Date: Wed, 10 Feb 2021 10:46:36 +0000 (UTC) From: Adriaan de Groot <adridg@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r564849 - in head/devel/qca: . files Message-ID: <202102101046.11AAka3g007340@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: adridg Date: Wed Feb 10 10:46:35 2021 New Revision: 564849 URL: https://svnweb.freebsd.org/changeset/ports/564849 Log: Update devel/qca to latest upstream release QCA is the Qt Cryptographic Architecture - straightforward cross- platform crypto API. This release has: * Add macOS framework major version * qca-gcrypt: Add support for HKDF * Minimum Qt updated to 5.9 * Fixed compilation with gcc 11 While updating, I have added the patch for LibreSSL compatibility (and tried to upsteam it). The patch comes via Gentoo and OpenBSD and has been adjusted by lbartoletti@ and tjlegg@gmail.com and myself, so I'm filling in something generic-ish in "Obtained from" since it is collaborative. The PR: entry is for this patch, not for the update to the recent release. PR: 248590 Reported by: portscout, tjlegg@gmail.com Obtained from: Gentoo/OpenBSD Modified: head/devel/qca/Makefile head/devel/qca/distinfo head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp Modified: head/devel/qca/Makefile ============================================================================== --- head/devel/qca/Makefile Wed Feb 10 09:57:19 2021 (r564848) +++ head/devel/qca/Makefile Wed Feb 10 10:46:35 2021 (r564849) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= qca -DISTVERSION= 2.3.1 -PORTREVISION= 1 +DISTVERSION= 2.3.2 CATEGORIES= devel MASTER_SITES= KDE/stable/qca/${PORTVERSION} PKGNAMESUFFIX= -qt5 Modified: head/devel/qca/distinfo ============================================================================== --- head/devel/qca/distinfo Wed Feb 10 09:57:19 2021 (r564848) +++ head/devel/qca/distinfo Wed Feb 10 10:46:35 2021 (r564849) @@ -1,3 +1,3 @@ -TIMESTAMP = 1596038214 -SHA256 (qca-2.3.1.tar.xz) = c13851109abefc4623370989fae3a745bf6b1acb3c2a13a8958539823e974e4b -SIZE (qca-2.3.1.tar.xz) = 725984 +TIMESTAMP = 1612914386 +SHA256 (qca-2.3.2.tar.xz) = 4697600237c4bc3a979e87d2cc80624f27b06280e635f5d90ec7dd4d2a9f606d +SIZE (qca-2.3.2.tar.xz) = 735500 Modified: head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp ============================================================================== --- head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp Wed Feb 10 09:57:19 2021 (r564848) +++ head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp Wed Feb 10 10:46:35 2021 (r564849) @@ -1,58 +1,94 @@ ---- plugins/qca-ossl/qca-ossl.cpp.orig 2020-02-25 09:08:01 UTC +Patch from OpenBSD rsadowski@ + +LibreSSL 3.0.x support from Stefan Strogin <steils@gentoo.org> + +Index: plugins/qca-ossl/qca-ossl.cpp +--- plugins/qca-ossl/qca-ossl.cpp.orig 2021-02-04 10:29:44 UTC +++ plugins/qca-ossl/qca-ossl.cpp -@@ -43,6 +43,10 @@ +@@ -41,7 +41,13 @@ + #include <openssl/ssl.h> + #include <openssl/x509v3.h> - #include <openssl/kdf.h> - +#ifndef RSA_F_RSA_OSSL_PRIVATE_DECRYPT +#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT RSA_F_RSA_EAY_PRIVATE_DECRYPT +#endif + ++#ifndef LIBRESSL_VERSION_NUMBER + #include <openssl/kdf.h> ++#endif + using namespace QCA; - namespace opensslQCAPlugin { -@@ -1272,6 +1276,7 @@ class opensslHkdfContext : public HKDFContext (public) - const InitializationVector &info, unsigned int keyLength) override - { - SecureArray out(keyLength); -+#ifdef EVP_PKEY_HKDF - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr); - EVP_PKEY_derive_init(pctx); - EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()); -@@ -1281,6 +1286,36 @@ class opensslHkdfContext : public HKDFContext (public) - size_t outlen = out.size(); - EVP_PKEY_derive(pctx, reinterpret_cast<unsigned char*>(out.data()), &outlen); - EVP_PKEY_CTX_free(pctx); +@@ -1239,6 +1245,7 @@ class opensslPbkdf2Context : public KDFContext (public + protected: + }; + ++#ifndef LIBRESSL_VERSION_NUMBER + class opensslHkdfContext : public HKDFContext + { + Q_OBJECT +@@ -1271,6 +1278,7 @@ class opensslHkdfContext : public HKDFContext (public) + return out; + } + }; ++#endif // LIBRESSL_VERSION_NUMBER + + class opensslHMACContext : public MACContext + { +@@ -4951,7 +4959,11 @@ class MyTLSContext : public TLSContext (public) + case TLS::TLS_v1: + ctx = SSL_CTX_new(TLS_client_method()); + SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); ++#ifdef TLS1_3_VERSION + SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); +#else -+ unsigned char prk[EVP_MAX_MD_SIZE]; -+ unsigned char *ret; -+ unsigned int prk_len; -+ HMAC(EVP_sha256(), salt.data(), salt.size(), reinterpret_cast<const unsigned char*>(secret.data()), secret.size(), prk, &prk_len); -+ HMAC_CTX hmac; -+ unsigned char prev[EVP_MAX_MD_SIZE]; -+ size_t done_len = 0; -+ size_t dig_len = EVP_MD_size(EVP_sha256()); -+ size_t n = out.size() / dig_len; -+ if (out.size() % dig_len) ++n; -+ HMAC_CTX_init(&hmac); -+ HMAC_Init_ex(&hmac, prk, prk_len, EVP_sha256(), nullptr); -+ for (unsigned int i = 1; i <= n; ++i) { -+ const unsigned char ctr = i; -+ if (i > 1) { -+ HMAC_Init_ex(&hmac, nullptr, 0, nullptr, nullptr); -+ HMAC_Update(&hmac, prev, dig_len); -+ } -+ HMAC_Update(&hmac, reinterpret_cast<const unsigned char*>(info.data()), info.size()); -+ HMAC_Update(&hmac, &ctr, 1); -+ HMAC_Final(&hmac, prev, nullptr); -+ size_t copy_len = (done_len + dig_len > out.size()) ? -+ out.size() - done_len : dig_len; -+ memcpy(reinterpret_cast<unsigned char *>(out.data()) + done_len, prev, copy_len); -+ done_len += copy_len; -+ } -+ HMAC_CTX_cleanup(&hmac); -+ OPENSSL_cleanse(prk, sizeof prk); ++ SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION); +#endif - return out; - } - }; + break; + case TLS::DTLS_v1: + default: +@@ -4972,7 +4984,11 @@ class MyTLSContext : public TLSContext (public) + QStringList cipherList; + for (int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { + const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i); ++#ifndef LIBRESSL_VERSION_NUMBER + cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher)); ++#else ++ cipherList += QString::fromLatin1(SSL_CIPHER_get_name(thisCipher)); ++#endif + } + sk_SSL_CIPHER_free(sk); + +@@ -5345,7 +5361,11 @@ class MyTLSContext : public TLSContext (public) + sessInfo.version = TLS::TLS_v1; + } + ++#ifndef LIBRESSL_VERSION_NUMBER + sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))); ++#else ++ sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))); ++#endif + + sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits)); + +@@ -6629,7 +6649,9 @@ class opensslProvider : public Provider (public) + #endif + list += QStringLiteral("pbkdf1(sha1)"); + list += QStringLiteral("pbkdf2(sha1)"); ++#ifndef LIBRESSL_VERSION_NUMBER + list += QStringLiteral("hkdf(sha256)"); ++#endif + list += QStringLiteral("pkey"); + list += QStringLiteral("dlgroup"); + list += QStringLiteral("rsa"); +@@ -6698,8 +6720,10 @@ class opensslProvider : public Provider (public) + #endif + else if (type == QLatin1String("pbkdf2(sha1)")) + return new opensslPbkdf2Context(this, type); ++#ifndef LIBRESSL_VERSION_NUMBER + else if (type == QLatin1String("hkdf(sha256)")) + return new opensslHkdfContext(this, type); ++#endif + else if (type == QLatin1String("hmac(md5)")) + return new opensslHMACContext(EVP_md5(), this, type); + else if (type == QLatin1String("hmac(sha1)"))
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102101046.11AAka3g007340>