From a44e0ca93cc546b89a2b4a2104c36a9054cef2bd Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Wed, 15 Feb 2023 15:40:25 +0100 Subject: [PATCH] Fix QCH:supportsAlgorithm() result for unsupported hashes in OpenSSL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OpenSSL doesn't support some Blake2s and Blake2b hashes and querying these would automatically report that they are unsupported, while we are actually using non-OpenSSL implementataion for these and therefore they are always supported. Change-Id: I300694459891c3103502705d6c8271caa47d8d01 Reviewed-by: MÃ¥rten Nordheim (cherry picked from commit 86a517ac786c90b9ce8deb502c413287e31058c2) Reviewed-by: Qt Cherry-pick Bot --- src/corelib/tools/qcryptographichash.cpp | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/src/corelib/tools/qcryptographichash.cpp b/src/corelib/tools/qcryptographichash.cpp index 32580113237..6c71e095dc3 100644 --- a/src/corelib/tools/qcryptographichash.cpp +++ b/src/corelib/tools/qcryptographichash.cpp @@ -222,7 +222,21 @@ static constexpr const char * methodToName(QCryptographicHash::Algorithm method) default: return nullptr; } } -#endif + +/* + Checks whether given method is not provided by OpenSSL and whether we will + have a fallback to non-OpenSSL implementation. +*/ +static constexpr bool useNonOpenSSLFallback(QCryptographicHash::Algorithm method) noexcept +{ + if (method == QCryptographicHash::Blake2b_160 || method == QCryptographicHash::Blake2b_256 || + method == QCryptographicHash::Blake2b_384 || method == QCryptographicHash::Blake2s_128 || + method == QCryptographicHash::Blake2s_160 || method == QCryptographicHash::Blake2s_224) + return true; + + return false; +} +#endif // USING_OPENSSL30 class QCryptographicHashPrivate { @@ -913,6 +927,12 @@ bool QCryptographicHash::supportsAlgorithm(QCryptographicHash::Algorithm method) bool QCryptographicHashPrivate::supportsAlgorithm(QCryptographicHash::Algorithm method) { #ifdef USING_OPENSSL30 + // OpenSSL doesn't support Blake2b{60,236,384} and Blake2s{128,160,224} + // and these would automatically return FALSE in that case, while they are + // actually supported by our non-OpenSSL implementation. + if (useNonOpenSSLFallback(method)) + return true; + OSSL_PROVIDER_load(nullptr, "legacy"); OSSL_PROVIDER_load(nullptr, "default");