From 6caabfd9158cf7016824d997add7dc49a56ee395 Mon Sep 17 00:00:00 2001 From: Stefan Strogin Date: Sat, 28 Nov 2020 06:12:22 +0200 Subject: [PATCH] QSslSocket: add LibreSSL support Upstream-Status: Inappropriate [Upstream is not willing to accept any patches for LibreSSL support] Signed-off-by: Stefan Strogin Signed-off-by: orbea [ismael@iodev.co.uk: Fixed failing hunks] [ismael@iodev.co.uk: Updated for v5.15.7] Signed-off-by: Ismael Luceno --- src/network/ssl/qsslcertificate_openssl.cpp | 2 +- src/network/ssl/qsslcontext_openssl.cpp | 15 ++++++--- src/network/ssl/qsslcontext_openssl_p.h | 10 ++++++ .../ssl/qsslsocket_openssl_symbols.cpp | 27 ++++++++++++++++ .../ssl/qsslsocket_openssl_symbols_p.h | 31 +++++++++++++++++++ 5 files changed, 79 insertions(+), 6 deletions(-) diff --git a/src/network/ssl/qsslcertificate_openssl.cpp b/src/network/ssl/qsslcertificate_openssl.cpp index d1794d4dbd75..1f1aa5edb36c 100644 --- a/src/network/ssl/qsslcertificate_openssl.cpp +++ b/src/network/ssl/qsslcertificate_openssl.cpp @@ -727,7 +727,7 @@ static QMultiMap _q_mapFromX509Name(X509_NAME *name) unsigned char *data = nullptr; int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); info.insert(name, QString::fromUtf8((char*)data, size)); -#if QT_CONFIG(opensslv11) +#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER) q_CRYPTO_free(data, nullptr, 0); #else q_CRYPTO_free(data); diff --git a/src/network/ssl/qsslcontext_openssl.cpp b/src/network/ssl/qsslcontext_openssl.cpp index c9f202f57318..3d48eba93cf2 100644 --- a/src/network/ssl/qsslcontext_openssl.cpp +++ b/src/network/ssl/qsslcontext_openssl.cpp @@ -77,9 +77,9 @@ extern "C" int q_verify_cookie_callback(SSL *ssl, const unsigned char *cookie, } #endif // dtls -#ifdef TLS1_3_VERSION +#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER) extern "C" int q_ssl_sess_set_new_cb(SSL *context, SSL_SESSION *session); -#endif // TLS1_3_VERSION +#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER // Defined in qsslsocket.cpp QList q_getDefaultDtlsCiphers(); @@ -351,9 +351,11 @@ init_context: return; } +#ifndef LIBRESSL_VERSION_NUMBER // A nasty hacked OpenSSL using a level that will make our auto-tests fail: if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel()) q_SSL_CTX_set_security_level(sslContext->ctx, 1); +#endif // LIBRESSL_VERSION_NUMBER const long anyVersion = #if QT_CONFIG(dtls) @@ -627,14 +629,14 @@ init_context: q_X509Callback); } -#ifdef TLS1_3_VERSION +#if defined(TLS1_3_VERSION) && !defined(LIBRESSL_VERSION_NUMBER) // NewSessionTicket callback: if (mode == QSslSocket::SslClientMode && !isDtls) { q_SSL_CTX_sess_set_new_cb(sslContext->ctx, q_ssl_sess_set_new_cb); q_SSL_CTX_set_session_cache_mode(sslContext->ctx, SSL_SESS_CACHE_CLIENT); } -#endif // TLS1_3_VERSION +#endif // TLS1_3_VERSION && LIBRESSL_VERSION_NUMBER #if QT_CONFIG(dtls) // DTLS cookies: @@ -722,6 +724,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext) } #endif // ocsp +#ifndef LIBRESSL_VERSION_NUMBER QSharedPointer cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free); if (cctx) { q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx); @@ -768,7 +771,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslContext) sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed")); sslContext->errorCode = QSslError::UnspecifiedError; } - } else { + } else +#endif // LIBRESSL_VERSION_NUMBER + { sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_CTX_new() failed")); sslContext->errorCode = QSslError::UnspecifiedError; } diff --git a/src/network/ssl/qsslcontext_openssl_p.h b/src/network/ssl/qsslcontext_openssl_p.h index 70cb97aad82e..ca76aaa353aa 100644 --- a/src/network/ssl/qsslcontext_openssl_p.h +++ b/src/network/ssl/qsslcontext_openssl_p.h @@ -61,6 +61,16 @@ QT_BEGIN_NAMESPACE +#ifndef DTLS_ANY_VERSION +#define DTLS_ANY_VERSION 0x1FFFF +#endif +#ifndef DTLS_MAX_VERSION +#define DTLS_MAX_VERSION 0x0FEFD +#endif +#ifndef TLS_ANY_VERSION +#define TLS_ANY_VERSION 0x10000 +#endif + #ifndef QT_NO_SSL class QSslContextPrivate; diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp index 368e25345fb3..1ebf24eaadea 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols.cpp +++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp @@ -145,22 +145,35 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return) +#ifdef OPENSSL_NO_DEPRECATED_3_0 DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return) DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return) +#endif // OPENSSL_NO_DEPRECATED_3_0 DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) +#ifndef LIBRESSL_VERSION_NUMBER DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) +#else +DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) +DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) +DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) +DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) +DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) +DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return) +#endif // LIBRESSL_VERSION_NUMBER DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) +#ifndef LIBRESSL_VERSION_NUMBER DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return) DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return) +#endif // LIBRESSL_VERSION_NUMBER #ifdef TLS1_3_VERSION DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return) DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG) @@ -186,7 +199,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_ver DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return) DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return) DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return) +#ifndef LIBRESSL_VERSION_NUMBER DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG) +#else +DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) +#endif DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return) DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return) DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return) @@ -359,12 +376,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a, EVP_PKEY *b, b, return - DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return) DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return) DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return) +#ifndef LIBRESSL_VERSION_NUMBER DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return); DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return); DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return); DEFINEFUNC2(unsigned int, SSL_CONF_CTX_set_flags, SSL_CONF_CTX *a, a, unsigned int b, b, return 0, return); DEFINEFUNC(int, SSL_CONF_CTX_finish, SSL_CONF_CTX *a, a, return 0, return); DEFINEFUNC3(int, SSL_CONF_cmd, SSL_CONF_CTX *a, a, const char *b, b, const char *c, c, return 0, return); +#endif DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG) DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return) DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return) @@ -858,21 +877,27 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(EVP_CIPHER_CTX_reset) RESOLVEFUNC(AUTHORITY_INFO_ACCESS_free) RESOLVEFUNC(EVP_PKEY_up_ref) +#ifdef OPENSSL_NO_DEPRECATED_3_0 RESOLVEFUNC(EVP_PKEY_CTX_new) RESOLVEFUNC(EVP_PKEY_param_check) RESOLVEFUNC(EVP_PKEY_CTX_free) +#endif // OPENSSL_NO_DEPRECATED_3_0 RESOLVEFUNC(EVP_PKEY_base_id) RESOLVEFUNC(RSA_bits) +#ifndef LIBRESSL_VERSION_NUMBER RESOLVEFUNC(OPENSSL_sk_new_null) RESOLVEFUNC(OPENSSL_sk_push) RESOLVEFUNC(OPENSSL_sk_free) RESOLVEFUNC(OPENSSL_sk_num) RESOLVEFUNC(OPENSSL_sk_pop_free) RESOLVEFUNC(OPENSSL_sk_value) +#endif RESOLVEFUNC(DH_get0_pqg) RESOLVEFUNC(SSL_CTX_set_options) +#ifndef LIBRESSL_VERSION_NUMBER RESOLVEFUNC(SSL_CTX_get_security_level) RESOLVEFUNC(SSL_CTX_set_security_level) +#endif // LIBRESSL_VERSION_NUMBER #ifdef TLS1_3_VERSION RESOLVEFUNC(SSL_CTX_set_ciphersuites) RESOLVEFUNC(SSL_set_psk_use_session_callback) @@ -1085,12 +1110,14 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey) RESOLVEFUNC(SSL_CTX_use_PrivateKey_file) RESOLVEFUNC(SSL_CTX_get_cert_store); +#ifndef LIBRESSL_VERSION_NUMBER RESOLVEFUNC(SSL_CONF_CTX_new); RESOLVEFUNC(SSL_CONF_CTX_free); RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx); RESOLVEFUNC(SSL_CONF_CTX_set_flags); RESOLVEFUNC(SSL_CONF_CTX_finish); RESOLVEFUNC(SSL_CONF_cmd); +#endif RESOLVEFUNC(SSL_accept) RESOLVEFUNC(SSL_clear) RESOLVEFUNC(SSL_connect) diff --git a/src/network/ssl/qsslsocket_openssl_symbols_p.h b/src/network/ssl/qsslsocket_openssl_symbols_p.h index 95e8897a3b8d..38c82ab15bd3 100644 --- a/src/network/ssl/qsslsocket_openssl_symbols_p.h +++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -80,6 +80,13 @@ QT_BEGIN_NAMESPACE #define DUMMYARG +#ifdef LIBRESSL_VERSION_NUMBER +typedef _STACK STACK; +typedef STACK OPENSSL_STACK; +typedef void OPENSSL_INIT_SETTINGS; +typedef int (*X509_STORE_CTX_verify_cb)(int ok,X509_STORE_CTX *ctx); +#endif + #if !defined QT_LINKED_OPENSSL // **************** Shared declarations ****************** // ret func(arg) @@ -234,17 +241,34 @@ int q_DSA_bits(DSA *a); void q_AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a); int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a); +#ifdef OPENSSL_NO_DEPRECATED_3_0 EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +#endif // OPENSSL_NO_DEPRECATED_3_0 int q_EVP_PKEY_base_id(EVP_PKEY *a); int q_RSA_bits(RSA *a); +#ifndef LIBRESSL_VERSION_NUMBER Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a); Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null(); Q_AUTOTEST_EXPORT void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK *a); Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); +#else // LIBRESSL_VERSION_NUMBER +int q_sk_num(STACK *a); +#define q_OPENSSL_sk_num(a) q_sk_num(a) +void q_sk_pop_free(STACK *a, void (*b)(void *)); +#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b) +STACK *q_sk_new_null(); +#define q_OPENSSL_sk_new_null() q_sk_new_null() +void q_sk_push(STACK *st, void *data); +#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data) +void q_sk_free(STACK *a); +#define q_OPENSSL_sk_free q_sk_free +void *q_sk_value(STACK *a, int b); +#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b) +#endif // LIBRESSL_VERSION_NUMBER int q_SSL_session_reused(SSL *a); unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); @@ -498,12 +522,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b); int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b); int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c); X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a); +#ifndef LIBRESSL_VERSION_NUMBER SSL_CONF_CTX *q_SSL_CONF_CTX_new(); void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a); void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b); unsigned int q_SSL_CONF_CTX_set_flags(SSL_CONF_CTX *a, unsigned int b); int q_SSL_CONF_CTX_finish(SSL_CONF_CTX *a); int q_SSL_CONF_cmd(SSL_CONF_CTX *a, const char *b, const char *c); +#endif void q_SSL_free(SSL *a); STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a); const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a); @@ -748,8 +774,13 @@ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); void *q_CRYPTO_malloc(size_t num, const char *file, int line); #define q_OPENSSL_malloc(num) q_CRYPTO_malloc(num, "", 0) +#ifndef LIBRESSL_VERSION_NUMBER void q_CRYPTO_free(void *str, const char *file, int line); #define q_OPENSSL_free(addr) q_CRYPTO_free(addr, "", 0) +#else +void q_CRYPTO_free(void *a); +#define q_OPENSSL_free q_CRYPTO_free +#endif int q_SSL_CTX_get_security_level(const SSL_CTX *ctx); void q_SSL_CTX_set_security_level(SSL_CTX *ctx, int level); -- 2.38.1