Date: Tue, 25 Dec 2018 17:15:33 +0000 (UTC) From: Adriaan de Groot <adridg@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r488331 - in head/net/qt5-network: . files Message-ID: <201812251715.wBPHFX39058787@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: adridg Date: Tue Dec 25 17:15:33 2018 New Revision: 488331 URL: https://svnweb.freebsd.org/changeset/ports/488331 Log: Update net/qt5-network to build against LibreSSL. Patches by Charlie Li / ml_vishwin, with explanation in the patches. Builds on 11.2 (ssl=unset, base, openssl) and 12.0 (ssl=unset, base, libressl). Tested with otter-browser on 12.0 (ssl=unset, libressl). PR: 234078 Submitted by: Charlie Li Reported by: W. Schwarzenfeld Differential Revision: https://reviews.freebsd.org/D18582 Added: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl11__symbols__p.h (contents, props changed) head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp (contents, props changed) head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h (contents, props changed) Modified: head/net/qt5-network/Makefile Modified: head/net/qt5-network/Makefile ============================================================================== --- head/net/qt5-network/Makefile Tue Dec 25 17:14:37 2018 (r488330) +++ head/net/qt5-network/Makefile Tue Dec 25 17:15:33 2018 (r488331) @@ -2,7 +2,7 @@ PORTNAME= network DISTVERSION= ${QT5_VERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= net ipv6 PKGNAMEPREFIX= qt5- Added: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl11__symbols__p.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl11__symbols__p.h Tue Dec 25 17:15:33 2018 (r488331) @@ -0,0 +1,71 @@ +For LibreSSL, redefine OPENSSL_STACK to use the native stack_st. +Also redefine DSA_bits() to a LibreSSL-native routine. + +Redefine SSL stack functions to their proper symbols in LibreSSL. + +--- src/network/ssl/qsslsocket_openssl11_symbols_p.h.orig 2018-12-03 11:15:26 UTC ++++ src/network/ssl/qsslsocket_openssl11_symbols_p.h +@@ -75,21 +75,49 @@ + #error "You are not supposed to use this header file, include qsslsocket_openssl_symbols_p.h instead" + #endif + ++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L ++// LibreSSL 2.7 has stack_st but not OPENSSL_STACK ++typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ ++// From the signature in LibreSSL ++#define OPENSSL_INIT_SETTINGS void ++// https://github.com/openssl/openssl/blob/master/include/openssl/x509_vfy.h#L63 ++typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); ++#endif ++ + const unsigned char * q_ASN1_STRING_get0_data(const ASN1_STRING *x); + + Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a); + Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); + ++#ifdef LIBRESSL_VERSION_NUMBER ++#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p) ++#else + int q_DSA_bits(DSA *a); ++#endif + int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); + int q_EVP_PKEY_base_id(EVP_PKEY *a); + int q_RSA_bits(RSA *a); ++#ifdef LIBRESSL_VERSION_NUMBER ++int q_sk_num(OPENSSL_STACK *a); ++void q_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); ++OPENSSL_STACK *q_sk_new_null(); ++void q_sk_push(OPENSSL_STACK *st, void *data); ++void q_sk_free(OPENSSL_STACK *a); ++void * q_sk_value(OPENSSL_STACK *a, int b); ++#define q_OPENSSL_sk_num(a) q_sk_num(a) ++#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b) ++#define q_OPENSSL_sk_new_null() q_sk_new_null() ++#define q_OPENSSL_sk_push(a, b) q_sk_push(a, b) ++#define q_OPENSSL_sk_free q_sk_free ++#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b) ++#else + int q_OPENSSL_sk_num(OPENSSL_STACK *a); + void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); + OPENSSL_STACK *q_OPENSSL_sk_new_null(); + void q_OPENSSL_sk_push(OPENSSL_STACK *st, void *data); + void q_OPENSSL_sk_free(OPENSSL_STACK *a); + void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); ++#endif + int q_SSL_session_reused(SSL *a); + unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); + int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +@@ -112,8 +140,13 @@ int q_DH_bits(DH *dh); + # define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) + ++#ifdef LIBRESSL_VERSION_NUMBER ++#define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_sk_num)(st) ++#define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_sk_value)(st, i) ++#else + #define q_SKM_sk_num(type, st) ((int (*)(const STACK_OF(type) *))q_OPENSSL_sk_num)(st) + #define q_SKM_sk_value(type, st,i) ((type * (*)(const STACK_OF(type) *, int))q_OPENSSL_sk_value)(st, i) ++#endif + + #define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ Added: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp Tue Dec 25 17:15:33 2018 (r488331) @@ -0,0 +1,106 @@ +Redefine SSL stack functions to their proper symbols in LibreSSL. +Also reference a redefined DSA_bits() that does not natively exist +in LibreSSL. + +Ensure that we link to the correct ssl library selected in +DEFAULT_VERSIONS. + +Do not define SSL_CONF_CTX symbols absent from LibreSSL. + +--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2018-12-03 11:15:26 UTC ++++ src/network/ssl/qsslsocket_openssl_symbols.cpp +@@ -152,6 +152,14 @@ DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, + DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) + DEFINEFUNC(int, EVP_PKEY_base_id, EVP_PKEY *a, a, return NID_undef, return) + DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) ++#ifdef LIBRESSL_VERSION_NUMBER ++DEFINEFUNC(int, sk_num, OPENSSL_STACK *a, a, return -1, return) ++DEFINEFUNC2(void, sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) ++DEFINEFUNC(OPENSSL_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) ++DEFINEFUNC2(void, sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) ++DEFINEFUNC(void, sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(void *, sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) ++#else + DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) + DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) + DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) +@@ -159,6 +167,7 @@ DEFINEFUNC(OPENSSL_STACK *, OPENSSL_sk_new_null, DUMMY + DEFINEFUNC2(void, OPENSSL_sk_push, OPENSSL_STACK *a, a, void *b, b, return, DUMMYARG) + DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG) + DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) ++#endif + DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) + DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) + #ifdef TLS1_3_VERSION +@@ -443,7 +452,7 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a + DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return) + DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return) + DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return) +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + DEFINEFUNC(SSL_CONF_CTX *, SSL_CONF_CTX_new, DUMMYARG, DUMMYARG, return nullptr, return); + DEFINEFUNC(void, SSL_CONF_CTX_free, SSL_CONF_CTX *a, a, return ,return); + DEFINEFUNC2(void, SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX *a, a, SSL_CTX *b, b, return, return); +@@ -846,8 +855,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl() + #endif + #if defined(SHLIB_VERSION_NUMBER) && !defined(Q_OS_QNX) // on QNX, the libs are always libssl.so and libcrypto.so + // first attempt: the canonical name is libssl.so.<SHLIB_VERSION_NUMBER> +- libssl->setFileNameAndVersion(QLatin1String("ssl"), QLatin1String(SHLIB_VERSION_NUMBER)); +- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), QLatin1String(SHLIB_VERSION_NUMBER)); ++ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), QLatin1String(SHLIB_VERSION_NUMBER)); ++ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), QLatin1String(SHLIB_VERSION_NUMBER)); + if (libcrypto->load() && libssl->load()) { + // libssl.so.<SHLIB_VERSION_NUMBER> and libcrypto.so.<SHLIB_VERSION_NUMBER> found + return pair; +@@ -876,8 +885,8 @@ static QPair<QLibrary*, QLibrary*> loadOpenSsl() + // macOS's /usr/lib/libssl.dylib, /usr/lib/libcrypto.dylib will be picked up in the third + // attempt, _after_ <bundle>/Contents/Frameworks has been searched. + // iOS does not ship a system libssl.dylib, libcrypto.dylib in the first place. +- libssl->setFileNameAndVersion(QLatin1String("ssl"), -1); +- libcrypto->setFileNameAndVersion(QLatin1String("crypto"), -1); ++ libssl->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libssl"), -1); ++ libcrypto->setFileNameAndVersion(QLatin1String("%%OPENSSLLIB%%/libcrypto"), -1); + if (libcrypto->load() && libssl->load()) { + // libssl.so.0 and libcrypto.so.0 found + return pair; +@@ -961,12 +970,21 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(EVP_CIPHER_CTX_reset) + RESOLVEFUNC(EVP_PKEY_base_id) + RESOLVEFUNC(RSA_bits) ++#ifdef LIBRESSL_VERSION_NUMBER ++ RESOLVEFUNC(sk_new_null) ++ RESOLVEFUNC(sk_push) ++ RESOLVEFUNC(sk_free) ++ RESOLVEFUNC(sk_num) ++ RESOLVEFUNC(sk_pop_free) ++ RESOLVEFUNC(sk_value) ++#else + RESOLVEFUNC(OPENSSL_sk_new_null) + RESOLVEFUNC(OPENSSL_sk_push) + RESOLVEFUNC(OPENSSL_sk_free) + RESOLVEFUNC(OPENSSL_sk_num) + RESOLVEFUNC(OPENSSL_sk_pop_free) + RESOLVEFUNC(OPENSSL_sk_value) ++#endif + RESOLVEFUNC(DH_get0_pqg) + RESOLVEFUNC(SSL_CTX_set_options) + #ifdef TLS1_3_VERSION +@@ -1001,7 +1019,9 @@ bool q_resolveOpenSslSymbols() + + RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint) + RESOLVEFUNC(DH_bits) ++#ifndef LIBRESSL_VERSION_NUMBER + RESOLVEFUNC(DSA_bits) ++#endif + + #if QT_CONFIG(dtls) + RESOLVEFUNC(DTLSv1_listen) +@@ -1237,7 +1257,7 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey) + RESOLVEFUNC(SSL_CTX_use_PrivateKey_file) + RESOLVEFUNC(SSL_CTX_get_cert_store); +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + RESOLVEFUNC(SSL_CONF_CTX_new); + RESOLVEFUNC(SSL_CONF_CTX_free); + RESOLVEFUNC(SSL_CONF_CTX_set_ssl_ctx); Added: head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h Tue Dec 25 17:15:33 2018 (r488331) @@ -0,0 +1,30 @@ +Define maximum TLS version as 1.2 so as to not hit any possibly +unsupported TLS 1.3 symbols. + +Also do not define SSL_CONF_CTX symbols absent from LibreSSL. + +--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2018-12-03 11:15:26 UTC ++++ src/network/ssl/qsslsocket_openssl_symbols_p.h +@@ -74,6 +74,13 @@ + + QT_BEGIN_NAMESPACE + ++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20700000L ++# define TLS1_2_VERSION 0x0303 ++# define TLS_MAX_VERSION TLS1_2_VERSION ++# define TLS_ANY_VERSION 0x10000 ++#endif ++ ++ + #define DUMMYARG + + #if !defined QT_LINKED_OPENSSL +@@ -359,7 +366,7 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b); + int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b); + int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c); + X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a); +-#if OPENSSL_VERSION_NUMBER >= 0x10002000L ++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CONF_CTX *q_SSL_CONF_CTX_new(); + void q_SSL_CONF_CTX_free(SSL_CONF_CTX *a); + void q_SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *a, SSL_CTX *b);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201812251715.wBPHFX39058787>