Date: Wed, 28 Jun 2023 13:15:35 GMT From: Guido Falsi <madpilot@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: f5a90d3138c8 - main - security/xca: Fix with OpenSSL 3 in head. Message-ID: <202306281315.35SDFZ3P010280@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by madpilot: URL: https://cgit.FreeBSD.org/ports/commit/?id=f5a90d3138c8d98e85003c0c54459a8a947ed5bc commit f5a90d3138c8d98e85003c0c54459a8a947ed5bc Author: Guido Falsi <madpilot@FreeBSD.org> AuthorDate: 2023-06-28 13:15:01 +0000 Commit: Guido Falsi <madpilot@FreeBSD.org> CommitDate: 2023-06-28 13:15:01 +0000 security/xca: Fix with OpenSSL 3 in head. Obtained from: upstream commits --- security/xca/files/patch-lib_pkcs11.cpp | 32 ++++++++++++++ security/xca/files/patch-lib_pki__evp.cpp | 33 +++++++++++++++ security/xca/files/patch-lib_pki__key.cpp | 65 +++++++++++++++++++++++++++++ security/xca/files/patch-lib_pki__scard.cpp | 30 +++++++++++++ 4 files changed, 160 insertions(+) diff --git a/security/xca/files/patch-lib_pkcs11.cpp b/security/xca/files/patch-lib_pkcs11.cpp new file mode 100644 index 000000000000..caba1dcc1f47 --- /dev/null +++ b/security/xca/files/patch-lib_pkcs11.cpp @@ -0,0 +1,32 @@ +--- lib/pkcs11.cpp.orig 2021-05-07 20:40:29 UTC ++++ lib/pkcs11.cpp +@@ -840,8 +840,7 @@ EVP_PKEY *pkcs11::getPrivateKey(EVP_PKEY *pub, CK_OBJE + + switch (EVP_PKEY_type(keytype)) { + case EVP_PKEY_RSA: +- rsa = EVP_PKEY_get0_RSA(pub); +- rsa = RSAPublicKey_dup(rsa); ++ rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pub)); + openssl_error(); + if (!rsa_meth) { + #if OPENSSL_VERSION_NUMBER >= 0x1010000L +@@ -865,8 +864,7 @@ EVP_PKEY *pkcs11::getPrivateKey(EVP_PKEY *pub, CK_OBJE + EVP_PKEY_assign_RSA(evp, rsa); + break; + case EVP_PKEY_DSA: +- dsa = EVP_PKEY_get0_DSA(pub); +- dsa = DSAparams_dup(dsa); ++ dsa = DSAparams_dup(EVP_PKEY_get0_DSA(pub)); + openssl_error(); + if (!dsa_meth) { + #if OPENSSL_VERSION_NUMBER >= 0x10100000L +@@ -889,8 +887,7 @@ EVP_PKEY *pkcs11::getPrivateKey(EVP_PKEY *pub, CK_OBJE + break; + #if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x10100000L + case EVP_PKEY_EC: +- ec = EVP_PKEY_get0_EC_KEY(pub); +- ec = EC_KEY_dup(ec); ++ ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(pub)); + openssl_error(); + if (!ec_key_meth) { + ec_key_meth = setup_ec_key_meth(); diff --git a/security/xca/files/patch-lib_pki__evp.cpp b/security/xca/files/patch-lib_pki__evp.cpp new file mode 100644 index 000000000000..28fdc74c6690 --- /dev/null +++ b/security/xca/files/patch-lib_pki__evp.cpp @@ -0,0 +1,33 @@ +--- lib/pki_evp.cpp.orig 2021-05-07 20:40:29 UTC ++++ lib/pki_evp.cpp +@@ -282,8 +282,8 @@ static void search_ec_oid(EVP_PKEY *pkey) + static void search_ec_oid(EVP_PKEY *pkey) + { + #ifndef OPENSSL_NO_EC +- EC_KEY *ec; + EC_GROUP *builtin; ++ const EC_KEY *ec; + const EC_GROUP *ec_group; + + int keytype = EVP_PKEY_id(pkey); +@@ -621,8 +621,10 @@ EVP_PKEY *pki_evp::legacyDecryptKey(QByteArray &myencK + + pki_openssl_error(); + if (EVP_PKEY_type(getKeyType()) == EVP_PKEY_RSA) { +- RSA *rsa = EVP_PKEY_get0_RSA(tmpkey); ++ RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(tmpkey); ++#if OPENSSL_VERSION_MAJOR < 3 + RSA_blinding_on(rsa, NULL); ++#endif + } + myencKey.fill(0); + return tmpkey; +@@ -930,7 +932,7 @@ bool pki_evp::verify_priv(EVP_PKEY *pkey) const + EVP_MD_CTX_free(ctx); + #endif + if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA && EVP_PKEY_isPrivKey(pkey)) { +- RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const RSA *rsa = EVP_PKEY_get0_RSA(pkey); + if (RSA_check_key(rsa) != 1) + verify = false; + } diff --git a/security/xca/files/patch-lib_pki__key.cpp b/security/xca/files/patch-lib_pki__key.cpp new file mode 100644 index 000000000000..a7a834548ca6 --- /dev/null +++ b/security/xca/files/patch-lib_pki__key.cpp @@ -0,0 +1,65 @@ +--- lib/pki_key.cpp.orig 2021-05-07 20:40:29 UTC ++++ lib/pki_key.cpp +@@ -197,7 +197,7 @@ QString pki_key::length() const + + if (EVP_PKEY_id(key) == EVP_PKEY_DSA) { + const BIGNUM *p = NULL; +- DSA *dsa = EVP_PKEY_get0_DSA(key); ++ const DSA *dsa = EVP_PKEY_get0_DSA(key); + if (dsa) + DSA_get0_pqg(dsa, &p, NULL, NULL); + dsa_unset = p == NULL; +@@ -299,7 +299,7 @@ QString pki_key::modulus() const + if (getKeyType() == EVP_PKEY_RSA) { + const BIGNUM *n = NULL; + +- RSA *rsa = EVP_PKEY_get0_RSA(key); ++ const RSA *rsa = EVP_PKEY_get0_RSA(key); + RSA_get0_key(rsa, &n, NULL, NULL); + return BN2QString(n); + } +@@ -310,7 +310,7 @@ QString pki_key::pubEx() const + { + if (getKeyType() == EVP_PKEY_RSA) { + const BIGNUM *e = NULL; +- RSA *rsa = EVP_PKEY_get0_RSA(key); ++ const RSA *rsa = EVP_PKEY_get0_RSA(key); + RSA_get0_key(rsa, NULL, &e, NULL); + return BN2QString(e); + } +@@ -321,7 +321,7 @@ QString pki_key::subprime() const + { + if (getKeyType() == EVP_PKEY_DSA) { + const BIGNUM *q = NULL; +- DSA *dsa = EVP_PKEY_get0_DSA(key); ++ const DSA *dsa = EVP_PKEY_get0_DSA(key); + if (dsa) + DSA_get0_pqg(dsa, NULL, &q, NULL); + return BN2QString(q); +@@ -333,7 +333,7 @@ QString pki_key::pubkey() const + { + if (getKeyType() == EVP_PKEY_DSA) { + const BIGNUM *pubkey = NULL; +- DSA *dsa = EVP_PKEY_get0_DSA(key); ++ const DSA *dsa = EVP_PKEY_get0_DSA(key); + if (dsa) + DSA_get0_key(dsa, &pubkey, NULL); + return BN2QString(pubkey); +@@ -766,7 +766,7 @@ QByteArray pki_key::SSH2publicQByteArray(bool raw) con + txt = "ssh-rsa"; + ssh_key_QBA2data(txt, &data); + { +- RSA *rsa = EVP_PKEY_get0_RSA(key); ++ const RSA *rsa = EVP_PKEY_get0_RSA(key); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, NULL); + ssh_key_bn2data(e, &data); +@@ -777,7 +777,7 @@ QByteArray pki_key::SSH2publicQByteArray(bool raw) con + txt = "ssh-dss"; + ssh_key_QBA2data(txt, &data); + { +- DSA *dsa = EVP_PKEY_get0_DSA(key); ++ const DSA *dsa = EVP_PKEY_get0_DSA(key); + const BIGNUM *p, *q, *g, *pubkey; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pubkey, NULL); diff --git a/security/xca/files/patch-lib_pki__scard.cpp b/security/xca/files/patch-lib_pki__scard.cpp new file mode 100644 index 000000000000..e8335511da7f --- /dev/null +++ b/security/xca/files/patch-lib_pki__scard.cpp @@ -0,0 +1,30 @@ +--- lib/pki_scard.cpp.orig 2021-05-07 20:40:29 UTC ++++ lib/pki_scard.cpp +@@ -293,10 +293,10 @@ pk11_attlist pki_scard::objectAttributesNoId(EVP_PKEY + pk11_attlist pki_scard::objectAttributesNoId(EVP_PKEY *pk, bool priv) const + { + QByteArray ba; +- RSA *rsa; +- DSA *dsa; ++ const RSA *rsa; ++ const DSA *dsa; + #ifndef OPENSSL_NO_EC +- EC_KEY *ec; ++ const EC_KEY *ec; + #endif + const BIGNUM *n = NULL; + const BIGNUM *e = NULL; +@@ -401,10 +401,10 @@ void pki_scard::store_token(const slotid &slot, EVP_PK + void pki_scard::store_token(const slotid &slot, EVP_PKEY *pkey) + { + QByteArray ba; +- RSA *rsa; +- DSA *dsa; ++ const RSA *rsa; ++ const DSA *dsa; + #ifndef OPENSSL_NO_EC +- EC_KEY *ec; ++ const EC_KEY *ec; + #endif + pk11_attlist pub_atts; + pk11_attlist priv_atts;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202306281315.35SDFZ3P010280>