| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have been using as default DH parameters the 1024-bit MODP group.
This is now considered insecure, and applications should use the
2048-bit at a minimum [1]. This commit therefore replaces the parameters
with the 2048-bit MODP group from [2].
To double check the data, use openssl asn1parse to verify that the prime
matches. For instance:
1) put the encoded string in a `encoded.txt` file (c&p from the source,
removing the double quotes)
2) put the hexadecimal value of the 2048-bit group in a `reference.txt`
file (c&p from [2])
3) compare the output of openssl asn1parse with the reference. For
instance like this:
$ diff <(openssl asn1parse < encoded.txt | grep -m 1 INTEGER | perl -pe 's/.*://; s/\n//') <(perl -0777 -pe 's/\s//g' reference.txt) && echo OK
OK
[1] https://datatracker.ietf.org/doc/html/rfc8247#section-2.4
[2] https://datatracker.ietf.org/doc/html/rfc3526#section-3
[ChangeLog][QtNetwork][QSslDiffieHellmanParameters] The default
Diffie-Hellman parameters are now using the 2048-bit MODP group from
RFC 3526.
Pick-to: 6.6 6.5 6.2 5.15
Change-Id: I47133cd78ba0e954b8f93a3da09fa2c760c9f7a8
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a combination of Q_UNREACHABLE() with a return statement.
ATM, the return statement is unconditionally included. If we notice
that some compilers warn about return after __builtin_unreachable(),
then we can map Q_UNREACHABLE_RETURN(...) to Q_UNREACHABLE() without
having to touch all the code that uses explicit Q_UNREACHABLE() +
return.
The fact that Boost has BOOST_UNREACHABLE_RETURN() indicates that
there are compilers that complain about a lack of return after
Q_UNREACHABLE (we know that MSVC, ICC, and GHS are among them), as
well as compilers that complained about a return being present
(Coverity). Take this opportunity to properly adapt to Coverity, by
leaving out the return statement on this compiler.
Apply the macro around the code base, using a clang-tidy transformer
rule:
const std::string unr = "unr", val = "val", ret = "ret";
auto makeUnreachableReturn = cat("Q_UNREACHABLE_RETURN(",
ifBound(val, cat(node(val)), cat("")),
")");
auto ignoringSwitchCases = [](auto stmt) {
return anyOf(stmt, switchCase(subStmt(stmt)));
};
makeRule(
stmt(ignoringSwitchCases(stmt(isExpandedFromMacro("Q_UNREACHABLE")).bind(unr)),
nextStmt(returnStmt(optionally(hasReturnValue(expr().bind(val)))).bind(ret))),
{changeTo(node(unr), cat(makeUnreachableReturn,
";")), // TODO: why is the ; lost w/o this?
changeTo(node(ret), cat(""))},
cat("use ", makeUnreachableReturn))
);
where nextStmt() is copied from some upstream clang-tidy check's
private implementation and subStmt() is a private matcher that gives
access to SwitchCase's SubStmt.
A.k.a. qt-use-unreachable-return.
There were some false positives, suppressed them with NOLINTNEXTLINE.
They're not really false positiives, it's just that Clang sees the
world in one way and if conditonal compilation (#if) differs for other
compilers, Clang doesn't know better. This is an artifact of matching
two consecutive statements.
I haven't figured out how to remove the empty line left by the
deletion of the return statement, if it, indeed, was on a separate
line, so post-processed the patch to remove all the lines matching
^\+ *$ from the diff:
git commit -am meep
git reset --hard HEAD^
git diff HEAD..HEAD@{1} | sed '/^\+ *$/d' | recountdiff - | patch -p1
[ChangeLog][QtCore][QtAssert] Added Q_UNREACHABLE_RETURN() macro.
Change-Id: I9782939f16091c964f25b7826e1c0dbd13a71305
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Task-number: QTBUG-67283
Change-Id: Id880c92784c40f3bbde861c0d93f58151c18b9f1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The corresponding API is becoming a part of QTlsBackend interface,
since it's too minimalistic and does not require additional
interfaces, unlike certificates or keys.
Fixes: QTBUG-91177
Fixes: QTBUG-91175
Task-number: QTBUG-65922
Change-Id: I44dd0adbdf2427962451998664efe234d59fae24
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit cdf4976b5a01bc5b65aed746acc9cc7f87b0fd97)
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Make them hidden friends, add a private isEqual helper where needed.
Adjust and add documentation.
Fixes: QTBUG-87976
Change-Id: If7c19eeab5be7452364eb76193981100f5516d6b
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is required, so that QHash and QSet can hold more
than 2^32 items on 64 bit platforms.
The actual hashing functions for strings are still 32bit, this will
be changed in a follow-up commit.
Change-Id: I4372125252486075ff3a0b45ecfa818359fe103b
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
|
| |
|
|
|
| |
Change-Id: I91ac9e714a465cab226b211812aa46e8fe5ff2ab
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
|
| |
|
|
|
|
|
| |
Replace null and '\c nullptr' with \nullptr in the documentation.
Change-Id: I58934eea06943309ba895833f1991629870ab45b
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
|
| |
|
|
|
|
|
|
| |
The class qualifier was missing in the \fn command for
the move copy constructor.
Change-Id: Ia3633efde155ed19ac8460d760a5248e52097ea1
Reviewed-by: Topi Reiniö <topi.reinio@qt.io>
|
| |
|
|
|
|
|
|
|
| |
Replace outdated LGPL21 with LGPL license header.
Use GPL-EXCEPT for all autotests.
Also use canonical contact url.
Change-Id: I6e5cc8a4285569c4f862730a980f492b8a933a72
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit simplifies defaultParameters() to simply construct an empty
QSslDiffieHellmanParameters and assigning the DER-form of the DH parameters
to QSslDiffieHellmanParametersPrivate's derData field.
This creates a valid QSslDiffieHellmanParameters instance, but skips any
potentially expensive verification steps.
The previous implementation of defaultParameters() would use the public
fromEncoded() method to construct an instance of the default parameters.
This triggers a verification of the passed-in data, which can be expensive.
To ensure our defaultParameters() QSslDiffieHellmanParameters instance does
pass verification, this commit adds an autotest to verify that.
Fixes QTBUG-57815.
Change-Id: I6b1d9dbbfde526b232c319195ddbad42326be27c
Task-number: QTBUG-57815
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- add missing \since 5.8 on free functions
- fix \relates of qHash to point to QSslDHP, not QHash, which is in another module
- API fix: use named instead of unnamed ctors
- share code between ctors
- API fix: add inline move ctor (for now, this requires using a naked d pointer,
which isn't much of a problem, since the class is immutable).
Change-Id: Ic30f9c3c03b8a3798e0676e38991ead85c587214
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
qtbase/src/corelib/tools/qstring.cpp:8341: warning: Unknown command '\length'
qtbase/src/corelib/tools/qstring.cpp:8354: warning: Unknown command '\length'
qtbase/src/corelib/tools/qstring.cpp:8366: warning: Unknown command '\length'
qtbase/src/corelib/doc/src/animation.qdoc:38: warning: Can't link to 'QAbstractAnimation::updateCurrentValue()'
qtbase/src/corelib/io/qdatastream.cpp:529: warning: Undocumented enum item 'Qt_5_8' in QDataStream::Version
qtbase/src/corelib/tools/qdatetime.cpp:4377: warning: No documentation for 'QDateTime::currentSecsSinceEpoch()'
qtbase/src/corelib/tools/qcommandlineoption.cpp:435: warning: Undocumented parameter 'flags' in QCommandLineOption::setFlags()
qtbase/src/network/ssl/qsslconfiguration.cpp:857: warning: Undocumented parameter 'dhparams' in QSslConfiguration::setDiffieHellmanParameters()
qtbase/src/network/ssl/qsslconfiguration.cpp:830: warning: Undocumented parameter 'hint' in QSslConfiguration::setPreSharedKeyIdentityHint()
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: No such enum item 'ErrorUnsafeParameters' in QSslDiffieHellmanParameters::Error
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: No such enum item 'ErrorInvalidInputData' in QSslDiffieHellmanParameters::Error
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: Undocumented enum item 'UnsafeParametersError' in QSslDiffieHellmanParameters::Error
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: Undocumented enum item 'NoError' in QSslDiffieHellmanParameters::Error
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:225: warning: Undocumented enum item 'InvalidInputDataError' in QSslDiffieHellmanParameters::Error
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:105: warning: Undocumented parameter 'encoding' in QSslDiffieHellmanParameters::QSslDiffieHellmanParameters()
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:129: warning: Undocumented parameter 'encoding' in QSslDiffieHellmanParameters::QSslDiffieHellmanParameters()
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:208: warning: Can't link to 'clear()'
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:277: warning: Undocumented parameter 'dhparam' in operator<<()
qtbase/src/network/ssl/qssldiffiehellmanparameters.cpp:277: warning: No such parameter 'dhparm' in operator<<()
qtbase/src/widgets/kernel/qapplication.cpp:999: warning: Cannot find 'QApplication::autoMaximizeThreshold' specified with '\property' in any header file
Change-Id: I4ac00f0fc0dbc4d421cf7c0273635d9681962645
Reviewed-by: Topi Reiniö <topi.reinio@theqtcompany.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
qssldiffiehellmanparameters.cpp:107: warning: Unknown command '\encoded'
qssldiffiehellmanparameters.cpp:131: warning: Unknown command '\device'
qssldiffiehellmanparameters.cpp:276: warning: Cannot find 'operator!=(...)'
in '\fn' bool QSslDiffieHellmanParameters::operator!=(const QSslDiffieHellmanParameters &other) const
Change-Id: Ieb0f27f0c01c799323f4b69b7f2474513c67d443
Reviewed-by: Venugopal Shivashankar <Venugopal.Shivashankar@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
|
|
Only the OpenSSL backend is supported right now.
[ChangeLog][QtNetwork][SSL/TLS support] It is now possible to
set custom Diffie-Hellman parameters for QSslSocket-based servers.
Change-Id: I50148873132cd0ec7e414250b107b6b4cbde02ea
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@theqtcompany.com>
|
