Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package qca for openSUSE:Factory checked in at 2021-09-20 23:32:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/qca (Old) and /work/SRC/openSUSE:Factory/.qca.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qca" Mon Sep 20 23:32:08 2021 rev:4 rq:919654 version:2.3.4 Changes: -------- --- /work/SRC/openSUSE:Factory/qca/qca.changes 2021-06-24 18:22:06.884885636 +0200 +++ /work/SRC/openSUSE:Factory/.qca.new.1899/qca.changes 2021-09-20 23:32:41.779139712 +0200 @@ -1,0 +2,15 @@ +Tue Sep 14 20:24:59 UTC 2021 - Fabian Vogt <[email protected]> + +- Run ctest in %check +- Add patch to make %check much quicker: + * 0001-Make-filewatchunittest-much-quicker.patch + +------------------------------------------------------------------- +Tue Sep 14 20:09:30 UTC 2021 - Fabian Vogt <[email protected]> + +- Update to 2.3.4: + * OpenSSL 3 support + * Don't create pkgconfig files for Qt 6 builds + * Minor test fix + +------------------------------------------------------------------- Old: ---- qca-2.3.3.tar.xz qca-2.3.3.tar.xz.sig New: ---- 0001-Make-filewatchunittest-much-quicker.patch qca-2.3.4.tar.xz qca-2.3.4.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qca.spec ++++++ --- /var/tmp/diff_new_pack.dRWbYo/_old 2021-09-20 23:32:42.379140454 +0200 +++ /var/tmp/diff_new_pack.dRWbYo/_new 2021-09-20 23:32:42.379140454 +0200 @@ -38,7 +38,7 @@ %define _soversion 2 %bcond_without pkcs11 Name: qca%{pkgname_suffix} -Version: 2.3.3 +Version: 2.3.4 Release: 0 Summary: Qt Cryptographic Architecture 2 License: LGPL-2.1-or-later @@ -48,6 +48,8 @@ Source2: qca.keyring # PATCH-FIX-OPENSUSE Patch0: qca-2.3.0-fixDSA.patch +# PATCH-FIX-UPSTREAM +Patch1: 0001-Make-filewatchunittest-much-quicker.patch BuildRequires: ca-certificates BuildRequires: cmake BuildRequires: gpg2 @@ -61,6 +63,7 @@ %if 0%{?qt5} BuildRequires: cmake(Qt5Core) >= %{qt_min_version} BuildRequires: cmake(Qt5Network) >= %{qt_min_version} +BuildRequires: cmake(Qt5Test) >= %{qt_min_version} %endif %if 0%{?qt6} BuildRequires: cmake(Qt6Core) >= %{qt_min_version} @@ -136,6 +139,8 @@ %prep %autosetup -p1 -n qca-%{version} +# Don't build examples +echo > examples/CMakeLists.txt %build %if 0%{?qt5} @@ -144,7 +149,7 @@ %cmake_qt6 \ -DQT6=ON \ %endif - -DBUILD_TESTS=OFF \ + -DBUILD_TESTS=ON \ -DQCA_INSTALL_IN_QT_PREFIX=ON \ -DQCA_BINARY_INSTALL_DIR:PATH="%{_bindir}" \ -DQCA_MAN_INSTALL_DIR:PATH="%{_mandir}" \ @@ -163,10 +168,8 @@ %qt6_install %endif -# Only Qt5 creates pkgconfig files -%if !0%{?qt5} -rm %{buildroot}%{_libdir}/pkgconfig/qca2-%{flavor}.pc -%endif +%check +%ctest %post -n libqca-%{flavor}-%{_soversion} -p /sbin/ldconfig %postun -n libqca-%{flavor}-%{_soversion} -p /sbin/ldconfig ++++++ 0001-Make-filewatchunittest-much-quicker.patch ++++++ >From b9d914bb3b5b0ecf8568adf1b4610d4da2cde244 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Wed, 15 Sep 2021 10:34:08 +0200 Subject: [PATCH] Make filewatchunittest much quicker Use QSignalSpy::wait to avoid waiting needlessly. Reduce time to wait for (expected and unexpected) signals to 2s. --- .../filewatchunittest/filewatchunittest.cpp | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/unittest/filewatchunittest/filewatchunittest.cpp b/unittest/filewatchunittest/filewatchunittest.cpp index d1bc117c..63baa655 100644 --- a/unittest/filewatchunittest/filewatchunittest.cpp +++ b/unittest/filewatchunittest/filewatchunittest.cpp @@ -40,7 +40,7 @@ void FileWatchUnitTest::cleanupTestCase() void FileWatchUnitTest::filewatchTest() { - QWARN("Unittest will take about 1 minute. Please wait."); + QWARN("Unittest will take about 10 seconds. Please wait."); QCA::FileWatch watcher; QCOMPARE(watcher.fileName(), QString()); @@ -55,41 +55,40 @@ void FileWatchUnitTest::filewatchTest() watcher.setFileName(tempFile->fileName()); QCOMPARE(watcher.fileName(), tempFile->fileName()); - QTest::qWait(7000); + QVERIFY(!spy.wait(2000)); QCOMPARE(spy.count(), 0); tempFile->close(); - QTest::qWait(7000); + QVERIFY(!spy.wait(2000)); QCOMPARE(spy.count(), 0); tempFile->open(); tempFile->write("foo"); tempFile->flush(); - QTest::qWait(7000); + QVERIFY(spy.wait(2000)); QCOMPARE(spy.count(), 1); tempFile->close(); - QTest::qWait(7000); - + QVERIFY(!spy.wait(2000)); QCOMPARE(spy.count(), 1); tempFile->open(); tempFile->write("foo"); tempFile->flush(); - QTest::qWait(7000); + QVERIFY(spy.wait(2000)); QCOMPARE(spy.count(), 2); tempFile->write("bar"); tempFile->flush(); - QTest::qWait(7000); + QVERIFY(spy.wait(2000)); QCOMPARE(spy.count(), 3); tempFile->close(); - QTest::qWait(7000); + QVERIFY(!spy.wait(2000)); QCOMPARE(spy.count(), 3); delete tempFile; - QTest::qWait(7000); + QVERIFY(spy.wait(2000)); QCOMPARE(spy.count(), 4); } -- 2.33.0 ++++++ qca-2.3.3.tar.xz -> qca-2.3.4.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qca-2.3.3/.gitlab-ci.yml new/qca-2.3.4/.gitlab-ci.yml --- old/qca-2.3.3/.gitlab-ci.yml 2021-06-01 15:59:35.000000000 +0200 +++ new/qca-2.3.4/.gitlab-ci.yml 2021-09-14 14:41:31.000000000 +0200 @@ -39,6 +39,24 @@ - "run-clang-tidy -header-filter='.*/qca/.*' -checks='-*,performance-*,modernize-deprecated-headers,modernize-make-unique,modernize-make-shared,modernize-use-override,modernize-use-equals-delete,modernize-use-emplace,modernize-use-bool-literals,modernize-redundant-void-arg,modernize-loop-convert,modernize-use-nullptr,-performance-no-automatic-move' -config=\"{WarningsAsErrors: '*'}\"" - QT_PLUGIN_PATH=`pwd`/lib/qca-qt5/ ctest -V +build_openssl3: + stage: build + image: debian:unstable + before_script: + - echo 'deb-src http://deb.debian.org/debian unstable main' >> /etc/apt/sources.list + - apt-get update + - apt-get install --yes eatmydata + - eatmydata apt-get build-dep --yes --no-install-recommends qca2 + - eatmydata apt-get install --yes --no-install-recommends ninja-build libbotan-2-dev libnss3-dev libgcrypt20-dev libpkcs11-helper1-dev gnupg + - echo 'deb http://deb.debian.org/debian experimental main' >> /etc/apt/sources.list + - apt-get update + - eatmydata apt-get -t experimental install --yes libssl-dev + script: + - mkdir -p build && cd build + - cmake -G Ninja .. + - ninja + - QT_PLUGIN_PATH=`pwd`/lib/qca-qt5/ ctest -V + clang_format: stage: build image: debian:testing diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qca-2.3.3/CMakeLists.txt new/qca-2.3.4/CMakeLists.txt --- old/qca-2.3.3/CMakeLists.txt 2021-06-01 15:59:35.000000000 +0200 +++ new/qca-2.3.4/CMakeLists.txt 2021-09-14 14:41:31.000000000 +0200 @@ -13,7 +13,7 @@ set(QCA_LIB_MAJOR_VERSION "2") set(QCA_LIB_MINOR_VERSION "3") -set(QCA_LIB_PATCH_VERSION "3") +set(QCA_LIB_PATCH_VERSION "4") if(POLICY CMP0042) cmake_policy(SET CMP0042 OLD) @@ -246,10 +246,12 @@ set(PKGCONFIG_LIBS "-L\${libdir} -l${QCA_LIB_NAME}") endif() - # qca2.pc uses absolute paths. So it must be there. Don't rellocate this. - configure_file("qca2.pc.cmake" "${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pkgconfig/${QCA_PC_NAME}" @ONLY) - if(NOT DEVELOPER_MODE) - install(FILES "${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pkgconfig/${QCA_PC_NAME}" DESTINATION ${PKGCONFIG_INSTALL_PREFIX}) + if(NOT QT6) + # qca2.pc uses absolute paths. So it must be there. Don't rellocate this. + configure_file("qca2.pc.cmake" "${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pkgconfig/${QCA_PC_NAME}" @ONLY) + if(NOT DEVELOPER_MODE) + install(FILES "${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/pkgconfig/${QCA_PC_NAME}" DESTINATION ${PKGCONFIG_INSTALL_PREFIX}) + endif() endif() endif() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qca-2.3.3/plugins/qca-ossl/qca-ossl.cpp new/qca-2.3.4/plugins/qca-ossl/qca-ossl.cpp --- old/qca-2.3.3/plugins/qca-ossl/qca-ossl.cpp 2021-06-01 15:59:35.000000000 +0200 +++ new/qca-2.3.4/plugins/qca-ossl/qca-ossl.cpp 2021-09-14 14:41:31.000000000 +0200 @@ -34,16 +34,27 @@ #include <iostream> #include <openssl/err.h> +#include <openssl/opensslv.h> #include <openssl/pem.h> #include <openssl/pkcs12.h> #include <openssl/rand.h> #include <openssl/ssl.h> #include <openssl/x509v3.h> +#ifdef OPENSSL_VERSION_MAJOR +#include <openssl/provider.h> +#endif #include <openssl/kdf.h> using namespace QCA; +namespace { +static const auto DsaDeleter = [](DSA *pointer) { + if (pointer) + DSA_free((DSA *)pointer); +}; +} // end of anonymous namespace + namespace opensslQCAPlugin { //---------------------------------------------------------------------------- @@ -1266,9 +1277,9 @@ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr); EVP_PKEY_derive_init(pctx); EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()); - EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt.data(), int(salt.size())); - EVP_PKEY_CTX_set1_hkdf_key(pctx, secret.data(), int(secret.size())); - EVP_PKEY_CTX_add1_hkdf_info(pctx, info.data(), int(info.size())); + EVP_PKEY_CTX_set1_hkdf_salt(pctx, (const unsigned char *)salt.data(), int(salt.size())); + EVP_PKEY_CTX_set1_hkdf_key(pctx, (const unsigned char *)secret.data(), int(secret.size())); + EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)info.data(), int(info.size())); size_t outlen = out.size(); EVP_PKEY_derive(pctx, reinterpret_cast<unsigned char *>(out.data()), &outlen); EVP_PKEY_CTX_free(pctx); @@ -1442,11 +1453,11 @@ int type = EVP_PKEY_id(pkey); if (type == EVP_PKEY_RSA) { - RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(pkey); if (RSA_private_encrypt(raw.size(), (unsigned char *)raw.data(), (unsigned char *)out.data(), - rsa, + (RSA *)rsa, RSA_PKCS1_PADDING) == -1) { state = SignError; return SecureArray(); @@ -1481,11 +1492,11 @@ int type = EVP_PKEY_id(pkey); if (type == EVP_PKEY_RSA) { - RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const RSA *rsa = EVP_PKEY_get0_RSA(pkey); if ((len = RSA_public_decrypt(sig.size(), (unsigned char *)sig.data(), (unsigned char *)out.data(), - rsa, + (RSA *)rsa, RSA_PKCS1_PADDING)) == -1) { state = VerifyError; return false; @@ -1608,12 +1619,6 @@ }; #ifndef OPENSSL_FIPS -namespace { -static const auto DsaDeleter = [](DSA *pointer) { - if (pointer) - DSA_free((DSA *)pointer); -}; -} // end of anonymous namespace static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams *params) { @@ -1850,8 +1855,9 @@ if (BN_set_word(e.get(), exp) != 1) return; - if (RSA_generate_key_ex(rsa.get(), bits, e.get(), nullptr) == 0) + if (RSA_generate_key_ex(rsa.get(), bits, e.get(), nullptr) == 0) { return; + } result = rsa.release(); } @@ -1924,7 +1930,7 @@ return; // extract the public key into DER format - RSA * rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey); int len = i2d_RSAPublicKey(rsa_pkey, nullptr); SecureArray result(len); unsigned char *p = (unsigned char *)result.data(); @@ -1946,8 +1952,8 @@ int maximumEncryptSize(EncryptionAlgorithm alg) const override { - RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); - int size = 0; + const RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + int size = 0; switch (alg) { case EME_PKCS1v15: size = RSA_size(rsa) - 11 - 1; @@ -1968,7 +1974,7 @@ SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg) override { - RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); SecureArray buf = in; int max = maximumEncryptSize(alg); @@ -1984,9 +1990,13 @@ case EME_PKCS1_OAEP: pad = RSA_PKCS1_OAEP_PADDING; break; +// OPENSSL_VERSION_MAJOR is only defined on openssl > 3.0 +// that doesn't have RSA_SSLV23_PADDING so we can use it negatively here +#ifndef OPENSSL_VERSION_MAJOR case EME_PKCS1v15_SSL: pad = RSA_SSLV23_PADDING; break; +#endif case EME_NO_PADDING: pad = RSA_NO_PADDING; break; @@ -1997,10 +2007,11 @@ int ret; if (isPrivate()) - ret = - RSA_private_encrypt(buf.size(), (unsigned char *)buf.data(), (unsigned char *)result.data(), rsa, pad); + ret = RSA_private_encrypt( + buf.size(), (unsigned char *)buf.data(), (unsigned char *)result.data(), (RSA *)rsa, pad); else - ret = RSA_public_encrypt(buf.size(), (unsigned char *)buf.data(), (unsigned char *)result.data(), rsa, pad); + ret = RSA_public_encrypt( + buf.size(), (unsigned char *)buf.data(), (unsigned char *)result.data(), (RSA *)rsa, pad); if (ret < 0) return SecureArray(); @@ -2011,7 +2022,7 @@ bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg) override { - RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); SecureArray result(RSA_size(rsa)); int pad; @@ -2022,9 +2033,13 @@ case EME_PKCS1_OAEP: pad = RSA_PKCS1_OAEP_PADDING; break; +// OPENSSL_VERSION_MAJOR is only defined on openssl > 3.0 +// that doesn't have RSA_SSLV23_PADDING so we can use it negatively here +#ifndef OPENSSL_VERSION_MAJOR case EME_PKCS1v15_SSL: pad = RSA_SSLV23_PADDING; break; +#endif case EME_NO_PADDING: pad = RSA_NO_PADDING; break; @@ -2035,9 +2050,11 @@ int ret; if (isPrivate()) - ret = RSA_private_decrypt(in.size(), (unsigned char *)in.data(), (unsigned char *)result.data(), rsa, pad); + ret = RSA_private_decrypt( + in.size(), (unsigned char *)in.data(), (unsigned char *)result.data(), (RSA *)rsa, pad); else - ret = RSA_public_decrypt(in.size(), (unsigned char *)in.data(), (unsigned char *)result.data(), rsa, pad); + ret = RSA_public_decrypt( + in.size(), (unsigned char *)in.data(), (unsigned char *)result.data(), (RSA *)rsa, pad); if (ret < 0) return false; @@ -2174,7 +2191,7 @@ BigInteger n() const override { - RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bnn; RSA_get0_key(rsa, &bnn, nullptr, nullptr); return bn2bi(bnn); @@ -2182,7 +2199,7 @@ BigInteger e() const override { - RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bne; RSA_get0_key(rsa, nullptr, &bne, nullptr); return bn2bi(bne); @@ -2190,7 +2207,7 @@ BigInteger p() const override { - RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bnp; RSA_get0_factors(rsa, &bnp, nullptr); return bn2bi(bnp); @@ -2198,7 +2215,7 @@ BigInteger q() const override { - RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bnq; RSA_get0_factors(rsa, nullptr, &bnq); return bn2bi(bnq); @@ -2206,7 +2223,7 @@ BigInteger d() const override { - RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); + const RSA * rsa = EVP_PKEY_get0_RSA(evp.pkey); const BIGNUM *bnd; RSA_get0_key(rsa, nullptr, nullptr, &bnd); return bn2bi(bnd); @@ -2259,14 +2276,47 @@ void run() override { - DSA * dsa = DSA_new(); + std::unique_ptr<DSA, decltype(DsaDeleter)> dsa(DSA_new(), DsaDeleter); BIGNUM *pne = bi2bn(domain.p()), *qne = bi2bn(domain.q()), *gne = bi2bn(domain.g()); - if (!DSA_set0_pqg(dsa, pne, qne, gne) || !DSA_generate_key(dsa)) { - DSA_free(dsa); + if (!DSA_set0_pqg(dsa.get(), pne, qne, gne)) { return; } - result = dsa; + if (!DSA_generate_key(dsa.get())) { + // OPENSSL_VERSION_MAJOR is only defined in openssl3 +#ifdef OPENSSL_VERSION_MAJOR + // HACK + // in openssl3 there is an internal flag for "legacy" values + // bits < 2048 && seed_len <= 20 + // set in ossl_ffc_params_FIPS186_2_generate (called by DSA_generate_parameters_ex) + // that we have no way to get or set, so if the bits are smaller than 2048 we generate + // a dsa from a dummy seed and then override the p/q/g with the ones we want + // so we can reuse the internal flag + if (BN_num_bits(pne) < 2048) { + int dummy; + dsa.reset(DSA_new()); + if (DSA_generate_parameters_ex( + dsa.get(), 512, (const unsigned char *)"THIS_IS_A_DUMMY_SEED", 20, &dummy, nullptr, nullptr) != + 1) { + return; + } + pne = bi2bn(domain.p()); + qne = bi2bn(domain.q()); + gne = bi2bn(domain.g()); + if (!DSA_set0_pqg(dsa.get(), pne, qne, gne)) { + return; + } + if (!DSA_generate_key(dsa.get())) { + return; + } + } else { + return; + } +#else + return; +#endif + } + result = dsa.release(); } DSA *takeResult() @@ -2339,7 +2389,7 @@ return; // extract the public key into DER format - DSA * dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey); + const DSA * dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey); int len = i2d_DSAPublicKey(dsa_pkey, nullptr); SecureArray result(len); unsigned char *p = (unsigned char *)result.data(); @@ -2463,7 +2513,7 @@ DLGroup domain() const override { - DSA * dsa = EVP_PKEY_get0_DSA(evp.pkey); + const DSA * dsa = EVP_PKEY_get0_DSA(evp.pkey); const BIGNUM *bnp, *bnq, *bng; DSA_get0_pqg(dsa, &bnp, &bnq, &bng); return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng)); @@ -2471,7 +2521,7 @@ BigInteger y() const override { - DSA * dsa = EVP_PKEY_get0_DSA(evp.pkey); + const DSA * dsa = EVP_PKEY_get0_DSA(evp.pkey); const BIGNUM *bnpub_key; DSA_get0_key(dsa, &bnpub_key, nullptr); return bn2bi(bnpub_key); @@ -2479,7 +2529,7 @@ BigInteger x() const override { - DSA * dsa = EVP_PKEY_get0_DSA(evp.pkey); + const DSA * dsa = EVP_PKEY_get0_DSA(evp.pkey); const BIGNUM *bnpriv_key; DSA_get0_key(dsa, nullptr, &bnpriv_key); return bn2bi(bnpriv_key); @@ -2609,7 +2659,7 @@ if (!sec) return; - DH * orig = EVP_PKEY_get0_DH(evp.pkey); + const DH * orig = EVP_PKEY_get0_DH(evp.pkey); DH * dh = DH_new(); const BIGNUM *bnp, *bng, *bnpub_key; DH_get0_pqg(orig, &bnp, nullptr, &bng); @@ -2632,13 +2682,13 @@ SymmetricKey deriveKey(const PKeyBase &theirs) override { - DH * dh = EVP_PKEY_get0_DH(evp.pkey); - DH * them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey); + const DH * dh = EVP_PKEY_get0_DH(evp.pkey); + const DH * them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey); const BIGNUM *bnpub_key; DH_get0_key(them, &bnpub_key, nullptr); SecureArray result(DH_size(dh)); - int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh); + int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, (DH *)dh); if (ret <= 0) return SymmetricKey(); result.resize(ret); @@ -2701,7 +2751,7 @@ DLGroup domain() const override { - DH * dh = EVP_PKEY_get0_DH(evp.pkey); + const DH * dh = EVP_PKEY_get0_DH(evp.pkey); const BIGNUM *bnp, *bng; DH_get0_pqg(dh, &bnp, nullptr, &bng); return DLGroup(bn2bi(bnp), bn2bi(bng)); @@ -2709,7 +2759,7 @@ BigInteger y() const override { - DH * dh = EVP_PKEY_get0_DH(evp.pkey); + const DH * dh = EVP_PKEY_get0_DH(evp.pkey); const BIGNUM *bnpub_key; DH_get0_key(dh, &bnpub_key, nullptr); return bn2bi(bnpub_key); @@ -2717,7 +2767,7 @@ BigInteger x() const override { - DH * dh = EVP_PKEY_get0_DH(evp.pkey); + const DH * dh = EVP_PKEY_get0_DH(evp.pkey); const BIGNUM *bnpriv_key; DH_get0_key(dh, nullptr, &bnpriv_key); return bn2bi(bnpriv_key); @@ -6566,6 +6616,22 @@ OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); +// OPENSSL_VERSION_MAJOR is only defined in openssl3 +#ifdef OPENSSL_VERSION_MAJOR + /* Load Multiple providers into the default (NULL) library context */ + OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy"); + if (legacy == NULL) { + printf("Failed to load Legacy provider\n"); + exit(EXIT_FAILURE); + } + OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(NULL, "default"); + if (deflt == NULL) { + printf("Failed to load Default provider\n"); + OSSL_PROVIDER_unload(legacy); + exit(EXIT_FAILURE); + } +#endif + // seed the RNG if it's not seeded yet if (RAND_status() == 0) { std::srand(time(nullptr)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qca-2.3.3/unittest/cipherunittest/cipherunittest.cpp new/qca-2.3.4/unittest/cipherunittest/cipherunittest.cpp --- old/qca-2.3.3/unittest/cipherunittest/cipherunittest.cpp 2021-06-01 15:59:35.000000000 +0200 +++ new/qca-2.3.4/unittest/cipherunittest/cipherunittest.cpp 2021-09-14 14:41:31.000000000 +0200 @@ -2574,7 +2574,7 @@ { bool anyProviderTested = false; foreach (const QString provider, providersToTest) { - if (!QCA::isSupported("des-cbc-pkcs7", provider)) { + if (QCA::isSupported("des-cbc-pkcs7", provider)) { anyProviderTested = true; QFETCH(QString, plainText); QFETCH(QString, cipherText);
