qt-everywhere-src-5.15.1/qtbase/src/network/ssl/qssldiffiehellmanparameters_openssl.cpp - orbit - Git at Google

 /****************************************************************************
 **
 ** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk>
 ** Copyright (C) 2016 Richard J. Moore <rich@kde.org>
 ** Contact: https://www.qt.io/licensing/
 **
 ** This file is part of the QtNetwork module of the Qt Toolkit.
 **
 ** $QT_BEGIN_LICENSE:LGPL$
 ** Commercial License Usage
 ** Licensees holding valid commercial Qt licenses may use this file in
 ** accordance with the commercial license agreement provided with the
 ** Software or, alternatively, in accordance with the terms contained in
 ** a written agreement between you and The Qt Company. For licensing terms
 ** and conditions see https://www.qt.io/terms-conditions. For further
 ** information use the contact form at https://www.qt.io/contact-us.
 **
 ** GNU Lesser General Public License Usage
 ** Alternatively, this file may be used under the terms of the GNU Lesser
 ** General Public License version 3 as published by the Free Software
 ** Foundation and appearing in the file LICENSE.LGPL3 included in the
 ** packaging of this file. Please review the following information to
 ** ensure the GNU Lesser General Public License version 3 requirements
 ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
 **
 ** GNU General Public License Usage
 ** Alternatively, this file may be used under the terms of the GNU
 ** General Public License version 2.0 or (at your option) the GNU General
 ** Public license version 3 or any later version approved by the KDE Free
 ** Qt Foundation. The licenses are as published by the Free Software
 ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
 ** included in the packaging of this file. Please review the following
 ** information to ensure the GNU General Public License requirements will
 ** be met: https://www.gnu.org/licenses/gpl-2.0.html and
 ** https://www.gnu.org/licenses/gpl-3.0.html.
 **
 ** $QT_END_LICENSE$
 **
 ****************************************************************************/

 #include "qssldiffiehellmanparameters.h"
 #include "qssldiffiehellmanparameters_p.h"
 #include "qsslsocket_openssl_symbols_p.h"
 #include "qsslsocket.h"
 #include "qsslsocket_p.h"

 #include "private/qssl_p.h"

 #include <QtCore/qatomic.h>
 #include <QtCore/qbytearray.h>
 #include <QtCore/qiodevice.h>
 #include <QtCore/qscopeguard.h>
 #ifndef QT_NO_DEBUG_STREAM
 #include <QtCore/qdebug.h>
 #endif

 #include <openssl/bn.h>
 #include <openssl/dh.h>

 QT_BEGIN_NAMESPACE

 #ifdef OPENSSL_NO_DEPRECATED_3_0

 static int q_DH_check(DH *dh, int *status)
 {
     // DH_check was first deprecated in OpenSSL 3.0.0, as low-level
     // API; the EVP_PKEY family of functions was advised as an alternative.
     // As of now EVP_PKEY_params_check ends up calling ... DH_check,
     // which is good enough.

     Q_ASSERT(dh);
     Q_ASSERT(status);

     EVP_PKEY *key = q_EVP_PKEY_new();
     if (!key) {
         qCWarning(lcSsl, "EVP_PKEY_new failed");
         QSslSocketBackendPrivate::logAndClearErrorQueue();
         return 0;
     }
     const auto keyDeleter = qScopeGuard([key](){
         q_EVP_PKEY_free(key);
     });
     if (!q_EVP_PKEY_set1_DH(key, dh)) {
         qCWarning(lcSsl, "EVP_PKEY_set1_DH failed");
         QSslSocketBackendPrivate::logAndClearErrorQueue();
         return 0;
     }

     EVP_PKEY_CTX *keyCtx = q_EVP_PKEY_CTX_new(key, nullptr);
     if (!keyCtx) {
         qCWarning(lcSsl, "EVP_PKEY_CTX_new failed");
         QSslSocketBackendPrivate::logAndClearErrorQueue();
         return 0;
     }
     const auto ctxDeleter = qScopeGuard([keyCtx]{
         q_EVP_PKEY_CTX_free(keyCtx);
     });

     const int result = q_EVP_PKEY_param_check(keyCtx);
     QSslSocketBackendPrivate::logAndClearErrorQueue();
     // Note: unlike DH_check, we cannot obtain the 'status',
     // if the 'result' is 0 (actually the result is 1 only
     // if this 'status' was 0). We could probably check the
     // errors from the error queue, but it's not needed anyway
     // - see the 'isSafeDH' below, how it returns immediately
     // on 0.
     Q_UNUSED(status)

     return result;
 }
 #endif // OPENSSL_NO_DEPRECATED_3_0

 static bool isSafeDH(DH *dh)
 {
     int status = 0;
     int bad = 0;

     QSslSocketPrivate::ensureInitialized();


     // From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters:
     //
     //     The additional call to BN_mod_word(dh->p, 24)
     //     (and unmasking of DH_NOT_SUITABLE_GENERATOR)
     //     is performed to ensure your program accepts
     //     IETF group parameters. OpenSSL checks the prime
     //     is congruent to 11 when g = 2; while the IETF's
     //     primes are congruent to 23 when g = 2.
     //     Without the test, the IETF parameters would
     //     fail validation. For details, see Diffie-Hellman
     //     Parameter Check (when g = 2, must p mod 24 == 11?).
     // Mark p < 1024 bits as unsafe.
     if (q_DH_bits(dh) < 1024)
         return false;

     if (q_DH_check(dh, &status) != 1)
         return false;

     const BIGNUM *p = nullptr;
     const BIGNUM *q = nullptr;
     const BIGNUM *g = nullptr;
     q_DH_get0_pqg(dh, &p, &q, &g);

     if (q_BN_is_word(const_cast<BIGNUM *>(g), DH_GENERATOR_2)) {
         const unsigned long residue = q_BN_mod_word(p, 24);
         if (residue == 11 || residue == 23)
             status &= ~DH_NOT_SUITABLE_GENERATOR;
     }

     bad |= DH_CHECK_P_NOT_PRIME;
     bad |= DH_CHECK_P_NOT_SAFE_PRIME;
     bad |= DH_NOT_SUITABLE_GENERATOR;

     return !(status & bad);
 }

 void QSslDiffieHellmanParametersPrivate::decodeDer(const QByteArray &der)
 {
     if (der.isEmpty()) {
         error = QSslDiffieHellmanParameters::InvalidInputDataError;
         return;
     }

     const unsigned char *data = reinterpret_cast<const unsigned char *>(der.data());
     int len = der.size();

     QSslSocketPrivate::ensureInitialized();

     DH *dh = q_d2i_DHparams(nullptr, &data, len);
     if (dh) {
         if (isSafeDH(dh))
             derData = der;
         else
             error =  QSslDiffieHellmanParameters::UnsafeParametersError;
     } else {
         error = QSslDiffieHellmanParameters::InvalidInputDataError;
     }

     q_DH_free(dh);
 }

 void QSslDiffieHellmanParametersPrivate::decodePem(const QByteArray &pem)
 {
     if (pem.isEmpty()) {
         error = QSslDiffieHellmanParameters::InvalidInputDataError;
         return;
     }

     if (!QSslSocket::supportsSsl()) {
         error = QSslDiffieHellmanParameters::InvalidInputDataError;
         return;
     }

     QSslSocketPrivate::ensureInitialized();

     BIO *bio = q_BIO_new_mem_buf(const_cast<char *>(pem.data()), pem.size());
     if (!bio) {
         error = QSslDiffieHellmanParameters::InvalidInputDataError;
         return;
     }

     DH *dh = nullptr;
     q_PEM_read_bio_DHparams(bio, &dh, nullptr, nullptr);

     if (dh) {
         if (isSafeDH(dh)) {
             char *buf = nullptr;
             int len = q_i2d_DHparams(dh, reinterpret_cast<unsigned char **>(&buf));
             if (len > 0)
                 derData = QByteArray(buf, len);
             else
                 error = QSslDiffieHellmanParameters::InvalidInputDataError;
         } else {
             error = QSslDiffieHellmanParameters::UnsafeParametersError;
         }
     } else {
         error = QSslDiffieHellmanParameters::InvalidInputDataError;
     }

     q_DH_free(dh);
     q_BIO_free(bio);
 }

 QT_END_NAMESPACE
	/****************************************************************************
	**
	** Copyright (C) 2015 Mikkel Krautz <mikkel@krautz.dk>
	** Copyright (C) 2016 Richard J. Moore <rich@kde.org>
	** Contact: https://www.qt.io/licensing/
	**
	** This file is part of the QtNetwork module of the Qt Toolkit.
	**
	** $QT_BEGIN_LICENSE:LGPL$
	** Commercial License Usage
	** Licensees holding valid commercial Qt licenses may use this file in
	** accordance with the commercial license agreement provided with the
	** Software or, alternatively, in accordance with the terms contained in
	** a written agreement between you and The Qt Company. For licensing terms
	** and conditions see https://www.qt.io/terms-conditions. For further
	** information use the contact form at https://www.qt.io/contact-us.
	**
	** GNU Lesser General Public License Usage
	** Alternatively, this file may be used under the terms of the GNU Lesser
	** General Public License version 3 as published by the Free Software
	** Foundation and appearing in the file LICENSE.LGPL3 included in the
	** packaging of this file. Please review the following information to
	** ensure the GNU Lesser General Public License version 3 requirements
	** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
	**
	** GNU General Public License Usage
	** Alternatively, this file may be used under the terms of the GNU
	** General Public License version 2.0 or (at your option) the GNU General
	** Public license version 3 or any later version approved by the KDE Free
	** Qt Foundation. The licenses are as published by the Free Software
	** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
	** included in the packaging of this file. Please review the following
	** information to ensure the GNU General Public License requirements will
	** be met: https://www.gnu.org/licenses/gpl-2.0.html and
	** https://www.gnu.org/licenses/gpl-3.0.html.
	**
	** $QT_END_LICENSE$
	**
	****************************************************************************/

	#include "qssldiffiehellmanparameters.h"
	#include "qssldiffiehellmanparameters_p.h"
	#include "qsslsocket_openssl_symbols_p.h"
	#include "qsslsocket.h"
	#include "qsslsocket_p.h"

	#include "private/qssl_p.h"

	#include <QtCore/qatomic.h>
	#include <QtCore/qbytearray.h>
	#include <QtCore/qiodevice.h>
	#include <QtCore/qscopeguard.h>
	#ifndef QT_NO_DEBUG_STREAM
	#include <QtCore/qdebug.h>
	#endif

	#include <openssl/bn.h>
	#include <openssl/dh.h>

	QT_BEGIN_NAMESPACE

	#ifdef OPENSSL_NO_DEPRECATED_3_0

	static int q_DH_check(DH dh, int status)
	{
	// DH_check was first deprecated in OpenSSL 3.0.0, as low-level
	// API; the EVP_PKEY family of functions was advised as an alternative.
	// As of now EVP_PKEY_params_check ends up calling ... DH_check,
	// which is good enough.

	Q_ASSERT(dh);
	Q_ASSERT(status);

	EVP_PKEY *key = q_EVP_PKEY_new();
	if (!key) {
	qCWarning(lcSsl, "EVP_PKEY_new failed");
	QSslSocketBackendPrivate::logAndClearErrorQueue();
	return 0;
	}
	const auto keyDeleter = qScopeGuard([key](){
	q_EVP_PKEY_free(key);
	});
	if (!q_EVP_PKEY_set1_DH(key, dh)) {
	qCWarning(lcSsl, "EVP_PKEY_set1_DH failed");
	QSslSocketBackendPrivate::logAndClearErrorQueue();
	return 0;
	}

	EVP_PKEY_CTX *keyCtx = q_EVP_PKEY_CTX_new(key, nullptr);
	if (!keyCtx) {
	qCWarning(lcSsl, "EVP_PKEY_CTX_new failed");
	QSslSocketBackendPrivate::logAndClearErrorQueue();
	return 0;
	}
	const auto ctxDeleter = qScopeGuard([keyCtx]{
	q_EVP_PKEY_CTX_free(keyCtx);
	});

	const int result = q_EVP_PKEY_param_check(keyCtx);
	QSslSocketBackendPrivate::logAndClearErrorQueue();
	// Note: unlike DH_check, we cannot obtain the 'status',
	// if the 'result' is 0 (actually the result is 1 only
	// if this 'status' was 0). We could probably check the
	// errors from the error queue, but it's not needed anyway
	// - see the 'isSafeDH' below, how it returns immediately
	// on 0.
	Q_UNUSED(status)

	return result;
	}
	#endif // OPENSSL_NO_DEPRECATED_3_0

	static bool isSafeDH(DH *dh)
	{
	int status = 0;
	int bad = 0;

	QSslSocketPrivate::ensureInitialized();


	// From https://wiki.openssl.org/index.php/Diffie-Hellman_parameters:
	//
	// The additional call to BN_mod_word(dh->p, 24)
	// (and unmasking of DH_NOT_SUITABLE_GENERATOR)
	// is performed to ensure your program accepts
	// IETF group parameters. OpenSSL checks the prime
	// is congruent to 11 when g = 2; while the IETF's
	// primes are congruent to 23 when g = 2.
	// Without the test, the IETF parameters would
	// fail validation. For details, see Diffie-Hellman
	// Parameter Check (when g = 2, must p mod 24 == 11?).
	// Mark p < 1024 bits as unsafe.
	if (q_DH_bits(dh) < 1024)
	return false;

	if (q_DH_check(dh, &status) != 1)
	return false;

	const BIGNUM *p = nullptr;
	const BIGNUM *q = nullptr;
	const BIGNUM *g = nullptr;
	q_DH_get0_pqg(dh, &p, &q, &g);

	if (q_BN_is_word(const_cast<BIGNUM *>(g), DH_GENERATOR_2)) {
	const unsigned long residue = q_BN_mod_word(p, 24);
	if (residue == 11 \|\| residue == 23)
	status &= ~DH_NOT_SUITABLE_GENERATOR;
	}

	bad \|= DH_CHECK_P_NOT_PRIME;
	bad \|= DH_CHECK_P_NOT_SAFE_PRIME;
	bad \|= DH_NOT_SUITABLE_GENERATOR;

	return !(status & bad);
	}

	void QSslDiffieHellmanParametersPrivate::decodeDer(const QByteArray &der)
	{
	if (der.isEmpty()) {
	error = QSslDiffieHellmanParameters::InvalidInputDataError;
	return;
	}

	const unsigned char data = reinterpret_cast<const unsigned char >(der.data());
	int len = der.size();

	QSslSocketPrivate::ensureInitialized();

	DH *dh = q_d2i_DHparams(nullptr, &data, len);
	if (dh) {
	if (isSafeDH(dh))
	derData = der;
	else
	error = QSslDiffieHellmanParameters::UnsafeParametersError;
	} else {
	error = QSslDiffieHellmanParameters::InvalidInputDataError;
	}

	q_DH_free(dh);
	}

	void QSslDiffieHellmanParametersPrivate::decodePem(const QByteArray &pem)
	{
	if (pem.isEmpty()) {
	error = QSslDiffieHellmanParameters::InvalidInputDataError;
	return;
	}

	if (!QSslSocket::supportsSsl()) {
	error = QSslDiffieHellmanParameters::InvalidInputDataError;
	return;
	}

	QSslSocketPrivate::ensureInitialized();

	BIO bio = q_BIO_new_mem_buf(const_cast<char >(pem.data()), pem.size());
	if (!bio) {
	error = QSslDiffieHellmanParameters::InvalidInputDataError;
	return;
	}

	DH *dh = nullptr;
	q_PEM_read_bio_DHparams(bio, &dh, nullptr, nullptr);

	if (dh) {
	if (isSafeDH(dh)) {
	char *buf = nullptr;
	int len = q_i2d_DHparams(dh, reinterpret_cast<unsigned char **>(&buf));
	if (len > 0)
	derData = QByteArray(buf, len);
	else
	error = QSslDiffieHellmanParameters::InvalidInputDataError;
	} else {
	error = QSslDiffieHellmanParameters::UnsafeParametersError;
	}
	} else {
	error = QSslDiffieHellmanParameters::InvalidInputDataError;
	}

	q_DH_free(dh);
	q_BIO_free(bio);
	}

	QT_END_NAMESPACE