diff --git a/src/plugins/tls/openssl/qopenssl_p.h b/src/plugins/tls/openssl/qopenssl_p.h index 370b974630a..4250778d1fb 100644 --- a/src/plugins/tls/openssl/qopenssl_p.h +++ b/src/plugins/tls/openssl/qopenssl_p.h @@ -67,6 +67,8 @@ #include #include #include +#include + QT_BEGIN_NAMESPACE diff --git a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp index 5ce5f45a5b0..e05d4e532cd 100644 --- a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp +++ b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp @@ -115,10 +115,20 @@ bool QTlsBackendOpenSSL::ensureLibraryLoaded() // Initialize OpenSSL's random seed. if (!q_RAND_status()) { +#ifndef OPENSSL_NO_DEPRECATED_3_0 qWarning("Random number generator not seeded, disabling SSL support"); return false; - } - +#else + // If tpm2 is the default provider the seed is managed by the tpm + // the RAND_status return false. + // So, we check if the tpm2 provider is loaded because q_RAND_status returned false. + // If it is loaded then ignore the status + if (!OSSL_PROVIDER_available(NULL, "tpm2")) { + return false; + } +#endif + } + return true; }(); diff --git a/src/plugins/tls/openssl/qtlskey_openssl.cpp b/src/plugins/tls/openssl/qtlskey_openssl.cpp index 8f54fda7fa9..ad3235b02d1 100644 --- a/src/plugins/tls/openssl/qtlskey_openssl.cpp +++ b/src/plugins/tls/openssl/qtlskey_openssl.cpp @@ -220,9 +220,9 @@ Qt::HANDLE TlsKeyOpenSSL::handle() const return Qt::HANDLE(nullptr); } #else - qCWarning(lcTlsBackend, - "This version of OpenSSL disabled direct manipulation with RSA/DSA/DH/EC_KEY structures, consider using QSsl::Opaque instead."); - return Qt::HANDLE(nullptr); + /*qCWarning(lcTlsBackend, + "This version of OpenSSL disabled direct manipulation with RSA/DSA/DH/EC_KEY structures, consider using QSsl::Opaque instead.");*/ + return Qt::HANDLE(genericKey); #endif } @@ -321,6 +321,16 @@ QByteArray TlsKeyOpenSSL::toPem(const QByteArray &passPhrase) const } #ifndef OPENSSL_NO_EC } else if (algorithm() == QSsl::Ec) { +#ifdef OPENSSL_NO_DEPRECATED_3_0 + EVP_PKEY *result = genericKey; + if (type() == QSsl::PublicKey) { + if (!q_PEM_write_bio_PUBKEY(bio, result)) + fail = true; + } else if (!q_PEM_write_bio_PrivateKey(bio, result, cipher, (uchar *)passPhrase.data(), + passPhrase.size(), nullptr, nullptr)) { + fail = true; + } +#else if (type() == QSsl::PublicKey) { if (!write_pubkey(EC, ec)) fail = true; @@ -328,6 +338,7 @@ QByteArray TlsKeyOpenSSL::toPem(const QByteArray &passPhrase) const if (!write_privatekey(EC, ec)) fail = true; } +#endif #endif } else { fail = true;