1/****************************************************************************
2**
3** Copyright (C) 2017 The Qt Company Ltd.
4** Copyright (C) 2014 BlackBerry Limited. All rights reserved.
5** Copyright (C) 2016 Richard J. Moore <rich@kde.org>
6** Contact: https://www.qt.io/licensing/
7**
8** This file is part of the QtNetwork module of the Qt Toolkit.
9**
10** $QT_BEGIN_LICENSE:LGPL$
11** Commercial License Usage
12** Licensees holding valid commercial Qt licenses may use this file in
13** accordance with the commercial license agreement provided with the
14** Software or, alternatively, in accordance with the terms contained in
15** a written agreement between you and The Qt Company. For licensing terms
16** and conditions see https://www.qt.io/terms-conditions. For further
17** information use the contact form at https://www.qt.io/contact-us.
18**
19** GNU Lesser General Public License Usage
20** Alternatively, this file may be used under the terms of the GNU Lesser
21** General Public License version 3 as published by the Free Software
22** Foundation and appearing in the file LICENSE.LGPL3 included in the
23** packaging of this file. Please review the following information to
24** ensure the GNU Lesser General Public License version 3 requirements
25** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
26**
27** GNU General Public License Usage
28** Alternatively, this file may be used under the terms of the GNU
29** General Public License version 2.0 or (at your option) the GNU General
30** Public license version 3 or any later version approved by the KDE Free
31** Qt Foundation. The licenses are as published by the Free Software
32** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
33** included in the packaging of this file. Please review the following
34** information to ensure the GNU General Public License requirements will
35** be met: https://www.gnu.org/licenses/gpl-2.0.html and
36** https://www.gnu.org/licenses/gpl-3.0.html.
37**
38** $QT_END_LICENSE$
39**
40****************************************************************************/
41
42/****************************************************************************
43**
44** In addition, as a special exception, the copyright holders listed above give
45** permission to link the code of its release of Qt with the OpenSSL project's
46** "OpenSSL" library (or modified versions of the "OpenSSL" library that use the
47** same license as the original version), and distribute the linked executables.
48**
49** You must comply with the GNU General Public License version 2 in all
50** respects for all of the code used other than the "OpenSSL" code. If you
51** modify this file, you may extend this exception to your version of the file,
52** but you are not obligated to do so. If you do not wish to do so, delete
53** this exception statement from your version of this file.
54**
55****************************************************************************/
56
57#include "qssl_p.h"
58#include "qsslsocket_openssl_symbols_p.h"
59
60#ifdef Q_OS_WIN
61# include <private/qsystemlibrary_p.h>
62#elif QT_CONFIG(library)
63# include <QtCore/qlibrary.h>
64#endif
65#include <QtCore/qmutex.h>
66#include <QtCore/qdatetime.h>
67#if defined(Q_OS_UNIX)
68#include <QtCore/qdir.h>
69#endif
70#include <QtCore/private/qmemory_p.h>
71#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
72#include <link.h>
73#endif
74#ifdef Q_OS_DARWIN
75#include "private/qcore_mac_p.h"
76#endif
77
78#include <algorithm>
79
80QT_BEGIN_NAMESPACE
81
82/*
83 Note to maintainer:
84 -------------------
85
86 We load OpenSSL symbols dynamically. Because symbols are known to
87 disappear, and signatures sometimes change, between releases, we need to
88 be careful about how this is done. To ensure we don't end up dereferencing
89 null function pointers, and continue running even if certain functions are
90 missing, we define helper functions for each of the symbols we load from
91 OpenSSL, all prefixed with "q_" (declared in
92 qsslsocket_openssl_symbols_p.h). So instead of calling SSL_connect
93 directly, we call q_SSL_connect, which is a function that checks if the
94 actual SSL_connect fptr is null, and returns a failure if it is, or calls
95 SSL_connect if it isn't.
96
97 This requires a somewhat tedious process of declaring each function we
98 want to call in OpenSSL thrice: once with the q_, in _p.h, once using the
99 DEFINEFUNC macros below, and once in the function that actually resolves
100 the symbols, below the DEFINEFUNC declarations below.
101
102 There's one DEFINEFUNC macro declared for every number of arguments
103 exposed by OpenSSL (feel free to extend when needed). The easiest thing to
104 do is to find an existing entry that matches the arg count of the function
105 you want to import, and do the same.
106
107 The first macro arg is the function return type. The second is the
108 verbatim name of the function/symbol. Then follows a list of N pairs of
109 argument types with a variable name, and just the variable name (char *a,
110 a, char *b, b, etc). Finally there's two arguments - a suitable return
111 statement for the error case (for an int function, return 0 or return -1
112 is usually right). Then either just "return" or DUMMYARG, the latter being
113 for void functions.
114
115 Note: Take into account that these macros and declarations are processed
116 at compile-time, and the result depends on the OpenSSL headers the
117 compiling host has installed, but the symbols are resolved at run-time,
118 possibly with a different version of OpenSSL.
119*/
120
121#ifndef QT_LINKED_OPENSSL
122
123namespace {
124void qsslSocketUnresolvedSymbolWarning(const char *functionName)
125{
126 qCWarning(lcSsl, "QSslSocket: cannot call unresolved function %s", functionName);
127}
128
129#if QT_CONFIG(library)
130void qsslSocketCannotResolveSymbolWarning(const char *functionName)
131{
132 qCWarning(lcSsl, "QSslSocket: cannot resolve %s", functionName);
133}
134#endif
135
136}
137
138#endif // QT_LINKED_OPENSSL
139
140DEFINEFUNC(const unsigned char *, ASN1_STRING_get0_data, const ASN1_STRING *a, a, return nullptr, return)
141DEFINEFUNC2(int, OPENSSL_init_ssl, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return)
142DEFINEFUNC2(int, OPENSSL_init_crypto, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return)
143DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return nullptr, return)
144DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return)
145DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return)
146DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return)
147DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return)
148DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return)
149DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return)
150DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return)
151DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return)
152DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return)
153DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return)
154DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return)
155DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
156DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return)
157DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG)
158DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
159DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
160DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
161DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
162DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return)
163DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return)
164#ifdef TLS1_3_VERSION
165DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
166DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
167DEFINEFUNC2(void, SSL_CTX_sess_set_new_cb, SSL_CTX *ctx, ctx, NewSessionCallback cb, cb, return, return)
168DEFINEFUNC(int, SSL_SESSION_is_resumable, const SSL_SESSION *s, s, return 0, return)
169#endif
170DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return)
171DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return)
172DEFINEFUNC6(int, CRYPTO_get_ex_new_index, int class_index, class_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return)
173DEFINEFUNC2(unsigned long, SSL_set_options, SSL *ssl, ssl, unsigned long op, op, return 0, return)
174
175DEFINEFUNC(const SSL_METHOD *, TLS_method, DUMMYARG, DUMMYARG, return nullptr, return)
176DEFINEFUNC(const SSL_METHOD *, TLS_client_method, DUMMYARG, DUMMYARG, return nullptr, return)
177DEFINEFUNC(const SSL_METHOD *, TLS_server_method, DUMMYARG, DUMMYARG, return nullptr, return)
178DEFINEFUNC(void, X509_up_ref, X509 *a, a, return, DUMMYARG)
179DEFINEFUNC(ASN1_TIME *, X509_getm_notBefore, X509 *a, a, return nullptr, return)
180DEFINEFUNC(ASN1_TIME *, X509_getm_notAfter, X509 *a, a, return nullptr, return)
181DEFINEFUNC2(void, ASN1_item_free, ASN1_VALUE *val, val, const ASN1_ITEM *it, it, return, return)
182DEFINEFUNC(void, X509V3_conf_free, CONF_VALUE *val, val, return, return)
183DEFINEFUNC(long, X509_get_version, X509 *a, a, return -1, return)
184DEFINEFUNC(EVP_PKEY *, X509_get_pubkey, X509 *a, a, return nullptr, return)
185DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE *a, a, X509_STORE_CTX_verify_cb verify_cb, verify_cb, return, DUMMYARG)
186DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return)
187DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return)
188DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return)
189DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG)
190DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
191DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
192DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
193DEFINEFUNC4(void, DH_get0_pqg, const DH *dh, dh, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, DUMMYARG)
194DEFINEFUNC(int, DH_bits, DH *dh, dh, return 0, return)
195
196#if QT_CONFIG(dtls)
197DEFINEFUNC2(int, DTLSv1_listen, SSL *s, s, BIO_ADDR *c, c, return -1, return)
198DEFINEFUNC(BIO_ADDR *, BIO_ADDR_new, DUMMYARG, DUMMYARG, return nullptr, return)
199DEFINEFUNC(void, BIO_ADDR_free, BIO_ADDR *ap, ap, return, DUMMYARG)
200DEFINEFUNC2(BIO_METHOD *, BIO_meth_new, int type, type, const char *name, name, return nullptr, return)
201DEFINEFUNC(void, BIO_meth_free, BIO_METHOD *biom, biom, return, DUMMYARG)
202DEFINEFUNC2(int, BIO_meth_set_write, BIO_METHOD *biom, biom, DgramWriteCallback write, write, return 0, return)
203DEFINEFUNC2(int, BIO_meth_set_read, BIO_METHOD *biom, biom, DgramReadCallback read, read, return 0, return)
204DEFINEFUNC2(int, BIO_meth_set_puts, BIO_METHOD *biom, biom, DgramPutsCallback puts, puts, return 0, return)
205DEFINEFUNC2(int, BIO_meth_set_ctrl, BIO_METHOD *biom, biom, DgramCtrlCallback ctrl, ctrl, return 0, return)
206DEFINEFUNC2(int, BIO_meth_set_create, BIO_METHOD *biom, biom, DgramCreateCallback crt, crt, return 0, return)
207DEFINEFUNC2(int, BIO_meth_set_destroy, BIO_METHOD *biom, biom, DgramDestroyCallback dtr, dtr, return 0, return)
208#endif // dtls
209
210#if QT_CONFIG(ocsp)
211DEFINEFUNC(const OCSP_CERTID *, OCSP_SINGLERESP_get0_id, const OCSP_SINGLERESP *x, x, return nullptr, return)
212DEFINEFUNC3(OCSP_RESPONSE *, d2i_OCSP_RESPONSE, OCSP_RESPONSE **a, a, const unsigned char **in, in, long len, len, return nullptr, return)
213DEFINEFUNC(void, OCSP_RESPONSE_free, OCSP_RESPONSE *rs, rs, return, DUMMYARG)
214DEFINEFUNC(OCSP_BASICRESP *, OCSP_response_get1_basic, OCSP_RESPONSE *resp, resp, return nullptr, return)
215DEFINEFUNC(void, OCSP_BASICRESP_free, OCSP_BASICRESP *bs, bs, return, DUMMYARG)
216DEFINEFUNC(int, OCSP_response_status, OCSP_RESPONSE *resp, resp, return OCSP_RESPONSE_STATUS_INTERNALERROR, return)
217DEFINEFUNC4(int, OCSP_basic_verify, OCSP_BASICRESP *bs, bs, STACK_OF(X509) *certs, certs, X509_STORE *st, st, unsigned long flags, flags, return -1, return)
218DEFINEFUNC(int, OCSP_resp_count, OCSP_BASICRESP *bs, bs, return 0, return)
219DEFINEFUNC2(OCSP_SINGLERESP *, OCSP_resp_get0, OCSP_BASICRESP *bs, bs, int idx, idx, return nullptr, return)
220DEFINEFUNC5(int, OCSP_single_get0_status, OCSP_SINGLERESP *single, single, int *reason, reason, ASN1_GENERALIZEDTIME **revtime, revtime,
221 ASN1_GENERALIZEDTIME **thisupd, thisupd, ASN1_GENERALIZEDTIME **nextupd, nextupd, return -1, return)
222DEFINEFUNC4(int, OCSP_check_validity, ASN1_GENERALIZEDTIME *thisupd, thisupd, ASN1_GENERALIZEDTIME *nextupd, nextupd, long nsec, nsec, long maxsec, maxsec, return 0, return)
223DEFINEFUNC3(OCSP_CERTID *, OCSP_cert_to_id, const EVP_MD *dgst, dgst, X509 *subject, subject, X509 *issuer, issuer, return nullptr, return)
224DEFINEFUNC(void, OCSP_CERTID_free, OCSP_CERTID *cid, cid, return, DUMMYARG)
225DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING **piNameHash, piNameHash, ASN1_OBJECT **pmd, pmd,
226 ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid,
227 return 0, return)
228DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return)
229DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return)
230DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return)
231DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s,
232 int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return)
233DEFINEFUNC(OCSP_BASICRESP *, OCSP_BASICRESP_new, DUMMYARG, DUMMYARG, return nullptr, return)
234DEFINEFUNC2(int, i2d_OCSP_RESPONSE, OCSP_RESPONSE *r, r, unsigned char **ppout, ppout, return 0, return)
235DEFINEFUNC6(int, OCSP_basic_sign, OCSP_BASICRESP *br, br, X509 *signer, signer, EVP_PKEY *key, key,
236 const EVP_MD *dg, dg, STACK_OF(X509) *cs, cs, unsigned long flags, flags, return 0, return)
237#endif // ocsp
238
239DEFINEFUNC(void, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS *p, p, return, return)
240DEFINEFUNC2(void, BIO_set_data, BIO *a, a, void *ptr, ptr, return, DUMMYARG)
241DEFINEFUNC(void *, BIO_get_data, BIO *a, a, return nullptr, return)
242DEFINEFUNC2(void, BIO_set_init, BIO *a, a, int init, init, return, DUMMYARG)
243DEFINEFUNC(int, BIO_get_shutdown, BIO *a, a, return -1, return)
244DEFINEFUNC2(void, BIO_set_shutdown, BIO *a, a, int shut, shut, return, DUMMYARG)
245
246DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return)
247DEFINEFUNC2(int, ASN1_INTEGER_cmp, const ASN1_INTEGER *a, a, const ASN1_INTEGER *b, b, return 1, return)
248DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return)
249DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return)
250DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return)
251DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
252DEFINEFUNC2(BIO *, BIO_new_mem_buf, void *a, a, int b, b, return nullptr, return)
253DEFINEFUNC3(int, BIO_read, BIO *a, a, void *b, b, int c, c, return -1, return)
254
255DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return)
256DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
257DEFINEFUNC2(BN_ULONG, BN_mod_word, const BIGNUM *a, a, BN_ULONG w, w, return static_cast<BN_ULONG>(-1), return)
258#ifndef OPENSSL_NO_EC
259DEFINEFUNC(const EC_GROUP*, EC_KEY_get0_group, const EC_KEY* k, k, return nullptr, return)
260DEFINEFUNC(int, EC_GROUP_get_degree, const EC_GROUP* g, g, return 0, return)
261#endif
262DEFINEFUNC(DSA *, DSA_new, DUMMYARG, DUMMYARG, return nullptr, return)
263DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG)
264DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, const unsigned char **b, b, long c, c, return nullptr, return)
265DEFINEFUNC2(char *, ERR_error_string, unsigned long a, a, char *b, b, return nullptr, return)
266DEFINEFUNC3(void, ERR_error_string_n, unsigned long e, e, char *b, b, size_t len, len, return, DUMMYARG)
267DEFINEFUNC(unsigned long, ERR_get_error, DUMMYARG, DUMMYARG, return 0, return)
268DEFINEFUNC(EVP_CIPHER_CTX *, EVP_CIPHER_CTX_new, void, DUMMYARG, return nullptr, return)
269DEFINEFUNC(void, EVP_CIPHER_CTX_free, EVP_CIPHER_CTX *a, a, return, DUMMYARG)
270DEFINEFUNC4(int, EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX *ctx, ctx, int type, type, int arg, arg, void *ptr, ptr, return 0, return)
271DEFINEFUNC2(int, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX *ctx, ctx, int keylen, keylen, return 0, return)
272DEFINEFUNC5(int, EVP_CipherInit, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *type, type, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return)
273DEFINEFUNC6(int, EVP_CipherInit_ex, EVP_CIPHER_CTX *ctx, ctx, const EVP_CIPHER *cipher, cipher, ENGINE *impl, impl, const unsigned char *key, key, const unsigned char *iv, iv, int enc, enc, return 0, return)
274DEFINEFUNC5(int, EVP_CipherUpdate, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, const unsigned char *in, in, int inl, inl, return 0, return)
275DEFINEFUNC3(int, EVP_CipherFinal, EVP_CIPHER_CTX *ctx, ctx, unsigned char *out, out, int *outl, outl, return 0, return)
276DEFINEFUNC(const EVP_MD *, EVP_get_digestbyname, const char *name, name, return nullptr, return)
277#ifndef OPENSSL_NO_DES
278DEFINEFUNC(const EVP_CIPHER *, EVP_des_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
279DEFINEFUNC(const EVP_CIPHER *, EVP_des_ede3_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
280#endif
281#ifndef OPENSSL_NO_RC2
282DEFINEFUNC(const EVP_CIPHER *, EVP_rc2_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
283#endif
284#ifndef OPENSSL_NO_AES
285DEFINEFUNC(const EVP_CIPHER *, EVP_aes_128_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
286DEFINEFUNC(const EVP_CIPHER *, EVP_aes_192_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
287DEFINEFUNC(const EVP_CIPHER *, EVP_aes_256_cbc, DUMMYARG, DUMMYARG, return nullptr, return)
288#endif
289DEFINEFUNC(const EVP_MD *, EVP_sha1, DUMMYARG, DUMMYARG, return nullptr, return)
290DEFINEFUNC3(int, EVP_PKEY_assign, EVP_PKEY *a, a, int b, b, char *c, c, return -1, return)
291DEFINEFUNC2(int, EVP_PKEY_set1_RSA, EVP_PKEY *a, a, RSA *b, b, return -1, return)
292DEFINEFUNC2(int, EVP_PKEY_set1_DSA, EVP_PKEY *a, a, DSA *b, b, return -1, return)
293DEFINEFUNC2(int, EVP_PKEY_set1_DH, EVP_PKEY *a, a, DH *b, b, return -1, return)
294#ifndef OPENSSL_NO_EC
295DEFINEFUNC2(int, EVP_PKEY_set1_EC_KEY, EVP_PKEY *a, a, EC_KEY *b, b, return -1, return)
296#endif
297DEFINEFUNC2(int, EVP_PKEY_cmp, const EVP_PKEY *a, a, const EVP_PKEY *b, b, return -1, return)
298DEFINEFUNC(void, EVP_PKEY_free, EVP_PKEY *a, a, return, DUMMYARG)
299DEFINEFUNC(DSA *, EVP_PKEY_get1_DSA, EVP_PKEY *a, a, return nullptr, return)
300DEFINEFUNC(RSA *, EVP_PKEY_get1_RSA, EVP_PKEY *a, a, return nullptr, return)
301DEFINEFUNC(DH *, EVP_PKEY_get1_DH, EVP_PKEY *a, a, return nullptr, return)
302#ifndef OPENSSL_NO_EC
303DEFINEFUNC(EC_KEY *, EVP_PKEY_get1_EC_KEY, EVP_PKEY *a, a, return nullptr, return)
304#endif
305DEFINEFUNC(EVP_PKEY *, EVP_PKEY_new, DUMMYARG, DUMMYARG, return nullptr, return)
306DEFINEFUNC(int, EVP_PKEY_type, int a, a, return NID_undef, return)
307DEFINEFUNC2(int, i2d_X509, X509 *a, a, unsigned char **b, b, return -1, return)
308DEFINEFUNC(const char *, OBJ_nid2sn, int a, a, return nullptr, return)
309DEFINEFUNC(const char *, OBJ_nid2ln, int a, a, return nullptr, return)
310DEFINEFUNC(int, OBJ_sn2nid, const char *s, s, return 0, return)
311DEFINEFUNC(int, OBJ_ln2nid, const char *s, s, return 0, return)
312DEFINEFUNC3(int, i2t_ASN1_OBJECT, char *a, a, int b, b, ASN1_OBJECT *c, c, return -1, return)
313DEFINEFUNC4(int, OBJ_obj2txt, char *a, a, int b, b, ASN1_OBJECT *c, c, int d, d, return -1, return)
314DEFINEFUNC(int, OBJ_obj2nid, const ASN1_OBJECT *a, a, return NID_undef, return)
315DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PrivateKey, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
316DEFINEFUNC4(DSA *, PEM_read_bio_DSAPrivateKey, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
317DEFINEFUNC4(RSA *, PEM_read_bio_RSAPrivateKey, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
318
319#ifndef OPENSSL_NO_EC
320DEFINEFUNC4(EC_KEY *, PEM_read_bio_ECPrivateKey, BIO *a, a, EC_KEY **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
321DEFINEFUNC7(int, PEM_write_bio_ECPrivateKey, BIO *a, a, EC_KEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return)
322DEFINEFUNC4(EC_KEY *, PEM_read_bio_EC_PUBKEY, BIO *a, a, EC_KEY **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
323DEFINEFUNC2(int, PEM_write_bio_EC_PUBKEY, BIO *a, a, EC_KEY *b, b, return 0, return)
324#endif // OPENSSL_NO_EC
325
326DEFINEFUNC4(DH *, PEM_read_bio_DHparams, BIO *a, a, DH **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
327DEFINEFUNC7(int, PEM_write_bio_DSAPrivateKey, BIO *a, a, DSA *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return)
328DEFINEFUNC7(int, PEM_write_bio_RSAPrivateKey, BIO *a, a, RSA *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return)
329DEFINEFUNC7(int, PEM_write_bio_PrivateKey, BIO *a, a, EVP_PKEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return)
330DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PUBKEY, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
331DEFINEFUNC4(DSA *, PEM_read_bio_DSA_PUBKEY, BIO *a, a, DSA **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
332DEFINEFUNC4(RSA *, PEM_read_bio_RSA_PUBKEY, BIO *a, a, RSA **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
333DEFINEFUNC2(int, PEM_write_bio_DSA_PUBKEY, BIO *a, a, DSA *b, b, return 0, return)
334DEFINEFUNC2(int, PEM_write_bio_RSA_PUBKEY, BIO *a, a, RSA *b, b, return 0, return)
335DEFINEFUNC2(int, PEM_write_bio_PUBKEY, BIO *a, a, EVP_PKEY *b, b, return 0, return)
336DEFINEFUNC2(void, RAND_seed, const void *a, a, int b, b, return, DUMMYARG)
337DEFINEFUNC(int, RAND_status, void, DUMMYARG, return -1, return)
338DEFINEFUNC2(int, RAND_bytes, unsigned char *b, b, int n, n, return 0, return)
339DEFINEFUNC(RSA *, RSA_new, DUMMYARG, DUMMYARG, return nullptr, return)
340DEFINEFUNC(void, RSA_free, RSA *a, a, return, DUMMYARG)
341DEFINEFUNC(int, SSL_accept, SSL *a, a, return -1, return)
342DEFINEFUNC(int, SSL_clear, SSL *a, a, return -1, return)
343DEFINEFUNC3(char *, SSL_CIPHER_description, const SSL_CIPHER *a, a, char *b, b, int c, c, return nullptr, return)
344DEFINEFUNC2(int, SSL_CIPHER_get_bits, const SSL_CIPHER *a, a, int *b, b, return 0, return)
345DEFINEFUNC(BIO *, SSL_get_rbio, const SSL *s, s, return nullptr, return)
346DEFINEFUNC(int, SSL_connect, SSL *a, a, return -1, return)
347DEFINEFUNC(int, SSL_CTX_check_private_key, const SSL_CTX *a, a, return -1, return)
348DEFINEFUNC4(long, SSL_CTX_ctrl, SSL_CTX *a, a, int b, b, long c, c, void *d, d, return -1, return)
349DEFINEFUNC(void, SSL_CTX_free, SSL_CTX *a, a, return, DUMMYARG)
350DEFINEFUNC(SSL_CTX *, SSL_CTX_new, const SSL_METHOD *a, a, return nullptr, return)
351DEFINEFUNC2(int, SSL_CTX_set_cipher_list, SSL_CTX *a, a, const char *b, b, return -1, return)
352DEFINEFUNC3(long, SSL_CTX_callback_ctrl, SSL_CTX *ctx, ctx, int dst, dst, GenericCallbackType cb, cb, return 0, return)
353DEFINEFUNC(int, SSL_CTX_set_default_verify_paths, SSL_CTX *a, a, return -1, return)
354DEFINEFUNC3(void, SSL_CTX_set_verify, SSL_CTX *a, a, int b, b, int (*c)(int, X509_STORE_CTX *), c, return, DUMMYARG)
355DEFINEFUNC2(void, SSL_CTX_set_verify_depth, SSL_CTX *a, a, int b, b, return, DUMMYARG)
356DEFINEFUNC2(int, SSL_CTX_use_certificate, SSL_CTX *a, a, X509 *b, b, return -1, return)
357DEFINEFUNC3(int, SSL_CTX_use_certificate_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
358DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a, EVP_PKEY *b, b, return -1, return)
359DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return)
360DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return)
361DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return)
362DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return);
363DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return);
364DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return);
365DEFINEFUNC2(unsigned int, SSL_CONF_CTX_set_flags, SSL_CONF_CTX *a, a, unsigned int b, b, return 0, return);
366DEFINEFUNC(int, SSL_CONF_CTX_finish, SSL_CONF_CTX *a, a, return 0, return);
367DEFINEFUNC3(int, SSL_CONF_cmd, SSL_CONF_CTX *a, a, const char *b, b, const char *c, c, return 0, return);
368DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG)
369DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return)
370DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return)
371DEFINEFUNC(int, SSL_version, const SSL *a, a, return 0, return)
372DEFINEFUNC2(int, SSL_get_error, SSL *a, a, int b, b, return -1, return)
373DEFINEFUNC(STACK_OF(X509) *, SSL_get_peer_cert_chain, SSL *a, a, return nullptr, return)
374DEFINEFUNC(X509 *, SSL_get_peer_certificate, SSL *a, a, return nullptr, return)
375DEFINEFUNC(long, SSL_get_verify_result, const SSL *a, a, return -1, return)
376DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return nullptr, return)
377DEFINEFUNC(SSL_CTX *, SSL_get_SSL_CTX, SSL *a, a, return nullptr, return)
378DEFINEFUNC4(long, SSL_ctrl, SSL *a, a, int cmd, cmd, long larg, larg, void *parg, parg, return -1, return)
379DEFINEFUNC3(int, SSL_read, SSL *a, a, void *b, b, int c, c, return -1, return)
380DEFINEFUNC3(void, SSL_set_bio, SSL *a, a, BIO *b, b, BIO *c, c, return, DUMMYARG)
381DEFINEFUNC(void, SSL_set_accept_state, SSL *a, a, return, DUMMYARG)
382DEFINEFUNC(void, SSL_set_connect_state, SSL *a, a, return, DUMMYARG)
383DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, return)
384DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return)
385DEFINEFUNC(int, SSL_get_shutdown, const SSL *ssl, ssl, return 0, return)
386DEFINEFUNC2(int, SSL_set_session, SSL* to, to, SSL_SESSION *session, session, return -1, return)
387DEFINEFUNC(void, SSL_SESSION_free, SSL_SESSION *ses, ses, return, DUMMYARG)
388DEFINEFUNC(SSL_SESSION*, SSL_get1_session, SSL *ssl, ssl, return nullptr, return)
389DEFINEFUNC(SSL_SESSION*, SSL_get_session, const SSL *ssl, ssl, return nullptr, return)
390DEFINEFUNC3(int, SSL_set_ex_data, SSL *ssl, ssl, int idx, idx, void *arg, arg, return 0, return)
391DEFINEFUNC2(void *, SSL_get_ex_data, const SSL *ssl, ssl, int idx, idx, return nullptr, return)
392
393#ifndef OPENSSL_NO_PSK
394DEFINEFUNC2(void, SSL_set_psk_client_callback, SSL* ssl, ssl, q_psk_client_callback_t callback, callback, return, DUMMYARG)
395DEFINEFUNC2(void, SSL_set_psk_server_callback, SSL* ssl, ssl, q_psk_server_callback_t callback, callback, return, DUMMYARG)
396DEFINEFUNC2(int, SSL_CTX_use_psk_identity_hint, SSL_CTX* ctx, ctx, const char *hint, hint, return 0, return)
397#endif // !OPENSSL_NO_PSK
398
399DEFINEFUNC3(int, SSL_write, SSL *a, a, const void *b, b, int c, c, return -1, return)
400DEFINEFUNC2(int, X509_cmp, X509 *a, a, X509 *b, b, return -1, return)
401DEFINEFUNC4(int, X509_digest, const X509 *x509, x509, const EVP_MD *type, type, unsigned char *md, md, unsigned int *len, len, return -1, return)
402DEFINEFUNC(X509 *, X509_dup, X509 *a, a, return nullptr, return)
403DEFINEFUNC2(void, X509_print, BIO *a, a, X509 *b, b, return, DUMMYARG);
404DEFINEFUNC(ASN1_OBJECT *, X509_EXTENSION_get_object, X509_EXTENSION *a, a, return nullptr, return)
405DEFINEFUNC(void, X509_free, X509 *a, a, return, DUMMYARG)
406//Q_AUTOTEST_EXPORT ASN1_TIME *q_X509_gmtime_adj(ASN1_TIME *s, long adj);
407DEFINEFUNC2(ASN1_TIME *, X509_gmtime_adj, ASN1_TIME *s, s, long adj, adj, return nullptr, return)
408DEFINEFUNC(void, ASN1_TIME_free, ASN1_TIME *t, t, return, DUMMYARG)
409DEFINEFUNC2(X509_EXTENSION *, X509_get_ext, X509 *a, a, int b, b, return nullptr, return)
410DEFINEFUNC(int, X509_get_ext_count, X509 *a, a, return 0, return)
411DEFINEFUNC4(void *, X509_get_ext_d2i, X509 *a, a, int b, b, int *c, c, int *d, d, return nullptr, return)
412DEFINEFUNC(const X509V3_EXT_METHOD *, X509V3_EXT_get, X509_EXTENSION *a, a, return nullptr, return)
413DEFINEFUNC(void *, X509V3_EXT_d2i, X509_EXTENSION *a, a, return nullptr, return)
414DEFINEFUNC(int, X509_EXTENSION_get_critical, X509_EXTENSION *a, a, return 0, return)
415DEFINEFUNC(ASN1_OCTET_STRING *, X509_EXTENSION_get_data, X509_EXTENSION *a, a, return nullptr, return)
416DEFINEFUNC(void, BASIC_CONSTRAINTS_free, BASIC_CONSTRAINTS *a, a, return, DUMMYARG)
417DEFINEFUNC(void, AUTHORITY_KEYID_free, AUTHORITY_KEYID *a, a, return, DUMMYARG)
418DEFINEFUNC(void, GENERAL_NAME_free, GENERAL_NAME *a, a, return, DUMMYARG)
419DEFINEFUNC2(int, ASN1_STRING_print, BIO *a, a, const ASN1_STRING *b, b, return 0, return)
420DEFINEFUNC2(int, X509_check_issued, X509 *a, a, X509 *b, b, return -1, return)
421DEFINEFUNC(X509_NAME *, X509_get_issuer_name, X509 *a, a, return nullptr, return)
422DEFINEFUNC(X509_NAME *, X509_get_subject_name, X509 *a, a, return nullptr, return)
423DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *a, a, return nullptr, return)
424DEFINEFUNC(int, X509_verify_cert, X509_STORE_CTX *a, a, return -1, return)
425DEFINEFUNC(int, X509_NAME_entry_count, X509_NAME *a, a, return 0, return)
426DEFINEFUNC2(X509_NAME_ENTRY *, X509_NAME_get_entry, X509_NAME *a, a, int b, b, return nullptr, return)
427DEFINEFUNC(ASN1_STRING *, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY *a, a, return nullptr, return)
428DEFINEFUNC(ASN1_OBJECT *, X509_NAME_ENTRY_get_object, X509_NAME_ENTRY *a, a, return nullptr, return)
429DEFINEFUNC(EVP_PKEY *, X509_PUBKEY_get, X509_PUBKEY *a, a, return nullptr, return)
430DEFINEFUNC(void, X509_STORE_free, X509_STORE *a, a, return, DUMMYARG)
431DEFINEFUNC(X509_STORE *, X509_STORE_new, DUMMYARG, DUMMYARG, return nullptr, return)
432DEFINEFUNC2(int, X509_STORE_add_cert, X509_STORE *a, a, X509 *b, b, return 0, return)
433DEFINEFUNC(void, X509_STORE_CTX_free, X509_STORE_CTX *a, a, return, DUMMYARG)
434DEFINEFUNC4(int, X509_STORE_CTX_init, X509_STORE_CTX *a, a, X509_STORE *b, b, X509 *c, c, STACK_OF(X509) *d, d, return -1, return)
435DEFINEFUNC2(int, X509_STORE_CTX_set_purpose, X509_STORE_CTX *a, a, int b, b, return -1, return)
436DEFINEFUNC(int, X509_STORE_CTX_get_error, X509_STORE_CTX *a, a, return -1, return)
437DEFINEFUNC(int, X509_STORE_CTX_get_error_depth, X509_STORE_CTX *a, a, return -1, return)
438DEFINEFUNC(X509 *, X509_STORE_CTX_get_current_cert, X509_STORE_CTX *a, a, return nullptr, return)
439DEFINEFUNC(X509_STORE *, X509_STORE_CTX_get0_store, X509_STORE_CTX *ctx, ctx, return nullptr, return)
440DEFINEFUNC(X509_STORE_CTX *, X509_STORE_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return)
441DEFINEFUNC2(void *, X509_STORE_CTX_get_ex_data, X509_STORE_CTX *ctx, ctx, int idx, idx, return nullptr, return)
442DEFINEFUNC(int, SSL_get_ex_data_X509_STORE_CTX_idx, DUMMYARG, DUMMYARG, return -1, return)
443
444#if OPENSSL_VERSION_MAJOR < 3
445DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return)
446#else
447DEFINEFUNC2(int, SSL_CTX_load_verify_dir, SSL_CTX *ctx, ctx, const char *CApath, CApath, return 0, return)
448#endif // OPENSSL_VERSION_MAJOR
449
450DEFINEFUNC2(int, i2d_SSL_SESSION, SSL_SESSION *in, in, unsigned char **pp, pp, return 0, return)
451DEFINEFUNC3(SSL_SESSION *, d2i_SSL_SESSION, SSL_SESSION **a, a, const unsigned char **pp, pp, long length, length, return nullptr, return)
452
453#ifndef OPENSSL_NO_NEXTPROTONEG
454DEFINEFUNC6(int, SSL_select_next_proto, unsigned char **out, out, unsigned char *outlen, outlen,
455 const unsigned char *in, in, unsigned int inlen, inlen,
456 const unsigned char *client, client, unsigned int client_len, client_len,
457 return -1, return)
458DEFINEFUNC3(void, SSL_CTX_set_next_proto_select_cb, SSL_CTX *s, s,
459 int (*cb) (SSL *ssl, unsigned char **out,
460 unsigned char *outlen,
461 const unsigned char *in,
462 unsigned int inlen, void *arg), cb,
463 void *arg, arg, return, DUMMYARG)
464DEFINEFUNC3(void, SSL_get0_next_proto_negotiated, const SSL *s, s,
465 const unsigned char **data, data, unsigned *len, len, return, DUMMYARG)
466DEFINEFUNC3(int, SSL_set_alpn_protos, SSL *s, s, const unsigned char *protos, protos,
467 unsigned protos_len, protos_len, return -1, return)
468DEFINEFUNC3(void, SSL_CTX_set_alpn_select_cb, SSL_CTX *s, s,
469 int (*cb) (SSL *ssl, const unsigned char **out,
470 unsigned char *outlen,
471 const unsigned char *in,
472 unsigned int inlen, void *arg), cb,
473 void *arg, arg, return, DUMMYARG)
474DEFINEFUNC3(void, SSL_get0_alpn_selected, const SSL *s, s, const unsigned char **data, data,
475 unsigned *len, len, return, DUMMYARG)
476#endif // !OPENSSL_NO_NEXTPROTONEG
477
478// DTLS:
479#if QT_CONFIG(dtls)
480DEFINEFUNC2(void, SSL_CTX_set_cookie_generate_cb, SSL_CTX *ctx, ctx, CookieGenerateCallback cb, cb, return, DUMMYARG)
481DEFINEFUNC2(void, SSL_CTX_set_cookie_verify_cb, SSL_CTX *ctx, ctx, CookieVerifyCallback cb, cb, return, DUMMYARG)
482DEFINEFUNC(const SSL_METHOD *, DTLS_server_method, DUMMYARG, DUMMYARG, return nullptr, return)
483DEFINEFUNC(const SSL_METHOD *, DTLS_client_method, DUMMYARG, DUMMYARG, return nullptr, return)
484#endif // dtls
485DEFINEFUNC2(void, BIO_set_flags, BIO *b, b, int flags, flags, return, DUMMYARG)
486DEFINEFUNC2(void, BIO_clear_flags, BIO *b, b, int flags, flags, return, DUMMYARG)
487DEFINEFUNC2(void *, BIO_get_ex_data, BIO *b, b, int idx, idx, return nullptr, return)
488DEFINEFUNC3(int, BIO_set_ex_data, BIO *b, b, int idx, idx, void *data, data, return -1, return)
489
490DEFINEFUNC3(void *, CRYPTO_malloc, size_t num, num, const char *file, file, int line, line, return nullptr, return)
491DEFINEFUNC(DH *, DH_new, DUMMYARG, DUMMYARG, return nullptr, return)
492DEFINEFUNC(void, DH_free, DH *dh, dh, return, DUMMYARG)
493DEFINEFUNC3(DH *, d2i_DHparams, DH**a, a, const unsigned char **pp, pp, long length, length, return nullptr, return)
494DEFINEFUNC2(int, i2d_DHparams, DH *a, a, unsigned char **p, p, return -1, return)
495#ifndef OPENSSL_NO_DEPRECATED_3_0
496DEFINEFUNC2(int, DH_check, DH *dh, dh, int *codes, codes, return 0, return)
497#endif // OPENSSL_NO_DEPRECATED_3_0
498DEFINEFUNC3(BIGNUM *, BN_bin2bn, const unsigned char *s, s, int len, len, BIGNUM *ret, ret, return nullptr, return)
499
500#ifndef OPENSSL_NO_EC
501DEFINEFUNC(EC_KEY *, EC_KEY_dup, const EC_KEY *ec, ec, return nullptr, return)
502DEFINEFUNC(EC_KEY *, EC_KEY_new_by_curve_name, int nid, nid, return nullptr, return)
503DEFINEFUNC(void, EC_KEY_free, EC_KEY *ecdh, ecdh, return, DUMMYARG)
504DEFINEFUNC2(size_t, EC_get_builtin_curves, EC_builtin_curve * r, r, size_t nitems, nitems, return 0, return)
505DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return)
506#endif // OPENSSL_NO_EC
507
508DEFINEFUNC5(int, PKCS12_parse, PKCS12 *p12, p12, const char *pass, pass, EVP_PKEY **pkey, pkey, \
509 X509 **cert, cert, STACK_OF(X509) **ca, ca, return 1, return);
510DEFINEFUNC2(PKCS12 *, d2i_PKCS12_bio, BIO *bio, bio, PKCS12 **pkcs12, pkcs12, return nullptr, return);
511DEFINEFUNC(void, PKCS12_free, PKCS12 *pkcs12, pkcs12, return, DUMMYARG)
512
513#define RESOLVEFUNC(func) \
514 if (!(_q_##func = _q_PTR_##func(libs.ssl->resolve(#func))) \
515 && !(_q_##func = _q_PTR_##func(libs.crypto->resolve(#func)))) \
516 qsslSocketCannotResolveSymbolWarning(#func);
517
518#if !defined QT_LINKED_OPENSSL
519
520#if !QT_CONFIG(library)
521bool q_resolveOpenSslSymbols()
522{
523 qCWarning(lcSsl, "QSslSocket: unable to resolve symbols. Qt is configured without the "
524 "'library' feature, which means runtime resolving of libraries won't work.");
525 qCWarning(lcSsl, "Either compile Qt statically or with support for runtime resolving "
526 "of libraries.");
527 return false;
528}
529#else
530
531# ifdef Q_OS_UNIX
532struct NumericallyLess
533{
534 typedef bool result_type;
535 result_type operator()(const QStringRef &lhs, const QStringRef &rhs) const
536 {
537 bool ok = false;
538 int b = 0;
539 int a = lhs.toInt(ok: &ok);
540 if (ok)
541 b = rhs.toInt(ok: &ok);
542 if (ok) {
543 // both toInt succeeded
544 return a < b;
545 } else {
546 // compare as strings;
547 return lhs < rhs;
548 }
549 }
550};
551
552struct LibGreaterThan
553{
554 typedef bool result_type;
555 result_type operator()(const QString &lhs, const QString &rhs) const
556 {
557 const QVector<QStringRef> lhsparts = lhs.splitRef(sep: QLatin1Char('.'));
558 const QVector<QStringRef> rhsparts = rhs.splitRef(sep: QLatin1Char('.'));
559 Q_ASSERT(lhsparts.count() > 1 && rhsparts.count() > 1);
560
561 // note: checking rhs < lhs, the same as lhs > rhs
562 return std::lexicographical_compare(first1: rhsparts.begin() + 1, last1: rhsparts.end(),
563 first2: lhsparts.begin() + 1, last2: lhsparts.end(),
564 comp: NumericallyLess());
565 }
566};
567
568#if defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)
569static int dlIterateCallback(struct dl_phdr_info *info, size_t size, void *data)
570{
571 if (size < sizeof (info->dlpi_addr) + sizeof (info->dlpi_name))
572 return 1;
573 QSet<QString> *paths = (QSet<QString> *)data;
574 QString path = QString::fromLocal8Bit(str: info->dlpi_name);
575 if (!path.isEmpty()) {
576 QFileInfo fi(path);
577 path = fi.absolutePath();
578 if (!path.isEmpty())
579 paths->insert(value: path);
580 }
581 return 0;
582}
583#endif
584
585static QStringList libraryPathList()
586{
587 QStringList paths;
588# ifdef Q_OS_DARWIN
589 paths = QString::fromLatin1(qgetenv("DYLD_LIBRARY_PATH"))
590 .split(QLatin1Char(':'), Qt::SkipEmptyParts);
591
592 // search in .app/Contents/Frameworks
593 UInt32 packageType;
594 CFBundleGetPackageInfo(CFBundleGetMainBundle(), &packageType, nullptr);
595 if (packageType == FOUR_CHAR_CODE('APPL')) {
596 QUrl bundleUrl = QUrl::fromCFURL(QCFType<CFURLRef>(CFBundleCopyBundleURL(CFBundleGetMainBundle())));
597 QUrl frameworksUrl = QUrl::fromCFURL(QCFType<CFURLRef>(CFBundleCopyPrivateFrameworksURL(CFBundleGetMainBundle())));
598 paths << bundleUrl.resolved(frameworksUrl).path();
599 }
600# else
601 paths = QString::fromLatin1(str: qgetenv(varName: "LD_LIBRARY_PATH"))
602 .split(sep: QLatin1Char(':'), behavior: Qt::SkipEmptyParts);
603# endif
604 paths << QLatin1String("/lib") << QLatin1String("/usr/lib") << QLatin1String("/usr/local/lib");
605 paths << QLatin1String("/lib64") << QLatin1String("/usr/lib64") << QLatin1String("/usr/local/lib64");
606 paths << QLatin1String("/lib32") << QLatin1String("/usr/lib32") << QLatin1String("/usr/local/lib32");
607
608#if defined(Q_OS_ANDROID)
609 paths << QLatin1String("/system/lib");
610#elif defined(Q_OS_LINUX)
611 // discover paths of already loaded libraries
612 QSet<QString> loadedPaths;
613 dl_iterate_phdr(callback: dlIterateCallback, data: &loadedPaths);
614 paths.append(t: loadedPaths.values());
615#endif
616
617 return paths;
618}
619
620Q_NEVER_INLINE
621static QStringList findAllLibs(QLatin1String filter)
622{
623 const QStringList paths = libraryPathList();
624 QStringList found;
625 const QStringList filters((QString(filter)));
626
627 for (const QString &path : paths) {
628 QDir dir(path);
629 QStringList entryList = dir.entryList(nameFilters: filters, filters: QDir::Files);
630
631 std::sort(first: entryList.begin(), last: entryList.end(), comp: LibGreaterThan());
632 for (const QString &entry : qAsConst(t&: entryList))
633 found << path + QLatin1Char('/') + entry;
634 }
635
636 return found;
637}
638
639static QStringList findAllLibSsl()
640{
641 return findAllLibs(filter: QLatin1String("libssl.*"));
642}
643
644static QStringList findAllLibCrypto()
645{
646 return findAllLibs(filter: QLatin1String("libcrypto.*"));
647}
648# endif
649
650#ifdef Q_OS_WIN
651
652struct LoadedOpenSsl {
653 std::unique_ptr<QSystemLibrary> ssl, crypto;
654};
655
656static bool tryToLoadOpenSslWin32Library(QLatin1String ssleay32LibName, QLatin1String libeay32LibName, LoadedOpenSsl &result)
657{
658 auto ssleay32 = qt_make_unique<QSystemLibrary>(ssleay32LibName);
659 if (!ssleay32->load(false)) {
660 return FALSE;
661 }
662
663 auto libeay32 = qt_make_unique<QSystemLibrary>(libeay32LibName);
664 if (!libeay32->load(false)) {
665 return FALSE;
666 }
667
668 result.ssl = std::move(ssleay32);
669 result.crypto = std::move(libeay32);
670 return TRUE;
671}
672
673static LoadedOpenSsl loadOpenSsl()
674{
675 LoadedOpenSsl result;
676
677 // With OpenSSL 1.1 the names have changed to libssl-1_1 and libcrypto-1_1 for builds using
678 // MSVC and GCC. For 3.0 the version suffix changed again, to just '3'.
679 // For non-x86 builds, an architecture suffix is also appended.
680
681#if (OPENSSL_VERSION_NUMBER >> 28) < 3
682#define QT_OPENSSL_VERSION "1_1"
683#elif OPENSSL_VERSION_MAJOR == 3 // Starting with 3.0 this define is available
684#define QT_OPENSSL_VERSION "3"
685#endif // > 3 intentionally left undefined
686
687#if defined(Q_PROCESSOR_X86_64)
688#define QT_SSL_SUFFIX "-x64"
689#elif defined(Q_PROCESSOR_ARM_64)
690#define QT_SSL_SUFFIX "-arm64"
691#elif defined(Q_PROCESSOR_ARM_32)
692#define QT_SSL_SUFFIX "-arm"
693#else
694#define QT_SSL_SUFFIX
695#endif
696
697 tryToLoadOpenSslWin32Library(QLatin1String("libssl-" QT_OPENSSL_VERSION QT_SSL_SUFFIX),
698 QLatin1String("libcrypto-" QT_OPENSSL_VERSION QT_SSL_SUFFIX), result);
699
700#undef QT_SSL_SUFFIX
701 return result;
702}
703#else
704
705struct LoadedOpenSsl {
706 std::unique_ptr<QLibrary> ssl, crypto;
707};
708
709static LoadedOpenSsl loadOpenSsl()
710{
711 LoadedOpenSsl result = {.ssl: qt_make_unique<QLibrary>(), .crypto: qt_make_unique<QLibrary>()};
712
713# if defined(Q_OS_UNIX)
714 QLibrary * const libssl = result.ssl.get();
715 QLibrary * const libcrypto = result.crypto.get();
716
717 // Try to find the libssl library on the system.
718 //
719 // Up until Qt 4.3, this only searched for the "ssl" library at version -1, that
720 // is, libssl.so on most Unix systems. However, the .so file isn't present in
721 // user installations because it's considered a development file.
722 //
723 // The right thing to do is to load the library at the major version we know how
724 // to work with: the SHLIB_VERSION_NUMBER version (macro defined in opensslv.h)
725 //
726 // However, OpenSSL is a well-known case of binary-compatibility breakage. To
727 // avoid such problems, many system integrators and Linux distributions change
728 // the soname of the binary, letting the full version number be the soname. So
729 // we'll find libssl.so.0.9.7, libssl.so.0.9.8, etc. in the system. For that
730 // reason, we will search a few common paths (see findAllLibSsl() above) in hopes
731 // we find one that works.
732 //
733 // If that fails, for OpenSSL 1.0 we also try some fallbacks -- look up
734 // libssl.so with a hardcoded soname. The reason is QTBUG-68156: the binary
735 // builds of Qt happen (at the time of this writing) on RHEL machines,
736 // which change SHLIB_VERSION_NUMBER to a non-portable string. When running
737 // those binaries on the target systems, this code won't pick up
738 // libssl.so.MODIFIED_SHLIB_VERSION_NUMBER because it doesn't exist there.
739 // Given that the only 1.0 supported release (at the time of this writing)
740 // is 1.0.2, with soname "1.0.0", give that a try too. Note that we mandate
741 // OpenSSL >= 1.0.0 with a configure-time check, and OpenSSL has kept binary
742 // compatibility between 1.0.0 and 1.0.2.
743 //
744 // It is important, however, to try the canonical name and the unversioned name
745 // without going through the loop. By not specifying a path, we let the system
746 // dlopen(3) function determine it for us. This will include any DT_RUNPATH or
747 // DT_RPATH tags on our library header as well as other system-specific search
748 // paths. See the man page for dlopen(3) on your system for more information.
749
750#ifdef Q_OS_OPENBSD
751 libcrypto->setLoadHints(QLibrary::ExportExternalSymbolsHint);
752#endif
753#if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so
754 // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER>
755 libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER));
756 libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER));
757 if (libcrypto->load() && libssl->load()) {
758 // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found
759 return result;
760 } else {
761 libssl->unload();
762 libcrypto->unload();
763 }
764#endif
765
766#ifndef Q_OS_DARWIN
767 // second attempt: find the development files libssl.so and libcrypto.so
768 //
769 // disabled on macOS/iOS:
770 // macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third
771 // attempt, _after_ <bundle>/Contents/Frameworks has been searched.
772 // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place.
773# if defined(Q_OS_ANDROID)
774 // OpenSSL 1.1.x must be suffixed otherwise it will use the system libcrypto.so libssl.so which on API-21 are OpenSSL 1.0 not 1.1
775 auto openSSLSuffix = [](const QByteArray &defaultSuffix = {}) {
776 auto suffix = qgetenv("ANDROID_OPENSSL_SUFFIX");
777 if (suffix.isEmpty())
778 return defaultSuffix;
779 return suffix;
780 };
781
782 static QString suffix = QString::fromLatin1(openSSLSuffix("_1_1"));
783
784 libssl->setFileNameAndVersion(QLatin1String("ssl") + suffix, -1);
785 libcrypto->setFileNameAndVersion(QLatin1String("crypto") + suffix, -1);
786# else
787 libssl->setFileNameAndVersion(fileName: QLatin1String("ssl"), verNum: -1);
788 libcrypto->setFileNameAndVersion(fileName: QLatin1String("crypto"), verNum: -1);
789# endif
790 if (libcrypto->load() && libssl->load()) {
791 // libssl.so.0 and libcrypto.so.0 found
792 return result;
793 } else {
794 libssl->unload();
795 libcrypto->unload();
796 }
797#endif
798
799 // third attempt: loop on the most common library paths and find libssl
800 const QStringList sslList = findAllLibSsl();
801 const QStringList cryptoList = findAllLibCrypto();
802
803 for (const QString &crypto : cryptoList) {
804#ifdef Q_OS_DARWIN
805 // Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI
806 if (crypto.endsWith("libcrypto.dylib"))
807 continue;
808#endif
809 libcrypto->setFileNameAndVersion(fileName: crypto, verNum: -1);
810 if (libcrypto->load()) {
811 QFileInfo fi(crypto);
812 QString version = fi.completeSuffix();
813
814 for (const QString &ssl : sslList) {
815 if (!ssl.endsWith(s: version))
816 continue;
817
818 libssl->setFileNameAndVersion(fileName: ssl, verNum: -1);
819
820 if (libssl->load()) {
821 // libssl.so.x and libcrypto.so.x found
822 return result;
823 } else {
824 libssl->unload();
825 }
826 }
827 }
828 libcrypto->unload();
829 }
830
831 // failed to load anything
832 result = {};
833 return result;
834
835# else
836 // not implemented for this platform yet
837 return result;
838# endif
839}
840#endif
841
842static QBasicMutex symbolResolveMutex;
843static QBasicAtomicInt symbolsResolved = Q_BASIC_ATOMIC_INITIALIZER(false);
844static bool triedToResolveSymbols = false;
845
846bool q_resolveOpenSslSymbols()
847{
848 if (symbolsResolved.loadAcquire())
849 return true;
850 QMutexLocker locker(&symbolResolveMutex);
851 if (symbolsResolved.loadRelaxed())
852 return true;
853 if (triedToResolveSymbols)
854 return false;
855 triedToResolveSymbols = true;
856
857 LoadedOpenSsl libs = loadOpenSsl();
858 if (!libs.ssl || !libs.crypto)
859 // failed to load them
860 return false;
861
862 RESOLVEFUNC(OPENSSL_init_ssl)
863 RESOLVEFUNC(OPENSSL_init_crypto)
864 RESOLVEFUNC(ASN1_STRING_get0_data)
865 RESOLVEFUNC(EVP_CIPHER_CTX_reset)
866 RESOLVEFUNC(AUTHORITY_INFO_ACCESS_free)
867 RESOLVEFUNC(EVP_PKEY_up_ref)
868 RESOLVEFUNC(EVP_PKEY_CTX_new)
869 RESOLVEFUNC(EVP_PKEY_param_check)
870 RESOLVEFUNC(EVP_PKEY_CTX_free)
871 RESOLVEFUNC(EVP_PKEY_base_id)
872 RESOLVEFUNC(RSA_bits)
873 RESOLVEFUNC(OPENSSL_sk_new_null)
874 RESOLVEFUNC(OPENSSL_sk_push)
875 RESOLVEFUNC(OPENSSL_sk_free)
876 RESOLVEFUNC(OPENSSL_sk_num)
877 RESOLVEFUNC(OPENSSL_sk_pop_free)
878 RESOLVEFUNC(OPENSSL_sk_value)
879 RESOLVEFUNC(DH_get0_pqg)
880 RESOLVEFUNC(SSL_CTX_set_options)
881 RESOLVEFUNC(SSL_CTX_get_security_level)
882 RESOLVEFUNC(SSL_CTX_set_security_level)
883#ifdef TLS1_3_VERSION
884 RESOLVEFUNC(SSL_CTX_set_ciphersuites)
885 RESOLVEFUNC(SSL_set_psk_use_session_callback)
886 RESOLVEFUNC(SSL_CTX_sess_set_new_cb)
887 RESOLVEFUNC(SSL_SESSION_is_resumable)
888#endif // TLS 1.3 or OpenSSL > 1.1.1
889
890 RESOLVEFUNC(SSL_get_client_random)
891 RESOLVEFUNC(SSL_SESSION_get_master_key)
892 RESOLVEFUNC(SSL_session_reused)
893 RESOLVEFUNC(SSL_get_session)
894 RESOLVEFUNC(SSL_set_options)
895 RESOLVEFUNC(CRYPTO_get_ex_new_index)
896 RESOLVEFUNC(TLS_method)
897 RESOLVEFUNC(TLS_client_method)
898 RESOLVEFUNC(TLS_server_method)
899 RESOLVEFUNC(X509_up_ref)
900 RESOLVEFUNC(X509_STORE_CTX_get0_chain)
901 RESOLVEFUNC(X509_getm_notBefore)
902 RESOLVEFUNC(X509_getm_notAfter)
903 RESOLVEFUNC(ASN1_item_free)
904 RESOLVEFUNC(X509V3_conf_free)
905 RESOLVEFUNC(X509_get_version)
906 RESOLVEFUNC(X509_get_pubkey)
907 RESOLVEFUNC(X509_STORE_set_verify_cb)
908 RESOLVEFUNC(X509_STORE_set_ex_data)
909 RESOLVEFUNC(X509_STORE_get_ex_data)
910 RESOLVEFUNC(CRYPTO_free)
911 RESOLVEFUNC(OpenSSL_version_num)
912 RESOLVEFUNC(OpenSSL_version)
913
914 if (!_q_OpenSSL_version || !_q_OpenSSL_version_num) {
915 // Apparently, we were built with OpenSSL 1.1 enabled but are now using
916 // a wrong library.
917 qCWarning(lcSsl, "Incompatible version of OpenSSL");
918 return false;
919 }
920
921#if OPENSSL_VERSION_NUMBER >= 0x30000000
922 if (q_OpenSSL_version_num() < 0x30000000) {
923 qCWarning(lcSsl, "Incompatible version of OpenSSL (built with OpenSSL >= 3.x, runtime version is < 3.x)");
924 return false;
925 }
926#else
927 if (q_OpenSSL_version_num() >= 0x30000000) {
928 qCWarning(lcSsl, "Incompatible version of OpenSSL (built with OpenSSL 1.x, runtime version is >= 3.x)");
929 return false;
930 }
931#endif // OPENSSL_VERSION_NUMBER
932
933 RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint)
934 RESOLVEFUNC(DH_bits)
935 RESOLVEFUNC(DSA_bits)
936
937#if QT_CONFIG(dtls)
938 RESOLVEFUNC(DTLSv1_listen)
939 RESOLVEFUNC(BIO_ADDR_new)
940 RESOLVEFUNC(BIO_ADDR_free)
941 RESOLVEFUNC(BIO_meth_new)
942 RESOLVEFUNC(BIO_meth_free)
943 RESOLVEFUNC(BIO_meth_set_write)
944 RESOLVEFUNC(BIO_meth_set_read)
945 RESOLVEFUNC(BIO_meth_set_puts)
946 RESOLVEFUNC(BIO_meth_set_ctrl)
947 RESOLVEFUNC(BIO_meth_set_create)
948 RESOLVEFUNC(BIO_meth_set_destroy)
949#endif // dtls
950
951#if QT_CONFIG(ocsp)
952 RESOLVEFUNC(OCSP_SINGLERESP_get0_id)
953 RESOLVEFUNC(d2i_OCSP_RESPONSE)
954 RESOLVEFUNC(OCSP_RESPONSE_free)
955 RESOLVEFUNC(OCSP_response_status)
956 RESOLVEFUNC(OCSP_response_get1_basic)
957 RESOLVEFUNC(OCSP_BASICRESP_free)
958 RESOLVEFUNC(OCSP_basic_verify)
959 RESOLVEFUNC(OCSP_resp_count)
960 RESOLVEFUNC(OCSP_resp_get0)
961 RESOLVEFUNC(OCSP_single_get0_status)
962 RESOLVEFUNC(OCSP_check_validity)
963 RESOLVEFUNC(OCSP_cert_to_id)
964 RESOLVEFUNC(OCSP_id_get0_info)
965 RESOLVEFUNC(OCSP_resp_get0_certs)
966 RESOLVEFUNC(OCSP_basic_sign)
967 RESOLVEFUNC(OCSP_response_create)
968 RESOLVEFUNC(i2d_OCSP_RESPONSE)
969 RESOLVEFUNC(OCSP_basic_add1_status)
970 RESOLVEFUNC(OCSP_BASICRESP_new)
971 RESOLVEFUNC(OCSP_CERTID_free)
972 RESOLVEFUNC(OCSP_cert_to_id)
973 RESOLVEFUNC(OCSP_id_cmp)
974#endif // ocsp
975
976 RESOLVEFUNC(BIO_set_data)
977 RESOLVEFUNC(BIO_get_data)
978 RESOLVEFUNC(BIO_set_init)
979 RESOLVEFUNC(BIO_get_shutdown)
980 RESOLVEFUNC(BIO_set_shutdown)
981 RESOLVEFUNC(ASN1_INTEGER_get)
982 RESOLVEFUNC(ASN1_INTEGER_cmp)
983 RESOLVEFUNC(ASN1_STRING_length)
984 RESOLVEFUNC(ASN1_STRING_to_UTF8)
985 RESOLVEFUNC(BIO_ctrl)
986 RESOLVEFUNC(BIO_free)
987 RESOLVEFUNC(BIO_new)
988 RESOLVEFUNC(BIO_new_mem_buf)
989 RESOLVEFUNC(BIO_read)
990 RESOLVEFUNC(BIO_s_mem)
991 RESOLVEFUNC(BIO_write)
992 RESOLVEFUNC(BIO_set_flags)
993 RESOLVEFUNC(BIO_clear_flags)
994 RESOLVEFUNC(BIO_set_ex_data)
995 RESOLVEFUNC(BIO_get_ex_data)
996
997#ifndef OPENSSL_NO_EC
998 RESOLVEFUNC(EC_KEY_get0_group)
999 RESOLVEFUNC(EC_GROUP_get_degree)
1000#endif
1001 RESOLVEFUNC(BN_num_bits)
1002 RESOLVEFUNC(BN_is_word)
1003 RESOLVEFUNC(BN_mod_word)
1004 RESOLVEFUNC(DSA_new)
1005 RESOLVEFUNC(DSA_free)
1006 RESOLVEFUNC(ERR_error_string)
1007 RESOLVEFUNC(ERR_error_string_n)
1008 RESOLVEFUNC(ERR_get_error)
1009 RESOLVEFUNC(EVP_CIPHER_CTX_new)
1010 RESOLVEFUNC(EVP_CIPHER_CTX_free)
1011 RESOLVEFUNC(EVP_CIPHER_CTX_ctrl)
1012 RESOLVEFUNC(EVP_CIPHER_CTX_set_key_length)
1013 RESOLVEFUNC(EVP_CipherInit)
1014 RESOLVEFUNC(EVP_CipherInit_ex)
1015 RESOLVEFUNC(EVP_CipherUpdate)
1016 RESOLVEFUNC(EVP_CipherFinal)
1017 RESOLVEFUNC(EVP_get_digestbyname)
1018#ifndef OPENSSL_NO_DES
1019 RESOLVEFUNC(EVP_des_cbc)
1020 RESOLVEFUNC(EVP_des_ede3_cbc)
1021#endif
1022#ifndef OPENSSL_NO_RC2
1023 RESOLVEFUNC(EVP_rc2_cbc)
1024#endif
1025#ifndef OPENSSL_NO_AES
1026 RESOLVEFUNC(EVP_aes_128_cbc)
1027 RESOLVEFUNC(EVP_aes_192_cbc)
1028 RESOLVEFUNC(EVP_aes_256_cbc)
1029#endif
1030 RESOLVEFUNC(EVP_sha1)
1031 RESOLVEFUNC(EVP_PKEY_assign)
1032 RESOLVEFUNC(EVP_PKEY_set1_RSA)
1033 RESOLVEFUNC(EVP_PKEY_set1_DSA)
1034 RESOLVEFUNC(EVP_PKEY_set1_DH)
1035
1036#ifndef OPENSSL_NO_EC
1037 RESOLVEFUNC(EVP_PKEY_set1_EC_KEY)
1038 RESOLVEFUNC(EVP_PKEY_get1_EC_KEY)
1039 RESOLVEFUNC(PEM_read_bio_ECPrivateKey)
1040 RESOLVEFUNC(PEM_write_bio_ECPrivateKey)
1041 RESOLVEFUNC(PEM_read_bio_EC_PUBKEY)
1042 RESOLVEFUNC(PEM_write_bio_EC_PUBKEY)
1043#endif // OPENSSL_NO_EC
1044
1045 RESOLVEFUNC(EVP_PKEY_cmp)
1046 RESOLVEFUNC(EVP_PKEY_free)
1047 RESOLVEFUNC(EVP_PKEY_get1_DSA)
1048 RESOLVEFUNC(EVP_PKEY_get1_RSA)
1049 RESOLVEFUNC(EVP_PKEY_get1_DH)
1050 RESOLVEFUNC(EVP_PKEY_new)
1051 RESOLVEFUNC(EVP_PKEY_type)
1052 RESOLVEFUNC(OBJ_nid2sn)
1053 RESOLVEFUNC(OBJ_nid2ln)
1054 RESOLVEFUNC(OBJ_sn2nid)
1055 RESOLVEFUNC(OBJ_ln2nid)
1056 RESOLVEFUNC(i2t_ASN1_OBJECT)
1057 RESOLVEFUNC(OBJ_obj2txt)
1058 RESOLVEFUNC(OBJ_obj2nid)
1059 RESOLVEFUNC(PEM_read_bio_PrivateKey)
1060 RESOLVEFUNC(PEM_read_bio_DSAPrivateKey)
1061 RESOLVEFUNC(PEM_read_bio_RSAPrivateKey)
1062 RESOLVEFUNC(PEM_read_bio_DHparams)
1063 RESOLVEFUNC(PEM_write_bio_DSAPrivateKey)
1064 RESOLVEFUNC(PEM_write_bio_RSAPrivateKey)
1065 RESOLVEFUNC(PEM_write_bio_PrivateKey)
1066 RESOLVEFUNC(PEM_read_bio_PUBKEY)
1067 RESOLVEFUNC(PEM_read_bio_DSA_PUBKEY)
1068 RESOLVEFUNC(PEM_read_bio_RSA_PUBKEY)
1069 RESOLVEFUNC(PEM_write_bio_DSA_PUBKEY)
1070 RESOLVEFUNC(PEM_write_bio_RSA_PUBKEY)
1071 RESOLVEFUNC(PEM_write_bio_PUBKEY)
1072 RESOLVEFUNC(RAND_seed)
1073 RESOLVEFUNC(RAND_status)
1074 RESOLVEFUNC(RAND_bytes)
1075 RESOLVEFUNC(RSA_new)
1076 RESOLVEFUNC(RSA_free)
1077 RESOLVEFUNC(SSL_CIPHER_description)
1078 RESOLVEFUNC(SSL_CIPHER_get_bits)
1079 RESOLVEFUNC(SSL_get_rbio)
1080 RESOLVEFUNC(SSL_CTX_check_private_key)
1081 RESOLVEFUNC(SSL_CTX_ctrl)
1082 RESOLVEFUNC(SSL_CTX_free)
1083 RESOLVEFUNC(SSL_CTX_new)
1084 RESOLVEFUNC(SSL_CTX_set_cipher_list)
1085 RESOLVEFUNC(SSL_CTX_callback_ctrl)
1086 RESOLVEFUNC(SSL_CTX_set_default_verify_paths)
1087 RESOLVEFUNC(SSL_CTX_set_verify)
1088 RESOLVEFUNC(SSL_CTX_set_verify_depth)
1089 RESOLVEFUNC(SSL_CTX_use_certificate)
1090 RESOLVEFUNC(SSL_CTX_use_certificate_file)
1091 RESOLVEFUNC(SSL_CTX_use_PrivateKey)
1092 RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey)
1093 RESOLVEFUNC(SSL_CTX_use_PrivateKey_file)
1094 RESOLVEFUNC(SSL_CTX_get_cert_store);
1095 RESOLVEFUNC(SSL_CONF_CTX_new);
1096 RESOLVEFUNC(SSL_CONF_CTX_free);
1097 RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx);
1098 RESOLVEFUNC(SSL_CONF_CTX_set_flags);
1099 RESOLVEFUNC(SSL_CONF_CTX_finish);
1100 RESOLVEFUNC(SSL_CONF_cmd);
1101 RESOLVEFUNC(SSL_accept)
1102 RESOLVEFUNC(SSL_clear)
1103 RESOLVEFUNC(SSL_connect)
1104 RESOLVEFUNC(SSL_free)
1105 RESOLVEFUNC(SSL_get_ciphers)
1106 RESOLVEFUNC(SSL_get_current_cipher)
1107 RESOLVEFUNC(SSL_version)
1108 RESOLVEFUNC(SSL_get_error)
1109 RESOLVEFUNC(SSL_get_peer_cert_chain)
1110 RESOLVEFUNC(SSL_get_peer_certificate)
1111 RESOLVEFUNC(SSL_get_verify_result)
1112 RESOLVEFUNC(SSL_new)
1113 RESOLVEFUNC(SSL_get_SSL_CTX)
1114 RESOLVEFUNC(SSL_ctrl)
1115 RESOLVEFUNC(SSL_read)
1116 RESOLVEFUNC(SSL_set_accept_state)
1117 RESOLVEFUNC(SSL_set_bio)
1118 RESOLVEFUNC(SSL_set_connect_state)
1119 RESOLVEFUNC(SSL_shutdown)
1120 RESOLVEFUNC(SSL_in_init)
1121 RESOLVEFUNC(SSL_get_shutdown)
1122 RESOLVEFUNC(SSL_set_session)
1123 RESOLVEFUNC(SSL_SESSION_free)
1124 RESOLVEFUNC(SSL_get1_session)
1125 RESOLVEFUNC(SSL_get_session)
1126 RESOLVEFUNC(SSL_set_ex_data)
1127 RESOLVEFUNC(SSL_get_ex_data)
1128 RESOLVEFUNC(SSL_get_ex_data_X509_STORE_CTX_idx)
1129
1130#ifndef OPENSSL_NO_PSK
1131 RESOLVEFUNC(SSL_set_psk_client_callback)
1132 RESOLVEFUNC(SSL_set_psk_server_callback)
1133 RESOLVEFUNC(SSL_CTX_use_psk_identity_hint)
1134#endif // !OPENSSL_NO_PSK
1135
1136 RESOLVEFUNC(SSL_write)
1137 RESOLVEFUNC(X509_NAME_entry_count)
1138 RESOLVEFUNC(X509_NAME_get_entry)
1139 RESOLVEFUNC(X509_NAME_ENTRY_get_data)
1140 RESOLVEFUNC(X509_NAME_ENTRY_get_object)
1141 RESOLVEFUNC(X509_PUBKEY_get)
1142 RESOLVEFUNC(X509_STORE_free)
1143 RESOLVEFUNC(X509_STORE_new)
1144 RESOLVEFUNC(X509_STORE_add_cert)
1145 RESOLVEFUNC(X509_STORE_CTX_free)
1146 RESOLVEFUNC(X509_STORE_CTX_init)
1147 RESOLVEFUNC(X509_STORE_CTX_new)
1148 RESOLVEFUNC(X509_STORE_CTX_set_purpose)
1149 RESOLVEFUNC(X509_STORE_CTX_get_error)
1150 RESOLVEFUNC(X509_STORE_CTX_get_error_depth)
1151 RESOLVEFUNC(X509_STORE_CTX_get_current_cert)
1152 RESOLVEFUNC(X509_STORE_CTX_get0_store)
1153 RESOLVEFUNC(X509_cmp)
1154 RESOLVEFUNC(X509_STORE_CTX_get_ex_data)
1155 RESOLVEFUNC(X509_dup)
1156 RESOLVEFUNC(X509_print)
1157 RESOLVEFUNC(X509_digest)
1158 RESOLVEFUNC(X509_EXTENSION_get_object)
1159 RESOLVEFUNC(X509_free)
1160 RESOLVEFUNC(X509_gmtime_adj)
1161 RESOLVEFUNC(ASN1_TIME_free)
1162 RESOLVEFUNC(X509_get_ext)
1163 RESOLVEFUNC(X509_get_ext_count)
1164 RESOLVEFUNC(X509_get_ext_d2i)
1165 RESOLVEFUNC(X509V3_EXT_get)
1166 RESOLVEFUNC(X509V3_EXT_d2i)
1167 RESOLVEFUNC(X509_EXTENSION_get_critical)
1168 RESOLVEFUNC(X509_EXTENSION_get_data)
1169 RESOLVEFUNC(BASIC_CONSTRAINTS_free)
1170 RESOLVEFUNC(AUTHORITY_KEYID_free)
1171 RESOLVEFUNC(GENERAL_NAME_free)
1172 RESOLVEFUNC(ASN1_STRING_print)
1173 RESOLVEFUNC(X509_check_issued)
1174 RESOLVEFUNC(X509_get_issuer_name)
1175 RESOLVEFUNC(X509_get_subject_name)
1176 RESOLVEFUNC(X509_get_serialNumber)
1177 RESOLVEFUNC(X509_verify_cert)
1178 RESOLVEFUNC(d2i_X509)
1179 RESOLVEFUNC(i2d_X509)
1180#if OPENSSL_VERSION_MAJOR < 3
1181 RESOLVEFUNC(SSL_CTX_load_verify_locations)
1182#else
1183 RESOLVEFUNC(SSL_CTX_load_verify_dir)
1184#endif // OPENSSL_VERSION_MAJOR
1185 RESOLVEFUNC(i2d_SSL_SESSION)
1186 RESOLVEFUNC(d2i_SSL_SESSION)
1187
1188#ifndef OPENSSL_NO_NEXTPROTONEG
1189 RESOLVEFUNC(SSL_select_next_proto)
1190 RESOLVEFUNC(SSL_CTX_set_next_proto_select_cb)
1191 RESOLVEFUNC(SSL_get0_next_proto_negotiated)
1192 RESOLVEFUNC(SSL_set_alpn_protos)
1193 RESOLVEFUNC(SSL_CTX_set_alpn_select_cb)
1194 RESOLVEFUNC(SSL_get0_alpn_selected)
1195#endif // !OPENSSL_NO_NEXTPROTONEG
1196
1197#if QT_CONFIG(dtls)
1198 RESOLVEFUNC(SSL_CTX_set_cookie_generate_cb)
1199 RESOLVEFUNC(SSL_CTX_set_cookie_verify_cb)
1200 RESOLVEFUNC(DTLS_server_method)
1201 RESOLVEFUNC(DTLS_client_method)
1202#endif // dtls
1203
1204 RESOLVEFUNC(CRYPTO_malloc)
1205 RESOLVEFUNC(DH_new)
1206 RESOLVEFUNC(DH_free)
1207 RESOLVEFUNC(d2i_DHparams)
1208 RESOLVEFUNC(i2d_DHparams)
1209#ifndef OPENSSL_NO_DEPRECATED_3_0
1210 RESOLVEFUNC(DH_check)
1211#endif // OPENSSL_NO_DEPRECATED_3_0
1212 RESOLVEFUNC(BN_bin2bn)
1213
1214#ifndef OPENSSL_NO_EC
1215 RESOLVEFUNC(EC_KEY_dup)
1216 RESOLVEFUNC(EC_KEY_new_by_curve_name)
1217 RESOLVEFUNC(EC_KEY_free)
1218 RESOLVEFUNC(EC_get_builtin_curves)
1219#endif // OPENSSL_NO_EC
1220
1221 RESOLVEFUNC(PKCS12_parse)
1222 RESOLVEFUNC(d2i_PKCS12_bio)
1223 RESOLVEFUNC(PKCS12_free)
1224
1225 symbolsResolved.storeRelease(newValue: true);
1226 return true;
1227}
1228#endif // QT_CONFIG(library)
1229
1230#else // !defined QT_LINKED_OPENSSL
1231
1232bool q_resolveOpenSslSymbols()
1233{
1234#ifdef QT_NO_OPENSSL
1235 return false;
1236#endif
1237 return true;
1238}
1239#endif // !defined QT_LINKED_OPENSSL
1240
1241//==============================================================================
1242// contributed by Jay Case of Sarvega, Inc.; http://sarvega.com/
1243// Based on X509_cmp_time() for intitial buffer hacking.
1244//==============================================================================
1245QDateTime q_getTimeFromASN1(const ASN1_TIME *aTime)
1246{
1247 size_t lTimeLength = aTime->length;
1248 char *pString = (char *) aTime->data;
1249 auto isValidPointer = [pString, lTimeLength](const char *const probe){
1250 return size_t(probe - pString) < lTimeLength;
1251 };
1252
1253 if (aTime->type == V_ASN1_UTCTIME) {
1254
1255 char lBuffer[24];
1256 char *pBuffer = lBuffer;
1257
1258 if ((lTimeLength < 11) || (lTimeLength > 17))
1259 return QDateTime();
1260
1261 memcpy(dest: pBuffer, src: pString, n: 10);
1262 pBuffer += 10;
1263 pString += 10;
1264
1265 if ((*pString == 'Z') || (*pString == '-') || (*pString == '+')) {
1266 *pBuffer++ = '0';
1267 *pBuffer++ = '0';
1268 } else {
1269 *pBuffer++ = *pString++;
1270 if (!isValidPointer(pString)) // Nah.
1271 return {};
1272 *pBuffer++ = *pString++;
1273 if (!isValidPointer(pString)) // Nah.
1274 return {};
1275 // Skip any fractional seconds...
1276 if (*pString == '.') {
1277 pString++;
1278 if (!isValidPointer(pString)) // Oh no, cannot dereference (see below).
1279 return {};
1280 while ((*pString >= '0') && (*pString <= '9')) {
1281 pString++;
1282 if (!isValidPointer(pString)) // No and no.
1283 return {};
1284 }
1285 }
1286 }
1287
1288 *pBuffer++ = 'Z';
1289 *pBuffer++ = '\0';
1290
1291 time_t lSecondsFromUCT;
1292 if (*pString == 'Z') {
1293 lSecondsFromUCT = 0;
1294 } else {
1295 if ((*pString != '+') && (*pString != '-'))
1296 return QDateTime();
1297
1298 if (!isValidPointer(pString + 4)) {
1299 // What kind of input parameters we were provided with? To hell with them!
1300 return {};
1301 }
1302 lSecondsFromUCT = ((pString[1] - '0') * 10 + (pString[2] - '0')) * 60;
1303 lSecondsFromUCT += (pString[3] - '0') * 10 + (pString[4] - '0');
1304 lSecondsFromUCT *= 60;
1305 if (*pString == '-')
1306 lSecondsFromUCT = -lSecondsFromUCT;
1307 }
1308
1309 tm lTime;
1310 lTime.tm_sec = ((lBuffer[10] - '0') * 10) + (lBuffer[11] - '0');
1311 lTime.tm_min = ((lBuffer[8] - '0') * 10) + (lBuffer[9] - '0');
1312 lTime.tm_hour = ((lBuffer[6] - '0') * 10) + (lBuffer[7] - '0');
1313 lTime.tm_mday = ((lBuffer[4] - '0') * 10) + (lBuffer[5] - '0');
1314 lTime.tm_mon = (((lBuffer[2] - '0') * 10) + (lBuffer[3] - '0')) - 1;
1315 lTime.tm_year = ((lBuffer[0] - '0') * 10) + (lBuffer[1] - '0');
1316 if (lTime.tm_year < 50)
1317 lTime.tm_year += 100; // RFC 2459
1318
1319 QDate resDate(lTime.tm_year + 1900, lTime.tm_mon + 1, lTime.tm_mday);
1320 QTime resTime(lTime.tm_hour, lTime.tm_min, lTime.tm_sec);
1321
1322 QDateTime result(resDate, resTime, Qt::UTC);
1323 result = result.addSecs(secs: lSecondsFromUCT);
1324 return result;
1325
1326 } else if (aTime->type == V_ASN1_GENERALIZEDTIME) {
1327
1328 if (lTimeLength < 15)
1329 return QDateTime(); // hopefully never triggered
1330
1331 // generalized time is always YYYYMMDDHHMMSSZ (RFC 2459, section 4.1.2.5.2)
1332 tm lTime;
1333 lTime.tm_sec = ((pString[12] - '0') * 10) + (pString[13] - '0');
1334 lTime.tm_min = ((pString[10] - '0') * 10) + (pString[11] - '0');
1335 lTime.tm_hour = ((pString[8] - '0') * 10) + (pString[9] - '0');
1336 lTime.tm_mday = ((pString[6] - '0') * 10) + (pString[7] - '0');
1337 lTime.tm_mon = (((pString[4] - '0') * 10) + (pString[5] - '0'));
1338 lTime.tm_year = ((pString[0] - '0') * 1000) + ((pString[1] - '0') * 100) +
1339 ((pString[2] - '0') * 10) + (pString[3] - '0');
1340
1341 QDate resDate(lTime.tm_year, lTime.tm_mon, lTime.tm_mday);
1342 QTime resTime(lTime.tm_hour, lTime.tm_min, lTime.tm_sec);
1343
1344 QDateTime result(resDate, resTime, Qt::UTC);
1345 return result;
1346
1347 } else {
1348 qCWarning(lcSsl, "unsupported date format detected");
1349 return QDateTime();
1350 }
1351
1352}
1353
1354QT_END_NAMESPACE
1355

source code of qtbase/src/network/ssl/qsslsocket_openssl_symbols.cpp