From 57a3efe10305f9ecd7c465be15a365727c79af97 Mon Sep 17 00:00:00 2001
From: mccarey <mccarey5@gmail.com>
Date: Tue, 11 Jul 2023 09:32:41 +0000
Subject: [PATCH 1/3] return genericKey in Handle method. This is required when
 using tpm2 through openssl-tpm2 provider

---
 src/plugins/tls/openssl/qtlskey_openssl.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/plugins/tls/openssl/qtlskey_openssl.cpp b/src/plugins/tls/openssl/qtlskey_openssl.cpp
index 8f54fda7fa9..9dcaf03f77d 100644
--- a/src/plugins/tls/openssl/qtlskey_openssl.cpp
+++ b/src/plugins/tls/openssl/qtlskey_openssl.cpp
@@ -220,9 +220,9 @@ Qt::HANDLE TlsKeyOpenSSL::handle() const
         return Qt::HANDLE(nullptr);
     }
 #else
-    qCWarning(lcTlsBackend,
-              "This version of OpenSSL disabled direct manipulation with RSA/DSA/DH/EC_KEY structures, consider using QSsl::Opaque instead.");
-    return Qt::HANDLE(nullptr);
+    /*qCWarning(lcTlsBackend,
+              "This version of OpenSSL disabled direct manipulation with RSA/DSA/DH/EC_KEY structures, consider using QSsl::Opaque instead.");*/
+    return Qt::HANDLE(genericKey);
 #endif
 }
 

From fe505fcd1d5cda5458b6d4f20966323bb8014b5b Mon Sep 17 00:00:00 2001
From: mccarey <mccarey5@gmail.com>
Date: Mon, 17 Jul 2023 10:07:33 +0000
Subject: [PATCH 2/3] ignore q_RAND_status value if tpm2 is loaded

---
 src/plugins/tls/openssl/qopenssl_p.h            |  2 ++
 src/plugins/tls/openssl/qtlsbackend_openssl.cpp | 14 ++++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/plugins/tls/openssl/qopenssl_p.h b/src/plugins/tls/openssl/qopenssl_p.h
index 370b974630a..4250778d1fb 100644
--- a/src/plugins/tls/openssl/qopenssl_p.h
+++ b/src/plugins/tls/openssl/qopenssl_p.h
@@ -67,6 +67,8 @@
 #include <openssl/crypto.h>
 #include <openssl/tls1.h>
 #include <openssl/dh.h>
+#include <openssl/provider.h>
+
 
 QT_BEGIN_NAMESPACE
 
diff --git a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp
index 5ce5f45a5b0..386aa1402a0 100644
--- a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp
+++ b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp
@@ -115,10 +115,20 @@ bool QTlsBackendOpenSSL::ensureLibraryLoaded()
 
         // Initialize OpenSSL's random seed.
         if (!q_RAND_status()) {
+#ifndef OPENSSL_NO_DEPRECATED_3_0
             qWarning("Random number generator not seeded, disabling SSL support");
             return false;
-        }
-
+#else
+	    // If tpm2 is the default provider the seed is managed by the tpm
+	    // the RAND_status return false.
+	    // So, we check if the tpm2 provider is loaded because returning false.
+	    // If it is loaded then ignore the status
+	    if (!OSSL_PROVIDER_available(NULL, "tpm2")) {
+		    return false;
+	    }
+#endif	    
+	}
+	    
         return true;
     }();
 

From 27de763ad8bd1519e20b028bb1bd779328dbaa19 Mon Sep 17 00:00:00 2001
From: mccarey <mccarey5@gmail.com>
Date: Mon, 24 Jul 2023 10:53:22 +0000
Subject: [PATCH 3/3] adapt toPem method to consider tpm

---
 src/plugins/tls/openssl/qtlsbackend_openssl.cpp |  2 +-
 src/plugins/tls/openssl/qtlskey_openssl.cpp     | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp
index 386aa1402a0..e05d4e532cd 100644
--- a/src/plugins/tls/openssl/qtlsbackend_openssl.cpp
+++ b/src/plugins/tls/openssl/qtlsbackend_openssl.cpp
@@ -121,7 +121,7 @@ bool QTlsBackendOpenSSL::ensureLibraryLoaded()
 #else
 	    // If tpm2 is the default provider the seed is managed by the tpm
 	    // the RAND_status return false.
-	    // So, we check if the tpm2 provider is loaded because returning false.
+	    // So, we check if the tpm2 provider is loaded because q_RAND_status returned false.
 	    // If it is loaded then ignore the status
 	    if (!OSSL_PROVIDER_available(NULL, "tpm2")) {
 		    return false;
diff --git a/src/plugins/tls/openssl/qtlskey_openssl.cpp b/src/plugins/tls/openssl/qtlskey_openssl.cpp
index 9dcaf03f77d..ad3235b02d1 100644
--- a/src/plugins/tls/openssl/qtlskey_openssl.cpp
+++ b/src/plugins/tls/openssl/qtlskey_openssl.cpp
@@ -321,6 +321,16 @@ QByteArray TlsKeyOpenSSL::toPem(const QByteArray &passPhrase) const
         }
 #ifndef OPENSSL_NO_EC
     } else if (algorithm() == QSsl::Ec) {
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+        EVP_PKEY *result = genericKey;
+	if (type() == QSsl::PublicKey) {
+            if (!q_PEM_write_bio_PUBKEY(bio, result))
+                fail = true;
+        } else if (!q_PEM_write_bio_PrivateKey(bio, result, cipher, (uchar *)passPhrase.data(),
+                                               passPhrase.size(), nullptr, nullptr)) {
+            fail = true;
+        }
+#else
         if (type() == QSsl::PublicKey) {
             if (!write_pubkey(EC, ec))
                 fail = true;
@@ -328,6 +338,7 @@ QByteArray TlsKeyOpenSSL::toPem(const QByteArray &passPhrase) const
             if (!write_privatekey(EC, ec))
                 fail = true;
         }
+#endif
 #endif
     } else {
         fail = true;