OpenSSL: move DH calls under OPENSSL_NO_DEPRECATED_3_0 guard

Initially, DH functions were deprecated, but when OpenSSL v3 was released,
they changed their mind (now they changed it again). OpenSSL must
be configured with 'no-deprecated'.

Pick-to: 6.6 6.5 6.2
Fixes: QTBUG-83733
Change-Id: I69f14929e91f5fc147f9297f6fff20674e81b6f1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>

2 files changed, 27 insertions, 14 deletions

diff --git a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
index 746a620d67..373f38a397 100644
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
@@ -1,4 +1,4 @@
-// Copyright (C) 2017 The Qt Company Ltd.
+// Copyright (C) 2017 The Qt Company Ltd.
 // Copyright (C) 2014 BlackBerry Limited. All rights reserved.
 // Copyright (C) 2016 Richard J. Moore <rich@kde.org>
 // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
@@ -159,7 +159,6 @@ DEFINEFUNC3(int, CRYPTO_memcmp, const void * in_a, in_a, const void * in_b, in_b
 DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return)
 DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return)
 DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return)
-DEFINEFUNC4(void, DH_get0_pqg, const DH *dh, dh, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, DUMMYARG)
 
 #if QT_CONFIG(dtls)
 DEFINEFUNC2(int, DTLSv1_listen, SSL *s, s, BIO_ADDR *c, c, return -1, return)
@@ -263,7 +262,6 @@ DEFINEFUNC4(int, OBJ_obj2txt, char *a, a, int b, b, ASN1_OBJECT *c, c, int d, d,
 DEFINEFUNC(int, OBJ_obj2nid, const ASN1_OBJECT *a, a, return NID_undef, return)
 DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PrivateKey, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
 
-DEFINEFUNC4(DH *, PEM_read_bio_DHparams, BIO *a, a, DH **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
 DEFINEFUNC7(int, PEM_write_bio_PrivateKey, BIO *a, a, EVP_PKEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return)
 DEFINEFUNC7(int, PEM_write_bio_PrivateKey_traditional, BIO *a, a, EVP_PKEY *b, b, const EVP_CIPHER *c, c, unsigned char *d, d, int e, e, pem_password_cb *f, f, void *g, g, return 0, return)
 DEFINEFUNC4(EVP_PKEY *, PEM_read_bio_PUBKEY, BIO *a, a, EVP_PKEY **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
@@ -429,13 +427,21 @@ DEFINEFUNC2(void *, BIO_get_ex_data, BIO *b, b, int idx, idx, return nullptr, re
 DEFINEFUNC3(int, BIO_set_ex_data, BIO *b, b, int idx, idx, void *data, data, return -1, return)
 
 DEFINEFUNC3(void *, CRYPTO_malloc, size_t num, num, const char *file, file, int line, line, return nullptr, return)
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 DEFINEFUNC(DH *, DH_new, DUMMYARG, DUMMYARG, return nullptr, return)
 DEFINEFUNC(void, DH_free, DH *dh, dh, return, DUMMYARG)
+DEFINEFUNC2(int, DH_check, DH *dh, dh, int *codes, codes, return 0, return)
+DEFINEFUNC4(void, DH_get0_pqg, const DH *dh, dh, const BIGNUM **p, p, const BIGNUM **q, q, const BIGNUM **g, g, return, DUMMYARG)
+
 DEFINEFUNC3(DH *, d2i_DHparams, DH**a, a, const unsigned char **pp, pp, long length, length, return nullptr, return)
 DEFINEFUNC2(int, i2d_DHparams, DH *a, a, unsigned char **p, p, return -1, return)
-DEFINEFUNC2(int, DH_check, DH *dh, dh, int *codes, codes, return 0, return)
+
+DEFINEFUNC4(DH *, PEM_read_bio_DHparams, BIO *a, a, DH **b, b, pem_password_cb *c, c, void *d, d, return nullptr, return)
+#endif
 DEFINEFUNC3(BIGNUM *, BN_bin2bn, const unsigned char *s, s, int len, len, BIGNUM *ret, ret, return nullptr, return)
 
+
 #ifndef OPENSSL_NO_EC
 DEFINEFUNC2(size_t, EC_get_builtin_curves, EC_builtin_curve * r, r, size_t nitems, nitems, return 0, return)
 DEFINEFUNC(int, EC_curve_nist2nid, const char *name, name, return 0, return)
@@ -856,7 +862,6 @@ bool q_resolveOpenSslSymbols()
         RESOLVEFUNC(OPENSSL_sk_num)
         RESOLVEFUNC(OPENSSL_sk_pop_free)
         RESOLVEFUNC(OPENSSL_sk_value)
-        RESOLVEFUNC(DH_get0_pqg)
         RESOLVEFUNC(SSL_CTX_set_options)
         RESOLVEFUNC(SSL_set_info_callback)
         RESOLVEFUNC(SSL_alert_type_string)
@@ -1015,7 +1020,6 @@ bool q_resolveOpenSslSymbols()
         RESOLVEFUNC(OBJ_obj2txt)
         RESOLVEFUNC(OBJ_obj2nid)
         RESOLVEFUNC(PEM_read_bio_PrivateKey)
-        RESOLVEFUNC(PEM_read_bio_DHparams)
         RESOLVEFUNC(PEM_write_bio_PrivateKey)
         RESOLVEFUNC(PEM_write_bio_PrivateKey_traditional)
         RESOLVEFUNC(PEM_read_bio_PUBKEY)
@@ -1066,6 +1070,16 @@ bool q_resolveOpenSslSymbols()
 #endif // OPENSSL_VERSION_MAJOR >= 3
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
+        RESOLVEFUNC(DH_new)
+        RESOLVEFUNC(DH_free)
+        RESOLVEFUNC(DH_check)
+        RESOLVEFUNC(DH_get0_pqg)
+
+        RESOLVEFUNC(d2i_DHparams)
+        RESOLVEFUNC(i2d_DHparams)
+
+        RESOLVEFUNC(PEM_read_bio_DHparams)
+
         RESOLVEFUNC(EVP_PKEY_assign)
         RESOLVEFUNC(EVP_PKEY_cmp)
 
@@ -1210,11 +1224,6 @@ bool q_resolveOpenSslSymbols()
 #endif // dtls
 
         RESOLVEFUNC(CRYPTO_malloc)
-        RESOLVEFUNC(DH_new)
-        RESOLVEFUNC(DH_free)
-        RESOLVEFUNC(d2i_DHparams)
-        RESOLVEFUNC(i2d_DHparams)
-        RESOLVEFUNC(DH_check)
         RESOLVEFUNC(BN_bin2bn)
 
 #ifndef OPENSSL_NO_EC
diff --git a/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h b/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
index d020527476..c954d17774 100644
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
@@ -233,7 +233,6 @@ void q_X509_STORE_set_verify_cb(X509_STORE *ctx, X509_STORE_CTX_verify_cb verify
 int q_X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
 void *q_X509_STORE_get_ex_data(X509_STORE *r, int idx);
 STACK_OF(X509) *q_X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
-void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
 
 # define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
                                                        | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
@@ -391,7 +390,6 @@ int q_OBJ_obj2nid(const ASN1_OBJECT *a);
 #define q_EVP_get_digestbynid(a) q_EVP_get_digestbyname(q_OBJ_nid2sn(a))
 EVP_PKEY *q_PEM_read_bio_PrivateKey(BIO *a, EVP_PKEY **b, pem_password_cb *c, void *d);
 
-DH *q_PEM_read_bio_DHparams(BIO *a, DH **b, pem_password_cb *c, void *d);
 int q_PEM_write_bio_PrivateKey(BIO *a, EVP_PKEY *b, const EVP_CIPHER *c, unsigned char *d,
                                int e, pem_password_cb *f, void *g);
 int q_PEM_write_bio_PrivateKey_traditional(BIO *a, EVP_PKEY *b, const EVP_CIPHER *c, unsigned char *d,
@@ -504,11 +502,17 @@ X509 *q_X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
 X509_STORE *q_X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
 
 // Diffie-Hellman support
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 DH *q_DH_new();
 void q_DH_free(DH *dh);
+int q_DH_check(DH *dh, int *codes);
+void q_DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+
 DH *q_d2i_DHparams(DH **a, const unsigned char **pp, long length);
 int q_i2d_DHparams(DH *a, unsigned char **p);
-int q_DH_check(DH *dh, int *codes);
+
+DH *q_PEM_read_bio_DHparams(BIO *a, DH **b, pem_password_cb *c, void *d);
+#endif // OPENSSL_NO_DEPRECATED_3_0
 
 BIGNUM *q_BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
 #define q_SSL_CTX_set_tmp_dh(ctx, dh) q_SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TMP_DH, 0, (char *)dh)