From owner-svn-ports-head@freebsd.org Wed Feb 10 10:46:36 2021 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DCEBE54262B; Wed, 10 Feb 2021 10:46:36 +0000 (UTC) (envelope-from adridg@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DbGf45vklz3nL1; Wed, 10 Feb 2021 10:46:36 +0000 (UTC) (envelope-from adridg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BDA191C980; Wed, 10 Feb 2021 10:46:36 +0000 (UTC) (envelope-from adridg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 11AAkawg007344; Wed, 10 Feb 2021 10:46:36 GMT (envelope-from adridg@FreeBSD.org) Received: (from adridg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 11AAka3g007340; Wed, 10 Feb 2021 10:46:36 GMT (envelope-from adridg@FreeBSD.org) Message-Id: <202102101046.11AAka3g007340@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: adridg set sender to adridg@FreeBSD.org using -f From: Adriaan de Groot Date: Wed, 10 Feb 2021 10:46:36 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r564849 - in head/devel/qca: . files X-SVN-Group: ports-head X-SVN-Commit-Author: adridg X-SVN-Commit-Paths: in head/devel/qca: . files X-SVN-Commit-Revision: 564849 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2021 10:46:36 -0000 Author: adridg Date: Wed Feb 10 10:46:35 2021 New Revision: 564849 URL: https://svnweb.freebsd.org/changeset/ports/564849 Log: Update devel/qca to latest upstream release QCA is the Qt Cryptographic Architecture - straightforward cross- platform crypto API. This release has: * Add macOS framework major version * qca-gcrypt: Add support for HKDF * Minimum Qt updated to 5.9 * Fixed compilation with gcc 11 While updating, I have added the patch for LibreSSL compatibility (and tried to upsteam it). The patch comes via Gentoo and OpenBSD and has been adjusted by lbartoletti@ and tjlegg@gmail.com and myself, so I'm filling in something generic-ish in "Obtained from" since it is collaborative. The PR: entry is for this patch, not for the update to the recent release. PR: 248590 Reported by: portscout, tjlegg@gmail.com Obtained from: Gentoo/OpenBSD Modified: head/devel/qca/Makefile head/devel/qca/distinfo head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp Modified: head/devel/qca/Makefile ============================================================================== --- head/devel/qca/Makefile Wed Feb 10 09:57:19 2021 (r564848) +++ head/devel/qca/Makefile Wed Feb 10 10:46:35 2021 (r564849) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= qca -DISTVERSION= 2.3.1 -PORTREVISION= 1 +DISTVERSION= 2.3.2 CATEGORIES= devel MASTER_SITES= KDE/stable/qca/${PORTVERSION} PKGNAMESUFFIX= -qt5 Modified: head/devel/qca/distinfo ============================================================================== --- head/devel/qca/distinfo Wed Feb 10 09:57:19 2021 (r564848) +++ head/devel/qca/distinfo Wed Feb 10 10:46:35 2021 (r564849) @@ -1,3 +1,3 @@ -TIMESTAMP = 1596038214 -SHA256 (qca-2.3.1.tar.xz) = c13851109abefc4623370989fae3a745bf6b1acb3c2a13a8958539823e974e4b -SIZE (qca-2.3.1.tar.xz) = 725984 +TIMESTAMP = 1612914386 +SHA256 (qca-2.3.2.tar.xz) = 4697600237c4bc3a979e87d2cc80624f27b06280e635f5d90ec7dd4d2a9f606d +SIZE (qca-2.3.2.tar.xz) = 735500 Modified: head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp ============================================================================== --- head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp Wed Feb 10 09:57:19 2021 (r564848) +++ head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp Wed Feb 10 10:46:35 2021 (r564849) @@ -1,58 +1,94 @@ ---- plugins/qca-ossl/qca-ossl.cpp.orig 2020-02-25 09:08:01 UTC +Patch from OpenBSD rsadowski@ + +LibreSSL 3.0.x support from Stefan Strogin + +Index: plugins/qca-ossl/qca-ossl.cpp +--- plugins/qca-ossl/qca-ossl.cpp.orig 2021-02-04 10:29:44 UTC +++ plugins/qca-ossl/qca-ossl.cpp -@@ -43,6 +43,10 @@ +@@ -41,7 +41,13 @@ + #include + #include - #include - +#ifndef RSA_F_RSA_OSSL_PRIVATE_DECRYPT +#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT RSA_F_RSA_EAY_PRIVATE_DECRYPT +#endif + ++#ifndef LIBRESSL_VERSION_NUMBER + #include ++#endif + using namespace QCA; - namespace opensslQCAPlugin { -@@ -1272,6 +1276,7 @@ class opensslHkdfContext : public HKDFContext (public) - const InitializationVector &info, unsigned int keyLength) override - { - SecureArray out(keyLength); -+#ifdef EVP_PKEY_HKDF - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr); - EVP_PKEY_derive_init(pctx); - EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()); -@@ -1281,6 +1286,36 @@ class opensslHkdfContext : public HKDFContext (public) - size_t outlen = out.size(); - EVP_PKEY_derive(pctx, reinterpret_cast(out.data()), &outlen); - EVP_PKEY_CTX_free(pctx); +@@ -1239,6 +1245,7 @@ class opensslPbkdf2Context : public KDFContext (public + protected: + }; + ++#ifndef LIBRESSL_VERSION_NUMBER + class opensslHkdfContext : public HKDFContext + { + Q_OBJECT +@@ -1271,6 +1278,7 @@ class opensslHkdfContext : public HKDFContext (public) + return out; + } + }; ++#endif // LIBRESSL_VERSION_NUMBER + + class opensslHMACContext : public MACContext + { +@@ -4951,7 +4959,11 @@ class MyTLSContext : public TLSContext (public) + case TLS::TLS_v1: + ctx = SSL_CTX_new(TLS_client_method()); + SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION); ++#ifdef TLS1_3_VERSION + SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); +#else -+ unsigned char prk[EVP_MAX_MD_SIZE]; -+ unsigned char *ret; -+ unsigned int prk_len; -+ HMAC(EVP_sha256(), salt.data(), salt.size(), reinterpret_cast(secret.data()), secret.size(), prk, &prk_len); -+ HMAC_CTX hmac; -+ unsigned char prev[EVP_MAX_MD_SIZE]; -+ size_t done_len = 0; -+ size_t dig_len = EVP_MD_size(EVP_sha256()); -+ size_t n = out.size() / dig_len; -+ if (out.size() % dig_len) ++n; -+ HMAC_CTX_init(&hmac); -+ HMAC_Init_ex(&hmac, prk, prk_len, EVP_sha256(), nullptr); -+ for (unsigned int i = 1; i <= n; ++i) { -+ const unsigned char ctr = i; -+ if (i > 1) { -+ HMAC_Init_ex(&hmac, nullptr, 0, nullptr, nullptr); -+ HMAC_Update(&hmac, prev, dig_len); -+ } -+ HMAC_Update(&hmac, reinterpret_cast(info.data()), info.size()); -+ HMAC_Update(&hmac, &ctr, 1); -+ HMAC_Final(&hmac, prev, nullptr); -+ size_t copy_len = (done_len + dig_len > out.size()) ? -+ out.size() - done_len : dig_len; -+ memcpy(reinterpret_cast(out.data()) + done_len, prev, copy_len); -+ done_len += copy_len; -+ } -+ HMAC_CTX_cleanup(&hmac); -+ OPENSSL_cleanse(prk, sizeof prk); ++ SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION); +#endif - return out; - } - }; + break; + case TLS::DTLS_v1: + default: +@@ -4972,7 +4984,11 @@ class MyTLSContext : public TLSContext (public) + QStringList cipherList; + for (int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { + const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i); ++#ifndef LIBRESSL_VERSION_NUMBER + cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher)); ++#else ++ cipherList += QString::fromLatin1(SSL_CIPHER_get_name(thisCipher)); ++#endif + } + sk_SSL_CIPHER_free(sk); + +@@ -5345,7 +5361,11 @@ class MyTLSContext : public TLSContext (public) + sessInfo.version = TLS::TLS_v1; + } + ++#ifndef LIBRESSL_VERSION_NUMBER + sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl))); ++#else ++ sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl))); ++#endif + + sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits)); + +@@ -6629,7 +6649,9 @@ class opensslProvider : public Provider (public) + #endif + list += QStringLiteral("pbkdf1(sha1)"); + list += QStringLiteral("pbkdf2(sha1)"); ++#ifndef LIBRESSL_VERSION_NUMBER + list += QStringLiteral("hkdf(sha256)"); ++#endif + list += QStringLiteral("pkey"); + list += QStringLiteral("dlgroup"); + list += QStringLiteral("rsa"); +@@ -6698,8 +6720,10 @@ class opensslProvider : public Provider (public) + #endif + else if (type == QLatin1String("pbkdf2(sha1)")) + return new opensslPbkdf2Context(this, type); ++#ifndef LIBRESSL_VERSION_NUMBER + else if (type == QLatin1String("hkdf(sha256)")) + return new opensslHkdfContext(this, type); ++#endif + else if (type == QLatin1String("hmac(md5)")) + return new opensslHMACContext(EVP_md5(), this, type); + else if (type == QLatin1String("hmac(sha1)"))