Package: qtbase-opensource-src / 5.15.17+dfsg-1

openssl3.diff Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
Description: upstream fixes to support OpenSSL 3.0
Origin: upstream, commits
 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=3186ca3e3972cf46
 https://code.qt.io/cgit/qt/qtbase.git/commit/?id=408656c6f9de326c
Last-Update: 2023-10-17

--- a/src/network/ssl/qsslcontext_openssl.cpp
+++ b/src/network/ssl/qsslcontext_openssl.cpp
@@ -409,7 +409,7 @@ init_context:
         break;
     case QSsl::DtlsV1_0OrLater:
         minVersion = DTLS1_VERSION;
-        maxVersion = DTLS_MAX_VERSION;
+        maxVersion = 0;
         break;
     case QSsl::DtlsV1_2:
         minVersion = DTLS1_2_VERSION;
@@ -417,7 +417,7 @@ init_context:
         break;
     case QSsl::DtlsV1_2OrLater:
         minVersion = DTLS1_2_VERSION;
-        maxVersion = DTLS_MAX_VERSION;
+        maxVersion = 0;
         break;
     case QSsl::TlsV1_3OrLater:
 #ifdef TLS1_3_VERSION
--- a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp
+++ b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp
@@ -59,57 +59,6 @@
 
 QT_BEGIN_NAMESPACE
 
-#ifdef OPENSSL_NO_DEPRECATED_3_0
-
-static int q_DH_check(DH *dh, int *status)
-{
-    // DH_check was first deprecated in OpenSSL 3.0.0, as low-level
-    // API; the EVP_PKEY family of functions was advised as an alternative.
-    // As of now EVP_PKEY_params_check ends up calling ... DH_check,
-    // which is good enough.
-
-    Q_ASSERT(dh);
-    Q_ASSERT(status);
-
-    EVP_PKEY *key = q_EVP_PKEY_new();
-    if (!key) {
-        qCWarning(lcSsl, "EVP_PKEY_new failed");
-        QSslSocketBackendPrivate::logAndClearErrorQueue();
-        return 0;
-    }
-    const auto keyDeleter = qScopeGuard([key](){
-        q_EVP_PKEY_free(key);
-    });
-    if (!q_EVP_PKEY_set1_DH(key, dh)) {
-        qCWarning(lcSsl, "EVP_PKEY_set1_DH failed");
-        QSslSocketBackendPrivate::logAndClearErrorQueue();
-        return 0;
-    }
-
-    EVP_PKEY_CTX *keyCtx = q_EVP_PKEY_CTX_new(key, nullptr);
-    if (!keyCtx) {
-        qCWarning(lcSsl, "EVP_PKEY_CTX_new failed");
-        QSslSocketBackendPrivate::logAndClearErrorQueue();
-        return 0;
-    }
-    const auto ctxDeleter = qScopeGuard([keyCtx]{
-        q_EVP_PKEY_CTX_free(keyCtx);
-    });
-
-    const int result = q_EVP_PKEY_param_check(keyCtx);
-    QSslSocketBackendPrivate::logAndClearErrorQueue();
-    // Note: unlike DH_check, we cannot obtain the 'status',
-    // if the 'result' is 0 (actually the result is 1 only
-    // if this 'status' was 0). We could probably check the
-    // errors from the error queue, but it's not needed anyway
-    // - see the 'isSafeDH' below, how it returns immediately
-    // on 0.
-    Q_UNUSED(status)
-
-    return result;
-}
-#endif // OPENSSL_NO_DEPRECATED_3_0
-
 static bool isSafeDH(DH *dh)
 {
     int status = 0;
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -499,9 +499,7 @@ DEFINEFUNC(DH *, DH_new, DUMMYARG, DUMMY
 DEFINEFUNC(void, DH_free, DH *dh, dh, return, DUMMYARG)
 DEFINEFUNC3(DH *, d2i_DHparams, DH**a, a, const unsigned char **pp, pp, long length, length, return nullptr, return)
 DEFINEFUNC2(int, i2d_DHparams, DH *a, a, unsigned char **p, p, return -1, return)
-#ifndef OPENSSL_NO_DEPRECATED_3_0
 DEFINEFUNC2(int, DH_check, DH *dh, dh, int *codes, codes, return 0, return)
-#endif // OPENSSL_NO_DEPRECATED_3_0
 DEFINEFUNC3(BIGNUM *, BN_bin2bn, const unsigned char *s, s, int len, len, BIGNUM *ret, ret, return nullptr, return)
 
 #ifndef OPENSSL_NO_EC
@@ -1220,9 +1218,7 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(DH_free)
     RESOLVEFUNC(d2i_DHparams)
     RESOLVEFUNC(i2d_DHparams)
-#ifndef OPENSSL_NO_DEPRECATED_3_0
     RESOLVEFUNC(DH_check)
-#endif // OPENSSL_NO_DEPRECATED_3_0
     RESOLVEFUNC(BN_bin2bn)
 
 #ifndef OPENSSL_NO_EC
--- a/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ b/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -598,10 +598,7 @@ DH *q_DH_new();
 void q_DH_free(DH *dh);
 DH *q_d2i_DHparams(DH **a, const unsigned char **pp, long length);
 int q_i2d_DHparams(DH *a, unsigned char **p);
-
-#ifndef OPENSSL_NO_DEPRECATED_3_0
 int q_DH_check(DH *dh, int *codes);
-#endif // OPENSSL_NO_DEPRECATED_3_0
 
 BIGNUM *q_BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 #define q_SSL_CTX_set_tmp_dh(ctx, dh) q_SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TMP_DH, 0, (char *)dh)