From nobody Wed Jul 20 20:50:31 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Lp7Bc1lFNz4WwVx; Wed, 20 Jul 2022 20:50:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lp7Bc1L1Fz3Zys; Wed, 20 Jul 2022 20:50:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658350232; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9JMtRNxjB3c/cUTVEeJ1zdaQgft00DYAwAT9BZIwyGA=; b=Xl/Jg25KmkXb/7/WluBH8TMPLTXATGsBtxC1t2HOykf4Z/ti5IKjhXKXCvtYs6C+Q0LhMA gQLct6v092c5eN/m9UqoER7VA2VkLLXbMhEBcp+ZpbfKC1wsBjDyGZo9SB20E+07IGMT+4 yO4fquWCIanCfQgMbfz7IFRo54jR/kOx7EPza/LGYTariDl2tePc69AdsvBfpkCK6eB5lO t/LhjkfaRMn8cgJUCBI46O1gXCMA9YZ3kRKfxpvBtaJBtFzR1L+jwy480VUBZW4ica8bti JqF0n2NgiZq1DVIR+5M+NOM/bB8c8LizK1CDPbp0ZK4DHGRtb/VKgLsX03SR0A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Lp7Bc0D1Mz1B7s; Wed, 20 Jul 2022 20:50:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26KKoV0M031180; Wed, 20 Jul 2022 20:50:31 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26KKoVkc031179; Wed, 20 Jul 2022 20:50:31 GMT (envelope-from git) Date: Wed, 20 Jul 2022 20:50:31 GMT Message-Id: <202207202050.26KKoVkc031179@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: "Tobias C. Berner" Subject: git: 49667cdc275e - main - net/qt5-network: Runtime fixes with libressl List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tcberner X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 49667cdc275e51a3e28e94582e18a6e094ae29c8 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658350232; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9JMtRNxjB3c/cUTVEeJ1zdaQgft00DYAwAT9BZIwyGA=; b=kGvL6dLMf5AJV2sfolL0x0wOIy2n1jOUbOknqBg6LhKHMadBvlMjqPtTcqtJ6d2jAAZrsa 4SL49wMfaLGPIDZgmXXIVFlYbNq3N83J0DBt8gUESd7KqxyLET8qjt2bkft/8t2eddnKZC 5AQEnuD8/vym+1JMH0gXOTXUhGWNAdZ3Vghi5afe0QowgJRZIdibeuzdHHS5LVCwKaODl9 dae/VN0N+79Ks1LZfRBuE5bjm+xBQgNAS/FjGROYiAYnH6uft1E3ydtLKxdvyqnEJwCarh FPVLNCfhiVB8cdb7Ga8WpG7WUqoPyPXlun5S+lvuo6UW/CWvRcAJ/BpmvUX2pQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1658350232; a=rsa-sha256; cv=none; b=BUU9LaXrfInQY0P4+4zfdtvvNQKBGhiFDCCqfS/Dbr9JY1ZbWHJRFhX6fqypv1Pm7fP3QA nifokCiLqzyp9/mfnx0gYglKZIwqL2Pv+9Vsy1sYRUTu1jhCRBMCDoxiEhurGinQvAJMGA EjFl2jiLQ5qyg/bCG0Ck52ljjd0RD7vlTkASAc4AP+0cDtcgD8c1hoqog3pUINs+IxEb5F 1GNMm4qg4HY3/XaLO6nXm79kzeijr3NSSghEOJw/Q+j53NOSU6btWS6eAPzrRXlDi6xFXQ T87eysBSREdAxSW2+p+YbltbPVrrO05lbIgKvhS0K0w5HsnhDKdTsxJoqPpiUg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by tcberner: URL: https://cgit.FreeBSD.org/ports/commit/?id=49667cdc275e51a3e28e94582e18a6e094ae29c8 commit 49667cdc275e51a3e28e94582e18a6e094ae29c8 Author: Felix Palmen AuthorDate: 2022-07-20 20:45:04 +0000 Commit: Tobias C. Berner CommitDate: 2022-07-20 20:47:09 +0000 net/qt5-network: Runtime fixes with libressl Patches updated based on this gentoo patch: https://562050.bugs.gentoo.org/attachment.cgi?id=663100 - modified and extended for qt-network 5.15.5 - modified for libressl 3.5 Differential Revision: https://reviews.freebsd.org/D35729 --- net/qt5-network/Makefile | 1 + ...ch-src_network_ssl_qsslcertificate__openssl.cpp | 11 ++ .../patch-src_network_ssl_qsslcontext__openssl.cpp | 70 ++++++-- ...patch-src_network_ssl_qsslcontext__openssl__p.h | 16 ++ .../patch-src_network_ssl_qsslsocket__openssl.cpp | 18 ++- ...rc_network_ssl_qsslsocket__openssl__symbols.cpp | 180 ++++++++++++++++++++- ...c_network_ssl_qsslsocket__openssl__symbols__p.h | 136 +++++++++++++++- 7 files changed, 408 insertions(+), 24 deletions(-) diff --git a/net/qt5-network/Makefile b/net/qt5-network/Makefile index 959ecb987f0a..0f6cf1e330d5 100644 --- a/net/qt5-network/Makefile +++ b/net/qt5-network/Makefile @@ -1,5 +1,6 @@ PORTNAME= network PORTVERSION= ${QT5_VERSION}${QT5_KDE_PATCH} +PORTREVISION= 1 CATEGORIES= net PKGNAMEPREFIX= qt5- diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslcertificate__openssl.cpp b/net/qt5-network/files/patch-src_network_ssl_qsslcertificate__openssl.cpp new file mode 100644 index 000000000000..47969b82f4b6 --- /dev/null +++ b/net/qt5-network/files/patch-src_network_ssl_qsslcertificate__openssl.cpp @@ -0,0 +1,11 @@ +--- src/network/ssl/qsslcertificate_openssl.cpp.orig 2022-06-22 10:58:13 UTC ++++ src/network/ssl/qsslcertificate_openssl.cpp +@@ -691,7 +691,7 @@ static QMultiMap _q_mapFromX509Na + unsigned char *data = nullptr; + int size = q_ASN1_STRING_to_UTF8(&data, q_X509_NAME_ENTRY_get_data(e)); + info.insert(name, QString::fromUtf8((char*)data, size)); +-#if QT_CONFIG(opensslv11) ++#if QT_CONFIG(opensslv11) && !defined(LIBRESSL_VERSION_NUMBER) + q_CRYPTO_free(data, nullptr, 0); + #else + q_CRYPTO_free(data); diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp b/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp index 15d7d598ad11..0fc24a49fc2a 100644 --- a/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp +++ b/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl.cpp @@ -1,22 +1,62 @@ ---- src/network/ssl/qsslcontext_openssl.cpp.orig 2022-06-28 10:17:59 UTC +--- src/network/ssl/qsslcontext_openssl.cpp.orig 2022-06-22 10:58:13 UTC +++ src/network/ssl/qsslcontext_openssl.cpp -@@ -356,11 +356,15 @@ init_context: +@@ -54,12 +54,14 @@ + + QT_BEGIN_NAMESPACE + ++#ifdef SSL_SECOP_PEER + Q_GLOBAL_STATIC(bool, forceSecurityLevel) + + Q_NETWORK_EXPORT void qt_ForceTlsSecurityLevel() + { + *forceSecurityLevel() = true; + } ++#endif //SSL_SECOP_PEER + + // defined in qsslsocket_openssl.cpp: + extern int q_X509Callback(int ok, X509_STORE_CTX *ctx); +@@ -351,9 +353,11 @@ init_context: + return; + } + ++#ifdef SSL_SECOP_PEER + // A nasty hacked OpenSSL using a level that will make our auto-tests fail: + if (q_SSL_CTX_get_security_level(sslContext->ctx) > 1 && *forceSecurityLevel()) q_SSL_CTX_set_security_level(sslContext->ctx, 1); ++#endif //SSL_SECOP_PEER const long anyVersion = -+#ifndef TLS_ANY_VERSION -+ 0x1000; -+#else #if QT_CONFIG(dtls) - isDtls ? DTLS_ANY_VERSION : TLS_ANY_VERSION; - #else - TLS_ANY_VERSION; - #endif // dtls -+#endif - long minVersion = anyVersion; - long maxVersion = anyVersion; - -@@ -722,6 +726,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslC +@@ -408,16 +412,28 @@ init_context: + maxVersion = DTLS1_VERSION; + break; + case QSsl::DtlsV1_0OrLater: ++#ifdef DTLS_MAX_VERSION + minVersion = DTLS1_VERSION; + maxVersion = 0; ++#else ++ Q_UNREACHABLE(); ++#endif // DTLS_MAX_VERSION + break; + case QSsl::DtlsV1_2: ++#ifdef DTLS1_2_VERSION + minVersion = DTLS1_2_VERSION; + maxVersion = DTLS1_2_VERSION; ++#else ++ Q_UNREACHABLE(); ++#endif // DTLS1_2_VERSION + break; + case QSsl::DtlsV1_2OrLater: ++#if defined(DTLS1_2_VERSION) + minVersion = DTLS1_2_VERSION; + maxVersion = 0; ++#else ++ Q_UNREACHABLE(); ++#endif // DTLS1_2_VERSION + break; + case QSsl::TlsV1_3OrLater: + #ifdef TLS1_3_VERSION +@@ -722,6 +738,7 @@ void QSslContext::applyBackendConfig(QSslContext *sslC } #endif // ocsp @@ -24,7 +64,7 @@ QSharedPointer cctx(q_SSL_CONF_CTX_new(), &q_SSL_CONF_CTX_free); if (cctx) { q_SSL_CONF_CTX_set_ssl_ctx(cctx.data(), sslContext->ctx); -@@ -768,7 +773,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslC +@@ -768,7 +785,9 @@ void QSslContext::applyBackendConfig(QSslContext *sslC sslContext->errorStr = msgErrorSettingBackendConfig(QSslSocket::tr("SSL_CONF_finish() failed")); sslContext->errorCode = QSslError::UnspecifiedError; } diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl__p.h b/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl__p.h new file mode 100644 index 000000000000..7b54761a70db --- /dev/null +++ b/net/qt5-network/files/patch-src_network_ssl_qsslcontext__openssl__p.h @@ -0,0 +1,16 @@ +--- src/network/ssl/qsslcontext_openssl_p.h.orig 2022-06-22 10:58:13 UTC ++++ src/network/ssl/qsslcontext_openssl_p.h +@@ -61,6 +61,13 @@ + + QT_BEGIN_NAMESPACE + ++#ifndef DTLS_ANY_VERSION ++#define DTLS_ANY_VERSION 0x1FFFF ++#endif ++#ifndef TLS_ANY_VERSION ++#define TLS_ANY_VERSION 0x10000 ++#endif ++ + #ifndef QT_NO_SSL + + class QSslContextPrivate; diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp index 22689b3fc546..692bcd61ab0d 100644 --- a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp +++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl.cpp @@ -1,4 +1,4 @@ ---- src/network/ssl/qsslsocket_openssl.cpp.orig 2022-06-28 13:46:41 UTC +--- src/network/ssl/qsslsocket_openssl.cpp.orig 2022-07-05 09:21:21 UTC +++ src/network/ssl/qsslsocket_openssl.cpp @@ -239,6 +239,12 @@ static int q_ssl_psk_use_session_callback(SSL *ssl, co return 1; // need to return 1 or else "the connection setup fails." @@ -13,14 +13,24 @@ int q_ssl_sess_set_new_cb(SSL *ssl, SSL_SESSION *session) { if (!ssl) { -@@ -254,9 +260,7 @@ int q_ssl_sess_set_new_cb(SSL *ssl, SSL_SESSION *sessi +@@ -254,10 +260,8 @@ int q_ssl_sess_set_new_cb(SSL *ssl, SSL_SESSION *sessi QSslSocketBackendPrivate::s_indexForSSLExtraData)); return socketPrivate->handleNewSessionTicket(ssl); } -#endif // TLS1_3_VERSION -- --#endif // !OPENSSL_NO_PSK +#endif +-#endif // !OPENSSL_NO_PSK +- #if QT_CONFIG(ocsp) + int qt_OCSP_status_server_callback(SSL *ssl, void *ocspRequest) +@@ -653,7 +657,7 @@ bool QSslSocketBackendPrivate::initSslContext() + else if (mode == QSslSocket::SslServerMode) + q_SSL_set_psk_server_callback(ssl, &q_ssl_psk_server_callback); + +-#if OPENSSL_VERSION_NUMBER >= 0x10101006L ++#if OPENSSL_VERSION_NUMBER >= 0x10101006L && !defined(LIBRESSL_VERSION_NUMBER) + // Set the client callback for TLSv1.3 PSK + if (mode == QSslSocket::SslClientMode + && QSslSocket::sslLibraryBuildVersionNumber() >= 0x10101006L) { diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp index 66eca715c9b9..190292096559 100644 --- a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp +++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols.cpp @@ -1,6 +1,76 @@ ---- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2022-06-28 10:13:07 UTC +--- src/network/ssl/qsslsocket_openssl_symbols.cpp.orig 2022-07-05 09:21:21 UTC +++ src/network/ssl/qsslsocket_openssl_symbols.cpp -@@ -355,12 +355,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a +@@ -142,13 +142,18 @@ DEFINEFUNC2(int, OPENSSL_init_ssl, uint64_t opts, opts + DEFINEFUNC2(int, OPENSSL_init_crypto, uint64_t opts, opts, const OPENSSL_INIT_SETTINGS *settings, settings, return 0, return) + DEFINEFUNC(BIO *, BIO_new, const BIO_METHOD *a, a, return nullptr, return) + DEFINEFUNC(const BIO_METHOD *, BIO_s_mem, void, DUMMYARG, return nullptr, return) ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + DEFINEFUNC2(int, BN_is_word, BIGNUM *a, a, BN_ULONG w, w, return 0, return) ++#endif + DEFINEFUNC(int, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX *c, c, return 0, return) + DEFINEFUNC(int, EVP_PKEY_up_ref, EVP_PKEY *a, a, return 0, return) ++#ifdef OPENSSL_NO_DEPRECATED_3_0 + DEFINEFUNC2(EVP_PKEY_CTX *, EVP_PKEY_CTX_new, EVP_PKEY *pkey, pkey, ENGINE *e, e, return nullptr, return) + DEFINEFUNC(int, EVP_PKEY_param_check, EVP_PKEY_CTX *ctx, ctx, return 0, return) + DEFINEFUNC(void, EVP_PKEY_CTX_free, EVP_PKEY_CTX *ctx, ctx, return, return) ++#endif // OPENSSL_NO_DEPRECATED_3_0 + DEFINEFUNC(int, RSA_bits, RSA *a, a, return 0, return) ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + DEFINEFUNC(int, DSA_bits, DSA *a, a, return 0, return) + DEFINEFUNC(int, OPENSSL_sk_num, OPENSSL_STACK *a, a, return -1, return) + DEFINEFUNC2(void, OPENSSL_sk_pop_free, OPENSSL_STACK *a, a, void (*b)(void*), b, return, DUMMYARG) +@@ -158,8 +163,18 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, + DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return) + DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return) + DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return) ++#else ++DEFINEFUNC(int, sk_num, STACK *a, a, return -1, return) ++DEFINEFUNC2(void, sk_pop_free, STACK *a, a, void (*b)(void*), b, return, DUMMYARG) ++DEFINEFUNC(_STACK *, sk_new_null, DUMMYARG, DUMMYARG, return nullptr, return) ++DEFINEFUNC2(void, sk_push, _STACK *a, a, void *b, b, return, DUMMYARG) ++DEFINEFUNC(void, sk_free, _STACK *a, a, return, DUMMYARG) ++DEFINEFUNC2(void *, sk_value, STACK *a, a, int b, b, return nullptr, return) ++#endif // LIBRESSL_VERSION_NUMBER ++#ifdef SSL_SECOP_PEER + DEFINEFUNC(int, SSL_CTX_get_security_level, const SSL_CTX *ctx, ctx, return -1, return) + DEFINEFUNC2(void, SSL_CTX_set_security_level, SSL_CTX *ctx, ctx, int level, level, return, return) ++#endif //SSL_SECOP_PEER + #ifdef TLS1_3_VERSION + DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return) + DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG) +@@ -169,7 +184,9 @@ DEFINEFUNC(int, SSL_SESSION_is_resumable, const SSL_SE + DEFINEFUNC3(size_t, SSL_get_client_random, SSL *a, a, unsigned char *out, out, size_t outlen, outlen, return 0, return) + DEFINEFUNC3(size_t, SSL_SESSION_get_master_key, const SSL_SESSION *ses, ses, unsigned char *out, out, size_t outlen, outlen, return 0, return) + DEFINEFUNC6(int, CRYPTO_get_ex_new_index, int class_index, class_index, long argl, argl, void *argp, argp, CRYPTO_EX_new *new_func, new_func, CRYPTO_EX_dup *dup_func, dup_func, CRYPTO_EX_free *free_func, free_func, return -1, return) ++#ifndef LIBRESSL_VERSION_NUMBER + DEFINEFUNC2(unsigned long, SSL_set_options, SSL *ssl, ssl, unsigned long op, op, return 0, return) ++#endif + + DEFINEFUNC(const SSL_METHOD *, TLS_method, DUMMYARG, DUMMYARG, return nullptr, return) + DEFINEFUNC(const SSL_METHOD *, TLS_client_method, DUMMYARG, DUMMYARG, return nullptr, return) +@@ -183,7 +200,11 @@ DEFINEFUNC2(void, X509_STORE_set_verify_cb, X509_STORE + DEFINEFUNC3(int, X509_STORE_set_ex_data, X509_STORE *a, a, int idx, idx, void *data, data, return 0, return) + DEFINEFUNC2(void *, X509_STORE_get_ex_data, X509_STORE *r, r, int idx, idx, return nullptr, return) + DEFINEFUNC(STACK_OF(X509) *, X509_STORE_CTX_get0_chain, X509_STORE_CTX *a, a, return nullptr, return) ++#ifndef LIBRESSL_VERSION_NUMBER + DEFINEFUNC3(void, CRYPTO_free, void *str, str, const char *file, file, int line, line, return, DUMMYARG) ++#else ++DEFINEFUNC(void, CRYPTO_free, void *a, a, return, DUMMYARG) ++#endif + DEFINEFUNC(long, OpenSSL_version_num, void, DUMMYARG, return 0, return) + DEFINEFUNC(const char *, OpenSSL_version, int a, a, return nullptr, return) + DEFINEFUNC(unsigned long, SSL_SESSION_get_ticket_lifetime_hint, const SSL_SESSION *session, session, return 0, return) +@@ -223,7 +244,9 @@ DEFINEFUNC5(int, OCSP_id_get0_info, ASN1_OCTET_STRING + ASN1_OCTET_STRING **piKeyHash, piKeyHash, ASN1_INTEGER **pserial, pserial, OCSP_CERTID *cid, cid, + return 0, return) + DEFINEFUNC2(OCSP_RESPONSE *, OCSP_response_create, int status, status, OCSP_BASICRESP *bs, bs, return nullptr, return) ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + DEFINEFUNC(const STACK_OF(X509) *, OCSP_resp_get0_certs, const OCSP_BASICRESP *bs, bs, return nullptr, return) ++#endif + DEFINEFUNC2(int, OCSP_id_cmp, OCSP_CERTID *a, a, OCSP_CERTID *b, b, return -1, return) + DEFINEFUNC7(OCSP_SINGLERESP *, OCSP_basic_add1_status, OCSP_BASICRESP *r, r, OCSP_CERTID *c, c, int s, s, + int re, re, ASN1_TIME *rt, rt, ASN1_TIME *t, t, ASN1_TIME *n, n, return nullptr, return) +@@ -355,12 +378,14 @@ DEFINEFUNC2(int, SSL_CTX_use_PrivateKey, SSL_CTX *a, a DEFINEFUNC2(int, SSL_CTX_use_RSAPrivateKey, SSL_CTX *a, a, RSA *b, b, return -1, return) DEFINEFUNC3(int, SSL_CTX_use_PrivateKey_file, SSL_CTX *a, a, const char *b, b, int c, c, return -1, return) DEFINEFUNC(X509_STORE *, SSL_CTX_get_cert_store, const SSL_CTX *a, a, return nullptr, return) @@ -15,7 +85,99 @@ DEFINEFUNC(void, SSL_free, SSL *a, a, return, DUMMYARG) DEFINEFUNC(STACK_OF(SSL_CIPHER) *, SSL_get_ciphers, const SSL *a, a, return nullptr, return) DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr, return) -@@ -1066,12 +1068,14 @@ bool q_resolveOpenSslSymbols() +@@ -385,7 +410,11 @@ DEFINEFUNC3(void, SSL_set_bio, SSL *a, a, BIO *b, b, B + DEFINEFUNC(void, SSL_set_accept_state, SSL *a, a, return, DUMMYARG) + DEFINEFUNC(void, SSL_set_connect_state, SSL *a, a, return, DUMMYARG) + DEFINEFUNC(int, SSL_shutdown, SSL *a, a, return -1, return) ++#ifndef LIBRESSL_VERSION_NUMBER + DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return) ++#else ++DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return) ++#endif + DEFINEFUNC(int, SSL_get_shutdown, const SSL *ssl, ssl, return 0, return) + DEFINEFUNC2(int, SSL_set_session, SSL* to, to, SSL_SESSION *session, session, return -1, return) + DEFINEFUNC(void, SSL_SESSION_free, SSL_SESSION *ses, ses, return, DUMMYARG) +@@ -854,20 +883,35 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(ASN1_STRING_get0_data) + RESOLVEFUNC(EVP_CIPHER_CTX_reset) + RESOLVEFUNC(EVP_PKEY_up_ref) ++#ifdef OPENSSL_NO_DEPRECATED_3_0 + RESOLVEFUNC(EVP_PKEY_CTX_new) + RESOLVEFUNC(EVP_PKEY_param_check) + RESOLVEFUNC(EVP_PKEY_CTX_free) ++#endif // OPENSSL_NO_DEPRECATED_3_0 + RESOLVEFUNC(RSA_bits) ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + RESOLVEFUNC(OPENSSL_sk_new_null) + RESOLVEFUNC(OPENSSL_sk_push) + RESOLVEFUNC(OPENSSL_sk_free) + RESOLVEFUNC(OPENSSL_sk_num) + RESOLVEFUNC(OPENSSL_sk_pop_free) + RESOLVEFUNC(OPENSSL_sk_value) ++#else ++ RESOLVEFUNC(sk_new_null) ++ RESOLVEFUNC(sk_push) ++ RESOLVEFUNC(sk_free) ++ RESOLVEFUNC(sk_num) ++ RESOLVEFUNC(sk_pop_free) ++ RESOLVEFUNC(sk_value) ++#endif + RESOLVEFUNC(DH_get0_pqg) ++#ifndef LIBRESSL_VERSION_NUMBER + RESOLVEFUNC(SSL_CTX_set_options) ++#endif ++#ifdef SSL_SECOP_PEER + RESOLVEFUNC(SSL_CTX_get_security_level) + RESOLVEFUNC(SSL_CTX_set_security_level) ++#endif //SSL_SECOP_PEER + #ifdef TLS1_3_VERSION + RESOLVEFUNC(SSL_CTX_set_ciphersuites) + RESOLVEFUNC(SSL_set_psk_use_session_callback) +@@ -877,9 +921,13 @@ bool q_resolveOpenSslSymbols() + + RESOLVEFUNC(SSL_get_client_random) + RESOLVEFUNC(SSL_SESSION_get_master_key) ++#ifndef LIBRESSL_VERSION_NUMBER + RESOLVEFUNC(SSL_session_reused) ++#endif + RESOLVEFUNC(SSL_get_session) ++#ifndef LIBRESSL_VERSION_NUMBER + RESOLVEFUNC(SSL_set_options) ++#endif + RESOLVEFUNC(CRYPTO_get_ex_new_index) + RESOLVEFUNC(TLS_method) + RESOLVEFUNC(TLS_client_method) +@@ -906,7 +954,9 @@ bool q_resolveOpenSslSymbols() + + RESOLVEFUNC(SSL_SESSION_get_ticket_lifetime_hint) + RESOLVEFUNC(DH_bits) ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + RESOLVEFUNC(DSA_bits) ++#endif + + #if QT_CONFIG(dtls) + RESOLVEFUNC(DTLSv1_listen) +@@ -936,7 +986,9 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(OCSP_check_validity) + RESOLVEFUNC(OCSP_cert_to_id) + RESOLVEFUNC(OCSP_id_get0_info) ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + RESOLVEFUNC(OCSP_resp_get0_certs) ++#endif + RESOLVEFUNC(OCSP_basic_sign) + RESOLVEFUNC(OCSP_response_create) + RESOLVEFUNC(i2d_OCSP_RESPONSE) +@@ -973,7 +1025,9 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(EC_GROUP_get_degree) + #endif + RESOLVEFUNC(BN_num_bits) ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + RESOLVEFUNC(BN_is_word) ++#endif + RESOLVEFUNC(BN_mod_word) + RESOLVEFUNC(DSA_new) + RESOLVEFUNC(DSA_free) +@@ -1066,12 +1120,14 @@ bool q_resolveOpenSslSymbols() RESOLVEFUNC(SSL_CTX_use_RSAPrivateKey) RESOLVEFUNC(SSL_CTX_use_PrivateKey_file) RESOLVEFUNC(SSL_CTX_get_cert_store); @@ -30,3 +192,15 @@ RESOLVEFUNC(SSL_accept) RESOLVEFUNC(SSL_clear) RESOLVEFUNC(SSL_connect) +@@ -1099,7 +1155,11 @@ bool q_resolveOpenSslSymbols() + RESOLVEFUNC(SSL_set_bio) + RESOLVEFUNC(SSL_set_connect_state) + RESOLVEFUNC(SSL_shutdown) ++#ifndef LIBRESSL_VERSION_NUMBER + RESOLVEFUNC(SSL_in_init) ++#else ++ RESOLVEFUNC(SSL_state) ++#endif + RESOLVEFUNC(SSL_get_shutdown) + RESOLVEFUNC(SSL_set_session) + RESOLVEFUNC(SSL_SESSION_free) diff --git a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h index bea26f610007..6463a08c1d95 100644 --- a/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h +++ b/net/qt5-network/files/patch-src_network_ssl_qsslsocket__openssl__symbols__p.h @@ -1,4 +1,4 @@ ---- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2022-06-28 10:06:55 UTC +--- src/network/ssl/qsslsocket_openssl_symbols_p.h.orig 2022-06-22 10:58:13 UTC +++ src/network/ssl/qsslsocket_openssl_symbols_p.h @@ -80,6 +80,13 @@ QT_BEGIN_NAMESPACE @@ -14,7 +14,103 @@ #if !defined QT_LINKED_OPENSSL // **************** Shared declarations ****************** // ret func(arg) -@@ -496,12 +503,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b); +@@ -230,13 +237,20 @@ const unsigned char * q_ASN1_STRING_get0_data(const AS + Q_AUTOTEST_EXPORT BIO *q_BIO_new(const BIO_METHOD *a); + Q_AUTOTEST_EXPORT const BIO_METHOD *q_BIO_s_mem(); + ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + int q_DSA_bits(DSA *a); ++#else ++#define q_DSA_bits(dsa) q_BN_num_bits((dsa)->p) ++#endif + int q_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); + Q_AUTOTEST_EXPORT int q_EVP_PKEY_up_ref(EVP_PKEY *a); ++#ifdef OPENSSL_NO_DEPRECATED_3_0 + EVP_PKEY_CTX *q_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); + void q_EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + int q_EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); ++#endif // OPENSSL_NO_DEPRECATED_3_0 + int q_RSA_bits(RSA *a); ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + Q_AUTOTEST_EXPORT int q_OPENSSL_sk_num(OPENSSL_STACK *a); + Q_AUTOTEST_EXPORT void q_OPENSSL_sk_pop_free(OPENSSL_STACK *a, void (*b)(void *)); + Q_AUTOTEST_EXPORT OPENSSL_STACK *q_OPENSSL_sk_new_null(); +@@ -245,6 +259,24 @@ Q_AUTOTEST_EXPORT void q_OPENSSL_sk_free(OPENSSL_STACK + Q_AUTOTEST_EXPORT void * q_OPENSSL_sk_value(OPENSSL_STACK *a, int b); + int q_SSL_session_reused(SSL *a); + unsigned long q_SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); ++#else // LIBRESSL_VERSION_NUMBER ++int q_sk_num(STACK *a); ++#define q_OPENSSL_sk_num(a) q_sk_num(a) ++void q_sk_pop_free(STACK *a, void (*b)(void *)); ++#define q_OPENSSL_sk_pop_free(a, b) q_sk_pop_free(a, b) ++STACK *q_sk_new_null(); ++#define q_OPENSSL_sk_new_null() q_sk_new_null() ++void q_sk_push(STACK *st, void *data); ++#define q_OPENSSL_sk_push(st, data) q_sk_push(st, data) ++void q_sk_free(STACK *a); ++#define q_OPENSSL_sk_free q_sk_free ++void *q_sk_value(STACK *a, int b); ++#define q_OPENSSL_sk_value(a, b) q_sk_value(a, b) ++#define q_SSL_session_reused(ssl) \ ++ q_SSL_ctrl((ssl), SSL_CTRL_GET_SESSION_REUSED, 0, NULL) ++#define q_SSL_CTX_set_options(ctx, op) \ ++ q_SSL_CTX_ctrl((ctx), SSL_CTRL_OPTIONS, (op), NULL) ++#endif // LIBRESSL_VERSION_NUMBER + int q_OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); + size_t q_SSL_get_client_random(SSL *a, unsigned char *out, size_t outlen); + size_t q_SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); +@@ -268,8 +300,13 @@ int q_DH_bits(DH *dh); + # define q_SSL_load_error_strings() q_OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) + ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + #define q_SKM_sk_num(st) q_OPENSSL_sk_num((OPENSSL_STACK *)st) + #define q_SKM_sk_value(type, st,i) (type *)q_OPENSSL_sk_value((OPENSSL_STACK *)st, i) ++#else ++#define q_SKM_sk_num(st) q_sk_num((OPENSSL_STACK *)st) ++#define q_SKM_sk_value(type, st,i) (type *)q_sk_value((OPENSSL_STACK *)st, i) ++#endif // LIBRESSL_VERSION_NUMBER + + #define q_OPENSSL_add_all_algorithms_conf() q_OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ + | OPENSSL_INIT_ADD_ALL_DIGESTS \ +@@ -278,13 +315,22 @@ int q_DH_bits(DH *dh); + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + + int q_OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); ++#ifndef LIBRESSL_VERSION_NUMBER + void q_CRYPTO_free(void *str, const char *file, int line); ++#else ++void q_CRYPTO_free(void *a); ++#endif + + long q_OpenSSL_version_num(); + const char *q_OpenSSL_version(int type); + + unsigned long q_SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session); ++#ifndef LIBRESSL_VERSION_NUMBER + unsigned long q_SSL_set_options(SSL *s, unsigned long op); ++#else ++#define q_SSL_set_options(ssl, op) \ ++ q_SSL_ctrl((ssl), SSL_CTRL_OPTIONS, (op), NULL) ++#endif + + #ifdef TLS1_3_VERSION + int q_SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +@@ -373,7 +419,12 @@ BIO *q_BIO_new_mem_buf(void *a, int b); + int q_BIO_read(BIO *a, void *b, int c); + Q_AUTOTEST_EXPORT int q_BIO_write(BIO *a, const void *b, int c); + int q_BN_num_bits(const BIGNUM *a); ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + int q_BN_is_word(BIGNUM *a, BN_ULONG w); ++#else ++#define q_BN_is_word(a, w) (((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) \ ++ || (((w) == 0) && ((a)->top == 0))) && (!(w) || !(a)->neg)) ++#endif + BN_ULONG q_BN_mod_word(const BIGNUM *a, BN_ULONG w); + + #ifndef OPENSSL_NO_EC +@@ -496,12 +547,14 @@ int q_SSL_CTX_use_PrivateKey(SSL_CTX *a, EVP_PKEY *b); int q_SSL_CTX_use_RSAPrivateKey(SSL_CTX *a, RSA *b); int q_SSL_CTX_use_PrivateKey_file(SSL_CTX *a, const char *b, int c); X509_STORE *q_SSL_CTX_get_cert_store(const SSL_CTX *a); @@ -29,3 +125,39 @@ void q_SSL_free(SSL *a); STACK_OF(SSL_CIPHER) *q_SSL_get_ciphers(const SSL *a); const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a); +@@ -517,7 +570,12 @@ void q_SSL_set_bio(SSL *a, BIO *b, BIO *c); + void q_SSL_set_accept_state(SSL *a); + void q_SSL_set_connect_state(SSL *a); + int q_SSL_shutdown(SSL *a); ++#ifndef LIBRESSL_VERSION_NUMBER + int q_SSL_in_init(const SSL *s); ++#else ++int q_SSL_state(const SSL *s); ++#define q_SSL_in_init(s) (q_SSL_state((s))&SSL_ST_INIT) ++#endif + int q_SSL_get_shutdown(const SSL *ssl); + int q_SSL_set_session(SSL *to, SSL_SESSION *session); + void q_SSL_SESSION_free(SSL_SESSION *ses); +@@ -723,7 +781,11 @@ int q_OCSP_check_validity(ASN1_GENERALIZEDTIME *thisup + int q_OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, ASN1_OCTET_STRING **pikeyHash, + ASN1_INTEGER **pserial, OCSP_CERTID *cid); + ++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x03050000fL + const STACK_OF(X509) *q_OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); ++#else ++#define q_OCSP_resp_get0_certs(bs) ((bs)->certs) ++#endif + Q_AUTOTEST_EXPORT OCSP_CERTID *q_OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); + Q_AUTOTEST_EXPORT void q_OCSP_CERTID_free(OCSP_CERTID *cid); + int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); +@@ -743,8 +805,10 @@ int q_OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); + void *q_CRYPTO_malloc(size_t num, const char *file, int line); + #define q_OPENSSL_malloc(num) q_CRYPTO_malloc(num, "", 0) + ++#ifdef SSL_SECOP_PEER + int q_SSL_CTX_get_security_level(const SSL_CTX *ctx); + void q_SSL_CTX_set_security_level(SSL_CTX *ctx, int level); ++#endif //SSL_SECOP_PEER + + // Here we have the ones that make difference between OpenSSL pre/post v3: + #if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3