tst_QSslKey: prepare for the migration to OpenSSL v3
Many algorithms (ciphers etc.) had become 'legacy' in OpenSSL v3, meaning they are not available by default. Since we don't mess with loading providers and don't load the 'legacy' one, we have to skip tests involving such algorithms. Fixes: QTBUG-104232 Change-Id: Ieceabeb080e531aeb24f733cb8c83ad08a25049c Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 7949dab8abbc65b11650e1f91a797889fe834090) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
This commit is contained in:
Timur Pocheptsov
Qt Cherry-pick Bot
parent
b601eb7dab
commit
5dd3aebed3
@ -90,6 +90,7 @@ private:
|
||||
QString testDataDir;
|
||||
|
||||
bool fileContainsUnsupportedEllipticCurve(const QString &fileName) const;
|
||||
bool algorithmsSupported(const QString &fileName) const;
|
||||
QVector<QString> unsupportedCurves;
|
||||
|
||||
bool isOpenSsl = false;
|
||||
@ -153,6 +154,34 @@ bool tst_QSslKey::fileContainsUnsupportedEllipticCurve(const QString &fileName)
|
||||
return false;
|
||||
}
|
||||
|
||||
bool tst_QSslKey::algorithmsSupported(const QString &fileName) const
|
||||
{
|
||||
if (isSchannel && fileName.contains("RC2-64")) // Schannel treats RC2 as 128 bit
|
||||
return false;
|
||||
|
||||
if (isSchannel || isSecureTransport) {
|
||||
// No AES support in the generic back-end, PKCS#12 algorithms not supported either.
|
||||
return !(fileName.contains(QRegularExpression("-aes\\d\\d\\d-")) || fileName.contains("pkcs8-pkcs12"));
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_MAJOR < 3
|
||||
// If it's not built with OpenSSL or it's OpenSSL v < 3.
|
||||
return true;
|
||||
#else
|
||||
// OpenSSL v3 first introduced the notion of 'providers'. Many algorithms
|
||||
// were moved into the 'legacy' provider. While they are still supported in theory,
|
||||
// the 'legacy' provider is NOT loaded by default and we are not loading it either.
|
||||
// Thus, some of the keys we are using in tst_QSslKey would fail the test. We
|
||||
// have to filter them out.
|
||||
const auto name = fileName.toLower();
|
||||
if (name.contains("-des."))
|
||||
return false;
|
||||
|
||||
return !name.contains("-rc2-") && !name.contains("-rc4-");
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
void tst_QSslKey::initTestCase()
|
||||
{
|
||||
testDataDir = QFileInfo(QFINDTESTDATA("rsa-without-passphrase.pem")).absolutePath();
|
||||
@ -221,17 +250,8 @@ void tst_QSslKey::createPlainTestRows(bool pemOnly)
|
||||
if (pemOnly && keyInfo.format != QSsl::EncodingFormat::Pem)
|
||||
continue;
|
||||
|
||||
if (isSchannel) {
|
||||
if (keyInfo.fileInfo.fileName().contains("RC2-64"))
|
||||
continue; // Schannel treats RC2 as 128 bit
|
||||
}
|
||||
|
||||
if (isSchannel || isSecureTransport) {
|
||||
if (keyInfo.fileInfo.fileName().contains(QRegularExpression("-aes\\d\\d\\d-")))
|
||||
continue; // No AES support in the generic back-end
|
||||
if (keyInfo.fileInfo.fileName().contains("pkcs8-pkcs12"))
|
||||
continue; // The generic back-end doesn't support PKCS#12 algorithms
|
||||
}
|
||||
if (!algorithmsSupported(keyInfo.fileInfo.fileName()))
|
||||
continue;
|
||||
|
||||
QTest::newRow(keyInfo.fileInfo.fileName().toLatin1())
|
||||
<< keyInfo.fileInfo.absoluteFilePath() << keyInfo.algorithm << keyInfo.type
|
||||
@ -525,9 +545,15 @@ void tst_QSslKey::passphraseChecks_data()
|
||||
const QByteArray pass("123");
|
||||
const QByteArray aesPass("1234");
|
||||
|
||||
#if OPENSSL_VERSION_MAJOR < 3
|
||||
// DES and RC2 are not provided by default in OpenSSL v3.
|
||||
// This part is for either non-OpenSSL build, or OpenSSL v < 3.x.
|
||||
QTest::newRow("DES") << QString(testDataDir + "rsa-with-passphrase-des.pem") << pass;
|
||||
QTest::newRow("3DES") << QString(testDataDir + "rsa-with-passphrase-3des.pem") << pass;
|
||||
QTest::newRow("RC2") << QString(testDataDir + "rsa-with-passphrase-rc2.pem") << pass;
|
||||
#endif // OPENSSL_VERSION_MAJOR
|
||||
|
||||
QTest::newRow("3DES") << QString(testDataDir + "rsa-with-passphrase-3des.pem") << pass;
|
||||
|
||||
#if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES)
|
||||
QTest::newRow("AES128") << QString(testDataDir + "rsa-with-passphrase-aes128.pem") << aesPass;
|
||||
QTest::newRow("AES192") << QString(testDataDir + "rsa-with-passphrase-aes192.pem") << aesPass;
|
||||
@ -624,6 +650,9 @@ void tst_QSslKey::encrypt_data()
|
||||
QTest::addColumn<QByteArray>("iv");
|
||||
|
||||
QByteArray iv("abcdefgh");
|
||||
#if OPENSSL_VERSION_MAJOR < 3
|
||||
// Either non-OpenSSL build, or OpenSSL v < 3
|
||||
// (with DES and other legacy algorithms available by default)
|
||||
QTest::newRow("DES-CBC, length 0")
|
||||
<< Cipher::DesCbc << QByteArray("01234567")
|
||||
<< QByteArray()
|
||||
@ -713,6 +742,7 @@ void tst_QSslKey::encrypt_data()
|
||||
<< QByteArray(8, 'a')
|
||||
<< QByteArray::fromHex("5AEC1A5B295660B02613454232F7DECE")
|
||||
<< iv;
|
||||
#endif // OPENSSL_VERSION_MAJOR
|
||||
|
||||
#if defined(QT_NO_OPENSSL) || !defined(OPENSSL_NO_AES)
|
||||
// AES needs a longer IV
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user