1 files changed, 0 insertions, 224 deletions
diff --git a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp b/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp
deleted file mode 100644
index aaf8741130..0000000000
--- a/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp
+++ /dev/null
@@ -1,224 +0,0 @@
-/****************************************************************************
-**
-** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk>
-** Copyright (C) 2016 Richard J. Moore <rich@kde.org>
-** Contact: https://www.qt.io/licensing/
-**
-** This file is part of the QtNetwork module of the Qt Toolkit.
-**
-** $QT_BEGIN_LICENSE:LGPL$
-** Commercial License Usage
-** Licensees holding valid commercial Qt licenses may use this file in
-** accordance with the commercial license agreement provided with the
-** Software or, alternatively, in accordance with the terms contained in
-** a written agreement between you and The Qt Company. For licensing terms
-** and conditions see https://www.qt.io/terms-conditions. For further
-** information use the contact form at https://www.qt.io/contact-us.
-**
-** GNU Lesser General Public License Usage
-** Alternatively, this file may be used under the terms of the GNU Lesser
-** General Public License version 3 as published by the Free Software
-** Foundation and appearing in the file LICENSE.LGPL3 included in the
-** packaging of this file. Please review the following information to
-** ensure the GNU Lesser General Public License version 3 requirements
-** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
-**
-** GNU General Public License Usage
-** Alternatively, this file may be used under the terms of the GNU
-** General Public License version 2.0 or (at your option) the GNU General
-** Public license version 3 or any later version approved by the KDE Free
-** Qt Foundation. The licenses are as published by the Free Software
-** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
-** included in the packaging of this file. Please review the following
-** information to ensure the GNU General Public License requirements will
-** be met: https://www.gnu.org/licenses/gpl-2.0.html and
-** https://www.gnu.org/licenses/gpl-3.0.html.
-**
-** $QT_END_LICENSE$
-**
-****************************************************************************/
-
-#include "qssldiffiehellmanparameters.h"
-#include "qssldiffiehellmanparameters_p.h"
-#include "qsslsocket_openssl_symbols_p.h"
-#include "qsslsocket.h"
-#include "qsslsocket_p.h"
-
-#include "private/qssl_p.h"
-
-#include <QtCore/qatomic.h>
-#include <QtCore/qbytearray.h>
-#include <QtCore/qiodevice.h>
-#include <QtCore/qscopeguard.h>
-#ifndef QT_NO_DEBUG_STREAM
-#include <QtCore/qdebug.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-QT_BEGIN_NAMESPACE
-
-#ifdef OPENSSL_NO_DEPRECATED_3_0
-
-static int q_DH_check(DH *dh, int *status)
-{
-    // DH_check was first deprecated in OpenSSL 3.0.0, as low-level
-    // API; the EVP_PKEY family of functions was advised as an alternative.
-    // As of now EVP_PKEY_params_check ends up calling ... DH_check,
-    // which is good enough.
-
-    Q_ASSERT(dh);
-    Q_ASSERT(status);
-
-    EVP_PKEY *key = q_EVP_PKEY_new();
-    if (!key) {
-        qCWarning(lcSsl, "EVP_PKEY_new failed");
-        QSslSocketBackendPrivate::logAndClearErrorQueue();
-        return 0;
-    }
-    const auto keyDeleter = qScopeGuard([key](){
-        q_EVP_PKEY_free(key);
-    });
-    if (!q_EVP_PKEY_set1_DH(key, dh)) {
-        qCWarning(lcSsl, "EVP_PKEY_set1_DH failed");
-        QSslSocketBackendPrivate::logAndClearErrorQueue();
-        return 0;
-    }
-
-    EVP_PKEY_CTX *keyCtx = q_EVP_PKEY_CTX_new(key, nullptr);
-    if (!keyCtx) {
-        qCWarning(lcSsl, "EVP_PKEY_CTX_new failed");
-        QSslSocketBackendPrivate::logAndClearErrorQueue();
-        return 0;
-    }
-    const auto ctxDeleter = qScopeGuard([keyCtx]{
-        q_EVP_PKEY_CTX_free(keyCtx);
-    });
-
-    const int result = q_EVP_PKEY_param_check(keyCtx);
-    QSslSocketBackendPrivate::logAndClearErrorQueue();
-    // Note: unlike DH_check, we cannot obtain the 'status',
-    // if the 'result' is 0 (actually the result is 1 only
-    // if this 'status' was 0). We could probably check the
-    // errors from the error queue, but it's not needed anyway
-    // - see the 'isSafeDH' below, how it returns immediately
-    // on 0.
-    Q_UNUSED(status)
-
-    return result;
-}
-#endif // OPENSSL_NO_DEPRECATED_3_0
-
-static bool isSafeDH(DH *dh)
-{
-    int status = 0;
-    int bad = 0;
-
-    QSslSocketPrivate::ensureInitialized();
-
-
-    // From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters:
-    //
-    //     The additional call to BN_mod_word(dh->p, 24)
-    //     (and unmasking of DH_NOT_SUITABLE_GENERATOR)
-    //     is performed to ensure your program accepts
-    //     IETF group parameters. OpenSSL checks the prime
-    //     is congruent to 11 when g = 2; while the IETF's
-    //     primes are congruent to 23 when g = 2.
-    //     Without the test, the IETF parameters would
-    //     fail validation. For details, see Diffie-Hellman
-    //     Parameter Check (when g = 2, must p mod 24 == 11?).
-    // Mark p < 1024 bits as unsafe.
-    if (q_DH_bits(dh) < 1024)
-        return false;
-
-    if (q_DH_check(dh, &status) != 1)
-        return false;
-
-    const BIGNUM *p = nullptr;
-    const BIGNUM *q = nullptr;
-    const BIGNUM *g = nullptr;
-    q_DH_get0_pqg(dh, &p, &q, &g);
-
-    if (q_BN_is_word(const_cast<BIGNUM *>(g), DH_GENERATOR_2)) {
-        const unsigned long residue = q_BN_mod_word(p, 24);
-        if (residue == 11 || residue == 23)
-            status &= ~DH_NOT_SUITABLE_GENERATOR;
-    }
-
-    bad |= DH_CHECK_P_NOT_PRIME;
-    bad |= DH_CHECK_P_NOT_SAFE_PRIME;
-    bad |= DH_NOT_SUITABLE_GENERATOR;
-
-    return !(status & bad);
-}
-
-void QSslDiffieHellmanParametersPrivate::decodeDer(const QByteArray &der)
-{
-    if (der.isEmpty()) {
-        error = QSslDiffieHellmanParameters::InvalidInputDataError;
-        return;
-    }
-
-    const unsigned char *data = reinterpret_cast<const unsigned char *>(der.data());
-    int len = der.size();
-
-    QSslSocketPrivate::ensureInitialized();
-
-    DH *dh = q_d2i_DHparams(nullptr, &data, len);
-    if (dh) {
-        if (isSafeDH(dh))
-            derData = der;
-        else
-            error =  QSslDiffieHellmanParameters::UnsafeParametersError;
-    } else {
-        error = QSslDiffieHellmanParameters::InvalidInputDataError;
-    }
-
-    q_DH_free(dh);
-}
-
-void QSslDiffieHellmanParametersPrivate::decodePem(const QByteArray &pem)
-{
-    if (pem.isEmpty()) {
-        error = QSslDiffieHellmanParameters::InvalidInputDataError;
-        return;
-    }
-
-    if (!QSslSocket::supportsSsl()) {
-        error = QSslDiffieHellmanParameters::InvalidInputDataError;
-        return;
-    }
-
-    QSslSocketPrivate::ensureInitialized();
-
-    BIO *bio = q_BIO_new_mem_buf(const_cast<char *>(pem.data()), pem.size());
-    if (!bio) {
-        error = QSslDiffieHellmanParameters::InvalidInputDataError;
-        return;
-    }
-
-    DH *dh = nullptr;
-    q_PEM_read_bio_DHparams(bio, &dh, nullptr, nullptr);
-
-    if (dh) {
-        if (isSafeDH(dh)) {
-            char *buf = nullptr;
-            int len = q_i2d_DHparams(dh, reinterpret_cast<unsigned char **>(&buf));
-            if (len > 0)
-                derData = QByteArray(buf, len);
-            else
-                error = QSslDiffieHellmanParameters::InvalidInputDataError;
-        } else {
-            error = QSslDiffieHellmanParameters::UnsafeParametersError;
-        }
-    } else {
-        error = QSslDiffieHellmanParameters::InvalidInputDataError;
-    }
-
-    q_DH_free(dh);
-    q_BIO_free(bio);
-}
-
-QT_END_NAMESPACE