
624 * modification, are permitted provided that the following conditions
625 @@ -496,6 +497,103 @@ void CipherUnitTest::aes128_ctr()
629 +void CipherUnitTest::aes128_gcm_data()
631 + QTest::addColumn<QString>("plainText");
632 + QTest::addColumn<QString>("payload");
633 + QTest::addColumn<QString>("tag");
634 + QTest::addColumn<QString>("keyText");
635 + QTest::addColumn<QString>("ivText");
637 + QTest::newRow("short") << QString("6f6820526f6d656d6f21")
638 + << QString("a9f2558b9a74e6fc551f")
639 + << QString("f8ebf75f108c6f74e6fe49035d268d43")
640 + << QString("1f491f8ddf4856ae4bff9039d418175a")
641 + << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
643 + QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930")
644 + << QString("04e321a8870b6b9cd6846239c27a63fb41d0a7b8994f1514c066f0427fa9ed6707ea6e3b4f161fdff0eb5fc087ed3827b569cd72456c697b5a3a62c9e767")
645 + << QString("b0ad4aa545ea25fc3117cbed955ff155")
646 + << QString("56341f2b431d3b0dbad787db003f2215")
647 + << QString("bfcd3a7252f7f199bf788df8cf61032a");
650 + QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21")
651 + << QString("a9f2558b9a74e6fc551f")
652 + << QString("f8ebf75f108c6f74e6fe49035d268d44")
653 + << QString("1f491f8ddf4856ae4bff9039d418175a")
654 + << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
657 +void CipherUnitTest::aes128_gcm()
659 + QStringList providersToTest;
660 + providersToTest.append("qca-ossl");
661 + providersToTest.append("qca-gcrypt");
662 + providersToTest.append("qca-botan");
663 + providersToTest.append("qca-nss");
665 + foreach (const QString &provider, providersToTest) {
666 + if (!QCA::isSupported( "aes128-gcm", provider))
667 + QWARN(QString("AES128 GCM not supported for " + provider).toLocal8Bit());
669 + QFETCH(QString, plainText);
670 + QFETCH(QString, payload);
671 + QFETCH(QString, tag);
672 + QFETCH(QString, keyText);
673 + QFETCH(QString, ivText);
675 + QCA::SymmetricKey key(QCA::hexToArray(keyText));
676 + QCA::InitializationVector iv(QCA::hexToArray(ivText));
677 + QCA::AuthTag authTag(16);
678 + QCA::Cipher forwardCipher(QString("aes128"),
680 + QCA::Cipher::NoPadding,
686 + QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray());
687 + QVERIFY(forwardCipher.ok());
688 + update += QCA::arrayToHex(forwardCipher.final().toByteArray());
689 + authTag = forwardCipher.tag();
690 + QEXPECT_FAIL("wrongtag", "It's OK", Continue);
691 + QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag);
692 + QCOMPARE(update, payload);
693 + QVERIFY(forwardCipher.ok());
695 + QCA::Cipher reverseCipher(QString( "aes128"),
697 + QCA::Cipher::NoPadding,
701 + QCA::AuthTag(QCA::hexToArray(tag)),
704 + update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray());
705 + QVERIFY(reverseCipher.ok());
706 + QCOMPARE(update, plainText.left(update.size()));
707 + update += QCA::arrayToHex(reverseCipher.final().toByteArray());
708 + QEXPECT_FAIL("wrongtag", "It's OK", Continue);
709 + QCOMPARE(update, plainText);
710 + QEXPECT_FAIL("wrongtag", "It's OK", Continue);
711 + QVERIFY(reverseCipher.ok());
716 +void CipherUnitTest::aes128_ccm_data()
721 +void CipherUnitTest::aes128_ccm()
723 + // For future implementation
726 void CipherUnitTest::aes192_data()
728 QTest::addColumn<QString>("plainText");
729 @@ -950,6 +1048,104 @@ void CipherUnitTest::aes192_ctr()
733 +void CipherUnitTest::aes192_gcm_data()
735 + QTest::addColumn<QString>("plainText");
736 + QTest::addColumn<QString>("payload");
737 + QTest::addColumn<QString>("tag");
738 + QTest::addColumn<QString>("keyText");
739 + QTest::addColumn<QString>("ivText");
741 + QTest::newRow("short") << QString("6f6820526f6d656d6f21")
742 + << QString("01ca25ff74121917f397")
743 + << QString("b90e97706d8eacbabc0be5e0a671b4e4")
744 + << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82")
745 + << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
747 + QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930")
748 + << QString("4c1c5874877f0bee6efd450ec341b1c591e1e100da40bd4744e1035ed0ed0fb458f8efdb7c4b0b2101e29c950c56dc2489c2febec2d7062da28b9a033173")
749 + << QString("af3ea1b7f275ea1e4d4e1fdce63f83fe")
750 + << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82")
751 + << QString("bfcd3a7252f7f199bf788df8cf61032a");
754 + QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21")
755 + << QString("773c3d06b94727c04afc")
756 + << QString("c558aca7f19050db49d94d99119277af")
757 + << QString("7ecb21a647fae54a0996ad281ab0c1a00cb905d9e2eb3b82")
758 + << QString("bfcd3a7252f7f199bf788df8cf61032a");
761 +void CipherUnitTest::aes192_gcm()
763 + QStringList providersToTest;
764 + providersToTest.append("qca-ossl");
765 + providersToTest.append("qca-gcrypt");
766 + providersToTest.append("qca-botan");
767 + providersToTest.append("qca-nss");
769 + foreach (const QString &provider, providersToTest) {
770 + if (!QCA::isSupported( "aes192-gcm", provider))
771 + QWARN(QString("AES128 GCM not supported for " + provider).toLocal8Bit());
773 + QFETCH(QString, plainText);
774 + QFETCH(QString, payload);
775 + QFETCH(QString, tag);
776 + QFETCH(QString, keyText);
777 + QFETCH(QString, ivText);
779 + QCA::SymmetricKey key(QCA::hexToArray(keyText));
780 + QCA::InitializationVector iv(QCA::hexToArray(ivText));
781 + QCA::AuthTag authTag(16);
782 + QCA::Cipher forwardCipher(QString("aes192"),
784 + QCA::Cipher::NoPadding,
790 + QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray());
791 + QVERIFY(forwardCipher.ok());
792 + update += QCA::arrayToHex(forwardCipher.final().toByteArray());
793 + authTag = forwardCipher.tag();
794 + QEXPECT_FAIL("wrongtag", "It's OK", Continue);
795 + QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag);
796 + QCOMPARE(update, payload);
797 + QVERIFY(forwardCipher.ok());
799 + QCA::Cipher reverseCipher(QString( "aes192"),
801 + QCA::Cipher::NoPadding,
805 + QCA::AuthTag(QCA::hexToArray(tag)),
808 + update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray());
809 + QVERIFY(reverseCipher.ok());
810 + QCOMPARE(update, plainText.left(update.size()));
811 + update += QCA::arrayToHex(reverseCipher.final().toByteArray());
812 + QEXPECT_FAIL("wrongtag", "It's OK", Continue);
813 + QCOMPARE(update, plainText);
814 + QEXPECT_FAIL("wrongtag", "It's OK", Continue);
815 + QVERIFY(reverseCipher.ok());
821 +void CipherUnitTest::aes192_ccm_data()
826 +void CipherUnitTest::aes192_ccm()
828 + // For future implementation
831 void CipherUnitTest::aes256_data()
833 QTest::addColumn<QString>("plainText");
834 @@ -1442,6 +1638,103 @@ void CipherUnitTest::aes256_ctr()
838 +void CipherUnitTest::aes256_gcm_data()
840 + QTest::addColumn<QString>("plainText");
841 + QTest::addColumn<QString>("payload");
842 + QTest::addColumn<QString>("tag");
843 + QTest::addColumn<QString>("keyText");
844 + QTest::addColumn<QString>("ivText");
846 + QTest::newRow("short") << QString("6f6820526f6d656d6f21")
847 + << QString("4ce2f4df041252820847")
848 + << QString("1c570805832dfe7babc1b386c26bcd04")
849 + << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04")
850 + << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
852 + QTest::newRow("long") << QString("54484520515549434b2042524f574e20464f58204a554d504544204f56455220544845204c415a5920444f472753204241434b2031323334353637383930")
853 + << QString("e516c267146d6cfd3af3300e24aba7ac23ab3c5cb4765937a6c0156e454cae357e14f4c0dfb0def9624f4f70de90ad2bc9cd555171c4551c26b6346922ed")
854 + << QString("f59aac31ab9dace3fcc693e114dd6610")
855 + << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04")
856 + << QString("bfcd3a7252f7f199bf788df8cf61032a");
859 + QTest::newRow("wrongtag") << QString("6f6820526f6d656d6f21")
860 + << QString("4ce2f4df041252820847")
861 + << QString("1c570805833dfe7babc1b386c26bcd04")
862 + << QString("3fa609690bf07a81a75839b0a4c0add774f54eb804d4f02df488691910298b04")
863 + << QString("f85f8aad39164daf64a12ad9b3fc8a3a");
866 +void CipherUnitTest::aes256_gcm()
868 + QStringList providersToTest;
869 + providersToTest.append("qca-ossl");
870 + providersToTest.append("qca-gcrypt");
871 + providersToTest.append("qca-botan");
872 + providersToTest.append("qca-nss");
874 + foreach (const QString &provider, providersToTest) {
875 + if (!QCA::isSupported( "aes256-gcm", provider))
876 + QWARN(QString("AES256 GCM not supported for " + provider).toLocal8Bit());
878 + QFETCH(QString, plainText);
879 + QFETCH(QString, payload);
880 + QFETCH(QString, tag);
881 + QFETCH(QString, keyText);
882 + QFETCH(QString, ivText);
884 + QCA::SymmetricKey key(QCA::hexToArray(keyText));
885 + QCA::InitializationVector iv(QCA::hexToArray(ivText));
886 + QCA::AuthTag authTag(16);
887 + QCA::Cipher forwardCipher(QString("aes256"),
889 + QCA::Cipher::NoPadding,
895 + QString update = QCA::arrayToHex(forwardCipher.update(QCA::hexToArray(plainText)).toByteArray());
896 + QVERIFY(forwardCipher.ok());
897 + update += QCA::arrayToHex(forwardCipher.final().toByteArray());
898 + authTag = forwardCipher.tag();
899 + QEXPECT_FAIL("wrongtag", "It's OK", Continue);
900 + QCOMPARE(QCA::arrayToHex(authTag.toByteArray()), tag);
901 + QCOMPARE(update, payload);
902 + QVERIFY(forwardCipher.ok());
904 + QCA::Cipher reverseCipher(QString( "aes256"),
906 + QCA::Cipher::NoPadding,
910 + QCA::AuthTag(QCA::hexToArray(tag)),
913 + update = QCA::arrayToHex(reverseCipher.update(QCA::hexToArray(payload)).toByteArray());
914 + QVERIFY(reverseCipher.ok());
915 + QCOMPARE(update, plainText.left(update.size()));
916 + update += QCA::arrayToHex(reverseCipher.final().toByteArray());
917 + QEXPECT_FAIL("wrongtag", "It's OK", Continue);
918 + QCOMPARE(update, plainText);
919 + QEXPECT_FAIL("wrongtag", "It's OK", Continue);
920 + QVERIFY(reverseCipher.ok());
925 +void CipherUnitTest::aes256_ccm_data()
930 +void CipherUnitTest::aes256_ccm()
932 + // For future implementation
935 void CipherUnitTest::tripleDES_data()
937 QTest::addColumn<QString>("plainText");
938 diff --git a/unittest/cipherunittest/cipherunittest.h b/unittest/cipherunittest/cipherunittest.h
939 index 97f5627..bb3ece4 100644
940 --- a/unittest/cipherunittest/cipherunittest.h
941 +++ b/unittest/cipherunittest/cipherunittest.h
944 + * Copyright (C) 2004-2007 Brad Hards <bradh@frogmouth.net>
945 + * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
947 + * Redistribution and use in source and binary forms, with or without
948 + * modification, are permitted provided that the following conditions
951 + * 1. Redistributions of source code must retain the above copyright
952 + * notice, this list of conditions and the following disclaimer.
953 + * 2. Redistributions in binary form must reproduce the above copyright
954 + * notice, this list of conditions and the following disclaimer in the
955 + * documentation and/or other materials provided with the distribution.
957 + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
958 + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
959 + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
960 + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
961 + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
962 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
963 + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
964 + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
965 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
966 + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
969 #ifndef CIPHERUNITTEST_H
970 #define CIPHERUNITTEST_H
972 @@ -23,6 +49,10 @@ private slots:
974 void aes128_ctr_data();
976 + void aes128_gcm_data();
978 + void aes128_ccm_data();
983 @@ -36,6 +66,10 @@ private slots:
985 void aes192_ctr_data();
987 + void aes192_gcm_data();
989 + void aes192_ccm_data();
994 @@ -49,6 +83,10 @@ private slots:
996 void aes256_ctr_data();
998 + void aes256_gcm_data();
1000 + void aes256_ccm_data();
1001 + void aes256_ccm();
1003 void tripleDES_data();
1006 commit 28245c731ed9fefac75fa8a918a06dbb22945ee3
1007 Author: Ivan Romanov <drizt@land.ru>
1008 Date: Sat Aug 20 20:35:55 2016 +0500
1010 Add base64 convenience functions
1012 diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h
1013 index f5c4601..7e7cf87 100644
1014 --- a/include/QtCrypto/qca_core.h
1015 +++ b/include/QtCrypto/qca_core.h
1016 @@ -619,6 +619,32 @@ if (QCA::hexToArray(QString("62626262626262006262") ) == test )
1018 QCA_EXPORT QByteArray hexToArray(const QString &hexString);
1021 + Convert a byte array to printable base64
1024 + This is a convenience function to convert an arbitrary
1025 + QByteArray to a printable representation.
1027 + \param array the array to be converted
1028 + \return a printable representation
1030 +QCA_EXPORT QString arrayToBase64(const QByteArray &array);
1033 + Convert a QString containing a base64 representation
1034 + of a byte array into a QByteArray
1036 + This is a convenience function to convert a printable
1037 + representation into a QByteArray - effectively the inverse
1038 + of QCA::arrayToBase64.
1040 + \param base64String the string containing a printable
1041 + representation to be converted
1042 + \return the equivalent QByteArray
1044 +QCA_EXPORT QByteArray base64ToArray(const QString &base64String);
1047 \class Initializer qca_core.h QtCrypto
1049 diff --git a/src/qca_core.cpp b/src/qca_core.cpp
1050 index 48460ce..dfb93b7 100644
1051 --- a/src/qca_core.cpp
1052 +++ b/src/qca_core.cpp
1053 @@ -813,6 +813,16 @@ QByteArray hexToArray(const QString &str)
1054 return Hex().stringToArray(str).toByteArray();
1057 +QString arrayToBase64(const QByteArray &a)
1059 + return Base64().arrayToString(a);
1062 +QByteArray base64ToArray(const QString &base64String)
1064 + return Base64().stringToArray(base64String).toByteArray();
1067 static Provider *getProviderForType(const QString &type, const QString &provider)
1070 diff --git a/unittest/base64unittest/base64unittest.cpp b/unittest/base64unittest/base64unittest.cpp
1071 index f37dcfa..b354aea 100644
1072 --- a/unittest/base64unittest/base64unittest.cpp
1073 +++ b/unittest/base64unittest/base64unittest.cpp
1074 @@ -120,6 +120,9 @@ void Base64UnitTest::test2()
1076 QCOMPARE( base64Object.encodeString(raw), encoded );
1077 QCOMPARE( base64Object.decodeString(encoded), raw );
1079 + QCOMPARE( QCA::arrayToBase64(raw.toUtf8()), encoded );
1080 + QCOMPARE( QLatin1String(QCA::base64ToArray(encoded)), raw );
1083 QTEST_MAIN(Base64UnitTest)
1085 commit d320ef4fdb2b5a70a2485a7027e52b520f0c4b48
1086 Author: Ivan Romanov <drizt@land.ru>
1087 Date: Mon Oct 10 21:50:18 2016 +0500
1089 Add some missed headers to Qt Creator project
1091 diff --git a/plugins/qca-gnupg/CMakeLists.txt b/plugins/qca-gnupg/CMakeLists.txt
1092 index 6dbcaed..1ed8e21 100644
1093 --- a/plugins/qca-gnupg/CMakeLists.txt
1094 +++ b/plugins/qca-gnupg/CMakeLists.txt
1095 @@ -21,6 +21,23 @@ set(QCA_GNUPG_NONMOC_SOURCES
1099 +set(QCA_GNUPG_HEADERS
1108 + gpgproc/gpgproc_p.h
1109 + gpgproc/sprocess.h
1112 + mymessagecontext.h
1113 + myopenpgpcontext.h
1116 my_automoc(QCA_GNUPG_MOC_SOURCES)
1118 qt4_wrap_cpp(EXTRA_GNUPG_SOURCES gpgop.h)
1119 @@ -33,7 +50,7 @@ qt4_wrap_cpp(EXTRA_GNUPG_SOURCES mykeystorelist.h)
1120 qt4_wrap_cpp(EXTRA_GNUPG_SOURCES mymessagecontext.h)
1121 qt4_wrap_cpp(EXTRA_GNUPG_SOURCES gpgaction.h)
1123 -add_library(qca-gnupg ${PLUGIN_TYPE} ${QCA_GNUPG_MOC_SOURCES} ${QCA_GNUPG_NONMOC_SOURCES} ${EXTRA_GNUPG_SOURCES})
1124 +add_library(qca-gnupg ${PLUGIN_TYPE} ${QCA_GNUPG_MOC_SOURCES} ${QCA_GNUPG_NONMOC_SOURCES} ${EXTRA_GNUPG_SOURCES} ${QCA_GNUPG_HEADERS})
1126 if(APPLE AND ${PLUGIN_TYPE} STREQUAL "MODULE")
1127 set_property(TARGET qca-gnupg PROPERTY SUFFIX ".dylib")
1129 commit 7ba0ee591e0f50a7e7b532f9eb7e500e7da784fb
1130 Author: Samuel Gaist <samuel.gaist@edeltech.ch>
1131 Date: Thu Oct 20 13:34:23 2016 +0200
1133 OS X build and warning fix
1135 Revert "Add missed file"
1137 This reverts commit 4c9f27270e0a7c00c10cbc56ce5c6842b47e5ab2.
1139 FindCoreFoundation.cmake is not needed since CoreFoundation
1140 is a system framework. Its use has been removed by
1141 commit f223ce03d4b94ffbb093fc8be5adf8d968f54434
1143 Acked by: Ivan Čukić
1147 diff --git a/cmake/modules/FindCoreFoundation.cmake b/cmake/modules/FindCoreFoundation.cmake
1148 deleted file mode 100644
1149 index c08e529..0000000
1150 --- a/cmake/modules/FindCoreFoundation.cmake
1153 -# Copyright (c) 2014, Samuel Gaist, <samuel.gaist@edeltech.ch>
1155 -# Redistribution and use is allowed according to the terms of the BSD license.
1156 -# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
1158 -INCLUDE(CMakeFindFrameworks)
1160 -CMAKE_FIND_FRAMEWORKS(CoreFoundation)
1162 -if (CoreFoundation_FRAMEWORKS)
1163 - set(COREFOUNDATION_LIBRARY "-framework CoreFoundation" CACHE FILEPATH "CoreFoundation framework" FORCE)
1164 - set(COREFOUNDATION_FOUND 1)
1165 -endif (CoreFoundation_FRAMEWORKS)
1167 commit b435c1b87b14ac2d2de9f83e586bfd6d8c2a755e
1168 Author: Ivan Romanov <drizt@land.ru>
1169 Date: Sun Jan 29 14:06:08 2017 +0500
1171 Avoid @rpath on Mac OS
1173 diff --git a/CMakeLists.txt b/CMakeLists.txt
1174 index 605621b..34bffb9 100644
1175 --- a/CMakeLists.txt
1176 +++ b/CMakeLists.txt
1177 @@ -23,6 +23,10 @@ set(QCA_LIB_PATCH_VERSION "0")
1179 cmake_policy(SET CMP0020 OLD)
1182 + cmake_policy(SET CMP0042 OLD)
1185 option(BUILD_TESTS "Create test" ON)
1186 option(BUILD_TOOLS "Compile mozcerts and qcatool" ON)
1187 set(BUILD_PLUGINS "auto" CACHE STRING "Plugins for building (also possible values: none, all and auto)")
1189 commit f4b2eb0ced5310f3c43398eb1f03e0c065e08a82
1190 Author: Ivan Romanov <drizt@land.ru>
1191 Date: Sun Jan 29 15:08:12 2017 +0500
1195 diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
1196 index 92204f2..2e81974 100644
1197 --- a/src/CMakeLists.txt
1198 +++ b/src/CMakeLists.txt
1199 @@ -148,9 +148,15 @@ if(WIN32)
1203 - set(COREFOUNDATION_LIBRARY "-framework CoreFoundation")
1204 - set(COREFOUNDATION_LIBRARY_SECURITY "-framework Security")
1205 - TARGET_LINK_LIBRARIES(${QCA_LIB_NAME} ${COREFOUNDATION_LIBRARY} ${COREFOUNDATION_LIBRARY_SECURITY})
1206 + set(COREFOUNDATION_LIBRARY "-framework CoreFoundation")
1207 + set(COREFOUNDATION_LIBRARY_SECURITY "-framework Security")
1208 + TARGET_LINK_LIBRARIES(${QCA_LIB_NAME} ${COREFOUNDATION_LIBRARY} ${COREFOUNDATION_LIBRARY_SECURITY})
1210 + if(OSX_FRAMEWORK AND NOT USE_RELATIVE_PATHS)
1211 + set_target_properties(${QCA_LIB_NAME} PROPERTIES
1212 + INSTALL_NAME_DIR "${QCA_LIBRARY_INSTALL_DIR}"
1219 commit be55b9c98dca67e42709ac6eadc272390ee49f03
1220 Author: Ivan Romanov <drizt@land.ru>
1221 Date: Wed Mar 1 13:22:48 2017 +0500
1225 diff --git a/src/support/console.cpp b/src/support/console.cpp
1226 index c3c5570..ee94998 100644
1227 --- a/src/support/console.cpp
1228 +++ b/src/support/console.cpp
1229 @@ -857,7 +857,7 @@ public:
1233 - if(c == '\b' || c == 0x7f)
1234 + if(c == '\b' || c.unicode() == 0x7f)
1239 commit 5f18ebc705ec98e883aa63cb537e36e6a08b7e34
1240 Author: Alon Bar-Lev <alon.barlev@gmail.com>
1241 Date: Tue Mar 21 12:23:17 2017 +0200
1243 build: fix C++11 throwing distructors
1245 For >=C++11, explicitly mark throwing destructors `noexcept(false)`
1247 Thanks: Peter-Levine <plevine457@gmail.com>
1249 diff --git a/Doxyfile.in b/Doxyfile.in
1250 index 59d9afe..844c234 100644
1253 @@ -1070,7 +1070,7 @@ PREDEFINED = DOXYGEN_SHOULD_SKIP_THIS \
1254 # The macro definition that is found in the sources will be used.
1255 # Use the PREDEFINED tag if you want to use a different macro definition.
1257 -EXPAND_AS_DEFINED = QCA_EXPORT
1258 +EXPAND_AS_DEFINED = QCA_EXPORT QCA_NOEXCEPT
1260 # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
1261 # doxygen's preprocessor will remove all function-like macros that are alone
1262 diff --git a/src/botantools/botan/alloc_mmap/mmap_mem.cpp b/src/botantools/botan/alloc_mmap/mmap_mem.cpp
1263 index 362b688..54f0d23 100644
1264 --- a/src/botantools/botan/alloc_mmap/mmap_mem.cpp
1265 +++ b/src/botantools/botan/alloc_mmap/mmap_mem.cpp
1266 @@ -107,7 +107,7 @@ void* MemoryMapping_Allocator::alloc_block(u32bit n)
1271 + ~TemporaryFile() QCA_NOEXCEPT(false)
1274 if(fd != -1 && close(fd) == -1)
1275 diff --git a/src/botantools/botan/botan/allocate.h b/src/botantools/botan/botan/allocate.h
1276 index 0ac351e..52bc397 100644
1277 --- a/src/botantools/botan/botan/allocate.h
1278 +++ b/src/botantools/botan/botan/allocate.h
1279 @@ -40,6 +40,12 @@ namespace QCA { // WRAPNS_LINE
1281 namespace QCA { // WRAPNS_LINE
1283 +#if __cplusplus >= 201103L
1284 +#define QCA_NOEXCEPT(x) noexcept(x)
1286 +#define QCA_NOEXCEPT(x)
1291 /*************************************************
1292 @@ -58,7 +64,7 @@ class Allocator
1293 virtual void init() {}
1294 virtual void destroy() {}
1296 - virtual ~Allocator() {}
1297 + virtual ~Allocator() QCA_NOEXCEPT(false) {}
1300 /*************************************************
1301 diff --git a/src/botantools/botan/botan/mem_pool.h b/src/botantools/botan/botan/mem_pool.h
1302 index 32834b8..1cb903e 100644
1303 --- a/src/botantools/botan/botan/mem_pool.h
1304 +++ b/src/botantools/botan/botan/mem_pool.h
1305 @@ -63,7 +63,7 @@ class Pooling_Allocator : public Allocator
1308 Pooling_Allocator(u32bit, bool);
1309 - ~Pooling_Allocator();
1310 + ~Pooling_Allocator() QCA_NOEXCEPT(false);
1312 void get_more_core(u32bit);
1313 byte* allocate_blocks(u32bit);
1314 diff --git a/src/botantools/botan/mem_pool.cpp b/src/botantools/botan/mem_pool.cpp
1315 index 00280ec..baa47aa 100644
1316 --- a/src/botantools/botan/mem_pool.cpp
1317 +++ b/src/botantools/botan/mem_pool.cpp
1318 @@ -171,7 +171,7 @@ Pooling_Allocator::Pooling_Allocator(u32bit p_size, bool) :
1319 /*************************************************
1320 * Pooling_Allocator Destructor *
1321 *************************************************/
1322 -Pooling_Allocator::~Pooling_Allocator()
1323 +Pooling_Allocator::~Pooling_Allocator() QCA_NOEXCEPT(false)
1328 commit df794c0181a09c42a883f2f886af20526f2e219e
1329 Author: Ivan Romanov <drizt@land.ru>
1330 Date: Sat Jul 8 09:53:45 2017 +0500
1332 Remove deprecated keyword
1334 diff --git a/include/QtCrypto/qca_core.h b/include/QtCrypto/qca_core.h
1335 index 7e7cf87..8c25a70 100644
1336 --- a/include/QtCrypto/qca_core.h
1337 +++ b/include/QtCrypto/qca_core.h
1338 @@ -492,8 +492,8 @@ QCA_EXPORT Logger *logger();
1340 #define QCA_logTextMessage(message, severity) \
1342 - register QCA::Logger::Severity s = severity; \
1343 - register QCA::Logger *l = QCA::logger (); \
1344 + QCA::Logger::Severity s = severity; \
1345 + QCA::Logger *l = QCA::logger (); \
1346 if (s <= l->level ()) { \
1347 l->logTextMessage (message, s); \
1349 @@ -511,8 +511,8 @@ QCA_EXPORT Logger *logger();
1351 #define QCA_logBinaryMessage(blob, severity) \
1353 - register QCA::Logger::Severity s = severity; \
1354 - register QCA::Logger *l = QCA::logger (); \
1355 + QCA::Logger::Severity s = severity; \
1356 + QCA::Logger *l = QCA::logger (); \
1357 if (s <= l->level ()) { \
1358 l->logBinaryMessage (blob, s); \
1361 commit 8871dcd2e14207de4319c5da584d7712d13ce7ae
1362 Author: Ivan Romanov <drizt@land.ru>
1363 Date: Mon Sep 18 22:28:00 2017 +0500
1367 CMP 0020 is deprecated. Avoid using of old behaviour.
1369 diff --git a/CMakeLists.txt b/CMakeLists.txt
1370 index 34bffb9..7ef32ee 100644
1371 --- a/CMakeLists.txt
1372 +++ b/CMakeLists.txt
1373 @@ -18,11 +18,6 @@ set(QCA_LIB_MAJOR_VERSION "2")
1374 set(QCA_LIB_MINOR_VERSION "2")
1375 set(QCA_LIB_PATCH_VERSION "0")
1377 -# Do not automatically link Qt executables to qtmain target on Windows.
1378 -# QCA exucatables use console mode only. Not need to link against
1380 -cmake_policy(SET CMP0020 OLD)
1383 cmake_policy(SET CMP0042 OLD)
1385 @@ -51,6 +46,9 @@ set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules" )
1387 option(QT4_BUILD "Force building with Qt4 even if Qt5 is found")
1389 + # Do not automatically link Qt executables to qtmain target on Windows.
1390 + # QCA exucatables use console mode only. Not need to link against qtmain.lib.
1391 + set(Qt5_NO_LINK_QTMAIN ON)
1392 find_package(Qt5Core QUIET)
1393 mark_as_advanced(Qt5Core_DIR)
1395 @@ -71,6 +69,9 @@ if (Qt5Core_FOUND)
1397 set(QT_MIN_VERSION "4.7.0")
1398 set(QT_USE_IMPORTED_TARGETS ON)
1399 + # Do not automatically link Qt executables to qtmain target on Windows.
1400 + # QCA exucatables use console mode only. Not need to link against qtmain.lib.
1401 + set(QT4_NO_LINK_QTMAIN ON)
1403 find_package(Qt4 REQUIRED QtCore QtNetwork QtTest)
1406 commit 159e144abf98964ad8653efdeeebefe1a284a044
1407 Author: Ivan Romanov <drizt@land.ru>
1408 Date: Sat Sep 30 15:45:59 2017 +0500
1410 Disable missed openssl cipher suites
1412 Fedora 26 has no them.
1414 commit d58e20ee652038dc4ec4fe4765dc3639ed735526
1415 Author: Fabian Vogt <fabian@ritter-vogt.de>
1416 Date: Sat Dec 16 22:29:40 2017 +0100
1418 Add support for OpenSSL 1.1.0
1421 Ran the testsuite with OpenSSL 1.1.0g and 1.0.2j, all passed.
1422 Using this code with kdeconnect and okteta successfully on my system now.
1426 Subscribers: anthonyfieroni, alonbl, heikobecker, cfeck, asturmlechner, bero, rdieter
1428 Differential Revision: https://phabricator.kde.org/D9416
1430 diff --git a/plugins/qca-ossl/ossl110-compat.h b/plugins/qca-ossl/ossl110-compat.h
1431 new file mode 100644
1432 index 0000000..ec15475
1434 +++ b/plugins/qca-ossl/ossl110-compat.h
1437 + * Copyright (C) 2017 Gabriel Souza Franco <gabrielfrancosouza@gmail.com>
1439 + * This library is free software; you can redistribute it and/or
1440 + * modify it under the terms of the GNU Lesser General Public
1441 + * License as published by the Free Software Foundation; either
1442 + * version 2.1 of the License, or (at your option) any later version.
1444 + * This library is distributed in the hope that it will be useful,
1445 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
1446 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
1447 + * Lesser General Public License for more details.
1449 + * You should have received a copy of the GNU Lesser General Public
1450 + * License along with this library; if not, write to the Free Software
1451 + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
1455 +#ifndef OSSL110COMPAT_H
1456 +#define OSSL110COMPAT_H
1458 +#include <openssl/evp.h>
1459 +#include <openssl/hmac.h>
1460 +#include <openssl/rsa.h>
1461 +#include <openssl/dsa.h>
1463 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
1464 +#define RSA_F_RSA_METH_DUP 161
1466 +static void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
1474 +static int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
1476 + if (!sig) return 0;
1482 +static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
1492 +static int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g)
1494 + if (!dsa) return 0;
1501 +static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
1511 +static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
1513 + if (!rsa) return 0;
1520 +static void RSA_get0_factors(const RSA *rsa, const BIGNUM **p, const BIGNUM **q)
1528 +static int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q)
1530 + if (!rsa) return 0;
1536 +static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
1546 +static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
1548 + if (!dh) return 0;
1555 +static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
1558 + *pub_key = dh->pub_key;
1560 + *priv_key = dh->priv_key;
1563 +static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
1565 + if (!dh) return 0;
1566 + dh->pub_key = pub_key;
1567 + dh->priv_key = priv_key;
1571 +static void DSA_get0_key(const DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key)
1574 + *pub_key = dsa->pub_key;
1576 + *priv_key = dsa->priv_key;
1579 +static int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key)
1581 + if (!dsa) return 0;
1582 + dsa->pub_key = pub_key;
1583 + dsa->priv_key = priv_key;
1587 +static void X509_SIG_getm(const X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest)
1590 + *palg = sig->algor;
1592 + *pdigest = sig->digest;
1595 +static void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
1598 + *psig = req->signature;
1600 + *palg = req->sig_alg;
1603 +static void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
1606 + *psig = crl->signature;
1608 + *palg = crl->sig_alg;
1611 +static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
1616 + RSA_METHOD *_meth = (RSA_METHOD *) OPENSSL_malloc(sizeof(*_meth));
1620 + RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
1624 + memcpy(_meth, meth, sizeof(*_meth));
1625 + _meth->name = strdup(meth->name);
1626 + if (!_meth->name) {
1627 + OPENSSL_free(_meth);
1628 + RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
1635 +static int RSA_meth_set_priv_enc(RSA_METHOD *rsa, int (*priv_enc) (int flen, const unsigned char *from,
1636 + unsigned char *to, RSA *rsa, int padding))
1638 + if (!rsa) return 0;
1639 + rsa->rsa_priv_enc = priv_enc;
1643 +static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int (*priv_dec) (int flen, const unsigned char *from,
1644 + unsigned char *to, RSA *rsa, int padding))
1646 + if (!rsa) return 0;
1647 + rsa->rsa_priv_dec = priv_dec;
1651 +static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m,
1652 + unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
1654 + if (!meth) return 0;
1655 + meth->rsa_sign = sign;
1659 +static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m,
1660 + unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa))
1662 + if (!meth) return 0;
1663 + meth->rsa_verify = verify;
1667 +static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
1669 + if (!meth) return 0;
1670 + meth->finish = finish;
1674 +static HMAC_CTX *HMAC_CTX_new()
1676 + HMAC_CTX *ctx = (HMAC_CTX *) OPENSSL_malloc(sizeof(HMAC_CTX));
1678 + HMAC_CTX_init(ctx);
1682 +static void HMAC_CTX_free(HMAC_CTX *ctx)
1686 + HMAC_CTX_cleanup(ctx);
1687 + EVP_MD_CTX_cleanup(&ctx->i_ctx);
1688 + EVP_MD_CTX_cleanup(&ctx->o_ctx);
1689 + EVP_MD_CTX_cleanup(&ctx->md_ctx);
1690 + OPENSSL_free(ctx);
1693 +#define ASN1_STRING_get0_data(...) (const unsigned char*)ASN1_STRING_data(__VA_ARGS__)
1695 +#define EVP_MD_CTX_new(...) EVP_MD_CTX_create(__VA_ARGS__)
1696 +#define EVP_MD_CTX_free(...) EVP_MD_CTX_destroy(__VA_ARGS__)
1698 +#define EVP_PKEY_up_ref(pkey) CRYPTO_add(&(pkey)->references, 1, CRYPTO_LOCK_EVP_PKEY)
1699 +#define X509_up_ref(cert) CRYPTO_add(&(cert)->references, 1, CRYPTO_LOCK_X509)
1700 +#define X509_CRL_up_ref(crl) CRYPTO_add(&(crl)->references, 1, CRYPTO_LOCK_X509_CRL)
1702 +#define EVP_PKEY_id(pky) (pky)->type
1703 +#define EVP_PKEY_get0_DSA(pky) (pky)->pkey.dsa
1704 +#define EVP_PKEY_get0_RSA(pky) (pky)->pkey.rsa
1705 +#define EVP_PKEY_get0_DH(pky) (pky)->pkey.dh
1707 +#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
1708 +#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
1710 +#define X509_REQ_get_signature_nid(req) OBJ_obj2nid((req)->sig_alg->algorithm)
1711 +#define X509_CRL_get_signature_nid(crl) OBJ_obj2nid((crl)->sig_alg->algorithm)
1713 +#define X509_REVOKED_get0_serialNumber(rev) (rev)->serialNumber
1714 +#define X509_REVOKED_get0_revocationDate(rev) (rev)->revocationDate
1716 +#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
1718 +#endif // OSSL110COMPAT_H
1719 diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
1720 index a507604..39dbc2b 100644
1721 --- a/plugins/qca-ossl/qca-ossl.cpp
1722 +++ b/plugins/qca-ossl/qca-ossl.cpp
1724 * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com>
1725 * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
1726 * Copyright (C) 2013-2016 Ivan Romanov <drizt@land.ru>
1727 + * Copyright (C) 2017 Fabian Vogt <fabian@ritter-vogt.de>
1729 * This library is free software; you can redistribute it and/or
1730 * modify it under the terms of the GNU Lesser General Public
1732 #include <openssl/pkcs12.h>
1733 #include <openssl/ssl.h>
1735 +#include "ossl110-compat.h"
1738 // comment this out if you'd rather use openssl 0.9.6
1741 ((_STACK*) (1 ? p : (type*)0))
1744 +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
1748 +// OpenSSL 1.1.0 compatibility macros
1750 +#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
1751 +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT
1754 using namespace QCA;
1756 namespace opensslQCAPlugin {
1757 @@ -94,7 +107,7 @@ static QByteArray bio2ba(BIO *b)
1761 -static BigInteger bn2bi(BIGNUM *n)
1762 +static BigInteger bn2bi(const BIGNUM *n)
1764 SecureArray buf(BN_num_bytes(n) + 1);
1765 buf[0] = 0; // positive
1766 @@ -110,7 +123,7 @@ static BIGNUM *bi2bn(const BigInteger &n)
1768 // take lowest bytes of BIGNUM to fit
1769 // pad with high byte zeroes to fit
1770 -static SecureArray bn2fixedbuf(BIGNUM *n, int size)
1771 +static SecureArray bn2fixedbuf(const BIGNUM *n, int size)
1773 SecureArray buf(BN_num_bytes(n));
1774 BN_bn2bin(n, (unsigned char *)buf.data());
1775 @@ -128,8 +141,11 @@ static SecureArray dsasig_der_to_raw(const SecureArray &in)
1776 const unsigned char *inp = (const unsigned char *)in.data();
1777 d2i_DSA_SIG(&sig, &inp, in.size());
1779 - SecureArray part_r = bn2fixedbuf(sig->r, 20);
1780 - SecureArray part_s = bn2fixedbuf(sig->s, 20);
1781 + const BIGNUM *bnr, *bns;
1782 + DSA_SIG_get0(sig, &bnr, &bns);
1784 + SecureArray part_r = bn2fixedbuf(bnr, 20);
1785 + SecureArray part_s = bn2fixedbuf(bns, 20);
1787 result.append(part_r);
1788 result.append(part_s);
1789 @@ -144,12 +160,16 @@ static SecureArray dsasig_raw_to_der(const SecureArray &in)
1790 return SecureArray();
1792 DSA_SIG *sig = DSA_SIG_new();
1793 - SecureArray part_r(20);
1794 - SecureArray part_s(20);
1795 + SecureArray part_r(20); BIGNUM *bnr;
1796 + SecureArray part_s(20); BIGNUM *bns;
1797 memcpy(part_r.data(), in.data(), 20);
1798 memcpy(part_s.data(), in.data() + 20, 20);
1799 - sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
1800 - sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
1801 + bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
1802 + bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
1804 + if(DSA_SIG_set0(sig, bnr, bns) == 0)
1805 + return SecureArray();
1806 + // Not documented what happens in the failure case, free bnr and bns?
1808 int len = i2d_DSA_SIG(sig, NULL);
1809 SecureArray result(len);
1810 @@ -1005,29 +1025,39 @@ public:
1811 opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type)
1813 m_algorithm = algorithm;
1814 - EVP_DigestInit( &m_context, m_algorithm );
1815 + m_context = EVP_MD_CTX_new();
1816 + EVP_DigestInit( m_context, m_algorithm );
1819 + opensslHashContext(const opensslHashContext &other)
1820 + : HashContext(other)
1822 + m_algorithm = other.m_algorithm;
1823 + m_context = EVP_MD_CTX_new();
1824 + EVP_MD_CTX_copy_ex(m_context, other.m_context);
1827 ~opensslHashContext()
1829 - EVP_MD_CTX_cleanup(&m_context);
1830 + EVP_MD_CTX_free(m_context);
1835 - EVP_MD_CTX_cleanup(&m_context);
1836 - EVP_DigestInit( &m_context, m_algorithm );
1837 + EVP_MD_CTX_free(m_context);
1838 + m_context = EVP_MD_CTX_new();
1839 + EVP_DigestInit( m_context, m_algorithm );
1842 void update(const MemoryRegion &a)
1844 - EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
1845 + EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
1848 MemoryRegion final()
1850 SecureArray a( EVP_MD_size( m_algorithm ) );
1851 - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1852 + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1856 @@ -1038,7 +1068,7 @@ public:
1859 const EVP_MD *m_algorithm;
1860 - EVP_MD_CTX m_context;
1861 + EVP_MD_CTX *m_context;
1865 @@ -1048,7 +1078,21 @@ public:
1866 opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type)
1868 m_algorithm = algorithm;
1869 - EVP_DigestInit( &m_context, m_algorithm );
1870 + m_context = EVP_MD_CTX_new();
1871 + EVP_DigestInit( m_context, m_algorithm );
1874 + opensslPbkdf1Context(const opensslPbkdf1Context &other)
1875 + : KDFContext(other)
1877 + m_algorithm = other.m_algorithm;
1878 + m_context = EVP_MD_CTX_new();
1879 + EVP_MD_CTX_copy(m_context, other.m_context);
1882 + ~opensslPbkdf1Context()
1884 + EVP_MD_CTX_free(m_context);
1887 Provider::Context *clone() const
1888 @@ -1082,16 +1126,16 @@ public:
1892 - EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
1893 - EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
1894 + EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
1895 + EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
1896 SecureArray a( EVP_MD_size( m_algorithm ) );
1897 - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1898 + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1900 // calculate T_2 up to T_c
1901 for ( unsigned int i = 2; i <= iterationCount; ++i ) {
1902 - EVP_DigestInit( &m_context, m_algorithm );
1903 - EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
1904 - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1905 + EVP_DigestInit( m_context, m_algorithm );
1906 + EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
1907 + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1910 // shrink a to become DK, of the required length
1911 @@ -1137,19 +1181,19 @@ public:
1915 - EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
1916 - EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
1917 + EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
1918 + EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
1919 SecureArray a( EVP_MD_size( m_algorithm ) );
1920 - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1921 + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1923 // calculate T_2 up to T_c
1924 *iterationCount = 2 - 1; // <- Have to remove 1, unless it computes one
1925 timer.start(); // ^ time more than the base function
1926 // ^ with the same iterationCount
1927 while (timer.elapsed() < msecInterval) {
1928 - EVP_DigestInit( &m_context, m_algorithm );
1929 - EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
1930 - EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
1931 + EVP_DigestInit( m_context, m_algorithm );
1932 + EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
1933 + EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
1934 ++(*iterationCount);
1937 @@ -1164,7 +1208,7 @@ public:
1940 const EVP_MD *m_algorithm;
1941 - EVP_MD_CTX m_context;
1942 + EVP_MD_CTX *m_context;
1945 class opensslPbkdf2Context : public KDFContext
1946 @@ -1232,12 +1276,28 @@ public:
1947 opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type)
1949 m_algorithm = algorithm;
1950 - HMAC_CTX_init( &m_context );
1951 + m_context = HMAC_CTX_new();
1953 + HMAC_CTX_init( m_context );
1957 + opensslHMACContext(const opensslHMACContext &other)
1958 + : MACContext(other)
1960 + m_algorithm = other.m_algorithm;
1961 + m_context = HMAC_CTX_new();
1962 + HMAC_CTX_copy(m_context, other.m_context);
1965 + ~opensslHMACContext()
1967 + HMAC_CTX_free(m_context);
1970 void setup(const SymmetricKey &key)
1972 - HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 );
1973 + HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 );
1976 KeyLength keyLength() const
1977 @@ -1247,14 +1307,18 @@ public:
1979 void update(const MemoryRegion &a)
1981 - HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() );
1982 + HMAC_Update( m_context, (unsigned char *)a.data(), a.size() );
1985 void final(MemoryRegion *out)
1987 SecureArray sa( EVP_MD_size( m_algorithm ), 0 );
1988 - HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 );
1989 - HMAC_CTX_cleanup(&m_context);
1990 + HMAC_Final(m_context, (unsigned char *)sa.data(), 0 );
1992 + HMAC_CTX_reset(m_context);
1994 + HMAC_CTX_cleanup(m_context);
1999 @@ -1264,7 +1328,7 @@ public:
2003 - HMAC_CTX m_context;
2004 + HMAC_CTX *m_context;
2005 const EVP_MD *m_algorithm;
2008 @@ -1278,7 +1342,7 @@ class EVPKey
2010 enum State { Idle, SignActive, SignError, VerifyActive, VerifyError };
2013 + EVP_MD_CTX *mdctx;
2017 @@ -1288,19 +1352,23 @@ public:
2021 + mdctx = EVP_MD_CTX_new();
2024 EVPKey(const EVPKey &from)
2027 - CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
2028 + EVP_PKEY_up_ref(pkey);
2031 + mdctx = EVP_MD_CTX_new();
2032 + EVP_MD_CTX_copy(mdctx, from.mdctx);
2038 + EVP_MD_CTX_free(mdctx);
2042 @@ -1323,8 +1391,8 @@ public:
2046 - EVP_MD_CTX_init(&mdctx);
2047 - if(!EVP_SignInit_ex(&mdctx, type, NULL))
2048 + EVP_MD_CTX_init(mdctx);
2049 + if(!EVP_SignInit_ex(mdctx, type, NULL))
2053 @@ -1340,8 +1408,8 @@ public:
2057 - EVP_MD_CTX_init(&mdctx);
2058 - if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
2059 + EVP_MD_CTX_init(mdctx);
2060 + if(!EVP_VerifyInit_ex(mdctx, type, NULL))
2061 state = VerifyError;
2064 @@ -1353,7 +1421,7 @@ public:
2068 - if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size()))
2069 + if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size()))
2072 else if(state == VerifyActive)
2073 @@ -1361,7 +1429,7 @@ public:
2077 - if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size()))
2078 + if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size()))
2079 state = VerifyError;
2082 @@ -1374,17 +1442,20 @@ public:
2083 unsigned int len = out.size();
2086 - if (pkey->type == EVP_PKEY_RSA)
2087 + int type = EVP_PKEY_id(pkey);
2089 + if (type == EVP_PKEY_RSA)
2091 + RSA *rsa = EVP_PKEY_get0_RSA(pkey);
2092 if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(),
2093 - (unsigned char *)out.data(), pkey->pkey.rsa,
2094 + (unsigned char *)out.data(), rsa,
2095 RSA_PKCS1_PADDING) == -1) {
2098 return SecureArray ();
2101 - else if (pkey->type == EVP_PKEY_DSA)
2102 + else if (type == EVP_PKEY_DSA)
2105 return SecureArray ();
2106 @@ -1396,7 +1467,7 @@ public:
2110 - if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey))
2111 + if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey))
2114 return SecureArray();
2115 @@ -1419,16 +1490,19 @@ public:
2116 SecureArray out(EVP_PKEY_size(pkey));
2119 - if (pkey->type == EVP_PKEY_RSA) {
2120 + int type = EVP_PKEY_id(pkey);
2122 + if (type == EVP_PKEY_RSA) {
2123 + RSA *rsa = EVP_PKEY_get0_RSA(pkey);
2124 if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(),
2125 - (unsigned char *)out.data (), pkey->pkey.rsa,
2126 + (unsigned char *)out.data (), rsa,
2127 RSA_PKCS1_PADDING)) == -1) {
2129 state = VerifyError;
2133 - else if (pkey->type == EVP_PKEY_DSA)
2134 + else if (type == EVP_PKEY_DSA)
2136 state = VerifyError;
2138 @@ -1448,7 +1522,7 @@ public:
2142 - if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
2143 + if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
2145 state = VerifyError;
2147 @@ -1562,9 +1636,11 @@ static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams
2149 if(ret_counter != counter)
2151 - params->p = bn2bi(dsa->p);
2152 - params->q = bn2bi(dsa->q);
2153 - params->g = bn2bi(dsa->g);
2154 + const BIGNUM *bnp, *bnq, *bng;
2155 + DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
2156 + params->p = bn2bi(bnp);
2157 + params->q = bn2bi(bnq);
2158 + params->g = bn2bi(bng);
2162 @@ -1827,10 +1903,11 @@ public:
2165 // extract the public key into DER format
2166 - int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL);
2167 + RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey);
2168 + int len = i2d_RSAPublicKey(rsa_pkey, NULL);
2169 SecureArray result(len);
2170 unsigned char *p = (unsigned char *)result.data();
2171 - i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p);
2172 + i2d_RSAPublicKey(rsa_pkey, &p);
2173 p = (unsigned char *)result.data();
2175 // put the DER public key back into openssl
2176 @@ -1853,7 +1930,7 @@ public:
2178 virtual int maximumEncryptSize(EncryptionAlgorithm alg) const
2180 - RSA *rsa = evp.pkey->pkey.rsa;
2181 + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2185 @@ -1868,7 +1945,7 @@ public:
2187 virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg)
2189 - RSA *rsa = evp.pkey->pkey.rsa;
2190 + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2191 SecureArray buf = in;
2192 int max = maximumEncryptSize(alg);
2194 @@ -1901,7 +1978,7 @@ public:
2196 virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg)
2198 - RSA *rsa = evp.pkey->pkey.rsa;
2199 + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2200 SecureArray result(RSA_size(rsa));
2203 @@ -2022,14 +2099,10 @@ public:
2206 RSA *rsa = RSA_new();
2207 - rsa->n = bi2bn(n);
2208 - rsa->e = bi2bn(e);
2209 - rsa->p = bi2bn(p);
2210 - rsa->q = bi2bn(q);
2211 - rsa->d = bi2bn(d);
2213 - if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d)
2214 + if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0
2215 + || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0)
2221 @@ -2037,7 +2110,7 @@ public:
2222 // When private key has no Public Exponent (e) or Private Exponent (d)
2223 // need to disable blinding. Otherwise decryption will be broken.
2224 // http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html
2225 - if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d))
2226 + if(e == BigInteger(0) || d == BigInteger(0))
2227 RSA_blinding_off(rsa);
2229 evp.pkey = EVP_PKEY_new();
2230 @@ -2050,10 +2123,7 @@ public:
2233 RSA *rsa = RSA_new();
2234 - rsa->n = bi2bn(n);
2235 - rsa->e = bi2bn(e);
2237 - if(!rsa->n || !rsa->e)
2238 + if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0)
2242 @@ -2066,27 +2136,42 @@ public:
2244 virtual BigInteger n() const
2246 - return bn2bi(evp.pkey->pkey.rsa->n);
2247 + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2248 + const BIGNUM *bnn;
2249 + RSA_get0_key(rsa, &bnn, NULL, NULL);
2250 + return bn2bi(bnn);
2253 virtual BigInteger e() const
2255 - return bn2bi(evp.pkey->pkey.rsa->e);
2256 + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2257 + const BIGNUM *bne;
2258 + RSA_get0_key(rsa, NULL, &bne, NULL);
2259 + return bn2bi(bne);
2262 virtual BigInteger p() const
2264 - return bn2bi(evp.pkey->pkey.rsa->p);
2265 + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2266 + const BIGNUM *bnp;
2267 + RSA_get0_factors(rsa, &bnp, NULL);
2268 + return bn2bi(bnp);
2271 virtual BigInteger q() const
2273 - return bn2bi(evp.pkey->pkey.rsa->q);
2274 + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2275 + const BIGNUM *bnq;
2276 + RSA_get0_factors(rsa, NULL, &bnq);
2277 + return bn2bi(bnq);
2280 virtual BigInteger d() const
2282 - return bn2bi(evp.pkey->pkey.rsa->d);
2283 + RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
2284 + const BIGNUM *bnd;
2285 + RSA_get0_key(rsa, NULL, NULL, &bnd);
2286 + return bn2bi(bnd);
2290 @@ -2135,10 +2220,12 @@ public:
2293 DSA *dsa = DSA_new();
2294 - dsa->p = bi2bn(domain.p());
2295 - dsa->q = bi2bn(domain.q());
2296 - dsa->g = bi2bn(domain.g());
2297 - if(!DSA_generate_key(dsa))
2298 + BIGNUM *pne = bi2bn(domain.p()),
2299 + *qne = bi2bn(domain.q()),
2300 + *gne = bi2bn(domain.g());
2302 + if(!DSA_set0_pqg(dsa, pne, qne, gne)
2303 + || !DSA_generate_key(dsa))
2307 @@ -2213,10 +2300,11 @@ public:
2310 // extract the public key into DER format
2311 - int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL);
2312 + DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey);
2313 + int len = i2d_DSAPublicKey(dsa_pkey, NULL);
2314 SecureArray result(len);
2315 unsigned char *p = (unsigned char *)result.data();
2316 - i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p);
2317 + i2d_DSAPublicKey(dsa_pkey, &p);
2318 p = (unsigned char *)result.data();
2320 // put the DER public key back into openssl
2321 @@ -2245,7 +2333,7 @@ public:
2323 transformsig = false;
2325 - evp.startSign(EVP_dss1());
2326 + evp.startSign(EVP_sha1());
2329 virtual void startVerify(SignatureAlgorithm, SignatureFormat format)
2330 @@ -2256,7 +2344,7 @@ public:
2332 transformsig = false;
2334 - evp.startVerify(EVP_dss1());
2335 + evp.startVerify(EVP_sha1());
2338 virtual void update(const MemoryRegion &in)
2339 @@ -2306,13 +2394,14 @@ public:
2342 DSA *dsa = DSA_new();
2343 - dsa->p = bi2bn(domain.p());
2344 - dsa->q = bi2bn(domain.q());
2345 - dsa->g = bi2bn(domain.g());
2346 - dsa->pub_key = bi2bn(y);
2347 - dsa->priv_key = bi2bn(x);
2348 + BIGNUM *bnp = bi2bn(domain.p());
2349 + BIGNUM *bnq = bi2bn(domain.q());
2350 + BIGNUM *bng = bi2bn(domain.g());
2351 + BIGNUM *bnpub_key = bi2bn(y);
2352 + BIGNUM *bnpriv_key = bi2bn(x);
2354 - if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key)
2355 + if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
2356 + || !DSA_set0_key(dsa, bnpub_key, bnpriv_key))
2360 @@ -2328,12 +2417,13 @@ public:
2363 DSA *dsa = DSA_new();
2364 - dsa->p = bi2bn(domain.p());
2365 - dsa->q = bi2bn(domain.q());
2366 - dsa->g = bi2bn(domain.g());
2367 - dsa->pub_key = bi2bn(y);
2368 + BIGNUM *bnp = bi2bn(domain.p());
2369 + BIGNUM *bnq = bi2bn(domain.q());
2370 + BIGNUM *bng = bi2bn(domain.g());
2371 + BIGNUM *bnpub_key = bi2bn(y);
2373 - if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key)
2374 + if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
2375 + || !DSA_set0_key(dsa, bnpub_key, NULL))
2379 @@ -2346,17 +2436,26 @@ public:
2381 virtual DLGroup domain() const
2383 - return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g));
2384 + DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
2385 + const BIGNUM *bnp, *bnq, *bng;
2386 + DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
2387 + return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng));
2390 virtual BigInteger y() const
2392 - return bn2bi(evp.pkey->pkey.dsa->pub_key);
2393 + DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
2394 + const BIGNUM *bnpub_key;
2395 + DSA_get0_key(dsa, &bnpub_key, NULL);
2396 + return bn2bi(bnpub_key);
2399 virtual BigInteger x() const
2401 - return bn2bi(evp.pkey->pkey.dsa->priv_key);
2402 + DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
2403 + const BIGNUM *bnpriv_key;
2404 + DSA_get0_key(dsa, NULL, &bnpriv_key);
2405 + return bn2bi(bnpriv_key);
2409 @@ -2405,9 +2504,10 @@ public:
2413 - dh->p = bi2bn(domain.p());
2414 - dh->g = bi2bn(domain.g());
2415 - if(!DH_generate_key(dh))
2416 + BIGNUM *bnp = bi2bn(domain.p());
2417 + BIGNUM *bng = bi2bn(domain.g());
2418 + if(!DH_set0_pqg(dh, bnp, NULL, bng)
2419 + || !DH_generate_key(dh))
2423 @@ -2479,11 +2579,14 @@ public:
2427 - DH *orig = evp.pkey->pkey.dh;
2428 + DH *orig = EVP_PKEY_get0_DH(evp.pkey);
2430 - dh->p = BN_dup(orig->p);
2431 - dh->g = BN_dup(orig->g);
2432 - dh->pub_key = BN_dup(orig->pub_key);
2433 + const BIGNUM *bnp, *bng, *bnpub_key;
2434 + DH_get0_pqg(orig, &bnp, NULL, &bng);
2435 + DH_get0_key(orig, &bnpub_key, NULL);
2437 + DH_set0_key(dh, BN_dup(bnpub_key), NULL);
2438 + DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng));
2442 @@ -2499,10 +2602,13 @@ public:
2444 virtual SymmetricKey deriveKey(const PKeyBase &theirs)
2446 - DH *dh = evp.pkey->pkey.dh;
2447 - DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh;
2448 + DH *dh = EVP_PKEY_get0_DH(evp.pkey);
2449 + DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey);
2450 + const BIGNUM *bnpub_key;
2451 + DH_get0_key(them, &bnpub_key, NULL);
2453 SecureArray result(DH_size(dh));
2454 - int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh);
2455 + int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh);
2457 return SymmetricKey();
2459 @@ -2532,12 +2638,13 @@ public:
2463 - dh->p = bi2bn(domain.p());
2464 - dh->g = bi2bn(domain.g());
2465 - dh->pub_key = bi2bn(y);
2466 - dh->priv_key = bi2bn(x);
2467 + BIGNUM *bnp = bi2bn(domain.p());
2468 + BIGNUM *bng = bi2bn(domain.g());
2469 + BIGNUM *bnpub_key = bi2bn(y);
2470 + BIGNUM *bnpriv_key = bi2bn(x);
2472 - if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key)
2473 + if(!DH_set0_key(dh, bnpub_key, bnpriv_key)
2474 + || !DH_set0_pqg(dh, bnp, NULL, bng))
2478 @@ -2553,11 +2660,12 @@ public:
2482 - dh->p = bi2bn(domain.p());
2483 - dh->g = bi2bn(domain.g());
2484 - dh->pub_key = bi2bn(y);
2485 + BIGNUM *bnp = bi2bn(domain.p());
2486 + BIGNUM *bng = bi2bn(domain.g());
2487 + BIGNUM *bnpub_key = bi2bn(y);
2489 - if(!dh->p || !dh->g || !dh->pub_key)
2490 + if(!DH_set0_key(dh, bnpub_key, NULL)
2491 + || !DH_set0_pqg(dh, bnp, NULL, bng))
2495 @@ -2570,17 +2678,26 @@ public:
2497 virtual DLGroup domain() const
2499 - return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g));
2500 + DH *dh = EVP_PKEY_get0_DH(evp.pkey);
2501 + const BIGNUM *bnp, *bng;
2502 + DH_get0_pqg(dh, &bnp, NULL, &bng);
2503 + return DLGroup(bn2bi(bnp), bn2bi(bng));
2506 virtual BigInteger y() const
2508 - return bn2bi(evp.pkey->pkey.dh->pub_key);
2509 + DH *dh = EVP_PKEY_get0_DH(evp.pkey);
2510 + const BIGNUM *bnpub_key;
2511 + DH_get0_key(dh, &bnpub_key, NULL);
2512 + return bn2bi(bnpub_key);
2515 virtual BigInteger x() const
2517 - return bn2bi(evp.pkey->pkey.dh->priv_key);
2518 + DH *dh = EVP_PKEY_get0_DH(evp.pkey);
2519 + const BIGNUM *bnpriv_key;
2520 + DH_get0_key(dh, NULL, &bnpriv_key);
2521 + return bn2bi(bnpriv_key);
2525 @@ -2619,10 +2736,14 @@ public:
2528 RSA_set_method(rsa, rsa_method());
2530 rsa->flags |= RSA_FLAG_SIGN_VER;
2532 RSA_set_app_data(rsa, this);
2533 - rsa->n = bi2bn(_key.n());
2534 - rsa->e = bi2bn(_key.e());
2535 + BIGNUM *bnn = bi2bn(_key.n());
2536 + BIGNUM *bne = bi2bn(_key.e());
2538 + RSA_set0_key(rsa, bnn, bne, NULL);
2541 RSA_METHOD *rsa_method()
2542 @@ -2631,12 +2752,16 @@ public:
2546 - ops = new RSA_METHOD(*RSA_get_default_method());
2547 - ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt;
2548 - ops->rsa_priv_dec = rsa_priv_dec;
2549 - ops->rsa_sign = rsa_sign;
2550 - ops->rsa_verify = 0;//pkcs11_rsa_verify;
2551 - ops->finish = rsa_finish;
2552 + ops = RSA_meth_dup(RSA_get_default_method());
2553 + RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt
2554 + RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt
2556 + RSA_meth_set_sign(ops, NULL);
2558 + RSA_meth_set_sign(ops, rsa_sign);
2560 + RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
2561 + RSA_meth_set_finish(ops, rsa_finish);
2565 @@ -2676,6 +2801,7 @@ public:
2570 static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
2572 QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa);
2573 @@ -2692,7 +2818,6 @@ public:
2580 ASN1_TYPE parameter;
2581 @@ -2766,6 +2891,7 @@ public:
2587 static int rsa_finish(RSA *rsa)
2589 @@ -2867,21 +2993,22 @@ public:
2590 PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const
2593 - if(pkey->type == EVP_PKEY_RSA)
2594 + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2595 + if(pkey_type == EVP_PKEY_RSA)
2597 RSAKey *c = new RSAKey(provider());
2602 - else if(pkey->type == EVP_PKEY_DSA)
2603 + else if(pkey_type == EVP_PKEY_DSA)
2605 DSAKey *c = new DSAKey(provider());
2610 - else if(pkey->type == EVP_PKEY_DH)
2611 + else if(pkey_type == EVP_PKEY_DH)
2613 DHKey *c = new DHKey(provider());
2615 @@ -2899,8 +3026,10 @@ public:
2617 EVP_PKEY *pkey = get_pkey();
2619 + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2621 // OpenSSL does not have DH import/export support
2622 - if(pkey->type == EVP_PKEY_DH)
2623 + if(pkey_type == EVP_PKEY_DH)
2624 return QByteArray();
2626 BIO *bo = BIO_new(BIO_s_mem());
2627 @@ -2913,8 +3042,10 @@ public:
2629 EVP_PKEY *pkey = get_pkey();
2631 + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2633 // OpenSSL does not have DH import/export support
2634 - if(pkey->type == EVP_PKEY_DH)
2635 + if(pkey_type == EVP_PKEY_DH)
2638 BIO *bo = BIO_new(BIO_s_mem());
2639 @@ -2979,9 +3110,10 @@ public:
2640 return SecureArray();
2642 EVP_PKEY *pkey = get_pkey();
2643 + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2645 // OpenSSL does not have DH import/export support
2646 - if(pkey->type == EVP_PKEY_DH)
2647 + if(pkey_type == EVP_PKEY_DH)
2648 return SecureArray();
2650 BIO *bo = BIO_new(BIO_s_mem());
2651 @@ -3008,9 +3140,10 @@ public:
2654 EVP_PKEY *pkey = get_pkey();
2655 + int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
2657 // OpenSSL does not have DH import/export support
2658 - if(pkey->type == EVP_PKEY_DH)
2659 + if(pkey_type == EVP_PKEY_DH)
2662 BIO *bo = BIO_new(BIO_s_mem());
2663 @@ -3111,11 +3244,18 @@ public:
2667 - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
2668 + X509_up_ref(cert);
2672 + // Not exposed, so copy
2673 + req = X509_REQ_dup(req);
2675 CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ);
2679 - CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
2680 + X509_CRL_up_ref(crl);
2684 @@ -3221,7 +3361,7 @@ public:
2686 // This code is mostly taken from OpenSSL v0.9.5a
2688 -QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt)
2689 +QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt)
2693 @@ -3319,7 +3459,7 @@ public:
2695 void fromX509(X509 *x)
2697 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2702 @@ -3350,7 +3490,7 @@ public:
2703 if(priv.key()->type() == PKey::RSA)
2705 else if(priv.key()->type() == PKey::DSA)
2711 @@ -3481,7 +3621,7 @@ public:
2713 const MyCertContext *our_cc = this;
2714 X509 *x = our_cc->item.cert;
2715 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2717 sk_X509_push(untrusted_list, x);
2719 const MyCertContext *other_cc = static_cast<const MyCertContext *>(other);
2720 @@ -3596,14 +3736,21 @@ public:
2721 p.policies = get_cert_policies(ex);
2728 + ASN1_BIT_STRING *signature;
2730 + X509_get0_signature(&signature, NULL, x);
2733 - p.sig = QByteArray(x->signature->length, 0);
2734 - for (int i=0; i< x->signature->length; i++)
2735 - p.sig[i] = x->signature->data[i];
2736 + p.sig = QByteArray(signature->length, 0);
2737 + for (int i=0; i< signature->length; i++)
2738 + p.sig[i] = signature->data[i];
2741 - switch( OBJ_obj2nid(x->cert_info->signature->algorithm) )
2743 + switch( X509_get_signature_nid(x) )
2745 case NID_sha1WithRSAEncryption:
2746 p.sigalgo = QCA::EMSA3_SHA1;
2747 @@ -3635,7 +3782,7 @@ public:
2748 p.sigalgo = QCA::EMSA3_SHA512;
2751 - qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm);
2752 + qDebug() << "Unknown signature value: " << X509_get_signature_nid(x);
2753 p.sigalgo = QCA::SignatureUnknown;
2756 @@ -3752,7 +3899,7 @@ public:
2757 if(privateKey -> key()->type() == PKey::RSA)
2759 else if(privateKey -> key()->type() == PKey::DSA)
2765 @@ -3935,7 +4082,7 @@ public:
2766 if(priv.key()->type() == PKey::RSA)
2768 else if(priv.key()->type() == PKey::DSA)
2774 @@ -4096,14 +4243,17 @@ public:
2776 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
2779 + const ASN1_BIT_STRING *signature;
2781 + X509_REQ_get0_signature(x, &signature, NULL);
2784 - p.sig = QByteArray(x->signature->length, 0);
2785 - for (int i=0; i< x->signature->length; i++)
2786 - p.sig[i] = x->signature->data[i];
2787 + p.sig = QByteArray(signature->length, 0);
2788 + for (int i=0; i< signature->length; i++)
2789 + p.sig[i] = signature->data[i];
2792 - switch( OBJ_obj2nid(x->sig_alg->algorithm) )
2793 + switch( X509_REQ_get_signature_nid(x) )
2795 case NID_sha1WithRSAEncryption:
2796 p.sigalgo = QCA::EMSA3_SHA1;
2797 @@ -4123,7 +4273,7 @@ public:
2798 p.sigalgo = QCA::EMSA1_SHA1;
2801 - qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
2802 + qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x);
2803 p.sigalgo = QCA::SignatureUnknown;
2806 @@ -4187,7 +4337,7 @@ public:
2808 void fromX509(X509_CRL *x)
2810 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
2811 + X509_CRL_up_ref(x);
2815 @@ -4232,15 +4382,15 @@ public:
2817 issuer = get_cert_name(X509_CRL_get_issuer(x));
2819 - p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_lastUpdate(x), NULL);
2820 - p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_nextUpdate(x), NULL);
2821 + p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_lastUpdate(x), NULL);
2822 + p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_nextUpdate(x), NULL);
2824 STACK_OF(X509_REVOKED)* revokeStack = X509_CRL_get_REVOKED(x);
2826 for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) {
2827 X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i);
2828 - BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL));
2829 - QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL);
2830 + BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL));
2831 + QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL);
2832 QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified;
2833 int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1);
2835 @@ -4289,13 +4439,18 @@ public:
2836 p.revoked.append(thisEntry);
2840 + const ASN1_BIT_STRING *signature;
2842 + X509_CRL_get0_signature(x, &signature, NULL);
2845 - p.sig = QByteArray(x->signature->length, 0);
2846 - for (int i=0; i< x->signature->length; i++)
2847 - p.sig[i] = x->signature->data[i];
2848 + p.sig = QByteArray(signature->length, 0);
2849 + for (int i=0; i< signature->length; i++)
2850 + p.sig[i] = signature->data[i];
2852 - switch( OBJ_obj2nid(x->sig_alg->algorithm) )
2855 + switch( X509_CRL_get_signature_nid(x) )
2857 case NID_sha1WithRSAEncryption:
2858 p.sigalgo = QCA::EMSA3_SHA1;
2859 @@ -4327,7 +4482,7 @@ public:
2860 p.sigalgo = QCA::EMSA3_SHA512;
2863 - qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
2864 + qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x);
2865 p.sigalgo = QCA::SignatureUnknown;
2868 @@ -4488,21 +4643,21 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
2870 const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
2871 X509 *x = cc->item.cert;
2872 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2874 sk_X509_push(trusted_list, x);
2876 for(n = 0; n < untrusted.count(); ++n)
2878 const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]);
2879 X509 *x = cc->item.cert;
2880 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2882 sk_X509_push(untrusted_list, x);
2884 for(n = 0; n < crls.count(); ++n)
2886 const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
2887 X509_CRL *x = cc->item.crl;
2888 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
2889 + X509_CRL_up_ref(x);
2893 @@ -4527,7 +4682,7 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
2894 int ret = X509_verify_cert(ctx);
2898 + err = X509_STORE_CTX_get_error(ctx);
2901 X509_STORE_CTX_free(ctx);
2902 @@ -4561,21 +4716,21 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
2904 const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
2905 X509 *x = cc->item.cert;
2906 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2908 sk_X509_push(trusted_list, x);
2910 for(n = 1; n < chain.count(); ++n)
2912 const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]);
2913 X509 *x = cc->item.cert;
2914 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2916 sk_X509_push(untrusted_list, x);
2918 for(n = 0; n < crls.count(); ++n)
2920 const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
2921 X509_CRL *x = cc->item.crl;
2922 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
2923 + X509_CRL_up_ref(x);
2927 @@ -4600,7 +4755,7 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
2928 int ret = X509_verify_cert(ctx);
2932 + err = X509_STORE_CTX_get_error(ctx);
2934 // grab the chain, which may not be fully populated
2935 STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx);
2936 @@ -4664,7 +4819,7 @@ public:
2937 for(int n = 1; n < chain.count(); ++n)
2939 X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert;
2940 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
2942 sk_X509_push(ca, x);
2945 @@ -5399,7 +5554,7 @@ public:
2946 OpenSSL_add_ssl_algorithms();
2949 -#ifndef OPENSSL_NO_SSL2
2950 +#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110)
2952 ctx = SSL_CTX_new(SSLv2_client_method());
2954 @@ -5430,8 +5585,8 @@ public:
2955 STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
2956 QStringList cipherList;
2957 for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
2958 - SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
2959 - cipherList += cipherIDtoString(version, thisCipher->id);
2960 + const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
2961 + cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher));
2965 @@ -5808,13 +5963,15 @@ public:
2967 SessionInfo sessInfo;
2969 - sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
2970 + SSL_SESSION *session = SSL_get0_session(ssl);
2971 + sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session));
2972 + int ssl_version = SSL_version(ssl);
2974 - if (ssl->version == TLS1_VERSION)
2975 + if (ssl_version == TLS1_VERSION)
2976 sessInfo.version = TLS::TLS_v1;
2977 - else if (ssl->version == SSL3_VERSION)
2978 + else if (ssl_version == SSL3_VERSION)
2979 sessInfo.version = TLS::SSL_v3;
2980 - else if (ssl->version == SSL2_VERSION)
2981 + else if (ssl_version == SSL2_VERSION)
2982 sessInfo.version = TLS::SSL_v2;
2984 qDebug("unexpected version response");
2985 @@ -5822,7 +5979,7 @@ public:
2988 sessInfo.cipherSuite = cipherIDtoString( sessInfo.version,
2989 - SSL_get_current_cipher(ssl)->id);
2990 + SSL_CIPHER_get_id(SSL_get_current_cipher(ssl)));
2992 sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
2994 @@ -6394,7 +6551,7 @@ public:
2995 for(int n = 0; n < nonroots.count(); ++n)
2997 X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert;
2998 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
3000 sk_X509_push(other_certs, x);
3003 @@ -6436,7 +6593,7 @@ public:
3005 other_certs = sk_X509_new_null();
3006 X509 *x = static_cast<MyCertContext *>(target.context())->item.cert;
3007 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
3009 sk_X509_push(other_certs, x);
3011 bi = BIO_new(BIO_s_mem());
3012 @@ -6499,7 +6656,7 @@ public:
3013 for(int n = 0; n < untrusted_list.count(); ++n)
3015 X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert;
3016 - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
3018 sk_X509_push(other_certs, x);
3021 @@ -6750,14 +6907,28 @@ public:
3022 opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type)
3024 m_cryptoAlgorithm = algorithm;
3025 - EVP_CIPHER_CTX_init(&m_context);
3026 + m_context = EVP_CIPHER_CTX_new();
3027 + EVP_CIPHER_CTX_init(m_context);
3032 + opensslCipherContext(const opensslCipherContext &other)
3033 + : CipherContext(other)
3035 + m_cryptoAlgorithm = other.m_cryptoAlgorithm;
3036 + m_context = EVP_CIPHER_CTX_new();
3037 + EVP_CIPHER_CTX_copy(m_context, other.m_context);
3038 + m_direction = other.m_direction;
3039 + m_pad = other.m_pad;
3040 + m_type = other.m_type;
3041 + m_tag = other.m_tag;
3044 ~opensslCipherContext()
3046 - EVP_CIPHER_CTX_cleanup(&m_context);
3047 + EVP_CIPHER_CTX_cleanup(m_context);
3048 + EVP_CIPHER_CTX_free(m_context);
3051 void setup(Direction dir,
3052 @@ -6772,28 +6943,28 @@ public:
3053 m_cryptoAlgorithm = EVP_des_ede();
3055 if (Encode == m_direction) {
3056 - EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
3057 - EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
3058 + EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
3059 + EVP_CIPHER_CTX_set_key_length(m_context, key.size());
3060 if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
3061 int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
3062 - EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
3063 + EVP_CIPHER_CTX_ctrl(m_context, parameter, iv.size(), NULL);
3065 - EVP_EncryptInit_ex(&m_context, 0, 0,
3066 + EVP_EncryptInit_ex(m_context, 0, 0,
3067 (const unsigned char*)(key.data()),
3068 (const unsigned char*)(iv.data()));
3070 - EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
3071 - EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
3072 + EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
3073 + EVP_CIPHER_CTX_set_key_length(m_context, key.size());
3074 if (m_type.endsWith("gcm") || m_type.endsWith("ccm")) {
3075 int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_IVLEN : EVP_CTRL_CCM_SET_IVLEN;
3076 - EVP_CIPHER_CTX_ctrl(&m_context, parameter, iv.size(), NULL);
3077 + EVP_CIPHER_CTX_ctrl(m_context, parameter, iv.size(), NULL);
3079 - EVP_DecryptInit_ex(&m_context, 0, 0,
3080 + EVP_DecryptInit_ex(m_context, 0, 0,
3081 (const unsigned char*)(key.data()),
3082 (const unsigned char*)(iv.data()));
3085 - EVP_CIPHER_CTX_set_padding(&m_context, m_pad);
3086 + EVP_CIPHER_CTX_set_padding(m_context, m_pad);
3089 Provider::Context *clone() const
3090 @@ -6803,7 +6974,7 @@ public:
3092 int blockSize() const
3094 - return EVP_CIPHER_CTX_block_size(&m_context);
3095 + return EVP_CIPHER_CTX_block_size(m_context);
3099 @@ -6821,7 +6992,7 @@ public:
3100 out->resize(in.size()+blockSize());
3102 if (Encode == m_direction) {
3103 - if (0 == EVP_EncryptUpdate(&m_context,
3104 + if (0 == EVP_EncryptUpdate(m_context,
3105 (unsigned char*)out->data(),
3107 (unsigned char*)in.data(),
3108 @@ -6829,7 +7000,7 @@ public:
3112 - if (0 == EVP_DecryptUpdate(&m_context,
3113 + if (0 == EVP_DecryptUpdate(m_context,
3114 (unsigned char*)out->data(),
3116 (unsigned char*)in.data(),
3117 @@ -6846,25 +7017,25 @@ public:
3118 out->resize(blockSize());
3120 if (Encode == m_direction) {
3121 - if (0 == EVP_EncryptFinal_ex(&m_context,
3122 + if (0 == EVP_EncryptFinal_ex(m_context,
3123 (unsigned char*)out->data(),
3127 if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
3128 int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_GET_TAG : EVP_CTRL_CCM_GET_TAG;
3129 - if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) {
3130 + if (0 == EVP_CIPHER_CTX_ctrl(m_context, parameter, m_tag.size(), (unsigned char*)m_tag.data())) {
3135 if (m_tag.size() && (m_type.endsWith("gcm") || m_type.endsWith("ccm"))) {
3136 int parameter = m_type.endsWith("gcm") ? EVP_CTRL_GCM_SET_TAG : EVP_CTRL_CCM_SET_TAG;
3137 - if (0 == EVP_CIPHER_CTX_ctrl(&m_context, parameter, m_tag.size(), m_tag.data())) {
3138 + if (0 == EVP_CIPHER_CTX_ctrl(m_context, parameter, m_tag.size(), m_tag.data())) {
3142 - if (0 == EVP_DecryptFinal_ex(&m_context,
3143 + if (0 == EVP_DecryptFinal_ex(m_context,
3144 (unsigned char*)out->data(),
3147 @@ -6899,7 +7070,7 @@ public:
3151 - EVP_CIPHER_CTX m_context;
3152 + EVP_CIPHER_CTX *m_context;
3153 const EVP_CIPHER *m_cryptoAlgorithm;
3154 Direction m_direction;