From 90aefe0843a50aede26b8d411f46f3828dae25f1 Mon Sep 17 00:00:00 2001
From: Fredrik Orderud <fredrik.orderud@ge.com>
Date: Sun, 26 May 2019 22:14:45 +0200
Subject: [PATCH 1/4] Add quoting to deal with empty
 ${CMAKE_CXX_STANDARD_LIBRARIES}

Done to fix broken CMake WebAssembly support, where CMAKE_CXX_STANDARD_LIBRARIES
appear to be empty. The regression was introduced by
ba4fdd99fff80790f764ab1ac8addd699e3101e7.

This fixes the following CMake error on find_package(Qt ...):
string sub-command REGEX, mode REPLACE needs at least 6 arguments total to command.

Fixes: QTBUG-73475
Fixes: QTBUG-76244
Change-Id: Ieebe8cd1d49bb302dc37d8f118cc0b9376d6cdd7
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
---
 mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in
index 1c4994c30f..705e0a3c93 100644
--- a/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in
+++ b/mkspecs/features/data/cmake/Qt5BasicConfig.cmake.in
@@ -59,7 +59,7 @@ function(_qt5_$${CMAKE_MODULE_NAME}_process_prl_file prl_file_location Configura
         file(STRINGS \"${prl_file_location}\" _prl_strings REGEX \"QMAKE_PRL_LIBS[ \\t]*=\")
         string(REGEX REPLACE \"QMAKE_PRL_LIBS[ \\t]*=[ \\t]*([^\\n]*)\" \"\\\\1\" _static_depends ${_prl_strings})
         string(REGEX REPLACE \"[ \\t]+\" \";\" _static_depends ${_static_depends})
-        string(REGEX REPLACE \"[ \\t]+\" \";\" _standard_libraries ${CMAKE_CXX_STANDARD_LIBRARIES})
+        string(REGEX REPLACE \"[ \\t]+\" \";\" _standard_libraries \"${CMAKE_CXX_STANDARD_LIBRARIES}\")
         set(_search_paths)
         string(REPLACE \"\\$\\$[QT_INSTALL_LIBS]\" \"${_qt5_install_libs}\" _static_depends \"${_static_depends}\")
         foreach(_flag ${_static_depends})

From 2e7b7e4c90882cef50b293fe8048205a9ca7e5a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
Date: Thu, 13 Dec 2018 15:39:26 +0100
Subject: [PATCH 2/4] QSslSocket: add and set the TLSv1.3-specific PSK callback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If this callback is not set then OpenSSL will call the callback
used for <= TLS 1.2 unconditionally when connecting. If using PSK it
will call it again later once the preshared key is needed.
We don't currently handle the TLSv1.3 PSK, but we definitely should.
But for now we can work around it - when psk_use_session_callback is
called we simply change the PSK callback to a dummy function whose only
purpose is to restore the old callback.

This is mostly done to keep behavior the same as it is now for users
(and to keep our tests running).

Later we can add a new signal and handle this new feature properly.

Reviewed-by: Simo Fält <simo.falt@qt.io>
(cherry picked from commit d8efc8d718e3b3a0464f321e740541f5b221a5d6)

Task-number: QTBUG-67463
Change-Id: I4aca4ae73ec4be7c4f82a85e8864de103f35a834
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
---
 src/network/ssl/qsslsocket_openssl.cpp        | 56 +++++++++++++++++++
 .../ssl/qsslsocket_openssl11_symbols_p.h      |  6 ++
 .../ssl/qsslsocket_openssl_symbols.cpp        |  2 +
 .../network/ssl/qsslsocket/tst_qsslsocket.cpp | 12 +---
 4 files changed, 65 insertions(+), 11 deletions(-)

diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index c48cd42360..977d8a6742 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -137,6 +137,55 @@ static unsigned int q_ssl_psk_server_callback(SSL *ssl,
     Q_ASSERT(d);
     return d->tlsPskServerCallback(identity, psk, max_psk_len);
 }
+
+#ifdef TLS1_3_VERSION
+#ifndef OPENSSL_NO_PSK
+static unsigned int q_ssl_psk_restore_client(SSL *ssl,
+                                             const char *hint,
+                                             char *identity, unsigned int max_identity_len,
+                                             unsigned char *psk, unsigned int max_psk_len)
+{
+    Q_UNUSED(hint);
+    Q_UNUSED(identity);
+    Q_UNUSED(max_identity_len);
+    Q_UNUSED(psk);
+    Q_UNUSED(max_psk_len);
+
+#ifdef QT_DEBUG
+    QSslSocketBackendPrivate *d = reinterpret_cast<QSslSocketBackendPrivate *>(q_SSL_get_ex_data(ssl, QSslSocketBackendPrivate::s_indexForSSLExtraData));
+    Q_ASSERT(d);
+    Q_ASSERT(d->mode == QSslSocket::SslClientMode);
+#endif
+    q_SSL_set_psk_client_callback(ssl, &q_ssl_psk_client_callback);
+
+    return 0;
+}
+#endif // !OPENSSL_NO_PSK
+
+static int q_ssl_psk_use_session_callback(SSL *ssl, const EVP_MD *md, const unsigned char **id,
+                                          size_t *idlen, SSL_SESSION **sess)
+{
+    Q_UNUSED(ssl);
+    Q_UNUSED(md);
+    Q_UNUSED(id);
+    Q_UNUSED(idlen);
+    Q_UNUSED(sess);
+
+#ifndef OPENSSL_NO_PSK
+#ifdef QT_DEBUG
+    QSslSocketBackendPrivate *d = reinterpret_cast<QSslSocketBackendPrivate *>(q_SSL_get_ex_data(ssl, QSslSocketBackendPrivate::s_indexForSSLExtraData));
+    Q_ASSERT(d);
+    Q_ASSERT(d->mode == QSslSocket::SslClientMode);
+#endif
+
+    // Temporarily rebind the psk because it will be called next. The function will restore it.
+    q_SSL_set_psk_client_callback(ssl, &q_ssl_psk_restore_client);
+#endif
+
+    return 1; // need to return 1 or else "the connection setup fails."
+}
+#endif // TLS1_3_VERSION
+
 #endif
 
 #if QT_CONFIG(ocsp)
@@ -555,6 +604,13 @@ bool QSslSocketBackendPrivate::initSslContext()
             q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback);
     }
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x10101006L
+    // Set the client callback for TLSv1.3 PSK
+    if (mode == QSslSocket::SslClientMode
+        && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) {
+        q_SSL_set_psk_use_session_callback(ssl, &q_ssl_psk_use_session_callback);
+    }
+#endif // openssl version >= 0x10101006L
 
 #if QT_CONFIG(ocsp)
     if (configuration.ocspStaplingEnabled) {
diff --git a/src/network/ssl/qsslsocket_openssl11_symbols_p.h b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
index a44d00a830..d523a95750 100644
--- a/src/network/ssl/qsslsocket_openssl11_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl11_symbols_p.h
@@ -183,4 +183,10 @@ const OCSP_CERTID *q_OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x);
 #define q_SSL_CTX_set_max_proto_version(ctx, version) \
         q_SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, nullptr)
 
+extern "C" {
+typedef int (*q_SSL_psk_use_session_cb_func_t)(SSL *, const EVP_MD *, const unsigned char **, size_t *,
+                                               SSL_SESSION **);
+}
+void q_SSL_set_psk_use_session_callback(SSL *s, q_SSL_psk_use_session_cb_func_t);
+
 #endif
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index aa1dc681e0..93b54aaa67 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -163,6 +163,7 @@ DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
 DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
 #ifdef TLS1_3_VERSION
 DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
+DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
 #endif
 DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return)
 DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return)
@@ -967,6 +968,7 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(SSL_CTX_set_options)
 #ifdef TLS1_3_VERSION
     RESOLVEFUNC(SSL_CTX_set_ciphersuites)
+    RESOLVEFUNC(SSL_set_psk_use_session_callback)
 #endif // TLS 1.3 or OpenSSL > 1.1.1
     RESOLVEFUNC(SSL_get_client_random)
     RESOLVEFUNC(SSL_SESSION_get_master_key)
diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index 1c27901844..b4dc9bed33 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -3546,12 +3546,7 @@ protected:
         socket = new QSslSocket(this);
         socket->setSslConfiguration(config);
         socket->setPeerVerifyMode(peerVerifyMode);
-        if (QSslSocket::sslLibraryVersionNumber() > 0x10101000L) {
-            // FIXME. With OpenSSL 1.1.1 and TLS 1.3 PSK auto-test is broken.
-            socket->setProtocol(QSsl::TlsV1_2);
-        } else {
-            socket->setProtocol(protocol);
-        }
+        socket->setProtocol(protocol);
         if (ignoreSslErrors)
             connect(socket, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(ignoreErrorSlot()));
 
@@ -3895,11 +3890,6 @@ void tst_QSslSocket::pskServer()
         return;
 
     QSslSocket socket;
-#ifdef TLS1_3_VERSION
-    // FIXME: with OpenSSL 1.1.1 (thus TLS 1.3) test is known to fail
-    // due to the different PSK mechanism (?) - to be investigated ASAP.
-    socket.setProtocol(QSsl::TlsV1_2);
-#endif
     this->socket = &socket;
 
     QSignalSpy connectedSpy(&socket, SIGNAL(connected()));

From 2c5d21be436ad5f2549cb1a6f40b185e159812a4 Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Wed, 12 Jun 2019 15:29:09 +0200
Subject: [PATCH 3/4] H2 auto-test, degrage flowControlServerSide
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

our powerful VMs die/time out on 30 requests, use 10 only.

Change-Id: Ibf3ceedeac1839f9a88f88def844c7d61786b94f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 515c6e7639a7df647cfcc8b639e258864aaaa4af)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
---
 tests/auto/network/access/http2/tst_http2.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/auto/network/access/http2/tst_http2.cpp b/tests/auto/network/access/http2/tst_http2.cpp
index 53d0e7a694..e24370fc87 100644
--- a/tests/auto/network/access/http2/tst_http2.cpp
+++ b/tests/auto/network/access/http2/tst_http2.cpp
@@ -340,7 +340,7 @@ void tst_Http2::flowControlServerSide()
     clearHTTP2State();
 
     serverPort = 0;
-    nRequests = 30;
+    nRequests = 10;
 
     const Http2::RawSettings serverSettings = {{Settings::MAX_CONCURRENT_STREAMS_ID, 7}};
 

From fc9ae22c88dd085c7c31599037132fc756feeb04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= <marten.nordheim@qt.io>
Date: Mon, 11 Mar 2019 15:56:51 +0100
Subject: [PATCH 4/4] tst_qsslsocket: fix racy test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In this threaded setup the server can sometimes have the data before it
calls "waitForReadyRead", what happens then is that we fail the wait and
as a result the test fails overall.

Let's check if we actually got some data after all and then continue if
we did. Since both the client and the server currently wait the same
amount of time (2s) the max timeout for the client was increased by
0.5s so it has some time to notice that the server got the message.

Change-Id: Ib5915958853413047aa5a7574712585bcae28f79
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
(cherry picked from commit e79b1dcdf542be3a20d5c21ea163ff857ed875bf)
Reviewed-by: Simo Fält <simo.falt@qt.io>
(cherry picked from commit d53b8b77bc8de236e148ef2652806015a9a87e2b)

Change-Id: I2f6ffb8e0a9b4d591edb6925e48baffcefc14511
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
---
 tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
index b4dc9bed33..66475e55ad 100644
--- a/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
+++ b/tests/auto/network/ssl/qsslsocket/tst_qsslsocket.cpp
@@ -2096,7 +2096,7 @@ protected:
 
         // delayed reading data
         QTest::qSleep(100);
-        if (!socket->waitForReadyRead(2000))
+        if (!socket->waitForReadyRead(2000) && socket->bytesAvailable() == 0)
             return;             // error
         socket->readAll();
         dataReadSemaphore.release();
@@ -2167,7 +2167,7 @@ void tst_QSslSocket::waitForMinusOne()
     socket.write("How are you doing?");
     QVERIFY(socket.bytesToWrite() != 0);
     QVERIFY(socket.waitForBytesWritten(-1));
-    QVERIFY(server.dataReadSemaphore.tryAcquire(1, 2000));
+    QVERIFY(server.dataReadSemaphore.tryAcquire(1, 2500));
 
     // third verification: it should wait for 100 ms:
     QVERIFY(socket.waitForReadyRead(-1));