diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2311034fe..419014eeb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -50,7 +50,7 @@ jobs: container: ${{ matrix.container }} strategy: matrix: - container: ['ubuntu:20.04', 'ubuntu:21.10'] + container: ['ubuntu:20.04', 'ubuntu:21.10', 'ubuntu:22.04'] env: DEBIAN_FRONTEND: noninteractive DEBFULLNAME: 'github-actions' diff --git a/client/CryptoDoc.cpp b/client/CryptoDoc.cpp index 0d7969c53..5c8b7ada6 100644 --- a/client/CryptoDoc.cpp +++ b/client/CryptoDoc.cpp @@ -638,7 +638,7 @@ void CryptoDoc::Private::writeCDoc(QIODevice *cdoc, const QByteArray &transportK pcuchar pp = pcuchar(derCert.data()); auto peerCert = SCOPE(X509, d2i_X509(nullptr, &pp, derCert.size())); EVP_PKEY *peerPKey = X509_get0_pubkey(peerCert.get()); - EC_KEY *peerECKey = EVP_PKEY_get0_EC_KEY(peerPKey); + const EC_KEY *peerECKey = EVP_PKEY_get0_EC_KEY(peerPKey); int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(peerECKey)); auto priv = SCOPE(EC_KEY, EC_KEY_new_by_curve_name(curve)); auto pkey = SCOPE(EVP_PKEY, EVP_PKEY_new()); diff --git a/client/SslCertificate.cpp b/client/SslCertificate.cpp index 4299f18bd..09111fcdc 100644 --- a/client/SslCertificate.cpp +++ b/client/SslCertificate.cpp @@ -189,7 +189,7 @@ QString SslCertificate::keyName() const if(X509 *c = (X509*)handle()) { EVP_PKEY *key = X509_get0_pubkey(c); - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(key); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(key); int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); ASN1_OBJECT *obj = OBJ_nid2obj(nid); QByteArray buff(50, 0); @@ -452,9 +452,7 @@ class PKCS12Certificate::Private final: public QSharedData } } - QList caCerts; QSslCertificate cert; - QSslKey key; PKCS12Certificate::ErrorType error = PKCS12Certificate::NullError; QString errorString; }; @@ -476,29 +474,22 @@ PKCS12Certificate::PKCS12Certificate( const QByteArray &data, const QString &pin return; } - STACK_OF(X509) *ca = nullptr; X509 *c = nullptr; EVP_PKEY *k = nullptr; QByteArray _pin = pin.toUtf8(); - int ret = PKCS12_parse(p12, _pin.constData(), &k, &c, &ca); + int ret = PKCS12_parse(p12, _pin.constData(), &k, &c, nullptr); PKCS12_free(p12); if(!ret) { d->setLastError(); return; } - // Hack: clear PKCS12_parse error ERROR: 185073780 - error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch ERR_get_error(); - auto fromX509 = [](X509 *x509) { return QSslCertificate(i2dDer(i2d_X509, x509), QSsl::Der); }; - d->cert = fromX509(c); - d->key = fromEVP(Qt::HANDLE(k)); - for(int i = 0; i < sk_X509_num(ca); ++i) - d->caCerts << fromX509(sk_X509_value(ca, i)); + d->cert = QSslCertificate(i2dDer(i2d_X509, c), QSsl::Der); X509_free(c); EVP_PKEY_free(k); - sk_X509_free(ca); } PKCS12Certificate::PKCS12Certificate( const PKCS12Certificate &other ) = default; @@ -507,7 +498,6 @@ PKCS12Certificate& PKCS12Certificate::operator=(const PKCS12Certificate &other) PKCS12Certificate& PKCS12Certificate::operator=(PKCS12Certificate &&other) Q_DECL_NOEXCEPT = default; PKCS12Certificate::~PKCS12Certificate() = default; -QList PKCS12Certificate::caCertificates() const { return d->caCerts; } QSslCertificate PKCS12Certificate::certificate() const { return d->cert; } PKCS12Certificate::ErrorType PKCS12Certificate::error() const { return d->error; } QString PKCS12Certificate::errorString() const { return d->errorString; } @@ -525,47 +515,4 @@ PKCS12Certificate PKCS12Certificate::fromPath( const QString &path, const QStrin return p12; } - -QSslKey PKCS12Certificate::fromEVP(Qt::HANDLE evp) const -{ - EVP_PKEY *key = (EVP_PKEY*)evp; - unsigned char *data = nullptr; - int len = 0; - QSsl::KeyAlgorithm alg = QSsl::Rsa; - QSsl::KeyType type = QSsl::PublicKey; - - switch(EVP_PKEY_base_id(key)) - { - case EVP_PKEY_RSA: - { - RSA *rsa = EVP_PKEY_get0_RSA(key); - alg = QSsl::Rsa; - const BIGNUM *d = nullptr; - RSA_get0_key(rsa, nullptr, nullptr, &d); - type = d ? QSsl::PrivateKey : QSsl::PublicKey; - len = d ? i2d_RSAPrivateKey(rsa, &data) : i2d_RSAPublicKey(rsa, &data); - break; - } - case EVP_PKEY_DSA: - { - DSA *dsa = EVP_PKEY_get0_DSA(key); - alg = QSsl::Dsa; - const BIGNUM *priv_key = nullptr; - DSA_get0_key(dsa, nullptr, &priv_key); - type = priv_key ? QSsl::PrivateKey : QSsl::PublicKey; - len = priv_key ? i2d_DSAPrivateKey(dsa, &data) : i2d_DSAPublicKey(dsa, &data); - break; - } - default: break; - } - - QSslKey k; - if( len > 0 ) - k = QSslKey(QByteArray::fromRawData((char*)data, len), alg, QSsl::Der, type); - OPENSSL_free(data); - - return k; -} - -bool PKCS12Certificate::isNull() const { return d->cert.isNull() && d->key.isNull(); } -QSslKey PKCS12Certificate::key() const { return d->key; } +bool PKCS12Certificate::isNull() const { return d->cert.isNull(); } diff --git a/client/SslCertificate.h b/client/SslCertificate.h index ec66b6a3f..004d918c3 100644 --- a/client/SslCertificate.h +++ b/client/SslCertificate.h @@ -133,18 +133,14 @@ class PKCS12Certificate PKCS12Certificate& operator =(const PKCS12Certificate &other); PKCS12Certificate& operator =(PKCS12Certificate &&other) Q_DECL_NOEXCEPT; - QList caCertificates() const; QSslCertificate certificate() const; ErrorType error() const; QString errorString() const; bool isNull() const; - QSslKey key() const; static PKCS12Certificate fromPath( const QString &path, const QString &pin ); private: - QSslKey fromEVP(Qt::HANDLE evp) const; - class Private; QSharedDataPointer d; }; diff --git a/prepare_osx_build_environment.sh b/prepare_osx_build_environment.sh index 6f9d9b297..49db32faa 100755 --- a/prepare_osx_build_environment.sh +++ b/prepare_osx_build_environment.sh @@ -5,8 +5,8 @@ set -e ######### Versions of libraries/frameworks to be compiled QT_VER="5.12.12" -OPENSSL_VER="1.1.1n" -OPENLDAP_VER="2.6.1" +OPENSSL_VER="1.1.1o" +OPENLDAP_VER="2.6.2" REBUILD=false BUILD_PATH=~/cmake_builds : ${MACOSX_DEPLOYMENT_TARGET:="10.14"}