wkhtmltopdf: convert to opaque ASN1_STRINGs

This const corrects the q_ version of ASN1_STRING_length(), replaces q_ASN1_STRING_data() with the _get0_ version, adds q_ASN1_STRING_type() and uses those accessors instead of manual accesses. Prompted by https://github.com/openssl/openssl/issues/29117
2026-06-17 23:13:55 +02:00 · 2025-12-05 13:34:42 +00:00
parent 4de43190a9
commit 0037de8a51
3 changed files with 100 additions and 17 deletions
@@ -1,6 +1,31 @@
 Index: qt/src/network/ssl/qsslcertificate.cpp
 --- qt/src/network/ssl/qsslcertificate.cpp.orig
 +++ qt/src/network/ssl/qsslcertificate.cpp
+@@ -278,11 +278,11 @@ QByteArray QSslCertificate::serialNumber() const
+     if (d->serialNumberString.isEmpty() && d->x509) {
+         ASN1_INTEGER *serialNumber = q_X509_get_serialNumber(d->x509);
+         // if we cannot convert to a long, just output the hexadecimal number
+-        if (serialNumber->length > 4) {
+        if (q_ASN1_STRING_length(serialNumber) > 4) {
+             QByteArray hexString;
+-            hexString.reserve(serialNumber->length * 3);
+-            for (int a = 0; a < serialNumber->length; ++a) {
+-                hexString += QByteArray::number(serialNumber->data[a], 16).rightJustified(2, '0');
+            hexString.reserve(q_ASN1_STRING_length(serialNumber) * 3);
+            for (int a = 0; a < q_ASN1_STRING_length(serialNumber); ++a) {
+                hexString += QByteArray::number(q_ASN1_STRING_get0_data(serialNumber)[a], 16).rightJustified(2, '0');
+                 hexString += ':';
+             }
+             hexString.chop(1);
+@@ -427,7 +427,7 @@ QMultiMap<QSsl::AlternateNameEntryType, QString> QSslC
+                 continue;
+             }
+ 
+-            const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));
+            const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_get0_data(genName->d.ia5));
+             const QString altName = QString::fromLatin1(altNameStr, len);
+             if (genName->type == GEN_DNS)
+                 result.insert(QSsl::DnsEntry, altName);
@@ -696,7 +696,7 @@ static QMap<QString, QString> _q_mapFromX509Name(X509_
         unsigned char *data = 0;
         int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e));
@@ -1,7 +1,19 @@
 Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
 --- qt/src/network/ssl/qsslsocket_openssl_symbols.cpp.orig
 +++ qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
-@@ -125,14 +125,10 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYA
+@@ -106,8 +106,9 @@ QT_BEGIN_NAMESPACE
+ DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return 0, return)
+ #endif
+ DEFINEFUNC(long, ASN1_INTEGER_get, ASN1_INTEGER *a, a, return 0, return)
+-DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return 0, return)
+-DEFINEFUNC(int, ASN1_STRING_length, ASN1_STRING *a, a, return 0, return)
+DEFINEFUNC(const unsigned char *, ASN1_STRING_get0_data, const ASN1_STRING *a, a, return 0, return)
+DEFINEFUNC(int, ASN1_STRING_length, const ASN1_STRING *a, a, return 0, return)
+DEFINEFUNC(int, ASN1_STRING_type, const ASN1_STRING *a, a, return 0, return)
+ DEFINEFUNC2(int, ASN1_STRING_to_UTF8, unsigned char **a, a, ASN1_STRING *b, b, return 0, return);
+ DEFINEFUNC4(long, BIO_ctrl, BIO *a, a, int b, b, long c, c, void *d, d, return -1, return)
+ DEFINEFUNC(int, BIO_free, BIO *a, a, return 0, return)
+@@ -125,14 +126,10 @@ DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYA
 #endif
 DEFINEFUNC3(int, BIO_write, BIO *a, a, const void *b, b, int c, c, return -1, return)
 DEFINEFUNC(int, BN_num_bits, const BIGNUM *a, a, return 0, return)
@@ -16,7 +28,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
 DEFINEFUNC(void, DSA_free, DSA *a, a, return, DUMMYARG)
 #if  OPENSSL_VERSION_NUMBER < 0x00908000L
 DEFINEFUNC3(X509 *, d2i_X509, X509 **a, a, unsigned char **b, b, long c, c, return 0, return)
-@@ -169,7 +165,6 @@ DEFINEFUNC2(int, PEM_write_bio_RSA_PUBKEY, BIO *a, a, 
+@@ -169,7 +166,6 @@ DEFINEFUNC2(int, PEM_write_bio_RSA_PUBKEY, BIO *a, a, 
 DEFINEFUNC2(void, RAND_seed, const void *a, a, int b, b, return, DUMMYARG)
 DEFINEFUNC(int, RAND_status, void, DUMMYARG, return -1, return)
 DEFINEFUNC(void, RSA_free, RSA *a, a, return, DUMMYARG)
@@ -24,7 +36,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
 DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return)
 DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG)
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
-@@ -179,12 +174,6 @@ DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, r
+@@ -179,12 +175,6 @@ DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, r
 DEFINEFUNC(void, sk_free, STACK *a, a, return, DUMMYARG)
 DEFINEFUNC2(char *, sk_value, STACK *a, a, int b, b, return 0, return)
 #endif
@@ -37,7 +49,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
 DEFINEFUNC(int, SSL_accept, SSL *a, a, return -1, return)
 DEFINEFUNC(int, SSL_clear, SSL *a, a, return -1, return)
 DEFINEFUNC3(char *, SSL_CIPHER_description, SSL_CIPHER *a, a, char *b, b, int c, c, return 0, return)
-@@ -236,7 +225,7 @@ DEFINEFUNC(long, SSL_get_verify_result, SSL *a, a, ret
+@@ -236,7 +226,7 @@ DEFINEFUNC(long, SSL_get_verify_result, SSL *a, a, ret
 DEFINEFUNC(int, SSL_library_init, void, DUMMYARG, return -1, return)
 DEFINEFUNC(void, SSL_load_error_strings, void, DUMMYARG, return, DUMMYARG)
 #else
@@ -46,7 +58,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
 #endif
 DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return 0, return)
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
-@@ -325,7 +314,7 @@ DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsi
+@@ -325,7 +315,7 @@ DEFINEFUNC3(DSA *, d2i_DSAPrivateKey, DSA **a, a, unsi
 DEFINEFUNC(void, OPENSSL_add_all_algorithms_noconf, void, DUMMYARG, return, DUMMYARG)
 DEFINEFUNC(void, OPENSSL_add_all_algorithms_conf, void, DUMMYARG, return, DUMMYARG)
 #else
@@ -55,7 +67,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
 #endif
 DEFINEFUNC3(int, SSL_CTX_load_verify_locations, SSL_CTX *ctx, ctx, const char *CAfile, CAfile, const char *CApath, CApath, return 0, return)
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-@@ -336,15 +325,12 @@ DEFINEFUNC(unsigned long, OpenSSL_version_num, void, D
+@@ -336,15 +326,12 @@ DEFINEFUNC(unsigned long, OpenSSL_version_num, void, D
 DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *ctx, ctx, return 0, return)
 
 DEFINEFUNC(ASN1_INTEGER *, X509_get_serialNumber, X509 *x, x, return 0, return)
@@ -71,7 +83,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 DEFINEFUNC(ASN1_TIME *, X509_get_notAfter, X509 *x, x, return 0, return)
 DEFINEFUNC(ASN1_TIME *, X509_get_notBefore, X509 *x, x, return 0, return)
-@@ -353,7 +339,6 @@ DEFINEFUNC(ASN1_TIME *, X509_getm_notAfter, X509 *x, x
+@@ -353,7 +340,6 @@ DEFINEFUNC(ASN1_TIME *, X509_getm_notAfter, X509 *x, x
 DEFINEFUNC(ASN1_TIME *, X509_getm_notBefore, X509 *x, x, return 0, return)
 #endif
 DEFINEFUNC4(void, DSA_get0_pqg, const DSA *d, d, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, return)
@@ -79,7 +91,18 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
 
 #ifdef Q_OS_SYMBIAN
 #define RESOLVEFUNC(func, ordinal, lib) \
-@@ -823,11 +808,9 @@ bool q_resolveOpenSslSymbols()
+@@ -811,8 +797,9 @@ bool q_resolveOpenSslSymbols()
+     RESOLVEFUNC(ASN1_dup)
+ #endif
+     RESOLVEFUNC(ASN1_INTEGER_get)
+-    RESOLVEFUNC(ASN1_STRING_data)
+    RESOLVEFUNC(ASN1_STRING_get0_data)
+     RESOLVEFUNC(ASN1_STRING_length)
+    RESOLVEFUNC(ASN1_STRING_type)
+     RESOLVEFUNC(ASN1_STRING_to_UTF8)
+     RESOLVEFUNC(BIO_ctrl)
+     RESOLVEFUNC(BIO_free)
+@@ -823,11 +810,9 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(BIO_write)
     RESOLVEFUNC(BN_num_bits)
     RESOLVEFUNC(CRYPTO_free)
@@ -91,7 +114,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
     RESOLVEFUNC(DSA_free)
     RESOLVEFUNC(ERR_error_string)
     RESOLVEFUNC(ERR_get_error)
-@@ -857,17 +840,10 @@ bool q_resolveOpenSslSymbols()
+@@ -857,17 +842,10 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(RAND_seed)
     RESOLVEFUNC(RAND_status)
     RESOLVEFUNC(RSA_free)
@@ -109,7 +132,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
     RESOLVEFUNC(SSL_CIPHER_description)
     RESOLVEFUNC(SSL_CTX_check_private_key)
     RESOLVEFUNC(SSL_CTX_ctrl)
-@@ -911,16 +887,13 @@ bool q_resolveOpenSslSymbols()
+@@ -911,16 +889,13 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(SSL_write)
 
     RESOLVEFUNC(X509_get_serialNumber)
@@ -126,7 +149,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
     RESOLVEFUNC(DSA_get0_pqg)
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
     RESOLVEFUNC(X509_get_notAfter)
-@@ -929,8 +902,6 @@ bool q_resolveOpenSslSymbols()
+@@ -929,8 +904,6 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(X509_getm_notAfter)
     RESOLVEFUNC(X509_getm_notBefore)
 #endif
@@ -135,3 +158,26 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols.cpp
 #ifndef OPENSSL_NO_SSL2
     RESOLVEFUNC(SSLv2_client_method)
 #endif
+@@ -1032,10 +1005,10 @@ bool q_resolveOpenSslSymbols()
+ //==============================================================================
+ QDateTime q_getTimeFromASN1(const ASN1_TIME *aTime)
+ {
+-    size_t lTimeLength = aTime->length;
+-    char *pString = (char *) aTime->data;
+    size_t lTimeLength = q_ASN1_STRING_length(aTime);
+    const char *pString = (const char *) q_ASN1_STRING_get0_data(aTime);
+ 
+-    if (aTime->type == V_ASN1_UTCTIME) {
+    if (q_ASN1_STRING_type(aTime) == V_ASN1_UTCTIME) {
+ 
+         char lBuffer[24];
+         char *pBuffer = lBuffer;
+@@ -1095,7 +1068,7 @@ QDateTime q_getTimeFromASN1(const ASN1_TIME *aTime)
+         result = result.addSecs(lSecondsFromUCT);
+         return result;
+ 
+-    } else if (aTime->type == V_ASN1_GENERALIZEDTIME) {
+    } else if (q_ASN1_STRING_type(aTime) == V_ASN1_GENERALIZEDTIME) {
+ 
+         if (lTimeLength < 15)
+             return QDateTime(); // hopefully never triggered
@@ -1,7 +1,19 @@
 Index: qt/src/network/ssl/qsslsocket_openssl_symbols_p.h
 --- qt/src/network/ssl/qsslsocket_openssl_symbols_p.h.orig
 +++ qt/src/network/ssl/qsslsocket_openssl_symbols_p.h
-@@ -221,17 +221,10 @@ const BIO_METHOD *q_BIO_s_mem();
+@@ -202,8 +202,9 @@ QT_BEGIN_NAMESPACE
+ 
+ bool q_resolveOpenSslSymbols();
+ long q_ASN1_INTEGER_get(ASN1_INTEGER *a);
+-unsigned char * q_ASN1_STRING_data(ASN1_STRING *a);
+-int q_ASN1_STRING_length(ASN1_STRING *a);
+const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *a);
+int q_ASN1_STRING_length(const ASN1_STRING *a);
+int q_ASN1_STRING_type(const ASN1_STRING *a);
+ int q_ASN1_STRING_to_UTF8(unsigned char **a, ASN1_STRING *b);
+ long q_BIO_ctrl(BIO *a, int b, long c, void *d);
+ int q_BIO_free(BIO *a);
+@@ -221,17 +222,10 @@ const BIO_METHOD *q_BIO_s_mem();
 #endif
 int q_BIO_write(BIO *a, const void *b, int c);
 int q_BN_num_bits(const BIGNUM *a);
@@ -19,7 +31,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols_p.h
 void q_DSA_free(DSA *a);
 #if OPENSSL_VERSION_NUMBER >= 0x00908000L
 // 0.9.8 broke SC and BC by changing this function's signature.
-@@ -273,7 +266,6 @@ int q_PEM_write_bio_RSA_PUBKEY(BIO *a, RSA *b);
+@@ -273,7 +267,6 @@ int q_PEM_write_bio_RSA_PUBKEY(BIO *a, RSA *b);
 void q_RAND_seed(const void *a, int b);
 int q_RAND_status();
 void q_RSA_free(RSA *a);
@@ -27,7 +39,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols_p.h
 int q_sk_num(STACK *a);
 void q_sk_pop_free(STACK *a, void (*b)(void *));
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
-@@ -283,16 +275,6 @@ void * q_sk_value(STACK *a, int b);
+@@ -283,16 +276,6 @@ void * q_sk_value(STACK *a, int b);
 void q_sk_free(STACK *a);
 char * q_sk_value(STACK *a, int b);
 #endif
@@ -44,7 +56,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols_p.h
 int q_SSL_accept(SSL *a);
 int q_SSL_clear(SSL *a);
 char *q_SSL_CIPHER_description(SSL_CIPHER *a, char *b, int c);
-@@ -344,7 +326,7 @@ long q_SSL_get_verify_result(SSL *a);
+@@ -344,7 +327,7 @@ long q_SSL_get_verify_result(SSL *a);
 int q_SSL_library_init();
 void q_SSL_load_error_strings();
 #else
@@ -53,7 +65,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols_p.h
 #define q_SSL_library_init() q_OPENSSL_init_ssl(0, NULL)
 #define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
 #endif
-@@ -446,24 +428,16 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, 
+@@ -446,24 +429,16 @@ DSA *q_d2i_DSAPrivateKey(DSA **a, unsigned char **pp, 
 		PEM_ASN1_write_bio((int (*)(void*, unsigned char**))q_i2d_DSAPrivateKey,PEM_STRING_DSA,\
 			bp,(char *)x,enc,kstr,klen,cb,u)
 #endif
@@ -78,7 +90,7 @@ Index: qt/src/network/ssl/qsslsocket_openssl_symbols_p.h
 
 #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st)
 #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i)
-@@ -499,7 +473,7 @@ ASN1_TIME *q_X509_getm_notBefore(X509 *x);
+@@ -499,7 +474,7 @@ ASN1_TIME *q_X509_getm_notBefore(X509 *x);
 void q_OPENSSL_add_all_algorithms_noconf();
 void q_OPENSSL_add_all_algorithms_conf();
 #else